From 52ba3f49820d26cb3ba10bf0debdd1306fcb77fc Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 1 Dec 2023 16:51:40 +0100 Subject: [PATCH 01/15] bump version to 0.0.2-pre.2 (#139) --- Cargo.toml | 10 +++++----- PUBLISHING.md | 9 +++++++++ sys/hacl/Cargo.toml | 2 +- sys/libjade/Cargo.toml | 2 +- 4 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 PUBLISHING.md diff --git a/Cargo.toml b/Cargo.toml index 8cca7e8d9..d9bf362a4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,7 +8,7 @@ members = [ ] [workspace.package] -version = "0.0.2-pre.1" +version = "0.0.2-pre.2" authors = ["Cryspen"] license = "Apache-2.0" homepage = "https://github.com/cryspen/libcrux" @@ -33,11 +33,11 @@ exclude = ["/tests"] crate-type = ["staticlib", "cdylib", "lib"] [build-dependencies] -libcrux-platform = { version = "=0.0.2-pre.1", path = "sys/platform" } +libcrux-platform = { version = "=0.0.2-pre.2", path = "sys/platform" } [dependencies] -libcrux-hacl = { version = "=0.0.2-pre.1", path = "sys/hacl" } -libcrux-platform = { version = "=0.0.2-pre.1", path = "sys/platform" } +libcrux-hacl = { version = "=0.0.2-pre.2", path = "sys/hacl" } +libcrux-platform = { version = "=0.0.2-pre.2", path = "sys/platform" } rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API @@ -48,7 +48,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } getrandom = { version = "0.2", features = ["js"] } [target.'cfg(all(not(target_os = "windows"), target_arch = "x86_64"))'.dependencies] -libjade-sys = { version = "=0.0.2-pre.1", path = "sys/libjade" } +libjade-sys = { version = "=0.0.2-pre.2", path = "sys/libjade" } [dev-dependencies] libcrux = { path = ".", features = ["rand"] } diff --git a/PUBLISHING.md b/PUBLISHING.md new file mode 100644 index 000000000..963ef3ddf --- /dev/null +++ b/PUBLISHING.md @@ -0,0 +1,9 @@ +# Release Management + +1. Update version in `Cargo.toml` and set all dependencies to that version. Always start with a prerelease version `-pre.A` before doing a full release. +2. Tag the version `git tag vX.Y.Z` and `git push origin vX.Y.Z`. +3. Release crates + 1. libcrux-platform in `sys/platform` + 2. libcrux-hacl in `sys/hacl` + 3. libjade-sys in `sys/libjade` + 4. libcrux diff --git a/sys/hacl/Cargo.toml b/sys/hacl/Cargo.toml index a75cef809..9396d8e77 100644 --- a/sys/hacl/Cargo.toml +++ b/sys/hacl/Cargo.toml @@ -16,7 +16,7 @@ crate-type = ["cdylib", "rlib"] [build-dependencies] cc = { version = "1.0", features = ["parallel"] } -libcrux-platform = { version = "=0.0.2-pre.1", path = "../platform" } +libcrux-platform = { version = "=0.0.2-pre.2", path = "../platform" } bindgen = { version = "0.69", optional = true } [features] diff --git a/sys/libjade/Cargo.toml b/sys/libjade/Cargo.toml index 5369ccbcc..36635ac01 100644 --- a/sys/libjade/Cargo.toml +++ b/sys/libjade/Cargo.toml @@ -13,7 +13,7 @@ description = "Rust bindings for libjade, a formally verified cryptographic libr [build-dependencies] cc = { version = "1.0", features = ["parallel"] } -libcrux-platform = { version = "=0.0.2-pre.1", path = "../platform" } +libcrux-platform = { version = "=0.0.2-pre.2", path = "../platform" } [target.'cfg(not(windows))'.build-dependencies] bindgen = { version = "0.69", optional = true } From f3dc5f125464b280c6bda5f6023ec1938b38997a Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 5 Dec 2023 06:57:55 +0100 Subject: [PATCH 02/15] update to hacl-packages dev 6b66fae6cbb28b0627ed63153c32b2dd979dcb3f --- sys/hacl/c/include/Hacl_SHA3_Scalar.h | 67 + sys/hacl/c/include/Hacl_SHA3_Vec256.h | 146 + .../c/include/internal/Hacl_Hash_Blake2b.h | 32 - .../internal/Hacl_Hash_Blake2b_Simd256.h | 1 - .../c/include/internal/Hacl_Hash_Blake2s.h | 1 - .../internal/Hacl_Hash_Blake2s_Simd128.h | 1 - .../c/include/internal/Hacl_SHA3_Scalar.h | 51 + sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h | 67 + sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h | 146 + .../include/msvc/internal/Hacl_Hash_Blake2b.h | 32 - .../msvc/internal/Hacl_Hash_Blake2b_Simd256.h | 1 - .../include/msvc/internal/Hacl_Hash_Blake2s.h | 1 - .../msvc/internal/Hacl_Hash_Blake2s_Simd128.h | 1 - .../include/msvc/internal/Hacl_SHA3_Scalar.h | 51 + sys/hacl/c/src/Hacl_Hash_Blake2b.c | 71 +- sys/hacl/c/src/Hacl_Hash_Blake2b_Simd256.c | 62 +- sys/hacl/c/src/Hacl_Hash_Blake2s.c | 69 +- sys/hacl/c/src/Hacl_Hash_Blake2s_Simd128.c | 59 +- sys/hacl/c/src/Hacl_SHA3_Scalar.c | 2383 ++++ sys/hacl/c/src/Hacl_SHA3_Vec256.c | 10076 ++++++++++++++++ sys/hacl/c/src/msvc/Hacl_Hash_Blake2b.c | 71 +- .../c/src/msvc/Hacl_Hash_Blake2b_Simd256.c | 62 +- sys/hacl/c/src/msvc/Hacl_Hash_Blake2s.c | 69 +- .../c/src/msvc/Hacl_Hash_Blake2s_Simd128.c | 59 +- sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c | 2383 ++++ sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c | 10076 ++++++++++++++++ 26 files changed, 25498 insertions(+), 540 deletions(-) create mode 100644 sys/hacl/c/include/Hacl_SHA3_Scalar.h create mode 100644 sys/hacl/c/include/Hacl_SHA3_Vec256.h create mode 100644 sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h create mode 100644 sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h create mode 100644 sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h create mode 100644 sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h create mode 100644 sys/hacl/c/src/Hacl_SHA3_Scalar.c create mode 100644 sys/hacl/c/src/Hacl_SHA3_Vec256.c create mode 100644 sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c create mode 100644 sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c diff --git a/sys/hacl/c/include/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/Hacl_SHA3_Scalar.h new file mode 100644 index 000000000..dabab10be --- /dev/null +++ b/sys/hacl/c/include/Hacl_SHA3_Scalar.h @@ -0,0 +1,67 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_SHA3_Scalar_H +#define __Hacl_SHA3_Scalar_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +void +Hacl_SHA3_Scalar_shake128_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +); + +void +Hacl_SHA3_Scalar_shake256_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +); + +void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_SHA3_Scalar_H_DEFINED +#endif diff --git a/sys/hacl/c/include/Hacl_SHA3_Vec256.h b/sys/hacl/c/include/Hacl_SHA3_Vec256.h new file mode 100644 index 000000000..695d66776 --- /dev/null +++ b/sys/hacl/c/include/Hacl_SHA3_Vec256.h @@ -0,0 +1,146 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_SHA3_Vec256_H +#define __Hacl_SHA3_Vec256_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +typedef void *Hacl_SHA3_Vec256_disjoint4_4; + +typedef struct K____uint8_t___uint8_t__s +{ + uint8_t *fst; + uint8_t *snd; +} +K____uint8_t___uint8_t_; + +typedef struct K____uint8_t__K____uint8_t___uint8_t__s +{ + uint8_t *fst; + K____uint8_t___uint8_t_ snd; +} +K____uint8_t__K____uint8_t___uint8_t_; + +typedef struct K____uint8_t___uint8_t____K____uint8_t___uint8_t__s +{ + uint8_t *fst; + K____uint8_t__K____uint8_t___uint8_t_ snd; +} +K____uint8_t___uint8_t____K____uint8_t___uint8_t_; + +void +Hacl_SHA3_Vec256_shake128_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_shake256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_224_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_384_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_512_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_SHA3_Vec256_H_DEFINED +#endif diff --git a/sys/hacl/c/include/internal/Hacl_Hash_Blake2b.h b/sys/hacl/c/include/internal/Hacl_Hash_Blake2b.h index 7d07e50b8..21689d602 100644 --- a/sys/hacl/c/include/internal/Hacl_Hash_Blake2b.h +++ b/sys/hacl/c/include/internal/Hacl_Hash_Blake2b.h @@ -38,38 +38,6 @@ extern "C" { #include "internal/Hacl_Impl_Blake2_Constants.h" #include "../Hacl_Hash_Blake2b.h" -typedef struct Hacl_Hash_Blake2s_blake2s_params_s -{ - uint8_t digest_length; - uint8_t key_length; - uint8_t fanout; - uint8_t depth; - uint32_t leaf_length; - uint32_t node_offset; - uint16_t xof_length; - uint8_t node_depth; - uint8_t inner_length; - uint8_t *salt; - uint8_t *personal; -} -Hacl_Hash_Blake2s_blake2s_params; - -typedef struct Hacl_Hash_Blake2s_blake2b_params_s -{ - uint8_t digest_length1; - uint8_t key_length1; - uint8_t fanout1; - uint8_t depth1; - uint32_t leaf_length1; - uint32_t node_offset1; - uint32_t xof_length1; - uint8_t node_depth1; - uint8_t inner_length1; - uint8_t *salt1; - uint8_t *personal1; -} -Hacl_Hash_Blake2s_blake2b_params; - void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn); void diff --git a/sys/hacl/c/include/internal/Hacl_Hash_Blake2b_Simd256.h b/sys/hacl/c/include/internal/Hacl_Hash_Blake2b_Simd256.h index 4dd986b21..4cc078699 100644 --- a/sys/hacl/c/include/internal/Hacl_Hash_Blake2b_Simd256.h +++ b/sys/hacl/c/include/internal/Hacl_Hash_Blake2b_Simd256.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "../Hacl_Hash_Blake2b_Simd256.h" #include "libintvector.h" diff --git a/sys/hacl/c/include/internal/Hacl_Hash_Blake2s.h b/sys/hacl/c/include/internal/Hacl_Hash_Blake2s.h index eccd92de8..f814aa95d 100644 --- a/sys/hacl/c/include/internal/Hacl_Hash_Blake2s.h +++ b/sys/hacl/c/include/internal/Hacl_Hash_Blake2s.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "../Hacl_Hash_Blake2s.h" void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn); diff --git a/sys/hacl/c/include/internal/Hacl_Hash_Blake2s_Simd128.h b/sys/hacl/c/include/internal/Hacl_Hash_Blake2s_Simd128.h index 2c4229490..0589aec56 100644 --- a/sys/hacl/c/include/internal/Hacl_Hash_Blake2s_Simd128.h +++ b/sys/hacl/c/include/internal/Hacl_Hash_Blake2s_Simd128.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "../Hacl_Hash_Blake2s_Simd128.h" #include "libintvector.h" diff --git a/sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h new file mode 100644 index 000000000..6d1296823 --- /dev/null +++ b/sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h @@ -0,0 +1,51 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_SHA3_Scalar_H +#define __internal_Hacl_SHA3_Scalar_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "../Hacl_SHA3_Scalar.h" + +extern const uint32_t Hacl_Impl_SHA3_Vec_keccak_rotc[24U]; + +extern const uint32_t Hacl_Impl_SHA3_Vec_keccak_piln[24U]; + +extern const uint64_t Hacl_Impl_SHA3_Vec_keccak_rndc[24U]; + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_SHA3_Scalar_H_DEFINED +#endif diff --git a/sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h new file mode 100644 index 000000000..dabab10be --- /dev/null +++ b/sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h @@ -0,0 +1,67 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_SHA3_Scalar_H +#define __Hacl_SHA3_Scalar_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +void +Hacl_SHA3_Scalar_shake128_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +); + +void +Hacl_SHA3_Scalar_shake256_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +); + +void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_SHA3_Scalar_H_DEFINED +#endif diff --git a/sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h b/sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h new file mode 100644 index 000000000..695d66776 --- /dev/null +++ b/sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h @@ -0,0 +1,146 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_SHA3_Vec256_H +#define __Hacl_SHA3_Vec256_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +typedef void *Hacl_SHA3_Vec256_disjoint4_4; + +typedef struct K____uint8_t___uint8_t__s +{ + uint8_t *fst; + uint8_t *snd; +} +K____uint8_t___uint8_t_; + +typedef struct K____uint8_t__K____uint8_t___uint8_t__s +{ + uint8_t *fst; + K____uint8_t___uint8_t_ snd; +} +K____uint8_t__K____uint8_t___uint8_t_; + +typedef struct K____uint8_t___uint8_t____K____uint8_t___uint8_t__s +{ + uint8_t *fst; + K____uint8_t__K____uint8_t___uint8_t_ snd; +} +K____uint8_t___uint8_t____K____uint8_t___uint8_t_; + +void +Hacl_SHA3_Vec256_shake128_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_shake256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_224_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_384_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +void +Hacl_SHA3_Vec256_sha3_512_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_SHA3_Vec256_H_DEFINED +#endif diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b.h b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b.h index 7d07e50b8..21689d602 100644 --- a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b.h +++ b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b.h @@ -38,38 +38,6 @@ extern "C" { #include "internal/Hacl_Impl_Blake2_Constants.h" #include "../Hacl_Hash_Blake2b.h" -typedef struct Hacl_Hash_Blake2s_blake2s_params_s -{ - uint8_t digest_length; - uint8_t key_length; - uint8_t fanout; - uint8_t depth; - uint32_t leaf_length; - uint32_t node_offset; - uint16_t xof_length; - uint8_t node_depth; - uint8_t inner_length; - uint8_t *salt; - uint8_t *personal; -} -Hacl_Hash_Blake2s_blake2s_params; - -typedef struct Hacl_Hash_Blake2s_blake2b_params_s -{ - uint8_t digest_length1; - uint8_t key_length1; - uint8_t fanout1; - uint8_t depth1; - uint32_t leaf_length1; - uint32_t node_offset1; - uint32_t xof_length1; - uint8_t node_depth1; - uint8_t inner_length1; - uint8_t *salt1; - uint8_t *personal1; -} -Hacl_Hash_Blake2s_blake2b_params; - void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn); void diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h index 4dd986b21..4cc078699 100644 --- a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h +++ b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "../Hacl_Hash_Blake2b_Simd256.h" #include "libintvector.h" diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s.h b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s.h index eccd92de8..f814aa95d 100644 --- a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s.h +++ b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "../Hacl_Hash_Blake2s.h" void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn); diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h index 2c4229490..0589aec56 100644 --- a/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h +++ b/sys/hacl/c/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "../Hacl_Hash_Blake2s_Simd128.h" #include "libintvector.h" diff --git a/sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h new file mode 100644 index 000000000..6d1296823 --- /dev/null +++ b/sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h @@ -0,0 +1,51 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_SHA3_Scalar_H +#define __internal_Hacl_SHA3_Scalar_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "../Hacl_SHA3_Scalar.h" + +extern const uint32_t Hacl_Impl_SHA3_Vec_keccak_rotc[24U]; + +extern const uint32_t Hacl_Impl_SHA3_Vec_keccak_piln[24U]; + +extern const uint64_t Hacl_Impl_SHA3_Vec_keccak_rndc[24U]; + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_SHA3_Scalar_H_DEFINED +#endif diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2b.c b/sys/hacl/c/src/Hacl_Hash_Blake2b.c index 284da79a3..2dceaf4b3 100644 --- a/sys/hacl/c/src/Hacl_Hash_Blake2b.c +++ b/sys/hacl/c/src/Hacl_Hash_Blake2b.c @@ -474,7 +474,6 @@ update_block(uint64_t *wv, uint64_t *hash, bool flag, FStar_UInt128_uint128 totl void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn) { - uint64_t tmp[8U] = { 0U }; uint64_t *r0 = hash; uint64_t *r1 = hash + 4U; uint64_t *r2 = hash + 8U; @@ -495,68 +494,16 @@ void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn) r3[1U] = iv5; r3[2U] = iv6; r3[3U] = iv7; - uint8_t salt[16U] = { 0U }; - uint8_t personal[16U] = { 0U }; - Hacl_Hash_Blake2s_blake2b_params - p = - { - .digest_length1 = 64U, .key_length1 = 0U, .fanout1 = 1U, .depth1 = 1U, .leaf_length1 = 0U, - .node_offset1 = 0U, .xof_length1 = 0U, .node_depth1 = 0U, .inner_length1 = 0U, .salt1 = salt, - .personal1 = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 4U; - uint8_t *bj = p.salt1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 6U; - uint8_t *bj = p.personal1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - tmp[0U] = - (uint64_t)nn - ^ - ((uint64_t)kk - << 8U - ^ ((uint64_t)p.fanout1 << 16U ^ ((uint64_t)p.depth1 << 24U ^ (uint64_t)p.leaf_length1 << 32U))); - tmp[1U] = (uint64_t)p.node_offset1 ^ (uint64_t)p.xof_length1 << 32U; - tmp[2U] = (uint64_t)p.node_depth1 ^ (uint64_t)p.inner_length1 << 8U; - tmp[3U] = 0ULL; - uint64_t tmp0 = tmp[0U]; - uint64_t tmp1 = tmp[1U]; - uint64_t tmp2 = tmp[2U]; - uint64_t tmp3 = tmp[3U]; - uint64_t tmp4 = tmp[4U]; - uint64_t tmp5 = tmp[5U]; - uint64_t tmp6 = tmp[6U]; - uint64_t tmp7 = tmp[7U]; - uint64_t iv0_ = iv0 ^ tmp0; - uint64_t iv1_ = iv1 ^ tmp1; - uint64_t iv2_ = iv2 ^ tmp2; - uint64_t iv3_ = iv3 ^ tmp3; - uint64_t iv4_ = iv4 ^ tmp4; - uint64_t iv5_ = iv5 ^ tmp5; - uint64_t iv6_ = iv6 ^ tmp6; - uint64_t iv7_ = iv7 ^ tmp7; + uint64_t kk_shift_8 = (uint64_t)kk << 8U; + uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn)); r0[0U] = iv0_; - r0[1U] = iv1_; - r0[2U] = iv2_; - r0[3U] = iv3_; - r1[0U] = iv4_; - r1[1U] = iv5_; - r1[2U] = iv6_; - r1[3U] = iv7_; + r0[1U] = iv1; + r0[2U] = iv2; + r0[3U] = iv3; + r1[0U] = iv4; + r1[1U] = iv5; + r1[2U] = iv6; + r1[3U] = iv7; } static void update_key(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll) diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2b_Simd256.c b/sys/hacl/c/src/Hacl_Hash_Blake2b_Simd256.c index 7a807b658..1a5e8cf29 100644 --- a/sys/hacl/c/src/Hacl_Hash_Blake2b_Simd256.c +++ b/sys/hacl/c/src/Hacl_Hash_Blake2b_Simd256.c @@ -26,7 +26,6 @@ #include "internal/Hacl_Hash_Blake2b_Simd256.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "lib_memzero0.h" static inline void @@ -215,7 +214,6 @@ update_block( void Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn) { - uint64_t tmp[8U] = { 0U }; Lib_IntVector_Intrinsics_vec256 *r0 = hash; Lib_IntVector_Intrinsics_vec256 *r1 = hash + 1U; Lib_IntVector_Intrinsics_vec256 *r2 = hash + 2U; @@ -230,62 +228,10 @@ Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t k uint64_t iv7 = Hacl_Hash_Blake2s_ivTable_B[7U]; r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0, iv1, iv2, iv3); r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7); - uint8_t salt[16U] = { 0U }; - uint8_t personal[16U] = { 0U }; - Hacl_Hash_Blake2s_blake2b_params - p = - { - .digest_length1 = 64U, .key_length1 = 0U, .fanout1 = 1U, .depth1 = 1U, .leaf_length1 = 0U, - .node_offset1 = 0U, .xof_length1 = 0U, .node_depth1 = 0U, .inner_length1 = 0U, .salt1 = salt, - .personal1 = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 4U; - uint8_t *bj = p.salt1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 6U; - uint8_t *bj = p.personal1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - tmp[0U] = - (uint64_t)nn - ^ - ((uint64_t)kk - << 8U - ^ ((uint64_t)p.fanout1 << 16U ^ ((uint64_t)p.depth1 << 24U ^ (uint64_t)p.leaf_length1 << 32U))); - tmp[1U] = (uint64_t)p.node_offset1 ^ (uint64_t)p.xof_length1 << 32U; - tmp[2U] = (uint64_t)p.node_depth1 ^ (uint64_t)p.inner_length1 << 8U; - tmp[3U] = 0ULL; - uint64_t tmp0 = tmp[0U]; - uint64_t tmp1 = tmp[1U]; - uint64_t tmp2 = tmp[2U]; - uint64_t tmp3 = tmp[3U]; - uint64_t tmp4 = tmp[4U]; - uint64_t tmp5 = tmp[5U]; - uint64_t tmp6 = tmp[6U]; - uint64_t tmp7 = tmp[7U]; - uint64_t iv0_ = iv0 ^ tmp0; - uint64_t iv1_ = iv1 ^ tmp1; - uint64_t iv2_ = iv2 ^ tmp2; - uint64_t iv3_ = iv3 ^ tmp3; - uint64_t iv4_ = iv4 ^ tmp4; - uint64_t iv5_ = iv5 ^ tmp5; - uint64_t iv6_ = iv6 ^ tmp6; - uint64_t iv7_ = iv7 ^ tmp7; - r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1_, iv2_, iv3_); - r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4_, iv5_, iv6_, iv7_); + uint64_t kk_shift_8 = (uint64_t)kk << 8U; + uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn)); + r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1, iv2, iv3); + r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7); } static void diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2s.c b/sys/hacl/c/src/Hacl_Hash_Blake2s.c index 1bae785bd..652c3f33c 100644 --- a/sys/hacl/c/src/Hacl_Hash_Blake2s.c +++ b/sys/hacl/c/src/Hacl_Hash_Blake2s.c @@ -26,7 +26,6 @@ #include "internal/Hacl_Hash_Blake2s.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "lib_memzero0.h" static inline void @@ -475,7 +474,6 @@ update_block(uint32_t *wv, uint32_t *hash, bool flag, uint64_t totlen, uint8_t * void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn) { - uint32_t tmp[8U] = { 0U }; uint32_t *r0 = hash; uint32_t *r1 = hash + 4U; uint32_t *r2 = hash + 8U; @@ -496,65 +494,16 @@ void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn) r3[1U] = iv5; r3[2U] = iv6; r3[3U] = iv7; - uint8_t salt[8U] = { 0U }; - uint8_t personal[8U] = { 0U }; - Hacl_Hash_Blake2s_blake2s_params - p = - { - .digest_length = 32U, .key_length = 0U, .fanout = 1U, .depth = 1U, .leaf_length = 0U, - .node_offset = 0U, .xof_length = 0U, .node_depth = 0U, .inner_length = 0U, .salt = salt, - .personal = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 4U; - uint8_t *bj = p.salt + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 6U; - uint8_t *bj = p.personal + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - tmp[0U] = nn ^ (kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U)); - tmp[1U] = p.leaf_length; - tmp[2U] = p.node_offset; - tmp[3U] = - (uint32_t)p.xof_length - ^ ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U); - uint32_t tmp0 = tmp[0U]; - uint32_t tmp1 = tmp[1U]; - uint32_t tmp2 = tmp[2U]; - uint32_t tmp3 = tmp[3U]; - uint32_t tmp4 = tmp[4U]; - uint32_t tmp5 = tmp[5U]; - uint32_t tmp6 = tmp[6U]; - uint32_t tmp7 = tmp[7U]; - uint32_t iv0_ = iv0 ^ tmp0; - uint32_t iv1_ = iv1 ^ tmp1; - uint32_t iv2_ = iv2 ^ tmp2; - uint32_t iv3_ = iv3 ^ tmp3; - uint32_t iv4_ = iv4 ^ tmp4; - uint32_t iv5_ = iv5 ^ tmp5; - uint32_t iv6_ = iv6 ^ tmp6; - uint32_t iv7_ = iv7 ^ tmp7; + uint32_t kk_shift_8 = kk << 8U; + uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn)); r0[0U] = iv0_; - r0[1U] = iv1_; - r0[2U] = iv2_; - r0[3U] = iv3_; - r1[0U] = iv4_; - r1[1U] = iv5_; - r1[2U] = iv6_; - r1[3U] = iv7_; + r0[1U] = iv1; + r0[2U] = iv2; + r0[3U] = iv3; + r1[0U] = iv4; + r1[1U] = iv5; + r1[2U] = iv6; + r1[3U] = iv7; } static void update_key(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll) diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2s_Simd128.c b/sys/hacl/c/src/Hacl_Hash_Blake2s_Simd128.c index f0646b283..73f0cccb5 100644 --- a/sys/hacl/c/src/Hacl_Hash_Blake2s_Simd128.c +++ b/sys/hacl/c/src/Hacl_Hash_Blake2s_Simd128.c @@ -26,7 +26,6 @@ #include "internal/Hacl_Hash_Blake2s_Simd128.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "lib_memzero0.h" static inline void @@ -215,7 +214,6 @@ update_block( void Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn) { - uint32_t tmp[8U] = { 0U }; Lib_IntVector_Intrinsics_vec128 *r0 = hash; Lib_IntVector_Intrinsics_vec128 *r1 = hash + 1U; Lib_IntVector_Intrinsics_vec128 *r2 = hash + 2U; @@ -230,59 +228,10 @@ Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t k uint32_t iv7 = Hacl_Hash_Blake2s_ivTable_S[7U]; r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0, iv1, iv2, iv3); r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7); - uint8_t salt[8U] = { 0U }; - uint8_t personal[8U] = { 0U }; - Hacl_Hash_Blake2s_blake2s_params - p = - { - .digest_length = 32U, .key_length = 0U, .fanout = 1U, .depth = 1U, .leaf_length = 0U, - .node_offset = 0U, .xof_length = 0U, .node_depth = 0U, .inner_length = 0U, .salt = salt, - .personal = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 4U; - uint8_t *bj = p.salt + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 6U; - uint8_t *bj = p.personal + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - tmp[0U] = nn ^ (kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U)); - tmp[1U] = p.leaf_length; - tmp[2U] = p.node_offset; - tmp[3U] = - (uint32_t)p.xof_length - ^ ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U); - uint32_t tmp0 = tmp[0U]; - uint32_t tmp1 = tmp[1U]; - uint32_t tmp2 = tmp[2U]; - uint32_t tmp3 = tmp[3U]; - uint32_t tmp4 = tmp[4U]; - uint32_t tmp5 = tmp[5U]; - uint32_t tmp6 = tmp[6U]; - uint32_t tmp7 = tmp[7U]; - uint32_t iv0_ = iv0 ^ tmp0; - uint32_t iv1_ = iv1 ^ tmp1; - uint32_t iv2_ = iv2 ^ tmp2; - uint32_t iv3_ = iv3 ^ tmp3; - uint32_t iv4_ = iv4 ^ tmp4; - uint32_t iv5_ = iv5 ^ tmp5; - uint32_t iv6_ = iv6 ^ tmp6; - uint32_t iv7_ = iv7 ^ tmp7; - r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1_, iv2_, iv3_); - r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4_, iv5_, iv6_, iv7_); + uint32_t kk_shift_8 = kk << 8U; + uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn)); + r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1, iv2, iv3); + r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7); } static void diff --git a/sys/hacl/c/src/Hacl_SHA3_Scalar.c b/sys/hacl/c/src/Hacl_SHA3_Scalar.c new file mode 100644 index 000000000..da368dab9 --- /dev/null +++ b/sys/hacl/c/src/Hacl_SHA3_Scalar.c @@ -0,0 +1,2383 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "internal/Hacl_SHA3_Scalar.h" + +const +uint32_t +Hacl_Impl_SHA3_Vec_keccak_rotc[24U] = + { + 1U, 3U, 6U, 10U, 15U, 21U, 28U, 36U, 45U, 55U, 2U, 14U, 27U, 41U, 56U, 8U, 25U, 43U, 62U, 18U, + 39U, 61U, 20U, 44U + }; + +const +uint32_t +Hacl_Impl_SHA3_Vec_keccak_piln[24U] = + { + 10U, 7U, 11U, 17U, 18U, 3U, 5U, 16U, 8U, 21U, 24U, 4U, 15U, 23U, 19U, 13U, 12U, 2U, 20U, 14U, + 22U, 9U, 6U, 1U + }; + +const +uint64_t +Hacl_Impl_SHA3_Vec_keccak_rndc[24U] = + { + 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 0x8000000080008000ULL, + 0x000000000000808bULL, 0x0000000080000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL, + 0x000000000000008aULL, 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL, + 0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL, + 0x8000000000008002ULL, 0x8000000000000080ULL, 0x000000000000800aULL, 0x800000008000000aULL, + 0x8000000080008081ULL, 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL + }; + +void +Hacl_SHA3_Scalar_shake128_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +) +{ + uint32_t rateInBytes = 168U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x1FU; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + outputByteLen - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Scalar_shake256_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +) +{ + uint32_t rateInBytes = 136U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x1FU; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + outputByteLen - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 144U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 28U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 28U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 28U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 136U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 32U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 32U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 32U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 104U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 48U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 48U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 48U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 72U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 64U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 64U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 64U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + diff --git a/sys/hacl/c/src/Hacl_SHA3_Vec256.c b/sys/hacl/c/src/Hacl_SHA3_Vec256.c new file mode 100644 index 000000000..739a56eb9 --- /dev/null +++ b/sys/hacl/c/src/Hacl_SHA3_Vec256.c @@ -0,0 +1,10076 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "Hacl_SHA3_Vec256.h" + +#include "internal/Hacl_SHA3_Scalar.h" +#include "libintvector.h" + +void +Hacl_SHA3_Vec256_shake128_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 168U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x1FU; + b13[rem] = 0x1FU; + b23[rem] = 0x1FU; + b33[rem] = 0x1FU; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_shake256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 136U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x1FU; + b13[rem] = 0x1FU; + b23[rem] = 0x1FU; + b33[rem] = 0x1FU; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_224_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 144U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 28U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 28U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 28U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 28U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 28U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 28U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 28U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 28U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 28U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 28U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 136U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 32U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 32U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 32U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 32U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 32U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 32U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 32U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 32U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 32U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 32U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_384_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 104U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 48U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 48U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 48U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 48U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 48U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 48U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 48U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 48U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 48U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 48U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_512_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 72U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 64U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 64U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 64U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 64U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 64U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 64U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 64U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 64U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 64U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 64U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b.c index 284da79a3..2dceaf4b3 100644 --- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b.c +++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b.c @@ -474,7 +474,6 @@ update_block(uint64_t *wv, uint64_t *hash, bool flag, FStar_UInt128_uint128 totl void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn) { - uint64_t tmp[8U] = { 0U }; uint64_t *r0 = hash; uint64_t *r1 = hash + 4U; uint64_t *r2 = hash + 8U; @@ -495,68 +494,16 @@ void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn) r3[1U] = iv5; r3[2U] = iv6; r3[3U] = iv7; - uint8_t salt[16U] = { 0U }; - uint8_t personal[16U] = { 0U }; - Hacl_Hash_Blake2s_blake2b_params - p = - { - .digest_length1 = 64U, .key_length1 = 0U, .fanout1 = 1U, .depth1 = 1U, .leaf_length1 = 0U, - .node_offset1 = 0U, .xof_length1 = 0U, .node_depth1 = 0U, .inner_length1 = 0U, .salt1 = salt, - .personal1 = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 4U; - uint8_t *bj = p.salt1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 6U; - uint8_t *bj = p.personal1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - tmp[0U] = - (uint64_t)nn - ^ - ((uint64_t)kk - << 8U - ^ ((uint64_t)p.fanout1 << 16U ^ ((uint64_t)p.depth1 << 24U ^ (uint64_t)p.leaf_length1 << 32U))); - tmp[1U] = (uint64_t)p.node_offset1 ^ (uint64_t)p.xof_length1 << 32U; - tmp[2U] = (uint64_t)p.node_depth1 ^ (uint64_t)p.inner_length1 << 8U; - tmp[3U] = 0ULL; - uint64_t tmp0 = tmp[0U]; - uint64_t tmp1 = tmp[1U]; - uint64_t tmp2 = tmp[2U]; - uint64_t tmp3 = tmp[3U]; - uint64_t tmp4 = tmp[4U]; - uint64_t tmp5 = tmp[5U]; - uint64_t tmp6 = tmp[6U]; - uint64_t tmp7 = tmp[7U]; - uint64_t iv0_ = iv0 ^ tmp0; - uint64_t iv1_ = iv1 ^ tmp1; - uint64_t iv2_ = iv2 ^ tmp2; - uint64_t iv3_ = iv3 ^ tmp3; - uint64_t iv4_ = iv4 ^ tmp4; - uint64_t iv5_ = iv5 ^ tmp5; - uint64_t iv6_ = iv6 ^ tmp6; - uint64_t iv7_ = iv7 ^ tmp7; + uint64_t kk_shift_8 = (uint64_t)kk << 8U; + uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn)); r0[0U] = iv0_; - r0[1U] = iv1_; - r0[2U] = iv2_; - r0[3U] = iv3_; - r1[0U] = iv4_; - r1[1U] = iv5_; - r1[2U] = iv6_; - r1[3U] = iv7_; + r0[1U] = iv1; + r0[2U] = iv2; + r0[3U] = iv3; + r1[0U] = iv4; + r1[1U] = iv5; + r1[2U] = iv6; + r1[3U] = iv7; } static void update_key(uint64_t *wv, uint64_t *hash, uint32_t kk, uint8_t *k, uint32_t ll) diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_Simd256.