diff --git a/.clabot b/.clabot index a23279be..a049f5a8 100644 --- a/.clabot +++ b/.clabot @@ -9,7 +9,9 @@ "addressxception": "InfernoRed", "bkmgit": "", "mamonet": "", - "emillon": "" + "emillon": "", + "protz": "", + "ma-ilsi": "" }, "contributors": [ "franziskuskiefer", @@ -21,6 +23,8 @@ "bkmgit", "mgstoyanov", "mamonet", - "emillon" + "emillon", + "protz", + "ma-ilsi" ] } diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index bddfc330..cdd803b9 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -18,7 +18,9 @@ jobs: - uses: actions/checkout@v3 - name: Setup - run: sudo apt-get install ninja-build nodejs + run: | + sudo apt-get update + sudo apt-get install ninja-build nodejs - name: Build JS bindings run: | diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 898c6184..fc98c876 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -40,7 +40,7 @@ jobs: matrix: os: - macos-latest - - ubuntu-latest + # - ubuntu-latest Disabling Ubuntu for now as long as bindgen is broken - windows-latest runs-on: ${{ matrix.os }} @@ -95,7 +95,7 @@ jobs: bits: [32, 64] os: - macos-latest - - ubuntu-latest + # - ubuntu-latest disable for now - windows-latest exclude: - bits: 32 @@ -122,7 +122,7 @@ jobs: - if: matrix.os == 'ubuntu-latest' run: | sudo apt-get update - sudo apt-get install ninja-build gcc-multilib g++-multilib + sudo apt-get install ninja-build gcc-multilib g++-multilib clang-15 rustup target add i686-unknown-linux-gnu - name: Setup | Developer Command Prompt (x86) diff --git a/CMakeLists.txt b/CMakeLists.txt index 825b1192..dcdd2f68 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -93,12 +93,9 @@ if(NOT MSVC) # -pedantic # -Wconversion # -Wsign-conversion - # -Werror=gcc-compat $<$:-g> $<$:-Og> $<$:-O3> - # $<$:-g> - # $<$:-Wno-deprecated-declarations> ) endif() @@ -337,6 +334,9 @@ configure_file(config/Config.h.in config.h) # Now combine everything into the hacl library # # Dynamic library add_library(hacl SHARED ${SOURCES_std} ${VALE_OBJECTS}) +if(NOT MSVC) + target_compile_options(hacl PRIVATE -Wsign-conversion -Wconversion -Wall -Wextra -pedantic) +endif() if(TOOLCHAIN_CAN_COMPILE_VEC128 AND HACL_VEC128_O) add_dependencies(hacl hacl_vec128) diff --git a/benchmarks/blake.cc b/benchmarks/blake.cc index 91a77a03..19f7ed8a 100644 --- a/benchmarks/blake.cc +++ b/benchmarks/blake.cc @@ -7,19 +7,17 @@ */ #include "EverCrypt_Hash.h" -#include "Hacl_Hash_Blake2.h" -#include "Hacl_Streaming_Blake2.h" +#include "Hacl_Hash_Blake2b.h" +#include "Hacl_Hash_Blake2s.h" #include "util.h" #ifdef HACL_CAN_COMPILE_VEC128 -#include "Hacl_Hash_Blake2s_128.h" -#include "Hacl_Streaming_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" #endif #ifdef HACL_CAN_COMPILE_VEC256 -#include "Hacl_Hash_Blake2b_256.h" -#include "Hacl_Streaming_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" #endif #include "blake2.h" @@ -47,12 +45,9 @@ HACL_blake2b_32_oneshot(benchmark::State& state) bytes input(state.range(0), 0xAB); for (auto _ : state) { - Hacl_Blake2b_32_blake2b(digest2b.size(), - digest2b.data(), - input.size(), - (uint8_t*)input.data(), - 0, - NULL); + Hacl_Hash_Blake2b_hash_with_key( + digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(), + NULL, 0); } } @@ -70,12 +65,9 @@ HACL_blake2b_vec256_oneshot(benchmark::State& state) bytes input(state.range(0), 0xAB); for (auto _ : state) { - Hacl_Blake2b_256_blake2b(digest2b.size(), - digest2b.data(), - input.size(), - (uint8_t*)input.data(), - 0, - NULL); + Hacl_Hash_Blake2b_Simd256_hash_with_key( + digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(), + NULL, 0); } } @@ -89,9 +81,7 @@ EverCrypt_blake2b_oneshot(benchmark::State& state) for (auto _ : state) { EverCrypt_Hash_Incremental_hash(Spec_Hash_Definitions_Blake2B, - digest2b.data(), - input.data(), - input.size()); + digest2b.data(), input.data(), input.size()); } } @@ -113,12 +103,9 @@ static void HACL_blake2b_32_oneshot_keyed(benchmark::State& state) { for (auto _ : state) { - Hacl_Blake2b_32_blake2b(digest2b.size(), - digest2b.data(), - input.size(), - (uint8_t*)input.data(), - key.size(), - key.data()); + Hacl_Hash_Blake2b_hash_with_key( + digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(), + key.data(), key.size()); } } @@ -134,12 +121,9 @@ HACL_blake2b_vec256_oneshot_keyed(benchmark::State& state) } for (auto _ : state) { - Hacl_Blake2b_256_blake2b(digest2b.size(), - digest2b.data(), - input.size(), - (uint8_t*)input.data(), - key.size(), - key.data()); + Hacl_Hash_Blake2b_Simd256_hash_with_key( + digest2b.data(), digest2b.size(), (uint8_t*)input.data(), input.size(), + key.data(), key.size()); } } @@ -175,8 +159,8 @@ HACL_blake2s_32_oneshot(benchmark::State& state) bytes input(state.range(0), 0xAB); for (auto _ : state) { - Hacl_Blake2s_32_blake2s( - digest2s.size(), digest2s.data(), input.size(), input.data(), 0, NULL); + Hacl_Hash_Blake2s_hash_with_key( + digest2s.data(), digest2s.size(), input.data(), input.size(), NULL, 0); } } @@ -194,8 +178,8 @@ HACL_blake2s_vec128_oneshot(benchmark::State& state) bytes input(state.range(0), 0xAB); for (auto _ : state) { - Hacl_Blake2s_128_blake2s( - digest2s.size(), digest2s.data(), input.size(), input.data(), 0, NULL); + Hacl_Hash_Blake2s_Simd128_hash_with_key( + digest2s.data(), digest2s.size(), input.data(), input.size(), NULL, 0); } } @@ -209,9 +193,7 @@ EverCrypt_blake2s_oneshot(benchmark::State& state) for (auto _ : state) { EverCrypt_Hash_Incremental_hash(Spec_Hash_Definitions_Blake2S, - digest2s.data(), - input.data(), - input.size()); + digest2s.data(), input.data(), input.size()); } } @@ -233,12 +215,9 @@ static void HACL_blake2s_32_oneshot_keyed(benchmark::State& state) { for (auto _ : state) { - Hacl_Blake2s_32_blake2s(digest2s.size(), - digest2s.data(), - input.size(), - (uint8_t*)input.data(), - key.size(), - key.data()); + Hacl_Hash_Blake2s_hash_with_key( + digest2s.data(), digest2s.size(), (uint8_t*)input.data(), input.size(), + key.data(), key.size()); } } @@ -254,12 +233,9 @@ HACL_blake2s_vec128_oneshot_keyed(benchmark::State& state) } for (auto _ : state) { - Hacl_Blake2s_128_blake2s(digest2s.size(), - digest2s.data(), - input.size(), - (uint8_t*)input.data(), - key.size(), - key.data()); + Hacl_Hash_Blake2s_Simd128_hash_with_key( + digest2s.data(), digest2s.size(), (uint8_t*)input.data(), input.size(), + key.data(), key.size()); } } @@ -295,19 +271,18 @@ HACL_blake2b_32_streaming(benchmark::State& state) uint8_t digest[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX]; // Init - Hacl_Streaming_Blake2_blake2b_32_state_s* ctx = - Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(); - Hacl_Streaming_Blake2_blake2b_32_no_key_init(ctx); + Hacl_Hash_Blake2b_state_t* ctx = + Hacl_Hash_Blake2b_malloc(); // Update for (auto chunk : chunk(input, chunk_len)) { - Hacl_Streaming_Blake2_blake2b_32_no_key_update( + Hacl_Hash_Blake2b_update( ctx, (uint8_t*)chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Blake2_blake2b_32_no_key_finish(ctx, digest); - Hacl_Streaming_Blake2_blake2b_32_no_key_free(ctx); + Hacl_Hash_Blake2b_digest(ctx, digest); + Hacl_Hash_Blake2b_free(ctx); } } @@ -348,19 +323,18 @@ HACL_blake2b_vec256_streaming(benchmark::State& state) uint8_t digest[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX]; // Init - Hacl_Streaming_Blake2b_256_blake2b_256_state_s* ctx = - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(); - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(ctx); + Hacl_Hash_Blake2b_Simd256_state_t* ctx = + Hacl_Hash_Blake2b_Simd256_malloc(); // Update for (auto chunk : chunk(input, chunk_len)) { - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update( + Hacl_Hash_Blake2b_Simd256_update( ctx, (uint8_t*)chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(ctx, digest); - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(ctx); + Hacl_Hash_Blake2b_Simd256_digest(ctx, digest); + Hacl_Hash_Blake2b_Simd256_free(ctx); } } @@ -374,9 +348,8 @@ EverCrypt_blake2b_streaming(benchmark::State& state) uint8_t digest[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX]; // Init - EverCrypt_Hash_Incremental_hash_state_s* ctx = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2B); - EverCrypt_Hash_Incremental_init(ctx); + EverCrypt_Hash_Incremental_state_t* ctx = + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2B); // Update for (auto chunk : chunk(input, chunk_len)) { @@ -384,7 +357,7 @@ EverCrypt_blake2b_streaming(benchmark::State& state) } // Finish - EverCrypt_Hash_Incremental_finish(ctx, digest); + EverCrypt_Hash_Incremental_digest(ctx, digest); EverCrypt_Hash_Incremental_free(ctx); } } @@ -411,19 +384,16 @@ HACL_blake2s_32_streaming(benchmark::State& state) uint8_t digest[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX]; // Init - Hacl_Streaming_Blake2_blake2s_32_state_s* ctx = - Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(); - Hacl_Streaming_Blake2_blake2s_32_no_key_init(ctx); + Hacl_Hash_Blake2s_state_t* ctx = Hacl_Hash_Blake2s_malloc(); // Update for (auto chunk : chunk(input, chunk_len)) { - Hacl_Streaming_Blake2_blake2s_32_no_key_update( - ctx, (uint8_t*)chunk.data(), chunk.size()); + Hacl_Hash_Blake2s_update(ctx, (uint8_t*)chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Blake2_blake2s_32_no_key_finish(ctx, digest); - Hacl_Streaming_Blake2_blake2s_32_no_key_free(ctx); + Hacl_Hash_Blake2s_digest(ctx, digest); + Hacl_Hash_Blake2s_free(ctx); } } @@ -464,19 +434,17 @@ HACL_blake2s_vec128_streaming(benchmark::State& state) uint8_t digest[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX]; // Init - Hacl_Streaming_Blake2s_128_blake2s_128_state_s* ctx = - Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(); - Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init(ctx); + Hacl_Hash_Blake2s_Simd128_state_t* ctx = Hacl_Hash_Blake2s_Simd128_malloc(); // Update for (auto chunk : chunk(input, chunk_len)) { - Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update( + Hacl_Hash_Blake2s_Simd128_update( ctx, (uint8_t*)chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(ctx, digest); - Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free(ctx); + Hacl_Hash_Blake2s_Simd128_digest(ctx, digest); + Hacl_Hash_Blake2s_Simd128_free(ctx); } } @@ -490,9 +458,8 @@ EverCrypt_blake2s_streaming(benchmark::State& state) uint8_t digest[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX]; // Init - EverCrypt_Hash_Incremental_hash_state_s* ctx = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2S); - EverCrypt_Hash_Incremental_init(ctx); + EverCrypt_Hash_Incremental_state_t* ctx = + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2S); // Update for (auto chunk : chunk(input, chunk_len)) { @@ -500,7 +467,7 @@ EverCrypt_blake2s_streaming(benchmark::State& state) } // Finish - EverCrypt_Hash_Incremental_finish(ctx, digest); + EverCrypt_Hash_Incremental_digest(ctx, digest); EverCrypt_Hash_Incremental_free(ctx); } } diff --git a/benchmarks/chacha20poly1305.cc b/benchmarks/chacha20poly1305.cc index ee01f721..998ab022 100644 --- a/benchmarks/chacha20poly1305.cc +++ b/benchmarks/chacha20poly1305.cc @@ -6,12 +6,12 @@ * - http://opensource.org/licenses/MIT */ -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" #ifdef HACL_CAN_COMPILE_VEC128 -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" #endif #ifdef HACL_CAN_COMPILE_VEC256 -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" #endif #include "EverCrypt_AEAD.h" @@ -112,14 +112,9 @@ static void HACL_Chacha20Poly1305_32_encrypt(benchmark::State& state) { for (auto _ : state) { - Hacl_Chacha20Poly1305_32_aead_encrypt(key.data(), - nonce.data(), - aad.size(), - aad.data(), - INPUT_LEN, - plaintext.data(), - ciphertext.data(), - mac.data()); + Hacl_AEAD_Chacha20Poly1305_encrypt( + ciphertext.data(), mac.data(), plaintext.data(), INPUT_LEN, + aad.data(), aad.size(), key.data(), nonce.data()); } if (ciphertext != expected_ciphertext) { @@ -139,14 +134,9 @@ HACL_Chacha20Poly1305_Vec128_encrypt(benchmark::State& state) } for (auto _ : state) { - Hacl_Chacha20Poly1305_128_aead_decrypt(key.data(), - nonce.data(), - aad.size(), - aad.data(), - INPUT_LEN, - plaintext.data(), - ciphertext.data(), - mac.data()); + Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt( + plaintext.data(), ciphertext.data(), INPUT_LEN, aad.data(), + aad.size(), key.data(), nonce.data(), mac.data()); } if (ciphertext != expected_ciphertext) { @@ -167,14 +157,9 @@ HACL_Chacha20Poly1305_Vec256_encrypt(benchmark::State& state) } for (auto _ : state) { - Hacl_Chacha20Poly1305_256_aead_encrypt(key.data(), - nonce.data(), - aad.size(), - aad.data(), - INPUT_LEN, - plaintext.data(), - ciphertext.data(), - mac.data()); + Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt( + ciphertext.data(), mac.data(), plaintext.data(), INPUT_LEN, + aad.data(), aad.size(), key.data(), nonce.data()); } if (ciphertext != expected_ciphertext) { diff --git a/benchmarks/hmac.cc b/benchmarks/hmac.cc index 61dec7a8..dc4d950f 100644 --- a/benchmarks/hmac.cc +++ b/benchmarks/hmac.cc @@ -131,7 +131,7 @@ BENCHMARK_CAPTURE( sha1, from_hex("7DD9CDC17DD7C7CD4B1D39C13FA7E511354CC6EB7F5BEB07ED2D353E138A9428"), HACL_MAC_HMAC_SHA1_TAG_LEN, - Hacl_HMAC_legacy_compute_sha1) + Hacl_HMAC_compute_sha1) ->Setup(DoSetup) ->Arg(4096); diff --git a/benchmarks/sha1.cc b/benchmarks/sha1.cc index 1b0ac299..87428664 100644 --- a/benchmarks/sha1.cc +++ b/benchmarks/sha1.cc @@ -16,7 +16,7 @@ HACL_Sha1_oneshot(benchmark::State& state) bytes digest(HACL_HASH_SHA1_DIGEST_LENGTH, 0); for (auto _ : state) { - Hacl_Streaming_SHA1_legacy_hash(input.data(), input.size(), digest.data()); + Hacl_Hash_SHA1_hash(digest.data(), input.data(), input.size()); } if (digest != expected_digest) { @@ -55,20 +55,18 @@ HACL_Sha1_streaming(benchmark::State& state) for (auto _ : state) { // Init - Hacl_Streaming_SHA1_state* state = - Hacl_Streaming_SHA1_legacy_create_in(); - Hacl_Streaming_SHA1_legacy_init(state); + Hacl_Hash_SHA1_state_t* state = Hacl_Hash_SHA1_malloc(); // Update for (size_t i = 0; i < input.size();) { - Hacl_Streaming_SHA1_legacy_update( + Hacl_Hash_SHA1_update( state, input.data() + i, min(chunk_len, input.size() - i)); i += chunk_len; } // Finish - Hacl_Streaming_SHA1_legacy_finish(state, digest.data()); - Hacl_Streaming_SHA1_legacy_free(state); + Hacl_Hash_SHA1_digest(state, digest.data()); + Hacl_Hash_SHA1_free(state); } if (digest != expected_digest) { diff --git a/benchmarks/sha2.cc b/benchmarks/sha2.cc index f41933b8..7a862761 100644 --- a/benchmarks/sha2.cc +++ b/benchmarks/sha2.cc @@ -9,11 +9,11 @@ #include "Hacl_Hash_SHA2.h" #ifdef HACL_CAN_COMPILE_VEC128 -#include "Hacl_Hash_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" #endif #ifdef HACL_CAN_COMPILE_VEC256 -#include "Hacl_Hash_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" #endif #include "util.h" @@ -47,13 +47,13 @@ HACL_Sha2_oneshot(benchmark::State& state, Args&&... args) auto expected_digest = std::get<1>(args_tuple); auto hash = std::get<2>(args_tuple); - bytes digest(digest_len, 0); + bytes output(digest_len, 0); for (auto _ : state) { - hash((uint8_t*)input.data(), input.size(), digest.data()); + hash(output.data(), (uint8_t*)input.data(), input.size()); } - if (digest != expected_digest) { + if (output != expected_digest) { state.SkipWithError("Incorrect digest."); return; } @@ -90,18 +90,17 @@ HACL_Sha2_streaming(benchmark::State& state, Args&&... args) auto digest_len = std::get<0>(args_tuple); auto expected_digest = std::get<1>(args_tuple); - auto create_in = std::get<2>(args_tuple); - auto init = std::get<3>(args_tuple); + auto malloc = std::get<2>(args_tuple); + //auto reset = std::get<3>(args_tuple); auto update = std::get<4>(args_tuple); - auto finish = std::get<5>(args_tuple); + auto digest = std::get<5>(args_tuple); auto free = std::get<6>(args_tuple); - bytes digest(digest_len, 0); + bytes output(digest_len, 0); for (auto _ : state) { // Init - auto* ctx = create_in(); - init(ctx); + auto* ctx = malloc(); // Update for (auto chunk : chunk(input, chunk_len)) { @@ -109,11 +108,11 @@ HACL_Sha2_streaming(benchmark::State& state, Args&&... args) } // Finish - finish(ctx, digest.data()); + digest(ctx, output.data()); free(ctx); } - if (digest != expected_digest) { + if (output != expected_digest) { state.SkipWithError("Incorrect digest."); return; } @@ -133,9 +132,8 @@ EverCrypt_Sha2_streaming(benchmark::State& state, Args&&... args) for (auto _ : state) { // Init - EverCrypt_Hash_Incremental_hash_state* ctx = - EverCrypt_Hash_Incremental_create_in(algorithm); - EverCrypt_Hash_Incremental_init(ctx); + EverCrypt_Hash_Incremental_state_t* ctx = + EverCrypt_Hash_Incremental_malloc(algorithm); // Update for (auto chunk : chunk(input, chunk_len)) { @@ -143,7 +141,7 @@ EverCrypt_Sha2_streaming(benchmark::State& state, Args&&... args) } // Finish - EverCrypt_Hash_Incremental_finish(ctx, digest.data()); + EverCrypt_Hash_Incremental_digest(ctx, digest.data()); EverCrypt_Hash_Incremental_free(ctx); } @@ -159,7 +157,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot, sha2_224, HACL_HASH_SHA2_224_DIGEST_LENGTH, expected_digest_sha2_224, - Hacl_Streaming_SHA2_hash_224) + Hacl_Hash_SHA2_hash_224) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot, @@ -182,7 +180,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot, sha2_256, HACL_HASH_SHA2_256_DIGEST_LENGTH, expected_digest_sha2_256, - Hacl_Streaming_SHA2_hash_256) + Hacl_Hash_SHA2_hash_256) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot, @@ -205,7 +203,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot, sha2_384, HACL_HASH_SHA2_384_DIGEST_LENGTH, expected_digest_sha2_384, - Hacl_Streaming_SHA2_hash_384) + Hacl_Hash_SHA2_hash_384) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot, @@ -228,7 +226,7 @@ BENCHMARK_CAPTURE(HACL_Sha2_oneshot, sha2_512, HACL_HASH_SHA2_512_DIGEST_LENGTH, expected_digest_sha2_512, - Hacl_Streaming_SHA2_hash_512) + Hacl_Hash_SHA2_hash_512) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_oneshot, @@ -253,11 +251,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming, sha2_224, HACL_HASH_SHA2_224_DIGEST_LENGTH, expected_digest_sha2_224, - Hacl_Streaming_SHA2_create_in_224, - Hacl_Streaming_SHA2_init_224, - Hacl_Streaming_SHA2_update_224, - Hacl_Streaming_SHA2_finish_224, - Hacl_Streaming_SHA2_free_224) + Hacl_Hash_SHA2_malloc_224, + Hacl_Hash_SHA2_reset_224, + Hacl_Hash_SHA2_update_224, + Hacl_Hash_SHA2_digest_224, + Hacl_Hash_SHA2_free_224) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming, @@ -281,11 +279,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming, sha2_256, HACL_HASH_SHA2_256_DIGEST_LENGTH, expected_digest_sha2_256, - Hacl_Streaming_SHA2_create_in_256, - Hacl_Streaming_SHA2_init_256, - Hacl_Streaming_SHA2_update_256, - Hacl_Streaming_SHA2_finish_256, - Hacl_Streaming_SHA2_free_256) + Hacl_Hash_SHA2_malloc_256, + Hacl_Hash_SHA2_reset_256, + Hacl_Hash_SHA2_update_256, + Hacl_Hash_SHA2_digest_256, + Hacl_Hash_SHA2_free_256) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming, @@ -337,11 +335,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming, sha2_384, HACL_HASH_SHA2_384_DIGEST_LENGTH, expected_digest_sha2_384, - Hacl_Streaming_SHA2_create_in_384, - Hacl_Streaming_SHA2_init_384, - Hacl_Streaming_SHA2_update_384, - Hacl_Streaming_SHA2_finish_384, - Hacl_Streaming_SHA2_free_384) + Hacl_Hash_SHA2_malloc_384, + Hacl_Hash_SHA2_reset_384, + Hacl_Hash_SHA2_update_384, + Hacl_Hash_SHA2_digest_384, + Hacl_Hash_SHA2_free_384) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming, @@ -365,11 +363,11 @@ BENCHMARK_CAPTURE(HACL_Sha2_streaming, sha2_512, HACL_HASH_SHA2_512_DIGEST_LENGTH, expected_digest_sha2_512, - Hacl_Streaming_SHA2_create_in_512, - Hacl_Streaming_SHA2_init_512, - Hacl_Streaming_SHA2_update_512, - Hacl_Streaming_SHA2_finish_512, - Hacl_Streaming_SHA2_free_512) + Hacl_Hash_SHA2_malloc_512, + Hacl_Hash_SHA2_reset_512, + Hacl_Hash_SHA2_update_512, + Hacl_Hash_SHA2_digest_512, + Hacl_Hash_SHA2_free_512) ->Setup(DoSetup); BENCHMARK_CAPTURE(EverCrypt_Sha2_streaming, diff --git a/benchmarks/sha3.cc b/benchmarks/sha3.cc index 7f45a7f7..de744d8f 100644 --- a/benchmarks/sha3.cc +++ b/benchmarks/sha3.cc @@ -27,7 +27,7 @@ static void Hacl_Sha3_224(benchmark::State& state) { for (auto _ : state) { - Hacl_SHA3_sha3_224(input.size(), (uint8_t*)input.data(), digest224.data()); + Hacl_Hash_SHA3_sha3_224(digest224.data(), (uint8_t*)input.data(), input.size()); } if (digest224 != expected_digest_sha3_224) { state.SkipWithError("Incorrect digest."); @@ -51,7 +51,7 @@ static void Hacl_Sha3_256(benchmark::State& state) { for (auto _ : state) { - Hacl_SHA3_sha3_256(input.size(), (uint8_t*)input.data(), digest256.data()); + Hacl_Hash_SHA3_sha3_256(digest256.data(), (uint8_t*)input.data(), input.size()); } if (digest256 != expected_digest_sha3_256) { state.SkipWithError("Incorrect digest."); @@ -102,7 +102,7 @@ static void Hacl_Sha3_384(benchmark::State& state) { for (auto _ : state) { - Hacl_SHA3_sha3_384(input.size(), (uint8_t*)input.data(), digest384.data()); + Hacl_Hash_SHA3_sha3_384(digest384.data(), (uint8_t*)input.data(), input.size()); } if (digest384 != expected_digest_sha3_384) { state.SkipWithError("Incorrect digest."); @@ -126,7 +126,7 @@ static void Hacl_Sha3_512(benchmark::State& state) { for (auto _ : state) { - Hacl_SHA3_sha3_512(input.size(), (uint8_t*)input.data(), digest512.data()); + Hacl_Hash_SHA3_sha3_512(digest512.data(), (uint8_t*)input.data(), input.size()); } if (digest512 != expected_digest_sha3_512) { state.SkipWithError("Incorrect digest."); @@ -176,21 +176,20 @@ Hacl_Sha3_256_Streaming(benchmark::State& state) { for (auto _ : state) { // Init - Hacl_Streaming_Keccak_state* sha_state = - Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_256); - Hacl_Streaming_Keccak_reset(sha_state); + Hacl_Hash_SHA3_state_t* sha_state = + Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_256); // Update for (size_t i = 0; i < input.size();) { - Hacl_Streaming_Keccak_update(sha_state, - (uint8_t*)input.data() + i, - min(chunk_len, input.size() - i)); + Hacl_Hash_SHA3_update(sha_state, + (uint8_t*)input.data() + i, + min(chunk_len, input.size() - i)); i += chunk_len; } // Finish - Hacl_Streaming_Keccak_finish(sha_state, digest256.data()); - Hacl_Streaming_Keccak_free(sha_state); + Hacl_Hash_SHA3_digest(sha_state, digest256.data()); + Hacl_Hash_SHA3_free(sha_state); } if (digest256 != expected_digest_sha3_256) { @@ -243,10 +242,8 @@ static void Hacl_Sha3_shake128(benchmark::State& state) { for (auto _ : state) { - Hacl_SHA3_shake128_hacl(input.size(), - (uint8_t*)input.data(), - digest_shake.size(), - digest_shake.data()); + Hacl_Hash_SHA3_shake128_hacl( + input.size(), (uint8_t*)input.data(), digest_shake.size(), digest_shake.data()); } } @@ -256,10 +253,8 @@ static void Hacl_Sha3_shake256(benchmark::State& state) { for (auto _ : state) { - Hacl_SHA3_shake256_hacl(input.size(), - (uint8_t*)input.data(), - digest_shake.size(), - digest_shake.data()); + Hacl_Hash_SHA3_shake256_hacl( + input.size(), (uint8_t*)input.data(), digest_shake.size(), digest_shake.data()); } } diff --git a/config/config.json b/config/config.json index 06ff34fe..7dd4cae3 100644 --- a/config/config.json +++ b/config/config.json @@ -42,27 +42,19 @@ "features": "std" }, { - "file": "Hacl_Hash_Blake2.c", + "file": "Hacl_Hash_Blake2b.c", "features": "std" }, { - "file": "Hacl_Streaming_Blake2.c", + "file": "Hacl_Hash_Blake2s.c", "features": "std" }, { - "file": "Hacl_Hash_Blake2b_256.c", + "file": "Hacl_Hash_Blake2b_Simd256.c", "features": "vec256" }, { - "file": "Hacl_Streaming_Blake2b_256.c", - "features": "vec256" - }, - { - "file": "Hacl_Hash_Blake2s_128.c", - "features": "vec128" - }, - { - "file": "Hacl_Streaming_Blake2s_128.c", + "file": "Hacl_Hash_Blake2s_Simd128.c", "features": "vec128" } ], @@ -104,11 +96,11 @@ ], "chacha20poly1305": [ { - "file": "Hacl_Chacha20Poly1305_32.c", + "file": "Hacl_AEAD_Chacha20Poly1305.c", "features": "std" }, { - "file": "Hacl_Streaming_Poly1305_32.c", + "file": "Hacl_MAC_Poly1305.c", "features": "std" }, { @@ -116,11 +108,11 @@ "features": "std" }, { - "file": "Hacl_Chacha20Poly1305_128.c", + "file": "Hacl_AEAD_Chacha20Poly1305_Simd128.c", "features": "vec128" }, { - "file": "Hacl_Streaming_Poly1305_128.c", + "file": "Hacl_MAC_Poly1305_Simd128.c", "features": "vec128" }, { @@ -128,11 +120,11 @@ "features": "vec128" }, { - "file": "Hacl_Chacha20Poly1305_256.c", + "file": "Hacl_AEAD_Chacha20Poly1305_Simd256.c", "features": "vec256" }, { - "file": "Hacl_Streaming_Poly1305_256.c", + "file": "Hacl_MAC_Poly1305_Simd256.c", "features": "vec256" }, { diff --git a/config/default_config.cmake b/config/default_config.cmake index ee7e66ab..9a05896e 100644 --- a/config/default_config.cmake +++ b/config/default_config.cmake @@ -1,26 +1,25 @@ set(SOURCES_std ${PROJECT_SOURCE_DIR}/src/Hacl_NaCl.c ${PROJECT_SOURCE_DIR}/src/Hacl_Salsa20.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Poly1305_32.c + ${PROJECT_SOURCE_DIR}/src/Hacl_MAC_Poly1305.c ${PROJECT_SOURCE_DIR}/src/Hacl_Curve25519_51.c ${PROJECT_SOURCE_DIR}/src/Hacl_HMAC_DRBG.c ${PROJECT_SOURCE_DIR}/src/Hacl_HMAC.c ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_SHA2.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2.c - ${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c + ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2b.c + ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2s.c ${PROJECT_SOURCE_DIR}/src/Hacl_Ed25519.c ${PROJECT_SOURCE_DIR}/src/Hacl_EC_Ed25519.c ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Base.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2.c + ${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum256_32.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum256.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum32.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum4096_32.c ${PROJECT_SOURCE_DIR}/src/Hacl_GenericField32.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20Poly1305_32.c + ${PROJECT_SOURCE_DIR}/src/Hacl_AEAD_Chacha20Poly1305.c ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Poly1305_32.c ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20_Vec32.c ${PROJECT_SOURCE_DIR}/src/Hacl_P256.c ${PROJECT_SOURCE_DIR}/src/Hacl_K256_ECDSA.c @@ -42,10 +41,10 @@ set(SOURCES_std ${PROJECT_SOURCE_DIR}/src/Hacl_Frodo64.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_DRBG.c ${PROJECT_SOURCE_DIR}/src/Lib_RandomBuffer_System.c - ${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_HMAC.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_Hash.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_AutoConfig2.c + ${PROJECT_SOURCE_DIR}/src/Lib_Memzero0.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_Ed25519.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_Curve25519.c ${PROJECT_SOURCE_DIR}/src/EverCrypt_HKDF.c @@ -55,12 +54,10 @@ set(SOURCES_std ${PROJECT_SOURCE_DIR}/src/EverCrypt_AEAD.c ) set(SOURCES_vec256 - ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2b_256.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2b_256.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20Poly1305_256.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Poly1305_256.c + ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2b_Simd256.c + ${PROJECT_SOURCE_DIR}/src/Hacl_AEAD_Chacha20Poly1305_Simd256.c + ${PROJECT_SOURCE_DIR}/src/Hacl_MAC_Poly1305_Simd256.c ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20_Vec256.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Poly1305_256.c ${PROJECT_SOURCE_DIR}/src/Hacl_SHA2_Vec256.c ${PROJECT_SOURCE_DIR}/src/Hacl_HKDF_Blake2b_256.c ${PROJECT_SOURCE_DIR}/src/Hacl_HMAC_Blake2b_256.c @@ -69,15 +66,13 @@ set(SOURCES_vec256 ${PROJECT_SOURCE_DIR}/src/Hacl_HPKE_P256_CP256_SHA256.c ) set(SOURCES_vec128 - ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2s_128.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Blake2s_128.c + ${PROJECT_SOURCE_DIR}/src/Hacl_Hash_Blake2s_Simd128.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum4096.c ${PROJECT_SOURCE_DIR}/src/Hacl_Bignum64.c ${PROJECT_SOURCE_DIR}/src/Hacl_GenericField64.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20Poly1305_128.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Poly1305_128.c + ${PROJECT_SOURCE_DIR}/src/Hacl_AEAD_Chacha20Poly1305_Simd128.c + ${PROJECT_SOURCE_DIR}/src/Hacl_MAC_Poly1305_Simd128.c ${PROJECT_SOURCE_DIR}/src/Hacl_Chacha20_Vec128.c - ${PROJECT_SOURCE_DIR}/src/Hacl_Streaming_Poly1305_128.c ${PROJECT_SOURCE_DIR}/src/Hacl_SHA2_Vec128.c ${PROJECT_SOURCE_DIR}/src/Hacl_HKDF_Blake2s_128.c ${PROJECT_SOURCE_DIR}/src/Hacl_HMAC_Blake2s_128.c @@ -114,7 +109,7 @@ set(INCLUDES ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/LowStar_Endianness.h ${PROJECT_SOURCE_DIR}/include/Hacl_Salsa20.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_32.h + ${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305.h ${PROJECT_SOURCE_DIR}/include/Hacl_Krmllib.h ${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_51.h ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Krmllib.h @@ -123,8 +118,8 @@ set(INCLUDES ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Types.h ${PROJECT_SOURCE_DIR}/include/Hacl_HMAC.h ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_SHA2.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2.h - ${PROJECT_SOURCE_DIR}/include/Lib_Memzero0.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s.h ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Ed25519.h ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_SHA2.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_SHA2.h @@ -140,15 +135,15 @@ set(INCLUDES ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Ed25519.h ${PROJECT_SOURCE_DIR}/include/Hacl_EC_Ed25519.h ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Base.h - ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2.h + ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2b.h + ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Hash_Blake2s.h ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Impl_Blake2_Constants.h - ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_256.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2b.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2s.h + ${PROJECT_SOURCE_DIR}/include/lib_memzero0.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_Simd256.h ${PROJECT_SOURCE_DIR}/include/libintvector.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2b_256.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2s_128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_Simd128.h ${PROJECT_SOURCE_DIR}/include/Hacl_Bignum256_32.h ${PROJECT_SOURCE_DIR}/include/Hacl_Bignum.h ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Bignum.h @@ -160,24 +155,21 @@ set(INCLUDES ${PROJECT_SOURCE_DIR}/include/Hacl_Bignum64.h ${PROJECT_SOURCE_DIR}/include/Hacl_GenericField32.h ${PROJECT_SOURCE_DIR}/include/Hacl_GenericField64.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_32.h + ${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_32.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec32.h ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Chacha20.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Chacha20.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd128.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec128.h - ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_256.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_256.h + ${PROJECT_SOURCE_DIR}/include/internal/Hacl_MAC_Poly1305_Simd128.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h + ${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd256.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec256.h - ${PROJECT_SOURCE_DIR}/include/internal/Hacl_Poly1305_256.h - ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_256.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_256.h + ${PROJECT_SOURCE_DIR}/include/internal/Hacl_MAC_Poly1305_Simd256.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd256.h ${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_64.h ${PROJECT_SOURCE_DIR}/include/internal/Vale.h ${PROJECT_SOURCE_DIR}/include/curve25519-inline.h @@ -256,7 +248,7 @@ set(PUBLIC_INCLUDES ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h ${PROJECT_SOURCE_DIR}/karamel/krmllib/dist/minimal/LowStar_Endianness.h ${PROJECT_SOURCE_DIR}/include/Hacl_Salsa20.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_32.h + ${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305.h ${PROJECT_SOURCE_DIR}/include/Hacl_Krmllib.h ${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_51.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Krmllib.h @@ -264,8 +256,8 @@ set(PUBLIC_INCLUDES ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Types.h ${PROJECT_SOURCE_DIR}/include/Hacl_HMAC.h ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_SHA2.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2.h - ${PROJECT_SOURCE_DIR}/include/Lib_Memzero0.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_SHA2.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Curve25519_51.h ${PROJECT_SOURCE_DIR}/include/lib_intrinsics.h @@ -275,13 +267,12 @@ set(PUBLIC_INCLUDES ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Ed25519.h ${PROJECT_SOURCE_DIR}/include/Hacl_EC_Ed25519.h ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Base.h - ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_256.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2b.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Hash_Blake2s.h + ${PROJECT_SOURCE_DIR}/include/lib_memzero0.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2b_Simd256.h ${PROJECT_SOURCE_DIR}/include/libintvector.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2b_256.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Blake2s_128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_Hash_Blake2s_Simd128.h ${PROJECT_SOURCE_DIR}/include/Hacl_Bignum256_32.h ${PROJECT_SOURCE_DIR}/include/Hacl_Bignum.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Bignum.h @@ -292,21 +283,18 @@ set(PUBLIC_INCLUDES ${PROJECT_SOURCE_DIR}/include/Hacl_Bignum64.h ${PROJECT_SOURCE_DIR}/include/Hacl_GenericField32.h ${PROJECT_SOURCE_DIR}/include/Hacl_GenericField64.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_32.h + ${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_32.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec32.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Chacha20.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd128.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec128.h - ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_128.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20Poly1305_256.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Poly1305_256.