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_Simd256.c index 7a807b658..1a5e8cf29 100644 --- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_Simd256.c +++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_Simd256.c @@ -26,7 +26,6 @@ #include "internal/Hacl_Hash_Blake2b_Simd256.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "lib_memzero0.h" static inline void @@ -215,7 +214,6 @@ update_block( void Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn) { - uint64_t tmp[8U] = { 0U }; Lib_IntVector_Intrinsics_vec256 *r0 = hash; Lib_IntVector_Intrinsics_vec256 *r1 = hash + 1U; Lib_IntVector_Intrinsics_vec256 *r2 = hash + 2U; @@ -230,62 +228,10 @@ Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t k uint64_t iv7 = Hacl_Hash_Blake2s_ivTable_B[7U]; r2[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0, iv1, iv2, iv3); r3[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7); - uint8_t salt[16U] = { 0U }; - uint8_t personal[16U] = { 0U }; - Hacl_Hash_Blake2s_blake2b_params - p = - { - .digest_length1 = 64U, .key_length1 = 0U, .fanout1 = 1U, .depth1 = 1U, .leaf_length1 = 0U, - .node_offset1 = 0U, .xof_length1 = 0U, .node_depth1 = 0U, .inner_length1 = 0U, .salt1 = salt, - .personal1 = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 4U; - uint8_t *bj = p.salt1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint64_t *os = tmp + 6U; - uint8_t *bj = p.personal1 + i * 8U; - uint64_t u = load64_le(bj); - uint64_t r = u; - uint64_t x = r; - os[i] = x;); - tmp[0U] = - (uint64_t)nn - ^ - ((uint64_t)kk - << 8U - ^ ((uint64_t)p.fanout1 << 16U ^ ((uint64_t)p.depth1 << 24U ^ (uint64_t)p.leaf_length1 << 32U))); - tmp[1U] = (uint64_t)p.node_offset1 ^ (uint64_t)p.xof_length1 << 32U; - tmp[2U] = (uint64_t)p.node_depth1 ^ (uint64_t)p.inner_length1 << 8U; - tmp[3U] = 0ULL; - uint64_t tmp0 = tmp[0U]; - uint64_t tmp1 = tmp[1U]; - uint64_t tmp2 = tmp[2U]; - uint64_t tmp3 = tmp[3U]; - uint64_t tmp4 = tmp[4U]; - uint64_t tmp5 = tmp[5U]; - uint64_t tmp6 = tmp[6U]; - uint64_t tmp7 = tmp[7U]; - uint64_t iv0_ = iv0 ^ tmp0; - uint64_t iv1_ = iv1 ^ tmp1; - uint64_t iv2_ = iv2 ^ tmp2; - uint64_t iv3_ = iv3 ^ tmp3; - uint64_t iv4_ = iv4 ^ tmp4; - uint64_t iv5_ = iv5 ^ tmp5; - uint64_t iv6_ = iv6 ^ tmp6; - uint64_t iv7_ = iv7 ^ tmp7; - r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1_, iv2_, iv3_); - r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4_, iv5_, iv6_, iv7_); + uint64_t kk_shift_8 = (uint64_t)kk << 8U; + uint64_t iv0_ = iv0 ^ (0x01010000ULL ^ (kk_shift_8 ^ (uint64_t)nn)); + r0[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv0_, iv1, iv2, iv3); + r1[0U] = Lib_IntVector_Intrinsics_vec256_load64s(iv4, iv5, iv6, iv7); } static void diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s.c index 1bae785bd..652c3f33c 100644 --- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s.c +++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s.c @@ -26,7 +26,6 @@ #include "internal/Hacl_Hash_Blake2s.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "lib_memzero0.h" static inline void @@ -475,7 +474,6 @@ update_block(uint32_t *wv, uint32_t *hash, bool flag, uint64_t totlen, uint8_t * void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn) { - uint32_t tmp[8U] = { 0U }; uint32_t *r0 = hash; uint32_t *r1 = hash + 4U; uint32_t *r2 = hash + 8U; @@ -496,65 +494,16 @@ void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn) r3[1U] = iv5; r3[2U] = iv6; r3[3U] = iv7; - uint8_t salt[8U] = { 0U }; - uint8_t personal[8U] = { 0U }; - Hacl_Hash_Blake2s_blake2s_params - p = - { - .digest_length = 32U, .key_length = 0U, .fanout = 1U, .depth = 1U, .leaf_length = 0U, - .node_offset = 0U, .xof_length = 0U, .node_depth = 0U, .inner_length = 0U, .salt = salt, - .personal = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 4U; - uint8_t *bj = p.salt + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 6U; - uint8_t *bj = p.personal + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - tmp[0U] = nn ^ (kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U)); - tmp[1U] = p.leaf_length; - tmp[2U] = p.node_offset; - tmp[3U] = - (uint32_t)p.xof_length - ^ ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U); - uint32_t tmp0 = tmp[0U]; - uint32_t tmp1 = tmp[1U]; - uint32_t tmp2 = tmp[2U]; - uint32_t tmp3 = tmp[3U]; - uint32_t tmp4 = tmp[4U]; - uint32_t tmp5 = tmp[5U]; - uint32_t tmp6 = tmp[6U]; - uint32_t tmp7 = tmp[7U]; - uint32_t iv0_ = iv0 ^ tmp0; - uint32_t iv1_ = iv1 ^ tmp1; - uint32_t iv2_ = iv2 ^ tmp2; - uint32_t iv3_ = iv3 ^ tmp3; - uint32_t iv4_ = iv4 ^ tmp4; - uint32_t iv5_ = iv5 ^ tmp5; - uint32_t iv6_ = iv6 ^ tmp6; - uint32_t iv7_ = iv7 ^ tmp7; + uint32_t kk_shift_8 = kk << 8U; + uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn)); r0[0U] = iv0_; - r0[1U] = iv1_; - r0[2U] = iv2_; - r0[3U] = iv3_; - r1[0U] = iv4_; - r1[1U] = iv5_; - r1[2U] = iv6_; - r1[3U] = iv7_; + r0[1U] = iv1; + r0[2U] = iv2; + r0[3U] = iv3; + r1[0U] = iv4; + r1[1U] = iv5; + r1[2U] = iv6; + r1[3U] = iv7; } static void update_key(uint32_t *wv, uint32_t *hash, uint32_t kk, uint8_t *k, uint32_t ll) diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_Simd128.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_Simd128.c index f0646b283..73f0cccb5 100644 --- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_Simd128.c +++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_Simd128.c @@ -26,7 +26,6 @@ #include "internal/Hacl_Hash_Blake2s_Simd128.h" #include "internal/Hacl_Impl_Blake2_Constants.h" -#include "internal/Hacl_Hash_Blake2b.h" #include "lib_memzero0.h" static inline void @@ -215,7 +214,6 @@ update_block( void Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn) { - uint32_t tmp[8U] = { 0U }; Lib_IntVector_Intrinsics_vec128 *r0 = hash; Lib_IntVector_Intrinsics_vec128 *r1 = hash + 1U; Lib_IntVector_Intrinsics_vec128 *r2 = hash + 2U; @@ -230,59 +228,10 @@ Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t k uint32_t iv7 = Hacl_Hash_Blake2s_ivTable_S[7U]; r2[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0, iv1, iv2, iv3); r3[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7); - uint8_t salt[8U] = { 0U }; - uint8_t personal[8U] = { 0U }; - Hacl_Hash_Blake2s_blake2s_params - p = - { - .digest_length = 32U, .key_length = 0U, .fanout = 1U, .depth = 1U, .leaf_length = 0U, - .node_offset = 0U, .xof_length = 0U, .node_depth = 0U, .inner_length = 0U, .salt = salt, - .personal = personal - }; - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 4U; - uint8_t *bj = p.salt + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - KRML_MAYBE_FOR2(i, - 0U, - 2U, - 1U, - uint32_t *os = tmp + 6U; - uint8_t *bj = p.personal + i * 4U; - uint32_t u = load32_le(bj); - uint32_t r = u; - uint32_t x = r; - os[i] = x;); - tmp[0U] = nn ^ (kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U)); - tmp[1U] = p.leaf_length; - tmp[2U] = p.node_offset; - tmp[3U] = - (uint32_t)p.xof_length - ^ ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U); - uint32_t tmp0 = tmp[0U]; - uint32_t tmp1 = tmp[1U]; - uint32_t tmp2 = tmp[2U]; - uint32_t tmp3 = tmp[3U]; - uint32_t tmp4 = tmp[4U]; - uint32_t tmp5 = tmp[5U]; - uint32_t tmp6 = tmp[6U]; - uint32_t tmp7 = tmp[7U]; - uint32_t iv0_ = iv0 ^ tmp0; - uint32_t iv1_ = iv1 ^ tmp1; - uint32_t iv2_ = iv2 ^ tmp2; - uint32_t iv3_ = iv3 ^ tmp3; - uint32_t iv4_ = iv4 ^ tmp4; - uint32_t iv5_ = iv5 ^ tmp5; - uint32_t iv6_ = iv6 ^ tmp6; - uint32_t iv7_ = iv7 ^ tmp7; - r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1_, iv2_, iv3_); - r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4_, iv5_, iv6_, iv7_); + uint32_t kk_shift_8 = kk << 8U; + uint32_t iv0_ = iv0 ^ (0x01010000U ^ (kk_shift_8 ^ nn)); + r0[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv0_, iv1, iv2, iv3); + r1[0U] = Lib_IntVector_Intrinsics_vec128_load32s(iv4, iv5, iv6, iv7); } static void diff --git a/sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c b/sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c new file mode 100644 index 000000000..da368dab9 --- /dev/null +++ b/sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c @@ -0,0 +1,2383 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "internal/Hacl_SHA3_Scalar.h" + +const +uint32_t +Hacl_Impl_SHA3_Vec_keccak_rotc[24U] = + { + 1U, 3U, 6U, 10U, 15U, 21U, 28U, 36U, 45U, 55U, 2U, 14U, 27U, 41U, 56U, 8U, 25U, 43U, 62U, 18U, + 39U, 61U, 20U, 44U + }; + +const +uint32_t +Hacl_Impl_SHA3_Vec_keccak_piln[24U] = + { + 10U, 7U, 11U, 17U, 18U, 3U, 5U, 16U, 8U, 21U, 24U, 4U, 15U, 23U, 19U, 13U, 12U, 2U, 20U, 14U, + 22U, 9U, 6U, 1U + }; + +const +uint64_t +Hacl_Impl_SHA3_Vec_keccak_rndc[24U] = + { + 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 0x8000000080008000ULL, + 0x000000000000808bULL, 0x0000000080000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL, + 0x000000000000008aULL, 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL, + 0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL, + 0x8000000000008002ULL, 0x8000000000000080ULL, 0x000000000000800aULL, 0x800000008000000aULL, + 0x8000000080008081ULL, 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL + }; + +void +Hacl_SHA3_Scalar_shake128_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +) +{ + uint32_t rateInBytes = 168U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x1FU; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + outputByteLen - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Scalar_shake256_hacl( + uint32_t inputByteLen, + uint8_t *input, + uint32_t outputByteLen, + uint8_t *output +) +{ + uint32_t rateInBytes = 136U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x1FU; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + outputByteLen - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 144U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 28U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 28U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 28U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 136U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 32U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 32U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 32U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 104U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 48U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 48U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 48U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + +void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + uint32_t rateInBytes = 72U; + uint64_t s[25U] = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b1[256U] = { 0U }; + uint8_t *b_ = b1; + uint8_t *b0 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b0 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + uint64_t ws[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u = load64_le(b); + ws[0U] = u; + uint64_t u0 = load64_le(b + 8U); + ws[1U] = u0; + uint64_t u1 = load64_le(b + 16U); + ws[2U] = u1; + uint64_t u2 = load64_le(b + 24U); + ws[3U] = u2; + uint64_t u3 = load64_le(b + 32U); + ws[4U] = u3; + uint64_t u4 = load64_le(b + 40U); + ws[5U] = u4; + uint64_t u5 = load64_le(b + 48U); + ws[6U] = u5; + uint64_t u6 = load64_le(b + 56U); + ws[7U] = u6; + uint64_t u7 = load64_le(b + 64U); + ws[8U] = u7; + uint64_t u8 = load64_le(b + 72U); + ws[9U] = u8; + uint64_t u9 = load64_le(b + 80U); + ws[10U] = u9; + uint64_t u10 = load64_le(b + 88U); + ws[11U] = u10; + uint64_t u11 = load64_le(b + 96U); + ws[12U] = u11; + uint64_t u12 = load64_le(b + 104U); + ws[13U] = u12; + uint64_t u13 = load64_le(b + 112U); + ws[14U] = u13; + uint64_t u14 = load64_le(b + 120U); + ws[15U] = u14; + uint64_t u15 = load64_le(b + 128U); + ws[16U] = u15; + uint64_t u16 = load64_le(b + 136U); + ws[17U] = u16; + uint64_t u17 = load64_le(b + 144U); + ws[18U] = u17; + uint64_t u18 = load64_le(b + 152U); + ws[19U] = u18; + uint64_t u19 = load64_le(b + 160U); + ws[20U] = u19; + uint64_t u20 = load64_le(b + 168U); + ws[21U] = u20; + uint64_t u21 = load64_le(b + 176U); + ws[22U] = u21; + uint64_t u22 = load64_le(b + 184U); + ws[23U] = u22; + uint64_t u23 = load64_le(b + 192U); + ws[24U] = u23; + uint64_t u24 = load64_le(b + 200U); + ws[25U] = u24; + uint64_t u25 = load64_le(b + 208U); + ws[26U] = u25; + uint64_t u26 = load64_le(b + 216U); + ws[27U] = u26; + uint64_t u27 = load64_le(b + 224U); + ws[28U] = u27; + uint64_t u28 = load64_le(b + 232U); + ws[29U] = u28; + uint64_t u29 = load64_le(b + 240U); + ws[30U] = u29; + uint64_t u30 = load64_le(b + 248U); + ws[31U] = u30; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws[i]; + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____0 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____0 << 1U | uu____0 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = current; + s[_Y] = uu____1 << r | uu____1 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b2[256U] = { 0U }; + uint8_t *b_ = b2; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b00 = input; + uint8_t *bl0 = b_; + memcpy(bl0, b00 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b01 = b_; + b01[rem] = 0x06U; + uint64_t ws0[32U] = { 0U }; + uint8_t *b = b_; + uint64_t u0 = load64_le(b); + ws0[0U] = u0; + uint64_t u1 = load64_le(b + 8U); + ws0[1U] = u1; + uint64_t u2 = load64_le(b + 16U); + ws0[2U] = u2; + uint64_t u3 = load64_le(b + 24U); + ws0[3U] = u3; + uint64_t u4 = load64_le(b + 32U); + ws0[4U] = u4; + uint64_t u5 = load64_le(b + 40U); + ws0[5U] = u5; + uint64_t u6 = load64_le(b + 48U); + ws0[6U] = u6; + uint64_t u7 = load64_le(b + 56U); + ws0[7U] = u7; + uint64_t u8 = load64_le(b + 64U); + ws0[8U] = u8; + uint64_t u9 = load64_le(b + 72U); + ws0[9U] = u9; + uint64_t u10 = load64_le(b + 80U); + ws0[10U] = u10; + uint64_t u11 = load64_le(b + 88U); + ws0[11U] = u11; + uint64_t u12 = load64_le(b + 96U); + ws0[12U] = u12; + uint64_t u13 = load64_le(b + 104U); + ws0[13U] = u13; + uint64_t u14 = load64_le(b + 112U); + ws0[14U] = u14; + uint64_t u15 = load64_le(b + 120U); + ws0[15U] = u15; + uint64_t u16 = load64_le(b + 128U); + ws0[16U] = u16; + uint64_t u17 = load64_le(b + 136U); + ws0[17U] = u17; + uint64_t u18 = load64_le(b + 144U); + ws0[18U] = u18; + uint64_t u19 = load64_le(b + 152U); + ws0[19U] = u19; + uint64_t u20 = load64_le(b + 160U); + ws0[20U] = u20; + uint64_t u21 = load64_le(b + 168U); + ws0[21U] = u21; + uint64_t u22 = load64_le(b + 176U); + ws0[22U] = u22; + uint64_t u23 = load64_le(b + 184U); + ws0[23U] = u23; + uint64_t u24 = load64_le(b + 192U); + ws0[24U] = u24; + uint64_t u25 = load64_le(b + 200U); + ws0[25U] = u25; + uint64_t u26 = load64_le(b + 208U); + ws0[26U] = u26; + uint64_t u27 = load64_le(b + 216U); + ws0[27U] = u27; + uint64_t u28 = load64_le(b + 224U); + ws0[28U] = u28; + uint64_t u29 = load64_le(b + 232U); + ws0[29U] = u29; + uint64_t u30 = load64_le(b + 240U); + ws0[30U] = u30; + uint64_t u31 = load64_le(b + 248U); + ws0[31U] = u31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws0[i]; + } + uint8_t b3[256U] = { 0U }; + uint8_t *b4 = b3; + uint8_t *b0 = b4; + b0[rateInBytes - 1U] = 0x80U; + uint64_t ws1[32U] = { 0U }; + uint8_t *b1 = b4; + uint64_t u = load64_le(b1); + ws1[0U] = u; + uint64_t u32 = load64_le(b1 + 8U); + ws1[1U] = u32; + uint64_t u33 = load64_le(b1 + 16U); + ws1[2U] = u33; + uint64_t u34 = load64_le(b1 + 24U); + ws1[3U] = u34; + uint64_t u35 = load64_le(b1 + 32U); + ws1[4U] = u35; + uint64_t u36 = load64_le(b1 + 40U); + ws1[5U] = u36; + uint64_t u37 = load64_le(b1 + 48U); + ws1[6U] = u37; + uint64_t u38 = load64_le(b1 + 56U); + ws1[7U] = u38; + uint64_t u39 = load64_le(b1 + 64U); + ws1[8U] = u39; + uint64_t u40 = load64_le(b1 + 72U); + ws1[9U] = u40; + uint64_t u41 = load64_le(b1 + 80U); + ws1[10U] = u41; + uint64_t u42 = load64_le(b1 + 88U); + ws1[11U] = u42; + uint64_t u43 = load64_le(b1 + 96U); + ws1[12U] = u43; + uint64_t u44 = load64_le(b1 + 104U); + ws1[13U] = u44; + uint64_t u45 = load64_le(b1 + 112U); + ws1[14U] = u45; + uint64_t u46 = load64_le(b1 + 120U); + ws1[15U] = u46; + uint64_t u47 = load64_le(b1 + 128U); + ws1[16U] = u47; + uint64_t u48 = load64_le(b1 + 136U); + ws1[17U] = u48; + uint64_t u49 = load64_le(b1 + 144U); + ws1[18U] = u49; + uint64_t u50 = load64_le(b1 + 152U); + ws1[19U] = u50; + uint64_t u51 = load64_le(b1 + 160U); + ws1[20U] = u51; + uint64_t u52 = load64_le(b1 + 168U); + ws1[21U] = u52; + uint64_t u53 = load64_le(b1 + 176U); + ws1[22U] = u53; + uint64_t u54 = load64_le(b1 + 184U); + ws1[23U] = u54; + uint64_t u55 = load64_le(b1 + 192U); + ws1[24U] = u55; + uint64_t u56 = load64_le(b1 + 200U); + ws1[25U] = u56; + uint64_t u57 = load64_le(b1 + 208U); + ws1[26U] = u57; + uint64_t u58 = load64_le(b1 + 216U); + ws1[27U] = u58; + uint64_t u59 = load64_le(b1 + 224U); + ws1[28U] = u59; + uint64_t u60 = load64_le(b1 + 232U); + ws1[29U] = u60; + uint64_t u61 = load64_le(b1 + 240U); + ws1[30U] = u61; + uint64_t u62 = load64_le(b1 + 248U); + ws1[31U] = u62; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = s[i] ^ ws1[i]; + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + uint64_t uu____2 = _C[(i1 + 1U) % 5U]; + uint64_t _D = _C[(i1 + 4U) % 5U] ^ (uu____2 << 1U | uu____2 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i1 + 5U * i] = s[i1 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____3 = current; + s[_Y] = uu____3 << r | uu____3 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } + for (uint32_t i0 = 0U; i0 < 64U / rateInBytes; i0++) + { + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + i0 * rateInBytes, hbuf, rateInBytes * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + _C[i] = s[i + 0U] ^ (s[i + 5U] ^ (s[i + 10U] ^ (s[i + 15U] ^ s[i + 20U])));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + uint64_t uu____4 = _C[(i2 + 1U) % 5U]; + uint64_t _D = _C[(i2 + 4U) % 5U] ^ (uu____4 << 1U | uu____4 >> 63U); + KRML_MAYBE_FOR5(i, 0U, 5U, 1U, s[i2 + 5U * i] = s[i2 + 5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____5 = current; + s[_Y] = uu____5 << r | uu____5 >> (64U - r); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + uint64_t v0 = s[0U + 5U * i] ^ (~s[1U + 5U * i] & s[2U + 5U * i]); + uint64_t v1 = s[1U + 5U * i] ^ (~s[2U + 5U * i] & s[3U + 5U * i]); + uint64_t v2 = s[2U + 5U * i] ^ (~s[3U + 5U * i] & s[4U + 5U * i]); + uint64_t v3 = s[3U + 5U * i] ^ (~s[4U + 5U * i] & s[0U + 5U * i]); + uint64_t v4 = s[4U + 5U * i] ^ (~s[0U + 5U * i] & s[1U + 5U * i]); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + s[0U] = s[0U] ^ c; + } + } + uint32_t remOut = 64U % rateInBytes; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(output + 64U - remOut, hbuf, remOut * sizeof (uint8_t)); +} + diff --git a/sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c b/sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c new file mode 100644 index 000000000..739a56eb9 --- /dev/null +++ b/sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c @@ -0,0 +1,10076 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "Hacl_SHA3_Vec256.h" + +#include "internal/Hacl_SHA3_Scalar.h" +#include "libintvector.h" + +void +Hacl_SHA3_Vec256_shake128_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 168U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x1FU; + b13[rem] = 0x1FU; + b23[rem] = 0x1FU; + b33[rem] = 0x1FU; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_shake256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint32_t outputByteLen, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 136U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x1FU; + b13[rem] = 0x1FU; + b23[rem] = 0x1FU; + b33[rem] = 0x1FU; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < outputByteLen / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + outputByteLen - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + outputByteLen - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_224_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 144U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 28U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 28U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 28U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 28U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 28U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 28U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 28U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 28U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 28U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 28U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_256_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 136U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 32U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 32U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 32U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 32U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 32U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 32U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 32U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 32U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 32U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 32U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_384_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 104U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 48U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 48U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 48U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 48U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 48U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 48U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 48U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 48U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 48U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 48U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + +void +Hacl_SHA3_Vec256_sha3_512_vec256( + uint32_t inputByteLen, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *output0, + uint8_t *output1, + uint8_t *output2, + uint8_t *output3 +) +{ + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + rb = { .fst = output0, .snd = { .fst = output1, .snd = { .fst = output2, .snd = output3 } } }; + uint32_t rateInBytes = 72U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 s[25U] KRML_POST_ALIGN(32) = { 0U }; + for (uint32_t i0 = 0U; i0 < inputByteLen / rateInBytes; i0++) + { + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint8_t *b31 = ib.snd.snd.snd; + uint8_t *b21 = ib.snd.snd.fst; + uint8_t *b11 = ib.snd.fst; + uint8_t *b01 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b01 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl1, b11 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl2, b21 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + memcpy(bl3, b31 + i0 * rateInBytes, rateInBytes * sizeof (uint8_t)); + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b3 = b_.snd.snd.snd; + uint8_t *b2 = b_.snd.snd.fst; + uint8_t *b1 = b_.snd.fst; + uint8_t *b0 = b_.fst; + ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0); + ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1); + ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2); + ws[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3); + ws[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 32U); + ws[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 32U); + ws[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 32U); + ws[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 32U); + ws[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 64U); + ws[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 64U); + ws[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 64U); + ws[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 64U); + ws[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 96U); + ws[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 96U); + ws[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 96U); + ws[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 96U); + ws[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 128U); + ws[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 128U); + ws[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 128U); + ws[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 128U); + ws[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 160U); + ws[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 160U); + ws[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 160U); + ws[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 160U); + ws[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 192U); + ws[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 192U); + ws[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 192U); + ws[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 192U); + ws[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b0 + 224U); + ws[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b1 + 224U); + ws[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b2 + 224U); + ws[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b3 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__5; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__6; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws[i]); + } + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____0 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____1 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____2 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____0, + Lib_IntVector_Intrinsics_vec256_xor(uu____1, + Lib_IntVector_Intrinsics_vec256_xor(uu____2, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____3 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____4 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____3, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____4, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____4, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____5 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____5, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____5, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____6 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____7 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v07 = + Lib_IntVector_Intrinsics_vec256_xor(uu____6, + Lib_IntVector_Intrinsics_vec256_and(uu____7, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____8 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____9 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v17 = + Lib_IntVector_Intrinsics_vec256_xor(uu____8, + Lib_IntVector_Intrinsics_vec256_and(uu____9, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____10 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____11 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v27 = + Lib_IntVector_Intrinsics_vec256_xor(uu____10, + Lib_IntVector_Intrinsics_vec256_and(uu____11, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____12 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____13 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v37 = + Lib_IntVector_Intrinsics_vec256_xor(uu____12, + Lib_IntVector_Intrinsics_vec256_and(uu____13, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____14 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____15 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____14, + Lib_IntVector_Intrinsics_vec256_and(uu____15, s[1U + 5U * i])); + s[0U + 5U * i] = v07; + s[1U + 5U * i] = v17; + s[2U + 5U * i] = v27; + s[3U + 5U * i] = v37; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____16 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____16, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t rem = inputByteLen % rateInBytes; + uint8_t b00[256U] = { 0U }; + uint8_t b10[256U] = { 0U }; + uint8_t b20[256U] = { 0U }; + uint8_t b30[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b_ = { .fst = b00, .snd = { .fst = b10, .snd = { .fst = b20, .snd = b30 } } }; + uint32_t rem1 = inputByteLen % rateInBytes; + uint8_t *b32 = ib.snd.snd.snd; + uint8_t *b22 = ib.snd.snd.fst; + uint8_t *b12 = ib.snd.fst; + uint8_t *b02 = ib.fst; + uint8_t *bl3 = b_.snd.snd.snd; + uint8_t *bl2 = b_.snd.snd.fst; + uint8_t *bl1 = b_.snd.fst; + uint8_t *bl0 = b_.fst; + memcpy(bl0, b02 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl1, b12 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl2, b22 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + memcpy(bl3, b32 + inputByteLen - rem1, rem1 * sizeof (uint8_t)); + uint8_t *b33 = b_.snd.snd.snd; + uint8_t *b23 = b_.snd.snd.fst; + uint8_t *b13 = b_.snd.fst; + uint8_t *b03 = b_.fst; + b03[rem] = 0x06U; + b13[rem] = 0x06U; + b23[rem] = 0x06U; + b33[rem] = 0x06U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws32[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b34 = b_.snd.snd.snd; + uint8_t *b24 = b_.snd.snd.fst; + uint8_t *b14 = b_.snd.fst; + uint8_t *b04 = b_.fst; + ws32[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04); + ws32[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14); + ws32[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24); + ws32[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34); + ws32[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 32U); + ws32[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 32U); + ws32[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 32U); + ws32[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 32U); + ws32[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 64U); + ws32[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 64U); + ws32[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 64U); + ws32[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 64U); + ws32[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 96U); + ws32[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 96U); + ws32[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 96U); + ws32[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 96U); + ws32[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 128U); + ws32[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 128U); + ws32[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 128U); + ws32[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 128U); + ws32[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 160U); + ws32[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 160U); + ws32[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 160U); + ws32[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 160U); + ws32[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 192U); + ws32[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 192U); + ws32[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 192U); + ws32[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 192U); + ws32[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b04 + 224U); + ws32[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b14 + 224U); + ws32[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b24 + 224U); + ws32[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b34 + 224U); + Lib_IntVector_Intrinsics_vec256 v00 = ws32[0U]; + Lib_IntVector_Intrinsics_vec256 v10 = ws32[1U]; + Lib_IntVector_Intrinsics_vec256 v20 = ws32[2U]; + Lib_IntVector_Intrinsics_vec256 v30 = ws32[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v1_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v00, v10); + Lib_IntVector_Intrinsics_vec256 + v2_ = Lib_IntVector_Intrinsics_vec256_interleave_low64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v3_ = Lib_IntVector_Intrinsics_vec256_interleave_high64(v20, v30); + Lib_IntVector_Intrinsics_vec256 + v0__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v1__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_, v2_); + Lib_IntVector_Intrinsics_vec256 + v2__ = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 + v3__ = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_, v3_); + Lib_IntVector_Intrinsics_vec256 ws00 = v0__; + Lib_IntVector_Intrinsics_vec256 ws110 = v2__; + Lib_IntVector_Intrinsics_vec256 ws210 = v1__; + Lib_IntVector_Intrinsics_vec256 ws33 = v3__; + Lib_IntVector_Intrinsics_vec256 v01 = ws32[4U]; + Lib_IntVector_Intrinsics_vec256 v11 = ws32[5U]; + Lib_IntVector_Intrinsics_vec256 v21 = ws32[6U]; + Lib_IntVector_Intrinsics_vec256 v31 = ws32[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v1_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v01, v11); + Lib_IntVector_Intrinsics_vec256 + v2_0 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v3_0 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v21, v31); + Lib_IntVector_Intrinsics_vec256 + v0__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v1__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_0, v2_0); + Lib_IntVector_Intrinsics_vec256 + v2__0 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 + v3__0 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_0, v3_0); + Lib_IntVector_Intrinsics_vec256 ws40 = v0__0; + Lib_IntVector_Intrinsics_vec256 ws50 = v2__0; + Lib_IntVector_Intrinsics_vec256 ws60 = v1__0; + Lib_IntVector_Intrinsics_vec256 ws70 = v3__0; + Lib_IntVector_Intrinsics_vec256 v02 = ws32[8U]; + Lib_IntVector_Intrinsics_vec256 v12 = ws32[9U]; + Lib_IntVector_Intrinsics_vec256 v22 = ws32[10U]; + Lib_IntVector_Intrinsics_vec256 v32 = ws32[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v1_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v02, v12); + Lib_IntVector_Intrinsics_vec256 + v2_1 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v3_1 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v22, v32); + Lib_IntVector_Intrinsics_vec256 + v0__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v1__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_1, v2_1); + Lib_IntVector_Intrinsics_vec256 + v2__1 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 + v3__1 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_1, v3_1); + Lib_IntVector_Intrinsics_vec256 ws80 = v0__1; + Lib_IntVector_Intrinsics_vec256 ws90 = v2__1; + Lib_IntVector_Intrinsics_vec256 ws100 = v1__1; + Lib_IntVector_Intrinsics_vec256 ws111 = v3__1; + Lib_IntVector_Intrinsics_vec256 v03 = ws32[12U]; + Lib_IntVector_Intrinsics_vec256 v13 = ws32[13U]; + Lib_IntVector_Intrinsics_vec256 v23 = ws32[14U]; + Lib_IntVector_Intrinsics_vec256 v33 = ws32[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v1_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v03, v13); + Lib_IntVector_Intrinsics_vec256 + v2_2 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v3_2 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v23, v33); + Lib_IntVector_Intrinsics_vec256 + v0__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v1__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_2, v2_2); + Lib_IntVector_Intrinsics_vec256 + v2__2 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 + v3__2 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_2, v3_2); + Lib_IntVector_Intrinsics_vec256 ws120 = v0__2; + Lib_IntVector_Intrinsics_vec256 ws130 = v2__2; + Lib_IntVector_Intrinsics_vec256 ws140 = v1__2; + Lib_IntVector_Intrinsics_vec256 ws150 = v3__2; + Lib_IntVector_Intrinsics_vec256 v04 = ws32[16U]; + Lib_IntVector_Intrinsics_vec256 v14 = ws32[17U]; + Lib_IntVector_Intrinsics_vec256 v24 = ws32[18U]; + Lib_IntVector_Intrinsics_vec256 v34 = ws32[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v1_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v04, v14); + Lib_IntVector_Intrinsics_vec256 + v2_3 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v3_3 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v24, v34); + Lib_IntVector_Intrinsics_vec256 + v0__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v1__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_3, v2_3); + Lib_IntVector_Intrinsics_vec256 + v2__3 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 + v3__3 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_3, v3_3); + Lib_IntVector_Intrinsics_vec256 ws160 = v0__3; + Lib_IntVector_Intrinsics_vec256 ws170 = v2__3; + Lib_IntVector_Intrinsics_vec256 ws180 = v1__3; + Lib_IntVector_Intrinsics_vec256 ws190 = v3__3; + Lib_IntVector_Intrinsics_vec256 v05 = ws32[20U]; + Lib_IntVector_Intrinsics_vec256 v15 = ws32[21U]; + Lib_IntVector_Intrinsics_vec256 v25 = ws32[22U]; + Lib_IntVector_Intrinsics_vec256 v35 = ws32[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v1_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v05, v15); + Lib_IntVector_Intrinsics_vec256 + v2_4 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v3_4 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v25, v35); + Lib_IntVector_Intrinsics_vec256 + v0__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v1__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_4, v2_4); + Lib_IntVector_Intrinsics_vec256 + v2__4 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 + v3__4 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_4, v3_4); + Lib_IntVector_Intrinsics_vec256 ws200 = v0__4; + Lib_IntVector_Intrinsics_vec256 ws211 = v2__4; + Lib_IntVector_Intrinsics_vec256 ws220 = v1__4; + Lib_IntVector_Intrinsics_vec256 ws230 = v3__4; + Lib_IntVector_Intrinsics_vec256 v06 = ws32[24U]; + Lib_IntVector_Intrinsics_vec256 v16 = ws32[25U]; + Lib_IntVector_Intrinsics_vec256 v26 = ws32[26U]; + Lib_IntVector_Intrinsics_vec256 v36 = ws32[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v1_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v06, v16); + Lib_IntVector_Intrinsics_vec256 + v2_5 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v3_5 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v26, v36); + Lib_IntVector_Intrinsics_vec256 + v0__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v1__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_5, v2_5); + Lib_IntVector_Intrinsics_vec256 + v2__5 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 + v3__5 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_5, v3_5); + Lib_IntVector_Intrinsics_vec256 ws240 = v0__5; + Lib_IntVector_Intrinsics_vec256 ws250 = v2__5; + Lib_IntVector_Intrinsics_vec256 ws260 = v1__5; + Lib_IntVector_Intrinsics_vec256 ws270 = v3__5; + Lib_IntVector_Intrinsics_vec256 v07 = ws32[28U]; + Lib_IntVector_Intrinsics_vec256 v17 = ws32[29U]; + Lib_IntVector_Intrinsics_vec256 v27 = ws32[30U]; + Lib_IntVector_Intrinsics_vec256 v37 = ws32[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v1_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v07, v17); + Lib_IntVector_Intrinsics_vec256 + v2_6 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v3_6 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v27, v37); + Lib_IntVector_Intrinsics_vec256 + v0__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v1__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_6, v2_6); + Lib_IntVector_Intrinsics_vec256 + v2__6 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 + v3__6 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_6, v3_6); + Lib_IntVector_Intrinsics_vec256 ws280 = v0__6; + Lib_IntVector_Intrinsics_vec256 ws290 = v2__6; + Lib_IntVector_Intrinsics_vec256 ws300 = v1__6; + Lib_IntVector_Intrinsics_vec256 ws310 = v3__6; + ws32[0U] = ws00; + ws32[1U] = ws110; + ws32[2U] = ws210; + ws32[3U] = ws33; + ws32[4U] = ws40; + ws32[5U] = ws50; + ws32[6U] = ws60; + ws32[7U] = ws70; + ws32[8U] = ws80; + ws32[9U] = ws90; + ws32[10U] = ws100; + ws32[11U] = ws111; + ws32[12U] = ws120; + ws32[13U] = ws130; + ws32[14U] = ws140; + ws32[15U] = ws150; + ws32[16U] = ws160; + ws32[17U] = ws170; + ws32[18U] = ws180; + ws32[19U] = ws190; + ws32[20U] = ws200; + ws32[21U] = ws211; + ws32[22U] = ws220; + ws32[23U] = ws230; + ws32[24U] = ws240; + ws32[25U] = ws250; + ws32[26U] = ws260; + ws32[27U] = ws270; + ws32[28U] = ws280; + ws32[29U] = ws290; + ws32[30U] = ws300; + ws32[31U] = ws310; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws32[i]); + } + uint8_t b05[256U] = { 0U }; + uint8_t b15[256U] = { 0U }; + uint8_t b25[256U] = { 0U }; + uint8_t b35[256U] = { 0U }; + K____uint8_t___uint8_t____K____uint8_t___uint8_t_ + b = { .fst = b05, .snd = { .fst = b15, .snd = { .fst = b25, .snd = b35 } } }; + uint8_t *b36 = b.snd.snd.snd; + uint8_t *b26 = b.snd.snd.fst; + uint8_t *b16 = b.snd.fst; + uint8_t *b06 = b.fst; + b06[rateInBytes - 1U] = 0x80U; + b16[rateInBytes - 1U] = 0x80U; + b26[rateInBytes - 1U] = 0x80U; + b36[rateInBytes - 1U] = 0x80U; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws34[32U] KRML_POST_ALIGN(32) = { 0U }; + uint8_t *b37 = b.snd.snd.snd; + uint8_t *b27 = b.snd.snd.fst; + uint8_t *b17 = b.snd.fst; + uint8_t *b07 = b.fst; + ws34[0U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07); + ws34[1U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17); + ws34[2U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27); + ws34[3U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37); + ws34[4U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 32U); + ws34[5U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 32U); + ws34[6U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 32U); + ws34[7U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 32U); + ws34[8U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 64U); + ws34[9U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 64U); + ws34[10U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 64U); + ws34[11U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 64U); + ws34[12U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 96U); + ws34[13U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 96U); + ws34[14U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 96U); + ws34[15U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 96U); + ws34[16U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 128U); + ws34[17U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 128U); + ws34[18U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 128U); + ws34[19U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 128U); + ws34[20U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 160U); + ws34[21U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 160U); + ws34[22U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 160U); + ws34[23U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 160U); + ws34[24U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 192U); + ws34[25U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 192U); + ws34[26U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 192U); + ws34[27U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 192U); + ws34[28U] = Lib_IntVector_Intrinsics_vec256_load64_le(b07 + 224U); + ws34[29U] = Lib_IntVector_Intrinsics_vec256_load64_le(b17 + 224U); + ws34[30U] = Lib_IntVector_Intrinsics_vec256_load64_le(b27 + 224U); + ws34[31U] = Lib_IntVector_Intrinsics_vec256_load64_le(b37 + 224U); + Lib_IntVector_Intrinsics_vec256 v08 = ws34[0U]; + Lib_IntVector_Intrinsics_vec256 v18 = ws34[1U]; + Lib_IntVector_Intrinsics_vec256 v28 = ws34[2U]; + Lib_IntVector_Intrinsics_vec256 v38 = ws34[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v1_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v08, v18); + Lib_IntVector_Intrinsics_vec256 + v2_7 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v3_7 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v28, v38); + Lib_IntVector_Intrinsics_vec256 + v0__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v1__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_7, v2_7); + Lib_IntVector_Intrinsics_vec256 + v2__7 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 + v3__7 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_7, v3_7); + Lib_IntVector_Intrinsics_vec256 ws01 = v0__7; + Lib_IntVector_Intrinsics_vec256 ws112 = v2__7; + Lib_IntVector_Intrinsics_vec256 ws212 = v1__7; + Lib_IntVector_Intrinsics_vec256 ws35 = v3__7; + Lib_IntVector_Intrinsics_vec256 v09 = ws34[4U]; + Lib_IntVector_Intrinsics_vec256 v19 = ws34[5U]; + Lib_IntVector_Intrinsics_vec256 v29 = ws34[6U]; + Lib_IntVector_Intrinsics_vec256 v39 = ws34[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v1_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v09, v19); + Lib_IntVector_Intrinsics_vec256 + v2_8 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v3_8 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v29, v39); + Lib_IntVector_Intrinsics_vec256 + v0__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v1__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_8, v2_8); + Lib_IntVector_Intrinsics_vec256 + v2__8 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 + v3__8 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_8, v3_8); + Lib_IntVector_Intrinsics_vec256 ws41 = v0__8; + Lib_IntVector_Intrinsics_vec256 ws51 = v2__8; + Lib_IntVector_Intrinsics_vec256 ws61 = v1__8; + Lib_IntVector_Intrinsics_vec256 ws71 = v3__8; + Lib_IntVector_Intrinsics_vec256 v010 = ws34[8U]; + Lib_IntVector_Intrinsics_vec256 v110 = ws34[9U]; + Lib_IntVector_Intrinsics_vec256 v210 = ws34[10U]; + Lib_IntVector_Intrinsics_vec256 v310 = ws34[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v1_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v010, v110); + Lib_IntVector_Intrinsics_vec256 + v2_9 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v3_9 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v210, v310); + Lib_IntVector_Intrinsics_vec256 + v0__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v1__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_9, v2_9); + Lib_IntVector_Intrinsics_vec256 + v2__9 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 + v3__9 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_9, v3_9); + Lib_IntVector_Intrinsics_vec256 ws81 = v0__9; + Lib_IntVector_Intrinsics_vec256 ws91 = v2__9; + Lib_IntVector_Intrinsics_vec256 ws101 = v1__9; + Lib_IntVector_Intrinsics_vec256 ws113 = v3__9; + Lib_IntVector_Intrinsics_vec256 v011 = ws34[12U]; + Lib_IntVector_Intrinsics_vec256 v111 = ws34[13U]; + Lib_IntVector_Intrinsics_vec256 v211 = ws34[14U]; + Lib_IntVector_Intrinsics_vec256 v311 = ws34[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v1_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v011, v111); + Lib_IntVector_Intrinsics_vec256 + v2_10 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v3_10 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v211, v311); + Lib_IntVector_Intrinsics_vec256 + v0__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v1__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_10, v2_10); + Lib_IntVector_Intrinsics_vec256 + v2__10 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 + v3__10 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_10, v3_10); + Lib_IntVector_Intrinsics_vec256 ws121 = v0__10; + Lib_IntVector_Intrinsics_vec256 ws131 = v2__10; + Lib_IntVector_Intrinsics_vec256 ws141 = v1__10; + Lib_IntVector_Intrinsics_vec256 ws151 = v3__10; + Lib_IntVector_Intrinsics_vec256 v012 = ws34[16U]; + Lib_IntVector_Intrinsics_vec256 v112 = ws34[17U]; + Lib_IntVector_Intrinsics_vec256 v212 = ws34[18U]; + Lib_IntVector_Intrinsics_vec256 v312 = ws34[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v1_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v012, v112); + Lib_IntVector_Intrinsics_vec256 + v2_11 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v3_11 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v212, v312); + Lib_IntVector_Intrinsics_vec256 + v0__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v1__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_11, v2_11); + Lib_IntVector_Intrinsics_vec256 + v2__11 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 + v3__11 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_11, v3_11); + Lib_IntVector_Intrinsics_vec256 ws161 = v0__11; + Lib_IntVector_Intrinsics_vec256 ws171 = v2__11; + Lib_IntVector_Intrinsics_vec256 ws181 = v1__11; + Lib_IntVector_Intrinsics_vec256 ws191 = v3__11; + Lib_IntVector_Intrinsics_vec256 v013 = ws34[20U]; + Lib_IntVector_Intrinsics_vec256 v113 = ws34[21U]; + Lib_IntVector_Intrinsics_vec256 v213 = ws34[22U]; + Lib_IntVector_Intrinsics_vec256 v313 = ws34[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v1_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v013, v113); + Lib_IntVector_Intrinsics_vec256 + v2_12 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v3_12 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v213, v313); + Lib_IntVector_Intrinsics_vec256 + v0__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v1__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_12, v2_12); + Lib_IntVector_Intrinsics_vec256 + v2__12 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 + v3__12 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_12, v3_12); + Lib_IntVector_Intrinsics_vec256 ws201 = v0__12; + Lib_IntVector_Intrinsics_vec256 ws213 = v2__12; + Lib_IntVector_Intrinsics_vec256 ws221 = v1__12; + Lib_IntVector_Intrinsics_vec256 ws231 = v3__12; + Lib_IntVector_Intrinsics_vec256 v014 = ws34[24U]; + Lib_IntVector_Intrinsics_vec256 v114 = ws34[25U]; + Lib_IntVector_Intrinsics_vec256 v214 = ws34[26U]; + Lib_IntVector_Intrinsics_vec256 v314 = ws34[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v1_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v014, v114); + Lib_IntVector_Intrinsics_vec256 + v2_13 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v3_13 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v214, v314); + Lib_IntVector_Intrinsics_vec256 + v0__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v1__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_13, v2_13); + Lib_IntVector_Intrinsics_vec256 + v2__13 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 + v3__13 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_13, v3_13); + Lib_IntVector_Intrinsics_vec256 ws241 = v0__13; + Lib_IntVector_Intrinsics_vec256 ws251 = v2__13; + Lib_IntVector_Intrinsics_vec256 ws261 = v1__13; + Lib_IntVector_Intrinsics_vec256 ws271 = v3__13; + Lib_IntVector_Intrinsics_vec256 v015 = ws34[28U]; + Lib_IntVector_Intrinsics_vec256 v115 = ws34[29U]; + Lib_IntVector_Intrinsics_vec256 v215 = ws34[30U]; + Lib_IntVector_Intrinsics_vec256 v315 = ws34[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v1_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v015, v115); + Lib_IntVector_Intrinsics_vec256 + v2_14 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v3_14 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v215, v315); + Lib_IntVector_Intrinsics_vec256 + v0__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v1__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_14, v2_14); + Lib_IntVector_Intrinsics_vec256 + v2__14 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 + v3__14 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_14, v3_14); + Lib_IntVector_Intrinsics_vec256 ws281 = v0__14; + Lib_IntVector_Intrinsics_vec256 ws291 = v2__14; + Lib_IntVector_Intrinsics_vec256 ws301 = v1__14; + Lib_IntVector_Intrinsics_vec256 ws311 = v3__14; + ws34[0U] = ws01; + ws34[1U] = ws112; + ws34[2U] = ws212; + ws34[3U] = ws35; + ws34[4U] = ws41; + ws34[5U] = ws51; + ws34[6U] = ws61; + ws34[7U] = ws71; + ws34[8U] = ws81; + ws34[9U] = ws91; + ws34[10U] = ws101; + ws34[11U] = ws113; + ws34[12U] = ws121; + ws34[13U] = ws131; + ws34[14U] = ws141; + ws34[15U] = ws151; + ws34[16U] = ws161; + ws34[17U] = ws171; + ws34[18U] = ws181; + ws34[19U] = ws191; + ws34[20U] = ws201; + ws34[21U] = ws213; + ws34[22U] = ws221; + ws34[23U] = ws231; + ws34[24U] = ws241; + ws34[25U] = ws251; + ws34[26U] = ws261; + ws34[27U] = ws271; + ws34[28U] = ws281; + ws34[29U] = ws291; + ws34[30U] = ws301; + ws34[31U] = ws311; + for (uint32_t i = 0U; i < 25U; i++) + { + s[i] = Lib_IntVector_Intrinsics_vec256_xor(s[i], ws34[i]); + } + for (uint32_t i0 = 0U; i0 < 24U; i0++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____17 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____18 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____19 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____17, + Lib_IntVector_Intrinsics_vec256_xor(uu____18, + Lib_IntVector_Intrinsics_vec256_xor(uu____19, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i1, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____20 = _C[(i1 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____21 = _C[(i1 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____20, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____21, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____21, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i1 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i1 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____22 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____22, r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____22, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____23 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____24 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v0 = + Lib_IntVector_Intrinsics_vec256_xor(uu____23, + Lib_IntVector_Intrinsics_vec256_and(uu____24, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____25 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____26 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v1 = + Lib_IntVector_Intrinsics_vec256_xor(uu____25, + Lib_IntVector_Intrinsics_vec256_and(uu____26, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____27 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____28 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v2 = + Lib_IntVector_Intrinsics_vec256_xor(uu____27, + Lib_IntVector_Intrinsics_vec256_and(uu____28, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____29 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____30 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v3 = + Lib_IntVector_Intrinsics_vec256_xor(uu____29, + Lib_IntVector_Intrinsics_vec256_and(uu____30, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____31 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____32 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____31, + Lib_IntVector_Intrinsics_vec256_and(uu____32, s[1U + 5U * i])); + s[0U + 5U * i] = v0; + s[1U + 5U * i] = v1; + s[2U + 5U * i] = v2; + s[3U + 5U * i] = v3; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i0]; + Lib_IntVector_Intrinsics_vec256 uu____33 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____33, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + for (uint32_t i0 = 0U; i0 < 64U / rateInBytes; i0++) + { + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < rateInBytes / 32U; i++) + { + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = rateInBytes % 32U; + uint32_t j = rateInBytes / 32U; + uint8_t *b31 = rb.snd.snd.snd; + uint8_t *b21 = rb.snd.snd.fst; + uint8_t *b11 = rb.snd.fst; + uint8_t *b01 = rb.fst; + memcpy(b01 + i0 * rateInBytes + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b11 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b21 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b31 + i0 * rateInBytes + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); + for (uint32_t i1 = 0U; i1 < 24U; i1++) + { + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 _C[5U] KRML_POST_ALIGN(32) = { 0U }; + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____34 = s[i + 0U]; + Lib_IntVector_Intrinsics_vec256 uu____35 = s[i + 5U]; + Lib_IntVector_Intrinsics_vec256 uu____36 = s[i + 10U]; + _C[i] = + Lib_IntVector_Intrinsics_vec256_xor(uu____34, + Lib_IntVector_Intrinsics_vec256_xor(uu____35, + Lib_IntVector_Intrinsics_vec256_xor(uu____36, + Lib_IntVector_Intrinsics_vec256_xor(s[i + 15U], s[i + 20U]))));); + KRML_MAYBE_FOR5(i2, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____37 = _C[(i2 + 4U) % 5U]; + Lib_IntVector_Intrinsics_vec256 uu____38 = _C[(i2 + 1U) % 5U]; + Lib_IntVector_Intrinsics_vec256 + _D = + Lib_IntVector_Intrinsics_vec256_xor(uu____37, + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____38, + 1U), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____38, 63U))); + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + s[i2 + 5U * i] = Lib_IntVector_Intrinsics_vec256_xor(s[i2 + 5U * i], _D););); + Lib_IntVector_Intrinsics_vec256 x = s[1U]; + Lib_IntVector_Intrinsics_vec256 current = x; + for (uint32_t i = 0U; i < 24U; i++) + { + uint32_t _Y = Hacl_Impl_SHA3_Vec_keccak_piln[i]; + uint32_t r = Hacl_Impl_SHA3_Vec_keccak_rotc[i]; + Lib_IntVector_Intrinsics_vec256 temp = s[_Y]; + Lib_IntVector_Intrinsics_vec256 uu____39 = current; + s[_Y] = + Lib_IntVector_Intrinsics_vec256_or(Lib_IntVector_Intrinsics_vec256_shift_left64(uu____39, + r), + Lib_IntVector_Intrinsics_vec256_shift_right64(uu____39, 64U - r)); + current = temp; + } + KRML_MAYBE_FOR5(i, + 0U, + 5U, + 1U, + Lib_IntVector_Intrinsics_vec256 uu____40 = s[0U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____41 = Lib_IntVector_Intrinsics_vec256_lognot(s[1U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v023 = + Lib_IntVector_Intrinsics_vec256_xor(uu____40, + Lib_IntVector_Intrinsics_vec256_and(uu____41, s[2U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____42 = s[1U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____43 = Lib_IntVector_Intrinsics_vec256_lognot(s[2U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v123 = + Lib_IntVector_Intrinsics_vec256_xor(uu____42, + Lib_IntVector_Intrinsics_vec256_and(uu____43, s[3U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____44 = s[2U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____45 = Lib_IntVector_Intrinsics_vec256_lognot(s[3U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v223 = + Lib_IntVector_Intrinsics_vec256_xor(uu____44, + Lib_IntVector_Intrinsics_vec256_and(uu____45, s[4U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____46 = s[3U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____47 = Lib_IntVector_Intrinsics_vec256_lognot(s[4U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v323 = + Lib_IntVector_Intrinsics_vec256_xor(uu____46, + Lib_IntVector_Intrinsics_vec256_and(uu____47, s[0U + 5U * i])); + Lib_IntVector_Intrinsics_vec256 uu____48 = s[4U + 5U * i]; + Lib_IntVector_Intrinsics_vec256 + uu____49 = Lib_IntVector_Intrinsics_vec256_lognot(s[0U + 5U * i]); + Lib_IntVector_Intrinsics_vec256 + v4 = + Lib_IntVector_Intrinsics_vec256_xor(uu____48, + Lib_IntVector_Intrinsics_vec256_and(uu____49, s[1U + 5U * i])); + s[0U + 5U * i] = v023; + s[1U + 5U * i] = v123; + s[2U + 5U * i] = v223; + s[3U + 5U * i] = v323; + s[4U + 5U * i] = v4;); + uint64_t c = Hacl_Impl_SHA3_Vec_keccak_rndc[i1]; + Lib_IntVector_Intrinsics_vec256 uu____50 = s[0U]; + s[0U] = + Lib_IntVector_Intrinsics_vec256_xor(uu____50, + Lib_IntVector_Intrinsics_vec256_load64(c)); + } + } + uint32_t remOut = 64U % rateInBytes; + uint8_t hbuf[1024U] = { 0U }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[32U] KRML_POST_ALIGN(32) = { 0U }; + memcpy(ws, s, 25U * sizeof (Lib_IntVector_Intrinsics_vec256)); + Lib_IntVector_Intrinsics_vec256 v016 = ws[0U]; + Lib_IntVector_Intrinsics_vec256 v116 = ws[1U]; + Lib_IntVector_Intrinsics_vec256 v216 = ws[2U]; + Lib_IntVector_Intrinsics_vec256 v316 = ws[3U]; + Lib_IntVector_Intrinsics_vec256 + v0_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v1_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v016, v116); + Lib_IntVector_Intrinsics_vec256 + v2_15 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v3_15 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v216, v316); + Lib_IntVector_Intrinsics_vec256 + v0__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v1__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_15, v2_15); + Lib_IntVector_Intrinsics_vec256 + v2__15 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 + v3__15 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_15, v3_15); + Lib_IntVector_Intrinsics_vec256 ws0 = v0__15; + Lib_IntVector_Intrinsics_vec256 ws1 = v2__15; + Lib_IntVector_Intrinsics_vec256 ws2 = v1__15; + Lib_IntVector_Intrinsics_vec256 ws3 = v3__15; + Lib_IntVector_Intrinsics_vec256 v017 = ws[4U]; + Lib_IntVector_Intrinsics_vec256 v117 = ws[5U]; + Lib_IntVector_Intrinsics_vec256 v217 = ws[6U]; + Lib_IntVector_Intrinsics_vec256 v317 = ws[7U]; + Lib_IntVector_Intrinsics_vec256 + v0_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v1_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v017, v117); + Lib_IntVector_Intrinsics_vec256 + v2_16 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v3_16 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v217, v317); + Lib_IntVector_Intrinsics_vec256 + v0__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v1__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_16, v2_16); + Lib_IntVector_Intrinsics_vec256 + v2__16 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 + v3__16 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_16, v3_16); + Lib_IntVector_Intrinsics_vec256 ws4 = v0__16; + Lib_IntVector_Intrinsics_vec256 ws5 = v2__16; + Lib_IntVector_Intrinsics_vec256 ws6 = v1__16; + Lib_IntVector_Intrinsics_vec256 ws7 = v3__16; + Lib_IntVector_Intrinsics_vec256 v018 = ws[8U]; + Lib_IntVector_Intrinsics_vec256 v118 = ws[9U]; + Lib_IntVector_Intrinsics_vec256 v218 = ws[10U]; + Lib_IntVector_Intrinsics_vec256 v318 = ws[11U]; + Lib_IntVector_Intrinsics_vec256 + v0_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v1_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v018, v118); + Lib_IntVector_Intrinsics_vec256 + v2_17 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v3_17 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v218, v318); + Lib_IntVector_Intrinsics_vec256 + v0__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v1__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_17, v2_17); + Lib_IntVector_Intrinsics_vec256 + v2__17 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 + v3__17 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_17, v3_17); + Lib_IntVector_Intrinsics_vec256 ws8 = v0__17; + Lib_IntVector_Intrinsics_vec256 ws9 = v2__17; + Lib_IntVector_Intrinsics_vec256 ws10 = v1__17; + Lib_IntVector_Intrinsics_vec256 ws11 = v3__17; + Lib_IntVector_Intrinsics_vec256 v019 = ws[12U]; + Lib_IntVector_Intrinsics_vec256 v119 = ws[13U]; + Lib_IntVector_Intrinsics_vec256 v219 = ws[14U]; + Lib_IntVector_Intrinsics_vec256 v319 = ws[15U]; + Lib_IntVector_Intrinsics_vec256 + v0_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v1_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v019, v119); + Lib_IntVector_Intrinsics_vec256 + v2_18 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v3_18 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v219, v319); + Lib_IntVector_Intrinsics_vec256 + v0__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v1__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_18, v2_18); + Lib_IntVector_Intrinsics_vec256 + v2__18 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 + v3__18 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_18, v3_18); + Lib_IntVector_Intrinsics_vec256 ws12 = v0__18; + Lib_IntVector_Intrinsics_vec256 ws13 = v2__18; + Lib_IntVector_Intrinsics_vec256 ws14 = v1__18; + Lib_IntVector_Intrinsics_vec256 ws15 = v3__18; + Lib_IntVector_Intrinsics_vec256 v020 = ws[16U]; + Lib_IntVector_Intrinsics_vec256 v120 = ws[17U]; + Lib_IntVector_Intrinsics_vec256 v220 = ws[18U]; + Lib_IntVector_Intrinsics_vec256 v320 = ws[19U]; + Lib_IntVector_Intrinsics_vec256 + v0_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v1_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v020, v120); + Lib_IntVector_Intrinsics_vec256 + v2_19 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v3_19 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v220, v320); + Lib_IntVector_Intrinsics_vec256 + v0__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v1__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_19, v2_19); + Lib_IntVector_Intrinsics_vec256 + v2__19 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 + v3__19 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_19, v3_19); + Lib_IntVector_Intrinsics_vec256 ws16 = v0__19; + Lib_IntVector_Intrinsics_vec256 ws17 = v2__19; + Lib_IntVector_Intrinsics_vec256 ws18 = v1__19; + Lib_IntVector_Intrinsics_vec256 ws19 = v3__19; + Lib_IntVector_Intrinsics_vec256 v021 = ws[20U]; + Lib_IntVector_Intrinsics_vec256 v121 = ws[21U]; + Lib_IntVector_Intrinsics_vec256 v221 = ws[22U]; + Lib_IntVector_Intrinsics_vec256 