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd128.h + ${PROJECT_SOURCE_DIR}/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h + ${PROJECT_SOURCE_DIR}/include/Hacl_MAC_Poly1305_Simd256.h ${PROJECT_SOURCE_DIR}/include/Hacl_Chacha20_Vec256.h - ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_Poly1305_256.h - ${PROJECT_SOURCE_DIR}/include/Hacl_Streaming_Poly1305_256.h + ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_MAC_Poly1305_Simd256.h ${PROJECT_SOURCE_DIR}/include/Hacl_Curve25519_64.h ${PROJECT_SOURCE_DIR}/include/curve25519-inline.h ${PROJECT_SOURCE_DIR}/include/internal/../Hacl_P256.h diff --git a/docs/book/src/algorithms.md b/docs/book/src/algorithms.md index ea43ca0d..72feaafe 100644 --- a/docs/book/src/algorithms.md +++ b/docs/book/src/algorithms.md @@ -15,6 +15,7 @@ For a detailed description fo the Support column, please see the [Architectures | Signature | Ed25519 | Portable | | Signature | ECDSA P-256r1 | Portable | | Signature | ECDSA P-256k1 | Portable | +| Signature | RSA-PSS | Portable | | Hash | SHA2-224 | Portable \| SHAEXT | | Hash | SHA2-256 | Portable \| SHAEXT | | Hash | SHA2-384 | Portable | @@ -29,3 +30,5 @@ For a detailed description fo the Support column, please see the [Architectures | MAC | HMAC | Portable (depends on hash) | | MAC | Poly1305 | Portable \| vec128 \| vec256 \| x64 ASM | | Hybrid Encryption | Nacl | Portable | +| Hybrid Encryption | HPKE | Portable (depends on hash, aead, dh) | +| Random Generation | HMAC-DRBG | Portable (depends on hash) | diff --git a/docs/reference/evercrypt/hash/index.md b/docs/reference/evercrypt/hash/index.md index c2a829dc..62095760 100644 --- a/docs/reference/evercrypt/hash/index.md +++ b/docs/reference/evercrypt/hash/index.md @@ -42,12 +42,12 @@ EverCrypt provides multiple hash algorithms, i.e., ... ```{doxygendefine} Spec_Hash_Definitions_Blake2B ``` -```{doxygentypedef} EverCrypt_Hash_Incremental_hash_state +```{doxygentypedef} EverCrypt_Hash_Incremental_state_t ``` ## Functions - + ```{doxygenfunction} EverCrypt_Hash_Incremental_hash ``` @@ -59,17 +59,17 @@ EverCrypt provides multiple hash algorithms, i.e., ... -------------------------------------------------------------------------------- -```{doxygenfunction} EverCrypt_Hash_Incremental_create_in +```{doxygenfunction} EverCrypt_Hash_Incremental_malloc ``` Create a hash state. `a` Algorithm to use. -```{doxygenfunction} EverCrypt_Hash_Incremental_init +```{doxygenfunction} EverCrypt_Hash_Incremental_reset ``` -Initialize hash state). +Reset hash state). `s` The hash state. @@ -82,7 +82,7 @@ Feed the next chunk of the message that will be hashed. `data` Pointer to the next chunk of the message that will be hashed. `len` Length of the next chunk of the message that will be hashed. -```{doxygenfunction} EverCrypt_Hash_Incremental_finish +```{doxygenfunction} EverCrypt_Hash_Incremental_digest ``` Finish the hash calculation and write the digest to `dst`. diff --git a/docs/reference/hacl/aead/chacha20poly1305.md b/docs/reference/hacl/aead/chacha20poly1305.md index f52443e9..04075548 100644 --- a/docs/reference/hacl/aead/chacha20poly1305.md +++ b/docs/reference/hacl/aead/chacha20poly1305.md @@ -10,7 +10,7 @@ All memory for the output variables have to be allocated by the caller. ````{group-tab} 32 ```c -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" ``` A portable C implementation that can be compiled and run on any platform that is 32-bit or higher. @@ -20,7 +20,7 @@ This implementation works on all CPUs. ````{group-tab} 128 ```c -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" ``` A 128-bit vectorized C implementation that can be compiled and run on any platform that supports 128-bit SIMD instructions. @@ -30,7 +30,7 @@ Support for VEC128 is needed. Please see the [HACL Packages book]. ````{group-tab} 256 ```c -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" ``` A 256-bit vectorized C implementation that can be compiled and run on any platform that supports 256-bit SIMD instructions. @@ -59,21 +59,21 @@ Support for VEC256 is needed. Please see the [HACL Packages book]. `````{tabs} ````{group-tab} 32 -```{doxygenfunction} Hacl_Chacha20Poly1305_32_aead_encrypt +```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_encrypt ``` -```{doxygenfunction} Hacl_Chacha20Poly1305_32_aead_decrypt +```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_decrypt ``` ```` ````{group-tab} 128 -```{doxygenfunction} Hacl_Chacha20Poly1305_128_aead_encrypt +```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt ``` -```{doxygenfunction} Hacl_Chacha20Poly1305_128_aead_decrypt +```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt ``` ```` ````{group-tab} 256 -```{doxygenfunction} Hacl_Chacha20Poly1305_256_aead_encrypt +```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt ``` -```{doxygenfunction} Hacl_Chacha20Poly1305_256_aead_decrypt +```{doxygenfunction} Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt ``` ```` ````` diff --git a/docs/reference/hacl/hash/blake2/blake2b.md b/docs/reference/hacl/hash/blake2/blake2b.md index e727c883..03e03300 100644 --- a/docs/reference/hacl/hash/blake2/blake2b.md +++ b/docs/reference/hacl/hash/blake2/blake2b.md @@ -12,12 +12,12 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b `````{tabs} ````{group-tab} 32 ```C -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2b.h" ``` ```` ````{group-tab} 256 ```C -#include "Hacl_Hash_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" ``` ```` ````` @@ -47,11 +47,11 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b `````{tabs} ````{group-tab} 32 -```{doxygenfunction} Hacl_Blake2b_32_blake2b +```{doxygenfunction} Hacl_Hash_Blake2b_hash_with_key ``` ```` ````{group-tab} 256 -```{doxygenfunction} Hacl_Blake2b_256_blake2b +```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_hash_with_key ``` ```` ````` @@ -63,12 +63,12 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b `````{tabs} ````{group-tab} 32 ```C -#include "Hacl_Streaming_Blake2.h" +#include "Hacl_Hash_Blake2b.h" ``` ```` ````{group-tab} 256 ```C -#include "Hacl_Streaming_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" ``` ```` ````` @@ -98,31 +98,31 @@ It also has a build-in keying mechanism so that it can be used to replace HMAC-b `````{tabs} ````{group-tab} 32 -```{doxygentypedef} Hacl_Streaming_Blake2_blake2b_32_state +```{doxygentypedef} Hacl_Hash_Blake2b_state_t ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_create_in +```{doxygenfunction} Hacl_Hash_Blake2b_malloc ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_init +```{doxygenfunction} Hacl_Hash_Blake2b_update ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_update +```{doxygenfunction} Hacl_Hash_Blake2b_digest ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_finish +```{doxygenfunction} Hacl_Hash_Blake2b_reset ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2b_32_no_key_free +```{doxygenfunction} Hacl_Hash_Blake2b_free ``` ```` ````{group-tab} 256 -```{doxygentypedef} Hacl_Streaming_Blake2b_256_blake2b_256_state +```{doxygentypedef} Hacl_Hash_Blake2b_Simd256_state_t ``` -```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in +```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_malloc ``` -```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init +```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_update ``` -```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update +```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_digest ``` -```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish +```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_reset ``` -```{doxygenfunction} Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free +```{doxygenfunction} Hacl_Hash_Blake2b_Simd256_free ``` ```` ````` diff --git a/docs/reference/hacl/hash/blake2/blake2s.md b/docs/reference/hacl/hash/blake2/blake2s.md index c960a683..e234bd6f 100644 --- a/docs/reference/hacl/hash/blake2/blake2s.md +++ b/docs/reference/hacl/hash/blake2/blake2s.md @@ -11,12 +11,12 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size `````{tabs} ````{group-tab} 32 ```C -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s.h" ``` ```` ````{group-tab} 128 ```C -#include "Hacl_Hash_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" ``` ```` ````` @@ -46,11 +46,11 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size `````{tabs} ````{group-tab} 32 -```{doxygenfunction} Hacl_Blake2s_32_blake2s +```{doxygenfunction} Hacl_Hash_Blake2s_hash_with_key ``` ```` ````{group-tab} 128 -```{doxygenfunction} Hacl_Blake2s_128_blake2s +```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_hash_with_key ``` ```` ````` @@ -62,12 +62,12 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size `````{tabs} ````{group-tab} 32 ```C -#include "Hacl_Streaming_Blake2.h" +#include "Hacl_Hash_Blake2.h" ``` ```` ````{group-tab} 128 ```C -#include "Hacl_Streaming_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" ``` ```` ````` @@ -97,31 +97,31 @@ BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size `````{tabs} ````{group-tab} 32 -```{doxygentypedef} Hacl_Streaming_Blake2_blake2s_32_state +```{doxygentypedef} Hacl_Hash_Blake2s_state_t ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_create_in +```{doxygenfunction} Hacl_Hash_Blake2s_malloc ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_init +```{doxygenfunction} Hacl_Hash_Blake2s_update ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_update +```{doxygenfunction} Hacl_Hash_Blake2s_digest ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_finish +```{doxygenfunction} Hacl_Hash_Blake2s_reset ``` -```{doxygenfunction} Hacl_Streaming_Blake2_blake2s_32_no_key_free +```{doxygenfunction} Hacl_Hash_Blake2s_free ``` ```` ````{group-tab} 128 -```{doxygentypedef} Hacl_Streaming_Blake2s_128_blake2s_128_state +```{doxygentypedef} Hacl_Hash_Blake2s_Simd128_state_t ``` -```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in +```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_malloc ``` -```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init +```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_update ``` -```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update +```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_digest ``` -```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish +```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_reset ``` -```{doxygenfunction} Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free +```{doxygenfunction} Hacl_Hash_Blake2s_Simd128_free ``` ```` ````` diff --git a/docs/reference/hacl/hash/index.md b/docs/reference/hacl/hash/index.md index a0910450..1d5260e0 100644 --- a/docs/reference/hacl/hash/index.md +++ b/docs/reference/hacl/hash/index.md @@ -13,15 +13,15 @@ If you want to hash a complete messages, i.e., can provide a slice of memory tha If you need to provide a message chunk-by-chunk, e.g., because you read the message from network or similar, it could be more appropriate to use the streaming API. The streaming API has roughly three phases: init, update, and finish. -Typically, you create a state element by using `init`, call `update` as often as needed, and then call `finish` to obtain the final digest. +Typically, you create a state element by using `malloc`, call `update` as often as needed, and then call `digest` to obtain the final digest. Finally, you `free` the state element. **Streaming API (with intermediate digests)** -It is also possible to obtain all intermediate digests by calling `finish` more than once. -You can call `update("Hello, ")`, and `finish` to obtain the hash of `"Hello, "`. -Then you can call `update("World!")`, and `finish` *again* to obtain the hash of `"Hello, World!"`. -You only need to call `init` and `free` once to obtain both digests. +It is also possible to obtain all intermediate digests by calling `digest` more than once. +You can call `update("Hello, ")`, and `digest` to obtain the hash of `"Hello, "`. +Then you can call `update("World!")`, and `digest` *again* to obtain the hash of `"Hello, World!"`. +You only need to call `malloc` and `free` once to obtain both digests. ```{toctree} :caption: "Algorithms" diff --git a/docs/reference/hacl/hash/sha1.md b/docs/reference/hacl/hash/sha1.md index 64fef04f..7889d30d 100644 --- a/docs/reference/hacl/hash/sha1.md +++ b/docs/reference/hacl/hash/sha1.md @@ -24,7 +24,7 @@ SHA-1 is insecure. Please avoid or ask your cryptographer of trust for permissio :end-before: "// END OneShot" ``` -```{doxygenfunction} Hacl_Streaming_SHA1_legacy_hash +```{doxygenfunction} Hacl_Hash_SHA1_hash ``` ### Streaming @@ -52,20 +52,20 @@ SHA-1 is insecure. Please avoid or ask your cryptographer of trust for permissio :end-before: "// ANCHOR_END(streaming)" ``` -```{doxygentypedef} Hacl_Streaming_SHA1_state +```{doxygentypedef} Hacl_Hash_SHA1_state_t ``` -```{doxygenfunction} Hacl_Streaming_SHA1_legacy_create_in +```{doxygenfunction} Hacl_Hash_SHA1_malloc ``` -```{doxygenfunction} Hacl_Streaming_SHA1_legacy_init +```{doxygenfunction} Hacl_Hash_SHA1_update ``` -```{doxygenfunction} Hacl_Streaming_SHA1_legacy_update +```{doxygenfunction} Hacl_Hash_SHA1_digest ``` -```{doxygenfunction} Hacl_Streaming_SHA1_legacy_finish +```{doxygenfunction} Hacl_Hash_SHA1_reset ``` -```{doxygenfunction} Hacl_Streaming_SHA1_legacy_free +```{doxygenfunction} Hacl_Hash_SHA1_free ``` diff --git a/docs/reference/hacl/hash/sha2.md b/docs/reference/hacl/hash/sha2.md index 55702c64..990db76e 100644 --- a/docs/reference/hacl/hash/sha2.md +++ b/docs/reference/hacl/hash/sha2.md @@ -86,26 +86,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3. **Init** -```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_224 +```{doxygentypedef} Hacl_Hash_SHA2_state_t_224 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_create_in_224 -``` - -```{doxygenfunction} Hacl_Streaming_SHA2_init_224 +```{doxygenfunction} Hacl_Hash_SHA2_malloc_224 ``` **Update** -```{doxygenfunction} Hacl_Streaming_SHA2_update_224 +```{doxygenfunction} Hacl_Hash_SHA2_update_224 ``` **Finish** -```{doxygenfunction} Hacl_Streaming_SHA2_finish_224 +```{doxygenfunction} Hacl_Hash_SHA2_digest_224 +``` + +```{doxygenfunction} Hacl_Hash_SHA2_reset_224 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_free_224 +```{doxygenfunction} Hacl_Hash_SHA2_free_224 ``` ```` @@ -113,26 +113,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3. **Init** -```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_256 +```{doxygentypedef} Hacl_Hash_SHA2_state_t_256 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_create_in_256 -``` - -```{doxygenfunction} Hacl_Streaming_SHA2_init_256 +```{doxygenfunction} Hacl_Hash_SHA2_malloc_256 ``` **Update** -```{doxygenfunction} Hacl_Streaming_SHA2_update_256 +```{doxygenfunction} Hacl_Hash_SHA2_update_256 ``` **Finish** -```{doxygenfunction} Hacl_Streaming_SHA2_finish_256 +```{doxygenfunction} Hacl_Hash_SHA2_digest_256 +``` + +```{doxygenfunction} Hacl_Hash_SHA2_reset_256 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_free_256 +```{doxygenfunction} Hacl_Hash_SHA2_free_256 ``` ```` @@ -140,26 +140,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3. **Init** -```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_384 +```{doxygentypedef} Hacl_Hash_SHA2_state_t_384 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_create_in_384 -``` - -```{doxygenfunction} Hacl_Streaming_SHA2_init_384 +```{doxygenfunction} Hacl_Hash_SHA2_malloc_384 ``` **Update** -```{doxygenfunction} Hacl_Streaming_SHA2_update_384 +```{doxygenfunction} Hacl_Hash_SHA2_update_384 ``` **Finish** -```{doxygenfunction} Hacl_Streaming_SHA2_finish_384 +```{doxygenfunction} Hacl_Hash_SHA2_digest_384 +``` + +```{doxygenfunction} Hacl_Hash_SHA2_reset_384 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_free_384 +```{doxygenfunction} Hacl_Hash_SHA2_free_384 ``` ```` @@ -168,26 +168,26 @@ it is sometimes called `SHA2-256` to avoid confusion with SHA-1 and SHA-3. **Init** -```{doxygentypedef} Hacl_Streaming_SHA2_state_sha2_512 +```{doxygentypedef} Hacl_Hash_SHA2_state_t_512 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_create_in_512 -``` - -```{doxygenfunction} Hacl_Streaming_SHA2_init_512 +```{doxygenfunction} Hacl_Hash_SHA2_malloc_512 ``` **Update** -```{doxygenfunction} Hacl_Streaming_SHA2_update_512 +```{doxygenfunction} Hacl_Hash_SHA2_update_512 ``` **Finish** -```{doxygenfunction} Hacl_Streaming_SHA2_finish_512 +```{doxygenfunction} Hacl_Hash_SHA2_digest_512 +``` + +```{doxygenfunction} Hacl_Hash_SHA2_reset_512 ``` -```{doxygenfunction} Hacl_Streaming_SHA2_free_512 +```{doxygenfunction} Hacl_Hash_SHA2_free_512 ``` ```` ````` diff --git a/docs/reference/hacl/hash/sha3.md b/docs/reference/hacl/hash/sha3.md index 9fae5bb4..1bbe5e3e 100644 --- a/docs/reference/hacl/hash/sha3.md +++ b/docs/reference/hacl/hash/sha3.md @@ -34,22 +34,22 @@ SHAKE128 and SHAKE256 have a 128- or 256-bit security strength and can produce a `````{tabs} ````{tab} 28 byte digest -```{doxygenfunction} Hacl_SHA3_sha3_224 +```{doxygenfunction} Hacl_Hash_SHA3_sha3_224 ``` ```` ````{tab} 32 byte digest -```{doxygenfunction} Hacl_SHA3_sha3_256 +```{doxygenfunction} Hacl_Hash_SHA3_sha3_256 ``` ```` ````{tab} 48 byte digest -```{doxygenfunction} Hacl_SHA3_sha3_384 +```{doxygenfunction} Hacl_Hash_SHA3_sha3_384 ``` ```` ````{tab} 64 byte digest -```{doxygenfunction} Hacl_SHA3_sha3_512 +```{doxygenfunction} Hacl_Hash_SHA3_sha3_512 ``` ```` ````` @@ -79,22 +79,22 @@ SHAKE128 and SHAKE256 have a 128- or 256-bit security strength and can produce a :end-before: "// ANCHOR_END(streaming)" ``` -```{doxygentypedef} Hacl_Streaming_SHA3_state_256 +```{doxygentypedef} Hacl_Hash_SHA3_state_t ``` -```{doxygenfunction} Hacl_Streaming_SHA3_create_in_256 +```{doxygenfunction} Hacl_Hash_SHA3_malloc ``` -```{doxygenfunction} Hacl_Streaming_SHA3_init_256 +```{doxygenfunction} Hacl_Hash_SHA3_update ``` -```{doxygenfunction} Hacl_Streaming_SHA3_update_256 +```{doxygenfunction} Hacl_Hash_SHA3_digest ``` -```{doxygenfunction} Hacl_Streaming_SHA3_finish_256 +```{doxygenfunction} Hacl_Hash_SHA3_reset ``` -```{doxygenfunction} Hacl_Streaming_SHA3_free_256 +```{doxygenfunction} Hacl_Hash_SHA3_free ``` ## SHAKE @@ -114,12 +114,12 @@ SHAKE128 and SHAKE256 have a 128- or 256-bit security strength and can produce a `````{tabs} ````{tab} 128-bit security strength -```{doxygenfunction} Hacl_SHA3_shake128_hacl +```{doxygenfunction} Hacl_Hash_SHA3_shake128_hacl ``` ```` ````{tab} 256-bit security strength -```{doxygenfunction} Hacl_SHA3_shake256_hacl +```{doxygenfunction} Hacl_Hash_SHA3_shake256_hacl ``` ```` ````` diff --git a/include/EverCrypt_AEAD.h b/include/EverCrypt_AEAD.h index 4797df68..5d52493b 100644 --- a/include/EverCrypt_AEAD.h +++ b/include/EverCrypt_AEAD.h @@ -42,6 +42,10 @@ extern "C" { typedef struct EverCrypt_AEAD_state_s_s EverCrypt_AEAD_state_s; +/** +Both encryption and decryption require a state that holds the key. +The state may be reused as many times as desired. +*/ bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee); /** diff --git a/include/EverCrypt_Chacha20Poly1305.h b/include/EverCrypt_Chacha20Poly1305.h index c3eb2655..bd59e48b 100644 --- a/include/EverCrypt_Chacha20Poly1305.h +++ b/include/EverCrypt_Chacha20Poly1305.h @@ -35,9 +35,9 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Hacl_Chacha20Poly1305_32.h" -#include "Hacl_Chacha20Poly1305_256.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" #include "EverCrypt_AutoConfig2.h" void diff --git a/include/EverCrypt_DRBG.h b/include/EverCrypt_DRBG.h index aee4e800..b3161bfe 100644 --- a/include/EverCrypt_DRBG.h +++ b/include/EverCrypt_DRBG.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "Lib_RandomBuffer_System.h" -#include "Lib_Memzero0.h" #include "Hacl_Streaming_Types.h" #include "Hacl_HMAC_DRBG.h" diff --git a/include/EverCrypt_HMAC.h b/include/EverCrypt_HMAC.h index 6c64a37f..7d1da14d 100644 --- a/include/EverCrypt_HMAC.h +++ b/include/EverCrypt_HMAC.h @@ -38,13 +38,14 @@ extern "C" { #include "Hacl_Streaming_Types.h" #include "Hacl_Krmllib.h" #include "Hacl_Hash_SHA2.h" -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b.h" bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___); typedef Spec_Hash_Definitions_hash_alg EverCrypt_HMAC_supported_alg; -extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint32_t x1, uint8_t *x2); +extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint8_t *x1, uint32_t x2); void EverCrypt_HMAC_compute( diff --git a/include/EverCrypt_Hash.h b/include/EverCrypt_Hash.h index 6791dc27..b35dcf5f 100644 --- a/include/EverCrypt_Hash.h +++ b/include/EverCrypt_Hash.h @@ -39,9 +39,10 @@ extern "C" { #include "Hacl_Krmllib.h" #include "Hacl_Hash_SHA3.h" #include "Hacl_Hash_SHA2.h" -#include "Hacl_Hash_Blake2s_128.h" -#include "Hacl_Hash_Blake2b_256.h" -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s_Simd128.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b_Simd256.h" +#include "Hacl_Hash_Blake2b.h" #include "EverCrypt_Error.h" #include "EverCrypt_AutoConfig2.h" @@ -49,13 +50,13 @@ typedef struct EverCrypt_Hash_state_s_s EverCrypt_Hash_state_s; uint32_t EverCrypt_Hash_Incremental_hash_len(Spec_Hash_Definitions_hash_alg a); -typedef struct EverCrypt_Hash_Incremental_hash_state_s +typedef struct EverCrypt_Hash_Incremental_state_t_s { EverCrypt_Hash_state_s *block_state; uint8_t *buf; uint64_t total_len; } -EverCrypt_Hash_Incremental_hash_state; +EverCrypt_Hash_Incremental_state_t; /** Allocate initial state for the agile hash. The argument `a` stands for the @@ -63,13 +64,13 @@ choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most efficient implementation, provided you have called EverCrypt_AutoConfig2_init() before. The state is to be freed by calling `free`. */ -EverCrypt_Hash_Incremental_hash_state -*EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_hash_alg a); +EverCrypt_Hash_Incremental_state_t +*EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_hash_alg a); /** Reset an existing state to the initial hash state with empty data. */ -void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s); +void EverCrypt_Hash_Incremental_reset(EverCrypt_Hash_Incremental_state_t *state); /** Feed an arbitrary amount of data into the hash. This function returns @@ -80,34 +81,35 @@ algorithm. Both limits are unlikely to be attained in practice. */ EverCrypt_Error_error_code EverCrypt_Hash_Incremental_update( - EverCrypt_Hash_Incremental_hash_state *s, - uint8_t *data, - uint32_t len + EverCrypt_Hash_Incremental_state_t *state, + uint8_t *chunk, + uint32_t chunk_len ); /** Perform a run-time test to determine which algorithm was chosen for the given piece of state. */ Spec_Hash_Definitions_hash_alg -EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s); +EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_state_t *s); /** -Write the resulting hash into `dst`, an array whose length is +Write the resulting hash into `output`, an array whose length is algorithm-specific. You can use the macros defined earlier in this file to allocate a destination buffer of the right length. The state remains valid after -a call to `finish`, meaning the user may feed more data into the hash via +a call to `digest`, meaning the user may feed more data into the hash via `update`. (The finish function operates on an internal copy of the state and therefore does not invalidate the client-held state.) */ -void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s, uint8_t *dst); +void +EverCrypt_Hash_Incremental_digest(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output); /** Free a state previously allocated with `create_in`. */ -void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_hash_state *s); +void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_state_t *state); /** -Hash `input`, of len `len`, into `dst`, an array whose length is determined by +Hash `input`, of len `input_len`, into `output`, an array whose length is determined by your choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined earlier in this file to allocate a destination buffer of the right length. This API will automatically pick the most efficient implementation, provided you have @@ -116,34 +118,34 @@ called EverCrypt_AutoConfig2_init() before. void EverCrypt_Hash_Incremental_hash( Spec_Hash_Definitions_hash_alg a, - uint8_t *dst, + uint8_t *output, uint8_t *input, - uint32_t len + uint32_t input_len ); -#define MD5_HASH_LEN ((uint32_t)16U) +#define MD5_HASH_LEN (16U) -#define SHA1_HASH_LEN ((uint32_t)20U) +#define SHA1_HASH_LEN (20U) -#define SHA2_224_HASH_LEN ((uint32_t)28U) +#define SHA2_224_HASH_LEN (28U) -#define SHA2_256_HASH_LEN ((uint32_t)32U) +#define SHA2_256_HASH_LEN (32U) -#define SHA2_384_HASH_LEN ((uint32_t)48U) +#define SHA2_384_HASH_LEN (48U) -#define SHA2_512_HASH_LEN ((uint32_t)64U) +#define SHA2_512_HASH_LEN (64U) -#define SHA3_224_HASH_LEN ((uint32_t)28U) +#define SHA3_224_HASH_LEN (28U) -#define SHA3_256_HASH_LEN ((uint32_t)32U) +#define SHA3_256_HASH_LEN (32U) -#define SHA3_384_HASH_LEN ((uint32_t)48U) +#define SHA3_384_HASH_LEN (48U) -#define SHA3_512_HASH_LEN ((uint32_t)64U) +#define SHA3_512_HASH_LEN (64U) -#define BLAKE2S_HASH_LEN ((uint32_t)32U) +#define BLAKE2S_HASH_LEN (32U) -#define BLAKE2B_HASH_LEN ((uint32_t)64U) +#define BLAKE2B_HASH_LEN (64U) #if defined(__cplusplus) } diff --git a/include/EverCrypt_Poly1305.h b/include/EverCrypt_Poly1305.h index 62c00764..fba04059 100644 --- a/include/EverCrypt_Poly1305.h +++ b/include/EverCrypt_Poly1305.h @@ -35,12 +35,12 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Hacl_Poly1305_32.h" -#include "Hacl_Poly1305_256.h" -#include "Hacl_Poly1305_128.h" +#include "Hacl_MAC_Poly1305_Simd256.h" +#include "Hacl_MAC_Poly1305_Simd128.h" +#include "Hacl_MAC_Poly1305.h" #include "EverCrypt_AutoConfig2.h" -void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key); +void EverCrypt_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key); #if defined(__cplusplus) } diff --git a/include/Hacl_AEAD_Chacha20Poly1305.h b/include/Hacl_AEAD_Chacha20Poly1305.h new file mode 100644 index 00000000..2a8daa75 --- /dev/null +++ b/include/Hacl_AEAD_Chacha20Poly1305.h @@ -0,0 +1,104 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_AEAD_Chacha20Poly1305_H +#define __Hacl_AEAD_Chacha20Poly1305_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Chacha20.h" + +/** +Encrypt a message `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +@param output Pointer to `input_len` bytes of memory where the ciphertext is written to. +@param tag Pointer to 16 bytes of memory where the mac is written to. +@param input Pointer to `input_len` bytes of memory where the message is read from. +@param input_len Length of the message. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +*/ +void +Hacl_AEAD_Chacha20Poly1305_encrypt( + uint8_t *output, + uint8_t *tag, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce +); + +/** +Decrypt a ciphertext `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory. + +If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0. +If decryption fails, the array `output` remains unchanged and the function returns the error code 1. + +@param output Pointer to `input_len` bytes of memory where the message is written to. +@param input Pointer to `input_len` bytes of memory where the ciphertext is read from. +@param input_len Length of the ciphertext. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +@param tag Pointer to 16 bytes of memory where the mac is read from. + +@returns 0 on succeess; 1 on failure. +*/ +uint32_t +Hacl_AEAD_Chacha20Poly1305_decrypt( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce, + uint8_t *tag +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_AEAD_Chacha20Poly1305_H_DEFINED +#endif diff --git a/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h b/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h new file mode 100644 index 00000000..de26c907 --- /dev/null +++ b/include/Hacl_AEAD_Chacha20Poly1305_Simd128.h @@ -0,0 +1,104 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd128_H +#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Chacha20_Vec128.h" + +/** +Encrypt a message `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +@param output Pointer to `input_len` bytes of memory where the ciphertext is written to. +@param tag Pointer to 16 bytes of memory where the mac is written to. +@param input Pointer to `input_len` bytes of memory where the message is read from. +@param input_len Length of the message. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +*/ +void +Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt( + uint8_t *output, + uint8_t *tag, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce +); + +/** +Decrypt a ciphertext `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0. +If decryption fails, the array `output` remains unchanged and the function returns the error code 1. + +@param output Pointer to `input_len` bytes of memory where the message is written to. +@param input Pointer to `input_len` bytes of memory where the ciphertext is read from. +@param input_len Length of the ciphertext. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +@param tag Pointer to 16 bytes of memory where the mac is read from. + +@returns 0 on succeess; 1 on failure. +*/ +uint32_t +Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce, + uint8_t *tag +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H_DEFINED +#endif diff --git a/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h b/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h new file mode 100644 index 00000000..0abcdc59 --- /dev/null +++ b/include/Hacl_AEAD_Chacha20Poly1305_Simd256.h @@ -0,0 +1,104 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd256_H +#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Chacha20_Vec256.h" + +/** +Encrypt a message `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +@param output Pointer to `input_len` bytes of memory where the ciphertext is written to. +@param tag Pointer to 16 bytes of memory where the mac is written to. +@param input Pointer to `input_len` bytes of memory where the message is read from. +@param input_len Length of the message. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +*/ +void +Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt( + uint8_t *output, + uint8_t *tag, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce +); + +/** +Decrypt a ciphertext `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0. +If decryption fails, the array `output` remains unchanged and the function returns the error code 1. + +@param output Pointer to `input_len` bytes of memory where the message is written to. +@param input Pointer to `input_len` bytes of memory where the ciphertext is read from. +@param input_len Length of the ciphertext. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +@param tag Pointer to 16 bytes of memory where the mac is read from. + +@returns 0 on succeess; 1 on failure. +*/ +uint32_t +Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce, + uint8_t *tag +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H_DEFINED +#endif diff --git a/include/Hacl_Chacha20Poly1305_128.h b/include/Hacl_Chacha20Poly1305_128.h deleted file mode 100644 index 630fab93..00000000 --- a/include/Hacl_Chacha20Poly1305_128.h +++ /dev/null @@ -1,107 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Chacha20Poly1305_128_H -#define __Hacl_Chacha20Poly1305_128_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Poly1305_128.h" -#include "Hacl_Chacha20_Vec128.h" - -/** -Encrypt a message `m` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the message. -@param m Pointer to `mlen` bytes of memory where the message is read from. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to. -@param mac Pointer to 16 bytes of memory where the mac is written to. -*/ -void -Hacl_Chacha20Poly1305_128_aead_encrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -/** -Decrypt a ciphertext `cipher` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0. -If decryption fails, the array `m` remains unchanged and the function returns the error code 1. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the ciphertext. -@param m Pointer to `mlen` bytes of memory where the message is written to. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from. -@param mac Pointer to 16 bytes of memory where the mac is read from. - -@returns 0 on succeess; 1 on failure. -*/ -uint32_t -Hacl_Chacha20Poly1305_128_aead_decrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Chacha20Poly1305_128_H_DEFINED -#endif diff --git a/include/Hacl_Chacha20Poly1305_256.h b/include/Hacl_Chacha20Poly1305_256.h deleted file mode 100644 index ff0f2e60..00000000 --- a/include/Hacl_Chacha20Poly1305_256.h +++ /dev/null @@ -1,107 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Chacha20Poly1305_256_H -#define __Hacl_Chacha20Poly1305_256_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Poly1305_256.h" -#include "Hacl_Chacha20_Vec256.h" - -/** -Encrypt a message `m` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the message. -@param m Pointer to `mlen` bytes of memory where the message is read from. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to. -@param mac Pointer to 16 bytes of memory where the mac is written to. -*/ -void -Hacl_Chacha20Poly1305_256_aead_encrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -/** -Decrypt a ciphertext `cipher` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0. -If decryption fails, the array `m` remains unchanged and the function returns the error code 1. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the ciphertext. -@param m Pointer to `mlen` bytes of memory where the message is written to. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from. -@param mac Pointer to 16 bytes of memory where the mac is read from. - -@returns 0 on succeess; 1 on failure. -*/ -uint32_t -Hacl_Chacha20Poly1305_256_aead_decrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Chacha20Poly1305_256_H_DEFINED -#endif diff --git a/include/Hacl_Chacha20Poly1305_32.h b/include/Hacl_Chacha20Poly1305_32.h deleted file mode 100644 index 624e29fb..00000000 --- a/include/Hacl_Chacha20Poly1305_32.h +++ /dev/null @@ -1,107 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Chacha20Poly1305_32_H -#define __Hacl_Chacha20Poly1305_32_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Poly1305_32.h" -#include "Hacl_Chacha20.h" - -/** -Encrypt a message `m` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the message. -@param m Pointer to `mlen` bytes of memory where the message is read from. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to. -@param mac Pointer to 16 bytes of memory where the mac is written to. -*/ -void -Hacl_Chacha20Poly1305_32_aead_encrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -/** -Decrypt a ciphertext `cipher` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0. -If decryption fails, the array `m` remains unchanged and the function returns the error code 1. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the ciphertext. -@param m Pointer to `mlen` bytes of memory where the message is written to. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from. -@param mac Pointer to 16 bytes of memory where the mac is read from. - -@returns 0 on succeess; 1 on failure. -*/ -uint32_t -Hacl_Chacha20Poly1305_32_aead_decrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Chacha20Poly1305_32_H_DEFINED -#endif diff --git a/include/Hacl_Frodo1344.h b/include/Hacl_Frodo1344.h index 85d29c9f..9fca4c82 100644 --- a/include/Hacl_Frodo1344.h +++ b/include/Hacl_Frodo1344.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" extern uint32_t Hacl_Frodo1344_crypto_bytes; diff --git a/include/Hacl_Frodo64.h b/include/Hacl_Frodo64.h index eb17defe..05aecb59 100644 --- a/include/Hacl_Frodo64.h +++ b/include/Hacl_Frodo64.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" /* diff --git a/include/Hacl_Frodo640.h b/include/Hacl_Frodo640.h index c4bf30d7..10c9bd47 100644 --- a/include/Hacl_Frodo640.h +++ b/include/Hacl_Frodo640.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" extern uint32_t Hacl_Frodo640_crypto_bytes; diff --git a/include/Hacl_Frodo976.h b/include/Hacl_Frodo976.h index 458ebd2f..c2d5f84f 100644 --- a/include/Hacl_Frodo976.h +++ b/include/Hacl_Frodo976.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" extern uint32_t Hacl_Frodo976_crypto_bytes; diff --git a/include/Hacl_HMAC.h b/include/Hacl_HMAC.h index 84dbedf5..e1dc04f2 100644 --- a/include/Hacl_HMAC.h +++ b/include/Hacl_HMAC.h @@ -37,7 +37,8 @@ extern "C" { #include "Hacl_Krmllib.h" #include "Hacl_Hash_SHA2.h" -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b.h" /** Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`. @@ -46,7 +47,7 @@ The key can be any length and will be hashed if it is longer and padded if it is `dst` must point to 20 bytes of memory. */ void -Hacl_HMAC_legacy_compute_sha1( +Hacl_HMAC_compute_sha1( uint8_t *dst, uint8_t *key, uint32_t key_len, diff --git a/include/Hacl_HMAC_Blake2b_256.h b/include/Hacl_HMAC_Blake2b_256.h index e94ba05f..d8f3e9e1 100644 --- a/include/Hacl_HMAC_Blake2b_256.h +++ b/include/Hacl_HMAC_Blake2b_256.h @@ -36,7 +36,7 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Krmllib.h" -#include "Hacl_Hash_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" /** Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`. diff --git a/include/Hacl_HMAC_Blake2s_128.h b/include/Hacl_HMAC_Blake2s_128.h index 7f20343e..5ff79038 100644 --- a/include/Hacl_HMAC_Blake2s_128.h +++ b/include/Hacl_HMAC_Blake2s_128.h @@ -35,7 +35,7 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Hacl_Hash_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" /** Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`. diff --git a/include/Hacl_HPKE_Curve51_CP128_SHA256.h b/include/Hacl_HPKE_Curve51_CP128_SHA256.h index a768df6b..a46db470 100644 --- a/include/Hacl_HPKE_Curve51_CP128_SHA256.h +++ b/include/Hacl_HPKE_Curve51_CP128_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_Curve51_CP128_SHA512.h b/include/Hacl_HPKE_Curve51_CP128_SHA512.h index a4388707..89091754 100644 --- a/include/Hacl_HPKE_Curve51_CP128_SHA512.h +++ b/include/Hacl_HPKE_Curve51_CP128_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS( diff --git a/include/Hacl_HPKE_Curve51_CP256_SHA256.h b/include/Hacl_HPKE_Curve51_CP256_SHA256.h index 37b26f6a..83ba2adb 100644 --- a/include/Hacl_HPKE_Curve51_CP256_SHA256.h +++ b/include/Hacl_HPKE_Curve51_CP256_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_Curve51_CP256_SHA512.h b/include/Hacl_HPKE_Curve51_CP256_SHA512.h index f7240a95..1a796ab7 100644 --- a/include/Hacl_HPKE_Curve51_CP256_SHA512.h +++ b/include/Hacl_HPKE_Curve51_CP256_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS( diff --git a/include/Hacl_HPKE_Curve51_CP32_SHA256.h b/include/Hacl_HPKE_Curve51_CP32_SHA256.h index e48242e6..d249ba05 100644 --- a/include/Hacl_HPKE_Curve51_CP32_SHA256.h +++ b/include/Hacl_HPKE_Curve51_CP32_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_Curve51_CP32_SHA512.h b/include/Hacl_HPKE_Curve51_CP32_SHA512.h index 057f8769..ddc00da3 100644 --- a/include/Hacl_HPKE_Curve51_CP32_SHA512.h +++ b/include/Hacl_HPKE_Curve51_CP32_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS( diff --git a/include/Hacl_HPKE_Curve64_CP128_SHA256.h b/include/Hacl_HPKE_Curve64_CP128_SHA256.h index 1694a123..fda63e52 100644 --- a/include/Hacl_HPKE_Curve64_CP128_SHA256.h +++ b/include/Hacl_HPKE_Curve64_CP128_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_Curve64_CP128_SHA512.h b/include/Hacl_HPKE_Curve64_CP128_SHA512.h index 23f52f25..c8b06ca8 100644 --- a/include/Hacl_HPKE_Curve64_CP128_SHA512.h +++ b/include/Hacl_HPKE_Curve64_CP128_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS( diff --git a/include/Hacl_HPKE_Curve64_CP256_SHA256.h b/include/Hacl_HPKE_Curve64_CP256_SHA256.h index 33d471bc..2da8dbcf 100644 --- a/include/Hacl_HPKE_Curve64_CP256_SHA256.h +++ b/include/Hacl_HPKE_Curve64_CP256_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_Curve64_CP256_SHA512.h b/include/Hacl_HPKE_Curve64_CP256_SHA512.h index d59c1ee4..87d919e1 100644 --- a/include/Hacl_HPKE_Curve64_CP256_SHA512.h +++ b/include/Hacl_HPKE_Curve64_CP256_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS( diff --git a/include/Hacl_HPKE_Curve64_CP32_SHA256.h b/include/Hacl_HPKE_Curve64_CP32_SHA256.h index 5aaa07e1..bd4b9b59 100644 --- a/include/Hacl_HPKE_Curve64_CP32_SHA256.h +++ b/include/Hacl_HPKE_Curve64_CP32_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_Curve64_CP32_SHA512.h b/include/Hacl_HPKE_Curve64_CP32_SHA512.h index 594000f2..0d2bb8f0 100644 --- a/include/Hacl_HPKE_Curve64_CP32_SHA512.h +++ b/include/Hacl_HPKE_Curve64_CP32_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS( diff --git a/include/Hacl_HPKE_P256_CP128_SHA256.h b/include/Hacl_HPKE_P256_CP128_SHA256.h index 613fef83..c76a100d 100644 --- a/include/Hacl_HPKE_P256_CP128_SHA256.h +++ b/include/Hacl_HPKE_P256_CP128_SHA256.h @@ -37,7 +37,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_P256_CP128_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_P256_CP256_SHA256.h b/include/Hacl_HPKE_P256_CP256_SHA256.h index 6e74b1db..4a33eb8a 100644 --- a/include/Hacl_HPKE_P256_CP256_SHA256.h +++ b/include/Hacl_HPKE_P256_CP256_SHA256.h @@ -37,7 +37,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_P256_CP256_SHA256_setupBaseS( diff --git a/include/Hacl_HPKE_P256_CP32_SHA256.h b/include/Hacl_HPKE_P256_CP32_SHA256.h index 1f8679d4..2818abed 100644 --- a/include/Hacl_HPKE_P256_CP32_SHA256.h +++ b/include/Hacl_HPKE_P256_CP32_SHA256.h @@ -37,7 +37,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_P256_CP32_SHA256_setupBaseS( diff --git a/include/Hacl_Hash_Blake2.h b/include/Hacl_Hash_Blake2.h deleted file mode 100644 index aff1c7a9..00000000 --- a/include/Hacl_Hash_Blake2.h +++ /dev/null @@ -1,156 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Hash_Blake2_H -#define __Hacl_Hash_Blake2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Lib_Memzero0.h" -#include "Hacl_Krmllib.h" - -void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn); - -void -Hacl_Blake2b_32_blake2b_update_key( - uint64_t *wv, - uint64_t *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2b_32_blake2b_update_multi( - uint32_t len, - uint64_t *wv, - uint64_t *hash, - FStar_UInt128_uint128 prev, - uint8_t *blocks, - uint32_t nb -); - -void -Hacl_Blake2b_32_blake2b_update_last( - uint32_t len, - uint64_t *wv, - uint64_t *hash, - FStar_UInt128_uint128 prev, - uint32_t rem, - uint8_t *d -); - -void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash); - -/** -Write the BLAKE2b digest of message `d` using key `k` into `output`. - -@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2b_32_blake2b( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - -uint64_t *Hacl_Blake2b_32_blake2b_malloc(void); - -void Hacl_Blake2s_32_blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn); - -void -Hacl_Blake2s_32_blake2s_update_key( - uint32_t *wv, - uint32_t *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2s_32_blake2s_update_multi( - uint32_t len, - uint32_t *wv, - uint32_t *hash, - uint64_t prev, - uint8_t *blocks, - uint32_t nb -); - -void -Hacl_Blake2s_32_blake2s_update_last( - uint32_t len, - uint32_t *wv, - uint32_t *hash, - uint64_t prev, - uint32_t rem, - uint8_t *d -); - -void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash); - -/** -Write the BLAKE2s digest of message `d` using key `k` into `output`. - -@param nn Length of to-be-generated digest with 1 <= `nn` <= 32. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2s_32_blake2s( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - -uint32_t *Hacl_Blake2s_32_blake2s_malloc(void); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Hash_Blake2_H_DEFINED -#endif diff --git a/include/Hacl_Streaming_Blake2b_256.h b/include/Hacl_Hash_Blake2b.h similarity index 56% rename from include/Hacl_Streaming_Blake2b_256.h rename to include/Hacl_Hash_Blake2b.h index 20e42d7c..414574f9 100644 --- a/include/Hacl_Streaming_Blake2b_256.h +++ b/include/Hacl_Hash_Blake2b.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Blake2b_256_H -#define __Hacl_Streaming_Blake2b_256_H +#ifndef __Hacl_Hash_Blake2b_H +#define __Hacl_Hash_Blake2b_H #if defined(__cplusplus) extern "C" { @@ -37,67 +37,71 @@ extern "C" { #include "Hacl_Streaming_Types.h" #include "Hacl_Krmllib.h" -#include "Hacl_Hash_Blake2b_256.h" -typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_block_state_s +typedef struct Hacl_Hash_Blake2b_block_state_t_s { - Lib_IntVector_Intrinsics_vec256 *fst; - Lib_IntVector_Intrinsics_vec256 *snd; + uint64_t *fst; + uint64_t *snd; } -Hacl_Streaming_Blake2b_256_blake2b_256_block_state; +Hacl_Hash_Blake2b_block_state_t; -typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_state_s +typedef struct Hacl_Hash_Blake2b_state_t_s { - Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state; + Hacl_Hash_Blake2b_block_state_t block_state; uint8_t *buf; uint64_t total_len; } -Hacl_Streaming_Blake2b_256_blake2b_256_state; +Hacl_Hash_Blake2b_state_t; /** State allocation function when there is no key */ -Hacl_Streaming_Blake2b_256_blake2b_256_state -*Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(void); +Hacl_Hash_Blake2b_state_t *Hacl_Hash_Blake2b_malloc(void); /** - (Re-)initialization function when there is no key + Re-initialization function when there is no key */ -void -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init( - Hacl_Streaming_Blake2b_256_blake2b_256_state *s -); +void Hacl_Hash_Blake2b_reset(Hacl_Hash_Blake2b_state_t *state); /** Update function when there is no key; 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update( - Hacl_Streaming_Blake2b_256_blake2b_256_state *p, - uint8_t *data, - uint32_t len -); +Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint32_t chunk_len); /** Finish function when there is no key */ -void -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish( - Hacl_Streaming_Blake2b_256_blake2b_256_state *p, - uint8_t *dst -); +void Hacl_Hash_Blake2b_digest(Hacl_Hash_Blake2b_state_t *state, uint8_t *output); /** Free state function when there is no key */ +void Hacl_Hash_Blake2b_free(Hacl_Hash_Blake2b_state_t *state); + +/** +Write the BLAKE2b digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ void -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free( - Hacl_Streaming_Blake2b_256_blake2b_256_state *s +Hacl_Hash_Blake2b_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len ); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Blake2b_256_H_DEFINED +#define __Hacl_Hash_Blake2b_H_DEFINED #endif diff --git a/include/Hacl_Hash_Blake2b_Simd256.h b/include/Hacl_Hash_Blake2b_Simd256.h new file mode 100644 index 00000000..adddce66 --- /dev/null +++ b/include/Hacl_Hash_Blake2b_Simd256.h @@ -0,0 +1,113 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_Hash_Blake2b_Simd256_H +#define __Hacl_Hash_Blake2b_Simd256_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Streaming_Types.h" +#include "Hacl_Krmllib.h" +#include "libintvector.h" + +typedef struct Hacl_Hash_Blake2b_Simd256_block_state_t_s +{ + Lib_IntVector_Intrinsics_vec256 *fst; + Lib_IntVector_Intrinsics_vec256 *snd; +} +Hacl_Hash_Blake2b_Simd256_block_state_t; + +typedef struct Hacl_Hash_Blake2b_Simd256_state_t_s +{ + Hacl_Hash_Blake2b_Simd256_block_state_t block_state; + uint8_t *buf; + uint64_t total_len; +} +Hacl_Hash_Blake2b_Simd256_state_t; + +/** + State allocation function when there is no key +*/ +Hacl_Hash_Blake2b_Simd256_state_t *Hacl_Hash_Blake2b_Simd256_malloc(void); + +/** + Re-initialization function when there is no key +*/ +void Hacl_Hash_Blake2b_Simd256_reset(Hacl_Hash_Blake2b_Simd256_state_t *state); + +/** + Update function when there is no key; 0 = success, 1 = max length exceeded +*/ +Hacl_Streaming_Types_error_code +Hacl_Hash_Blake2b_Simd256_update( + Hacl_Hash_Blake2b_Simd256_state_t *state, + uint8_t *chunk, + uint32_t chunk_len +); + +/** + Finish function when there is no key +*/ +void +Hacl_Hash_Blake2b_Simd256_digest(Hacl_Hash_Blake2b_Simd256_state_t *state, uint8_t *output); + +/** + Free state function when there is no key +*/ +void Hacl_Hash_Blake2b_Simd256_free(Hacl_Hash_Blake2b_Simd256_state_t *state); + +/** +Write the BLAKE2b digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ +void +Hacl_Hash_Blake2b_Simd256_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_Hash_Blake2b_Simd256_H_DEFINED +#endif diff --git a/include/Hacl_Streaming_Blake2s_128.h b/include/Hacl_Hash_Blake2s.h similarity index 56% rename from include/Hacl_Streaming_Blake2s_128.h rename to include/Hacl_Hash_Blake2s.h index 60e209ff..2c0d7c5b 100644 --- a/include/Hacl_Streaming_Blake2s_128.h +++ b/include/Hacl_Hash_Blake2s.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Blake2s_128_H -#define __Hacl_Streaming_Blake2s_128_H +#ifndef __Hacl_Hash_Blake2s_H +#define __Hacl_Hash_Blake2s_H #if defined(__cplusplus) extern "C" { @@ -36,67 +36,71 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Hash_Blake2s_128.h" -typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_block_state_s +typedef struct Hacl_Hash_Blake2s_block_state_t_s { - Lib_IntVector_Intrinsics_vec128 *fst; - Lib_IntVector_Intrinsics_vec128 *snd; + uint32_t *fst; + uint32_t *snd; } -Hacl_Streaming_Blake2s_128_blake2s_128_block_state; +Hacl_Hash_Blake2s_block_state_t; -typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_state_s +typedef struct Hacl_Hash_Blake2s_state_t_s { - Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state; + Hacl_Hash_Blake2s_block_state_t block_state; uint8_t *buf; uint64_t total_len; } -Hacl_Streaming_Blake2s_128_blake2s_128_state; +Hacl_Hash_Blake2s_state_t; /** State allocation function when there is no key */ -Hacl_Streaming_Blake2s_128_blake2s_128_state -*Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(void); +Hacl_Hash_Blake2s_state_t *Hacl_Hash_Blake2s_malloc(void); /** - (Re-)initialization function when there is no key + Re-initialization function when there is no key */ -void -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init( - Hacl_Streaming_Blake2s_128_blake2s_128_state *s -); +void Hacl_Hash_Blake2s_reset(Hacl_Hash_Blake2s_state_t *state); /** Update function when there is no key; 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update( - Hacl_Streaming_Blake2s_128_blake2s_128_state *p, - uint8_t *data, - uint32_t len -); +Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint32_t chunk_len); /** Finish function when there is no key */ -void -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish( - Hacl_Streaming_Blake2s_128_blake2s_128_state *p, - uint8_t *dst -); +void Hacl_Hash_Blake2s_digest(Hacl_Hash_Blake2s_state_t *state, uint8_t *output); /** Free state function when there is no key */ +void Hacl_Hash_Blake2s_free(Hacl_Hash_Blake2s_state_t *state); + +/** +Write the BLAKE2s digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ void -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free( - Hacl_Streaming_Blake2s_128_blake2s_128_state *s +Hacl_Hash_Blake2s_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len ); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Blake2s_128_H_DEFINED +#define __Hacl_Hash_Blake2s_H_DEFINED #endif diff --git a/include/Hacl_Hash_Blake2s_Simd128.h b/include/Hacl_Hash_Blake2s_Simd128.h new file mode 100644 index 00000000..6484005e --- /dev/null +++ b/include/Hacl_Hash_Blake2s_Simd128.h @@ -0,0 +1,112 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_Hash_Blake2s_Simd128_H +#define __Hacl_Hash_Blake2s_Simd128_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Streaming_Types.h" +#include "libintvector.h" + +typedef struct Hacl_Hash_Blake2s_Simd128_block_state_t_s +{ + Lib_IntVector_Intrinsics_vec128 *fst; + Lib_IntVector_Intrinsics_vec128 *snd; +} +Hacl_Hash_Blake2s_Simd128_block_state_t; + +typedef struct Hacl_Hash_Blake2s_Simd128_state_t_s +{ + Hacl_Hash_Blake2s_Simd128_block_state_t block_state; + uint8_t *buf; + uint64_t total_len; +} +Hacl_Hash_Blake2s_Simd128_state_t; + +/** + State allocation function when there is no key +*/ +Hacl_Hash_Blake2s_Simd128_state_t *Hacl_Hash_Blake2s_Simd128_malloc(void); + +/** + Re-initialization function when there is no key +*/ +void Hacl_Hash_Blake2s_Simd128_reset(Hacl_Hash_Blake2s_Simd128_state_t *state); + +/** + Update function when there is no key; 0 = success, 1 = max length exceeded +*/ +Hacl_Streaming_Types_error_code +Hacl_Hash_Blake2s_Simd128_update( + Hacl_Hash_Blake2s_Simd128_state_t *state, + uint8_t *chunk, + uint32_t chunk_len +); + +/** + Finish function when there is no key +*/ +void +Hacl_Hash_Blake2s_Simd128_digest(Hacl_Hash_Blake2s_Simd128_state_t *state, uint8_t *output); + +/** + Free state function when there is no key +*/ +void Hacl_Hash_Blake2s_Simd128_free(Hacl_Hash_Blake2s_Simd128_state_t *state); + +/** +Write the BLAKE2s digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ +void +Hacl_Hash_Blake2s_Simd128_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_Hash_Blake2s_Simd128_H_DEFINED +#endif diff --git a/include/Hacl_Hash_MD5.h b/include/Hacl_Hash_MD5.h index dd4c75e0..db93d7d6 100644 --- a/include/Hacl_Hash_MD5.h +++ b/include/Hacl_Hash_MD5.h @@ -37,25 +37,25 @@ extern "C" { #include "Hacl_Streaming_Types.h" -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_MD5_state; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_MD5_state_t; -Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void); -void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len); +Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len); -void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output); -void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0); +Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state); -void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/Hacl_Hash_SHA1.h b/include/Hacl_Hash_SHA1.h index 2737b20f..19045440 100644 --- a/include/Hacl_Hash_SHA1.h +++ b/include/Hacl_Hash_SHA1.h @@ -37,25 +37,25 @@ extern "C" { #include "Hacl_Streaming_Types.h" -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA1_state; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA1_state_t; -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void); -void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len); +Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len); -void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output); -void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state); -void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/Hacl_Hash_SHA2.h b/include/Hacl_Hash_SHA2.h index 8f98d878..d17eab94 100644 --- a/include/Hacl_Hash_SHA2.h +++ b/include/Hacl_Hash_SHA2.h @@ -38,19 +38,19 @@ extern "C" { #include "Hacl_Streaming_Types.h" #include "Hacl_Krmllib.h" -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_224; -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_256; -typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384; +typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_384; -typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512; +typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_512; /** Allocate initial state for the SHA2_256 hash. The state is to be freed by calling `free_256`. */ -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void); /** Copies the state passed as argument into a newly allocated state (deep copy). @@ -58,73 +58,73 @@ The state is to be freed by calling `free_256`. Cloning the state this way is useful, for instance, if your control-flow diverges and you need to feed more (different) data into the hash in each branch. */ -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state); /** Reset an existing state to the initial hash state with empty data. */ -void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state); /** Feed an arbitrary amount of data into the hash. This function returns 0 for success, or 1 if the combined length of all of the data passed to `update_256` -(since the last call to `init_256`) exceeds 2^61-1 bytes. +(since the last call to `reset_256`) exceeds 2^61-1 bytes. This function is identical to the update function for SHA2_224. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_256( - Hacl_Streaming_MD_state_32 *p, +Hacl_Hash_SHA2_update_256( + Hacl_Streaming_MD_state_32 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 32 bytes. The state remains -valid after a call to `finish_256`, meaning the user may feed more data into -the hash via `update_256`. (The finish_256 function operates on an internal copy of +Write the resulting hash into `output`, an array of 32 bytes. The state remains +valid after a call to `digest_256`, meaning the user may feed more data into +the hash via `update_256`. (The digest_256 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output); /** -Free a state allocated with `create_in_256`. +Free a state allocated with `malloc_256`. This function is identical to the free function for SHA2_224. */ -void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 32 bytes. */ -void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void); -void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_224( - Hacl_Streaming_MD_state_32 *p, +Hacl_Hash_SHA2_update_224( + Hacl_Streaming_MD_state_32 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 28 bytes. The state remains -valid after a call to `finish_224`, meaning the user may feed more data into +Write the resulting hash into `output`, an array of 28 bytes. The state remains +valid after a call to `digest_224`, meaning the user may feed more data into the hash via `update_224`. */ -void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output); -void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p); +void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 28 bytes. */ -void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len); -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void); +Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void); /** Copies the state passed as argument into a newly allocated state (deep copy). @@ -132,68 +132,68 @@ The state is to be freed by calling `free_512`. Cloning the state this way is useful, for instance, if your control-flow diverges and you need to feed more (different) data into the hash in each branch. */ -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0); +Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state); -void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s); +void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state); /** Feed an arbitrary amount of data into the hash. This function returns 0 for success, or 1 if the combined length of all of the data passed to `update_512` -(since the last call to `init_512`) exceeds 2^125-1 bytes. +(since the last call to `reset_512`) exceeds 2^125-1 bytes. This function is identical to the update function for SHA2_384. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_512( - Hacl_Streaming_MD_state_64 *p, +Hacl_Hash_SHA2_update_512( + Hacl_Streaming_MD_state_64 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 64 bytes. The state remains -valid after a call to `finish_512`, meaning the user may feed more data into -the hash via `update_512`. (The finish_512 function operates on an internal copy of +Write the resulting hash into `output`, an array of 64 bytes. The state remains +valid after a call to `digest_512`, meaning the user may feed more data into +the hash via `update_512`. (The digest_512 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output); /** -Free a state allocated with `create_in_512`. +Free a state allocated with `malloc_512`. This function is identical to the free function for SHA2_384. */ -void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s); +void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 64 bytes. */ -void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len); -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void); +Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void); -void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s); +void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_384( - Hacl_Streaming_MD_state_64 *p, +Hacl_Hash_SHA2_update_384( + Hacl_Streaming_MD_state_64 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 48 bytes. The state remains -valid after a call to `finish_384`, meaning the user may feed more data into +Write the resulting hash into `output`, an array of 48 bytes. The state remains +valid after a call to `digest_384`, meaning the user may feed more data into the hash via `update_384`. */ -void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output); -void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p); +void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 48 bytes. */ -void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/Hacl_Hash_SHA3.h b/include/Hacl_Hash_SHA3.h index e2f5ff06..e09f8745 100644 --- a/include/Hacl_Hash_SHA3.h +++ b/include/Hacl_Hash_SHA3.h @@ -37,48 +37,48 @@ extern "C" { #include "Hacl_Streaming_Types.h" -typedef struct Hacl_Streaming_Keccak_hash_buf_s +typedef struct Hacl_Hash_SHA3_hash_buf_s { Spec_Hash_Definitions_hash_alg fst; uint64_t *snd; } -Hacl_Streaming_Keccak_hash_buf; +Hacl_Hash_SHA3_hash_buf; -typedef struct Hacl_Streaming_Keccak_state_s +typedef struct Hacl_Hash_SHA3_state_t_s { - Hacl_Streaming_Keccak_hash_buf block_state; + Hacl_Hash_SHA3_hash_buf block_state; uint8_t *buf; uint64_t total_len; } -Hacl_Streaming_Keccak_state; +Hacl_Hash_SHA3_state_t; -Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s); +Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s); -Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a); +Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a); -void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s); +void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state); -Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0); +Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state); -void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s); +void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state); Hacl_Streaming_Types_error_code -Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len); +Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len); Hacl_Streaming_Types_error_code -Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst); +Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output); Hacl_Streaming_Types_error_code -Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l); +Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l); -uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s); +uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s); -uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s); +uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s); -bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s); +bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s); void -Hacl_SHA3_shake128_hacl( +Hacl_Hash_SHA3_shake128_hacl( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -86,25 +86,25 @@ Hacl_SHA3_shake128_hacl( ); void -Hacl_SHA3_shake256_hacl( +Hacl_Hash_SHA3_shake256_hacl( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, uint8_t *output ); -void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s); +void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s); void -Hacl_Impl_SHA3_squeeze( +Hacl_Hash_SHA3_squeeze0( uint64_t *s, uint32_t rateInBytes, uint32_t outputByteLen, @@ -112,7 +112,7 @@ Hacl_Impl_SHA3_squeeze( ); void -Hacl_Impl_SHA3_keccak( +Hacl_Hash_SHA3_keccak( uint32_t rate, uint32_t capacity, uint32_t inputByteLen, diff --git a/include/Hacl_IntTypes_Intrinsics.h b/include/Hacl_IntTypes_Intrinsics.h index e2a193e9..c816b046 100644 --- a/include/Hacl_IntTypes_Intrinsics.h +++ b/include/Hacl_IntTypes_Intrinsics.h @@ -41,7 +41,7 @@ static inline uint32_t Hacl_IntTypes_Intrinsics_add_carry_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r) { uint64_t res = (uint64_t)x + (uint64_t)cin + (uint64_t)y; - uint32_t c = (uint32_t)(res >> (uint32_t)32U); + uint32_t c = (uint32_t)(res >> 32U); r[0U] = (uint32_t)res; return c; } @@ -50,7 +50,7 @@ static inline uint32_t Hacl_IntTypes_Intrinsics_sub_borrow_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r) { uint64_t res = (uint64_t)x - (uint64_t)y - (uint64_t)cin; - uint32_t c = (uint32_t)(res >> (uint32_t)32U) & (uint32_t)1U; + uint32_t c = (uint32_t)(res >> 32U) & 1U; r[0U] = (uint32_t)res; return c; } @@ -59,8 +59,7 @@ static inline uint64_t Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) { uint64_t res = x + cin + y; - uint64_t - c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & (uint64_t)1U; + uint64_t c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & 1ULL; r[0U] = res; return c; } @@ -73,7 +72,7 @@ Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, ui c = ((FStar_UInt64_gte_mask(res, x) & ~FStar_UInt64_eq_mask(res, x)) | (FStar_UInt64_eq_mask(res, x) & cin)) - & (uint64_t)1U; + & 1ULL; r[0U] = res; return c; } diff --git a/include/Hacl_IntTypes_Intrinsics_128.h b/include/Hacl_IntTypes_Intrinsics_128.h index aa843a6c..d3008969 100644 --- a/include/Hacl_IntTypes_Intrinsics_128.h +++ b/include/Hacl_IntTypes_Intrinsics_128.h @@ -45,7 +45,7 @@ Hacl_IntTypes_Intrinsics_128_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_uint64_to_uint128(x), FStar_UInt128_uint64_to_uint128(cin)), FStar_UInt128_uint64_to_uint128(y)); - uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); + uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)); r[0U] = FStar_UInt128_uint128_to_uint64(res); return c; } @@ -58,10 +58,7 @@ Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y FStar_UInt128_sub_mod(FStar_UInt128_sub_mod(FStar_UInt128_uint64_to_uint128(x), FStar_UInt128_uint64_to_uint128(y)), FStar_UInt128_uint64_to_uint128(cin)); - uint64_t - c = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)) - & (uint64_t)1U; + uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)) & 1ULL; r[0U] = FStar_UInt128_uint128_to_uint64(res); return c; } diff --git a/include/Hacl_Krmllib.h b/include/Hacl_Krmllib.h index 6916db3d..c0ea70bf 100644 --- a/include/Hacl_Krmllib.h +++ b/include/Hacl_Krmllib.h @@ -35,9 +35,9 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b); +static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b); -static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b); +static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b); static inline FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); diff --git a/include/msvc/Hacl_Streaming_Poly1305_32.h b/include/Hacl_MAC_Poly1305.h similarity index 67% rename from include/msvc/Hacl_Streaming_Poly1305_32.h rename to include/Hacl_MAC_Poly1305.h index 88d1a513..95ac4be2 100644 --- a/include/msvc/Hacl_Streaming_Poly1305_32.h +++ b/include/Hacl_MAC_Poly1305.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Poly1305_32_H -#define __Hacl_Streaming_Poly1305_32_H +#ifndef __Hacl_MAC_Poly1305_H +#define __Hacl_MAC_Poly1305_H #if defined(__cplusplus) extern "C" { @@ -36,43 +36,36 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Poly1305_32.h" +#include "Hacl_Krmllib.h" -typedef struct Hacl_Streaming_Poly1305_32_poly1305_32_state_s +typedef struct Hacl_MAC_Poly1305_state_t_s { uint64_t *block_state; uint8_t *buf; uint64_t total_len; uint8_t *p_key; } -Hacl_Streaming_Poly1305_32_poly1305_32_state; +Hacl_MAC_Poly1305_state_t; -Hacl_Streaming_Poly1305_32_poly1305_32_state *Hacl_Streaming_Poly1305_32_create_in(uint8_t *k); +Hacl_MAC_Poly1305_state_t *Hacl_MAC_Poly1305_malloc(uint8_t *key); -void -Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_32_state *s); +void Hacl_MAC_Poly1305_reset(Hacl_MAC_Poly1305_state_t *state, uint8_t *key); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Poly1305_32_update( - Hacl_Streaming_Poly1305_32_poly1305_32_state *p, - uint8_t *data, - uint32_t len -); +Hacl_MAC_Poly1305_update(Hacl_MAC_Poly1305_state_t *state, uint8_t *chunk, uint32_t chunk_len); -void -Hacl_Streaming_Poly1305_32_finish( - Hacl_Streaming_Poly1305_32_poly1305_32_state *p, - uint8_t *dst -); +void Hacl_MAC_Poly1305_digest(Hacl_MAC_Poly1305_state_t *state, uint8_t *output); -void Hacl_Streaming_Poly1305_32_free(Hacl_Streaming_Poly1305_32_poly1305_32_state *s); +void Hacl_MAC_Poly1305_free(Hacl_MAC_Poly1305_state_t *state); + +void Hacl_MAC_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Poly1305_32_H_DEFINED +#define __Hacl_MAC_Poly1305_H_DEFINED #endif diff --git a/include/Hacl_Streaming_Poly1305_128.h b/include/Hacl_MAC_Poly1305_Simd128.h similarity index 67% rename from include/Hacl_Streaming_Poly1305_128.h rename to include/Hacl_MAC_Poly1305_Simd128.h index d6299052..9b69ebd4 100644 --- a/include/Hacl_Streaming_Poly1305_128.h +++ b/include/Hacl_MAC_Poly1305_Simd128.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Poly1305_128_H -#define __Hacl_Streaming_Poly1305_128_H +#ifndef __Hacl_MAC_Poly1305_Simd128_H +#define __Hacl_MAC_Poly1305_Simd128_H #if defined(__cplusplus) extern "C" { @@ -36,44 +36,47 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Poly1305_128.h" +#include "libintvector.h" -typedef struct Hacl_Streaming_Poly1305_128_poly1305_128_state_s +typedef struct Hacl_MAC_Poly1305_Simd128_state_t_s { Lib_IntVector_Intrinsics_vec128 *block_state; uint8_t *buf; uint64_t total_len; uint8_t *p_key; } -Hacl_Streaming_Poly1305_128_poly1305_128_state; +Hacl_MAC_Poly1305_Simd128_state_t; -Hacl_Streaming_Poly1305_128_poly1305_128_state -*Hacl_Streaming_Poly1305_128_create_in(uint8_t *k); +Hacl_MAC_Poly1305_Simd128_state_t *Hacl_MAC_Poly1305_Simd128_malloc(uint8_t *key); -void -Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly1305_128_state *s); +void Hacl_MAC_Poly1305_Simd128_reset(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *key); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Poly1305_128_update( - Hacl_Streaming_Poly1305_128_poly1305_128_state *p, - uint8_t *data, - uint32_t len +Hacl_MAC_Poly1305_Simd128_update( + Hacl_MAC_Poly1305_Simd128_state_t *state, + uint8_t *chunk, + uint32_t chunk_len ); void -Hacl_Streaming_Poly1305_128_finish( - Hacl_Streaming_Poly1305_128_poly1305_128_state *p, - uint8_t *dst -); +Hacl_MAC_Poly1305_Simd128_digest(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *output); + +void Hacl_MAC_Poly1305_Simd128_free(Hacl_MAC_Poly1305_Simd128_state_t *state); -void Hacl_Streaming_Poly1305_128_free(Hacl_Streaming_Poly1305_128_poly1305_128_state *s); +void +Hacl_MAC_Poly1305_Simd128_mac( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *key +); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Poly1305_128_H_DEFINED +#define __Hacl_MAC_Poly1305_Simd128_H_DEFINED #endif diff --git a/include/msvc/Hacl_Streaming_Poly1305_256.h b/include/Hacl_MAC_Poly1305_Simd256.h similarity index 67% rename from include/msvc/Hacl_Streaming_Poly1305_256.h rename to include/Hacl_MAC_Poly1305_Simd256.h index 689b837b..89f4a104 100644 --- a/include/msvc/Hacl_Streaming_Poly1305_256.h +++ b/include/Hacl_MAC_Poly1305_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Poly1305_256_H -#define __Hacl_Streaming_Poly1305_256_H +#ifndef __Hacl_MAC_Poly1305_Simd256_H +#define __Hacl_MAC_Poly1305_Simd256_H #if defined(__cplusplus) extern "C" { @@ -36,44 +36,47 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Poly1305_256.h" +#include "libintvector.h" -typedef struct Hacl_Streaming_Poly1305_256_poly1305_256_state_s +typedef struct Hacl_MAC_Poly1305_Simd256_state_t_s { Lib_IntVector_Intrinsics_vec256 *block_state; uint8_t *buf; uint64_t total_len; uint8_t *p_key; } -Hacl_Streaming_Poly1305_256_poly1305_256_state; +Hacl_MAC_Poly1305_Simd256_state_t; -Hacl_Streaming_Poly1305_256_poly1305_256_state -*Hacl_Streaming_Poly1305_256_create_in(uint8_t *k); +Hacl_MAC_Poly1305_Simd256_state_t *Hacl_MAC_Poly1305_Simd256_malloc(uint8_t *key); -void -Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly1305_256_state *s); +void Hacl_MAC_Poly1305_Simd256_reset(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *key); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Poly1305_256_update( - Hacl_Streaming_Poly1305_256_poly1305_256_state *p, - uint8_t *data, - uint32_t len +Hacl_MAC_Poly1305_Simd256_update( + Hacl_MAC_Poly1305_Simd256_state_t *state, + uint8_t *chunk, + uint32_t chunk_len ); void -Hacl_Streaming_Poly1305_256_finish( - Hacl_Streaming_Poly1305_256_poly1305_256_state *p, - uint8_t *dst -); +Hacl_MAC_Poly1305_Simd256_digest(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *output); + +void Hacl_MAC_Poly1305_Simd256_free(Hacl_MAC_Poly1305_Simd256_state_t *state); -void Hacl_Streaming_Poly1305_256_free(Hacl_Streaming_Poly1305_256_poly1305_256_state *s); +void +Hacl_MAC_Poly1305_Simd256_mac( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *key +); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Poly1305_256_H_DEFINED +#define __Hacl_MAC_Poly1305_Simd256_H_DEFINED #endif diff --git a/include/Hacl_NaCl.h b/include/Hacl_NaCl.h index b7e91a4b..a3ca6804 100644 --- a/include/Hacl_NaCl.h +++ b/include/Hacl_NaCl.h @@ -36,7 +36,7 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Salsa20.h" -#include "Hacl_Poly1305_32.h" +#include "Hacl_MAC_Poly1305.h" #include "Hacl_Curve25519_51.h" /** diff --git a/include/Hacl_Poly1305_128.h b/include/Hacl_Poly1305_128.h deleted file mode 100644 index 834d4a8a..00000000 --- a/include/Hacl_Poly1305_128.h +++ /dev/null @@ -1,67 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Poly1305_128_H -#define __Hacl_Poly1305_128_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "libintvector.h" - -typedef Lib_IntVector_Intrinsics_vec128 *Hacl_Poly1305_128_poly1305_ctx; - -void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key); - -void Hacl_Poly1305_128_poly1305_update1(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *text); - -void -Hacl_Poly1305_128_poly1305_update( - Lib_IntVector_Intrinsics_vec128 *ctx, - uint32_t len, - uint8_t *text -); - -void -Hacl_Poly1305_128_poly1305_finish( - uint8_t *tag, - uint8_t *key, - Lib_IntVector_Intrinsics_vec128 *ctx -); - -void Hacl_Poly1305_128_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Poly1305_128_H_DEFINED -#endif diff --git a/include/Hacl_Poly1305_256.h b/include/Hacl_Poly1305_256.h deleted file mode 100644 index 9d1ae8c3..00000000 --- a/include/Hacl_Poly1305_256.h +++ /dev/null @@ -1,67 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Poly1305_256_H -#define __Hacl_Poly1305_256_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "libintvector.h" - -typedef Lib_IntVector_Intrinsics_vec256 *Hacl_Poly1305_256_poly1305_ctx; - -void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key); - -void Hacl_Poly1305_256_poly1305_update1(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *text); - -void -Hacl_Poly1305_256_poly1305_update( - Lib_IntVector_Intrinsics_vec256 *ctx, - uint32_t len, - uint8_t *text -); - -void -Hacl_Poly1305_256_poly1305_finish( - uint8_t *tag, - uint8_t *key, - Lib_IntVector_Intrinsics_vec256 *ctx -); - -void Hacl_Poly1305_256_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Poly1305_256_H_DEFINED -#endif diff --git a/include/Hacl_Poly1305_32.h b/include/Hacl_Poly1305_32.h deleted file mode 100644 index f3233b90..00000000 --- a/include/Hacl_Poly1305_32.h +++ /dev/null @@ -1,57 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Poly1305_32_H -#define __Hacl_Poly1305_32_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Krmllib.h" - -typedef uint64_t *Hacl_Poly1305_32_poly1305_ctx; - -void Hacl_Poly1305_32_poly1305_init(uint64_t *ctx, uint8_t *key); - -void Hacl_Poly1305_32_poly1305_update1(uint64_t *ctx, uint8_t *text); - -void Hacl_Poly1305_32_poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text); - -void Hacl_Poly1305_32_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx); - -void Hacl_Poly1305_32_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Poly1305_32_H_DEFINED -#endif diff --git a/include/Hacl_RSAPSS.h b/include/Hacl_RSAPSS.h index 8f4de949..90bd69ce 100644 --- a/include/Hacl_RSAPSS.h +++ b/include/Hacl_RSAPSS.h @@ -43,9 +43,9 @@ extern "C" { Sign a message `msg` and write the signature to `sgnt`. @param a Hash algorithm to use. Allowed values for `a` are ... - * Spec_Hash_Definitions_SHA2_256, - * Spec_Hash_Definitions_SHA2_384, and - * Spec_Hash_Definitions_SHA2_512. + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. @@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`. @@ -105,10 +108,10 @@ Load a public key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@return Returns an allocated public key. Note: caller must take care to `free()` the created key. +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb); @@ -119,11 +122,11 @@ Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. -@return Returns an allocated secret key. Note: caller must take care to `free()` the created key. +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_skey( @@ -138,13 +141,16 @@ uint64_t /** Sign a message `msg` and write the signature to `sgnt`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param salt Pointer to `saltLen` bytes where the salt is read from. @param msgLen Length of message. @@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param sgntLen Length of signature. @param sgnt Pointer to `sgntLen` bytes where the signature is read from. diff --git a/include/Hacl_Streaming_Blake2.h b/include/Hacl_Streaming_Blake2.h deleted file mode 100644 index bfb05e4f..00000000 --- a/include/Hacl_Streaming_Blake2.h +++ /dev/null @@ -1,147 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Streaming_Blake2_H -#define __Hacl_Streaming_Blake2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Streaming_Types.h" -#include "Hacl_Krmllib.h" -#include "Hacl_Hash_Blake2.h" - -typedef struct Hacl_Streaming_Blake2_blake2s_32_block_state_s -{ - uint32_t *fst; - uint32_t *snd; -} -Hacl_Streaming_Blake2_blake2s_32_block_state; - -typedef struct Hacl_Streaming_Blake2_blake2b_32_block_state_s -{ - uint64_t *fst; - uint64_t *snd; -} -Hacl_Streaming_Blake2_blake2b_32_block_state; - -typedef struct Hacl_Streaming_Blake2_blake2s_32_state_s -{ - Hacl_Streaming_Blake2_blake2s_32_block_state block_state; - uint8_t *buf; - uint64_t total_len; -} -Hacl_Streaming_Blake2_blake2s_32_state; - -typedef struct Hacl_Streaming_Blake2_blake2b_32_state_s -{ - Hacl_Streaming_Blake2_blake2b_32_block_state block_state; - uint8_t *buf; - uint64_t total_len; -} -Hacl_Streaming_Blake2_blake2b_32_state; - -/** - State allocation function when there is no key -*/ -Hacl_Streaming_Blake2_blake2s_32_state -*Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(void); - -/** - (Re-)initialization function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_32_state *s1); - -/** - Update function when there is no key; 0 = success, 1 = max length exceeded -*/ -Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2_blake2s_32_no_key_update( - Hacl_Streaming_Blake2_blake2s_32_state *p, - uint8_t *data, - uint32_t len -); - -/** - Finish function when there is no key -*/ -void -Hacl_Streaming_Blake2_blake2s_32_no_key_finish( - Hacl_Streaming_Blake2_blake2s_32_state *p, - uint8_t *dst -); - -/** - Free state function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2s_32_no_key_free(Hacl_Streaming_Blake2_blake2s_32_state *s1); - -/** - State allocation function when there is no key -*/ -Hacl_Streaming_Blake2_blake2b_32_state -*Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(void); - -/** - (Re)-initialization function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_32_state *s1); - -/** - Update function when there is no key; 0 = success, 1 = max length exceeded -*/ -Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2_blake2b_32_no_key_update( - Hacl_Streaming_Blake2_blake2b_32_state *p, - uint8_t *data, - uint32_t len -); - -/** - Finish function when there is no key -*/ -void -Hacl_Streaming_Blake2_blake2b_32_no_key_finish( - Hacl_Streaming_Blake2_blake2b_32_state *p, - uint8_t *dst -); - -/** - Free state function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2b_32_no_key_free(Hacl_Streaming_Blake2_blake2b_32_state *s1); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Streaming_Blake2_H_DEFINED -#endif diff --git a/include/TestLib.h b/include/TestLib.h index 3928a462..62399c0c 100644 --- a/include/TestLib.h +++ b/include/TestLib.h @@ -55,7 +55,8 @@ extern void TestLib_checku32(uint32_t uu___, uint32_t uu___1); extern void TestLib_checku64(uint64_t uu___, uint64_t uu___1); -extern void TestLib_compare_and_print(C_String_t uu___, uint8_t *b1, uint8_t *b2, uint32_t l); +extern void +TestLib_compare_and_print(Prims_string uu___, uint8_t *b1, uint8_t *b2, uint32_t l); extern uint8_t *TestLib_unsafe_malloc(uint32_t l); diff --git a/include/internal/EverCrypt_HMAC.h b/include/internal/EverCrypt_HMAC.h index 02986e6c..debea462 100644 --- a/include/internal/EverCrypt_HMAC.h +++ b/include/internal/EverCrypt_HMAC.h @@ -38,7 +38,9 @@ extern "C" { #include "internal/Hacl_Krmllib.h" #include "internal/Hacl_Hash_SHA2.h" #include "internal/Hacl_Hash_SHA1.h" -#include "internal/Hacl_Hash_Blake2.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" +#include "internal/Hacl_HMAC.h" #include "internal/EverCrypt_Hash.h" #include "../EverCrypt_HMAC.h" diff --git a/include/internal/EverCrypt_Hash.h b/include/internal/EverCrypt_Hash.h index c9417677..cd706161 100644 --- a/include/internal/EverCrypt_Hash.h +++ b/include/internal/EverCrypt_Hash.h @@ -41,11 +41,15 @@ extern "C" { #include "internal/Hacl_Hash_SHA2.h" #include "internal/Hacl_Hash_SHA1.h" #include "internal/Hacl_Hash_MD5.h" +#include "internal/Hacl_Hash_Blake2s_Simd128.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b_Simd256.h" +#include "internal/Hacl_Hash_Blake2b.h" #include "../EverCrypt_Hash.h" void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n); -void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst); +void EverCrypt_Hash_Incremental_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/internal/Hacl_Bignum.h b/include/internal/Hacl_Bignum.h index 901a8dad..4b31236d 100644 --- a/include/internal/Hacl_Bignum.h +++ b/include/internal/Hacl_Bignum.h @@ -124,15 +124,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32( uint32_t *res ); -void -Hacl_Bignum_Montgomery_bn_mont_reduction_u32( - uint32_t len, - uint32_t *n, - uint32_t nInv, - uint32_t *c, - uint32_t *res -); - void Hacl_Bignum_Montgomery_bn_to_mont_u32( uint32_t len, @@ -181,15 +172,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64( uint64_t *res ); -void -Hacl_Bignum_Montgomery_bn_mont_reduction_u64( - uint32_t len, - uint64_t *n, - uint64_t nInv, - uint64_t *c, - uint64_t *res -); - void Hacl_Bignum_Montgomery_bn_to_mont_u64( uint32_t len, @@ -228,6 +210,24 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u64( uint64_t *resM ); +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv, + uint32_t *c, + uint32_t *res +); + +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv, + uint64_t *c, + uint64_t *res +); + uint32_t Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32( uint32_t len, diff --git a/include/internal/Hacl_Bignum25519_51.h b/include/internal/Hacl_Bignum25519_51.h index 9fe5e9fc..4678f8a0 100644 --- a/include/internal/Hacl_Bignum25519_51.h +++ b/include/internal/Hacl_Bignum25519_51.h @@ -69,11 +69,11 @@ static inline void Hacl_Impl_Curve25519_Field51_fsub(uint64_t *out, uint64_t *f1 uint64_t f23 = f2[3U]; uint64_t f14 = f1[4U]; uint64_t f24 = f2[4U]; - out[0U] = f10 + (uint64_t)0x3fffffffffff68U - f20; - out[1U] = f11 + (uint64_t)0x3ffffffffffff8U - f21; - out[2U] = f12 + (uint64_t)0x3ffffffffffff8U - f22; - out[3U] = f13 + (uint64_t)0x3ffffffffffff8U - f23; - out[4U] = f14 + (uint64_t)0x3ffffffffffff8U - f24; + out[0U] = f10 + 0x3fffffffffff68ULL - f20; + out[1U] = f11 + 0x3ffffffffffff8ULL - f21; + out[2U] = f12 + 0x3ffffffffffff8ULL - f22; + out[3U] = f13 + 0x3ffffffffffff8ULL - f23; + out[4U] = f14 + 0x3ffffffffffff8ULL - f24; } static inline void @@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul( FStar_UInt128_uint128 *uu___ ) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -94,10 +95,10 @@ Hacl_Impl_Curve25519_Field51_fmul( uint64_t f22 = f2[2U]; uint64_t f23 = f2[3U]; uint64_t f24 = f2[4U]; - uint64_t tmp1 = f21 * (uint64_t)19U; - uint64_t tmp2 = f22 * (uint64_t)19U; - uint64_t tmp3 = f23 * (uint64_t)19U; - uint64_t tmp4 = f24 * (uint64_t)19U; + uint64_t tmp1 = f21 * 19ULL; + uint64_t tmp2 = f22 * 19ULL; + uint64_t tmp3 = f23 * 19ULL; + uint64_t tmp4 = f24 * 19ULL; FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20); FStar_UInt128_uint128 o10 = FStar_UInt128_mul_wide(f10, f21); FStar_UInt128_uint128 o20 = FStar_UInt128_mul_wide(f10, f22); @@ -128,25 +129,24 @@ Hacl_Impl_Curve25519_Field51_fmul( FStar_UInt128_uint128 tmp_w2 = o24; FStar_UInt128_uint128 tmp_w3 = o34; FStar_UInt128_uint128 tmp_w4 = o44; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp01 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp01 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t o0 = tmp0_; uint64_t o1 = tmp11 + c5; uint64_t o2 = tmp21; @@ -167,6 +167,7 @@ Hacl_Impl_Curve25519_Field51_fmul2( FStar_UInt128_uint128 *uu___ ) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -187,14 +188,14 @@ Hacl_Impl_Curve25519_Field51_fmul2( uint64_t f42 = f2[7U]; uint64_t f43 = f2[8U]; uint64_t f44 = f2[9U]; - uint64_t tmp11 = f21 * (uint64_t)19U; - uint64_t tmp12 = f22 * (uint64_t)19U; - uint64_t tmp13 = f23 * (uint64_t)19U; - uint64_t tmp14 = f24 * (uint64_t)19U; - uint64_t tmp21 = f41 * (uint64_t)19U; - uint64_t tmp22 = f42 * (uint64_t)19U; - uint64_t tmp23 = f43 * (uint64_t)19U; - uint64_t tmp24 = f44 * (uint64_t)19U; + uint64_t tmp11 = f21 * 19ULL; + uint64_t tmp12 = f22 * 19ULL; + uint64_t tmp13 = f23 * 19ULL; + uint64_t tmp14 = f24 * 19ULL; + uint64_t tmp21 = f41 * 19ULL; + uint64_t tmp22 = f42 * 19ULL; + uint64_t tmp23 = f43 * 19ULL; + uint64_t tmp24 = f44 * 19ULL; FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20); FStar_UInt128_uint128 o15 = FStar_UInt128_mul_wide(f10, f21); FStar_UInt128_uint128 o25 = FStar_UInt128_mul_wide(f10, f22); @@ -255,49 +256,47 @@ Hacl_Impl_Curve25519_Field51_fmul2( FStar_UInt128_uint128 tmp_w22 = o241; FStar_UInt128_uint128 tmp_w23 = o34; FStar_UInt128_uint128 tmp_w24 = o44; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w11, FStar_UInt128_uint64_to_uint128(c00)); - uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w12, FStar_UInt128_uint64_to_uint128(c10)); - uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w13, FStar_UInt128_uint64_to_uint128(c20)); - uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w14, FStar_UInt128_uint64_to_uint128(c30)); - uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp00 + c40 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c50 = l_4 >> (uint32_t)51U; + uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp00 + c40 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c50 = l_4 >> 51U; uint64_t o100 = tmp0_; uint64_t o112 = tmp10 + c50; uint64_t o122 = tmp20; uint64_t o132 = tmp30; uint64_t o142 = tmp40; - FStar_UInt128_uint128 - l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U)); + FStar_UInt128_uint128 l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U)); FStar_UInt128_uint128 l_6 = FStar_UInt128_add(tmp_w21, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U)); FStar_UInt128_uint128 l_7 = FStar_UInt128_add(tmp_w22, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U)); FStar_UInt128_uint128 l_8 = FStar_UInt128_add(tmp_w23, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U)); FStar_UInt128_uint128 l_9 = FStar_UInt128_add(tmp_w24, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U)); - uint64_t l_10 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_10 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U)); + uint64_t l_10 = tmp0 + c4 * 19ULL; + uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL; + uint64_t c5 = l_10 >> 51U; uint64_t o200 = tmp0_0; uint64_t o212 = tmp1 + c5; uint64_t o222 = tmp2; @@ -337,25 +336,24 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f FStar_UInt128_uint128 tmp_w2 = FStar_UInt128_mul_wide(f2, f12); FStar_UInt128_uint128 tmp_w3 = FStar_UInt128_mul_wide(f2, f13); FStar_UInt128_uint128 tmp_w4 = FStar_UInt128_mul_wide(f2, f14); - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp0 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t o0 = tmp0_; uint64_t o1 = tmp1 + c5; uint64_t o2 = tmp2; @@ -371,17 +369,18 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f static inline void Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f0 = f[0U]; uint64_t f1 = f[1U]; uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - uint64_t d0 = (uint64_t)2U * f0; - uint64_t d1 = (uint64_t)2U * f1; - uint64_t d2 = (uint64_t)38U * f2; - uint64_t d3 = (uint64_t)19U * f3; - uint64_t d419 = (uint64_t)19U * f4; - uint64_t d4 = (uint64_t)2U * d419; + uint64_t d0 = 2ULL * f0; + uint64_t d1 = 2ULL * f1; + uint64_t d2 = 38ULL * f2; + uint64_t d3 = 19ULL * f3; + uint64_t d419 = 19ULL * f4; + uint64_t d4 = 2ULL * d419; FStar_UInt128_uint128 s0 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f0, f0), @@ -412,25 +411,24 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint FStar_UInt128_uint128 o20 = s2; FStar_UInt128_uint128 o30 = s3; FStar_UInt128_uint128 o40 = s4; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o10, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o20, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o30, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o40, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp0 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t o0 = tmp0_; uint64_t o1 = tmp1 + c5; uint64_t o2 = tmp2; @@ -446,6 +444,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint static inline void Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f10 = f[0U]; uint64_t f11 = f[1U]; uint64_t f12 = f[2U]; @@ -456,12 +455,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin uint64_t f22 = f[7U]; uint64_t f23 = f[8U]; uint64_t f24 = f[9U]; - uint64_t d00 = (uint64_t)2U * f10; - uint64_t d10 = (uint64_t)2U * f11; - uint64_t d20 = (uint64_t)38U * f12; - uint64_t d30 = (uint64_t)19U * f13; - uint64_t d4190 = (uint64_t)19U * f14; - uint64_t d40 = (uint64_t)2U * d4190; + uint64_t d00 = 2ULL * f10; + uint64_t d10 = 2ULL * f11; + uint64_t d20 = 38ULL * f12; + uint64_t d30 = 19ULL * f13; + uint64_t d4190 = 19ULL * f14; + uint64_t d40 = 2ULL * d4190; FStar_UInt128_uint128 s00 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f10, f10), @@ -492,12 +491,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin FStar_UInt128_uint128 o120 = s20; FStar_UInt128_uint128 o130 = s30; FStar_UInt128_uint128 o140 = s40; - uint64_t d0 = (uint64_t)2U * f20; - uint64_t d1 = (uint64_t)2U * f21; - uint64_t d2 = (uint64_t)38U * f22; - uint64_t d3 = (uint64_t)19U * f23; - uint64_t d419 = (uint64_t)19U * f24; - uint64_t d4 = (uint64_t)2U * d419; + uint64_t d0 = 2ULL * f20; + uint64_t d1 = 2ULL * f21; + uint64_t d2 = 38ULL * f22; + uint64_t d3 = 19ULL * f23; + uint64_t d419 = 19ULL * f24; + uint64_t d4 = 2ULL * d419; FStar_UInt128_uint128 s0 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f20, f20), @@ -528,49 +527,47 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin FStar_UInt128_uint128 o220 = s2; FStar_UInt128_uint128 o230 = s3; FStar_UInt128_uint128 o240 = s4; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o110, FStar_UInt128_uint64_to_uint128(c00)); - uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o120, FStar_UInt128_uint64_to_uint128(c10)); - uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o130, FStar_UInt128_uint64_to_uint128(c20)); - uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o140, FStar_UInt128_uint64_to_uint128(c30)); - uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp00 + c40 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c50 = l_4 >> (uint32_t)51U; + uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp00 + c40 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c50 = l_4 >> 51U; uint64_t o101 = tmp0_; uint64_t o111 = tmp10 + c50; uint64_t o121 = tmp20; uint64_t o131 = tmp30; uint64_t o141 = tmp40; - FStar_UInt128_uint128 - l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U)); + FStar_UInt128_uint128 l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U)); FStar_UInt128_uint128 l_6 = FStar_UInt128_add(o210, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U)); FStar_UInt128_uint128 l_7 = FStar_UInt128_add(o220, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U)); FStar_UInt128_uint128 l_8 = FStar_UInt128_add(o230, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U)); FStar_UInt128_uint128 l_9 = FStar_UInt128_add(o240, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U)); - uint64_t l_10 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_10 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U)); + uint64_t l_10 = tmp0 + c4 * 19ULL; + uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL; + uint64_t c5 = l_10 >> 51U; uint64_t o201 = tmp0_0; uint64_t o211 = tmp1 + c5; uint64_t o221 = tmp2; @@ -605,49 +602,49 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - uint64_t l_ = f0 + (uint64_t)0U; - uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = l_ >> (uint32_t)51U; + uint64_t l_ = f0 + 0ULL; + uint64_t tmp0 = l_ & 0x7ffffffffffffULL; + uint64_t c0 = l_ >> 51U; uint64_t l_0 = f1 + c0; - uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = l_0 >> (uint32_t)51U; + uint64_t tmp1 = l_0 & 0x7ffffffffffffULL; + uint64_t c1 = l_0 >> 51U; uint64_t l_1 = f2 + c1; - uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = l_1 >> (uint32_t)51U; + uint64_t tmp2 = l_1 & 0x7ffffffffffffULL; + uint64_t c2 = l_1 >> 51U; uint64_t l_2 = f3 + c2; - uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = l_2 >> (uint32_t)51U; + uint64_t tmp3 = l_2 & 0x7ffffffffffffULL; + uint64_t c3 = l_2 >> 51U; uint64_t l_3 = f4 + c3; - uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = l_3 >> (uint32_t)51U; - uint64_t l_4 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp4 = l_3 & 0x7ffffffffffffULL; + uint64_t c4 = l_3 >> 51U; + uint64_t l_4 = tmp0 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t f01 = tmp0_; uint64_t f11 = tmp1 + c5; uint64_t f21 = tmp2; uint64_t f31 = tmp3; uint64_t f41 = tmp4; - uint64_t m0 = FStar_UInt64_gte_mask(f01, (uint64_t)0x7ffffffffffedU); - uint64_t m1 = FStar_UInt64_eq_mask(f11, (uint64_t)0x7ffffffffffffU); - uint64_t m2 = FStar_UInt64_eq_mask(f21, (uint64_t)0x7ffffffffffffU); - uint64_t m3 = FStar_UInt64_eq_mask(f31, (uint64_t)0x7ffffffffffffU); - uint64_t m4 = FStar_UInt64_eq_mask(f41, (uint64_t)0x7ffffffffffffU); + uint64_t m0 = FStar_UInt64_gte_mask(f01, 0x7ffffffffffedULL); + uint64_t m1 = FStar_UInt64_eq_mask(f11, 0x7ffffffffffffULL); + uint64_t m2 = FStar_UInt64_eq_mask(f21, 0x7ffffffffffffULL); + uint64_t m3 = FStar_UInt64_eq_mask(f31, 0x7ffffffffffffULL); + uint64_t m4 = FStar_UInt64_eq_mask(f41, 0x7ffffffffffffULL); uint64_t mask = (((m0 & m1) & m2) & m3) & m4; - uint64_t f0_ = f01 - (mask & (uint64_t)0x7ffffffffffedU); - uint64_t f1_ = f11 - (mask & (uint64_t)0x7ffffffffffffU); - uint64_t f2_ = f21 - (mask & (uint64_t)0x7ffffffffffffU); - uint64_t f3_ = f31 - (mask & (uint64_t)0x7ffffffffffffU); - uint64_t f4_ = f41 - (mask & (uint64_t)0x7ffffffffffffU); + uint64_t f0_ = f01 - (mask & 0x7ffffffffffedULL); + uint64_t f1_ = f11 - (mask & 0x7ffffffffffffULL); + uint64_t f2_ = f21 - (mask & 0x7ffffffffffffULL); + uint64_t f3_ = f31 - (mask & 0x7ffffffffffffULL); + uint64_t f4_ = f41 - (mask & 0x7ffffffffffffULL); uint64_t f02 = f0_; uint64_t f12 = f1_; uint64_t f22 = f2_; uint64_t f32 = f3_; uint64_t f42 = f4_; - uint64_t o00 = f02 | f12 << (uint32_t)51U; - uint64_t o10 = f12 >> (uint32_t)13U | f22 << (uint32_t)38U; - uint64_t o20 = f22 >> (uint32_t)26U | f32 << (uint32_t)25U; - uint64_t o30 = f32 >> (uint32_t)39U | f42 << (uint32_t)12U; + uint64_t o00 = f02 | f12 << 51U; + uint64_t o10 = f12 >> 13U | f22 << 38U; + uint64_t o20 = f22 >> 26U | f32 << 25U; + uint64_t o30 = f32 >> 39U | f42 << 12U; uint64_t o0 = o00; uint64_t o1 = o10; uint64_t o2 = o20; @@ -661,11 +658,11 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint static inline void Hacl_Impl_Curve25519_Field51_cswap2(uint64_t bit, uint64_t *p1, uint64_t *p2) { - uint64_t mask = (uint64_t)0U - bit; + uint64_t mask = 0ULL - bit; KRML_MAYBE_FOR10(i, - (uint32_t)0U, - (uint32_t)10U, - (uint32_t)1U, + 0U, + 10U, + 1U, uint64_t dummy = mask & (p1[i] ^ p2[i]); p1[i] = p1[i] ^ dummy; p2[i] = p2[i] ^ dummy;); diff --git a/include/internal/Hacl_Bignum_Base.h b/include/internal/Hacl_Bignum_Base.h index 06e1d373..f2e282f4 100644 --- a/include/internal/Hacl_Bignum_Base.h +++ b/include/internal/Hacl_Bignum_Base.h @@ -45,7 +45,7 @@ Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32 uint32_t out0 = out[0U]; uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0; out[0U] = (uint32_t)res; - return (uint32_t)(res >> (uint32_t)32U); + return (uint32_t)(res >> 32U); } static inline uint64_t @@ -58,22 +58,22 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64 FStar_UInt128_uint64_to_uint128(c_in)), FStar_UInt128_uint64_to_uint128(out0)); out[0U] = FStar_UInt128_uint128_to_uint64(res); - return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); + return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)); } static inline void Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res) { - uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; - uint32_t tmpLen = (uint32_t)8U * bnLen; + uint32_t bnLen = (len - 1U) / 8U + 1U; + uint32_t tmpLen = 8U * bnLen; KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); uint8_t tmp[tmpLen]; memset(tmp, 0U, tmpLen * sizeof (uint8_t)); memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t)); - for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + for (uint32_t i = 0U; i < bnLen; i++) { uint64_t *os = res; - uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U); + uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U); uint64_t x = u; os[i] = x; } @@ -82,24 +82,24 @@ Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t * static inline void Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res) { - uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; - uint32_t tmpLen = (uint32_t)8U * bnLen; + uint32_t bnLen = (len - 1U) / 8U + 1U; + uint32_t tmpLen = 8U * bnLen; KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); uint8_t tmp[tmpLen]; memset(tmp, 0U, tmpLen * sizeof (uint8_t)); - for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + for (uint32_t i = 0U; i < bnLen; i++) { - store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]); + store64_be(tmp + i * 8U, b[bnLen - i - 1U]); } memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t)); } static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b) { - uint32_t priv = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < len; i++) + uint32_t priv = 0U; + for (uint32_t i = 0U; i < len; i++) { - uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U); + uint32_t mask = FStar_UInt32_eq_mask(b[i], 0U); priv = (mask & priv) | (~mask & i); } return priv; @@ -107,10 +107,10 @@ static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32 static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b) { - uint64_t priv = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < len; i++) + uint64_t priv = 0ULL; + for (uint32_t i = 0U; i < len; i++) { - uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U); + uint64_t mask = FStar_UInt64_eq_mask(b[i], 0ULL); priv = (mask & priv) | (~mask & (uint64_t)i); } return priv; @@ -119,63 +119,63 @@ static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64 static inline uint32_t Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l) { - uint32_t i1 = i / (uint32_t)32U; - uint32_t j = i % (uint32_t)32U; + uint32_t i1 = i / 32U; + uint32_t j = i % 32U; uint32_t p1 = b[i1] >> j; uint32_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + if (i1 + 1U < len && 0U < j) { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j); + ite = p1 | b[i1 + 1U] << (32U - j); } else { ite = p1; } - return ite & (((uint32_t)1U << l) - (uint32_t)1U); + return ite & ((1U << l) - 1U); } static inline uint64_t Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l) { - uint32_t i1 = i / (uint32_t)64U; - uint32_t j = i % (uint32_t)64U; + uint32_t i1 = i / 64U; + uint32_t j = i % 64U; uint64_t p1 = b[i1] >> j; uint64_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + if (i1 + 1U < len && 0U < j) { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); + ite = p1 | b[i1 + 1U] << (64U - j); } else { ite = p1; } - return ite & (((uint64_t)1U << l) - (uint64_t)1U); + return ite & ((1ULL << l) - 1ULL); } static inline uint32_t Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) { - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t t1 = a[(uint32_t)4U * i]; - uint32_t t20 = b[(uint32_t)4U * i]; - uint32_t *res_i0 = res + (uint32_t)4U * i; + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0); - uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1); - uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2); - uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t t1 = a[i]; uint32_t t2 = b[i]; @@ -188,27 +188,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, static inline uint64_t Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) { - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t t1 = a[i]; uint64_t t2 = b[i]; @@ -221,27 +221,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, static inline uint32_t Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) { - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t t1 = a[(uint32_t)4U * i]; - uint32_t t20 = b[(uint32_t)4U * i]; - uint32_t *res_i0 = res + (uint32_t)4U * i; + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0); - uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1); - uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2); - uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t t1 = a[i]; uint32_t t2 = b[i]; @@ -254,27 +254,27 @@ Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, static inline uint64_t Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) { - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t t1 = a[i]; uint64_t t2 = b[i]; @@ -294,27 +294,27 @@ Hacl_Bignum_Multiplication_bn_mul_u32( ) { memset(res, 0U, (aLen + bLen) * sizeof (uint32_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + for (uint32_t i0 = 0U; i0 < bLen; i0++) { uint32_t bj = b[i0]; uint32_t *res_j = res + i0; - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t a_i = a[(uint32_t)4U * i]; - uint32_t *res_i0 = res_j + (uint32_t)4U * i; + uint32_t a_i = a[4U * i]; + uint32_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0); - uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint32_t a_i0 = a[4U * i + 1U]; + uint32_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1); - uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint32_t a_i1 = a[4U * i + 2U]; + uint32_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2); - uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint32_t a_i2 = a[4U * i + 3U]; + uint32_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t a_i = a[i]; uint32_t *res_i = res_j + i; @@ -335,27 +335,27 @@ Hacl_Bignum_Multiplication_bn_mul_u64( ) { memset(res, 0U, (aLen + bLen) * sizeof (uint64_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + for (uint32_t i0 = 0U; i0 < bLen; i0++) { uint64_t bj = b[i0]; uint64_t *res_j = res + i0; - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t a_i = a[(uint32_t)4U * i]; - uint64_t *res_i0 = res_j + (uint32_t)4U * i; + uint64_t a_i = a[4U * i]; + uint64_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0); - uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint64_t a_i0 = a[4U * i + 1U]; + uint64_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1); - uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint64_t a_i1 = a[4U * i + 2U]; + uint64_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2); - uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint64_t a_i2 = a[4U * i + 3U]; + uint64_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t a_i = a[i]; uint64_t *res_i = res_j + i; @@ -370,28 +370,28 @@ static inline void Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) { memset(res, 0U, (aLen + aLen) * sizeof (uint32_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + for (uint32_t i0 = 0U; i0 < aLen; i0++) { uint32_t *ab = a; uint32_t a_j = a[i0]; uint32_t *res_j = res + i0; - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint32_t a_i = ab[(uint32_t)4U * i]; - uint32_t *res_i0 = res_j + (uint32_t)4U * i; + uint32_t a_i = ab[4U * i]; + uint32_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0); - uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint32_t a_i0 = ab[4U * i + 1U]; + uint32_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1); - uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint32_t a_i1 = ab[4U * i + 