v321 = ws[23U]; + Lib_IntVector_Intrinsics_vec256 + v0_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v1_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v021, v121); + Lib_IntVector_Intrinsics_vec256 + v2_20 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v3_20 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v221, v321); + Lib_IntVector_Intrinsics_vec256 + v0__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v1__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_20, v2_20); + Lib_IntVector_Intrinsics_vec256 + v2__20 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 + v3__20 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_20, v3_20); + Lib_IntVector_Intrinsics_vec256 ws20 = v0__20; + Lib_IntVector_Intrinsics_vec256 ws21 = v2__20; + Lib_IntVector_Intrinsics_vec256 ws22 = v1__20; + Lib_IntVector_Intrinsics_vec256 ws23 = v3__20; + Lib_IntVector_Intrinsics_vec256 v022 = ws[24U]; + Lib_IntVector_Intrinsics_vec256 v122 = ws[25U]; + Lib_IntVector_Intrinsics_vec256 v222 = ws[26U]; + Lib_IntVector_Intrinsics_vec256 v322 = ws[27U]; + Lib_IntVector_Intrinsics_vec256 + v0_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v1_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v022, v122); + Lib_IntVector_Intrinsics_vec256 + v2_21 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v3_21 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v222, v322); + Lib_IntVector_Intrinsics_vec256 + v0__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v1__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_21, v2_21); + Lib_IntVector_Intrinsics_vec256 + v2__21 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 + v3__21 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_21, v3_21); + Lib_IntVector_Intrinsics_vec256 ws24 = v0__21; + Lib_IntVector_Intrinsics_vec256 ws25 = v2__21; + Lib_IntVector_Intrinsics_vec256 ws26 = v1__21; + Lib_IntVector_Intrinsics_vec256 ws27 = v3__21; + Lib_IntVector_Intrinsics_vec256 v0 = ws[28U]; + Lib_IntVector_Intrinsics_vec256 v1 = ws[29U]; + Lib_IntVector_Intrinsics_vec256 v2 = ws[30U]; + Lib_IntVector_Intrinsics_vec256 v3 = ws[31U]; + Lib_IntVector_Intrinsics_vec256 + v0_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v1_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v0, v1); + Lib_IntVector_Intrinsics_vec256 + v2_22 = Lib_IntVector_Intrinsics_vec256_interleave_low64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v3_22 = Lib_IntVector_Intrinsics_vec256_interleave_high64(v2, v3); + Lib_IntVector_Intrinsics_vec256 + v0__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v1__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v0_22, v2_22); + Lib_IntVector_Intrinsics_vec256 + v2__22 = Lib_IntVector_Intrinsics_vec256_interleave_low128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 + v3__22 = Lib_IntVector_Intrinsics_vec256_interleave_high128(v1_22, v3_22); + Lib_IntVector_Intrinsics_vec256 ws28 = v0__22; + Lib_IntVector_Intrinsics_vec256 ws29 = v2__22; + Lib_IntVector_Intrinsics_vec256 ws30 = v1__22; + Lib_IntVector_Intrinsics_vec256 ws31 = v3__22; + ws[0U] = ws0; + ws[1U] = ws1; + ws[2U] = ws2; + ws[3U] = ws3; + ws[4U] = ws4; + ws[5U] = ws5; + ws[6U] = ws6; + ws[7U] = ws7; + ws[8U] = ws8; + ws[9U] = ws9; + ws[10U] = ws10; + ws[11U] = ws11; + ws[12U] = ws12; + ws[13U] = ws13; + ws[14U] = ws14; + ws[15U] = ws15; + ws[16U] = ws16; + ws[17U] = ws17; + ws[18U] = ws18; + ws[19U] = ws19; + ws[20U] = ws20; + ws[21U] = ws21; + ws[22U] = ws22; + ws[23U] = ws23; + ws[24U] = ws24; + ws[25U] = ws25; + ws[26U] = ws26; + ws[27U] = ws27; + ws[28U] = ws28; + ws[29U] = ws29; + ws[30U] = ws30; + ws[31U] = ws31; + for (uint32_t i = 0U; i < 32U; i++) + { + Lib_IntVector_Intrinsics_vec256_store64_le(hbuf + i * 32U, ws[i]); + } + for (uint32_t i = 0U; i < remOut / 32U; i++) + { + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 64U - remOut + i * 32U, hbuf + i * 128U, 32U * sizeof (uint8_t)); + memcpy(b1 + 64U - remOut + i * 32U, hbuf + i * 128U + 32U, 32U * sizeof (uint8_t)); + memcpy(b2 + 64U - remOut + i * 32U, hbuf + i * 128U + 64U, 32U * sizeof (uint8_t)); + memcpy(b3 + 64U - remOut + i * 32U, hbuf + i * 128U + 96U, 32U * sizeof (uint8_t)); + } + uint32_t rem0 = remOut % 32U; + uint32_t j = remOut / 32U; + uint8_t *b3 = rb.snd.snd.snd; + uint8_t *b2 = rb.snd.snd.fst; + uint8_t *b1 = rb.snd.fst; + uint8_t *b0 = rb.fst; + memcpy(b0 + 64U - remOut + j * 32U, hbuf + j * 128U, rem0 * sizeof (uint8_t)); + memcpy(b1 + 64U - remOut + j * 32U, hbuf + j * 128U + 32U, rem0 * sizeof (uint8_t)); + memcpy(b2 + 64U - remOut + j * 32U, hbuf + j * 128U + 64U, rem0 * sizeof (uint8_t)); + memcpy(b3 + 64U - remOut + j * 32U, hbuf + j * 128U + 96U, rem0 * sizeof (uint8_t)); +} + From 10d8e36a12fb0254166297561d70163cb5698209 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 5 Dec 2023 09:48:13 +0100 Subject: [PATCH 03/15] use sha3-mb in kyber --- src/hacl/chacha20poly1305.rs | 171 -------------------------------- src/hacl/sha3.rs | 152 ++++++++++++++++++++++++++-- src/kem/kyber/hash_functions.rs | 49 +++++++-- src/kem/kyber/ind_cpa.rs | 7 +- sys/hacl/build.rs | 4 + sys/hacl/c/config/hacl256.h | 1 + sys/hacl/src/bindings.rs | 81 +++++++++++++++ 7 files changed, 277 insertions(+), 188 deletions(-) delete mode 100644 src/hacl/chacha20poly1305.rs diff --git a/src/hacl/chacha20poly1305.rs b/src/hacl/chacha20poly1305.rs deleted file mode 100644 index 114087acf..000000000 --- a/src/hacl/chacha20poly1305.rs +++ /dev/null @@ -1,171 +0,0 @@ -use libcrux_hacl::*; - -use crate::aead::*; -use libcrux_platform::{simd128_support, simd256_support}; - -#[cfg(simd256)] -fn encrypt_256(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: &Iv, aad: &[u8]) -> Tag { - log::trace!("HACL Chacha20Poly1305 Encrypt SIMD 256"); - let mut tag = Tag::default(); - unsafe { - Hacl_Chacha20Poly1305_256_aead_encrypt( - key.as_ptr() as _, - iv.as_ptr() as _, - aad.len() as u32, - aad.as_ptr() as _, - msg_ctxt.len() as u32, - msg_ctxt.as_ptr() as _, - msg_ctxt.as_mut_ptr(), - tag.as_mut_ptr(), - ); - } - tag -} - -/// Fallback when simd256 is detected at runtime but it wasn't compiled. -/// We try to fall back to simd128 in this case. -#[cfg(not(simd256))] -fn encrypt_256(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: &Iv, aad: &[u8]) -> Tag { - encrypt_128(key, msg_ctxt, iv, aad) -} - -#[cfg(simd128)] -fn encrypt_128(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: &Iv, aad: &[u8]) -> Tag { - log::trace!("HACL Chacha20Poly1305 Encrypt SIMD 128"); - let mut tag = Tag::default(); - unsafe { - Hacl_Chacha20Poly1305_128_aead_encrypt( - key.as_ptr() as _, - iv.as_ptr() as _, - aad.len() as u32, - aad.as_ptr() as _, - msg_ctxt.len() as u32, - msg_ctxt.as_ptr() as _, - msg_ctxt.as_mut_ptr(), - tag.as_mut_ptr(), - ); - } - tag -} - -/// Fallback when simd128 is detected at runtime but it wasn't compiled. -/// We try to fall back to portable in this case. -#[cfg(not(simd128))] -fn encrypt_128(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: &Iv, aad: &[u8]) -> Tag { - encrypt_32(key, msg_ctxt, iv, aad) -} - -fn encrypt_32(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: &Iv, aad: &[u8]) -> Tag { - log::trace!("HACL Chacha20Poly1305 Encrypt Portable"); - let mut tag = Tag::default(); - unsafe { - Hacl_Chacha20Poly1305_32_aead_encrypt( - key.as_ptr() as _, - iv.as_ptr() as _, - aad.len() as u32, - aad.as_ptr() as _, - msg_ctxt.len() as u32, - msg_ctxt.as_ptr() as _, - msg_ctxt.as_mut_ptr(), - tag.as_mut_ptr(), - ); - } - tag -} - -/// Encrypt -/// Returns `tag` -pub(crate) fn encrypt(key: &Chacha20Key, msg_ctxt: &mut [u8], iv: &Iv, aad: &[u8]) -> Tag { - if simd256_support() { - encrypt_256(key, msg_ctxt, iv, aad) - } else if simd128_support() { - encrypt_128(key, msg_ctxt, iv, aad) - } else { - encrypt_32(key, msg_ctxt, iv, aad) - } -} - -#[cfg(simd256)] -fn decrypt_256(key: &Chacha20Key, ctxt_msg: &mut [u8], iv: &Iv, aad: &[u8], tag: &Tag) -> u32 { - unsafe { - Hacl_Chacha20Poly1305_256_aead_decrypt( - key.as_ptr() as _, - iv.as_ptr() as _, - aad.len() as u32, - aad.as_ptr() as _, - ctxt_msg.len() as u32, - ctxt_msg.as_ptr() as _, - ctxt_msg.as_mut_ptr(), - tag.as_ptr() as _, - ) - } -} - -/// Fallback when simd256 is detected at runtime but it wasn't compiled. -/// We try to fall back to simd128 in this case. -#[cfg(not(simd256))] -fn decrypt_256(key: &Chacha20Key, ctxt_msg: &mut [u8], iv: &Iv, aad: &[u8], tag: &Tag) -> u32 { - decrypt_128(key, ctxt_msg, iv, aad, tag) -} - -#[cfg(simd128)] -fn decrypt_128(key: &Chacha20Key, ctxt_msg: &mut [u8], iv: &Iv, aad: &[u8], tag: &Tag) -> u32 { - unsafe { - Hacl_Chacha20Poly1305_128_aead_decrypt( - key.as_ptr() as _, - iv.as_ptr() as _, - aad.len() as u32, - aad.as_ptr() as _, - ctxt_msg.len() as u32, - ctxt_msg.as_ptr() as _, - ctxt_msg.as_mut_ptr(), - tag.as_ptr() as _, - ) - } -} - -/// Fallback when simd128 is detected at runtime but it wasn't compiled. -/// We try to fall back to portable in this case. -#[cfg(not(simd128))] -fn decrypt_128(key: &Chacha20Key, ctxt_msg: &mut [u8], iv: &Iv, aad: &[u8], tag: &Tag) -> u32 { - decrypt_32(key, ctxt_msg, iv, aad, tag) -} - -fn decrypt_32(key: &Chacha20Key, ctxt_msg: &mut [u8], iv: &Iv, aad: &[u8], tag: &Tag) -> u32 { - unsafe { - Hacl_Chacha20Poly1305_32_aead_decrypt( - key.as_ptr() as _, - iv.as_ptr() as _, - aad.len() as u32, - aad.as_ptr() as _, - ctxt_msg.len() as u32, - ctxt_msg.as_ptr() as _, - ctxt_msg.as_mut_ptr(), - tag.as_ptr() as _, - ) - } -} - -/// Decrypt -/// Returns error or `()`. -pub(crate) fn decrypt( - key: &Chacha20Key, - ctxt_msg: &mut [u8], - iv: &Iv, - aad: &[u8], - tag: &Tag, -) -> Result<(), &'static str> { - let r = if simd256_support() { - decrypt_256(key, ctxt_msg, iv, aad, tag) - } else if simd128_support() { - decrypt_128(key, ctxt_msg, iv, aad, tag) - } else { - decrypt_32(key, ctxt_msg, iv, aad, tag) - }; - if r != 0 { - Err("Decryption error") - } else { - Ok(()) - } -} - diff --git a/src/hacl/sha3.rs b/src/hacl/sha3.rs index d0aad0096..5b8b477da 100644 --- a/src/hacl/sha3.rs +++ b/src/hacl/sha3.rs @@ -6,7 +6,8 @@ use libcrux_hacl::{ }; /// SHA3 224 -pub fn sha224(payload: &[u8]) -> [u8; 28] { +#[inline(always)] +pub(crate) fn sha224(payload: &[u8]) -> [u8; 28] { let mut digest = [0u8; 28]; unsafe { Hacl_Hash_SHA3_sha3_224( @@ -19,7 +20,8 @@ pub fn sha224(payload: &[u8]) -> [u8; 28] { } /// SHA3 256 -pub fn sha256(payload: &[u8]) -> [u8; 32] { +#[inline(always)] +pub(crate) fn sha256(payload: &[u8]) -> [u8; 32] { let mut digest = [0u8; 32]; unsafe { Hacl_Hash_SHA3_sha3_256( @@ -32,7 +34,8 @@ pub fn sha256(payload: &[u8]) -> [u8; 32] { } /// SHA3 384 -pub fn sha384(payload: &[u8]) -> [u8; 48] { +#[inline(always)] +pub(crate) fn sha384(payload: &[u8]) -> [u8; 48] { let mut digest = [0u8; 48]; unsafe { Hacl_Hash_SHA3_sha3_384( @@ -45,7 +48,8 @@ pub fn sha384(payload: &[u8]) -> [u8; 48] { } /// SHA3 512 -pub fn sha512(payload: &[u8]) -> [u8; 64] { +#[inline(always)] +pub(crate) fn sha512(payload: &[u8]) -> [u8; 64] { let mut digest = [0u8; 64]; unsafe { Hacl_Hash_SHA3_sha3_512( @@ -58,7 +62,8 @@ pub fn sha512(payload: &[u8]) -> [u8; 64] { } /// SHAKE 128 -pub fn shake128(data: &[u8]) -> [u8; BYTES] { +#[inline(always)] +pub(crate) fn shake128(data: &[u8]) -> [u8; BYTES] { let mut out = [0u8; BYTES]; unsafe { Hacl_Hash_SHA3_shake128_hacl( @@ -75,7 +80,8 @@ pub fn shake128(data: &[u8]) -> [u8; BYTES] { /// /// Note that the output length `BYTES` must fit into 32 bit. If it is longer, /// the output will only return `u32::MAX` bytes. -pub fn shake256(data: &[u8]) -> [u8; BYTES] { +#[inline(always)] +pub(crate) fn shake256(data: &[u8]) -> [u8; BYTES] { let mut out = [0u8; BYTES]; unsafe { Hacl_Hash_SHA3_shake256_hacl( @@ -87,3 +93,137 @@ pub fn shake256(data: &[u8]) -> [u8; BYTES] { } out } + +#[cfg(simd256)] +pub mod simd256 { + use libcrux_hacl::{ + Hacl_SHA3_Vec256_sha3_224_vec256, Hacl_SHA3_Vec256_sha3_256_vec256, + Hacl_SHA3_Vec256_sha3_384_vec256, Hacl_SHA3_Vec256_sha3_512_vec256, + Hacl_SHA3_Vec256_shake128_vec256, Hacl_SHA3_Vec256_shake256_vec256, + }; + + macro_rules! impl_sha3_vec { + ($name:ident, $fun:expr, $out_len:literal) => { + #[inline(always)] + pub(crate) fn $name( + payload0: &[u8], + payload1: &[u8], + payload2: &[u8], + payload3: &[u8], + ) -> ( + [u8; $out_len], + [u8; $out_len], + [u8; $out_len], + [u8; $out_len], + ) { + let input_len = payload0.len(); + debug_assert!( + input_len == payload1.len() + && input_len == payload2.len() + && input_len == payload3.len() + && input_len <= u32::MAX as usize + ); + let mut digest0 = [0u8; $out_len]; + let mut digest1 = [0u8; $out_len]; + let mut digest2 = [0u8; $out_len]; + let mut digest3 = [0u8; $out_len]; + unsafe { + $fun( + input_len as u32, + payload0.as_ptr() as _, + payload1.as_ptr() as _, + payload2.as_ptr() as _, + payload3.as_ptr() as _, + digest0.as_mut_ptr(), + digest1.as_mut_ptr(), + digest2.as_mut_ptr(), + digest3.as_mut_ptr(), + ); + } + (digest0, digest1, digest2, digest3) + } + }; + } + + impl_sha3_vec!(sha224, Hacl_SHA3_Vec256_sha3_224_vec256, 28); + impl_sha3_vec!(sha256, Hacl_SHA3_Vec256_sha3_256_vec256, 32); + impl_sha3_vec!(sha384, Hacl_SHA3_Vec256_sha3_384_vec256, 48); + impl_sha3_vec!(sha512, Hacl_SHA3_Vec256_sha3_512_vec256, 64); + + /// SHAKE 128 + #[inline(always)] + pub(crate) fn shake128( + payload0: &[u8], + payload1: &[u8], + payload2: &[u8], + payload3: &[u8], + ) -> ([u8; BYTES], [u8; BYTES], [u8; BYTES], [u8; BYTES]) { + let input_len = payload0.len(); + debug_assert!( + input_len == payload1.len() + && input_len == payload2.len() + && input_len == payload3.len() + && input_len <= u32::MAX as usize + && BYTES <= u32::MAX as usize + ); + let mut digest0 = [0u8; BYTES]; + let mut digest1 = [0u8; BYTES]; + let mut digest2 = [0u8; BYTES]; + let mut digest3 = [0u8; BYTES]; + unsafe { + Hacl_SHA3_Vec256_shake128_vec256( + input_len as u32, + payload0.as_ptr() as _, + payload1.as_ptr() as _, + payload2.as_ptr() as _, + payload3.as_ptr() as _, + BYTES as u32, + digest0.as_mut_ptr(), + digest1.as_mut_ptr(), + digest2.as_mut_ptr(), + digest3.as_mut_ptr(), + ); + } + (digest0, digest1, digest2, digest3) + } + + /// SHAKE 256 + /// + /// Note that the output length `BYTES` must fit into 32 bit. If it is longer, + /// the output will only return `u32::MAX` bytes. + #[inline(always)] + pub(crate) fn shake256( + payload0: &[u8], + payload1: &[u8], + payload2: &[u8], + payload3: &[u8], + ) -> ([u8; BYTES], [u8; BYTES], [u8; BYTES], [u8; BYTES]) { + let input_len = payload0.len(); + debug_assert!( + input_len == payload1.len() + && input_len == payload2.len() + && input_len == payload3.len() + && input_len <= u32::MAX as usize + && BYTES <= u32::MAX as usize + ); + let mut digest0 = [0u8; BYTES]; + let mut digest1 = [0u8; BYTES]; + let mut digest2 = [0u8; BYTES]; + let mut digest3 = [0u8; BYTES]; + unsafe { + Hacl_SHA3_Vec256_shake256_vec256( + input_len as u32, + payload0.as_ptr() as _, + payload1.as_ptr() as _, + payload2.as_ptr() as _, + payload3.as_ptr() as _, + BYTES as u32, + digest0.as_mut_ptr(), + digest1.as_mut_ptr(), + digest2.as_mut_ptr(), + digest3.as_mut_ptr(), + ); + } + (digest0, digest1, digest2, digest3) + } +} diff --git a/src/kem/kyber/hash_functions.rs b/src/kem/kyber/hash_functions.rs index c86ac9553..8ce8d60df 100644 --- a/src/kem/kyber/hash_functions.rs +++ b/src/kem/kyber/hash_functions.rs @@ -2,7 +2,7 @@ use crate::digest::{self, digest_size, Algorithm}; -use super::constants::H_DIGEST_SIZE; +use super::constants::{H_DIGEST_SIZE, REJECTION_SAMPLING_SEED_SIZE}; pub(crate) fn G(input: &[u8]) -> [u8; digest_size(Algorithm::Sha3_512)] { crate::digest::sha3_512(input) @@ -19,10 +19,47 @@ pub(crate) fn PRF(input: &[u8]) -> [u8; LEN] { // At the moment, this function is just a stub, and does not actually implement // 4xKeccak. Implementation of 4xKeccak is being tracked in: // https://github.com/cryspen/libcrux/issues/102 -pub(crate) fn XOFx4(input: [[u8; 34]; K]) -> [[u8; LEN]; K] { - let mut out = [[0u8; LEN]; K]; - for i in 0..K { - out[i] = digest::shake128::(&input[i]); +#[inline(always)] +pub(crate) fn XOFx4( + input: [[u8; 34]; K], +) -> [[u8; REJECTION_SAMPLING_SEED_SIZE]; K] { + let mut out = [[0u8; REJECTION_SAMPLING_SEED_SIZE]; K]; + if cfg!(not(simd256)) { + for i in 0..K { + out[i] = digest::shake128::(&input[i]); + } + out + } else { + // Always do 4 SHA3 at a time even if we need less. + match K { + 2 => { + let (d0, d1, _, _) = crate::hacl::sha3::simd256::shake128::< + REJECTION_SAMPLING_SEED_SIZE, + >(&input[0], &input[1], &input[0], &input[1]); + out[0] = d0; + out[1] = d1; + out + } + 3 => { + let (d0, d1, d2, _) = crate::hacl::sha3::simd256::shake128::< + REJECTION_SAMPLING_SEED_SIZE, + >(&input[0], &input[1], &input[2], &input[0]); + out[0] = d0; + out[1] = d1; + out[2] = d2; + out + } + 4 => { + let (d0, d1, d2, d3) = crate::hacl::sha3::simd256::shake128::< + REJECTION_SAMPLING_SEED_SIZE, + >(&input[0], &input[1], &input[2], &input[3]); + out[0] = d0; + out[1] = d1; + out[2] = d2; + out[3] = d3; + out + } + _ => unreachable!(), + } } - out } diff --git a/src/kem/kyber/ind_cpa.rs b/src/kem/kyber/ind_cpa.rs index 9653b3cd2..8d7b9712b 100644 --- a/src/kem/kyber/ind_cpa.rs +++ b/src/kem/kyber/ind_cpa.rs @@ -1,9 +1,6 @@ use super::{ arithmetic::PolynomialRingElement, - constants::{ - BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, REJECTION_SAMPLING_SEED_SIZE, - SHARED_SECRET_SIZE, - }, + constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE}, conversions::into_padded_array, conversions::{UpdatableArray, UpdatingArray}, hash_functions::{XOFx4, G, H, PRF}, @@ -48,7 +45,7 @@ fn sample_matrix_A( seeds[j][32] = i as u8; seeds[j][33] = j as u8; } - let xof_bytes = XOFx4::(seeds); + let xof_bytes = XOFx4::(seeds); for j in 0..K { let (sampled, error) = sample_from_uniform_distribution(xof_bytes[j]); diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index aad0bbeff..74da1f5a5 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -109,6 +109,7 @@ fn create_bindings(platform: &Platform, home_dir: &Path) { .allowlist_function("Hacl_Curve25519.*") .allowlist_function("Hacl_Hash_SHA2.*") .allowlist_function("Hacl_Hash_.*") + .allowlist_function("Hacl_SHA3_.*") .allowlist_function("Hacl_Blake2.*") .allowlist_function("Hacl_HMAC_DRBG.*") .allowlist_function("Hacl_Ed25519.*") @@ -123,6 +124,7 @@ fn create_bindings(platform: &Platform, home_dir: &Path) { .allowlist_type("Hacl_HMAC_DRBG.*") .allowlist_type("Hacl_Streaming.*") .allowlist_type("Hacl_Hash_.*") + .allowlist_type("Hacl_SHA3_.*") .allowlist_var("Spec_.*") .allowlist_var("Hacl_Streaming.*") // XXX: These functions use uint128 in the API, which is not FFI safe @@ -229,6 +231,7 @@ fn build(platform: &Platform, home_path: &Path) { "Hacl_EC_K256.c", "Hacl_FFDHE.c", "Hacl_Hash_SHA3.c", + "Hacl_SHA3_Scalar.c", "Hacl_Hash_SHA1.c", "Hacl_Hash_MD5.c", "Hacl_HKDF.c", @@ -272,6 +275,7 @@ fn build(platform: &Platform, home_path: &Path) { "Hacl_MAC_Poly1305_Simd256.c", "Hacl_Chacha20_Vec256.c", "Hacl_SHA2_Vec256.c", + "Hacl_SHA3_Vec256.c", "Hacl_HKDF_Blake2b_256.c", "Hacl_HMAC_Blake2b_256.c", ]; diff --git a/sys/hacl/c/config/hacl256.h b/sys/hacl/c/config/hacl256.h index 6f3f5014a..bea7c0ff7 100644 --- a/sys/hacl/c/config/hacl256.h +++ b/sys/hacl/c/config/hacl256.h @@ -8,3 +8,4 @@ #include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" #include "Hacl_Hash_Blake2b_Simd256.h" +#include "Hacl_SHA3_Vec256.h" diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index 534f18be9..c8bb4a69a 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -1083,6 +1083,87 @@ extern "C" { key_len: u32, ); } +pub type Hacl_SHA3_Vec256_disjoint4_4 = *mut ::core::ffi::c_void; +extern "C" { + pub fn Hacl_SHA3_Vec256_shake128_vec256( + inputByteLen: u32, + input0: *mut u8, + input1: *mut u8, + input2: *mut u8, + input3: *mut u8, + outputByteLen: u32, + output0: *mut u8, + output1: *mut u8, + output2: *mut u8, + output3: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_Vec256_shake256_vec256( + inputByteLen: u32, + input0: *mut u8, + input1: *mut u8, + input2: *mut u8, + input3: *mut u8, + outputByteLen: u32, + output0: *mut u8, + output1: *mut u8, + output2: *mut u8, + output3: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_Vec256_sha3_224_vec256( + inputByteLen: u32, + input0: *mut u8, + input1: *mut u8, + input2: *mut u8, + input3: *mut u8, + output0: *mut u8, + output1: *mut u8, + output2: *mut u8, + output3: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_Vec256_sha3_256_vec256( + inputByteLen: u32, + input0: *mut u8, + input1: *mut u8, + input2: *mut u8, + input3: *mut u8, + output0: *mut u8, + output1: *mut u8, + output2: *mut u8, + output3: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_Vec256_sha3_384_vec256( + inputByteLen: u32, + input0: *mut u8, + input1: *mut u8, + input2: *mut u8, + input3: *mut u8, + output0: *mut u8, + output1: *mut u8, + output2: *mut u8, + output3: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_Vec256_sha3_512_vec256( + inputByteLen: u32, + input0: *mut u8, + input1: *mut u8, + input2: *mut u8, + input3: *mut u8, + output0: *mut u8, + output1: *mut u8, + output2: *mut u8, + output3: *mut u8, + ); +} extern "C" { pub fn EverCrypt_AutoConfig2_has_shaext() -> bool; } From 12b149f2878164f71d65a307b879e5e41cee7370 Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 12:42:25 -0500 Subject: [PATCH 04/15] Update HACL-sys package to 5a098da4c6580d36388a3a237e91cb3db259e20c --- sys/hacl/build.rs | 4 +--- sys/hacl/c/config/hacl256.h | 2 +- ..._SHA3_Scalar.h => Hacl_Hash_SHA3_Scalar.h} | 18 ++++++++--------- ...SHA3_Vec256.h => Hacl_Hash_SHA3_Simd256.h} | 20 +++++++++---------- .../Hacl_Hash_SHA3_Scalar.h} | 8 ++++---- ..._SHA3_Scalar.h => Hacl_Hash_SHA3_Scalar.h} | 18 ++++++++--------- ...SHA3_Vec256.h => Hacl_Hash_SHA3_Simd256.h} | 20 +++++++++---------- .../internal/Hacl_Hash_SHA3_Scalar.h} | 8 ++++---- ..._SHA3_Scalar.c => Hacl_Hash_SHA3_Scalar.c} | 14 ++++++------- ...SHA3_Vec256.c => Hacl_Hash_SHA3_Simd256.c} | 16 +++++++-------- ..._SHA3_Scalar.c => Hacl_Hash_SHA3_Scalar.c} | 14 ++++++------- ...SHA3_Vec256.c => Hacl_Hash_SHA3_Simd256.c} | 16 +++++++-------- 12 files changed, 76 insertions(+), 82 deletions(-) rename sys/hacl/c/include/{Hacl_SHA3_Scalar.h => Hacl_Hash_SHA3_Scalar.h} (74%) rename sys/hacl/c/include/{Hacl_SHA3_Vec256.h => Hacl_Hash_SHA3_Simd256.h} (89%) rename sys/hacl/c/include/{msvc/internal/Hacl_SHA3_Scalar.h => internal/Hacl_Hash_SHA3_Scalar.h} (90%) rename sys/hacl/c/include/msvc/{Hacl_SHA3_Scalar.h => Hacl_Hash_SHA3_Scalar.h} (74%) rename sys/hacl/c/include/msvc/{Hacl_SHA3_Vec256.h => Hacl_Hash_SHA3_Simd256.h} (89%) rename sys/hacl/c/include/{internal/Hacl_SHA3_Scalar.h => msvc/internal/Hacl_Hash_SHA3_Scalar.h} (90%) rename sys/hacl/c/src/{Hacl_SHA3_Scalar.c => Hacl_Hash_SHA3_Scalar.c} (99%) rename sys/hacl/c/src/{Hacl_SHA3_Vec256.c => Hacl_Hash_SHA3_Simd256.c} (99%) rename sys/hacl/c/src/msvc/{Hacl_SHA3_Scalar.c => Hacl_Hash_SHA3_Scalar.c} (99%) rename sys/hacl/c/src/msvc/{Hacl_SHA3_Vec256.c => Hacl_Hash_SHA3_Simd256.c} (99%) diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index 74da1f5a5..830738777 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -109,7 +109,6 @@ fn create_bindings(platform: &Platform, home_dir: &Path) { .allowlist_function("Hacl_Curve25519.*") .allowlist_function("Hacl_Hash_SHA2.*") .allowlist_function("Hacl_Hash_.*") - .allowlist_function("Hacl_SHA3_.*") .allowlist_function("Hacl_Blake2.*") .allowlist_function("Hacl_HMAC_DRBG.*") .allowlist_function("Hacl_Ed25519.*") @@ -124,7 +123,6 @@ fn create_bindings(platform: &Platform, home_dir: &Path) { .allowlist_type("Hacl_HMAC_DRBG.*") .allowlist_type("Hacl_Streaming.*") .allowlist_type("Hacl_Hash_.*") - .allowlist_type("Hacl_SHA3_.*") .allowlist_var("Spec_.*") .allowlist_var("Hacl_Streaming.*") // XXX: These functions use uint128 in the API, which is not FFI safe @@ -231,7 +229,7 @@ fn build(platform: &Platform, home_path: &Path) { "Hacl_EC_K256.c", "Hacl_FFDHE.c", "Hacl_Hash_SHA3.c", - "Hacl_SHA3_Scalar.c", + "Hacl_Hash_SHA3_Scalar.c", "Hacl_Hash_SHA1.c", "Hacl_Hash_MD5.c", "Hacl_HKDF.c", diff --git a/sys/hacl/c/config/hacl256.h b/sys/hacl/c/config/hacl256.h index bea7c0ff7..54afce736 100644 --- a/sys/hacl/c/config/hacl256.h +++ b/sys/hacl/c/config/hacl256.h @@ -8,4 +8,4 @@ #include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" #include "Hacl_Hash_Blake2b_Simd256.h" -#include "Hacl_SHA3_Vec256.h" +#include "Hacl_Hash_SHA3_Vec256.h" diff --git a/sys/hacl/c/include/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/Hacl_Hash_SHA3_Scalar.h similarity index 74% rename from sys/hacl/c/include/Hacl_SHA3_Scalar.h rename to sys/hacl/c/include/Hacl_Hash_SHA3_Scalar.h index dabab10be..e49f1967b 100644 --- a/sys/hacl/c/include/Hacl_SHA3_Scalar.h +++ b/sys/hacl/c/include/Hacl_Hash_SHA3_Scalar.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_SHA3_Scalar_H -#define __Hacl_SHA3_Scalar_H +#ifndef __Hacl_Hash_SHA3_Scalar_H +#define __Hacl_Hash_SHA3_Scalar_H #if defined(__cplusplus) extern "C" { @@ -36,7 +36,7 @@ extern "C" { #include "krml/internal/target.h" void -Hacl_SHA3_Scalar_shake128_hacl( +Hacl_Hash_SHA3_Scalar_shake128( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -44,24 +44,24 @@ Hacl_SHA3_Scalar_shake128_hacl( ); void -Hacl_SHA3_Scalar_shake256_hacl( +Hacl_Hash_SHA3_Scalar_shake256( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, uint8_t *output ); -void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); -void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); -void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); -void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); #if defined(__cplusplus) } #endif -#define __Hacl_SHA3_Scalar_H_DEFINED +#define __Hacl_Hash_SHA3_Scalar_H_DEFINED #endif diff --git a/sys/hacl/c/include/Hacl_SHA3_Vec256.h b/sys/hacl/c/include/Hacl_Hash_SHA3_Simd256.h similarity index 89% rename from sys/hacl/c/include/Hacl_SHA3_Vec256.h rename to sys/hacl/c/include/Hacl_Hash_SHA3_Simd256.h index 695d66776..3dd3772dd 100644 --- a/sys/hacl/c/include/Hacl_SHA3_Vec256.h +++ b/sys/hacl/c/include/Hacl_Hash_SHA3_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_SHA3_Vec256_H -#define __Hacl_SHA3_Vec256_H +#ifndef __Hacl_Hash_SHA3_Simd256_H +#define __Hacl_Hash_SHA3_Simd256_H #if defined(__cplusplus) extern "C" { @@ -35,8 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -typedef void *Hacl_SHA3_Vec256_disjoint4_4; - typedef struct K____uint8_t___uint8_t__s { uint8_t *fst; @@ -59,7 +57,7 @@ typedef struct K____uint8_t___uint8_t____K____uint8_t___uint8_t__s K____uint8_t___uint8_t____K____uint8_t___uint8_t_; void -Hacl_SHA3_Vec256_shake128_vec256( +Hacl_Hash_SHA3_Simd256_shake128( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -73,7 +71,7 @@ Hacl_SHA3_Vec256_shake128_vec256( ); void -Hacl_SHA3_Vec256_shake256_vec256( +Hacl_Hash_SHA3_Simd256_shake256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -87,7 +85,7 @@ Hacl_SHA3_Vec256_shake256_vec256( ); void -Hacl_SHA3_Vec256_sha3_224_vec256( +Hacl_Hash_SHA3_Simd256_sha3_224( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -100,7 +98,7 @@ Hacl_SHA3_Vec256_sha3_224_vec256( ); void -Hacl_SHA3_Vec256_sha3_256_vec256( +Hacl_Hash_SHA3_Simd256_sha3_256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -113,7 +111,7 @@ Hacl_SHA3_Vec256_sha3_256_vec256( ); void -Hacl_SHA3_Vec256_sha3_384_vec256( +Hacl_Hash_SHA3_Simd256_sha3_384( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -126,7 +124,7 @@ Hacl_SHA3_Vec256_sha3_384_vec256( ); void -Hacl_SHA3_Vec256_sha3_512_vec256( +Hacl_Hash_SHA3_Simd256_sha3_512( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -142,5 +140,5 @@ Hacl_SHA3_Vec256_sha3_512_vec256( } #endif -#define __Hacl_SHA3_Vec256_H_DEFINED +#define __Hacl_Hash_SHA3_Simd256_H_DEFINED #endif diff --git a/sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/internal/Hacl_Hash_SHA3_Scalar.h similarity index 90% rename from sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h rename to sys/hacl/c/include/internal/Hacl_Hash_SHA3_Scalar.h index 6d1296823..88c93d178 100644 --- a/sys/hacl/c/include/msvc/internal/Hacl_SHA3_Scalar.h +++ b/sys/hacl/c/include/internal/Hacl_Hash_SHA3_Scalar.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_SHA3_Scalar_H -#define __internal_Hacl_SHA3_Scalar_H +#ifndef __internal_Hacl_Hash_SHA3_Scalar_H +#define __internal_Hacl_Hash_SHA3_Scalar_H #if defined(__cplusplus) extern "C" { @@ -35,7 +35,7 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "../Hacl_SHA3_Scalar.h" +#include "../Hacl_Hash_SHA3_Scalar.h" extern const uint32_t Hacl_Impl_SHA3_Vec_keccak_rotc[24U]; @@ -47,5 +47,5 @@ extern const uint64_t Hacl_Impl_SHA3_Vec_keccak_rndc[24U]; } #endif -#define __internal_Hacl_SHA3_Scalar_H_DEFINED +#define __internal_Hacl_Hash_SHA3_Scalar_H_DEFINED #endif diff --git a/sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/msvc/Hacl_Hash_SHA3_Scalar.h similarity index 74% rename from sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h rename to sys/hacl/c/include/msvc/Hacl_Hash_SHA3_Scalar.h index dabab10be..e49f1967b 100644 --- a/sys/hacl/c/include/msvc/Hacl_SHA3_Scalar.h +++ b/sys/hacl/c/include/msvc/Hacl_Hash_SHA3_Scalar.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_SHA3_Scalar_H -#define __Hacl_SHA3_Scalar_H +#ifndef __Hacl_Hash_SHA3_Scalar_H +#define __Hacl_Hash_SHA3_Scalar_H #if defined(__cplusplus) extern "C" { @@ -36,7 +36,7 @@ extern "C" { #include "krml/internal/target.h" void -Hacl_SHA3_Scalar_shake128_hacl( +Hacl_Hash_SHA3_Scalar_shake128( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -44,24 +44,24 @@ Hacl_SHA3_Scalar_shake128_hacl( ); void -Hacl_SHA3_Scalar_shake256_hacl( +Hacl_Hash_SHA3_Scalar_shake256( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, uint8_t *output ); -void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); -void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); -void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); -void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); #if defined(__cplusplus) } #endif -#define __Hacl_SHA3_Scalar_H_DEFINED +#define __Hacl_Hash_SHA3_Scalar_H_DEFINED #endif diff --git a/sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h b/sys/hacl/c/include/msvc/Hacl_Hash_SHA3_Simd256.h similarity index 89% rename from sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h rename to sys/hacl/c/include/msvc/Hacl_Hash_SHA3_Simd256.h index 695d66776..3dd3772dd 100644 --- a/sys/hacl/c/include/msvc/Hacl_SHA3_Vec256.h +++ b/sys/hacl/c/include/msvc/Hacl_Hash_SHA3_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_SHA3_Vec256_H -#define __Hacl_SHA3_Vec256_H +#ifndef __Hacl_Hash_SHA3_Simd256_H +#define __Hacl_Hash_SHA3_Simd256_H #if defined(__cplusplus) extern "C" { @@ -35,8 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -typedef void *Hacl_SHA3_Vec256_disjoint4_4; - typedef struct K____uint8_t___uint8_t__s { uint8_t *fst; @@ -59,7 +57,7 @@ typedef struct K____uint8_t___uint8_t____K____uint8_t___uint8_t__s K____uint8_t___uint8_t____K____uint8_t___uint8_t_; void -Hacl_SHA3_Vec256_shake128_vec256( +Hacl_Hash_SHA3_Simd256_shake128( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -73,7 +71,7 @@ Hacl_SHA3_Vec256_shake128_vec256( ); void -Hacl_SHA3_Vec256_shake256_vec256( +Hacl_Hash_SHA3_Simd256_shake256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -87,7 +85,7 @@ Hacl_SHA3_Vec256_shake256_vec256( ); void -Hacl_SHA3_Vec256_sha3_224_vec256( +Hacl_Hash_SHA3_Simd256_sha3_224( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -100,7 +98,7 @@ Hacl_SHA3_Vec256_sha3_224_vec256( ); void -Hacl_SHA3_Vec256_sha3_256_vec256( +Hacl_Hash_SHA3_Simd256_sha3_256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -113,7 +111,7 @@ Hacl_SHA3_Vec256_sha3_256_vec256( ); void -Hacl_SHA3_Vec256_sha3_384_vec256( +Hacl_Hash_SHA3_Simd256_sha3_384( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -126,7 +124,7 @@ Hacl_SHA3_Vec256_sha3_384_vec256( ); void -Hacl_SHA3_Vec256_sha3_512_vec256( +Hacl_Hash_SHA3_Simd256_sha3_512( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -142,5 +140,5 @@ Hacl_SHA3_Vec256_sha3_512_vec256( } #endif -#define __Hacl_SHA3_Vec256_H_DEFINED +#define __Hacl_Hash_SHA3_Simd256_H_DEFINED #endif diff --git a/sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h b/sys/hacl/c/include/msvc/internal/Hacl_Hash_SHA3_Scalar.h similarity index 90% rename from sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h rename to sys/hacl/c/include/msvc/internal/Hacl_Hash_SHA3_Scalar.h index 6d1296823..88c93d178 100644 --- a/sys/hacl/c/include/internal/Hacl_SHA3_Scalar.h +++ b/sys/hacl/c/include/msvc/internal/Hacl_Hash_SHA3_Scalar.