2U]; + uint32_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2); - uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint32_t a_i2 = ab[4U * i + 3U]; + uint32_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i); } - for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { uint32_t a_i = ab[i]; uint32_t *res_i = res_j + i; @@ -401,46 +401,48 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) res[i0 + i0] = r; } uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res); + KRML_MAYBE_UNUSED_VAR(c0); KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen); uint32_t tmp[aLen + aLen]; memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t)); - for (uint32_t i = (uint32_t)0U; i < aLen; i++) + for (uint32_t i = 0U; i < aLen; i++) { uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i]; - uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U); + uint32_t hi = (uint32_t)(res1 >> 32U); uint32_t lo = (uint32_t)res1; - tmp[(uint32_t)2U * i] = lo; - tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + tmp[2U * i] = lo; + tmp[2U * i + 1U] = hi; } uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res); + KRML_MAYBE_UNUSED_VAR(c1); } static inline void Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) { memset(res, 0U, (aLen + aLen) * sizeof (uint64_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + for (uint32_t i0 = 0U; i0 < aLen; i0++) { uint64_t *ab = a; uint64_t a_j = a[i0]; uint64_t *res_j = res + i0; - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint64_t a_i = ab[(uint32_t)4U * i]; - uint64_t *res_i0 = res_j + (uint32_t)4U * i; + uint64_t a_i = ab[4U * i]; + uint64_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0); - uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint64_t a_i0 = ab[4U * i + 1U]; + uint64_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1); - uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint64_t a_i1 = ab[4U * i + 2U]; + uint64_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2); - uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint64_t a_i2 = ab[4U * i + 3U]; + uint64_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i); } - for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { uint64_t a_i = ab[i]; uint64_t *res_i = res_j + i; @@ -450,18 +452,20 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) res[i0 + i0] = r; } uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res); + KRML_MAYBE_UNUSED_VAR(c0); KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen); uint64_t tmp[aLen + aLen]; memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t)); - for (uint32_t i = (uint32_t)0U; i < aLen; i++) + for (uint32_t i = 0U; i < aLen; i++) { FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]); - uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U)); + uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U)); uint64_t lo = FStar_UInt128_uint128_to_uint64(res1); - tmp[(uint32_t)2U * i] = lo; - tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + tmp[2U * i] = lo; + tmp[2U * i + 1U] = hi; } uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res); + KRML_MAYBE_UNUSED_VAR(c1); } #if defined(__cplusplus) diff --git a/include/internal/Hacl_Bignum_K256.h b/include/internal/Hacl_Bignum_K256.h index 59aff176..fe72fffe 100644 --- a/include/internal/Hacl_Bignum_K256.h +++ b/include/internal/Hacl_Bignum_K256.h @@ -45,13 +45,7 @@ static inline bool Hacl_K256_Field_is_felem_zero_vartime(uint64_t *f) uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - return - f0 - == (uint64_t)0U - && f1 == (uint64_t)0U - && f2 == (uint64_t)0U - && f3 == (uint64_t)0U - && f4 == (uint64_t)0U; + return f0 == 0ULL && f1 == 0ULL && f2 == 0ULL && f3 == 0ULL && f4 == 0ULL; } static inline bool Hacl_K256_Field_is_felem_eq_vartime(uint64_t *f1, uint64_t *f2) @@ -76,42 +70,42 @@ static inline bool Hacl_K256_Field_is_felem_lt_prime_minus_order_vartime(uint64_ uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - if (f4 > (uint64_t)0U) + if (f4 > 0ULL) { return false; } - if (f3 > (uint64_t)0U) + if (f3 > 0ULL) { return false; } - if (f2 < (uint64_t)0x1455123U) + if (f2 < 0x1455123ULL) { return true; } - if (f2 > (uint64_t)0x1455123U) + if (f2 > 0x1455123ULL) { return false; } - if (f1 < (uint64_t)0x1950b75fc4402U) + if (f1 < 0x1950b75fc4402ULL) { return true; } - if (f1 > (uint64_t)0x1950b75fc4402U) + if (f1 > 0x1950b75fc4402ULL) { return false; } - return f0 < (uint64_t)0xda1722fc9baeeU; + return f0 < 0xda1722fc9baeeULL; } static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b) { uint64_t tmp[4U] = { 0U }; KRML_MAYBE_FOR4(i, - (uint32_t)0U, - (uint32_t)4U, - (uint32_t)1U, + 0U, + 4U, + 1U, uint64_t *os = tmp; - uint8_t *bj = b + i * (uint32_t)8U; + uint8_t *bj = b + i * 8U; uint64_t u = load64_be(bj); uint64_t r = u; uint64_t x = r; @@ -120,11 +114,11 @@ static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b) uint64_t s1 = tmp[2U]; uint64_t s2 = tmp[1U]; uint64_t s3 = tmp[0U]; - uint64_t f00 = s0 & (uint64_t)0xfffffffffffffU; - uint64_t f10 = s0 >> (uint32_t)52U | (s1 & (uint64_t)0xffffffffffU) << (uint32_t)12U; - uint64_t f20 = s1 >> (uint32_t)40U | (s2 & (uint64_t)0xfffffffU) << (uint32_t)24U; - uint64_t f30 = s2 >> (uint32_t)28U | (s3 & (uint64_t)0xffffU) << (uint32_t)36U; - uint64_t f40 = s3 >> (uint32_t)16U; + uint64_t f00 = s0 & 0xfffffffffffffULL; + uint64_t f10 = s0 >> 52U | (s1 & 0xffffffffffULL) << 12U; + uint64_t f20 = s1 >> 40U | (s2 & 0xfffffffULL) << 24U; + uint64_t f30 = s2 >> 28U | (s3 & 0xffffULL) << 36U; + uint64_t f40 = s3 >> 16U; uint64_t f0 = f00; uint64_t f1 = f10; uint64_t f2 = f20; @@ -148,11 +142,11 @@ static inline bool Hacl_K256_Field_load_felem_lt_prime_vartime(uint64_t *f, uint bool is_ge_p = f0 - >= (uint64_t)0xffffefffffc2fU - && f1 == (uint64_t)0xfffffffffffffU - && f2 == (uint64_t)0xfffffffffffffU - && f3 == (uint64_t)0xfffffffffffffU - && f4 == (uint64_t)0xffffffffffffU; + >= 0xffffefffffc2fULL + && f1 == 0xfffffffffffffULL + && f2 == 0xfffffffffffffULL + && f3 == 0xfffffffffffffULL + && f4 == 0xffffffffffffULL; return !is_ge_p; } @@ -164,10 +158,10 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f) uint64_t f20 = f[2U]; uint64_t f30 = f[3U]; uint64_t f4 = f[4U]; - uint64_t o0 = f00 | f10 << (uint32_t)52U; - uint64_t o1 = f10 >> (uint32_t)12U | f20 << (uint32_t)40U; - uint64_t o2 = f20 >> (uint32_t)24U | f30 << (uint32_t)28U; - uint64_t o3 = f30 >> (uint32_t)36U | f4 << (uint32_t)16U; + uint64_t o0 = f00 | f10 << 52U; + uint64_t o1 = f10 >> 12U | f20 << 40U; + uint64_t o2 = f20 >> 24U | f30 << 28U; + uint64_t o3 = f30 >> 36U | f4 << 16U; uint64_t f0 = o0; uint64_t f1 = o1; uint64_t f2 = o2; @@ -176,11 +170,7 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f) tmp[1U] = f2; tmp[2U] = f1; tmp[3U] = f0; - KRML_MAYBE_FOR4(i, - (uint32_t)0U, - (uint32_t)4U, - (uint32_t)1U, - store64_be(b + i * (uint32_t)8U, tmp[i]);); + KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(b + i * 8U, tmp[i]);); } static inline void Hacl_K256_Field_fmul_small_num(uint64_t *out, uint64_t *f, uint64_t num) @@ -248,11 +238,11 @@ static inline void Hacl_K256_Field_fsub(uint64_t *out, uint64_t *f1, uint64_t *f uint64_t b2 = f2[2U]; uint64_t b3 = f2[3U]; uint64_t b4 = f2[4U]; - uint64_t r00 = (uint64_t)9007190664804446U * x - b0; - uint64_t r10 = (uint64_t)9007199254740990U * x - b1; - uint64_t r20 = (uint64_t)9007199254740990U * x - b2; - uint64_t r30 = (uint64_t)9007199254740990U * x - b3; - uint64_t r40 = (uint64_t)562949953421310U * x - b4; + uint64_t r00 = 9007190664804446ULL * x - b0; + uint64_t r10 = 9007199254740990ULL * x - b1; + uint64_t r20 = 9007199254740990ULL * x - b2; + uint64_t r30 = 9007199254740990ULL * x - b3; + uint64_t r40 = 562949953421310ULL * x - b4; uint64_t r0 = r00; uint64_t r1 = r10; uint64_t r2 = r20; @@ -287,7 +277,7 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f uint64_t b2 = f2[2U]; uint64_t b3 = f2[3U]; uint64_t b4 = f2[4U]; - uint64_t r = (uint64_t)0x1000003D10U; + uint64_t r = 0x1000003D10ULL; FStar_UInt128_uint128 d0 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0, @@ -298,9 +288,9 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, b4); FStar_UInt128_uint128 d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0))); - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U)); - uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U); + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U)); + uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U); FStar_UInt128_uint128 d3 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2, @@ -309,12 +299,11 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_mul_wide(a2, b2)), FStar_UInt128_mul_wide(a3, b1)), FStar_UInt128_mul_wide(a4, b0)); - FStar_UInt128_uint128 - d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1)); - uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U); - uint64_t tx = t4 >> (uint32_t)48U; - uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU; + FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1)); + uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U); + uint64_t tx = t4 >> 48U; + uint64_t t4_ = t4 & 0xffffffffffffULL; FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, b0); FStar_UInt128_uint128 d6 = @@ -323,13 +312,12 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_mul_wide(a2, b3)), FStar_UInt128_mul_wide(a3, b2)), FStar_UInt128_mul_wide(a4, b1)); - uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U); - uint64_t u0_ = tx | u0 << (uint32_t)4U; - FStar_UInt128_uint128 - c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U)); - uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U); + uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U); + uint64_t u0_ = tx | u0 << 4U; + FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U)); + uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U); FStar_UInt128_uint128 c5 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a0, b1)), @@ -343,10 +331,10 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_uint128 c6 = FStar_UInt128_add_mod(c5, - FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r)); - FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U); - uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U); + FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r)); + FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U); + uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U); FStar_UInt128_uint128 c8 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7, @@ -359,16 +347,15 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_mul_wide(a4, b3)); FStar_UInt128_uint128 c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10))); - uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U)); - uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U); + uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U)); + uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U); FStar_UInt128_uint128 c11 = - FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, - FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)), + FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)), FStar_UInt128_uint64_to_uint128(t3)); - uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU; - uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U)); + uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL; + uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U)); uint64_t r4 = c12 + t4_; uint64_t f0 = r0; uint64_t f11 = r1; @@ -389,43 +376,41 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f) uint64_t a2 = f[2U]; uint64_t a3 = f[3U]; uint64_t a4 = f[4U]; - uint64_t r = (uint64_t)0x1000003D10U; + uint64_t r = 0x1000003D10ULL; FStar_UInt128_uint128 d0 = - FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * (uint64_t)2U, a3), - FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a2)); + FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * 2ULL, a3), + FStar_UInt128_mul_wide(a1 * 2ULL, a2)); FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, a4); FStar_UInt128_uint128 d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0))); - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U)); - uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U); - uint64_t a41 = a4 * (uint64_t)2U; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U)); + uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U); + uint64_t a41 = a4 * 2ULL; FStar_UInt128_uint128 d3 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2, FStar_UInt128_mul_wide(a0, a41)), - FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a3)), + FStar_UInt128_mul_wide(a1 * 2ULL, a3)), FStar_UInt128_mul_wide(a2, a2)); - FStar_UInt128_uint128 - d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1)); - uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U); - uint64_t tx = t4 >> (uint32_t)48U; - uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU; + FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1)); + uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U); + uint64_t tx = t4 >> 48U; + uint64_t t4_ = t4 & 0xffffffffffffULL; FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, a0); FStar_UInt128_uint128 d6 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(d5, FStar_UInt128_mul_wide(a1, a41)), - FStar_UInt128_mul_wide(a2 * (uint64_t)2U, a3)); - uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U); - uint64_t u0_ = tx | u0 << (uint32_t)4U; - FStar_UInt128_uint128 - c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U)); - uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U); - uint64_t a01 = a0 * (uint64_t)2U; + FStar_UInt128_mul_wide(a2 * 2ULL, a3)); + uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U); + uint64_t u0_ = tx | u0 << 4U; + FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U)); + uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U); + uint64_t a01 = a0 * 2ULL; FStar_UInt128_uint128 c5 = FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a01, a1)); FStar_UInt128_uint128 d8 = @@ -434,10 +419,10 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f) FStar_UInt128_uint128 c6 = FStar_UInt128_add_mod(c5, - FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r)); - FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U); - uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U); + FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r)); + FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U); + uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U); FStar_UInt128_uint128 c8 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7, FStar_UInt128_mul_wide(a01, a2)), @@ -445,16 +430,15 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f) FStar_UInt128_uint128 d10 = FStar_UInt128_add_mod(d9, FStar_UInt128_mul_wide(a3, a41)); FStar_UInt128_uint128 c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10))); - uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U)); - uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U); + uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U)); + uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U); FStar_UInt128_uint128 c11 = - FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, - FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)), + FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)), FStar_UInt128_uint64_to_uint128(t3)); - uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU; - uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U)); + uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL; + uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U)); uint64_t r4 = c12 + t4_; uint64_t f0 = r0; uint64_t f1 = r1; @@ -475,23 +459,23 @@ static inline void Hacl_K256_Field_fnormalize_weak(uint64_t *out, uint64_t *f) uint64_t t2 = f[2U]; uint64_t t3 = f[3U]; uint64_t t4 = f[4U]; - uint64_t x0 = t4 >> (uint32_t)48U; - uint64_t t410 = t4 & (uint64_t)0xffffffffffffU; + uint64_t x0 = t4 >> 48U; + uint64_t t410 = t4 & 0xffffffffffffULL; uint64_t x = x0; uint64_t t01 = t0; uint64_t t11 = t1; uint64_t t21 = t2; uint64_t t31 = t3; uint64_t t41 = t410; - uint64_t t02 = t01 + x * (uint64_t)0x1000003D1U; - uint64_t t12 = t11 + (t02 >> (uint32_t)52U); - uint64_t t03 = t02 & (uint64_t)0xfffffffffffffU; - uint64_t t22 = t21 + (t12 >> (uint32_t)52U); - uint64_t t13 = t12 & (uint64_t)0xfffffffffffffU; - uint64_t t32 = t31 + (t22 >> (uint32_t)52U); - uint64_t t23 = t22 & (uint64_t)0xfffffffffffffU; - uint64_t t42 = t41 + (t32 >> (uint32_t)52U); - uint64_t t33 = t32 & (uint64_t)0xfffffffffffffU; + uint64_t t02 = t01 + x * 0x1000003D1ULL; + uint64_t t12 = t11 + (t02 >> 52U); + uint64_t t03 = t02 & 0xfffffffffffffULL; + uint64_t t22 = t21 + (t12 >> 52U); + uint64_t t13 = t12 & 0xfffffffffffffULL; + uint64_t t32 = t31 + (t22 >> 52U); + uint64_t t23 = t22 & 0xfffffffffffffULL; + uint64_t t42 = t41 + (t32 >> 52U); + uint64_t t33 = t32 & 0xfffffffffffffULL; uint64_t f0 = t03; uint64_t f1 = t13; uint64_t f2 = t23; @@ -511,59 +495,59 @@ static inline void Hacl_K256_Field_fnormalize(uint64_t *out, uint64_t *f) uint64_t f20 = f[2U]; uint64_t f30 = f[3U]; uint64_t f40 = f[4U]; - uint64_t x0 = f40 >> (uint32_t)48U; - uint64_t t40 = f40 & (uint64_t)0xffffffffffffU; + uint64_t x0 = f40 >> 48U; + uint64_t t40 = f40 & 0xffffffffffffULL; uint64_t x1 = x0; uint64_t t00 = f00; uint64_t t10 = f10; uint64_t t20 = f20; uint64_t t30 = f30; uint64_t t42 = t40; - uint64_t t01 = t00 + x1 * (uint64_t)0x1000003D1U; - uint64_t t110 = t10 + (t01 >> (uint32_t)52U); - uint64_t t020 = t01 & (uint64_t)0xfffffffffffffU; - uint64_t t210 = t20 + (t110 >> (uint32_t)52U); - uint64_t t120 = t110 & (uint64_t)0xfffffffffffffU; - uint64_t t310 = t30 + (t210 >> (uint32_t)52U); - uint64_t t220 = t210 & (uint64_t)0xfffffffffffffU; - uint64_t t410 = t42 + (t310 >> (uint32_t)52U); - uint64_t t320 = t310 & (uint64_t)0xfffffffffffffU; + uint64_t t01 = t00 + x1 * 0x1000003D1ULL; + uint64_t t110 = t10 + (t01 >> 52U); + uint64_t t020 = t01 & 0xfffffffffffffULL; + uint64_t t210 = t20 + (t110 >> 52U); + uint64_t t120 = t110 & 0xfffffffffffffULL; + uint64_t t310 = t30 + (t210 >> 52U); + uint64_t t220 = t210 & 0xfffffffffffffULL; + uint64_t t410 = t42 + (t310 >> 52U); + uint64_t t320 = t310 & 0xfffffffffffffULL; uint64_t t0 = t020; uint64_t t1 = t120; uint64_t t2 = t220; uint64_t t3 = t320; uint64_t t4 = t410; - uint64_t x2 = t4 >> (uint32_t)48U; - uint64_t t411 = t4 & (uint64_t)0xffffffffffffU; + uint64_t x2 = t4 >> 48U; + uint64_t t411 = t4 & 0xffffffffffffULL; uint64_t x = x2; uint64_t r0 = t0; uint64_t r1 = t1; uint64_t r2 = t2; uint64_t r3 = t3; uint64_t r4 = t411; - uint64_t m4 = FStar_UInt64_eq_mask(r4, (uint64_t)0xffffffffffffU); - uint64_t m3 = FStar_UInt64_eq_mask(r3, (uint64_t)0xfffffffffffffU); - uint64_t m2 = FStar_UInt64_eq_mask(r2, (uint64_t)0xfffffffffffffU); - uint64_t m1 = FStar_UInt64_eq_mask(r1, (uint64_t)0xfffffffffffffU); - uint64_t m0 = FStar_UInt64_gte_mask(r0, (uint64_t)0xffffefffffc2fU); + uint64_t m4 = FStar_UInt64_eq_mask(r4, 0xffffffffffffULL); + uint64_t m3 = FStar_UInt64_eq_mask(r3, 0xfffffffffffffULL); + uint64_t m2 = FStar_UInt64_eq_mask(r2, 0xfffffffffffffULL); + uint64_t m1 = FStar_UInt64_eq_mask(r1, 0xfffffffffffffULL); + uint64_t m0 = FStar_UInt64_gte_mask(r0, 0xffffefffffc2fULL); uint64_t is_ge_p_m = (((m0 & m1) & m2) & m3) & m4; - uint64_t m_to_one = is_ge_p_m & (uint64_t)1U; + uint64_t m_to_one = is_ge_p_m & 1ULL; uint64_t x10 = m_to_one | x; - uint64_t t010 = r0 + x10 * (uint64_t)0x1000003D1U; - uint64_t t11 = r1 + (t010 >> (uint32_t)52U); - uint64_t t02 = t010 & (uint64_t)0xfffffffffffffU; - uint64_t t21 = r2 + (t11 >> (uint32_t)52U); - uint64_t t12 = t11 & (uint64_t)0xfffffffffffffU; - uint64_t t31 = r3 + (t21 >> (uint32_t)52U); - uint64_t t22 = t21 & (uint64_t)0xfffffffffffffU; - uint64_t t41 = r4 + (t31 >> (uint32_t)52U); - uint64_t t32 = t31 & (uint64_t)0xfffffffffffffU; + uint64_t t010 = r0 + x10 * 0x1000003D1ULL; + uint64_t t11 = r1 + (t010 >> 52U); + uint64_t t02 = t010 & 0xfffffffffffffULL; + uint64_t t21 = r2 + (t11 >> 52U); + uint64_t t12 = t11 & 0xfffffffffffffULL; + uint64_t t31 = r3 + (t21 >> 52U); + uint64_t t22 = t21 & 0xfffffffffffffULL; + uint64_t t41 = r4 + (t31 >> 52U); + uint64_t t32 = t31 & 0xfffffffffffffULL; uint64_t s0 = t02; uint64_t s1 = t12; uint64_t s2 = t22; uint64_t s3 = t32; uint64_t s4 = t41; - uint64_t t412 = s4 & (uint64_t)0xffffffffffffU; + uint64_t t412 = s4 & 0xffffffffffffULL; uint64_t k0 = s0; uint64_t k1 = s1; uint64_t k2 = s2; @@ -590,11 +574,11 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool uint64_t a2 = f[2U]; uint64_t a3 = f[3U]; uint64_t a4 = f[4U]; - uint64_t r0 = (uint64_t)9007190664804446U - a0; - uint64_t r1 = (uint64_t)9007199254740990U - a1; - uint64_t r2 = (uint64_t)9007199254740990U - a2; - uint64_t r3 = (uint64_t)9007199254740990U - a3; - uint64_t r4 = (uint64_t)562949953421310U - a4; + uint64_t r0 = 9007190664804446ULL - a0; + uint64_t r1 = 9007199254740990ULL - a1; + uint64_t r2 = 9007199254740990ULL - a2; + uint64_t r3 = 9007199254740990ULL - a3; + uint64_t r4 = 562949953421310ULL - a4; uint64_t f0 = r0; uint64_t f1 = r1; uint64_t f2 = r2; @@ -612,7 +596,7 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uint32_t b) { - for (uint32_t i = (uint32_t)0U; i < b; i++) + for (uint32_t i = 0U; i < b; i++) { Hacl_K256_Field_fsqr(out, out); } @@ -620,8 +604,8 @@ static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uin static inline void Hacl_Impl_K256_Finv_fsquare_times(uint64_t *out, uint64_t *a, uint32_t b) { - memcpy(out, a, (uint32_t)5U * sizeof (uint64_t)); - for (uint32_t i = (uint32_t)0U; i < b; i++) + memcpy(out, a, 5U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < b; i++) { Hacl_K256_Field_fsqr(out, out); } @@ -633,29 +617,29 @@ static inline void Hacl_Impl_K256_Finv_fexp_223_23(uint64_t *out, uint64_t *x2, uint64_t x22[5U] = { 0U }; uint64_t x44[5U] = { 0U }; uint64_t x88[5U] = { 0U }; - Hacl_Impl_K256_Finv_fsquare_times(x2, f, (uint32_t)1U); + Hacl_Impl_K256_Finv_fsquare_times(x2, f, 1U); Hacl_K256_Field_fmul(x2, x2, f); - Hacl_Impl_K256_Finv_fsquare_times(x3, x2, (uint32_t)1U); + Hacl_Impl_K256_Finv_fsquare_times(x3, x2, 1U); Hacl_K256_Field_fmul(x3, x3, f); - Hacl_Impl_K256_Finv_fsquare_times(out, x3, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times(out, x3, 3U); Hacl_K256_Field_fmul(out, out, x3); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U); Hacl_K256_Field_fmul(out, out, x3); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U); Hacl_K256_Field_fmul(out, out, x2); - Hacl_Impl_K256_Finv_fsquare_times(x22, out, (uint32_t)11U); + Hacl_Impl_K256_Finv_fsquare_times(x22, out, 11U); Hacl_K256_Field_fmul(x22, x22, out); - Hacl_Impl_K256_Finv_fsquare_times(x44, x22, (uint32_t)22U); + Hacl_Impl_K256_Finv_fsquare_times(x44, x22, 22U); Hacl_K256_Field_fmul(x44, x44, x22); - Hacl_Impl_K256_Finv_fsquare_times(x88, x44, (uint32_t)44U); + Hacl_Impl_K256_Finv_fsquare_times(x88, x44, 44U); Hacl_K256_Field_fmul(x88, x88, x44); - Hacl_Impl_K256_Finv_fsquare_times(out, x88, (uint32_t)88U); + Hacl_Impl_K256_Finv_fsquare_times(out, x88, 88U); Hacl_K256_Field_fmul(out, out, x88); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)44U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 44U); Hacl_K256_Field_fmul(out, out, x44); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U); Hacl_K256_Field_fmul(out, out, x3); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)23U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 23U); Hacl_K256_Field_fmul(out, out, x22); } @@ -663,11 +647,11 @@ static inline void Hacl_Impl_K256_Finv_finv(uint64_t *out, uint64_t *f) { uint64_t x2[5U] = { 0U }; Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)5U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 5U); Hacl_K256_Field_fmul(out, out, f); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U); Hacl_K256_Field_fmul(out, out, x2); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U); Hacl_K256_Field_fmul(out, out, f); } @@ -675,9 +659,9 @@ static inline void Hacl_Impl_K256_Finv_fsqrt(uint64_t *out, uint64_t *f) { uint64_t x2[5U] = { 0U }; Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)6U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 6U); Hacl_K256_Field_fmul(out, out, x2); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U); } #if defined(__cplusplus) diff --git a/include/internal/Hacl_Ed25519_PrecompTable.h b/include/internal/Hacl_Ed25519_PrecompTable.h index 77d2244c..a20cd912 100644 --- a/include/internal/Hacl_Ed25519_PrecompTable.h +++ b/include/internal/Hacl_Ed25519_PrecompTable.h @@ -39,655 +39,491 @@ static const uint64_t Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U, - (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U, - (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U, - (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U, - (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U, - (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U, - (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U, - (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U, - (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U, - (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U, - (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U, - (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U, - (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U, - (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U, - (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U, - (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U, - (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U, - (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U, - (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U, - (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U, - (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U, - (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U, - (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U, - (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U, - (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U, - (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U, - (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U, - (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U, - (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U, - (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U, - (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U, - (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U, - (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U, - (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U, - (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U, - (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U, - (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U, - (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U, - (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U, - (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U, - (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U, - (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U, - (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U, - (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U, - (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U, - (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U, - (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U, - (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U, - (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U, - (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U, - (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U, - (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U, - (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U, - (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U, - (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U, - (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U, - (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U, - (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U, - (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U, - (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U, - (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U, - (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U, - (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U, - (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U, - (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U, - (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U, - (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U, - (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U, - (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U, - (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U, - (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U, - (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U, - (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U, - (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U, - (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U, - (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U, - (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U, - (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U, - (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U, - (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U, - (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U, - (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U, - (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U, - (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U, - (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U, - (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U, - (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U, - (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U, - (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U, - (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U, - (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U, - (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U, - (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U, - (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U, - (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U, - (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U, - (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U, - (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U, - (uint64_t)1873264887608046U, (uint64_t)890877152910775U + 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 1738742601995546ULL, 1146398526822698ULL, 2070867633025821ULL, + 562264141797630ULL, 587772402128613ULL, 1801439850948184ULL, 1351079888211148ULL, + 450359962737049ULL, 900719925474099ULL, 1801439850948198ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, + 1841354044333475ULL, 16398895984059ULL, 755974180946558ULL, 900171276175154ULL, + 1821297809914039ULL, 1661154287933054ULL, 284530020860578ULL, 1390261174866914ULL, + 1524110943907984ULL, 1045603498418422ULL, 928651508580478ULL, 1383326941296346ULL, + 961937908925785ULL, 80455759693706ULL, 904734540352947ULL, 1507481815385608ULL, + 2223447444246085ULL, 1083941587175919ULL, 2059929906842505ULL, 1581435440146976ULL, + 782730187692425ULL, 9928394897574ULL, 1539449519985236ULL, 1923587931078510ULL, + 552919286076056ULL, 376925408065760ULL, 447320488831784ULL, 1362918338468019ULL, + 1470031896696846ULL, 2189796996539902ULL, 1337552949959847ULL, 1762287177775726ULL, + 237994495816815ULL, 1277840395970544ULL, 543972849007241ULL, 1224692671618814ULL, + 162359533289271ULL, 282240927125249ULL, 586909166382289ULL, 17726488197838ULL, + 377014554985659ULL, 1433835303052512ULL, 702061469493692ULL, 1142253108318154ULL, + 318297794307551ULL, 954362646308543ULL, 517363881452320ULL, 1868013482130416ULL, + 262562472373260ULL, 902232853249919ULL, 2107343057055746ULL, 462368348619024ULL, + 1893758677092974ULL, 2177729767846389ULL, 2168532543559143ULL, 443867094639821ULL, + 730169342581022ULL, 1564589016879755ULL, 51218195700649ULL, 76684578423745ULL, + 560266272480743ULL, 922517457707697ULL, 2066645939860874ULL, 1318277348414638ULL, + 1576726809084003ULL, 1817337608563665ULL, 1874240939237666ULL, 754733726333910ULL, + 97085310406474ULL, 751148364309235ULL, 1622159695715187ULL, 1444098819684916ULL, + 130920805558089ULL, 1260449179085308ULL, 1860021740768461ULL, 110052860348509ULL, + 193830891643810ULL, 164148413933881ULL, 180017794795332ULL, 1523506525254651ULL, + 465981629225956ULL, 559733514964572ULL, 1279624874416974ULL, 2026642326892306ULL, + 1425156829982409ULL, 2160936383793147ULL, 1061870624975247ULL, 2023497043036941ULL, + 117942212883190ULL, 490339622800774ULL, 1729931303146295ULL, 422305932971074ULL, + 529103152793096ULL, 1211973233775992ULL, 721364955929681ULL, 1497674430438813ULL, + 342545521275073ULL, 2102107575279372ULL, 2108462244669966ULL, 1382582406064082ULL, + 2206396818383323ULL, 2109093268641147ULL, 10809845110983ULL, 1605176920880099ULL, + 744640650753946ULL, 1712758897518129ULL, 373410811281809ULL, 648838265800209ULL, + 813058095530999ULL, 513987632620169ULL, 465516160703329ULL, 2136322186126330ULL, + 1979645899422932ULL, 1197131006470786ULL, 1467836664863979ULL, 1340751381374628ULL, + 1810066212667962ULL, 1009933588225499ULL, 1106129188080873ULL, 1388980405213901ULL, + 533719246598044ULL, 1169435803073277ULL, 198920999285821ULL, 487492330629854ULL, + 1807093008537778ULL, 1540899012923865ULL, 2075080271659867ULL, 1527990806921523ULL, + 1323728742908002ULL, 1568595959608205ULL, 1388032187497212ULL, 2026968840050568ULL, + 1396591153295755ULL, 820416950170901ULL, 520060313205582ULL, 2016404325094901ULL, + 1584709677868520ULL, 272161374469956ULL, 1567188603996816ULL, 1986160530078221ULL, + 553930264324589ULL, 1058426729027503ULL, 8762762886675ULL, 2216098143382988ULL, + 1835145266889223ULL, 1712936431558441ULL, 1017009937844974ULL, 585361667812740ULL, + 2114711541628181ULL, 2238729632971439ULL, 121257546253072ULL, 847154149018345ULL, + 211972965476684ULL, 287499084460129ULL, 2098247259180197ULL, 839070411583329ULL, + 339551619574372ULL, 1432951287640743ULL, 526481249498942ULL, 931991661905195ULL, + 1884279965674487ULL, 200486405604411ULL, 364173020594788ULL, 518034455936955ULL, + 1085564703965501ULL, 16030410467927ULL, 604865933167613ULL, 1695298441093964ULL, + 498856548116159ULL, 2193030062787034ULL, 1706339802964179ULL, 1721199073493888ULL, + 820740951039755ULL, 1216053436896834ULL, 23954895815139ULL, 1662515208920491ULL, + 1705443427511899ULL, 1957928899570365ULL, 1189636258255725ULL, 1795695471103809ULL, + 1691191297654118ULL, 282402585374360ULL, 460405330264832ULL, 63765529445733ULL, + 469763447404473ULL, 733607089694996ULL, 685410420186959ULL, 1096682630419738ULL, + 1162548510542362ULL, 1020949526456676ULL, 1211660396870573ULL, 613126398222696ULL, + 1117829165843251ULL, 742432540886650ULL, 1483755088010658ULL, 942392007134474ULL, + 1447834130944107ULL, 489368274863410ULL, 23192985544898ULL, 648442406146160ULL, + 785438843373876ULL, 249464684645238ULL, 170494608205618ULL, 335112827260550ULL, + 1462050123162735ULL, 1084803668439016ULL, 853459233600325ULL, 215777728187495ULL, + 1965759433526974ULL, 1349482894446537ULL, 694163317612871ULL, 860536766165036ULL, + 1178788094084321ULL, 1652739626626996ULL, 2115723946388185ULL, 1577204379094664ULL, + 1083882859023240ULL, 1768759143381635ULL, 1737180992507258ULL, 246054513922239ULL, + 577253134087234ULL, 356340280578042ULL, 1638917769925142ULL, 223550348130103ULL, + 470592666638765ULL, 22663573966996ULL, 596552461152400ULL, 364143537069499ULL, 3942119457699ULL, + 107951982889287ULL, 1843471406713209ULL, 1625773041610986ULL, 1466141092501702ULL, + 1043024095021271ULL, 310429964047508ULL, 98559121500372ULL, 152746933782868ULL, + 259407205078261ULL, 828123093322585ULL, 1576847274280091ULL, 1170871375757302ULL, + 1588856194642775ULL, 984767822341977ULL, 1141497997993760ULL, 809325345150796ULL, + 1879837728202511ULL, 201340910657893ULL, 1079157558888483ULL, 1052373448588065ULL, + 1732036202501778ULL, 2105292670328445ULL, 679751387312402ULL, 1679682144926229ULL, + 1695823455818780ULL, 498852317075849ULL, 1786555067788433ULL, 1670727545779425ULL, + 117945875433544ULL, 407939139781844ULL, 854632120023778ULL, 1413383148360437ULL, + 286030901733673ULL, 1207361858071196ULL, 461340408181417ULL, 1096919590360164ULL, + 1837594897475685ULL, 533755561544165ULL, 1638688042247712ULL, 1431653684793005ULL, + 1036458538873559ULL, 390822120341779ULL, 1920929837111618ULL, 543426740024168ULL, + 645751357799929ULL, 2245025632994463ULL, 1550778638076452ULL, 223738153459949ULL, + 1337209385492033ULL, 1276967236456531ULL, 1463815821063071ULL, 2070620870191473ULL, + 1199170709413753ULL, 273230877394166ULL, 1873264887608046ULL, 890877152910775ULL }; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_g_pow2_64_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)13559344787725U, (uint64_t)2051621493703448U, - (uint64_t)1947659315640708U, (uint64_t)626856790370168U, (uint64_t)1592804284034836U, - (uint64_t)1781728767459187U, (uint64_t)278818420518009U, (uint64_t)2038030359908351U, - (uint64_t)910625973862690U, (uint64_t)471887343142239U, (uint64_t)1298543306606048U, - (uint64_t)794147365642417U, (uint64_t)129968992326749U, (uint64_t)523140861678572U, - (uint64_t)1166419653909231U, (uint64_t)2009637196928390U, (uint64_t)1288020222395193U, - (uint64_t)1007046974985829U, (uint64_t)208981102651386U, (uint64_t)2074009315253380U, - (uint64_t)1564056062071967U, (uint64_t)276822668750618U, (uint64_t)206621292512572U, - (uint64_t)470304361809269U, (uint64_t)895215438398493U, (uint64_t)1527859053868686U, - (uint64_t)1624967223409369U, (uint64_t)811821865979736U, (uint64_t)350450534838340U, - (uint64_t)219143807921807U, (uint64_t)507994540371254U, (uint64_t)986513794574720U, - (uint64_t)1142661369967121U, (uint64_t)621278293399257U, (uint64_t)556189161519781U, - (uint64_t)351964007865066U, (uint64_t)2011573453777822U, (uint64_t)1367125527151537U, - (uint64_t)1691316722438196U, (uint64_t)731328817345164U, (uint64_t)1284781192709232U, - (uint64_t)478439299539269U, (uint64_t)204842178076429U, (uint64_t)2085125369913651U, - (uint64_t)1980773492792985U, (uint64_t)1480264409524940U, (uint64_t)688389585376233U, - (uint64_t)612962643526972U, (uint64_t)165595382536676U, (uint64_t)1850300069212263U, - (uint64_t)1176357203491551U, (uint64_t)1880164984292321U, (uint64_t)10786153104736U, - (uint64_t)1242293560510203U, (uint64_t)1358399951884084U, (uint64_t)1901358796610357U, - (uint64_t)1385092558795806U, (uint64_t)1734893785311348U, (uint64_t)2046201851951191U, - (uint64_t)1233811309557352U, (uint64_t)1531160168656129U, (uint64_t)1543287181303358U, - (uint64_t)516121446374119U, (uint64_t)723422668089935U, (uint64_t)1228176774959679U, - (uint64_t)1598014722726267U, (uint64_t)1630810326658412U, (uint64_t)1343833067463760U, - (uint64_t)1024397964362099U, (uint64_t)1157142161346781U, (uint64_t)56422174971792U, - (uint64_t)544901687297092U, (uint64_t)1291559028869009U, (uint64_t)1336918672345120U, - (uint64_t)1390874603281353U, (uint64_t)1127199512010904U, (uint64_t)992644979940964U, - (uint64_t)1035213479783573U, (uint64_t)36043651196100U, (uint64_t)1220961519321221U, - (uint64_t)1348190007756977U, (uint64_t)579420200329088U, (uint64_t)1703819961008985U, - (uint64_t)1993919213460047U, (uint64_t)2225080008232251U, (uint64_t)392785893702372U, - (uint64_t)464312521482632U, (uint64_t)1224525362116057U, (uint64_t)810394248933036U, - (uint64_t)932513521649107U, (uint64_t)592314953488703U, (uint64_t)586334603791548U, - (uint64_t)1310888126096549U, (uint64_t)650842674074281U, (uint64_t)1596447001791059U, - (uint64_t)2086767406328284U, (uint64_t)1866377645879940U, (uint64_t)1721604362642743U, - (uint64_t)738502322566890U, (uint64_t)1851901097729689U, (uint64_t)1158347571686914U, - (uint64_t)2023626733470827U, (uint64_t)329625404653699U, (uint64_t)563555875598551U, - (uint64_t)516554588079177U, (uint64_t)1134688306104598U, (uint64_t)186301198420809U, - (uint64_t)1339952213563300U, (uint64_t)643605614625891U, (uint64_t)1947505332718043U, - (uint64_t)1722071694852824U, (uint64_t)601679570440694U, (uint64_t)1821275721236351U, - (uint64_t)1808307842870389U, (uint64_t)1654165204015635U, (uint64_t)1457334100715245U, - (uint64_t)217784948678349U, (uint64_t)1820622417674817U, (uint64_t)1946121178444661U, - (uint64_t)597980757799332U, (uint64_t)1745271227710764U, (uint64_t)2010952890941980U, - (uint64_t)339811849696648U, (uint64_t)1066120666993872U, (uint64_t)261276166508990U, - (uint64_t)323098645774553U, (uint64_t)207454744271283U, (uint64_t)941448672977675U, - (uint64_t)71890920544375U, (uint64_t)840849789313357U, (uint64_t)1223996070717926U, - (uint64_t)196832550853408U, (uint64_t)115986818309231U, (uint64_t)1586171527267675U, - (uint64_t)1666169080973450U, (uint64_t)1456454731176365U, (uint64_t)44467854369003U, - (uint64_t)2149656190691480U, (uint64_t)283446383597589U, (uint64_t)2040542647729974U, - (uint64_t)305705593840224U, (uint64_t)475315822269791U, (uint64_t)648133452550632U, - (uint64_t)169218658835720U, (uint64_t)24960052338251U, (uint64_t)938907951346766U, - (uint64_t)425970950490510U, (uint64_t)1037622011013183U, (uint64_t)1026882082708180U, - (uint64_t)1635699409504916U, (uint64_t)1644776942870488U, (uint64_t)2151820331175914U, - (uint64_t)824120674069819U, (uint64_t)835744976610113U, (uint64_t)1991271032313190U, - (uint64_t)96507354724855U, (uint64_t)400645405133260U, (uint64_t)343728076650825U, - (uint64_t)1151585441385566U, (uint64_t)1403339955333520U, (uint64_t)230186314139774U, - (uint64_t)1736248861506714U, (uint64_t)1010804378904572U, (uint64_t)1394932289845636U, - (uint64_t)1901351256960852U, (uint64_t)2187471430089807U, (uint64_t)1003853262342670U, - (uint64_t)1327743396767461U, (uint64_t)1465160415991740U, (uint64_t)366625359144534U, - (uint64_t)1534791405247604U, (uint64_t)1790905930250187U, (uint64_t)1255484115292738U, - (uint64_t)2223291365520443U, (uint64_t)210967717407408U, (uint64_t)26722916813442U, - (uint64_t)1919574361907910U, (uint64_t)468825088280256U, (uint64_t)2230011775946070U, - (uint64_t)1628365642214479U, (uint64_t)568871869234932U, (uint64_t)1066987968780488U, - (uint64_t)1692242903745558U, (uint64_t)1678903997328589U, (uint64_t)214262165888021U, - (uint64_t)1929686748607204U, (uint64_t)1790138967989670U, (uint64_t)1790261616022076U, - (uint64_t)1559824537553112U, (uint64_t)1230364591311358U, (uint64_t)147531939886346U, - (uint64_t)1528207085815487U, (uint64_t)477957922927292U, (uint64_t)285670243881618U, - (uint64_t)264430080123332U, (uint64_t)1163108160028611U, (uint64_t)373201522147371U, - (uint64_t)34903775270979U, (uint64_t)1750870048600662U, (uint64_t)1319328308741084U, - (uint64_t)1547548634278984U, (uint64_t)1691259592202927U, (uint64_t)2247758037259814U, - (uint64_t)329611399953677U, (uint64_t)1385555496268877U, (uint64_t)2242438354031066U, - (uint64_t)1329523854843632U, (uint64_t)399895373846055U, (uint64_t)678005703193452U, - (uint64_t)1496357700997771U, (uint64_t)71909969781942U, (uint64_t)1515391418612349U, - (uint64_t)470110837888178U, (uint64_t)1981307309417466U, (uint64_t)1259888737412276U, - (uint64_t)669991710228712U, (uint64_t)1048546834514303U, (uint64_t)1678323291295512U, - (uint64_t)2172033978088071U, (uint64_t)1529278455500556U, (uint64_t)901984601941894U, - (uint64_t)780867622403807U, (uint64_t)550105677282793U, (uint64_t)975860231176136U, - (uint64_t)525188281689178U, (uint64_t)49966114807992U, (uint64_t)1776449263836645U, - (uint64_t)267851776380338U, (uint64_t)2225969494054620U, (uint64_t)2016794225789822U, - (uint64_t)1186108678266608U, (uint64_t)1023083271408882U, (uint64_t)1119289418565906U, - (uint64_t)1248185897348801U, (uint64_t)1846081539082697U, (uint64_t)23756429626075U, - (uint64_t)1441999021105403U, (uint64_t)724497586552825U, (uint64_t)1287761623605379U, - (uint64_t)685303359654224U, (uint64_t)2217156930690570U, (uint64_t)163769288918347U, - (uint64_t)1098423278284094U, (uint64_t)1391470723006008U, (uint64_t)570700152353516U, - (uint64_t)744804507262556U, (uint64_t)2200464788609495U, (uint64_t)624141899161992U, - (uint64_t)2249570166275684U, (uint64_t)378706441983561U, (uint64_t)122486379999375U, - (uint64_t)430741162798924U, (uint64_t)113847463452574U, (uint64_t)266250457840685U, - (uint64_t)2120743625072743U, (uint64_t)222186221043927U, (uint64_t)1964290018305582U, - (uint64_t)1435278008132477U, (uint64_t)1670867456663734U, (uint64_t)2009989552599079U, - (uint64_t)1348024113448744U, (uint64_t)1158423886300455U, (uint64_t)1356467152691569U, - (uint64_t)306943042363674U, (uint64_t)926879628664255U, (uint64_t)1349295689598324U, - (uint64_t)725558330071205U, (uint64_t)536569987519948U, (uint64_t)116436990335366U, - (uint64_t)1551888573800376U, (uint64_t)2044698345945451U, (uint64_t)104279940291311U, - (uint64_t)251526570943220U, (uint64_t)754735828122925U, (uint64_t)33448073576361U, - (uint64_t)994605876754543U, (uint64_t)546007584022006U, (uint64_t)2217332798409487U, - (uint64_t)706477052561591U, (uint64_t)131174619428653U, (uint64_t)2148698284087243U, - (uint64_t)239290486205186U, (uint64_t)2161325796952184U, (uint64_t)1713452845607994U, - (uint64_t)1297861562938913U, (uint64_t)1779539876828514U, (uint64_t)1926559018603871U, - (uint64_t)296485747893968U, (uint64_t)1859208206640686U, (uint64_t)538513979002718U, - (uint64_t)103998826506137U, (uint64_t)2025375396538469U, (uint64_t)1370680785701206U, - (uint64_t)1698557311253840U, (uint64_t)1411096399076595U, (uint64_t)2132580530813677U, - (uint64_t)2071564345845035U, (uint64_t)498581428556735U, (uint64_t)1136010486691371U, - (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_g_pow2_128_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)557549315715710U, (uint64_t)196756086293855U, - (uint64_t)846062225082495U, (uint64_t)1865068224838092U, (uint64_t)991112090754908U, - (uint64_t)522916421512828U, (uint64_t)2098523346722375U, (uint64_t)1135633221747012U, - (uint64_t)858420432114866U, (uint64_t)186358544306082U, (uint64_t)1044420411868480U, - (uint64_t)2080052304349321U, (uint64_t)557301814716724U, (uint64_t)1305130257814057U, - (uint64_t)2126012765451197U, (uint64_t)1441004402875101U, (uint64_t)353948968859203U, - (uint64_t)470765987164835U, (uint64_t)1507675957683570U, (uint64_t)1086650358745097U, - (uint64_t)1911913434398388U, (uint64_t)66086091117182U, (uint64_t)1137511952425971U, - (uint64_t)36958263512141U, (uint64_t)2193310025325256U, (uint64_t)1085191426269045U, - (uint64_t)1232148267909446U, (uint64_t)1449894406170117U, (uint64_t)1241416717139557U, - (uint64_t)1940876999212868U, (uint64_t)829758415918121U, (uint64_t)309608450373449U, - (uint64_t)2228398547683851U, (uint64_t)1580623271960188U, (uint64_t)1675601502456740U, - (uint64_t)1360363115493548U, (uint64_t)1098397313096815U, (uint64_t)1809255384359797U, - (uint64_t)1458261916834384U, (uint64_t)210682545649705U, (uint64_t)1606836641068115U, - (uint64_t)1230478270405318U, (uint64_t)1843192771547802U, (uint64_t)1794596343564051U, - (uint64_t)229060710252162U, (uint64_t)2169742775467181U, (uint64_t)701467067318072U, - (uint64_t)696018499035555U, (uint64_t)521051885339807U, (uint64_t)158329567901874U, - (uint64_t)740426481832143U, (uint64_t)1369811177301441U, (uint64_t)503351589084015U, - (uint64_t)1781114827942261U, (uint64_t)1650493549693035U, (uint64_t)2174562418345156U, - (uint64_t)456517194809244U, (uint64_t)2052761522121179U, (uint64_t)2233342271123682U, - (uint64_t)1445872925177435U, (uint64_t)1131882576902813U, (uint64_t)220765848055241U, - (uint64_t)1280259961403769U, (uint64_t)1581497080160712U, (uint64_t)1477441080108824U, - (uint64_t)218428165202767U, (uint64_t)1970598141278907U, (uint64_t)643366736173069U, - (uint64_t)2167909426804014U, (uint64_t)834993711408259U, (uint64_t)1922437166463212U, - (uint64_t)1900036281472252U, (uint64_t)513794844386304U, (uint64_t)1297904164900114U, - (uint64_t)1147626295373268U, (uint64_t)1910101606251299U, (uint64_t)182933838633381U, - (uint64_t)806229530787362U, (uint64_t)155511666433200U, (uint64_t)290522463375462U, - (uint64_t)534373523491751U, (uint64_t)1302938814480515U, (uint64_t)1664979184120445U, - (uint64_t)304235649499423U, (uint64_t)339284524318609U, (uint64_t)1881717946973483U, - (uint64_t)1670802286833842U, (uint64_t)2223637120675737U, (uint64_t)135818919485814U, - (uint64_t)1144856572842792U, (uint64_t)2234981613434386U, (uint64_t)963917024969826U, - (uint64_t)402275378284993U, (uint64_t)141532417412170U, (uint64_t)921537468739387U, - (uint64_t)963905069722607U, (uint64_t)1405442890733358U, (uint64_t)1567763927164655U, - (uint64_t)1664776329195930U, (uint64_t)2095924165508507U, (uint64_t)994243110271379U, - (uint64_t)1243925610609353U, (uint64_t)1029845815569727U, (uint64_t)1001968867985629U, - (uint64_t)170368934002484U, (uint64_t)1100906131583801U, (uint64_t)1825190326449569U, - (uint64_t)1462285121182096U, (uint64_t)1545240767016377U, (uint64_t)797859025652273U, - (uint64_t)1062758326657530U, (uint64_t)1125600735118266U, (uint64_t)739325756774527U, - (uint64_t)1420144485966996U, (uint64_t)1915492743426702U, (uint64_t)752968196344993U, - (uint64_t)882156396938351U, (uint64_t)1909097048763227U, (uint64_t)849058590685611U, - (uint64_t)840754951388500U, (uint64_t)1832926948808323U, (uint64_t)2023317100075297U, - (uint64_t)322382745442827U, (uint64_t)1569741341737601U, (uint64_t)1678986113194987U, - (uint64_t)757598994581938U, (uint64_t)29678659580705U, (uint64_t)1239680935977986U, - (uint64_t)1509239427168474U, (uint64_t)1055981929287006U, (uint64_t)1894085471158693U, - (uint64_t)916486225488490U, (uint64_t)642168890366120U, (uint64_t)300453362620010U, - (uint64_t)1858797242721481U, (uint64_t)2077989823177130U, (uint64_t)510228455273334U, - (uint64_t)1473284798689270U, (uint64_t)5173934574301U, (uint64_t)765285232030050U, - (uint64_t)1007154707631065U, (uint64_t)1862128712885972U, (uint64_t)168873464821340U, - (uint64_t)1967853269759318U, (uint64_t)1489896018263031U, (uint64_t)592451806166369U, - (uint64_t)1242298565603883U, (uint64_t)1838918921339058U, (uint64_t)697532763910695U, - (uint64_t)294335466239059U, (uint64_t)135687058387449U, (uint64_t)2133734403874176U, - (uint64_t)2121911143127699U, (uint64_t)20222476737364U, (uint64_t)1200824626476747U, - (uint64_t)1397731736540791U, (uint64_t)702378430231418U, (uint64_t)59059527640068U, - (uint64_t)460992547183981U, (uint64_t)1016125857842765U, (uint64_t)1273530839608957U, - (uint64_t)96724128829301U, (uint64_t)1313433042425233U, (uint64_t)3543822857227U, - (uint64_t)761975685357118U, (uint64_t)110417360745248U, (uint64_t)1079634164577663U, - (uint64_t)2044574510020457U, (uint64_t)338709058603120U, (uint64_t)94541336042799U, - (uint64_t)127963233585039U, (uint64_t)94427896272258U, (uint64_t)1143501979342182U, - (uint64_t)1217958006212230U, (uint64_t)2153887831492134U, (uint64_t)1519219513255575U, - (uint64_t)251793195454181U, (uint64_t)392517349345200U, (uint64_t)1507033011868881U, - (uint64_t)2208494254670752U, (uint64_t)1364389582694359U, (uint64_t)2214069430728063U, - (uint64_t)1272814257105752U, (uint64_t)741450148906352U, (uint64_t)1105776675555685U, - (uint64_t)824447222014984U, (uint64_t)528745219306376U, (uint64_t)589427609121575U, - (uint64_t)1501786838809155U, (uint64_t)379067373073147U, (uint64_t)184909476589356U, - (uint64_t)1346887560616185U, (uint64_t)1932023742314082U, (uint64_t)1633302311869264U, - (uint64_t)1685314821133069U, (uint64_t)1836610282047884U, (uint64_t)1595571594397150U, - (uint64_t)615441688872198U, (uint64_t)1926435616702564U, (uint64_t)235632180396480U, - (uint64_t)1051918343571810U, (uint64_t)2150570051687050U, (uint64_t)879198845408738U, - (uint64_t)1443966275205464U, (uint64_t)481362545245088U, (uint64_t)512807443532642U, - (uint64_t)641147578283480U, (uint64_t)1594276116945596U, (uint64_t)1844812743300602U, - (uint64_t)2044559316019485U, (uint64_t)202620777969020U, (uint64_t)852992984136302U, - (uint64_t)1500869642692910U, (uint64_t)1085216217052457U, (uint64_t)1736294372259758U, - (uint64_t)2009666354486552U, (uint64_t)1262389020715248U, (uint64_t)1166527705256867U, - (uint64_t)1409917450806036U, (uint64_t)1705819160057637U, (uint64_t)1116901782584378U, - (uint64_t)1278460472285473U, (uint64_t)257879811360157U, (uint64_t)40314007176886U, - (uint64_t)701309846749639U, (uint64_t)1380457676672777U, (uint64_t)631519782380272U, - (uint64_t)1196339573466793U, (uint64_t)955537708940017U, (uint64_t)532725633381530U, - (uint64_t)641190593731833U, (uint64_t)7214357153807U, (uint64_t)481922072107983U, - (uint64_t)1634886189207352U, (uint64_t)1247659758261633U, (uint64_t)1655809614786430U, - (uint64_t)43105797900223U, (uint64_t)76205809912607U, (uint64_t)1936575107455823U, - (uint64_t)1107927314642236U, (uint64_t)2199986333469333U, (uint64_t)802974829322510U, - (uint64_t)718173128143482U, (uint64_t)539385184235615U, (uint64_t)2075693785611221U, - (uint64_t)953281147333690U, (uint64_t)1623571637172587U, (uint64_t)655274535022250U, - (uint64_t)1568078078819021U, (uint64_t)101142125049712U, (uint64_t)1488441673350881U, - (uint64_t)1457969561944515U, (uint64_t)1492622544287712U, (uint64_t)2041460689280803U, - (uint64_t)1961848091392887U, (uint64_t)461003520846938U, (uint64_t)934728060399807U, - (uint64_t)117723291519705U, (uint64_t)1027773762863526U, (uint64_t)56765304991567U, - (uint64_t)2184028379550479U, (uint64_t)1768767711894030U, (uint64_t)1304432068983172U, - (uint64_t)498080974452325U, (uint64_t)2134905654858163U, (uint64_t)1446137427202647U, - (uint64_t)551613831549590U, (uint64_t)680288767054205U, (uint64_t)1278113339140386U, - (uint64_t)378149431842614U, (uint64_t)80520494426960U, (uint64_t)2080985256348782U, - (uint64_t)673432591799820U, (uint64_t)739189463724560U, (uint64_t)1847191452197509U, - (uint64_t)527737312871602U, (uint64_t)477609358840073U, (uint64_t)1891633072677946U, - (uint64_t)1841456828278466U, (uint64_t)2242502936489002U, (uint64_t)524791829362709U, - (uint64_t)276648168514036U, (uint64_t)991706903257619U, (uint64_t)512580228297906U, - (uint64_t)1216855104975946U, (uint64_t)67030930303149U, (uint64_t)769593945208213U, - (uint64_t)2048873385103577U, (uint64_t)455635274123107U, (uint64_t)2077404927176696U, - (uint64_t)1803539634652306U, (uint64_t)1837579953843417U, (uint64_t)1564240068662828U, - (uint64_t)1964310918970435U, (uint64_t)832822906252492U, (uint64_t)1516044634195010U, - (uint64_t)770571447506889U, (uint64_t)602215152486818U, (uint64_t)1760828333136947U, - (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_g_pow2_192_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)1129953239743101U, (uint64_t)1240339163956160U, - (uint64_t)61002583352401U, (uint64_t)2017604552196030U, (uint64_t)1576867829229863U, - (uint64_t)1508654942849389U, (uint64_t)270111619664077U, (uint64_t)1253097517254054U, - (uint64_t)721798270973250U, (uint64_t)161923365415298U, (uint64_t)828530877526011U, - (uint64_t)1494851059386763U, (uint64_t)662034171193976U, (uint64_t)1315349646974670U, - (uint64_t)2199229517308806U, (uint64_t)497078277852673U, (uint64_t)1310507715989956U, - (uint64_t)1881315714002105U, (uint64_t)2214039404983803U, (uint64_t)1331036420272667U, - (uint64_t)296286697520787U, (uint64_t)1179367922639127U, (uint64_t)25348441419697U, - (uint64_t)2200984961703188U, (uint64_t)150893128908291U, (uint64_t)1978614888570852U, - (uint64_t)1539657347172046U, (uint64_t)553810196523619U, (uint64_t)246017573977646U, - (uint64_t)1440448985385485U, (uint64_t)346049108099981U, (uint64_t)601166606218546U, - (uint64_t)855822004151713U, (uint64_t)1957521326383188U, (uint64_t)1114240380430887U, - (uint64_t)1349639675122048U, (uint64_t)957375954499040U, (uint64_t)111551795360136U, - (uint64_t)618586733648988U, (uint64_t)490708840688866U, (uint64_t)1267002049697314U, - (uint64_t)1130723224930028U, (uint64_t)215603029480828U, (uint64_t)1277138555414710U, - (uint64_t)1556750324971322U, (uint64_t)1407903521793741U, (uint64_t)1836836546590749U, - (uint64_t)576500297444199U, (uint64_t)2074707599091135U, (uint64_t)1826239864380012U, - (uint64_t)1935365705983312U, (uint64_t)239501825683682U, (uint64_t)1594236669034980U, - (uint64_t)1283078975055301U, (uint64_t)856745636255925U, (uint64_t)1342128647959981U, - (uint64_t)945216428379689U, (uint64_t)938746202496410U, (uint64_t)105775123333919U, - (uint64_t)1379852610117266U, (uint64_t)1770216827500275U, (uint64_t)1016017267535704U, - (uint64_t)1902885522469532U, (uint64_t)994184703730489U, (uint64_t)2227487538793763U, - (uint64_t)53155967096055U, (uint64_t)1264120808114350U, (uint64_t)1334928769376729U, - (uint64_t)393911808079997U, (uint64_t)826229239481845U, (uint64_t)1827903006733192U, - (uint64_t)1449283706008465U, (uint64_t)1258040415217849U, (uint64_t)1641484112868370U, - (uint64_t)1140150841968176U, (uint64_t)391113338021313U, (uint64_t)162138667815833U, - (uint64_t)742204396566060U, (uint64_t)110709233440557U, (uint64_t)90179377432917U, - (uint64_t)530511949644489U, (uint64_t)911568635552279U, (uint64_t)135869304780166U, - (uint64_t)617719999563692U, (uint64_t)1802525001631319U, (uint64_t)1836394639510490U, - (uint64_t)1862739456475085U, (uint64_t)1378284444664288U, (uint64_t)1617882529391756U, - (uint64_t)876124429891172U, (uint64_t)1147654641445091U, (uint64_t)1476943370400542U, - (uint64_t)688601222759067U, (uint64_t)2120281968990205U, (uint64_t)1387113236912611U, - (uint64_t)2125245820685788U, (uint64_t)1030674016350092U, (uint64_t)1594684598654247U, - (uint64_t)1165939511879820U, (uint64_t)271499323244173U, (uint64_t)546587254515484U, - (uint64_t)945603425742936U, (uint64_t)1242252568170226U, (uint64_t)561598728058142U, - (uint64_t)604827091794712U, (uint64_t)19869753585186U, (uint64_t)565367744708915U, - (uint64_t)536755754533603U, (uint64_t)1767258313589487U, (uint64_t)907952975936127U, - (uint64_t)292851652613937U, (uint64_t)163573546237963U, (uint64_t)837601408384564U, - (uint64_t)591996990118301U, (uint64_t)2126051747693057U, (uint64_t)182247548824566U, - (uint64_t)908369044122868U, (uint64_t)1335442699947273U, (uint64_t)2234292296528612U, - (uint64_t)689537529333034U, (uint64_t)2174778663790714U, (uint64_t)1011407643592667U, - (uint64_t)1856130618715473U, (uint64_t)1557437221651741U, (uint64_t)2250285407006102U, - (uint64_t)1412384213410827U, (uint64_t)1428042038612456U, (uint64_t)962709733973660U, - (uint64_t)313995703125919U, (uint64_t)1844969155869325U, (uint64_t)787716782673657U, - (uint64_t)622504542173478U, (uint64_t)930119043384654U, (uint64_t)2128870043952488U, - (uint64_t)537781531479523U, (uint64_t)1556666269904940U, (uint64_t)417333635741346U, - (uint64_t)1986743846438415U, (uint64_t)877620478041197U, (uint64_t)2205624582983829U, - (uint64_t)595260668884488U, (uint64_t)2025159350373157U, (uint64_t)2091659716088235U, - (uint64_t)1423634716596391U, (uint64_t)653686638634080U, (uint64_t)1972388399989956U, - (uint64_t)795575741798014U, (uint64_t)889240107997846U, (uint64_t)1446156876910732U, - (uint64_t)1028507012221776U, (uint64_t)1071697574586478U, (uint64_t)1689630411899691U, - (uint64_t)604092816502174U, (uint64_t)1909917373896122U, (uint64_t)1602544877643837U, - (uint64_t)1227177032923867U, (uint64_t)62684197535630U, (uint64_t)186146290753883U, - (uint64_t)414449055316766U, (uint64_t)1560555880866750U, (uint64_t)157579947096755U, - (uint64_t)230526795502384U, (uint64_t)1197673369665894U, (uint64_t)593779215869037U, - (uint64_t)214638834474097U, (uint64_t)1796344443484478U, (uint64_t)493550548257317U, - (uint64_t)1628442824033694U, (uint64_t)1410811655893495U, (uint64_t)1009361960995171U, - (uint64_t)604736219740352U, (uint64_t)392445928555351U, (uint64_t)1254295770295706U, - (uint64_t)1958074535046128U, (uint64_t)508699942241019U, (uint64_t)739405911261325U, - (uint64_t)1678760393882409U, (uint64_t)517763708545996U, (uint64_t)640040257898722U, - (uint64_t)384966810872913U, (uint64_t)407454748380128U, (uint64_t)152604679407451U, - (uint64_t)185102854927662U, (uint64_t)1448175503649595U, (uint64_t)100328519208674U, - (uint64_t)1153263667012830U, (uint64_t)1643926437586490U, (uint64_t)609632142834154U, - (uint64_t)980984004749261U, (uint64_t)855290732258779U, (uint64_t)2186022163021506U, - (uint64_t)1254052618626070U, (uint64_t)1850030517182611U, (uint64_t)162348933090207U, - (uint64_t)1948712273679932U, (uint64_t)1331832516262191U, (uint64_t)1219400369175863U, - (uint64_t)89689036937483U, (uint64_t)1554886057235815U, (uint64_t)1520047528432789U, - (uint64_t)81263957652811U, (uint64_t)146612464257008U, (uint64_t)2207945627164163U, - (uint64_t)919846660682546U, (uint64_t)1925694087906686U, (uint64_t)2102027292388012U, - (uint64_t)887992003198635U, (uint64_t)1817924871537027U, (uint64_t)746660005584342U, - (uint64_t)753757153275525U, (uint64_t)91394270908699U, (uint64_t)511837226544151U, - (uint64_t)736341543649373U, (uint64_t)1256371121466367U, (uint64_t)1977778299551813U, - (uint64_t)817915174462263U, (uint64_t)1602323381418035U, (uint64_t)190035164572930U, - (uint64_t)603796401391181U, (uint64_t)2152666873671669U, (uint64_t)1813900316324112U, - (uint64_t)1292622433358041U, (uint64_t)888439870199892U, (uint64_t)978918155071994U, - (uint64_t)534184417909805U, (uint64_t)466460084317313U, (uint64_t)1275223140288685U, - (uint64_t)786407043883517U, (uint64_t)1620520623925754U, (uint64_t)1753625021290269U, - (uint64_t)751937175104525U, (uint64_t)905301961820613U, (uint64_t)697059847245437U, - (uint64_t)584919033981144U, (uint64_t)1272165506533156U, (uint64_t)1532180021450866U, - (uint64_t)1901407354005301U, (uint64_t)1421319720492586U, (uint64_t)2179081609765456U, - (uint64_t)2193253156667632U, (uint64_t)1080248329608584U, (uint64_t)2158422436462066U, - (uint64_t)759167597017850U, (uint64_t)545759071151285U, (uint64_t)641600428493698U, - (uint64_t)943791424499848U, (uint64_t)469571542427864U, (uint64_t)951117845222467U, - (uint64_t)1780538594373407U, (uint64_t)614611122040309U, (uint64_t)1354826131886963U, - (uint64_t)221898131992340U, (uint64_t)1145699723916219U, (uint64_t)798735379961769U, - (uint64_t)1843560518208287U, (uint64_t)1424523160161545U, (uint64_t)205549016574779U, - (uint64_t)2239491587362749U, (uint64_t)1918363582399888U, (uint64_t)1292183072788455U, - (uint64_t)1783513123192567U, (uint64_t)1584027954317205U, (uint64_t)1890421443925740U, - (uint64_t)1718459319874929U, (uint64_t)1522091040748809U, (uint64_t)399467600667219U, - (uint64_t)1870973059066576U, (uint64_t)287514433150348U, (uint64_t)1397845311152885U, - (uint64_t)1880440629872863U, (uint64_t)709302939340341U, (uint64_t)1813571361109209U, - (uint64_t)86598795876860U, (uint64_t)1146964554310612U, (uint64_t)1590956584862432U, - (uint64_t)2097004628155559U, (uint64_t)656227622102390U, (uint64_t)1808500445541891U, - (uint64_t)958336726523135U, (uint64_t)2007604569465975U, (uint64_t)313504950390997U, - (uint64_t)1399686004953620U, (uint64_t)1759732788465234U, (uint64_t)1562539721055836U, - (uint64_t)1575722765016293U, (uint64_t)793318366641259U, (uint64_t)443876859384887U, - (uint64_t)547308921989704U, (uint64_t)636698687503328U, (uint64_t)2179175835287340U, - (uint64_t)498333551718258U, (uint64_t)932248760026176U, (uint64_t)1612395686304653U, - (uint64_t)2179774103745626U, (uint64_t)1359658123541018U, (uint64_t)171488501802442U, - (uint64_t)1625034951791350U, (uint64_t)520196922773633U, (uint64_t)1873787546341877U, - (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5[640U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U, - (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U, - (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U, - (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U, - (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U, - (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U, - (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U, - (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U, - (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U, - (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U, - (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U, - (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U, - (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U, - (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U, - (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U, - (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U, - (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U, - (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U, - (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U, - (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U, - (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U, - (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U, - (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U, - (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U, - (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U, - (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U, - (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U, - (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U, - (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U, - (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U, - (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U, - (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U, - (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U, - (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U, - (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U, - (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U, - (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U, - (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U, - (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U, - (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U, - (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U, - (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U, - (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U, - (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U, - (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U, - (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U, - (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U, - (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U, - (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U, - (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U, - (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U, - (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U, - (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U, - (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U, - (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U, - (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U, - (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U, - (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U, - (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U, - (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U, - (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U, - (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U, - (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U, - (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U, - (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U, - (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U, - (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U, - (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U, - (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U, - (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U, - (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U, - (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U, - (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U, - (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U, - (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U, - (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U, - (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U, - (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U, - (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U, - (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U, - (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U, - (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U, - (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U, - (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U, - (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U, - (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U, - (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U, - (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U, - (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U, - (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U, - (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U, - (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U, - (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U, - (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U, - (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U, - (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U, - (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U, - (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U, - (uint64_t)1873264887608046U, (uint64_t)890877152910775U, (uint64_t)983226445635730U, - (uint64_t)44873798519521U, (uint64_t)697147127512130U, (uint64_t)961631038239304U, - (uint64_t)709966160696826U, (uint64_t)1706677689540366U, (uint64_t)502782733796035U, - (uint64_t)812545535346033U, (uint64_t)1693622521296452U, (uint64_t)1955813093002510U, - (uint64_t)1259937612881362U, (uint64_t)1873032503803559U, (uint64_t)1140330566016428U, - (uint64_t)1675726082440190U, (uint64_t)60029928909786U, (uint64_t)170335608866763U, - (uint64_t)766444312315022U, (uint64_t)2025049511434113U, (uint64_t)2200845622430647U, - (uint64_t)1201269851450408U, (uint64_t)590071752404907U, (uint64_t)1400995030286946U, - (uint64_t)2152637413853822U, (uint64_t)2108495473841983U, (uint64_t)3855406710349U, - (uint64_t)1726137673168580U, (uint64_t)51004317200100U, (uint64_t)1749082328586939U, - (uint64_t)1704088976144558U, (uint64_t)1977318954775118U, (uint64_t)2062602253162400U, - (uint64_t)948062503217479U, (uint64_t)361953965048030U, (uint64_t)1528264887238440U, - (uint64_t)62582552172290U, (uint64_t)2241602