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_SHA3_Scalar_H -#define __internal_Hacl_SHA3_Scalar_H +#ifndef __internal_Hacl_Hash_SHA3_Scalar_H +#define __internal_Hacl_Hash_SHA3_Scalar_H #if defined(__cplusplus) extern "C" { @@ -35,7 +35,7 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "../Hacl_SHA3_Scalar.h" +#include "../Hacl_Hash_SHA3_Scalar.h" extern const uint32_t Hacl_Impl_SHA3_Vec_keccak_rotc[24U]; @@ -47,5 +47,5 @@ extern const uint64_t Hacl_Impl_SHA3_Vec_keccak_rndc[24U]; } #endif -#define __internal_Hacl_SHA3_Scalar_H_DEFINED +#define __internal_Hacl_Hash_SHA3_Scalar_H_DEFINED #endif diff --git a/sys/hacl/c/src/Hacl_SHA3_Scalar.c b/sys/hacl/c/src/Hacl_Hash_SHA3_Scalar.c similarity index 99% rename from sys/hacl/c/src/Hacl_SHA3_Scalar.c rename to sys/hacl/c/src/Hacl_Hash_SHA3_Scalar.c index da368dab9..43d574827 100644 --- a/sys/hacl/c/src/Hacl_SHA3_Scalar.c +++ b/sys/hacl/c/src/Hacl_Hash_SHA3_Scalar.c @@ -23,7 +23,7 @@ */ -#include "internal/Hacl_SHA3_Scalar.h" +#include "internal/Hacl_Hash_SHA3_Scalar.h" const uint32_t @@ -54,7 +54,7 @@ Hacl_Impl_SHA3_Vec_keccak_rndc[24U] = }; void -Hacl_SHA3_Scalar_shake128_hacl( +Hacl_Hash_SHA3_Scalar_shake128( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -446,7 +446,7 @@ Hacl_SHA3_Scalar_shake128_hacl( } void -Hacl_SHA3_Scalar_shake256_hacl( +Hacl_Hash_SHA3_Scalar_shake256( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -837,7 +837,7 @@ Hacl_SHA3_Scalar_shake256_hacl( memcpy(output + outputByteLen - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 144U; uint64_t s[25U] = { 0U }; @@ -1223,7 +1223,7 @@ void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *o memcpy(output + 28U - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 136U; uint64_t s[25U] = { 0U }; @@ -1609,7 +1609,7 @@ void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *o memcpy(output + 32U - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 104U; uint64_t s[25U] = { 0U }; @@ -1995,7 +1995,7 @@ void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *o memcpy(output + 48U - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 72U; uint64_t s[25U] = { 0U }; diff --git a/sys/hacl/c/src/Hacl_SHA3_Vec256.c b/sys/hacl/c/src/Hacl_Hash_SHA3_Simd256.c similarity index 99% rename from sys/hacl/c/src/Hacl_SHA3_Vec256.c rename to sys/hacl/c/src/Hacl_Hash_SHA3_Simd256.c index 739a56eb9..b9bfcee59 100644 --- a/sys/hacl/c/src/Hacl_SHA3_Vec256.c +++ b/sys/hacl/c/src/Hacl_Hash_SHA3_Simd256.c @@ -23,13 +23,13 @@ */ -#include "Hacl_SHA3_Vec256.h" +#include "Hacl_Hash_SHA3_Simd256.h" -#include "internal/Hacl_SHA3_Scalar.h" +#include "internal/Hacl_Hash_SHA3_Scalar.h" #include "libintvector.h" void -Hacl_SHA3_Vec256_shake128_vec256( +Hacl_Hash_SHA3_Simd256_shake128( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -1704,7 +1704,7 @@ Hacl_SHA3_Vec256_shake128_vec256( } void -Hacl_SHA3_Vec256_shake256_vec256( +Hacl_Hash_SHA3_Simd256_shake256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -3379,7 +3379,7 @@ Hacl_SHA3_Vec256_shake256_vec256( } void -Hacl_SHA3_Vec256_sha3_224_vec256( +Hacl_Hash_SHA3_Simd256_sha3_224( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -5053,7 +5053,7 @@ Hacl_SHA3_Vec256_sha3_224_vec256( } void -Hacl_SHA3_Vec256_sha3_256_vec256( +Hacl_Hash_SHA3_Simd256_sha3_256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -6727,7 +6727,7 @@ Hacl_SHA3_Vec256_sha3_256_vec256( } void -Hacl_SHA3_Vec256_sha3_384_vec256( +Hacl_Hash_SHA3_Simd256_sha3_384( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -8401,7 +8401,7 @@ Hacl_SHA3_Vec256_sha3_384_vec256( } void -Hacl_SHA3_Vec256_sha3_512_vec256( +Hacl_Hash_SHA3_Simd256_sha3_512( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, diff --git a/sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c b/sys/hacl/c/src/msvc/Hacl_Hash_SHA3_Scalar.c similarity index 99% rename from sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c rename to sys/hacl/c/src/msvc/Hacl_Hash_SHA3_Scalar.c index da368dab9..43d574827 100644 --- a/sys/hacl/c/src/msvc/Hacl_SHA3_Scalar.c +++ b/sys/hacl/c/src/msvc/Hacl_Hash_SHA3_Scalar.c @@ -23,7 +23,7 @@ */ -#include "internal/Hacl_SHA3_Scalar.h" +#include "internal/Hacl_Hash_SHA3_Scalar.h" const uint32_t @@ -54,7 +54,7 @@ Hacl_Impl_SHA3_Vec_keccak_rndc[24U] = }; void -Hacl_SHA3_Scalar_shake128_hacl( +Hacl_Hash_SHA3_Scalar_shake128( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -446,7 +446,7 @@ Hacl_SHA3_Scalar_shake128_hacl( } void -Hacl_SHA3_Scalar_shake256_hacl( +Hacl_Hash_SHA3_Scalar_shake256( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -837,7 +837,7 @@ Hacl_SHA3_Scalar_shake256_hacl( memcpy(output + outputByteLen - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 144U; uint64_t s[25U] = { 0U }; @@ -1223,7 +1223,7 @@ void Hacl_SHA3_Scalar_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *o memcpy(output + 28U - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 136U; uint64_t s[25U] = { 0U }; @@ -1609,7 +1609,7 @@ void Hacl_SHA3_Scalar_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *o memcpy(output + 32U - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 104U; uint64_t s[25U] = { 0U }; @@ -1995,7 +1995,7 @@ void Hacl_SHA3_Scalar_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *o memcpy(output + 48U - remOut, hbuf, remOut * sizeof (uint8_t)); } -void Hacl_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +void Hacl_Hash_SHA3_Scalar_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) { uint32_t rateInBytes = 72U; uint64_t s[25U] = { 0U }; diff --git a/sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c b/sys/hacl/c/src/msvc/Hacl_Hash_SHA3_Simd256.c similarity index 99% rename from sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c rename to sys/hacl/c/src/msvc/Hacl_Hash_SHA3_Simd256.c index 739a56eb9..b9bfcee59 100644 --- a/sys/hacl/c/src/msvc/Hacl_SHA3_Vec256.c +++ b/sys/hacl/c/src/msvc/Hacl_Hash_SHA3_Simd256.c @@ -23,13 +23,13 @@ */ -#include "Hacl_SHA3_Vec256.h" +#include "Hacl_Hash_SHA3_Simd256.h" -#include "internal/Hacl_SHA3_Scalar.h" +#include "internal/Hacl_Hash_SHA3_Scalar.h" #include "libintvector.h" void -Hacl_SHA3_Vec256_shake128_vec256( +Hacl_Hash_SHA3_Simd256_shake128( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -1704,7 +1704,7 @@ Hacl_SHA3_Vec256_shake128_vec256( } void -Hacl_SHA3_Vec256_shake256_vec256( +Hacl_Hash_SHA3_Simd256_shake256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -3379,7 +3379,7 @@ Hacl_SHA3_Vec256_shake256_vec256( } void -Hacl_SHA3_Vec256_sha3_224_vec256( +Hacl_Hash_SHA3_Simd256_sha3_224( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -5053,7 +5053,7 @@ Hacl_SHA3_Vec256_sha3_224_vec256( } void -Hacl_SHA3_Vec256_sha3_256_vec256( +Hacl_Hash_SHA3_Simd256_sha3_256( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -6727,7 +6727,7 @@ Hacl_SHA3_Vec256_sha3_256_vec256( } void -Hacl_SHA3_Vec256_sha3_384_vec256( +Hacl_Hash_SHA3_Simd256_sha3_384( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, @@ -8401,7 +8401,7 @@ Hacl_SHA3_Vec256_sha3_384_vec256( } void -Hacl_SHA3_Vec256_sha3_512_vec256( +Hacl_Hash_SHA3_Simd256_sha3_512( uint32_t inputByteLen, uint8_t *input0, uint8_t *input1, From b55aeb89961852db5b5fe0e8d6f9b136fbb6d83f Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 12:56:55 -0500 Subject: [PATCH 05/15] Fixed build issues in HACL crate. --- sys/hacl/build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index 830738777..592de685c 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -273,7 +273,7 @@ fn build(platform: &Platform, home_path: &Path) { "Hacl_MAC_Poly1305_Simd256.c", "Hacl_Chacha20_Vec256.c", "Hacl_SHA2_Vec256.c", - "Hacl_SHA3_Vec256.c", + "Hacl_Hash_SHA3_Simd256.c", "Hacl_HKDF_Blake2b_256.c", "Hacl_HMAC_Blake2b_256.c", ]; From 1b1c1377b0f5ce089bff78803dd42a874f565e8c Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 13:48:01 -0500 Subject: [PATCH 06/15] Fixed build on x84-64 systems. --- src/hacl/sha3.rs | 18 +++++++++--------- src/kem/kyber/hash_functions.rs | 3 --- sys/hacl/c/config/hacl256.h | 2 +- sys/hacl/src/bindings.rs | 13 ++++++------- 4 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/hacl/sha3.rs b/src/hacl/sha3.rs index 5b8b477da..5ceb62502 100644 --- a/src/hacl/sha3.rs +++ b/src/hacl/sha3.rs @@ -97,9 +97,9 @@ pub(crate) fn shake256(data: &[u8]) -> [u8; BYTES] { #[cfg(simd256)] pub mod simd256 { use libcrux_hacl::{ - Hacl_SHA3_Vec256_sha3_224_vec256, Hacl_SHA3_Vec256_sha3_256_vec256, - Hacl_SHA3_Vec256_sha3_384_vec256, Hacl_SHA3_Vec256_sha3_512_vec256, - Hacl_SHA3_Vec256_shake128_vec256, Hacl_SHA3_Vec256_shake256_vec256, + Hacl_Hash_SHA3_Simd256_sha3_224, Hacl_Hash_SHA3_Simd256_sha3_256, + Hacl_Hash_SHA3_Simd256_sha3_384, Hacl_Hash_SHA3_Simd256_sha3_512, + Hacl_Hash_SHA3_Simd256_shake128, Hacl_Hash_SHA3_Simd256_shake256, }; macro_rules! impl_sha3_vec { @@ -145,10 +145,10 @@ pub mod simd256 { }; } - impl_sha3_vec!(sha224, Hacl_SHA3_Vec256_sha3_224_vec256, 28); - impl_sha3_vec!(sha256, Hacl_SHA3_Vec256_sha3_256_vec256, 32); - impl_sha3_vec!(sha384, Hacl_SHA3_Vec256_sha3_384_vec256, 48); - impl_sha3_vec!(sha512, Hacl_SHA3_Vec256_sha3_512_vec256, 64); + impl_sha3_vec!(sha224, Hacl_Hash_SHA3_Simd256_sha3_224, 28); + impl_sha3_vec!(sha256, Hacl_Hash_SHA3_Simd256_sha3_256, 32); + impl_sha3_vec!(sha384, Hacl_Hash_SHA3_Simd256_sha3_384, 48); + impl_sha3_vec!(sha512, Hacl_Hash_SHA3_Simd256_sha3_512, 64); /// SHAKE 128 #[inline(always)] @@ -171,7 +171,7 @@ pub mod simd256 { let mut digest2 = [0u8; BYTES]; let mut digest3 = [0u8; BYTES]; unsafe { - Hacl_SHA3_Vec256_shake128_vec256( + Hacl_Hash_SHA3_Simd256_shake128( input_len as u32, payload0.as_ptr() as _, payload1.as_ptr() as _, @@ -211,7 +211,7 @@ pub mod simd256 { let mut digest2 = [0u8; BYTES]; let mut digest3 = [0u8; BYTES]; unsafe { - Hacl_SHA3_Vec256_shake256_vec256( + Hacl_Hash_SHA3_Simd256_shake256( input_len as u32, payload0.as_ptr() as _, payload1.as_ptr() as _, diff --git a/src/kem/kyber/hash_functions.rs b/src/kem/kyber/hash_functions.rs index 8ce8d60df..ab20f6a5c 100644 --- a/src/kem/kyber/hash_functions.rs +++ b/src/kem/kyber/hash_functions.rs @@ -16,9 +16,6 @@ pub(crate) fn PRF(input: &[u8]) -> [u8; LEN] { digest::shake256::(input) } -// At the moment, this function is just a stub, and does not actually implement -// 4xKeccak. Implementation of 4xKeccak is being tracked in: -// https://github.com/cryspen/libcrux/issues/102 #[inline(always)] pub(crate) fn XOFx4( input: [[u8; 34]; K], diff --git a/sys/hacl/c/config/hacl256.h b/sys/hacl/c/config/hacl256.h index 54afce736..a28c05e49 100644 --- a/sys/hacl/c/config/hacl256.h +++ b/sys/hacl/c/config/hacl256.h @@ -8,4 +8,4 @@ #include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" #include "Hacl_Hash_Blake2b_Simd256.h" -#include "Hacl_Hash_SHA3_Vec256.h" +#include "Hacl_Hash_SHA3_Simd256.h" diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index c8bb4a69a..612ea3284 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -1083,9 +1083,8 @@ extern "C" { key_len: u32, ); } -pub type Hacl_SHA3_Vec256_disjoint4_4 = *mut ::core::ffi::c_void; extern "C" { - pub fn Hacl_SHA3_Vec256_shake128_vec256( + pub fn Hacl_Hash_SHA3_Simd256_shake128( inputByteLen: u32, input0: *mut u8, input1: *mut u8, @@ -1099,7 +1098,7 @@ extern "C" { ); } extern "C" { - pub fn Hacl_SHA3_Vec256_shake256_vec256( + pub fn Hacl_Hash_SHA3_Simd256_shake256( inputByteLen: u32, input0: *mut u8, input1: *mut u8, @@ -1113,7 +1112,7 @@ extern "C" { ); } extern "C" { - pub fn Hacl_SHA3_Vec256_sha3_224_vec256( + pub fn Hacl_Hash_SHA3_Simd256_sha3_224( inputByteLen: u32, input0: *mut u8, input1: *mut u8, @@ -1126,7 +1125,7 @@ extern "C" { ); } extern "C" { - pub fn Hacl_SHA3_Vec256_sha3_256_vec256( + pub fn Hacl_Hash_SHA3_Simd256_sha3_256( inputByteLen: u32, input0: *mut u8, input1: *mut u8, @@ -1139,7 +1138,7 @@ extern "C" { ); } extern "C" { - pub fn Hacl_SHA3_Vec256_sha3_384_vec256( + pub fn Hacl_Hash_SHA3_Simd256_sha3_384( inputByteLen: u32, input0: *mut u8, input1: *mut u8, @@ -1152,7 +1151,7 @@ extern "C" { ); } extern "C" { - pub fn Hacl_SHA3_Vec256_sha3_512_vec256( + pub fn Hacl_Hash_SHA3_Simd256_sha3_512( inputByteLen: u32, input0: *mut u8, input1: *mut u8, From a9191c7a5cbcc140780492723fedd324d67beae6 Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 14:08:54 -0500 Subject: [PATCH 07/15] Make XOFx4 conditional at compile time. --- .../Libcrux.Kem.Kyber.Hash_functions.fst | 18 +++++++++--------- .../extraction/Libcrux.Kem.Kyber.Ind_cpa.fst | 2 +- src/kem/kyber/hash_functions.rs | 9 +++++++-- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst index cf4ab6f5e..a9d7f78b8 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst @@ -10,12 +10,12 @@ let v_H (input: t_Slice u8) : t_Array u8 (sz 32) = Libcrux.Digest.sha3_256_ inpu let v_PRF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake256 v_LEN input -let v_XOFx4 (v_LEN v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) - : t_Array (t_Array u8 v_LEN) v_K = - let out:t_Array (t_Array u8 v_LEN) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K +let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) + : t_Array (t_Array u8 (sz 840)) v_K = + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K in - let out:t_Array (t_Array u8 v_LEN) v_K = + let out:t_Array (t_Array u8 (sz 840)) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K @@ -26,15 +26,15 @@ let v_XOFx4 (v_LEN v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) Core.Ops.Range.t_Range usize) out (fun out i -> - let out:t_Array (t_Array u8 v_LEN) v_K = out in + let out:t_Array (t_Array u8 (sz 840)) v_K = out in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i - (Libcrux.Digest.shake128 v_LEN + (Libcrux.Digest.shake128 (sz 840) (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) <: - t_Array u8 v_LEN) + t_Array u8 (sz 840)) <: - t_Array (t_Array u8 v_LEN) v_K) + t_Array (t_Array u8 (sz 840)) v_K) in out diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst index f91e30e47..ae02b414c 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst @@ -164,7 +164,7 @@ let sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) seeds) in let xof_bytes:t_Array (t_Array u8 (sz 840)) v_K = - Libcrux.Kem.Kyber.Hash_functions.v_XOFx4 (sz 840) v_K seeds + Libcrux.Kem.Kyber.Hash_functions.v_XOFx4 v_K seeds in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; diff --git a/src/kem/kyber/hash_functions.rs b/src/kem/kyber/hash_functions.rs index ab20f6a5c..490c8c59d 100644 --- a/src/kem/kyber/hash_functions.rs +++ b/src/kem/kyber/hash_functions.rs @@ -21,12 +21,17 @@ pub(crate) fn XOFx4( input: [[u8; 34]; K], ) -> [[u8; REJECTION_SAMPLING_SEED_SIZE]; K] { let mut out = [[0u8; REJECTION_SAMPLING_SEED_SIZE]; K]; - if cfg!(not(simd256)) { + + #[cfg(not(simd256))] + { for i in 0..K { out[i] = digest::shake128::(&input[i]); } out - } else { + } + + #[cfg(simd256)] + { // Always do 4 SHA3 at a time even if we need less. match K { 2 => { From 7fdfd26ed98698df1b80160786a3bb3d2c4e40c2 Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 14:52:12 -0500 Subject: [PATCH 08/15] Update libcrux dependency in Kyber specification. --- specs/kyber/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/kyber/Cargo.toml b/specs/kyber/Cargo.toml index c03b0e028..63d3458c5 100644 --- a/specs/kyber/Cargo.toml +++ b/specs/kyber/Cargo.toml @@ -4,7 +4,7 @@ version = "0.1.0" edition = "2021" [dependencies] -libcrux = { version = "=0.0.2-pre.1", path = "../../" } +libcrux = { version = "=0.0.2-pre.2", path = "../../" } hacspec-lib = { version = "0.0.1", path = "../hacspec-lib" } [dev-dependencies] From a676463057d984b081ea57a5d7fdf2a22f82650e Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 14:55:22 -0500 Subject: [PATCH 09/15] Update specification extraction. --- .../extraction/Hacspec_kyber.Compress.fst | 78 +- .../extraction/Hacspec_kyber.Ind_cpa.fst | 1043 ++++++++++------- .../fstar/extraction/Hacspec_kyber.Matrix.fst | 176 ++- .../fstar/extraction/Hacspec_kyber.Ntt.fst | 390 +++--- ...acspec_kyber.Parameters.Hash_functions.fst | 16 +- .../extraction/Hacspec_kyber.Parameters.fst | 27 +- .../extraction/Hacspec_kyber.Sampling.fst | 223 ++-- .../extraction/Hacspec_kyber.Serialize.fst | 202 ++-- .../proofs/fstar/extraction/Hacspec_kyber.fst | 286 +++-- 9 files changed, 1530 insertions(+), 911 deletions(-) diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Compress.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Compress.fst index bd0da33fb..521f35314 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Compress.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Compress.fst @@ -1,23 +1,29 @@ module Hacspec_kyber.Compress #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core +open FStar.Mul + +let decompress_d (fe: Hacspec_lib.Field.t_PrimeFieldElement 3329us) (to_bit_size: usize) + : Hacspec_lib.Field.t_PrimeFieldElement 3329us = + let _:Prims.unit = + if ~.(to_bit_size <=. Hacspec_kyber.Parameters.v_BITS_PER_COEFFICIENT <: bool) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: to_bit_size <= parameters::BITS_PER_COEFFICIENT" -let compress - (re: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - (bits_per_compressed_coefficient: usize) - : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - Hacspec_lib.Ring.impl_2__new (Core.Array.impl_23__map (Hacspec_lib.Ring.impl_2__coefficients re <: - t_Array (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) - (fun coefficient -> - compress_d coefficient bits_per_compressed_coefficient - <: - Hacspec_lib.Field.t_PrimeFieldElement 3329us) + Rust_primitives.Hax.t_Never) + in + let decompressed:u32 = + (((2ul *! (Core.Convert.f_from fe.Hacspec_lib.Field.f_value <: u32) <: u32) *! + (Core.Convert.f_from Hacspec_lib.Field.impl_2__MODULUS_1 <: u32) + <: + u32) +! + (1ul <>! + (to_bit_size +! sz 1 <: usize) + in + Core.Convert.f_into decompressed let decompress (re: @@ -26,10 +32,13 @@ let decompress (bits_per_compressed_coefficient: usize) : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Hacspec_lib.Ring.impl_2__new (Core.Array.impl_23__map (Hacspec_lib.Ring.impl_2__coefficients re + Hacspec_lib.Ring.impl_2__new (sz 256) + (Core.Array.impl_23__map (sz 256) + (Hacspec_lib.Ring.impl_2__coefficients (sz 256) re <: t_Array (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) (fun coefficient -> + let coefficient:Hacspec_lib.Field.t_PrimeFieldElement 3329us = coefficient in decompress_d coefficient bits_per_compressed_coefficient <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) @@ -51,7 +60,8 @@ let compress_d (fe: Hacspec_lib.Field.t_PrimeFieldElement 3329us) (to_bit_size: (Core.Result.impl__unwrap_or_else (Core.Convert.f_try_into to_bit_size <: Core.Result.t_Result u32 Core.Num.Error.t_TryFromIntError) - (fun _ -> + (fun temp_0_ -> + let _:Core.Num.Error.t_TryFromIntError = temp_0_ in Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize (let list = [ @@ -95,24 +105,22 @@ let compress_d (fe: Hacspec_lib.Field.t_PrimeFieldElement 3329us) (to_bit_size: in Core.Convert.f_into (compressed %! two_pow_bit_size <: u32) -let decompress_d (fe: Hacspec_lib.Field.t_PrimeFieldElement 3329us) (to_bit_size: usize) - : Hacspec_lib.Field.t_PrimeFieldElement 3329us = - let _:Prims.unit = - if ~.(to_bit_size <=. Hacspec_kyber.Parameters.v_BITS_PER_COEFFICIENT <: bool) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: to_bit_size <= parameters::BITS_PER_COEFFICIENT" - +let compress + (re: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + (bits_per_compressed_coefficient: usize) + : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + Hacspec_lib.Ring.impl_2__new (sz 256) + (Core.Array.impl_23__map (sz 256) + (Hacspec_lib.Ring.impl_2__coefficients (sz 256) re <: - Rust_primitives.Hax.t_Never) - in - let decompressed:u32 = - (((2ul *! (Core.Convert.f_from fe.Hacspec_lib.Field.f_value <: u32) <: u32) *! - (Core.Convert.f_from Hacspec_lib.Field.impl_2__MODULUS_1 <: u32) - <: - u32) +! - (1ul < + let coefficient:Hacspec_lib.Field.t_PrimeFieldElement 3329us = coefficient in + compress_d coefficient bits_per_compressed_coefficient + <: + Hacspec_lib.Field.t_PrimeFieldElement 3329us) <: - u32) >>! - (to_bit_size +! sz 1 <: usize) - in - Core.Convert.f_into decompressed \ No newline at end of file + t_Array (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ind_cpa.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ind_cpa.fst index ac6ccdb7f..b2cfd1b72 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ind_cpa.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ind_cpa.fst @@ -1,6 +1,174 @@ module Hacspec_kyber.Ind_cpa #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core +open FStar.Mul + +let encode_and_compress_u + (input: + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + ) + : Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = + let out:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = Alloc.Vec.impl__new in + let out:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Hacspec_lib.Vector.impl__into_iter + (sz 3) + (sz 256) + input + <: + Core.Array.Iter.t_IntoIter + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) (sz 3)) + <: + Core.Array.Iter.t_IntoIter + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) (sz 3)) + out + (fun out re -> + let out:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = out in + let re:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + re + in + Alloc.Vec.impl_2__extend_from_slice out + (Core.Ops.Deref.f_deref (Hacspec_kyber.Serialize.byte_encode Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR + (Hacspec_kyber.Compress.compress re + Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR + <: + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) + <: + Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) + <: + t_Slice u8) + <: + Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) + in + out + +let decrypt (secret_key: t_Array u8 (sz 1152)) (ciphertext: t_Array u8 (sz 1088)) + : t_Array u8 (sz 32) = + let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + Hacspec_lib.Vector.impl__ZERO + in + let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks (ciphertext.[ { + Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + ((Hacspec_kyber.Parameters.v_COEFFICIENTS_IN_RING_ELEMENT *! + Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 + <: + usize) + <: + Core.Slice.Iter.t_Chunks u8) + <: + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) + <: + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) + u + (fun u temp_1_ -> + let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + u + in + let i, u_bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u + i + (Hacspec_kyber.Compress.decompress (Hacspec_kyber.Serialize.byte_decode Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR + u_bytes + <: + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) + Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR + <: + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) + <: + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + ) + in + let v:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + Hacspec_kyber.Compress.decompress (Hacspec_kyber.Serialize.byte_decode Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR + (ciphertext.[ { + Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR + in + let secret_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + Hacspec_lib.Vector.impl__ZERO + in + let secret_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize secret_key <: t_Slice u8) + Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT + <: + Core.Slice.Iter.t_ChunksExact u8) + <: + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + <: + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + secret_as_ntt + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:Hacspec_lib.Vector.t_Vector + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + secret_as_ntt + in + let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt + i + (Hacspec_kyber.Serialize.byte_decode (sz 12) secret_bytes + <: + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) + <: + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + ) + in + let u_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + Hacspec_kyber.Ntt.vector_ntt u + in + let message:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + v -! + (Hacspec_kyber.Ntt.ntt_inverse (Hacspec_kyber.Matrix.multiply_column_by_row secret_as_ntt + u_as_ntt + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + in + Hacspec_lib.f_as_array (sz 32) + (Hacspec_kyber.Serialize.byte_encode (sz 1) + (Hacspec_kyber.Compress.compress message (sz 1) + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + <: + Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) type t_KeyPair = { f_sk:t_Array u8 (sz 1152); @@ -8,16 +176,17 @@ type t_KeyPair = { } let impl__KeyPair__new (sk: t_Array u8 (sz 1152)) (pk: t_Array u8 (sz 1184)) : t_KeyPair = - { f_sk = sk; f_pk = pk } + { f_sk = sk; f_pk = pk } <: t_KeyPair + +let impl__KeyPair__pk (self: t_KeyPair) : t_Array u8 (sz 1184) = self.f_pk let impl__KeyPair__serialize_secret_key (self: t_KeyPair) (implicit_rejection_value: t_Array u8 (sz 32)) : t_Array u8 (sz 2400) = Core.Convert.f_into (Hacspec_lib.f_push (Hacspec_lib.f_push (Hacspec_lib.f_push (Hacspec_lib.f_push - (Hacspec_lib.impl_6__new (Rust_primitives.Hax.repeat 0uy (sz 2400) - <: - t_Array u8 (sz 2400)) + (Hacspec_lib.impl_6__new (sz 2400) + (Rust_primitives.Hax.repeat 0uy (sz 2400) <: t_Array u8 (sz 2400)) <: Hacspec_lib.t_UpdatableArray (sz 2400)) (Rust_primitives.unsize self.f_sk <: t_Slice u8) @@ -40,26 +209,63 @@ let impl__KeyPair__serialize_secret_key <: Hacspec_lib.t_UpdatableArray (sz 2400)) -let impl__KeyPair__pk (self: t_KeyPair) : t_Array u8 (sz 1184) = self.f_pk - -let generate_keypair (key_generation_seed: t_Array u8 (sz 32)) - : Core.Result.t_Result t_KeyPair Hacspec_kyber.t_BadRejectionSamplingRandomnessError = - let hashed:t_Array u8 (sz 64) = - Hacspec_kyber.Parameters.Hash_functions.v_G (Rust_primitives.unsize key_generation_seed +let encrypt (public_key: t_Array u8 (sz 1184)) (message randomness: t_Array u8 (sz 32)) + : Core.Result.t_Result (t_Array u8 (sz 1088)) + Hacspec_kyber.t_BadRejectionSamplingRandomnessError = + let (domain_separator: u8):u8 = 0uy in + let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + Hacspec_lib.Vector.impl__ZERO + in + let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks (public_key.[ { + Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT + <: + Core.Slice.Iter.t_Chunks u8) + <: + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) <: - t_Slice u8) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + tt_as_ntt + in + let i, tt_as_ntt_bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt + i + (Hacspec_kyber.Serialize.byte_decode (sz 12) tt_as_ntt_bytes + <: + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) + <: + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + ) in - let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + let seed_for_A:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] in - let (domain_separator: u8):u8 = 0uy in let v_A_as_ntt:t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) (sz 3) = Rust_primitives.Hax.repeat Hacspec_lib.Vector.impl__ZERO (sz 3) in let (xof_input: t_Array u8 (sz 34)):t_Array u8 (sz 34) = - Hacspec_lib.f_into_padded_array seed_for_A + Hacspec_lib.f_into_padded_array (sz 34) seed_for_A in let v_A_as_ntt, xof_input:(t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) @@ -68,31 +274,66 @@ let generate_keypair (key_generation_seed: t_Array u8 (sz 32)) Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_RANK - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (v_A_as_ntt, xof_input) - (fun (v_A_as_ntt, xof_input) i -> + (v_A_as_ntt, xof_input + <: + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) + (fun temp_0_ i -> + let v_A_as_ntt, xof_input:(t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34)) = + temp_0_ + in + let i:usize = i in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_RANK - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (v_A_as_ntt, xof_input) - (fun (v_A_as_ntt, xof_input) j -> + (v_A_as_ntt, xof_input + <: + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) + (fun temp_0_ j -> + let v_A_as_ntt, xof_input:(t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34)) = + temp_0_ + in + let j:usize = j in let xof_input:t_Array u8 (sz 34) = - Rust_primitives.Hax.update_at xof_input (sz 32) (Hacspec_lib.f_as_u8 i <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize xof_input + (sz 32) + (Hacspec_lib.f_as_u8 i <: u8) in let xof_input:t_Array u8 (sz 34) = - Rust_primitives.Hax.update_at xof_input (sz 33) (Hacspec_lib.f_as_u8 j <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize xof_input + (sz 33) + (Hacspec_lib.f_as_u8 j <: u8) in let (xof_bytes: t_Array u8 (sz 840)):t_Array u8 (sz 840) = - Hacspec_kyber.Parameters.Hash_functions.v_XOF (Rust_primitives.unsize xof_input - <: - t_Slice u8) + Hacspec_kyber.Parameters.Hash_functions.v_XOF (sz 840) + (Rust_primitives.unsize xof_input <: t_Slice u8) in - let* hoist2:Hacspec_lib.Ring.t_PolynomialRingElement + let* hoist10:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = match Core.Ops.Try_trait.f_branch (Hacspec_kyber.Sampling.sample_ntt xof_bytes @@ -103,42 +344,69 @@ let generate_keypair (key_generation_seed: t_Array u8 (sz 32)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError) with | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist1:Rust_primitives.Hax.t_Never = + let* hoist9:Rust_primitives.Hax.t_Never = Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual <: - Core.Result.t_Result t_KeyPair + Core.Result.t_Result (t_Array u8 (sz 1088)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError) in Core.Ops.Control_flow.ControlFlow_Continue - (Rust_primitives.Hax.never_to_any hoist1) + (Rust_primitives.Hax.never_to_any hoist9) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result (t_Array u8 (sz 1088)) + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) | Core.Ops.Control_flow.ControlFlow_Continue v_val -> Core.Ops.Control_flow.ControlFlow_Continue v_val + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result (t_Array u8 (sz 1088)) + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist3:Hacspec_lib.Vector.t_Vector + (let hoist11:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at (v_A_as_ntt.[ i ] + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_as_ntt.[ i ] <: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) j - hoist2 + hoist10 in - let hoist4:t_Array + let hoist12:t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) (sz 3) = - Rust_primitives.Hax.update_at v_A_as_ntt i hoist3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_as_ntt i hoist11 in let v_A_as_ntt:t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) (sz 3) = - hoist4 + hoist12 in - v_A_as_ntt, xof_input)) + v_A_as_ntt, xof_input + <: + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result (t_Array u8 (sz 1088)) + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) <: (t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) @@ -146,216 +414,226 @@ let generate_keypair (key_generation_seed: t_Array u8 (sz 32)) (sz 3)) (sz 3) & t_Array u8 (sz 34))) in - let secret:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = + let r:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Hacspec_lib.Vector.impl__ZERO in let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Hacspec_lib.f_into_padded_array seed_for_secret_and_error + Hacspec_lib.f_into_padded_array (sz 32) (sz 33) randomness in - let domain_separator, prf_input, secret:(u8 & t_Array u8 (sz 33) & + let domain_separator, prf_input, r:(u8 & t_Array u8 (sz 33) & Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len secret <: usize - }) + Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len (sz 3) (sz 256) r <: usize + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, prf_input, secret) - (fun (domain_separator, prf_input, secret) i -> + (domain_separator, prf_input, r + <: + (u8 & t_Array u8 (sz 33) & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + )) + (fun temp_0_ i -> + let domain_separator, prf_input, r:(u8 & t_Array u8 (sz 33) & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) = + temp_0_ + in + let i:usize = i in let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input + (sz 32) + domain_separator in let domain_separator:u8 = domain_separator +! 1uy in let (prf_output: t_Array u8 (sz 128)):t_Array u8 (sz 128) = - Hacspec_kyber.Parameters.Hash_functions.v_PRF (Rust_primitives.unsize prf_input - <: - t_Slice u8) + Hacspec_kyber.Parameters.Hash_functions.v_PRF (sz 128) + (Rust_primitives.unsize prf_input <: t_Slice u8) in - let secret:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let r:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at secret + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize r i (Hacspec_kyber.Sampling.sample_poly_cbd (sz 2) - (prf_output.[ Core.Ops.Range.RangeFull ] <: t_Slice u8) + (Rust_primitives.unsize prf_output <: t_Slice u8) <: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) in - domain_separator, prf_input, secret) + domain_separator, prf_input, r + <: + (u8 & t_Array u8 (sz 33) & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3))) in - let error:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let error_1_:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Hacspec_lib.Vector.impl__ZERO in - let domain_separator, error, prf_input:(u8 & + let domain_separator, error_1_, prf_input:(u8 & Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) & t_Array u8 (sz 33)) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len error <: usize - }) + Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len (sz 3) (sz 256) error_1_ <: usize + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, error, prf_input) - (fun (domain_separator, error, prf_input) i -> + (domain_separator, error_1_, prf_input + <: + (u8 & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) & + t_Array u8 (sz 33))) + (fun temp_0_ i -> + let domain_separator, error_1_, prf_input:(u8 & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) & + t_Array u8 (sz 33)) = + temp_0_ + in + let i:usize = i in let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input + (sz 32) + domain_separator in let domain_separator:u8 = domain_separator +! 1uy in let (prf_output: t_Array u8 (sz 128)):t_Array u8 (sz 128) = - Hacspec_kyber.Parameters.Hash_functions.v_PRF (Rust_primitives.unsize prf_input - <: - t_Slice u8) + Hacspec_kyber.Parameters.Hash_functions.v_PRF (sz 128) + (Rust_primitives.unsize prf_input <: t_Slice u8) in - let error:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let error_1_:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at error + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ i (Hacspec_kyber.Sampling.sample_poly_cbd (sz 2) - (prf_output.[ Core.Ops.Range.RangeFull ] <: t_Slice u8) + (Rust_primitives.unsize prf_output <: t_Slice u8) <: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) in - domain_separator, error, prf_input) + domain_separator, error_1_, prf_input + <: + (u8 & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) & + t_Array u8 (sz 33))) in - let secret_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Hacspec_kyber.Ntt.vector_ntt secret + let prf_input:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator in - let error_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Hacspec_kyber.Ntt.vector_ntt error + let (prf_output: t_Array u8 (sz 128)):t_Array u8 (sz 128) = + Hacspec_kyber.Parameters.Hash_functions.v_PRF (sz 128) + (Rust_primitives.unsize prf_input <: t_Slice u8) in - let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let error_2_:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + Hacspec_kyber.Sampling.sample_poly_cbd (sz 2) (Rust_primitives.unsize prf_output <: t_Slice u8) + in + let r_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - (Hacspec_kyber.Matrix.multiply_matrix_by_column v_A_as_ntt secret_as_ntt + Hacspec_kyber.Ntt.vector_ntt r + in + let v_A_as_ntt_transpose:t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) + (sz 3) = + Hacspec_kyber.Matrix.transpose v_A_as_ntt + in + let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + (Hacspec_kyber.Ntt.vector_inverse_ntt (Hacspec_kyber.Matrix.multiply_matrix_by_column v_A_as_ntt_transpose + r_as_ntt + <: + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + ) <: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) +! - error_as_ntt + error_1_ in - let public_key_serialized:t_Array u8 (sz 1184) = - Hacspec_lib.impl_6__array (Hacspec_lib.f_push (Hacspec_lib.f_push (Hacspec_lib.impl_6__new (Rust_primitives.Hax.repeat - 0uy - (sz 1184) - <: - t_Array u8 (sz 1184)) - <: - Hacspec_lib.t_UpdatableArray (sz 1184)) - (Rust_primitives.unsize (Hacspec_kyber.Serialize.vector_encode_12_ tt_as_ntt - <: - t_Array u8 (sz 1152)) - <: - t_Slice u8) - <: - Hacspec_lib.t_UpdatableArray (sz 1184)) - seed_for_A + let message_as_ring_element:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + Hacspec_kyber.Compress.decompress (Hacspec_kyber.Serialize.byte_decode (sz 1) + (Rust_primitives.unsize message <: t_Slice u8) <: - Hacspec_lib.t_UpdatableArray (sz 1184)) - in - let secret_key_serialized:t_Array u8 (sz 1152) = - Hacspec_kyber.Serialize.vector_encode_12_ secret_as_ntt + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + (sz 1) in - Core.Result.Result_Ok - (impl__KeyPair__new (Hacspec_lib.f_into_array (Rust_primitives.unsize secret_key_serialized + let v:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + ((Hacspec_kyber.Ntt.ntt_inverse (Hacspec_kyber.Matrix.multiply_column_by_row tt_as_ntt r_as_ntt <: - t_Slice u8) + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) <: - t_Array u8 (sz 1152)) - (Hacspec_lib.f_into_array (Rust_primitives.unsize public_key_serialized <: t_Slice u8) + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) +! + error_2_ + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) +! + message_as_ring_element + in + let c1:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = encode_and_compress_u u in + let c2:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = + Hacspec_kyber.Serialize.byte_encode Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR + (Hacspec_kyber.Compress.compress v Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR <: - t_Array u8 (sz 1184))) - -let encode_and_compress_u - (input: - Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) - ) - : Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - let out:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = Alloc.Vec.impl__new in - let out:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Hacspec_lib.Vector.impl__into_iter - input - <: - Core.Array.Iter.t_IntoIter - (Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) (sz 3)) + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + in + let (ciphertext: t_Array u8 (sz 1088)):t_Array u8 (sz 1088) = + Hacspec_lib.f_into_padded_array (sz 1088) c1 + in + let ciphertext:t_Array u8 (sz 1088) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext + ({ Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE } <: - Core.Array.Iter.t_IntoIter - (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) (sz 3)) - out - (fun out re -> - Alloc.Vec.impl_2__extend_from_slice out - (Core.Ops.Deref.f_deref (Hacspec_kyber.Serialize.byte_encode Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR - (Hacspec_kyber.Compress.compress re - Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR - <: - Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) - <: - Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice (ciphertext.[ { + Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE + } <: - t_Slice u8) - <: - Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Alloc.Vec.impl_1__as_slice c2 <: t_Slice u8) + <: + t_Slice u8) in - out + Core.Result.Result_Ok ciphertext + <: + Core.Result.t_Result (t_Array u8 (sz 1088)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError -let encrypt (public_key: t_Array u8 (sz 1184)) (message randomness: t_Array u8 (sz 32)) - : Core.Result.t_Result (t_Array u8 (sz 1088)) - Hacspec_kyber.t_BadRejectionSamplingRandomnessError = - let (domain_separator: u8):u8 = 0uy in - let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Hacspec_lib.Vector.impl__ZERO - in - let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks (public_key.[ { - Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_T_AS_NTT_ENCODED_SIZE - } ] - <: - t_Slice u8) - Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_Chunks u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) +let generate_keypair (key_generation_seed: t_Array u8 (sz 32)) + : Core.Result.t_Result t_KeyPair Hacspec_kyber.t_BadRejectionSamplingRandomnessError = + let hashed:t_Array u8 (sz 64) = + Hacspec_kyber.Parameters.Hash_functions.v_G (Rust_primitives.unsize key_generation_seed <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) - tt_as_ntt - (fun tt_as_ntt (i, tt_as_ntt_bytes) -> - Rust_primitives.Hax.update_at tt_as_ntt - i - (Hacspec_kyber.Serialize.byte_decode (sz 12) tt_as_ntt_bytes - <: - Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) - <: - Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) - ) + t_Slice u8) in - let seed_for_A:t_Slice u8 = - public_key.[ { Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_T_AS_NTT_ENCODED_SIZE } ] + let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in + let (domain_separator: u8):u8 = 0uy in let v_A_as_ntt:t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) (sz 3) = Rust_primitives.Hax.repeat Hacspec_lib.Vector.impl__ZERO (sz 3) in let (xof_input: t_Array u8 (sz 34)):t_Array u8 (sz 34) = - Hacspec_lib.f_into_padded_array seed_for_A + Hacspec_lib.f_into_padded_array (sz 34) seed_for_A in let v_A_as_ntt, xof_input:(t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) @@ -364,31 +642,66 @@ let encrypt (public_key: t_Array u8 (sz 1184)) (message randomness: t_Array u8 ( Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_RANK - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (v_A_as_ntt, xof_input) - (fun (v_A_as_ntt, xof_input) i -> + (v_A_as_ntt, xof_input + <: + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) + (fun temp_0_ i -> + let v_A_as_ntt, xof_input:(t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34)) = + temp_0_ + in + let i:usize = i in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_RANK - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (v_A_as_ntt, xof_input) - (fun (v_A_as_ntt, xof_input) j -> + (v_A_as_ntt, xof_input + <: + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) + (fun temp_0_ j -> + let v_A_as_ntt, xof_input:(t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34)) = + temp_0_ + in + let j:usize = j in let xof_input:t_Array u8 (sz 34) = - Rust_primitives.Hax.update_at xof_input (sz 32) (Hacspec_lib.f_as_u8 i <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize xof_input + (sz 32) + (Hacspec_lib.f_as_u8 i <: u8) in let xof_input:t_Array u8 (sz 34) = - Rust_primitives.Hax.update_at xof_input (sz 33) (Hacspec_lib.f_as_u8 j <: u8) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize xof_input + (sz 33) + (Hacspec_lib.f_as_u8 j <: u8) in let (xof_bytes: t_Array u8 (sz 840)):t_Array u8 (sz 840) = - Hacspec_kyber.Parameters.Hash_functions.v_XOF (Rust_primitives.unsize xof_input - <: - t_Slice u8) + Hacspec_kyber.Parameters.Hash_functions.v_XOF (sz 840) + (Rust_primitives.unsize xof_input <: t_Slice u8) in - let* hoist6:Hacspec_lib.Ring.t_PolynomialRingElement + let* hoist14:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = match Core.Ops.Try_trait.f_branch (Hacspec_kyber.Sampling.sample_ntt xof_bytes @@ -399,42 +712,69 @@ let encrypt (public_key: t_Array u8 (sz 1184)) (message randomness: t_Array u8 ( Hacspec_kyber.t_BadRejectionSamplingRandomnessError) with | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist5:Rust_primitives.Hax.t_Never = + let* hoist13:Rust_primitives.Hax.t_Never = Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual <: - Core.Result.t_Result (t_Array u8 (sz 1088)) + Core.Result.t_Result t_KeyPair Hacspec_kyber.t_BadRejectionSamplingRandomnessError) in Core.Ops.Control_flow.ControlFlow_Continue - (Rust_primitives.Hax.never_to_any hoist5) + (Rust_primitives.Hax.never_to_any hoist13) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result t_KeyPair + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) | Core.Ops.Control_flow.ControlFlow_Continue v_val -> Core.Ops.Control_flow.ControlFlow_Continue v_val + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result t_KeyPair + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist7:Hacspec_lib.Vector.t_Vector + (let hoist15:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at (v_A_as_ntt.[ i ] + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_as_ntt.[ i ] <: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) j - hoist6 + hoist14 in - let hoist8:t_Array + let hoist16:t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) (sz 3) = - Rust_primitives.Hax.update_at v_A_as_ntt i hoist7 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_as_ntt i hoist15 in let v_A_as_ntt:t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) (sz 3) = - hoist8 + hoist16 in - v_A_as_ntt, xof_input)) + v_A_as_ntt, xof_input + <: + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result t_KeyPair + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + (t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) & + t_Array u8 (sz 34))) <: (t_Array (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) @@ -442,265 +782,174 @@ let encrypt (public_key: t_Array u8 (sz 1184)) (message randomness: t_Array u8 ( (sz 3)) (sz 3) & t_Array u8 (sz 34))) in - let r:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + let secret:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = Hacspec_lib.Vector.impl__ZERO in let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Hacspec_lib.f_into_padded_array randomness + Hacspec_lib.f_into_padded_array (sz 33) seed_for_secret_and_error in - let domain_separator, prf_input, r:(u8 & t_Array u8 (sz 33) & + let domain_separator, prf_input, secret:(u8 & t_Array u8 (sz 33) & Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len r <: usize - }) + Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len (sz 3) (sz 256) secret <: usize + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, prf_input, r) - (fun (domain_separator, prf_input, r) i -> + (domain_separator, prf_input, secret + <: + (u8 & t_Array u8 (sz 33) & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + )) + (fun temp_0_ i -> + let domain_separator, prf_input, secret:(u8 & t_Array u8 (sz 33) & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) = + temp_0_ + in + let i:usize = i in let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input + (sz 32) + domain_separator in let domain_separator:u8 = domain_separator +! 1uy in let (prf_output: t_Array u8 (sz 128)):t_Array u8 (sz 128) = - Hacspec_kyber.Parameters.Hash_functions.v_PRF (Rust_primitives.unsize prf_input - <: - t_Slice u8) + Hacspec_kyber.Parameters.Hash_functions.v_PRF (sz 128) + (Rust_primitives.unsize prf_input <: t_Slice u8) in - let r:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let secret:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at r + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret i (Hacspec_kyber.Sampling.sample_poly_cbd (sz 2) - (Rust_primitives.unsize prf_output <: t_Slice u8) + (prf_output.[ Core.Ops.Range.RangeFull <: Core.Ops.Range.t_RangeFull ] + <: + t_Slice u8) <: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) in - domain_separator, prf_input, r) + domain_separator, prf_input, secret + <: + (u8 & t_Array u8 (sz 33) & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3))) in - let error_1_:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let error:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Hacspec_lib.Vector.impl__ZERO in - let domain_separator, error_1_, prf_input:(u8 & + let domain_separator, error, prf_input:(u8 & Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) & t_Array u8 (sz 33)) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len error_1_ <: usize - }) + Core.Ops.Range.f_end = Hacspec_lib.Vector.impl__len (sz 3) (sz 256) error <: usize + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, error_1_, prf_input) - (fun (domain_separator, error_1_, prf_input) i -> + (domain_separator, error, prf_input + <: + (u8 & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) & + t_Array u8 (sz 33))) + (fun temp_0_ i -> + let domain_separator, error, prf_input:(u8 & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) & + t_Array u8 (sz 33)) = + temp_0_ + in + let i:usize = i in let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input + (sz 32) + domain_separator in let domain_separator:u8 = domain_separator +! 1uy in let (prf_output: t_Array u8 (sz 128)):t_Array u8 (sz 128) = - Hacspec_kyber.Parameters.Hash_functions.v_PRF (Rust_primitives.unsize prf_input - <: - t_Slice u8) + Hacspec_kyber.Parameters.Hash_functions.v_PRF (sz 128) + (Rust_primitives.unsize prf_input <: t_Slice u8) in - let error_1_:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let error:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at error_1_ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error i (Hacspec_kyber.Sampling.sample_poly_cbd (sz 2) - (Rust_primitives.unsize prf_output <: t_Slice u8) + (prf_output.[ Core.Ops.Range.RangeFull <: Core.Ops.Range.t_RangeFull ] + <: + t_Slice u8) <: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) in - domain_separator, error_1_, prf_input) - in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator - in - let (prf_output: t_Array u8 (sz 128)):t_Array u8 (sz 128) = - Hacspec_kyber.Parameters.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: t_Slice u8) - in - let error_2_:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Hacspec_kyber.Sampling.sample_poly_cbd (sz 2) (Rust_primitives.unsize prf_output <: t_Slice u8) + domain_separator, error, prf_input + <: + (u8 & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) & + t_Array u8 (sz 33))) in - let r_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let secret_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Hacspec_kyber.Ntt.vector_ntt r + Hacspec_kyber.Ntt.vector_ntt secret in - let v_A_as_ntt_transpose:t_Array - (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) + let error_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) (sz 3) = - Hacspec_kyber.Matrix.transpose v_A_as_ntt + Hacspec_kyber.Ntt.vector_ntt error in - let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - (Hacspec_kyber.Ntt.vector_inverse_ntt (Hacspec_kyber.Matrix.multiply_matrix_by_column v_A_as_ntt_transpose - r_as_ntt - <: - Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) - ) + let tt_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + (Hacspec_kyber.Matrix.multiply_matrix_by_column v_A_as_ntt secret_as_ntt <: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3)) +! - error_1_ - in - let message_as_ring_element:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Hacspec_kyber.Compress.decompress (Hacspec_kyber.Serialize.byte_decode (sz 1) - (Rust_primitives.unsize message <: t_Slice u8) - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - (sz 1) - in - let v:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - ((Hacspec_kyber.Ntt.ntt_inverse (Hacspec_kyber.Matrix.multiply_column_by_row tt_as_ntt r_as_ntt - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) +! - error_2_ - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) +! - message_as_ring_element - in - let c1:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = encode_and_compress_u u in - let c2:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - Hacspec_kyber.Serialize.byte_encode Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR - (Hacspec_kyber.Compress.compress v Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - in - let (ciphertext: t_Array u8 (sz 1088)):t_Array u8 (sz 1088) = - Hacspec_lib.f_into_padded_array c1 - in - let ciphertext:t_Array u8 (sz 1088) = - Rust_primitives.Hax.update_at ciphertext - ({ Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE }) - (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut ciphertext - ({ Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE }) - <: - t_Slice u8) - (Alloc.Vec.impl_1__as_slice c2 <: t_Slice u8) - <: - t_Slice u8) - in - Core.Result.Result_Ok ciphertext - -let decrypt (secret_key: t_Array u8 (sz 1152)) (ciphertext: t_Array u8 (sz 1088)) - : t_Array u8 (sz 32) = - let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Hacspec_lib.Vector.impl__ZERO + error_as_ntt in - let u:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks (ciphertext.[ { - Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE - } ] - <: - t_Slice u8) - ((Hacspec_kyber.Parameters.v_COEFFICIENTS_IN_RING_ELEMENT *! - Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 + let public_key_serialized:t_Array u8 (sz 1184) = + Hacspec_lib.impl_6__array (sz 1184) + (Hacspec_lib.f_push (Hacspec_lib.f_push (Hacspec_lib.impl_6__new (sz 1184) + (Rust_primitives.Hax.repeat 0uy (sz 1184) <: t_Array u8 (sz 1184)) + <: + Hacspec_lib.t_UpdatableArray (sz 1184)) + (Rust_primitives.unsize (Hacspec_kyber.Serialize.vector_encode_12_ tt_as_ntt <: - usize) + t_Array u8 (sz 1152)) <: - Core.Slice.Iter.t_Chunks u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) - u - (fun u (i, u_bytes) -> - Rust_primitives.Hax.update_at u - i - (Hacspec_kyber.Compress.decompress (Hacspec_kyber.Serialize.byte_decode Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR - u_bytes - <: - Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) - Hacspec_kyber.Parameters.v_VECTOR_U_COMPRESSION_FACTOR - <: - Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) - <: - Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) - ) - in - let v:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - Hacspec_kyber.Compress.decompress (Hacspec_kyber.Serialize.byte_decode Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR - (ciphertext.[ { - Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_VECTOR_U_ENCODED_SIZE - } ] + t_Slice u8) <: - t_Slice u8) + Hacspec_lib.t_UpdatableArray (sz 1184)) + seed_for_A <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - Hacspec_kyber.Parameters.v_VECTOR_V_COMPRESSION_FACTOR + Hacspec_lib.t_UpdatableArray (sz 1184)) in - let secret_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Hacspec_lib.Vector.impl__ZERO + let secret_key_serialized:t_Array u8 (sz 1152) = + Hacspec_kyber.Serialize.vector_encode_12_ secret_as_ntt in - let secret_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize secret_key <: t_Slice u8) - Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Result.Result_Ok + (impl__KeyPair__new (Hacspec_lib.f_into_array (sz 1152) + (Rust_primitives.unsize secret_key_serialized <: t_Slice u8) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - secret_as_ntt - (fun secret_as_ntt (i, secret_bytes) -> - Rust_primitives.Hax.update_at secret_as_ntt - i - (Hacspec_kyber.Serialize.byte_decode (sz 12) secret_bytes - <: - Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) - <: - Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) - ) - in - let u_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) - (sz 3) = - Hacspec_kyber.Ntt.vector_ntt u - in - let message:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - v -! - (Hacspec_kyber.Ntt.ntt_inverse (Hacspec_kyber.Matrix.multiply_column_by_row secret_as_ntt - u_as_ntt - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - in - Hacspec_lib.f_as_array (Hacspec_kyber.Serialize.byte_encode (sz 1) - (Hacspec_kyber.Compress.compress message (sz 1) - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - <: - Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) \ No newline at end of file + t_Array u8 (sz 1152)) + (Hacspec_lib.f_into_array (sz 1184) + (Rust_primitives.unsize public_key_serialized <: t_Slice u8) + <: + t_Array u8 (sz 1184))) + <: + Core.Result.t_Result t_KeyPair Hacspec_kyber.t_BadRejectionSamplingRandomnessError diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Matrix.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Matrix.fst index 78784558f..ce3324a96 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Matrix.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Matrix.fst @@ -1,6 +1,69 @@ module Hacspec_kyber.Matrix #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core +open FStar.Mul + +let multiply_column_by_row + (column_vector row_vector: + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) + ) + : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + let result:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + Hacspec_lib.Ring.impl_2__ZERO + in + let result:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_zip + (Hacspec_lib.Vector.impl__iter (sz 3) (sz 256) column_vector + <: + Core.Slice.Iter.t_Iter + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256))) + (Hacspec_lib.Vector.impl__iter (sz 3) (sz 256) row_vector + <: + Core.Slice.Iter.t_Iter + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256))) + <: + Core.Iter.Adapters.Zip.t_Zip + (Core.Slice.Iter.t_Iter + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256))) + (Core.Slice.Iter.t_Iter + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)))) + <: + Core.Iter.Adapters.Zip.t_Zip + (Core.Slice.Iter.t_Iter + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256))) + (Core.Slice.Iter.t_Iter + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)))) + result + (fun result temp_1_ -> + let result:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + result + in + let column_element, row_element:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) = + temp_1_ + in + result +! + (Hacspec_kyber.Ntt.multiply_ntts column_element row_element + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + <: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + in + result let transpose (matrix: @@ -44,9 +107,21 @@ let transpose (sz 256) (sz 3)))) transpose - (fun transpose (i, row) -> + (fun transpose temp_1_ -> + let transpose:t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) = + transpose + in + let i, row:(usize & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) = + temp_1_ + in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Hacspec_lib.Vector.impl__iter row + (Hacspec_lib.Vector.impl__iter (sz 3) (sz 256) row <: Core.Slice.Iter.t_Iter (Hacspec_lib.Ring.t_PolynomialRingElement @@ -62,10 +137,21 @@ let transpose (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)))) transpose - (fun transpose (j, matrix_element) -> - Rust_primitives.Hax.update_at transpose + (fun transpose temp_1_ -> + let transpose:t_Array + (Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) (sz 3) = + transpose + in + let j, matrix_element:(usize & + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) = + temp_1_ + in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize transpose j - (Rust_primitives.Hax.update_at (transpose.[ j ] + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (transpose.[ j ] <: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) @@ -137,9 +223,20 @@ let multiply_matrix_by_column (sz 256) (sz 3)))) result - (fun result (i, row) -> + (fun result temp_1_ -> + let result:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + result + in + let i, row:(usize & + Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3)) = + temp_1_ + in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Hacspec_lib.Vector.impl__iter row + (Hacspec_lib.Vector.impl__iter (sz 3) (sz 256) row <: Core.Slice.Iter.t_Iter (Hacspec_lib.Ring.t_PolynomialRingElement @@ -155,7 +252,16 @@ let multiply_matrix_by_column (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)))) result - (fun result (j, matrix_element) -> + (fun result temp_1_ -> + let result:Hacspec_lib.Vector.t_Vector + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + result + in + let j, matrix_element:(usize & + Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) = + temp_1_ + in let product:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = Hacspec_kyber.Ntt.multiply_ntts matrix_element @@ -166,7 +272,7 @@ let multiply_matrix_by_column in let result:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - Rust_primitives.Hax.update_at result + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i ((result.[ i ] <: @@ -183,55 +289,3 @@ let multiply_matrix_by_column ) in result - -let multiply_column_by_row - (column_vector row_vector: - Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) - ) - : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - let result:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - Hacspec_lib.Ring.impl_2__ZERO - in - let result:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_zip - (Hacspec_lib.Vector.impl__iter column_vector - <: - Core.Slice.Iter.t_Iter - (Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256))) - (Hacspec_lib.Vector.impl__iter row_vector - <: - Core.Slice.Iter.t_Iter - (Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256))) - <: - Core.Iter.Adapters.Zip.t_Zip - (Core.Slice.Iter.t_Iter - (Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256))) - (Core.Slice.Iter.t_Iter - (Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)))) - <: - Core.Iter.Adapters.Zip.t_Zip - (Core.Slice.Iter.t_Iter - (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256))) - (Core.Slice.Iter.t_Iter - (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)))) - result - (fun result (column_element, row_element) -> - result +! - (Hacspec_kyber.Ntt.multiply_ntts column_element row_element - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - <: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - in - result \ No newline at end of file diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ntt.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ntt.fst index 8339230c8..dac3cb286 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ntt.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Ntt.fst @@ -1,34 +1,147 @@ module Hacspec_kyber.Ntt #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core - -let v_ZETA: Hacspec_lib.Field.t_PrimeFieldElement 3329us = { Hacspec_lib.Field.f_value = 17us } - -let v_INVERSE_OF_128_: Hacspec_lib.Field.t_PrimeFieldElement 3329us = - { Hacspec_lib.Field.f_value = 3303us } +open FStar.Mul let v_NTT_LAYERS: t_Array usize (sz 7) = let list = [sz 2; sz 4; sz 8; sz 16; sz 32; sz 64; sz 128] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 7); Rust_primitives.Hax.array_of_list list +let base_case_multiply + (a b: + (Hacspec_lib.Field.t_PrimeFieldElement 3329us & + Hacspec_lib.Field.t_PrimeFieldElement 3329us)) + (zeta: Hacspec_lib.Field.t_PrimeFieldElement 3329us) + : (Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us) = + let c:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us + ) = + Hacspec_lib.Field.f_ZERO, Hacspec_lib.Field.f_ZERO + <: + (Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us) + in + let c:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us + ) = + { + c with + _1 + = + (a._1 *! b._1 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) +! + ((a._2 *! b._2 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) *! zeta + <: + Hacspec_lib.Field.t_PrimeFieldElement 3329us) + } + <: + (Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us) + in + let c:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us + ) = + { + c with + _2 + = + (a._1 *! b._2 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) +! + (a._2 *! b._1 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) + } + <: + (Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us) + in + c + +let v_INVERSE_OF_128_: Hacspec_lib.Field.t_PrimeFieldElement 3329us = + { Hacspec_lib.Field.f_value = 3303us } <: Hacspec_lib.Field.t_PrimeFieldElement 3329us + +let v_ZETA: Hacspec_lib.Field.t_PrimeFieldElement 3329us = + { Hacspec_lib.Field.f_value = 17us } <: Hacspec_lib.Field.t_PrimeFieldElement 3329us + let bit_rev_7_ (value: u8) : u8 = let (reversed: u8):u8 = 0uy in let reversed:u8 = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = 0ul; Core.Ops.Range.f_end = Core.Num.impl__u8__BITS -! 1ul <: u32 - }) + } + <: + Core.Ops.Range.t_Range u32) <: Core.Ops.Range.t_Range u32) reversed (fun reversed bit -> + let reversed:u8 = reversed in + let bit:u32 = bit in let reversed:u8 = reversed <>! bit <: u8) in reversed) in reversed +let multiply_ntts + (ff_hat g_hat: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) + : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + Hacspec_lib.Ring.impl_2__ZERO + in + let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 128 + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + h_hat + (fun h_hat i -> + let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + h_hat + in + let i:usize = i in + let binomial_product:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & + Hacspec_lib.Field.t_PrimeFieldElement 3329us) = + base_case_multiply ((ff_hat.[ sz 2 *! i <: usize ] + <: + Hacspec_lib.Field.t_PrimeFieldElement 3329us), + (ff_hat.[ (sz 2 *! i <: usize) +! sz 1 <: usize ] + <: + Hacspec_lib.Field.t_PrimeFieldElement 3329us) + <: + (Hacspec_lib.Field.t_PrimeFieldElement 3329us & + Hacspec_lib.Field.t_PrimeFieldElement 3329us)) + ((g_hat.[ sz 2 *! i <: usize ] <: Hacspec_lib.Field.t_PrimeFieldElement 3329us), + (g_hat.[ (sz 2 *! i <: usize) +! sz 1 <: usize ] + <: + Hacspec_lib.Field.t_PrimeFieldElement 3329us) + <: + (Hacspec_lib.Field.t_PrimeFieldElement 3329us & + Hacspec_lib.Field.t_PrimeFieldElement 3329us)) + (Hacspec_lib.Field.impl_1__pow 3329us + v_ZETA + ((2uy *! (bit_rev_7_ (Hacspec_lib.f_as_u8 i <: u8) <: u8) <: u8) +! 1uy <: u8) + <: + Hacspec_lib.Field.t_PrimeFieldElement 3329us) + in + let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize h_hat + (sz 2 *! i <: usize) + binomial_product._1 + in + let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize h_hat + ((sz 2 *! i <: usize) +! sz 1 <: usize) + binomial_product._2 + in + h_hat) + in + h_hat + let ntt (f: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) @@ -51,24 +164,46 @@ let ntt Core.Iter.Adapters.Rev.t_Rev (Core.Slice.Iter.t_Iter usize)) <: Core.Iter.Adapters.Rev.t_Rev (Core.Slice.Iter.t_Iter usize)) - (ff_hat, k) - (fun (ff_hat, k) len -> + (ff_hat, k + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + u8)) + (fun temp_0_ len -> + let ff_hat, k:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8) = + temp_0_ + in + let len:usize = len in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_COEFFICIENTS_IN_RING_ELEMENT -! len <: usize - }) + } + <: + Core.Ops.Range.t_Range usize) (sz 2 *! len <: usize) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) - (ff_hat, k) - (fun (ff_hat, k) start -> + (ff_hat, k + <: + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8)) + (fun temp_0_ start -> + let ff_hat, k:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8) = + temp_0_ + in + let start:usize = start in let zeta:Hacspec_lib.Field.t_PrimeFieldElement 3329us = - Hacspec_lib.Field.impl_1__pow v_ZETA (bit_rev_7_ k <: u8) + Hacspec_lib.Field.impl_1__pow 3329us v_ZETA (bit_rev_7_ k <: u8) in let k:u8 = k +! 1uy in let ff_hat:Hacspec_lib.Ring.t_PolynomialRingElement @@ -76,11 +211,18 @@ let ntt Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = start; Core.Ops.Range.f_end = start +! len <: usize - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) ff_hat (fun ff_hat j -> + let ff_hat:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + ff_hat + in + let j:usize = j in let t:Hacspec_lib.Field.t_PrimeFieldElement 3329us = zeta *! (ff_hat.[ j +! len <: usize ] @@ -89,7 +231,7 @@ let ntt in let ff_hat:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at ff_hat + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ff_hat (j +! len <: usize) ((ff_hat.[ j ] <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) -! t <: @@ -97,7 +239,7 @@ let ntt in let ff_hat:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at ff_hat + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ff_hat j ((ff_hat.[ j ] <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) +! t <: @@ -105,7 +247,11 @@ let ntt in ff_hat) in - ff_hat, k) + ff_hat, k + <: + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8)) <: (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & @@ -130,24 +276,46 @@ let ntt_inverse Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter v_NTT_LAYERS <: Core.Array.Iter.t_IntoIter usize (sz 7)) - (f, k) - (fun (f, k) len -> + (f, k + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + u8)) + (fun temp_0_ len -> + let f, k:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8) = + temp_0_ + in + let len:usize = len in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_COEFFICIENTS_IN_RING_ELEMENT -! len <: usize - }) + } + <: + Core.Ops.Range.t_Range usize) (sz 2 *! len <: usize) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) - (f, k) - (fun (f, k) start -> + (f, k + <: + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8)) + (fun temp_0_ start -> + let f, k:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8) = + temp_0_ + in + let start:usize = start in let zeta:Hacspec_lib.Field.t_PrimeFieldElement 3329us = - Hacspec_lib.Field.impl_1__pow v_ZETA (bit_rev_7_ k <: u8) + Hacspec_lib.Field.impl_1__pow 3329us v_ZETA (bit_rev_7_ k <: u8) in let k:u8 = k -! 1uy in let f:Hacspec_lib.Ring.t_PolynomialRingElement @@ -155,15 +323,22 @@ let ntt_inverse Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = start; Core.Ops.Range.f_end = start +! len <: usize - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) f (fun f j -> + let f:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + f + in + let j:usize = j in let t:Hacspec_lib.Field.t_PrimeFieldElement 3329us = f.[ j ] in let f:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at f + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize f j (t +! (f.[ j +! len <: usize ] @@ -174,7 +349,7 @@ let ntt_inverse in let f:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at f + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize f (j +! len <: usize) (zeta *! ((f.[ j +! len <: usize ] @@ -188,7 +363,11 @@ let ntt_inverse in f) in - f, k) + f, k + <: + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + u8)) <: (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & @@ -200,19 +379,28 @@ let ntt_inverse Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = - Core.Slice.impl__len (Rust_primitives.unsize (Hacspec_lib.Ring.impl_2__coefficients f + Core.Slice.impl__len (Rust_primitives.unsize (Hacspec_lib.Ring.impl_2__coefficients (sz + 256) + f <: t_Array (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) <: t_Slice (Hacspec_lib.Field.t_PrimeFieldElement 3329us)) <: usize - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) f (fun f i -> - Rust_primitives.Hax.update_at f + let f:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + f + in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize f i ((f.[ i ] <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) *! v_INVERSE_OF_128_ <: @@ -223,106 +411,21 @@ let ntt_inverse in f -let multiply_ntts - (ff_hat g_hat: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) - : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - Hacspec_lib.Ring.impl_2__ZERO - in - let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 128 - }) - <: - Core.Ops.Range.t_Range usize) - h_hat - (fun h_hat i -> - let binomial_product:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & - Hacspec_lib.Field.t_PrimeFieldElement 3329us) = - base_case_multiply ((ff_hat.[ sz 2 *! i <: usize ] - <: - Hacspec_lib.Field.t_PrimeFieldElement 3329us), - (ff_hat.[ (sz 2 *! i <: usize) +! sz 1 <: usize ] - <: - Hacspec_lib.Field.t_PrimeFieldElement 3329us)) - ((g_hat.[ sz 2 *! i <: usize ] <: Hacspec_lib.Field.t_PrimeFieldElement 3329us), - (g_hat.[ (sz 2 *! i <: usize) +! sz 1 <: usize ] - <: - Hacspec_lib.Field.t_PrimeFieldElement 3329us)) - (Hacspec_lib.Field.impl_1__pow v_ZETA - ((2uy *! (bit_rev_7_ (Hacspec_lib.f_as_u8 i <: u8) <: u8) <: u8) +! 1uy <: u8) - <: - Hacspec_lib.Field.t_PrimeFieldElement 3329us) - in - let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at h_hat (sz 2 *! i <: usize) binomial_product._1 - in - let h_hat:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at h_hat - ((sz 2 *! i <: usize) +! sz 1 <: usize) - binomial_product._2 - in - h_hat) - in - h_hat - -let base_case_multiply - (a b: - (Hacspec_lib.Field.t_PrimeFieldElement 3329us & - Hacspec_lib.Field.t_PrimeFieldElement 3329us)) - (zeta: Hacspec_lib.Field.t_PrimeFieldElement 3329us) - : (Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us) = - let c:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us - ) = - Hacspec_lib.Field.FieldElement.v_ZERO, Hacspec_lib.Field.FieldElement.v_ZERO - in - let c:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us - ) = - { - c with - _1 - = - (a._1 *! b._1 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) +! - ((a._2 *! b._2 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) *! zeta - <: - Hacspec_lib.Field.t_PrimeFieldElement 3329us) - } - in - let c:(Hacspec_lib.Field.t_PrimeFieldElement 3329us & Hacspec_lib.Field.t_PrimeFieldElement 3329us - ) = - { - c with - _2 - = - (a._1 *! b._2 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) +! - (a._2 *! b._1 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) - } - in - c - -let vector_ntt - (vector: +let vector_inverse_ntt + (vector_as_ntt: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) ) : Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - let vector_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let vector:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Hacspec_lib.Vector.impl__ZERO in - let vector_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let vector:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Hacspec_lib.Vector.impl__into_iter vector + (Hacspec_lib.Vector.impl__into_iter (sz 3) (sz 256) vector_as_ntt <: Core.Array.Iter.t_IntoIter (Hacspec_lib.Ring.t_PolynomialRingElement @@ -337,11 +440,21 @@ let vector_ntt (Core.Array.Iter.t_IntoIter (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) (sz 3))) - vector_as_ntt - (fun vector_as_ntt (i, re) -> - Rust_primitives.Hax.update_at vector_as_ntt + vector + (fun vector temp_1_ -> + let vector:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + vector + in + let i, re_ntt:(usize & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) = + temp_1_ + in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vector i - (ntt re + (ntt_inverse re_ntt <: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) @@ -349,23 +462,23 @@ let vector_ntt Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) ) in - vector_as_ntt + vector -let vector_inverse_ntt - (vector_as_ntt: +let vector_ntt + (vector: Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) ) : Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = - let vector:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let vector_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Hacspec_lib.Vector.impl__ZERO in - let vector:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + let vector_as_ntt:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Hacspec_lib.Vector.impl__into_iter vector_as_ntt + (Hacspec_lib.Vector.impl__into_iter (sz 3) (sz 256) vector <: Core.Array.Iter.t_IntoIter (Hacspec_lib.Ring.t_PolynomialRingElement @@ -380,11 +493,20 @@ let vector_inverse_ntt (Core.Array.Iter.t_IntoIter (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) (sz 3))) - vector - (fun vector (i, re_ntt) -> - Rust_primitives.Hax.update_at vector + vector_as_ntt + (fun vector_as_ntt temp_1_ -> + let vector_as_ntt:Hacspec_lib.Vector.t_Vector + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = + vector_as_ntt + in + let i, re:(usize & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) = + temp_1_ + in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vector_as_ntt i - (ntt_inverse re_ntt + (ntt re <: Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) @@ -392,4 +514,4 @@ let vector_inverse_ntt Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) ) in - vector \ No newline at end of file + vector_as_ntt diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.Hash_functions.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.Hash_functions.fst index 9797f8bf0..0272d4f42 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.Hash_functions.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.Hash_functions.fst @@ -1,15 +1,19 @@ module Hacspec_kyber.Parameters.Hash_functions #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core +open FStar.Mul -let v_G (input: t_Slice u8) : t_Array u8 (sz 64) = Libcrux.Digest.sha3_512_ input - -let v_H_DIGEST_SIZE: usize = Libcrux.Digest.digest_size Libcrux.Digest.Algorithm_Sha3_256_ +let v_H_DIGEST_SIZE: usize = + Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) let v_H (input: t_Slice u8) : t_Array u8 (sz 32) = Libcrux.Digest.sha3_256_ input -let v_PRF (#v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake256 input +let v_G (input: t_Slice u8) : t_Array u8 (sz 64) = Libcrux.Digest.sha3_512_ input + +let v_XOF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = + Libcrux.Digest.shake128 v_LEN input -let v_XOF (#v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake128 input +let v_J (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake256 v_LEN input -let v_J (#v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake256 input \ No newline at end of file +let v_PRF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = + Libcrux.Digest.shake256 v_LEN input diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.fst index cbaca2948..5371e3520 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Parameters.fst @@ -1,8 +1,7 @@ module Hacspec_kyber.Parameters #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core - -let v_FIELD_MODULUS: u16 = 3329us +open FStar.Mul let v_BITS_PER_COEFFICIENT: usize = sz 12 @@ -12,29 +11,31 @@ let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 + +let v_CPA_PKE_MESSAGE_SIZE: usize = sz 32 + +let v_FIELD_MODULUS: u16 = 3329us + let v_RANK: usize = sz 3 +let v_CPA_PKE_SECRET_KEY_SIZE: usize = + ((v_RANK *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! v_BITS_PER_COEFFICIENT <: usize) /! sz 8 + let v_T_AS_NTT_ENCODED_SIZE: usize = ((v_RANK *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! v_BITS_PER_COEFFICIENT <: usize) /! sz 8 -let v_VECTOR_U_COMPRESSION_FACTOR: usize = sz 10 +let v_CPA_PKE_PUBLIC_KEY_SIZE: usize = v_T_AS_NTT_ENCODED_SIZE +! sz 32 -let v_VECTOR_V_COMPRESSION_FACTOR: usize = sz 4 +let v_VECTOR_U_COMPRESSION_FACTOR: usize = sz 10 let v_VECTOR_U_ENCODED_SIZE: usize = ((v_RANK *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! v_VECTOR_U_COMPRESSION_FACTOR <: usize) /! sz 8 +let v_VECTOR_V_COMPRESSION_FACTOR: usize = sz 4 + let v_VECTOR_V_ENCODED_SIZE: usize = (v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR <: usize) /! sz 8 -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 - -let v_CPA_PKE_SECRET_KEY_SIZE: usize = - ((v_RANK *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! v_BITS_PER_COEFFICIENT <: usize) /! sz 8 - -let v_CPA_PKE_PUBLIC_KEY_SIZE: usize = v_T_AS_NTT_ENCODED_SIZE +! sz 32 - let v_CPA_PKE_CIPHERTEXT_SIZE: usize = v_VECTOR_U_ENCODED_SIZE +! v_VECTOR_V_ENCODED_SIZE - -let v_CPA_PKE_MESSAGE_SIZE: usize = sz 32 \ No newline at end of file diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Sampling.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Sampling.fst index b0f362dd9..ec4d57e70 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Sampling.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Sampling.fst @@ -1,69 +1,7 @@ module Hacspec_kyber.Sampling #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core - -let sample_ntt (bytes: t_Array u8 (sz 840)) - : Core.Result.t_Result - (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) - (sz 256)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError = - let (sampled_coefficients: usize):usize = sz 0 in - let - (a_hat: - Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) - ):Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) - = - Hacspec_lib.Ring.impl_2__ZERO - in - let a_hat, sampled_coefficients:(Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & - usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks ( - Rust_primitives.unsize bytes <: t_Slice u8) - (sz 3) - <: - Core.Slice.Iter.t_Chunks u8) - <: - Core.Slice.Iter.t_Chunks u8) - (a_hat, sampled_coefficients) - (fun (a_hat, sampled_coefficients) byte_chunk -> - let b:u16 = Core.Convert.f_from (byte_chunk.[ sz 0 ] <: u8) in - let b1:u16 = Core.Convert.f_from (byte_chunk.[ sz 1 ] <: u8) in - let b2:u16 = Core.Convert.f_from (byte_chunk.[ sz 2 ] <: u8) in - let d1:u16 = b +! (256us *! (b1 %! 16us <: u16) <: u16) in - let d2:u16 = (b1 /! 16us <: u16) +! (16us *! b2 <: u16) in - let a_hat, sampled_coefficients:(Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & - usize) = - if - d1 <. Hacspec_kyber.Parameters.v_FIELD_MODULUS && - sampled_coefficients <. (Hacspec_lib.Ring.impl_2__len a_hat <: usize) - then - let a_hat:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at a_hat - sampled_coefficients - (Core.Convert.f_into d1 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) - in - a_hat, sampled_coefficients +! sz 1 - else a_hat, sampled_coefficients - in - if - d2 <. Hacspec_kyber.Parameters.v_FIELD_MODULUS && - sampled_coefficients <. (Hacspec_lib.Ring.impl_2__len a_hat <: usize) - then - let a_hat:Hacspec_lib.Ring.t_PolynomialRingElement - (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at a_hat - sampled_coefficients - (Core.Convert.f_into d2 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) - in - let sampled_coefficients:usize = sampled_coefficients +! sz 1 in - a_hat, sampled_coefficients - else a_hat, sampled_coefficients) - in - if sampled_coefficients =. (Hacspec_lib.Ring.impl_2__len a_hat <: usize) - then Core.Result.Result_Ok a_hat - else Core.Result.Result_Err Hacspec_kyber.BadRejectionSamplingRandomnessError +open FStar.Mul let sum_coins (coins: t_Slice u8) : Hacspec_lib.Field.t_PrimeFieldElement 3329us = let (sum: u8):u8 = 0uy in @@ -75,7 +13,10 @@ let sum_coins (coins: t_Slice u8) : Hacspec_lib.Field.t_PrimeFieldElement 3329us <: Core.Slice.Iter.t_Iter u8) sum - (fun sum coin -> Core.Ops.Arith.f_add_assign sum coin <: u8) + (fun sum coin -> + let sum:u8 = sum in + let coin:u8 = coin in + Core.Ops.Arith.f_add_assign sum coin <: u8) in Core.Convert.f_into sum @@ -83,15 +24,17 @@ let sample_poly_cbd (eta: usize) (bytes: t_Slice u8) : Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = let _:Prims.unit = - match Core.Slice.impl__len bytes, eta *! sz 64 with + match Core.Slice.impl__len bytes, eta *! sz 64 <: (usize & usize) with | left_val, right_val -> if ~.(left_val =. right_val <: bool) then - let kind:Core.Panicking.t_AssertKind = Core.Panicking.AssertKind_Eq in + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind left_val right_val - Core.Option.Option_None + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) <: Rust_primitives.Hax.t_Never) in @@ -111,38 +54,158 @@ let sample_poly_cbd (eta: usize) (bytes: t_Slice u8) ) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_lib.Ring.impl_2__len f <: usize - }) + Core.Ops.Range.f_end = Hacspec_lib.Ring.impl_2__len (sz 256) f <: usize + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (bits, f) - (fun (bits, f) i -> + (bits, f + <: + (Core.Slice.Iter.t_Chunks u8 & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256))) + (fun temp_0_ i -> + let bits, f:(Core.Slice.Iter.t_Chunks u8 & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) = + temp_0_ + in + let i:usize = i in let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) = Core.Iter.Traits.Iterator.f_next bits in let bits:Core.Slice.Iter.t_Chunks u8 = tmp0 in - let hoist9:Core.Option.t_Option (t_Slice u8) = out in - let hoist10:t_Slice u8 = Core.Option.impl__unwrap hoist9 in + let hoist1:Core.Option.t_Option (t_Slice u8) = out in + let hoist2:t_Slice u8 = Core.Option.impl__unwrap hoist1 in let (x: Hacspec_lib.Field.t_PrimeFieldElement 3329us):Hacspec_lib.Field.t_PrimeFieldElement 3329us = - sum_coins hoist10 + sum_coins hoist2 in let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) = Core.Iter.Traits.Iterator.f_next bits in let bits:Core.Slice.Iter.t_Chunks u8 = tmp0 in - let hoist11:Core.Option.t_Option (t_Slice u8) = out in - let hoist12:t_Slice u8 = Core.Option.impl__unwrap hoist11 in + let hoist3:Core.Option.t_Option (t_Slice u8) = out in + let hoist4:t_Slice u8 = Core.Option.impl__unwrap hoist3 in let (y: Hacspec_lib.Field.t_PrimeFieldElement 3329us):Hacspec_lib.Field.t_PrimeFieldElement 3329us = - sum_coins hoist12 + sum_coins hoist4 in let f:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at f + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize f i (x -! y <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) in - bits, f) + bits, f + <: + (Core.Slice.Iter.t_Chunks u8 & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256))) in - f \ No newline at end of file + f + +let sample_ntt (bytes: t_Array u8 (sz 840)) + : Core.Result.t_Result + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError = + let (sampled_coefficients: usize):usize = sz 0 in + let + (a_hat: + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) + ):Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) + = + Hacspec_lib.Ring.impl_2__ZERO + in + let a_hat, sampled_coefficients:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks ( + Rust_primitives.unsize bytes <: t_Slice u8) + (sz 3) + <: + Core.Slice.Iter.t_Chunks u8) + <: + Core.Slice.Iter.t_Chunks u8) + (a_hat, sampled_coefficients + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + usize)) + (fun temp_0_ byte_chunk -> + let a_hat, sampled_coefficients:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + usize) = + temp_0_ + in + let byte_chunk:t_Slice u8 = byte_chunk in + let b:u16 = Core.Convert.f_from (byte_chunk.[ sz 0 ] <: u8) in + let b1:u16 = Core.Convert.f_from (byte_chunk.[ sz 1 ] <: u8) in + let b2:u16 = Core.Convert.f_from (byte_chunk.[ sz 2 ] <: u8) in + let d1:u16 = b +! (256us *! (b1 %! 16us <: u16) <: u16) in + let d2:u16 = (b1 /! 16us <: u16) +! (16us *! b2 <: u16) in + let a_hat, sampled_coefficients:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + usize) = + if + d1 <. Hacspec_kyber.Parameters.v_FIELD_MODULUS && + sampled_coefficients <. (Hacspec_lib.Ring.impl_2__len (sz 256) a_hat <: usize) + then + let a_hat:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a_hat + sampled_coefficients + (Core.Convert.f_into d1 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) + in + a_hat, sampled_coefficients +! sz 1 + <: + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + usize) + else + a_hat, sampled_coefficients + <: + (Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + usize) + in + if + d2 <. Hacspec_kyber.Parameters.v_FIELD_MODULUS && + sampled_coefficients <. (Hacspec_lib.Ring.impl_2__len (sz 256) a_hat <: usize) + then + let a_hat:Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a_hat + sampled_coefficients + (Core.Convert.f_into d2 <: Hacspec_lib.Field.t_PrimeFieldElement 3329us) + in + let sampled_coefficients:usize = sampled_coefficients +! sz 1 in + a_hat, sampled_coefficients + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + usize) + else + a_hat, sampled_coefficients + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + usize)) + in + if sampled_coefficients =. (Hacspec_lib.Ring.impl_2__len (sz 256) a_hat <: usize) + then + Core.Result.Result_Ok a_hat + <: + Core.Result.t_Result + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError + else + Core.Result.Result_Err + (Hacspec_kyber.BadRejectionSamplingRandomnessError + <: + Hacspec_kyber.t_BadRejectionSamplingRandomnessError) + <: + Core.Result.t_Result + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) Hacspec_kyber.t_BadRejectionSamplingRandomnessError diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Serialize.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Serialize.fst index a3dd381f4..8dde613a9 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Serialize.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.Serialize.fst @@ -1,6 +1,7 @@ module Hacspec_kyber.Serialize #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core +open FStar.Mul let bits_to_bytes (bits: Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) : Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = @@ -22,6 +23,8 @@ let bits_to_bytes (bits: Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) Core.Slice.Iter.t_Chunks u8) bytes (fun bytes bit_chunk -> + let bytes:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = bytes in + let bit_chunk:t_Slice u8 = bit_chunk in let byte_value:u8 = 0uy in let byte_value:u8 = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate @@ -31,8 +34,11 @@ let bits_to_bytes (bits: Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) byte_value - (fun byte_value (i, bit) -> - byte_value +! (bit *! (Core.Num.impl__u8__pow 2uy (cast i <: u32) <: u8) <: u8) + (fun byte_value temp_1_ -> + let byte_value:u8 = byte_value in + let i, bit:(usize & u8) = temp_1_ in + byte_value +! + (bit *! (Core.Num.impl__u8__pow 2uy (cast (i <: usize) <: u32) <: u8) <: u8) <: u8) in @@ -43,37 +49,6 @@ let bits_to_bytes (bits: Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) in bytes -let bytes_to_bits (bytes: t_Slice u8) : Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = Alloc.Vec.impl__new in - let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__iter bytes - - <: - Core.Slice.Iter.t_Iter u8) - <: - Core.Slice.Iter.t_Iter u8) - bits - (fun bits byte -> - let byte_value:u8 = byte in - let bits, byte_value:(Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global & u8) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u8__BITS - }) - <: - Core.Ops.Range.t_Range u32) - (bits, byte_value) - (fun (bits, byte_value) _ -> - let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - Alloc.Vec.impl_1__push bits (byte_value %! 2uy <: u8) - in - let byte_value:u8 = byte_value /! 2uy in - bits, byte_value) - in - bits) - in - bits - let byte_encode (bits_per_coefficient: usize) (re: @@ -91,6 +66,7 @@ let byte_encode let re_bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = Alloc.Vec.impl__new in let re_bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Hacspec_lib.Ring.impl_2__coefficients + (sz 256) re <: t_Array (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) @@ -98,27 +74,72 @@ let byte_encode Core.Slice.Iter.t_Iter (Hacspec_lib.Field.t_PrimeFieldElement 3329us)) re_bits (fun re_bits coefficient -> + let re_bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = re_bits in + let coefficient:Hacspec_lib.Field.t_PrimeFieldElement 3329us = coefficient in let coefficient_value:u16 = coefficient.Hacspec_lib.Field.f_value in let coefficient_value, re_bits:(u16 & Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = bits_per_coefficient - }) + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (coefficient_value, re_bits) - (fun (coefficient_value, re_bits) _ -> + (coefficient_value, re_bits <: (u16 & Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global)) + (fun temp_0_ temp_1_ -> + let coefficient_value, re_bits:(u16 & Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global) = + temp_0_ + in + let _:usize = temp_1_ in let bit:u16 = coefficient_value %! 2us in let re_bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = - Alloc.Vec.impl_1__push re_bits (cast bit <: u8) + Alloc.Vec.impl_1__push re_bits (cast (bit <: u16) <: u8) in let coefficient_value:u16 = (coefficient_value -! bit <: u16) /! 2us in - coefficient_value, re_bits) + coefficient_value, re_bits <: (u16 & Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global)) in re_bits) in bits_to_bytes re_bits +let bytes_to_bits (bytes: t_Slice u8) : Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = + let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = Alloc.Vec.impl__new in + let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__iter bytes + + <: + Core.Slice.Iter.t_Iter u8) + <: + Core.Slice.Iter.t_Iter u8) + bits + (fun bits byte -> + let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = bits in + let byte:u8 = byte in + let byte_value:u8 = byte in + let bits, byte_value:(Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global & u8) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = 0ul; + Core.Ops.Range.f_end = Core.Num.impl__u8__BITS + } + <: + Core.Ops.Range.t_Range u32) + <: + Core.Ops.Range.t_Range u32) + (bits, byte_value <: (Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global & u8)) + (fun temp_0_ temp_1_ -> + let bits, byte_value:(Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global & u8) = temp_0_ in + let _:u32 = temp_1_ in + let bits:Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global = + Alloc.Vec.impl_1__push bits (byte_value %! 2uy <: u8) + in + let byte_value:u8 = byte_value /! 2uy in + bits, byte_value <: (Alloc.Vec.t_Vec u8 Alloc.Alloc.t_Global & u8)) + in + bits) + in + bits + let field_element_from_bits (bits: t_Slice u8) : Hacspec_lib.Field.t_PrimeFieldElement 3329us = let _:Prims.unit = if @@ -143,8 +164,12 @@ let field_element_from_bits (bits: t_Slice u8) : Hacspec_lib.Field.t_PrimeFieldE <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) value - (fun value (i, bit) -> - value +! (((cast bit <: u16) *! (1us < + let value:u16 = value in + let i, bit:(usize & u8) = temp_1_ in + value +! (((cast (bit <: u8) <: u16) *! (1us < if ~.(left_val =. right_val <: bool) then - let kind:Core.Panicking.t_AssertKind = Core.Panicking.AssertKind_Eq in + let kind:Core.Panicking.t_AssertKind = + Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind + in Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind left_val right_val - Core.Option.Option_None + (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) <: Rust_primitives.Hax.t_Never) in @@ -185,26 +212,42 @@ let byte_decode (bits_per_coefficient: usize) (re_bytes: t_Slice u8) Core.Slice.Iter.t_Chunks u8) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_lib.Ring.impl_2__len re <: usize - }) + Core.Ops.Range.f_end = Hacspec_lib.Ring.impl_2__len (sz 256) re <: usize + } + <: + Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (re, re_bit_chunks) - (fun (re, re_bit_chunks) i -> + (re, re_bit_chunks + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + Core.Slice.Iter.t_Chunks u8)) + (fun temp_0_ i -> + let re, re_bit_chunks:(Hacspec_lib.Ring.t_PolynomialRingElement + (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) & + Core.Slice.Iter.t_Chunks u8) = + temp_0_ + in + let i:usize = i in let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) = Core.Iter.Traits.Iterator.f_next re_bit_chunks in let re_bit_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in - let hoist13:Core.Option.t_Option (t_Slice u8) = out in - let hoist14:t_Slice u8 = Core.Option.impl__unwrap hoist13 in - let hoist15:Hacspec_lib.Field.t_PrimeFieldElement 3329us = - field_element_from_bits hoist14 + let hoist5:Core.Option.t_Option (t_Slice u8) = out in + let hoist6:t_Slice u8 = Core.Option.impl__unwrap hoist5 in + let hoist7:Hacspec_lib.Field.t_PrimeFieldElement 3329us = + field_element_from_bits hoist6 in - let hoist16:Hacspec_lib.Ring.t_PolynomialRingElement + let hoist8:Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) = - Rust_primitives.Hax.update_at re i hoist15 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i hoist7 in - hoist16, re_bit_chunks) + hoist8, re_bit_chunks + <: + (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) & + Core.Slice.Iter.t_Chunks u8)) in re @@ -216,7 +259,7 @@ let vector_encode_12_ let out:t_Array u8 (sz 1152) = Rust_primitives.Hax.repeat 0uy (sz 1152) in let out:t_Array u8 (sz 1152) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Hacspec_lib.Vector.impl__into_iter vector + (Hacspec_lib.Vector.impl__into_iter (sz 3) (sz 256) vector <: Core.Array.Iter.t_IntoIter (Hacspec_lib.Ring.t_PolynomialRingElement @@ -232,8 +275,14 @@ let vector_encode_12_ (Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256)) (sz 3))) out - (fun out (i, re) -> - Rust_primitives.Hax.update_at out + (fun out temp_1_ -> + let out:t_Array u8 (sz 1152) = out in + let i, re:(usize & + Hacspec_lib.Ring.t_PolynomialRingElement (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256)) = + temp_1_ + in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = @@ -241,18 +290,21 @@ let vector_encode_12_ Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT <: usize - }) - (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out - ({ - Core.Ops.Range.f_start - = - i *! Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT - <: - usize - }) + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (out.[ { + Core.Ops.Range.f_start + = + i *! Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Hacspec_kyber.Parameters.v_BYTES_PER_RING_ELEMENT + <: + usize + } + <: + Core.Ops.Range.t_Range usize ] <: t_Slice u8) (Core.Ops.Deref.f_deref (byte_encode (sz 12) re @@ -285,8 +337,14 @@ let vector_decode_12_ (encoded: t_Array u8 (sz 1152)) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) out - (fun out (i, bytes) -> - Rust_primitives.Hax.update_at out + (fun out temp_1_ -> + let out:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) + (sz 256) + (sz 3) = + out + in + let i, bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i (byte_decode (sz 12) bytes <: @@ -296,4 +354,4 @@ let vector_decode_12_ (encoded: t_Array u8 (sz 1152)) Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) ) in - out \ No newline at end of file + out diff --git a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.fst b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.fst index bd1c00e7a..89f533a1c 100644 --- a/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.fst +++ b/specs/kyber/proofs/fstar/extraction/Hacspec_kyber.fst @@ -1,14 +1,29 @@ module Hacspec_kyber #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core +open FStar.Mul + +unfold +let t_Ciphertext = t_Array u8 (sz 1088) + +unfold +let t_PrivateKey = t_Array u8 (sz 2400) + +unfold +let t_PublicKey = t_Array u8 (sz 1184) + +unfold +let t_SharedSecret = t_Array u8 (sz 32) + +let v_KYBER768_CIPHERTEXT_SIZE: usize = Hacspec_kyber.Parameters.v_CPA_PKE_CIPHERTEXT_SIZE + +let v_KYBER768_PUBLIC_KEY_SIZE: usize = Hacspec_kyber.Parameters.v_CPA_PKE_PUBLIC_KEY_SIZE let v_KYBER768_SHARED_SECRET_SIZE: usize = Hacspec_kyber.Parameters.v_CPA_PKE_MESSAGE_SIZE let v_KYBER768_KEY_GENERATION_SEED_SIZE: usize = Hacspec_kyber.Parameters.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! v_KYBER768_SHARED_SECRET_SIZE -let v_KYBER768_PUBLIC_KEY_SIZE: usize = Hacspec_kyber.Parameters.v_CPA_PKE_PUBLIC_KEY_SIZE - let v_KYBER768_SECRET_KEY_SIZE: usize = ((Hacspec_kyber.Parameters.v_CPA_PKE_SECRET_KEY_SIZE +! Hacspec_kyber.Parameters.v_CPA_PKE_PUBLIC_KEY_SIZE @@ -19,71 +34,14 @@ let v_KYBER768_SECRET_KEY_SIZE: usize = usize) +! v_KYBER768_SHARED_SECRET_SIZE -let v_KYBER768_CIPHERTEXT_SIZE: usize = Hacspec_kyber.Parameters.v_CPA_PKE_CIPHERTEXT_SIZE - -type t_BadRejectionSamplingRandomnessError = - | BadRejectionSamplingRandomnessError : t_BadRejectionSamplingRandomnessError - -type t_KeyPair = { - f_pk:t_Array u8 (sz 1184); - f_sk:t_Array u8 (sz 2400) -} - -let impl__KeyPair__new (pk: t_Array u8 (sz 1184)) (sk: t_Array u8 (sz 2400)) : t_KeyPair = - { f_pk = pk; f_sk = sk } - -let generate_keypair (randomness: t_Array u8 (sz 64)) - : Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } ] - in - let* ind_cpa_key_pair:Hacspec_kyber.Ind_cpa.t_KeyPair = - match - Core.Ops.Try_trait.f_branch (Hacspec_kyber.Ind_cpa.generate_keypair (Hacspec_lib.f_as_array - ind_cpa_keypair_randomness - <: - t_Array u8 (sz 32)) - <: - Core.Result.t_Result Hacspec_kyber.Ind_cpa.t_KeyPair - t_BadRejectionSamplingRandomnessError) - with - | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist17:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual - <: - Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError) - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist17) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> - Core.Ops.Control_flow.ControlFlow_Continue v_val - in - Core.Ops.Control_flow.ControlFlow_Continue - (let secret_key_serialized:t_Array u8 (sz 2400) = - Hacspec_kyber.Ind_cpa.impl__KeyPair__serialize_secret_key ind_cpa_key_pair - (Hacspec_lib.f_as_array implicit_rejection_value <: t_Array u8 (sz 32)) - in - let key_pair:t_KeyPair = - impl__KeyPair__new (Hacspec_kyber.Ind_cpa.impl__KeyPair__pk ind_cpa_key_pair - <: - t_Array u8 (sz 1184)) - secret_key_serialized - in - Core.Result.Result_Ok key_pair)) - let public_key_modulus_check (public_key: t_Array u8 (sz 1184)) : bool = let encoded_ring_elements:t_Slice u8 = public_key.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_KYBER768_PUBLIC_KEY_SIZE -! sz 32 <: usize - } ] + } + <: + Core.Ops.Range.t_Range usize ] in let decoded_ring_elements:Hacspec_lib.Vector.t_Vector (Hacspec_lib.Field.t_PrimeFieldElement 3329us) (sz 256) (sz 3) = @@ -97,6 +55,69 @@ let public_key_modulus_check (public_key: t_Array u8 (sz 1184)) : bool = encoded_ring_elements =. (Hacspec_kyber.Serialize.vector_encode_12_ decoded_ring_elements <: t_Array u8 (sz 1152)) +type t_BadRejectionSamplingRandomnessError = + | BadRejectionSamplingRandomnessError : t_BadRejectionSamplingRandomnessError + +type t_KeyPair = { + f_pk:t_Array u8 (sz 1184); + f_sk:t_Array u8 (sz 2400) +} + +let impl__KeyPair__new (pk: t_Array u8 (sz 1184)) (sk: t_Array u8 (sz 2400)) : t_KeyPair = + { f_pk = pk; f_sk = sk } <: t_KeyPair + +let decapsulate (ciphertext: t_Array u8 (sz 1088)) (secret_key: t_Array u8 (sz 2400)) + : t_Array u8 (sz 32) = + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize secret_key <: t_Slice u8) + Hacspec_kyber.Parameters.v_CPA_PKE_SECRET_KEY_SIZE + in + let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at secret_key Hacspec_kyber.Parameters.v_CPA_PKE_PUBLIC_KEY_SIZE + in + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at secret_key Hacspec_kyber.Parameters.Hash_functions.v_H_DIGEST_SIZE + in + let decrypted:t_Array u8 (sz 32) = + Hacspec_kyber.Ind_cpa.decrypt (Hacspec_lib.f_as_array (sz 1152) ind_cpa_secret_key + <: + t_Array u8 (sz 1152)) + ciphertext + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Hacspec_lib.f_push (sz 64) decrypted ind_cpa_public_key_hash + in + let hashed:t_Array u8 (sz 64) = + Hacspec_kyber.Parameters.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + in + let success_shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + v_KYBER768_SHARED_SECRET_SIZE + in + let (to_hash: t_Array u8 (sz 1120)):t_Array u8 (sz 1120) = + Hacspec_lib.f_push (sz 1120) + implicit_rejection_value + (Rust_primitives.unsize ciphertext <: t_Slice u8) + in + let (rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Hacspec_kyber.Parameters.Hash_functions.v_J (sz 32) + (Rust_primitives.unsize to_hash <: t_Slice u8) + in + let reencrypted_ciphertext:Core.Result.t_Result (t_Array u8 (sz 1088)) + t_BadRejectionSamplingRandomnessError = + Hacspec_kyber.Ind_cpa.encrypt (Hacspec_lib.f_as_array (sz 1184) ind_cpa_public_key + <: + t_Array u8 (sz 1184)) + decrypted + (Hacspec_lib.f_as_array (sz 32) pseudorandomness <: t_Array u8 (sz 32)) + in + match reencrypted_ciphertext with + | Core.Result.Result_Ok reencrypted -> + if ciphertext =. reencrypted + then Hacspec_lib.f_as_array (sz 32) success_shared_secret + else rejection_shared_secret + | _ -> rejection_shared_secret + let encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) t_BadRejectionSamplingRandomnessError = @@ -109,7 +130,8 @@ let encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 3 Rust_primitives.Hax.t_Never) in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Hacspec_lib.f_push randomness + Hacspec_lib.f_push (sz 64) + randomness (Rust_primitives.unsize (Hacspec_kyber.Parameters.Hash_functions.v_H (Rust_primitives.unsize public_key <: @@ -130,67 +152,105 @@ let encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 3 match Core.Ops.Try_trait.f_branch (Hacspec_kyber.Ind_cpa.encrypt public_key randomness - (Hacspec_lib.f_as_array pseudorandomness <: t_Array u8 (sz 32)) + (Hacspec_lib.f_as_array (sz 32) pseudorandomness <: t_Array u8 (sz 32)) <: Core.Result.t_Result (t_Array u8 (sz 1088)) t_BadRejectionSamplingRandomnessError) with | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist18:Rust_primitives.Hax.t_Never = + let* hoist17:Rust_primitives.Hax.t_Never = Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual <: Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) t_BadRejectionSamplingRandomnessError) in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist18) + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist17) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) + t_BadRejectionSamplingRandomnessError) (t_Array u8 (sz 1088)) | Core.Ops.Control_flow.ControlFlow_Continue v_val -> Core.Ops.Control_flow.ControlFlow_Continue v_val + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) + t_BadRejectionSamplingRandomnessError) (t_Array u8 (sz 1088)) in Core.Ops.Control_flow.ControlFlow_Continue - (Core.Result.Result_Ok (ciphertext, Hacspec_lib.f_as_array shared_secret))) + (Core.Result.Result_Ok + (ciphertext, Hacspec_lib.f_as_array (sz 32) shared_secret + <: + (t_Array u8 (sz 1088) & t_Array u8 (sz 32))) + <: + Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) + t_BadRejectionSamplingRandomnessError) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) + t_BadRejectionSamplingRandomnessError) + (Core.Result.t_Result (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) + t_BadRejectionSamplingRandomnessError)) -let decapsulate (ciphertext: t_Array u8 (sz 1088)) (secret_key: t_Array u8 (sz 2400)) - : t_Array u8 (sz 32) = - let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize secret_key <: t_Slice u8) - Hacspec_kyber.Parameters.v_CPA_PKE_SECRET_KEY_SIZE - in - let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at secret_key Hacspec_kyber.Parameters.v_CPA_PKE_PUBLIC_KEY_SIZE - in - let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at secret_key Hacspec_kyber.Parameters.Hash_functions.v_H_DIGEST_SIZE - in - let decrypted:t_Array u8 (sz 32) = - Hacspec_kyber.Ind_cpa.decrypt (Hacspec_lib.f_as_array ind_cpa_secret_key <: t_Array u8 (sz 1152) - ) - ciphertext - in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Hacspec_lib.f_push decrypted ind_cpa_public_key_hash - in - let hashed:t_Array u8 (sz 64) = - Hacspec_kyber.Parameters.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let success_shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) - v_KYBER768_SHARED_SECRET_SIZE - in - let (to_hash: t_Array u8 (sz 1120)):t_Array u8 (sz 1120) = - Hacspec_lib.f_push implicit_rejection_value (Rust_primitives.unsize ciphertext <: t_Slice u8) - in - let (rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Hacspec_kyber.Parameters.Hash_functions.v_J (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let reencrypted_ciphertext:Core.Result.t_Result (t_Array u8 (sz 1088)) - t_BadRejectionSamplingRandomnessError = - Hacspec_kyber.Ind_cpa.encrypt (Hacspec_lib.f_as_array ind_cpa_public_key <: t_Array u8 (sz 1184) - ) - decrypted - (Hacspec_lib.f_as_array pseudorandomness <: t_Array u8 (sz 32)) - in - match reencrypted_ciphertext with - | Core.Result.Result_Ok reencrypted -> - if ciphertext =. reencrypted - then Hacspec_lib.f_as_array success_shared_secret - else rejection_shared_secret - | _ -> rejection_shared_secret \ No newline at end of file +let generate_keypair (randomness: t_Array u8 (sz 64)) + : Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError = + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Hacspec_kyber.Parameters.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Hacspec_kyber.Parameters.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let* ind_cpa_key_pair:Hacspec_kyber.Ind_cpa.t_KeyPair = + match + Core.Ops.Try_trait.f_branch (Hacspec_kyber.Ind_cpa.generate_keypair (Hacspec_lib.f_as_array + (sz 32) + ind_cpa_keypair_randomness + <: + t_Array u8 (sz 32)) + <: + Core.Result.t_Result Hacspec_kyber.Ind_cpa.t_KeyPair + t_BadRejectionSamplingRandomnessError) + with + | Core.Ops.Control_flow.ControlFlow_Break residual -> + let* hoist18:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + <: + Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError) + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist18) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError) + Hacspec_kyber.Ind_cpa.t_KeyPair + | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + Core.Ops.Control_flow.ControlFlow_Continue v_val + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError) + Hacspec_kyber.Ind_cpa.t_KeyPair + in + Core.Ops.Control_flow.ControlFlow_Continue + (let secret_key_serialized:t_Array u8 (sz 2400) = + Hacspec_kyber.Ind_cpa.impl__KeyPair__serialize_secret_key ind_cpa_key_pair + (Hacspec_lib.f_as_array (sz 32) implicit_rejection_value <: t_Array u8 (sz 32)) + in + let key_pair:t_KeyPair = + impl__KeyPair__new (Hacspec_kyber.Ind_cpa.impl__KeyPair__pk ind_cpa_key_pair + <: + t_Array u8 (sz 1184)) + secret_key_serialized + in + Core.Result.Result_Ok key_pair + <: + Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError) + <: + Core.Ops.Control_flow.t_ControlFlow + (Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError) + (Core.Result.t_Result t_KeyPair t_BadRejectionSamplingRandomnessError)) From 697d323677b1c616b954a7d8776aa931ae1de996 Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 16:36:16 -0500 Subject: [PATCH 10/15] Fix reference extraction. --- .../Libcrux.Kem.Kyber.Hash_functions.fst | 84 ++++++++++++++----- src/kem/kyber/hash_functions.rs | 5 +- 2 files changed, 66 insertions(+), 23 deletions(-) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst index a9d7f78b8..9efcd2ed3 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst @@ -15,26 +15,66 @@ let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) let out:t_Array (t_Array u8 (sz 840)) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } - <: - Core.Ops.Range.t_Range usize) + match cast (v_K <: usize) <: u8 with + | 2uy -> + let d0, d1, _, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux.Hacl.Sha3.Simd256.shake128 (sz 840) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 + in + out + | 3uy -> + let d0, d1, d2, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux.Hacl.Sha3.Simd256.shake128 (sz 840) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) d2 + in + out + | 4uy -> + let d0, d1, d2, d3:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux.Hacl.Sha3.Simd256.shake128 (sz 840) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) d2 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) d3 + in + out + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + <: - Core.Ops.Range.t_Range usize) - out - (fun out i -> - let out:t_Array (t_Array u8 (sz 840)) v_K = out in - let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (Libcrux.Digest.shake128 (sz 840) - (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) - <: - t_Array u8 (sz 840)) - <: - t_Array (t_Array u8 (sz 840)) v_K) - in - out + Rust_primitives.Hax.t_Never) diff --git a/src/kem/kyber/hash_functions.rs b/src/kem/kyber/hash_functions.rs index 490c8c59d..9620d6635 100644 --- a/src/kem/kyber/hash_functions.rs +++ b/src/kem/kyber/hash_functions.rs @@ -33,7 +33,10 @@ pub(crate) fn XOFx4( #[cfg(simd256)] { // Always do 4 SHA3 at a time even if we need less. - match K { + + // We cast K to a u8 since otherwise, hax reports: + // error[HAX0001]: (FStar backend) something is not implemented yet. usize literals (fail if pattern maching, otherwise TODO) + match K as u8 { 2 => { let (d0, d1, _, _) = crate::hacl::sha3::simd256::shake128::< REJECTION_SAMPLING_SEED_SIZE, From d6ecfa0d9687db2490416370b95a76e3a294c56c Mon Sep 17 00:00:00 2001 From: xvzcf Date: Wed, 6 Dec 2023 17:22:31 -0500 Subject: [PATCH 11/15] Trying to add an Fstar interface for Hacl SIMD Sha3. --- proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti | 6 ++++++ proofs/fstar/extraction/Makefile | 1 + 2 files changed, 7 insertions(+) create mode 100644 proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti diff --git a/proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti b/proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti new file mode 100644 index 000000000..79db9747e --- /dev/null +++ b/proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti @@ -0,0 +1,6 @@ +module Libcrux.Hacl.Sha3.Simd256 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Rust_primitives +open Core + +val shake128 (v_LEN: usize) (payload0: t_Slice u8) (payload1: t_Slice u8) (payload2: t_Slice u8) (payload3: t_Slice u8): ((t_Array u8 v_LEN) & (t_Array u8 v_LEN) & (t_Array u8 v_LEN) & (t_Array u8 v_LEN)) diff --git a/proofs/fstar/extraction/Makefile b/proofs/fstar/extraction/Makefile index 661b6c980..cebe5fe2b 100644 --- a/proofs/fstar/extraction/Makefile +++ b/proofs/fstar/extraction/Makefile @@ -52,6 +52,7 @@ VERIFIED = \ Libcrux.Kem.fst \ Libcrux.Kem.Kyber.Constants.fst \ Libcrux.Digest.fsti \ + Libcrux.Hacl.Sha3.Simd256.fsti \ Libcrux.Kem.Kyber.Hash_functions.fst \ Libcrux.Kem.Kyber.Kyber768.fst \ Libcrux.Kem.Kyber.Kyber1024.fst \ From 1d82ecb83eaae986587eb83131baf6e2b6b918f6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 7 Dec 2023 08:32:55 +0100 Subject: [PATCH 12/15] better sha3mb --- src/digest.rs | 61 ++++++++++++++++++++++ src/hacl/sha3.rs | 89 ++++++++++++++++++++++++++++++++- src/kem/kyber/hash_functions.rs | 47 ++++++++--------- 3 files changed, 171 insertions(+), 26 deletions(-) diff --git a/src/digest.rs b/src/digest.rs index a77e7e8c5..b15b6b91b 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -288,6 +288,67 @@ impl_streaming!(Sha2_512, Sha512, Sha2_512Digest); // SHAKE messages from SHA 3 +#[cfg(simd256)] +fn shake128x4_256( + data0: &[u8], + data1: &[u8], + data2: &[u8], + data3: &[u8], +) -> ([u8; LEN], [u8; LEN], [u8; LEN], [u8; LEN]) { + sha3::x4::shake128(data0, data1, data2, data3) +} + +#[cfg(not(simd256))] +fn shake128x4_256( + data0: &[u8], + data1: &[u8], + data2: &[u8], + data3: &[u8], +) -> ([u8; LEN], [u8; LEN], [u8; LEN], [u8; LEN]) { + shake128x4_portable(data0, data1, data2, data3) +} + +// Fake the x4 and call shake128 4 times. +fn shake128x4_portable( + data0: &[u8], + data1: &[u8], + data2: &[u8], + data3: &[u8], +) -> ([u8; LEN], [u8; LEN], [u8; LEN], [u8; LEN]) { + let input_len = data0.len(); + debug_assert!( + input_len == data1.len() + && input_len == data2.len() + && input_len == data3.len() + && input_len <= u32::MAX as usize + && LEN <= u32::MAX as usize + ); + let digest0 = sha3::shake128(data0); + let digest1 = sha3::shake128(data1); + let digest2 = sha3::shake128(data2); + let digest3 = sha3::shake128(data3); + (digest0, digest1, digest2, digest3) +} + +/// SHAKE 128 x4 +/// +/// This calls 4 times shake128 at a time. If there's no SIMD256 support present +/// on the platform, regular shake128 is executed 4 times. +/// +/// The caller must define the size of the output in the return type. +pub fn shake128x4( + data0: &[u8], + data1: &[u8], + data2: &[u8], + data3: &[u8], +) -> ([u8; LEN], [u8; LEN], [u8; LEN], [u8; LEN]) { + if simd256_support() { + shake128x4_256(data0, data1, data2, data3) + } else { + shake128x4_portable(data0, data1, data2, data3) + } +} + /// SHAKE 128 /// /// The caller must define the size of the output in the return type. diff --git a/src/hacl/sha3.rs b/src/hacl/sha3.rs index 5ceb62502..c17252677 100644 --- a/src/hacl/sha3.rs +++ b/src/hacl/sha3.rs @@ -95,7 +95,7 @@ pub(crate) fn shake256(data: &[u8]) -> [u8; BYTES] { } #[cfg(simd256)] -pub mod simd256 { +pub mod x4 { use libcrux_hacl::{ Hacl_Hash_SHA3_Simd256_sha3_224, Hacl_Hash_SHA3_Simd256_sha3_256, Hacl_Hash_SHA3_Simd256_sha3_384, Hacl_Hash_SHA3_Simd256_sha3_512, @@ -227,3 +227,90 @@ pub mod simd256 { (digest0, digest1, digest2, digest3) } } + +// #[cfg(not(simd256))] +// pub mod x4 { +// macro_rules! impl_sha3_vec { +// ($name:ident, $out_len:literal) => { +// #[inline(always)] +// pub(crate) fn $name( +// payload0: &[u8], +// payload1: &[u8], +// payload2: &[u8], +// payload3: &[u8], +// ) -> ( +// [u8; $out_len], +// [u8; $out_len], +// [u8; $out_len], +// [u8; $out_len], +// ) { +// let input_len = payload0.len(); +// debug_assert!( +// input_len == payload1.len() +// && input_len == payload2.len() +// && input_len == payload3.len() +// && input_len <= u32::MAX as usize +// ); +// let mut digest0 = super::$name(payload0); +// let mut digest1 = super::$name(payload1); +// let mut digest2 = super::$name(payload2); +// let mut digest3 = super::$name(payload3); +// (digest0, digest1, digest2, digest3) +// } +// }; +// } + +// impl_sha3_vec!(sha224, 28); +// impl_sha3_vec!(sha256, 32); +// impl_sha3_vec!(sha384, 48); +// impl_sha3_vec!(sha512, 64); + +// /// SHAKE 128 +// #[inline(always)] +// pub(crate) fn shake128( +// payload0: &[u8], +// payload1: &[u8], +// payload2: &[u8], +// payload3: &[u8], +// ) -> ([u8; BYTES], [u8; BYTES], [u8; BYTES], [u8; BYTES]) { +// let input_len = payload0.len(); +// debug_assert!( +// input_len == payload1.len() +// && input_len == payload2.len() +// && input_len == payload3.len() +// && input_len <= u32::MAX as usize +// && BYTES <= u32::MAX as usize +// ); +// let mut digest0 = super::shake128(payload0); +// let mut digest1 = super::shake128(payload1); +// let mut digest2 = super::shake128(payload2); +// let mut digest3 = super::shake128(payload3); +// (digest0, digest1, digest2, digest3) +// } + +// /// SHAKE 256 +// /// +// /// Note that the output length `BYTES` must fit into 32 bit. If it is longer, +// /// the output will only return `u32::MAX` bytes. +// #[inline(always)] +// pub(crate) fn shake256( +// payload0: &[u8], +// payload1: &[u8], +// payload2: &[u8], +// payload3: &[u8], +// ) -> ([u8; BYTES], [u8; BYTES], [u8; BYTES], [u8; BYTES]) { +// let input_len = payload0.len(); +// debug_assert!( +// input_len == payload1.len() +// && input_len == payload2.len() +// && input_len == payload3.len() +// && input_len <= u32::MAX as usize +// && BYTES <= u32::MAX as usize +// ); +// let mut digest0 = super::shake256(payload0); +// let mut digest1 = super::shake256(payload1); +// let mut digest2 = super::shake256(payload2); +// let mut digest3 = super::shake256(payload3); +// (digest0, digest1, digest2, digest3) +// } +// } diff --git a/src/kem/kyber/hash_functions.rs b/src/kem/kyber/hash_functions.rs index 9620d6635..a5cb10a66 100644 --- a/src/kem/kyber/hash_functions.rs +++ b/src/kem/kyber/hash_functions.rs @@ -1,15 +1,17 @@ #![allow(non_snake_case)] +use libcrux_platform::simd256_support; + use crate::digest::{self, digest_size, Algorithm}; use super::constants::{H_DIGEST_SIZE, REJECTION_SAMPLING_SEED_SIZE}; pub(crate) fn G(input: &[u8]) -> [u8; digest_size(Algorithm::Sha3_512)] { - crate::digest::sha3_512(input) + digest::sha3_512(input) } pub(crate) fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { - crate::digest::sha3_256(input) + digest::sha3_256(input) } pub(crate) fn PRF(input: &[u8]) -> [u8; LEN] { @@ -22,49 +24,44 @@ pub(crate) fn XOFx4( ) -> [[u8; REJECTION_SAMPLING_SEED_SIZE]; K] { let mut out = [[0u8; REJECTION_SAMPLING_SEED_SIZE]; K]; - #[cfg(not(simd256))] - { + if !simd256_support() || !cfg!(simd256) { + // Without SIMD256 support we fake it and call shak128 4 times. + // While shak128x4 does this too, this is faster because we only do the + // required number of invocations (K). for i in 0..K { out[i] = digest::shake128::(&input[i]); } - out - } - - #[cfg(simd256)] - { + } else { // Always do 4 SHA3 at a time even if we need less. - - // We cast K to a u8 since otherwise, hax reports: - // error[HAX0001]: (FStar backend) something is not implemented yet. usize literals (fail if pattern maching, otherwise TODO) + // XXX: Cast for hax extraction match K as u8 { 2 => { - let (d0, d1, _, _) = crate::hacl::sha3::simd256::shake128::< - REJECTION_SAMPLING_SEED_SIZE, - >(&input[0], &input[1], &input[0], &input[1]); + let (d0, d1, _, _) = digest::shake128x4::( + &input[0], &input[1], &input[0], &input[1], + ); out[0] = d0; out[1] = d1; - out } 3 => { - let (d0, d1, d2, _) = crate::hacl::sha3::simd256::shake128::< - REJECTION_SAMPLING_SEED_SIZE, - >(&input[0], &input[1], &input[2], &input[0]); + let (d0, d1, d2, _) = digest::shake128x4::( + &input[0], &input[1], &input[2], &input[0], + ); out[0] = d0; out[1] = d1; out[2] = d2; - out } 4 => { - let (d0, d1, d2, d3) = crate::hacl::sha3::simd256::shake128::< - REJECTION_SAMPLING_SEED_SIZE, - >(&input[0], &input[1], &input[2], &input[3]); + let (d0, d1, d2, d3) = digest::shake128x4::( + &input[0], &input[1], &input[2], &input[3], + ); out[0] = d0; out[1] = d1; out[2] = d2; out[3] = d3; - out } _ => unreachable!(), - } + }; } + + out } From 97859f84519eb0c8547df187154c3a8f9444c9fc Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 7 Dec 2023 09:00:09 +0100 Subject: [PATCH 13/15] Revert "Trying to add an Fstar interface for Hacl SIMD Sha3." This reverts commit d6ecfa0d9687db2490416370b95a76e3a294c56c. --- proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti | 6 ------ proofs/fstar/extraction/Makefile | 1 - 2 files changed, 7 deletions(-) delete mode 100644 proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti diff --git a/proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti b/proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti deleted file mode 100644 index 79db9747e..000000000 --- a/proofs/fstar/extraction/Libcrux.Hacl.Sha3.Simd256.fsti +++ /dev/null @@ -1,6 +0,0 @@ -module Libcrux.Hacl.Sha3.Simd256 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Rust_primitives -open Core - -val shake128 (v_LEN: usize) (payload0: t_Slice u8) (payload1: t_Slice u8) (payload2: t_Slice u8) (payload3: t_Slice u8): ((t_Array u8 v_LEN) & (t_Array u8 v_LEN) & (t_Array u8 v_LEN) & (t_Array u8 v_LEN)) diff --git a/proofs/fstar/extraction/Makefile b/proofs/fstar/extraction/Makefile index cebe5fe2b..661b6c980 100644 --- a/proofs/fstar/extraction/Makefile +++ b/proofs/fstar/extraction/Makefile @@ -52,7 +52,6 @@ VERIFIED = \ Libcrux.Kem.fst \ Libcrux.Kem.Kyber.Constants.fst \ Libcrux.Digest.fsti \ - Libcrux.Hacl.Sha3.Simd256.fsti \ Libcrux.Kem.Kyber.Hash_functions.fst \ Libcrux.Kem.Kyber.Kyber768.fst \ Libcrux.Kem.Kyber.Kyber1024.fst \ From eb9ea24ddbfc53f825b44ba9019e8ceefc313ec7 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 7 Dec 2023 09:13:46 +0100 Subject: [PATCH 14/15] fix extraction for shake128x4 --- proofs/fstar/extraction/Libcrux.Digest.fsti | 2 + .../Libcrux.Kem.Kyber.Hash_functions.fst | 151 ++++++++++-------- proofs/fstar/extraction/Libcrux_platform.fsti | 4 + proofs/fstar/extraction/Makefile | 1 + 4 files changed, 95 insertions(+), 63 deletions(-) create mode 100644 proofs/fstar/extraction/Libcrux_platform.fsti diff --git a/proofs/fstar/extraction/Libcrux.Digest.fsti b/proofs/fstar/extraction/Libcrux.Digest.fsti index 1c3a308ee..fa09425b3 100644 --- a/proofs/fstar/extraction/Libcrux.Digest.fsti +++ b/proofs/fstar/extraction/Libcrux.Digest.fsti @@ -36,4 +36,6 @@ val sha3_512_ (payload: t_Slice u8) : t_Array u8 (sz 64) val shake128 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN +val shake128x4 (v_LEN: usize) (data0: t_Slice u8) (data1: t_Slice u8) (data2: t_Slice u8) (data3: t_Slice u8): (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) + val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst index 9efcd2ed3..61da9b9f6 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst @@ -15,66 +15,91 @@ let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) let out:t_Array (t_Array u8 (sz 840)) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K in - match cast (v_K <: usize) <: u8 with - | 2uy -> - let d0, d1, _, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Libcrux.Hacl.Sha3.Simd256.shake128 (sz 840) - (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 - in - out - | 3uy -> - let d0, d1, d2, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Libcrux.Hacl.Sha3.Simd256.shake128 (sz 840) - (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) d2 - in - out - | 4uy -> - let d0, d1, d2, d3:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Libcrux.Hacl.Sha3.Simd256.shake128 (sz 840) - (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) d2 - in - let out:t_Array (t_Array u8 (sz 840)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) d3 - in - out - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" - - <: - Rust_primitives.Hax.t_Never) + let out:t_Array (t_Array u8 (sz 840)) v_K = + if ~.(Libcrux_platform.simd256_support <: bool) || ~.false + then + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + out + (fun out i -> + let out:t_Array (t_Array u8 (sz 840)) v_K = out in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + i + (Libcrux.Digest.shake128 (sz 840) + (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + t_Array u8 (sz 840)) + <: + t_Array (t_Array u8 (sz 840)) v_K) + else + let out:t_Array (t_Array u8 (sz 840)) v_K = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let d0, d1, _, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux.Digest.shake128x4 (sz 840) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 + in + out + | 3uy -> + let d0, d1, d2, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux.Digest.shake128x4 (sz 840) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) d2 + in + out + | 4uy -> + let d0, d1, d2, d3:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux.Digest.shake128x4 (sz 840) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) d0 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) d1 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) d2 + in + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) d3 + in + out + | _ -> out + in + out + in + out diff --git a/proofs/fstar/extraction/Libcrux_platform.fsti b/proofs/fstar/extraction/Libcrux_platform.fsti new file mode 100644 index 000000000..2f14b2aa5 --- /dev/null +++ b/proofs/fstar/extraction/Libcrux_platform.fsti @@ -0,0 +1,4 @@ +module Libcrux_platform +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + +val simd256_support: bool diff --git a/proofs/fstar/extraction/Makefile b/proofs/fstar/extraction/Makefile index 661b6c980..b95e63e7b 100644 --- a/proofs/fstar/extraction/Makefile +++ b/proofs/fstar/extraction/Makefile @@ -49,6 +49,7 @@ all: VERIFIED = \ + Libcrux_platform.fsti \ Libcrux.Kem.fst \ Libcrux.Kem.Kyber.Constants.fst \ Libcrux.Digest.fsti \ From 415a4f000381bb96f83b90d688d99aec9d3c6b19 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 7 Dec 2023 10:17:04 +0100 Subject: [PATCH 15/15] remove commented code in sha3.rs --- src/hacl/sha3.rs | 87 ------------------------------------------------ 1 file changed, 87 deletions(-) diff --git a/src/hacl/sha3.rs b/src/hacl/sha3.rs index c17252677..818d3c1e8 100644 --- a/src/hacl/sha3.rs +++ b/src/hacl/sha3.rs @@ -227,90 +227,3 @@ pub mod x4 { (digest0, digest1, digest2, digest3) } } - -// #[cfg(not(simd256))] -// pub mod x4 { -// macro_rules! impl_sha3_vec { -// ($name:ident, $out_len:literal) => { -// #[inline(always)] -// pub(crate) fn $name( -// payload0: &[u8], -// payload1: &[u8], -// payload2: &[u8], -// payload3: &[u8], -// ) -> ( -// [u8; $out_len], -// [u8; $out_len], -// [u8; $out_len], -// [u8; $out_len], -// ) { -// let input_len = payload0.len(); -// debug_assert!( -// input_len == payload1.len() -// && input_len == payload2.len() -// && input_len == payload3.len() -// && input_len <= u32::MAX as usize -// ); -// let mut digest0 = super::$name(payload0); -// let mut digest1 = super::$name(payload1); -// let mut digest2 = super::$name(payload2); -// let mut digest3 = super::$name(payload3); -// (digest0, digest1, digest2, digest3) -// } -// }; -// } - -// impl_sha3_vec!(sha224, 28); -// impl_sha3_vec!(sha256, 32); -// impl_sha3_vec!(sha384, 48); -// impl_sha3_vec!(sha512, 64); - -// /// SHAKE 128 -// #[inline(always)] -// pub(crate) fn shake128( -// payload0: &[u8], -// payload1: &[u8], -// payload2: &[u8], -// payload3: &[u8], -// ) -> ([u8; BYTES], [u8; BYTES], [u8; BYTES], [u8; BYTES]) { -// let input_len = payload0.len(); -// debug_assert!( -// input_len == payload1.len() -// && input_len == payload2.len() -// && input_len == payload3.len() -// && input_len <= u32::MAX as usize -// && BYTES <= u32::MAX as usize -// ); -// let mut digest0 = super::shake128(payload0); -// let mut digest1 = super::shake128(payload1); -// let mut digest2 = super::shake128(payload2); -// let mut digest3 = super::shake128(payload3); -// (digest0, digest1, digest2, digest3) -// } - -// /// SHAKE 256 -// /// -// /// Note that the output length `BYTES` must fit into 32 bit. If it is longer, -// /// the output will only return `u32::MAX` bytes. -// #[inline(always)] -// pub(crate) fn shake256( -// payload0: &[u8], -// payload1: &[u8], -// payload2: &[u8], -// payload3: &[u8], -// ) -> ([u8; BYTES], [u8; BYTES], [u8; BYTES], [u8; BYTES]) { -// let input_len = payload0.len(); -// debug_assert!( -// input_len == payload1.len() -// && input_len == payload2.len() -// && input_len == payload3.len() -// && input_len <= u32::MAX as usize -// && BYTES <= u32::MAX as usize -// ); -// let mut digest0 = super::shake256(payload0); -// let mut digest1 = super::shake256(payload1); -// let mut digest2 = super::shake256(payload2); -// let mut digest3 = super::shake256(payload3); -// (digest0, digest1, digest2, digest3) -// } -// }