163389280U, (uint64_t)156385388121765U, - (uint64_t)2124100319761492U, (uint64_t)388928050571382U, (uint64_t)1556123596922727U, - (uint64_t)979310669812384U, (uint64_t)113043855206104U, (uint64_t)2023223924825469U, - (uint64_t)643651703263034U, (uint64_t)2234446903655540U, (uint64_t)1577241261424997U, - (uint64_t)860253174523845U, (uint64_t)1691026473082448U, (uint64_t)1091672764933872U, - (uint64_t)1957463109756365U, (uint64_t)530699502660193U, (uint64_t)349587141723569U, - (uint64_t)674661681919563U, (uint64_t)1633727303856240U, (uint64_t)708909037922144U, - (uint64_t)2160722508518119U, (uint64_t)1302188051602540U, (uint64_t)976114603845777U, - (uint64_t)120004758721939U, (uint64_t)1681630708873780U, (uint64_t)622274095069244U, - (uint64_t)1822346309016698U, (uint64_t)1100921177951904U, (uint64_t)2216952659181677U, - (uint64_t)1844020550362490U, (uint64_t)1976451368365774U, (uint64_t)1321101422068822U, - (uint64_t)1189859436282668U, (uint64_t)2008801879735257U, (uint64_t)2219413454333565U, - (uint64_t)424288774231098U, (uint64_t)359793146977912U, (uint64_t)270293357948703U, - (uint64_t)587226003677000U, (uint64_t)1482071926139945U, (uint64_t)1419630774650359U, - (uint64_t)1104739070570175U, (uint64_t)1662129023224130U, (uint64_t)1609203612533411U, - (uint64_t)1250932720691980U, (uint64_t)95215711818495U, (uint64_t)498746909028150U, - (uint64_t)158151296991874U, (uint64_t)1201379988527734U, (uint64_t)561599945143989U, - (uint64_t)2211577425617888U, (uint64_t)2166577612206324U, (uint64_t)1057590354233512U, - (uint64_t)1968123280416769U, (uint64_t)1316586165401313U, (uint64_t)762728164447634U, - (uint64_t)2045395244316047U, (uint64_t)1531796898725716U, (uint64_t)315385971670425U, - (uint64_t)1109421039396756U, (uint64_t)2183635256408562U, (uint64_t)1896751252659461U, - (uint64_t)840236037179080U, (uint64_t)796245792277211U, (uint64_t)508345890111193U, - (uint64_t)1275386465287222U, (uint64_t)513560822858784U, (uint64_t)1784735733120313U, - (uint64_t)1346467478899695U, (uint64_t)601125231208417U, (uint64_t)701076661112726U, - (uint64_t)1841998436455089U, (uint64_t)1156768600940434U, (uint64_t)1967853462343221U, - (uint64_t)2178318463061452U, (uint64_t)481885520752741U, (uint64_t)675262828640945U, - (uint64_t)1033539418596582U, (uint64_t)1743329872635846U, (uint64_t)159322641251283U, - (uint64_t)1573076470127113U, (uint64_t)954827619308195U, (uint64_t)778834750662635U, - (uint64_t)619912782122617U, (uint64_t)515681498488209U, (uint64_t)1675866144246843U, - (uint64_t)811716020969981U, (uint64_t)1125515272217398U, (uint64_t)1398917918287342U, - (uint64_t)1301680949183175U, (uint64_t)726474739583734U, (uint64_t)587246193475200U, - (uint64_t)1096581582611864U, (uint64_t)1469911826213486U, (uint64_t)1990099711206364U, - (uint64_t)1256496099816508U, (uint64_t)2019924615195672U, (uint64_t)1251232456707555U, - (uint64_t)2042971196009755U, (uint64_t)214061878479265U, (uint64_t)115385726395472U, - (uint64_t)1677875239524132U, (uint64_t)756888883383540U, (uint64_t)1153862117756233U, - (uint64_t)503391530851096U, (uint64_t)946070017477513U, (uint64_t)1878319040542579U, - (uint64_t)1101349418586920U, (uint64_t)793245696431613U, (uint64_t)397920495357645U, - (uint64_t)2174023872951112U, (uint64_t)1517867915189593U, (uint64_t)1829855041462995U, - (uint64_t)1046709983503619U, (uint64_t)424081940711857U, (uint64_t)2112438073094647U, - (uint64_t)1504338467349861U, (uint64_t)2244574127374532U, (uint64_t)2136937537441911U, - (uint64_t)1741150838990304U, (uint64_t)25894628400571U, (uint64_t)512213526781178U, - (uint64_t)1168384260796379U, (uint64_t)1424607682379833U, (uint64_t)938677789731564U, - (uint64_t)872882241891896U, (uint64_t)1713199397007700U, (uint64_t)1410496326218359U, - (uint64_t)854379752407031U, (uint64_t)465141611727634U, (uint64_t)315176937037857U, - (uint64_t)1020115054571233U, (uint64_t)1856290111077229U, (uint64_t)2028366269898204U, - (uint64_t)1432980880307543U, (uint64_t)469932710425448U, (uint64_t)581165267592247U, - (uint64_t)496399148156603U, (uint64_t)2063435226705903U, (uint64_t)2116841086237705U, - (uint64_t)498272567217048U, (uint64_t)1829438076967906U, (uint64_t)1573925801278491U, - (uint64_t)460763576329867U, (uint64_t)1705264723728225U, (uint64_t)999514866082412U, - (uint64_t)29635061779362U, (uint64_t)1884233592281020U, (uint64_t)1449755591461338U, - (uint64_t)42579292783222U, (uint64_t)1869504355369200U, (uint64_t)495506004805251U, - (uint64_t)264073104888427U, (uint64_t)2088880861028612U, (uint64_t)104646456386576U, - (uint64_t)1258445191399967U, (uint64_t)1348736801545799U, (uint64_t)2068276361286613U, - (uint64_t)884897216646374U, (uint64_t)922387476801376U, (uint64_t)1043886580402805U, - (uint64_t)1240883498470831U, (uint64_t)1601554651937110U, (uint64_t)804382935289482U, - (uint64_t)512379564477239U, (uint64_t)1466384519077032U, (uint64_t)1280698500238386U, - (uint64_t)211303836685749U, (uint64_t)2081725624793803U, (uint64_t)545247644516879U, - (uint64_t)215313359330384U, (uint64_t)286479751145614U, (uint64_t)2213650281751636U, - (uint64_t)2164927945999874U, (uint64_t)2072162991540882U, (uint64_t)1443769115444779U, - (uint64_t)1581473274363095U, (uint64_t)434633875922699U, (uint64_t)340456055781599U, - (uint64_t)373043091080189U, (uint64_t)839476566531776U, (uint64_t)1856706858509978U, - (uint64_t)931616224909153U, (uint64_t)1888181317414065U, (uint64_t)213654322650262U, - (uint64_t)1161078103416244U, (uint64_t)1822042328851513U, (uint64_t)915817709028812U, - (uint64_t)1828297056698188U, (uint64_t)1212017130909403U, (uint64_t)60258343247333U, - (uint64_t)342085800008230U, (uint64_t)930240559508270U, (uint64_t)1549884999174952U, - (uint64_t)809895264249462U, (uint64_t)184726257947682U, (uint64_t)1157065433504828U, - (uint64_t)1209999630381477U, (uint64_t)999920399374391U, (uint64_t)1714770150788163U, - (uint64_t)2026130985413228U, (uint64_t)506776632883140U, (uint64_t)1349042668246528U, - (uint64_t)1937232292976967U, (uint64_t)942302637530730U, (uint64_t)160211904766226U, - (uint64_t)1042724500438571U, (uint64_t)212454865139142U, (uint64_t)244104425172642U, - (uint64_t)1376990622387496U, (uint64_t)76126752421227U, (uint64_t)1027540886376422U, - (uint64_t)1912210655133026U, (uint64_t)13410411589575U, (uint64_t)1475856708587773U, - (uint64_t)615563352691682U, (uint64_t)1446629324872644U, (uint64_t)1683670301784014U, - (uint64_t)1049873327197127U, (uint64_t)1826401704084838U, (uint64_t)2032577048760775U, - (uint64_t)1922203607878853U, (uint64_t)836708788764806U, (uint64_t)2193084654695012U, - (uint64_t)1342923183256659U, (uint64_t)849356986294271U, (uint64_t)1228863973965618U, - (uint64_t)94886161081867U, (uint64_t)1423288430204892U, (uint64_t)2016167528707016U, - (uint64_t)1633187660972877U, (uint64_t)1550621242301752U, (uint64_t)340630244512994U, - (uint64_t)2103577710806901U, (uint64_t)221625016538931U, (uint64_t)421544147350960U, - (uint64_t)580428704555156U, (uint64_t)1479831381265617U, (uint64_t)518057926544698U, - (uint64_t)955027348790630U, (uint64_t)1326749172561598U, (uint64_t)1118304625755967U, - (uint64_t)1994005916095176U, (uint64_t)1799757332780663U, (uint64_t)751343129396941U, - (uint64_t)1468672898746144U, (uint64_t)1451689964451386U, (uint64_t)755070293921171U, - (uint64_t)904857405877052U, (uint64_t)1276087530766984U, (uint64_t)403986562858511U, - (uint64_t)1530661255035337U, (uint64_t)1644972908910502U, (uint64_t)1370170080438957U, - (uint64_t)139839536695744U, (uint64_t)909930462436512U, (uint64_t)1899999215356933U, - (uint64_t)635992381064566U, (uint64_t)788740975837654U, (uint64_t)224241231493695U, - (uint64_t)1267090030199302U, (uint64_t)998908061660139U, (uint64_t)1784537499699278U, - (uint64_t)859195370018706U, (uint64_t)1953966091439379U, (uint64_t)2189271820076010U, - (uint64_t)2039067059943978U, (uint64_t)1526694380855202U, (uint64_t)2040321513194941U, - (uint64_t)329922071218689U, (uint64_t)1953032256401326U, (uint64_t)989631424403521U, - (uint64_t)328825014934242U, (uint64_t)9407151397696U, (uint64_t)63551373671268U, - (uint64_t)1624728632895792U, (uint64_t)1608324920739262U, (uint64_t)1178239350351945U, - (uint64_t)1198077399579702U, (uint64_t)277620088676229U, (uint64_t)1775359437312528U, - (uint64_t)1653558177737477U, (uint64_t)1652066043408850U, (uint64_t)1063359889686622U, - (uint64_t}; #if defined(__cplusplus) diff --git a/include/internal/Hacl_Frodo_KEM.h b/include/internal/Hacl_Frodo_KEM.h index 5d8f2a85..a4e2f62a 100644 --- a/include/internal/Hacl_Frodo_KEM.h +++ b/include/internal/Hacl_Frodo_KEM.h @@ -55,22 +55,22 @@ Hacl_Keccak_shake128_4x( uint8_t *output3 ) { - Hacl_SHA3_shake128_hacl(input_len, input0, output_len, output0); - Hacl_SHA3_shake128_hacl(input_len, input1, output_len, output1); - Hacl_SHA3_shake128_hacl(input_len, input2, output_len, output2); - Hacl_SHA3_shake128_hacl(input_len, input3, output_len, output3); + Hacl_Hash_SHA3_shake128_hacl(input_len, input0, output_len, output0); + Hacl_Hash_SHA3_shake128_hacl(input_len, input1, output_len, output1); + Hacl_Hash_SHA3_shake128_hacl(input_len, input2, output_len, output2); + Hacl_Hash_SHA3_shake128_hacl(input_len, input3, output_len, output3); } static inline void Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a) { - if (logq < (uint32_t)16U) + if (logq < 16U) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i = (uint32_t)0U; i < n2; i++) + for (uint32_t i = 0U; i < n2; i++) { - a[i0 * n2 + i] = a[i0 * n2 + i] & (((uint16_t)1U << logq) - (uint16_t)1U); + a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] & ((1U << logq) - 1U); } } return; @@ -80,11 +80,11 @@ Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a) static inline void Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i = (uint32_t)0U; i < n2; i++) + for (uint32_t i = 0U; i < n2; i++) { - a[i0 * n2 + i] = a[i0 * n2 + i] + b[i0 * n2 + i]; + a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] + (uint32_t)b[i0 * n2 + i]; } } } @@ -92,11 +92,11 @@ Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) static inline void Hacl_Impl_Matrix_matrix_sub(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i = (uint32_t)0U; i < n2; i++) + for (uint32_t i = 0U; i < n2; i++) { - b[i0 * n2 + i] = a[i0 * n2 + i] - b[i0 * n2 + i]; + b[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] - (uint32_t)b[i0 * n2 + i]; } } } @@ -111,17 +111,17 @@ Hacl_Impl_Matrix_matrix_mul( uint16_t *c ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++) + for (uint32_t i1 = 0U; i1 < n3; i1++) { - uint16_t res = (uint16_t)0U; - for (uint32_t i = (uint32_t)0U; i < n2; i++) + uint16_t res = 0U; + for (uint32_t i = 0U; i < n2; i++) { uint16_t aij = a[i0 * n2 + i]; uint16_t bjk = b[i * n3 + i1]; uint16_t res0 = res; - res = res0 + aij * bjk; + res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk; } c[i0 * n3 + i1] = res; } @@ -138,17 +138,17 @@ Hacl_Impl_Matrix_matrix_mul_s( uint16_t *c ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++) + for (uint32_t i1 = 0U; i1 < n3; i1++) { - uint16_t res = (uint16_t)0U; - for (uint32_t i = (uint32_t)0U; i < n2; i++) + uint16_t res = 0U; + for (uint32_t i = 0U; i < n2; i++) { uint16_t aij = a[i0 * n2 + i]; uint16_t bjk = b[i1 * n2 + i]; uint16_t res0 = res; - res = res0 + aij * bjk; + res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk; } c[i0 * n3 + i1] = res; } @@ -158,11 +158,11 @@ Hacl_Impl_Matrix_matrix_mul_s( static inline uint16_t Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) { - uint16_t res = (uint16_t)0xFFFFU; - for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++) + uint16_t res = 0xFFFFU; + for (uint32_t i = 0U; i < n1 * n2; i++) { uint16_t uu____0 = FStar_UInt16_eq_mask(a[i], b[i]); - res = uu____0 & res; + res = (uint32_t)uu____0 & (uint32_t)res; } uint16_t r = res; return r; @@ -171,19 +171,19 @@ Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) static inline void Hacl_Impl_Matrix_matrix_to_lbytes(uint32_t n1, uint32_t n2, uint16_t *m, uint8_t *res) { - for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++) + for (uint32_t i = 0U; i < n1 * n2; i++) { - store16_le(res + (uint32_t)2U * i, m[i]); + store16_le(res + 2U * i, m[i]); } } static inline void Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16_t *res) { - for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++) + for (uint32_t i = 0U; i < n1 * n2; i++) { uint16_t *os = res; - uint16_t u = load16_le(b + (uint32_t)2U * i); + uint16_t u = load16_le(b + 2U * i); uint16_t x = u; os[i] = x; } @@ -192,53 +192,53 @@ Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16 static inline void Hacl_Impl_Frodo_Gen_frodo_gen_matrix_shake_4x(uint32_t n, uint8_t *seed, uint16_t *res) { - KRML_CHECK_SIZE(sizeof (uint8_t), (uint32_t)8U * n); - uint8_t r[(uint32_t)8U * n]; - memset(r, 0U, (uint32_t)8U * n * sizeof (uint8_t)); + KRML_CHECK_SIZE(sizeof (uint8_t), 8U * n); + uint8_t r[8U * n]; + memset(r, 0U, 8U * n * sizeof (uint8_t)); uint8_t tmp_seed[72U] = { 0U }; - memcpy(tmp_seed + (uint32_t)2U, seed, (uint32_t)16U * sizeof (uint8_t)); - memcpy(tmp_seed + (uint32_t)20U, seed, (uint32_t)16U * sizeof (uint8_t)); - memcpy(tmp_seed + (uint32_t)38U, seed, (uint32_t)16U * sizeof (uint8_t)); - memcpy(tmp_seed + (uint32_t)56U, seed, (uint32_t)16U * sizeof (uint8_t)); + memcpy(tmp_seed + 2U, seed, 16U * sizeof (uint8_t)); + memcpy(tmp_seed + 20U, seed, 16U * sizeof (uint8_t)); + memcpy(tmp_seed + 38U, seed, 16U * sizeof (uint8_t)); + memcpy(tmp_seed + 56U, seed, 16U * sizeof (uint8_t)); memset(res, 0U, n * n * sizeof (uint16_t)); - for (uint32_t i = (uint32_t)0U; i < n / (uint32_t)4U; i++) + for (uint32_t i = 0U; i < n / 4U; i++) { - uint8_t *r0 = r + (uint32_t)0U * n; - uint8_t *r1 = r + (uint32_t)2U * n; - uint8_t *r2 = r + (uint32_t)4U * n; - uint8_t *r3 = r + (uint32_t)6U * n; + uint8_t *r0 = r + 0U * n; + uint8_t *r1 = r + 2U * n; + uint8_t *r2 = r + 4U * n; + uint8_t *r3 = r + 6U * n; uint8_t *tmp_seed0 = tmp_seed; - uint8_t *tmp_seed1 = tmp_seed + (uint32_t)18U; - uint8_t *tmp_seed2 = tmp_seed + (uint32_t)36U; - uint8_t *tmp_seed3 = tmp_seed + (uint32_t)54U; - store16_le(tmp_seed0, (uint16_t)((uint32_t)4U * i + (uint32_t)0U)); - store16_le(tmp_seed1, (uint16_t)((uint32_t)4U * i + (uint32_t)1U)); - store16_le(tmp_seed2, (uint16_t)((uint32_t)4U * i + (uint32_t)2U)); - store16_le(tmp_seed3, (uint16_t)((uint32_t)4U * i + (uint32_t)3U)); - Hacl_Keccak_shake128_4x((uint32_t)18U, + uint8_t *tmp_seed1 = tmp_seed + 18U; + uint8_t *tmp_seed2 = tmp_seed + 36U; + uint8_t *tmp_seed3 = tmp_seed + 54U; + store16_le(tmp_seed0, (uint16_t)(4U * i + 0U)); + store16_le(tmp_seed1, (uint16_t)(4U * i + 1U)); + store16_le(tmp_seed2, (uint16_t)(4U * i + 2U)); + store16_le(tmp_seed3, (uint16_t)(4U * i + 3U)); + Hacl_Keccak_shake128_4x(18U, tmp_seed0, tmp_seed1, tmp_seed2, tmp_seed3, - (uint32_t)2U * n, + 2U * n, r0, r1, r2, r3); - for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++) + for (uint32_t i0 = 0U; i0 < n; i0++) { - uint8_t *resij0 = r0 + i0 * (uint32_t)2U; - uint8_t *resij1 = r1 + i0 * (uint32_t)2U; - uint8_t *resij2 = r2 + i0 * (uint32_t)2U; - uint8_t *resij3 = r3 + i0 * (uint32_t)2U; + uint8_t *resij0 = r0 + i0 * 2U; + uint8_t *resij1 = r1 + i0 * 2U; + uint8_t *resij2 = r2 + i0 * 2U; + uint8_t *resij3 = r3 + i0 * 2U; uint16_t u = load16_le(resij0); - res[((uint32_t)4U * i + (uint32_t)0U) * n + i0] = u; + res[(4U * i + 0U) * n + i0] = u; uint16_t u0 = load16_le(resij1); - res[((uint32_t)4U * i + (uint32_t)1U) * n + i0] = u0; + res[(4U * i + 1U) * n + i0] = u0; uint16_t u1 = load16_le(resij2); - res[((uint32_t)4U * i + (uint32_t)2U) * n + i0] = u1; + res[(4U * i + 2U) * n + i0] = u1; uint16_t u2 = load16_le(resij3); - res[((uint32_t)4U * i + (uint32_t)3U) * n + i0] = u2; + res[(4U * i + 3U) * n + i0] = u2; } } } @@ -270,27 +270,19 @@ static const uint16_t Hacl_Impl_Frodo_Params_cdf_table640[13U] = { - (uint16_t)4643U, (uint16_t)13363U, (uint16_t)20579U, (uint16_t)25843U, (uint16_t)29227U, - (uint16_t)31145U, (uint16_t)32103U, (uint16_t)32525U, (uint16_t)32689U, (uint16_t)32745U, - (uint16_t)32762U, (uint16_t)32766U, (uint16_t)32767U + 4643U, 13363U, 20579U, 25843U, 29227U, 31145U, 32103U, 32525U, 32689U, 32745U, 32762U, 32766U, + 32767U }; static const uint16_t Hacl_Impl_Frodo_Params_cdf_table976[11U] = - { - (uint16_t)5638U, (uint16_t)15915U, (uint16_t)23689U, (uint16_t)28571U, (uint16_t)31116U, - (uint16_t)32217U, (uint16_t)32613U, (uint16_t)32731U, (uint16_t)32760U, (uint16_t)32766U, - (uint16_t)32767U - }; + { 5638U, 15915U, 23689U, 28571U, 31116U, 32217U, 32613U, 32731U, 32760U, 32766U, 32767U }; static const uint16_t Hacl_Impl_Frodo_Params_cdf_table1344[7U] = - { - (uint16_t)9142U, (uint16_t)23462U, (uint16_t)30338U, (uint16_t)32361U, (uint16_t)32725U, - (uint16_t)32765U, (uint16_t)32767U - }; + { 9142U, 23462U, 30338U, 32361U, 32725U, 32765U, 32767U }; static inline void Hacl_Impl_Frodo_Sample_frodo_sample_matrix64( @@ -301,26 +293,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix64( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)12U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 12U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -334,26 +326,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix640( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)12U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 12U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -367,26 +359,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix976( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)10U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 10U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table976[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -400,26 +392,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)6U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 6U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table1344[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -435,39 +427,34 @@ Hacl_Impl_Frodo_Pack_frodo_pack( uint8_t *res ) { - uint32_t n = n1 * n2 / (uint32_t)8U; - for (uint32_t i = (uint32_t)0U; i < n; i++) + uint32_t n = n1 * n2 / 8U; + for (uint32_t i = 0U; i < n; i++) { - uint16_t *a1 = a + (uint32_t)8U * i; + uint16_t *a1 = a + 8U * i; uint8_t *r = res + d * i; - uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U; + uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U; uint8_t v16[16U] = { 0U }; - uint16_t a0 = a1[0U] & maskd; - uint16_t a11 = a1[1U] & maskd; - uint16_t a2 = a1[2U] & maskd; - uint16_t a3 = a1[3U] & maskd; - uint16_t a4 = a1[4U] & maskd; - uint16_t a5 = a1[5U] & maskd; - uint16_t a6 = a1[6U] & maskd; - uint16_t a7 = a1[7U] & maskd; + uint16_t a0 = (uint32_t)a1[0U] & (uint32_t)maskd; + uint16_t a11 = (uint32_t)a1[1U] & (uint32_t)maskd; + uint16_t a2 = (uint32_t)a1[2U] & (uint32_t)maskd; + uint16_t a3 = (uint32_t)a1[3U] & (uint32_t)maskd; + uint16_t a4 = (uint32_t)a1[4U] & (uint32_t)maskd; + uint16_t a5 = (uint32_t)a1[5U] & (uint32_t)maskd; + uint16_t a6 = (uint32_t)a1[6U] & (uint32_t)maskd; + uint16_t a7 = (uint32_t)a1[7U] & (uint32_t)maskd; FStar_UInt128_uint128 templong = FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a0), - (uint32_t)7U * d), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11), - (uint32_t)6U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2), - (uint32_t)5U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3), - (uint32_t)4U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4), - (uint32_t)3U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5), - (uint32_t)2U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), (uint32_t)1U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), (uint32_t)0U * d)); + 7U * d), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11), 6U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2), 5U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3), 4U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4), 3U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5), 2U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), 1U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), 0U * d)); store128_be(v16, templong); - uint8_t *src = v16 + (uint32_t)16U - d; + uint8_t *src = v16 + 16U - d; memcpy(r, src, d * sizeof (uint8_t)); } } @@ -481,48 +468,48 @@ Hacl_Impl_Frodo_Pack_frodo_unpack( uint16_t *res ) { - uint32_t n = n1 * n2 / (uint32_t)8U; - for (uint32_t i = (uint32_t)0U; i < n; i++) + uint32_t n = n1 * n2 / 8U; + for (uint32_t i = 0U; i < n; i++) { uint8_t *b1 = b + d * i; - uint16_t *r = res + (uint32_t)8U * i; - uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U; + uint16_t *r = res + 8U * i; + uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U; uint8_t src[16U] = { 0U }; - memcpy(src + (uint32_t)16U - d, b1, d * sizeof (uint8_t)); + memcpy(src + 16U - d, b1, d * sizeof (uint8_t)); FStar_UInt128_uint128 u = load128_be(src); FStar_UInt128_uint128 templong = u; r[0U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)7U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 7U * d)) + & (uint32_t)maskd; r[1U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)6U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 6U * d)) + & (uint32_t)maskd; r[2U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)5U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 5U * d)) + & (uint32_t)maskd; r[3U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)4U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 4U * d)) + & (uint32_t)maskd; r[4U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)3U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 3U * d)) + & (uint32_t)maskd; r[5U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)2U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 2U * d)) + & (uint32_t)maskd; r[6U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)1U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 1U * d)) + & (uint32_t)maskd; r[7U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)0U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 0U * d)) + & (uint32_t)maskd; } } @@ -535,7 +522,7 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode( uint16_t *res ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++) + for (uint32_t i0 = 0U; i0 < n; i0++) { uint8_t v8[8U] = { 0U }; uint8_t *chunk = a + i0 * b; @@ -544,11 +531,11 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode( uint64_t x = u; uint64_t x0 = x; KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - uint64_t rk = x0 >> b * i & (((uint64_t)1U << b) - (uint64_t)1U); - res[i0 * n + i] = (uint16_t)rk << (logq - b);); + 0U, + 8U, + 1U, + uint64_t rk = x0 >> b * i & ((1ULL << b) - 1ULL); + res[i0 * n + i] = (uint32_t)(uint16_t)rk << (logq - b);); } } @@ -561,16 +548,16 @@ Hacl_Impl_Frodo_Encode_frodo_key_decode( uint8_t *res ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++) + for (uint32_t i0 = 0U; i0 < n; i0++) { - uint64_t templong = (uint64_t)0U; + uint64_t templong = 0ULL; KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, + 0U, + 8U, + 1U, uint16_t aik = a[i0 * n + i]; - uint16_t res1 = (aik + ((uint16_t)1U << (logq - b - (uint32_t)1U))) >> (logq - b); - templong = templong | (uint64_t)(res1 & (((uint16_t)1U << b) - (uint16_t)1U)) << b * i;); + uint16_t res1 = (((uint32_t)aik + (1U << (logq - b - 1U))) & 0xFFFFU) >> (logq - b); + templong = templong | (uint64_t)((uint32_t)res1 & ((1U << b) - 1U)) << b * i;); uint64_t templong0 = templong; uint8_t v8[8U] = { 0U }; store64_le(v8, templong0); diff --git a/include/internal/Hacl_Hash_Blake2.h b/include/internal/Hacl_HMAC.h similarity index 82% rename from include/internal/Hacl_Hash_Blake2.h rename to include/internal/Hacl_HMAC.h index 8f308bd9..ad344c4c 100644 --- a/include/internal/Hacl_Hash_Blake2.h +++ b/include/internal/Hacl_HMAC.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_Hash_Blake2_H -#define __internal_Hacl_Hash_Blake2_H +#ifndef __internal_Hacl_HMAC_H +#define __internal_Hacl_HMAC_H #if defined(__cplusplus) extern "C" { @@ -35,8 +35,12 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "internal/Hacl_Impl_Blake2_Constants.h" -#include "../Hacl_Hash_Blake2.h" +#include "internal/Hacl_Krmllib.h" +#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_Hash_SHA1.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" +#include "../Hacl_HMAC.h" typedef struct K___uint32_t_uint32_t_s { @@ -49,5 +53,5 @@ K___uint32_t_uint32_t; } #endif -#define __internal_Hacl_Hash_Blake2_H_DEFINED +#define __internal_Hacl_HMAC_H_DEFINED #endif diff --git a/include/internal/Hacl_Hash_Blake2b.h b/include/internal/Hacl_Hash_Blake2b.h new file mode 100644 index 00000000..21689d60 --- /dev/null +++ b/include/internal/Hacl_Hash_Blake2b.h @@ -0,0 +1,70 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_Hash_Blake2b_H +#define __internal_Hacl_Hash_Blake2b_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2b.h" + +void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn); + +void +Hacl_Hash_Blake2b_update_multi( + uint32_t len, + uint64_t *wv, + uint64_t *hash, + FStar_UInt128_uint128 prev, + uint8_t *blocks, + uint32_t nb +); + +void +Hacl_Hash_Blake2b_update_last( + uint32_t len, + uint64_t *wv, + uint64_t *hash, + FStar_UInt128_uint128 prev, + uint32_t rem, + uint8_t *d +); + +void Hacl_Hash_Blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash); + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_Hash_Blake2b_H_DEFINED +#endif diff --git a/include/Hacl_Hash_Blake2b_256.h b/include/internal/Hacl_Hash_Blake2b_Simd256.h similarity index 61% rename from include/Hacl_Hash_Blake2b_256.h rename to include/internal/Hacl_Hash_Blake2b_Simd256.h index 88bf9ab2..4cc07869 100644 --- a/include/Hacl_Hash_Blake2b_256.h +++ b/include/internal/Hacl_Hash_Blake2b_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Hash_Blake2b_256_H -#define __Hacl_Hash_Blake2b_256_H +#ifndef __internal_Hacl_Hash_Blake2b_Simd256_H +#define __internal_Hacl_Hash_Blake2b_Simd256_H #if defined(__cplusplus) extern "C" { @@ -35,24 +35,15 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" -#include "Hacl_Krmllib.h" +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2b_Simd256.h" #include "libintvector.h" void -Hacl_Blake2b_256_blake2b_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn); +Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn); void -Hacl_Blake2b_256_blake2b_update_key( - Lib_IntVector_Intrinsics_vec256 *wv, - Lib_IntVector_Intrinsics_vec256 *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2b_256_blake2b_update_multi( +Hacl_Hash_Blake2b_Simd256_update_multi( uint32_t len, Lib_IntVector_Intrinsics_vec256 *wv, Lib_IntVector_Intrinsics_vec256 *hash, @@ -62,7 +53,7 @@ Hacl_Blake2b_256_blake2b_update_multi( ); void -Hacl_Blake2b_256_blake2b_update_last( +Hacl_Hash_Blake2b_Simd256_update_last( uint32_t len, Lib_IntVector_Intrinsics_vec256 *wv, Lib_IntVector_Intrinsics_vec256 *hash, @@ -72,49 +63,29 @@ Hacl_Blake2b_256_blake2b_update_last( ); void -Hacl_Blake2b_256_blake2b_finish( +Hacl_Hash_Blake2b_Simd256_finish( uint32_t nn, uint8_t *output, Lib_IntVector_Intrinsics_vec256 *hash ); -/** -Write the BLAKE2b digest of message `d` using key `k` into `output`. - -@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2b_256_blake2b( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - void -Hacl_Blake2b_256_load_state256b_from_state32( +Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32( Lib_IntVector_Intrinsics_vec256 *st, uint64_t *st32 ); void -Hacl_Blake2b_256_store_state256b_to_state32( +Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32( uint64_t *st32, Lib_IntVector_Intrinsics_vec256 *st ); -Lib_IntVector_Intrinsics_vec256 *Hacl_Blake2b_256_blake2b_malloc(void); +Lib_IntVector_Intrinsics_vec256 *Hacl_Hash_Blake2b_Simd256_malloc_with_key(void); #if defined(__cplusplus) } #endif -#define __Hacl_Hash_Blake2b_256_H_DEFINED +#define __internal_Hacl_Hash_Blake2b_Simd256_H_DEFINED #endif diff --git a/include/internal/Hacl_Hash_Blake2s.h b/include/internal/Hacl_Hash_Blake2s.h new file mode 100644 index 00000000..f814aa95 --- /dev/null +++ b/include/internal/Hacl_Hash_Blake2s.h @@ -0,0 +1,70 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_Hash_Blake2s_H +#define __internal_Hacl_Hash_Blake2s_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2s.h" + +void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn); + +void +Hacl_Hash_Blake2s_update_multi( + uint32_t len, + uint32_t *wv, + uint32_t *hash, + uint64_t prev, + uint8_t *blocks, + uint32_t nb +); + +void +Hacl_Hash_Blake2s_update_last( + uint32_t len, + uint32_t *wv, + uint32_t *hash, + uint64_t prev, + uint32_t rem, + uint8_t *d +); + +void Hacl_Hash_Blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash); + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_Hash_Blake2s_H_DEFINED +#endif diff --git a/include/msvc/Hacl_Hash_Blake2s_128.h b/include/internal/Hacl_Hash_Blake2s_Simd128.h similarity index 61% rename from include/msvc/Hacl_Hash_Blake2s_128.h rename to include/internal/Hacl_Hash_Blake2s_Simd128.h index 0e424152..0589aec5 100644 --- a/include/msvc/Hacl_Hash_Blake2s_128.h +++ b/include/internal/Hacl_Hash_Blake2s_Simd128.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Hash_Blake2s_128_H -#define __Hacl_Hash_Blake2s_128_H +#ifndef __internal_Hacl_Hash_Blake2s_Simd128_H +#define __internal_Hacl_Hash_Blake2s_Simd128_H #if defined(__cplusplus) extern "C" { @@ -35,23 +35,15 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2s_Simd128.h" #include "libintvector.h" void -Hacl_Blake2s_128_blake2s_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn); +Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn); void -Hacl_Blake2s_128_blake2s_update_key( - Lib_IntVector_Intrinsics_vec128 *wv, - Lib_IntVector_Intrinsics_vec128 *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2s_128_blake2s_update_multi( +Hacl_Hash_Blake2s_Simd128_update_multi( uint32_t len, Lib_IntVector_Intrinsics_vec128 *wv, Lib_IntVector_Intrinsics_vec128 *hash, @@ -61,7 +53,7 @@ Hacl_Blake2s_128_blake2s_update_multi( ); void -Hacl_Blake2s_128_blake2s_update_last( +Hacl_Hash_Blake2s_Simd128_update_last( uint32_t len, Lib_IntVector_Intrinsics_vec128 *wv, Lib_IntVector_Intrinsics_vec128 *hash, @@ -71,49 +63,29 @@ Hacl_Blake2s_128_blake2s_update_last( ); void -Hacl_Blake2s_128_blake2s_finish( +Hacl_Hash_Blake2s_Simd128_finish( uint32_t nn, uint8_t *output, Lib_IntVector_Intrinsics_vec128 *hash ); -/** -Write the BLAKE2s digest of message `d` using key `k` into `output`. - -@param nn Length of to-be-generated digest with 1 <= `nn` <= 32. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2s_128_blake2s( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - void -Hacl_Blake2s_128_store_state128s_to_state32( +Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32( uint32_t *st32, Lib_IntVector_Intrinsics_vec128 *st ); void -Hacl_Blake2s_128_load_state128s_from_state32( +Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32( Lib_IntVector_Intrinsics_vec128 *st, uint32_t *st32 ); -Lib_IntVector_Intrinsics_vec128 *Hacl_Blake2s_128_blake2s_malloc(void); +Lib_IntVector_Intrinsics_vec128 *Hacl_Hash_Blake2s_Simd128_malloc_with_key(void); #if defined(__cplusplus) } #endif -#define __Hacl_Hash_Blake2s_128_H_DEFINED +#define __internal_Hacl_Hash_Blake2s_Simd128_H_DEFINED #endif diff --git a/include/internal/Hacl_Hash_MD5.h b/include/internal/Hacl_Hash_MD5.h index 7fd567f3..dd77aaf1 100644 --- a/include/internal/Hacl_Hash_MD5.h +++ b/include/internal/Hacl_Hash_MD5.h @@ -37,21 +37,16 @@ extern "C" { #include "../Hacl_Hash_MD5.h" -void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s); +void Hacl_Hash_MD5_init(uint32_t *s); -void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst); +void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst); -void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); +void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); void -Hacl_Hash_MD5_legacy_update_last( - uint32_t *s, - uint64_t prev_len, - uint8_t *input, - uint32_t input_len -); - -void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len); + +void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/internal/Hacl_Hash_SHA1.h b/include/internal/Hacl_Hash_SHA1.h index 72cf492c..ed53be55 100644 --- a/include/internal/Hacl_Hash_SHA1.h +++ b/include/internal/Hacl_Hash_SHA1.h @@ -37,21 +37,16 @@ extern "C" { #include "../Hacl_Hash_SHA1.h" -void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s); +void Hacl_Hash_SHA1_init(uint32_t *s); -void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst); +void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst); -void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); +void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); void -Hacl_Hash_SHA1_legacy_update_last( - uint32_t *s, - uint64_t prev_len, - uint8_t *input, - uint32_t input_len -); - -void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len); + +void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/internal/Hacl_Hash_SHA2.h b/include/internal/Hacl_Hash_SHA2.h index bbffdc50..7dade3f3 100644 --- a/include/internal/Hacl_Hash_SHA2.h +++ b/include/internal/Hacl_Hash_SHA2.h @@ -40,141 +40,121 @@ extern "C" { static const uint32_t -Hacl_Impl_SHA2_Generic_h224[8U] = +Hacl_Hash_SHA2_h224[8U] = { - (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U, - (uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U + 0xc1059ed8U, 0x367cd507U, 0x3070dd17U, 0xf70e5939U, 0xffc00b31U, 0x68581511U, 0x64f98fa7U, + 0xbefa4fa4U }; static const uint32_t -Hacl_Impl_SHA2_Generic_h256[8U] = +Hacl_Hash_SHA2_h256[8U] = { - (uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU, - (uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U + 0x6a09e667U, 0xbb67ae85U, 0x3c6ef372U, 0xa54ff53aU, 0x510e527fU, 0x9b05688cU, 0x1f83d9abU, + 0x5be0cd19U }; static const uint64_t -Hacl_Impl_SHA2_Generic_h384[8U] = +Hacl_Hash_SHA2_h384[8U] = { - (uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U, - (uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U, - (uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U + 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL }; static const uint64_t -Hacl_Impl_SHA2_Generic_h512[8U] = +Hacl_Hash_SHA2_h512[8U] = { - (uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU, - (uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU, - (uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; static const uint32_t -Hacl_Impl_SHA2_Generic_k224_256[64U] = +Hacl_Hash_SHA2_k224_256[64U] = { - (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U, - (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U, - (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U, - (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U, - (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU, - (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU, - (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U, - (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U, - (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U, - (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U, - (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U, - (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U, - (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U, - (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U, - (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U, - (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U + 0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U, + 0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU, + 0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU, + 0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U, + 0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU, + 0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU, + 0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U, + 0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U, + 0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U, + 0xc67178f2U }; static const uint64_t -Hacl_Impl_SHA2_Generic_k384_512[80U] = +Hacl_Hash_SHA2_k384_512[80U] = { - (uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU, - (uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U, - (uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U, - (uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U, - (uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U, - (uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U, - (uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U, - (uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U, - (uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU, - (uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U, - (uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU, - (uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU, - (uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U, - (uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U, - (uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U, - (uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U, - (uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U, - (uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU, - (uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU, - (uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU, - (uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U, - (uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U, - (uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU, - (uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU, - (uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU, - (uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU, - (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL }; -void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash); +void Hacl_Hash_SHA2_sha256_init(uint32_t *hash); -void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st); +void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st); void -Hacl_SHA2_Scalar32_sha256_update_last( - uint64_t totlen, - uint32_t len, - uint8_t *b, - uint32_t *hash -); +Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash); -void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h); -void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash); +void Hacl_Hash_SHA2_sha224_init(uint32_t *hash); void -Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st); +Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st); -void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h); -void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash); +void Hacl_Hash_SHA2_sha512_init(uint64_t *hash); -void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); +void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); void -Hacl_SHA2_Scalar32_sha512_update_last( +Hacl_Hash_SHA2_sha512_update_last( FStar_UInt128_uint128 totlen, uint32_t len, uint8_t *b, uint64_t *hash ); -void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h); -void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash); +void Hacl_Hash_SHA2_sha384_init(uint64_t *hash); -void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); +void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); void -Hacl_SHA2_Scalar32_sha384_update_last( +Hacl_Hash_SHA2_sha384_update_last( FStar_UInt128_uint128 totlen, uint32_t len, uint8_t *b, uint64_t *st ); -void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h); #if defined(__cplusplus) } diff --git a/include/internal/Hacl_Hash_SHA3.h b/include/internal/Hacl_Hash_SHA3.h index 6f53d37c..1c8129fb 100644 --- a/include/internal/Hacl_Hash_SHA3.h +++ b/include/internal/Hacl_Hash_SHA3.h @@ -53,9 +53,9 @@ Hacl_Hash_SHA3_update_last_sha3( uint32_t input_len ); -void Hacl_Impl_SHA3_state_permute(uint64_t *s); +void Hacl_Hash_SHA3_state_permute(uint64_t *s); -void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s); +void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s); #if defined(__cplusplus) } diff --git a/include/internal/Hacl_Impl_Blake2_Constants.h b/include/internal/Hacl_Impl_Blake2_Constants.h index 185317ba..aedc2486 100644 --- a/include/internal/Hacl_Impl_Blake2_Constants.h +++ b/include/internal/Hacl_Impl_Blake2_Constants.h @@ -37,52 +37,32 @@ extern "C" { static const uint32_t -Hacl_Impl_Blake2_Constants_sigmaTable[160U] = +Hacl_Hash_Blake2s_sigmaTable[160U] = { - (uint32_t)0U, (uint32_t)1U, (uint32_t)2U, (uint32_t)3U, (uint32_t)4U, (uint32_t)5U, - (uint32_t)6U, (uint32_t)7U, (uint32_t)8U, (uint32_t)9U, (uint32_t)10U, (uint32_t)11U, - (uint32_t)12U, (uint32_t)13U, (uint32_t)14U, (uint32_t)15U, (uint32_t)14U, (uint32_t)10U, - (uint32_t)4U, (uint32_t)8U, (uint32_t)9U, (uint32_t)15U, (uint32_t)13U, (uint32_t)6U, - (uint32_t)1U, (uint32_t)12U, (uint32_t)0U, (uint32_t)2U, (uint32_t)11U, (uint32_t)7U, - (uint32_t)5U, (uint32_t)3U, (uint32_t)11U, (uint32_t)8U, (uint32_t)12U, (uint32_t)0U, - (uint32_t)5U, (uint32_t)2U, (uint32_t)15U, (uint32_t)13U, (uint32_t)10U, (uint32_t)14U, - (uint32_t)3U, (uint32_t)6U, (uint32_t)7U, (uint32_t)1U, (uint32_t)9U, (uint32_t)4U, - (uint32_t)7U, (uint32_t)9U, (uint32_t)3U, (uint32_t)1U, (uint32_t)13U, (uint32_t)12U, - (uint32_t)11U, (uint32_t)14U, (uint32_t)2U, (uint32_t)6U, (uint32_t)5U, (uint32_t)10U, - (uint32_t)4U, (uint32_t)0U, (uint32_t)15U, (uint32_t)8U, (uint32_t)9U, (uint32_t)0U, - (uint32_t)5U, (uint32_t)7U, (uint32_t)2U, (uint32_t)4U, (uint32_t)10U, (uint32_t)15U, - (uint32_t)14U, (uint32_t)1U, (uint32_t)11U, (uint32_t)12U, (uint32_t)6U, (uint32_t)8U, - (uint32_t)3U, (uint32_t)13U, (uint32_t)2U, (uint32_t)12U, (uint32_t)6U, (uint32_t)10U, - (uint32_t)0U, (uint32_t)11U, (uint32_t)8U, (uint32_t)3U, (uint32_t)4U, (uint32_t)13U, - (uint32_t)7U, (uint32_t)5U, (uint32_t)15U, (uint32_t)14U, (uint32_t)1U, (uint32_t)9U, - (uint32_t)12U, (uint32_t)5U, (uint32_t)1U, (uint32_t)15U, (uint32_t)14U, (uint32_t)13U, - (uint32_t)4U, (uint32_t)10U, (uint32_t)0U, (uint32_t)7U, (uint32_t)6U, (uint32_t)3U, - (uint32_t)9U, (uint32_t)2U, (uint32_t)8U, (uint32_t)11U, (uint32_t)13U, (uint32_t)11U, - (uint32_t)7U, (uint32_t)14U, (uint32_t)12U, (uint32_t)1U, (uint32_t)3U, (uint32_t)9U, - (uint32_t)5U, (uint32_t)0U, (uint32_t)15U, (uint32_t)4U, (uint32_t)8U, (uint32_t)6U, - (uint32_t)2U, (uint32_t)10U, (uint32_t)6U, (uint32_t)15U, (uint32_t)14U, (uint32_t)9U, - (uint32_t)11U, (uint32_t)3U, (uint32_t)0U, (uint32_t)8U, (uint32_t)12U, (uint32_t)2U, - (uint32_t)13U, (uint32_t)7U, (uint32_t)1U, (uint32_t)4U, (uint32_t)10U, (uint32_t)5U, - (uint32_t)10U, (uint32_t)2U, (uint32_t)8U, (uint32_t)4U, (uint32_t)7U, (uint32_t)6U, - (uint32_t)1U, (uint32_t)5U, (uint32_t)15U, (uint32_t)11U, (uint32_t)9U, (uint32_t)14U, - (uint32_t)3U, (uint32_t)12U, (uint32_t)13U + 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 14U, 10U, 4U, 8U, 9U, 15U, + 13U, 6U, 1U, 12U, 0U, 2U, 11U, 7U, 5U, 3U, 11U, 8U, 12U, 0U, 5U, 2U, 15U, 13U, 10U, 14U, 3U, 6U, + 7U, 1U, 9U, 4U, 7U, 9U, 3U, 1U, 13U, 12U, 11U, 14U, 2U, 6U, 5U, 10U, 4U, 0U, 15U, 8U, 9U, 0U, + 5U, 7U, 2U, 4U, 10U, 15U, 14U, 1U, 11U, 12U, 6U, 8U, 3U, 13U, 2U, 12U, 6U, 10U, 0U, 11U, 8U, 3U, + 4U, 13U, 7U, 5U, 15U, 14U, 1U, 9U, 12U, 5U, 1U, 15U, 14U, 13U, 4U, 10U, 0U, 7U, 6U, 3U, 9U, 2U, + 8U, 11U, 13U, 11U, 7U, 14U, 12U, 1U, 3U, 9U, 5U, 0U, 15U, 4U, 8U, 6U, 2U, 10U, 6U, 15U, 14U, 9U, + 11U, 3U, 0U, 8U, 12U, 2U, 13U, 7U, 1U, 4U, 10U, 5U, 10U, 2U, 8U, 4U, 7U, 6U, 1U, 5U, 15U, 11U, + 9U, 14U, 3U, 12U, 13U }; static const uint32_t -Hacl_Impl_Blake2_Constants_ivTable_S[8U] = +Hacl_Hash_Blake2s_ivTable_S[8U] = { - (uint32_t)0x6A09E667U, (uint32_t)0xBB67AE85U, (uint32_t)0x3C6EF372U, (uint32_t)0xA54FF53AU, - (uint32_t)0x510E527FU, (uint32_t)0x9B05688CU, (uint32_t)0x1F83D9ABU, (uint32_t)0x5BE0CD19U + 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, + 0x5BE0CD19U }; static const uint64_t -Hacl_Impl_Blake2_Constants_ivTable_B[8U] = +Hacl_Hash_Blake2s_ivTable_B[8U] = { - (uint64_t)0x6A09E667F3BCC908U, (uint64_t)0xBB67AE8584CAA73BU, (uint64_t)0x3C6EF372FE94F82BU, - (uint64_t)0xA54FF53A5F1D36F1U, (uint64_t)0x510E527FADE682D1U, (uint64_t)0x9B05688C2B3E6C1FU, - (uint64_t)0x1F83D9ABFB41BD6BU, (uint64_t)0x5BE0CD19137E2179U + 0x6A09E667F3BCC908ULL, 0xBB67AE8584CAA73BULL, 0x3C6EF372FE94F82BULL, 0xA54FF53A5F1D36F1ULL, + 0x510E527FADE682D1ULL, 0x9B05688C2B3E6C1FULL, 0x1F83D9ABFB41BD6BULL, 0x5BE0CD19137E2179ULL }; #if defined(__cplusplus) diff --git a/include/internal/Hacl_Impl_FFDHE_Constants.h b/include/internal/Hacl_Impl_FFDHE_Constants.h index c746c411..80cbdd52 100644 --- a/include/internal/Hacl_Impl_FFDHE_Constants.h +++ b/include/internal/Hacl_Impl_FFDHE_Constants.h @@ -35,528 +35,265 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { (uint8_t)0x02U }; +static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { 0x02U }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p2048[256U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x28U, - (uint8_t)0x5CU, (uint8_t)0x97U, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x28U, 0x5CU, + 0x97U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p3072[384U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0xC6U, (uint8_t)0x2EU, (uint8_t)0x37U, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0xC6U, 0x2EU, 0x37U, 0xFFU, + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p4096[512U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU, - (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU, - (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U, - (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U, - (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U, - (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U, - (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U, - (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U, - (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU, - (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U, - (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U, - (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U, - (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U, - (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU, - (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U, - (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U, - (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U, - (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU, - (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U, - (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U, - (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU, - (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x65U, (uint8_t)0x5FU, (uint8_t)0x6AU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU, + 0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U, + 0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU, + 0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU, + 0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU, + 0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U, + 0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU, + 0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U, + 0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU, + 0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U, + 0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x65U, 0x5FU, 0x6AU, 0xFFU, 0xFFU, 0xFFU, + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p6144[768U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU, - (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU, - (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U, - (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U, - (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U, - (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U, - (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U, - (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U, - (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU, - (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U, - (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U, - (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U, - (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U, - (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU, - (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U, - (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U, - (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U, - (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU, - (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U, - (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U, - (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU, - (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U, - (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U, - (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU, - (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU, - (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U, - (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U, - (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U, - (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU, - (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU, - (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU, - (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU, - (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U, - (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U, - (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U, - (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU, - (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU, - (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U, - (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U, - (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU, - (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU, - (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U, - (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U, - (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU, - (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU, - (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U, - (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U, - (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U, - (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U, - (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU, - (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U, - (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U, - (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU, - (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU, - (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU, - (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U, - (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU, - (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U, - (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU, - (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU, - (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U, - (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U, - (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U, - (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU, - (uint8_t)0xD0U, (uint8_t)0xE4U, (uint8_t)0x0EU, (uint8_t)0x65U, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU, + 0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U, + 0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU, + 0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU, + 0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU, + 0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U, + 0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU, + 0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U, + 0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU, + 0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U, + 0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U, + 0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU, + 0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU, + 0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU, + 0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU, + 0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU, + 0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U, + 0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U, + 0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU, + 0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U, + 0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U, + 0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U, + 0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU, + 0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U, + 0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U, + 0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU, + 0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U, + 0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U, + 0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U, + 0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU, + 0x32U, 0x9CU, 0xD0U, 0xE4U, 0x0EU, 0x65U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, + 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p8192[1024U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU, - (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU, - (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U, - (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U, - (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U, - (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U, - (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U, - (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U, - (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU, - (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U, - (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U, - (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U, - (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U, - (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU, - (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U, - (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U, - (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U, - (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU, - (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U, - (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U, - (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU, - (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U, - (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U, - (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU, - (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU, - (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U, - (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U, - (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U, - (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU, - (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU, - (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU, - (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU, - (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U, - (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U, - (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U, - (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU, - (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU, - (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U, - (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U, - (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU, - (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU, - (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U, - (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U, - (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU, - (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU, - (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U, - (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U, - (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U, - (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U, - (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU, - (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U, - (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U, - (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU, - (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU, - (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU, - (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U, - (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU, - (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U, - (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU, - (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU, - (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U, - (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U, - (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U, - (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU, - (uint8_t)0xCFU, (uint8_t)0xF4U, (uint8_t)0x6AU, (uint8_t)0xAAU, (uint8_t)0x36U, (uint8_t)0xADU, - (uint8_t)0x00U, (uint8_t)0x4CU, (uint8_t)0xF6U, (uint8_t)0x00U, (uint8_t)0xC8U, (uint8_t)0x38U, - (uint8_t)0x1EU, (uint8_t)0x42U, (uint8_t)0x5AU, (uint8_t)0x31U, (uint8_t)0xD9U, (uint8_t)0x51U, - (uint8_t)0xAEU, (uint8_t)0x64U, (uint8_t)0xFDU, (uint8_t)0xB2U, (uint8_t)0x3FU, (uint8_t)0xCEU, - (uint8_t)0xC9U, (uint8_t)0x50U, (uint8_t)0x9DU, (uint8_t)0x43U, (uint8_t)0x68U, (uint8_t)0x7FU, - (uint8_t)0xEBU, (uint8_t)0x69U, (uint8_t)0xEDU, (uint8_t)0xD1U, (uint8_t)0xCCU, (uint8_t)0x5EU, - (uint8_t)0x0BU, (uint8_t)0x8CU, (uint8_t)0xC3U, (uint8_t)0xBDU, (uint8_t)0xF6U, (uint8_t)0x4BU, - (uint8_t)0x10U, (uint8_t)0xEFU, (uint8_t)0x86U, (uint8_t)0xB6U, (uint8_t)0x31U, (uint8_t)0x42U, - (uint8_t)0xA3U, (uint8_t)0xABU, (uint8_t)0x88U, (uint8_t)0x29U, (uint8_t)0x55U, (uint8_t)0x5BU, - (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x7CU, (uint8_t)0x93U, (uint8_t)0x26U, (uint8_t)0x65U, - (uint8_t)0xCBU, (uint8_t)0x2CU, (uint8_t)0x0FU, (uint8_t)0x1CU, (uint8_t)0xC0U, (uint8_t)0x1BU, - (uint8_t)0xD7U, (uint8_t)0x02U, (uint8_t)0x29U, (uint8_t)0x38U, (uint8_t)0x88U, (uint8_t)0x39U, - (uint8_t)0xD2U, (uint8_t)0xAFU, (uint8_t)0x05U, (uint8_t)0xE4U, (uint8_t)0x54U, (uint8_t)0x50U, - (uint8_t)0x4AU, (uint8_t)0xC7U, (uint8_t)0x8BU, (uint8_t)0x75U, (uint8_t)0x82U, (uint8_t)0x82U, - (uint8_t)0x28U, (uint8_t)0x46U, (uint8_t)0xC0U, (uint8_t)0xBAU, (uint8_t)0x35U, (uint8_t)0xC3U, - (uint8_t)0x5FU, (uint8_t)0x5CU, (uint8_t)0x59U, (uint8_t)0x16U, (uint8_t)0x0CU, (uint8_t)0xC0U, - (uint8_t)0x46U, (uint8_t)0xFDU, (uint8_t)0x82U, (uint8_t)0x51U, (uint8_t)0x54U, (uint8_t)0x1FU, - (uint8_t)0xC6U, (uint8_t)0x8CU, (uint8_t)0x9CU, (uint8_t)0x86U, (uint8_t)0xB0U, (uint8_t)0x22U, - (uint8_t)0xBBU, (uint8_t)0x70U, (uint8_t)0x99U, (uint8_t)0x87U, (uint8_t)0x6AU, (uint8_t)0x46U, - (uint8_t)0x0EU, (uint8_t)0x74U, (uint8_t)0x51U, (uint8_t)0xA8U, (uint8_t)0xA9U, (uint8_t)0x31U, - (uint8_t)0x09U, (uint8_t)0x70U, (uint8_t)0x3FU, (uint8_t)0xEEU, (uint8_t)0x1CU, (uint8_t)0x21U, - (uint8_t)0x7EU, (uint8_t)0x6CU, (uint8_t)0x38U, (uint8_t)0x26U, (uint8_t)0xE5U, (uint8_t)0x2CU, - (uint8_t)0x51U, (uint8_t)0xAAU, (uint8_t)0x69U, (uint8_t)0x1EU, (uint8_t)0x0EU, (uint8_t)0x42U, - (uint8_t)0x3CU, (uint8_t)0xFCU, (uint8_t)0x99U, (uint8_t)0xE9U, (uint8_t)0xE3U, (uint8_t)0x16U, - (uint8_t)0x50U, (uint8_t)0xC1U, (uint8_t)0x21U, (uint8_t)0x7BU, (uint8_t)0x62U, (uint8_t)0x48U, - (uint8_t)0x16U, (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x9AU, (uint8_t)0x95U, (uint8_t)0xF9U, - (uint8_t)0xD5U, (uint8_t)0xB8U, (uint8_t)0x01U, (uint8_t)0x94U, (uint8_t)0x88U, (uint8_t)0xD9U, - (uint8_t)0xC0U, (uint8_t)0xA0U, (uint8_t)0xA1U, (uint8_t)0xFEU, (uint8_t)0x30U, (uint8_t)0x75U, - (uint8_t)0xA5U, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0x31U, (uint8_t)0x83U, (uint8_t)0xF8U, - (uint8_t)0x1DU, (uint8_t)0x4AU, (uint8_t)0x3FU, (uint8_t)0x2FU, (uint8_t)0xA4U, (uint8_t)0x57U, - (uint8_t)0x1EU, (uint8_t)0xFCU, (uint8_t)0x8CU, (uint8_t)0xE0U, (uint8_t)0xBAU, (uint8_t)0x8AU, - (uint8_t)0x4FU, (uint8_t)0xE8U, (uint8_t)0xB6U, (uint8_t)0x85U, (uint8_t)0x5DU, (uint8_t)0xFEU, - (uint8_t)0x72U, (uint8_t)0xB0U, (uint8_t)0xA6U, (uint8_t)0x6EU, (uint8_t)0xDEU, (uint8_t)0xD2U, - (uint8_t)0xFBU, (uint8_t)0xABU, (uint8_t)0xFBU, (uint8_t)0xE5U, (uint8_t)0x8AU, (uint8_t)0x30U, - (uint8_t)0xFAU, (uint8_t)0xFAU, (uint8_t)0xBEU, (uint8_t)0x1CU, (uint8_t)0x5DU, (uint8_t)0x71U, - (uint8_t)0xA8U, (uint8_t)0x7EU, (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x1EU, (uint8_t)0xF8U, - (uint8_t)0xC1U, (uint8_t)0xFEU, (uint8_t)0x86U, (uint8_t)0xFEU, (uint8_t)0xA6U, (uint8_t)0xBBU, - (uint8_t)0xFDU, (uint8_t)0xE5U, (uint8_t)0x30U, (uint8_t)0x67U, (uint8_t)0x7FU, (uint8_t)0x0DU, - (uint8_t)0x97U, (uint8_t)0xD1U, (uint8_t)0x1DU, (uint8_t)0x49U, (uint8_t)0xF7U, (uint8_t)0xA8U, - (uint8_t)0x44U, (uint8_t)0x3DU, (uint8_t)0x08U, (uint8_t)0x22U, (uint8_t)0xE5U, (uint8_t)0x06U, - (uint8_t)0xA9U, (uint8_t)0xF4U, (uint8_t)0x61U, (uint8_t)0x4EU, (uint8_t)0x01U, (uint8_t)0x1EU, - (uint8_t)0x2AU, (uint8_t)0x94U, (uint8_t)0x83U, (uint8_t)0x8FU, (uint8_t)0xF8U, (uint8_t)0x8CU, - (uint8_t)0xD6U, (uint8_t)0x8CU, (uint8_t)0x8BU, (uint8_t)0xB7U, (uint8_t)0xC5U, (uint8_t)0xC6U, - (uint8_t)0x42U, (uint8_t)0x4CU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU, + 0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U, + 0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU, + 0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU, + 0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU, + 0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U, + 0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU, + 0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U, + 0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU, + 0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U, + 0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U, + 0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU, + 0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU, + 0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU, + 0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU, + 0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU, + 0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U, + 0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U, + 0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU, + 0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U, + 0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U, + 0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U, + 0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU, + 0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U, + 0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U, + 0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU, + 0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U, + 0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U, + 0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U, + 0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU, + 0x32U, 0x9CU, 0xCFU, 0xF4U, 0x6AU, 0xAAU, 0x36U, 0xADU, 0x00U, 0x4CU, 0xF6U, 0x00U, 0xC8U, + 0x38U, 0x1EU, 0x42U, 0x5AU, 0x31U, 0xD9U, 0x51U, 0xAEU, 0x64U, 0xFDU, 0xB2U, 0x3FU, 0xCEU, + 0xC9U, 0x50U, 0x9DU, 0x43U, 0x68U, 0x7FU, 0xEBU, 0x69U, 0xEDU, 0xD1U, 0xCCU, 0x5EU, 0x0BU, + 0x8CU, 0xC3U, 0xBDU, 0xF6U, 0x4BU, 0x10U, 0xEFU, 0x86U, 0xB6U, 0x31U, 0x42U, 0xA3U, 0xABU, + 0x88U, 0x29U, 0x55U, 0x5BU, 0x2FU, 0x74U, 0x7CU, 0x93U, 0x26U, 0x65U, 0xCBU, 0x2CU, 0x0FU, + 0x1CU, 0xC0U, 0x1BU, 0xD7U, 0x02U, 0x29U, 0x38U, 0x88U, 0x39U, 0xD2U, 0xAFU, 0x05U, 0xE4U, + 0x54U, 0x50U, 0x4AU, 0xC7U, 0x8BU, 0x75U, 0x82U, 0x82U, 0x28U, 0x46U, 0xC0U, 0xBAU, 0x35U, + 0xC3U, 0x5FU, 0x5CU, 0x59U, 0x16U, 0x0CU, 0xC0U, 0x46U, 0xFDU, 0x82U, 0x51U, 0x54U, 0x1FU, + 0xC6U, 0x8CU, 0x9CU, 0x86U, 0xB0U, 0x22U, 0xBBU, 0x70U, 0x99U, 0x87U, 0x6AU, 0x46U, 0x0EU, + 0x74U, 0x51U, 0xA8U, 0xA9U, 0x31U, 0x09U, 0x70U, 0x3FU, 0xEEU, 0x1CU, 0x21U, 0x7EU, 0x6CU, + 0x38U, 0x26U, 0xE5U, 0x2CU, 0x51U, 0xAAU, 0x69U, 0x1EU, 0x0EU, 0x42U, 0x3CU, 0xFCU, 0x99U, + 0xE9U, 0xE3U, 0x16U, 0x50U, 0xC1U, 0x21U, 0x7BU, 0x62U, 0x48U, 0x16U, 0xCDU, 0xADU, 0x9AU, + 0x95U, 0xF9U, 0xD5U, 0xB8U, 0x01U, 0x94U, 0x88U, 0xD9U, 0xC0U, 0xA0U, 0xA1U, 0xFEU, 0x30U, + 0x75U, 0xA5U, 0x77U, 0xE2U, 0x31U, 0x83U, 0xF8U, 0x1DU, 0x4AU, 0x3FU, 0x2FU, 0xA4U, 0x57U, + 0x1EU, 0xFCU, 0x8CU, 0xE0U, 0xBAU, 0x8AU, 0x4FU, 0xE8U, 0xB6U, 0x85U, 0x5DU, 0xFEU, 0x72U, + 0xB0U, 0xA6U, 0x6EU, 0xDEU, 0xD2U, 0xFBU, 0xABU, 0xFBU, 0xE5U, 0x8AU, 0x30U, 0xFAU, 0xFAU, + 0xBEU, 0x1CU, 0x5DU, 0x71U, 0xA8U, 0x7EU, 0x2FU, 0x74U, 0x1EU, 0xF8U, 0xC1U, 0xFEU, 0x86U, + 0xFEU, 0xA6U, 0xBBU, 0xFDU, 0xE5U, 0x30U, 0x67U, 0x7FU, 0x0DU, 0x97U, 0xD1U, 0x1DU, 0x49U, + 0xF7U, 0xA8U, 0x44U, 0x3DU, 0x08U, 0x22U, 0xE5U, 0x06U, 0xA9U, 0xF4U, 0x61U, 0x4EU, 0x01U, + 0x1EU, 0x2AU, 0x94U, 0x83U, 0x8FU, 0xF8U, 0x8CU, 0xD6U, 0x8CU, 0x8BU, 0xB7U, 0xC5U, 0xC6U, + 0x42U, 0x4CU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; #if defined(__cplusplus) diff --git a/include/internal/Hacl_K256_PrecompTable.h b/include/internal/Hacl_K256_PrecompTable.h index 26bdfa1f..ff15f1c9 100644 --- a/include/internal/Hacl_K256_PrecompTable.h +++ b/include/internal/Hacl_K256_PrecompTable.h @@ -39,498 +39,378 @@ static const uint64_t Hacl_K256_PrecompTable_precomp_basepoint_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U, - (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U, - (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U, - (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U, - (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U, - (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U, - (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U, - (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U, - (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U, - (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U, - (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U, - (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U, - (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U, - (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U, - (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U, - (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U, - (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U, - (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U, - (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U, - (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U, - (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U, - (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U, - (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U, - (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U, - (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U, - (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U, - (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U, - (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U, - (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U, - (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U, - (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U, - (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U, - (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U, - (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U, - (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U, - (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U, - (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U, - (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U, - (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U, - (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U, - (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U, - (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U, - (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U, - (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U, - (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U, - (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U, - (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U, - (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U, - (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U, - (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U, - (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U, - (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U, - (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U, - (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U, - (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U, - (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U, - (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U, - (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U, - (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U, - (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U, - (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U, - (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U, - (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U, - (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U, - (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U, - (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U, - (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U, - (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U, - (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U, - (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U, - (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U, - (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U, - (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U, - (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t}; static const uint64_t Hacl_K256_PrecompTable_precomp_g_pow2_64_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)4496295042185355U, - (uint64_t)3125448202219451U, (uint64_t)1239608518490046U, (uint64_t)2687445637493112U, - (uint64_t)77979604880139U, (uint64_t)3360310474215011U, (uint64_t)1216410458165163U, - (uint64_t)177901593587973U, (uint64_t)3209978938104985U, (uint64_t)118285133003718U, - (uint64_t)434519962075150U, (uint64_t)1114612377498854U, (uint64_t)3488596944003813U, - (uint64_t)450716531072892U, (uint64_t)66044973203836U, (uint64_t)2822827191156652U, - (uint64_t)2417714248626059U, (uint64_t)2173117567943U, (uint64_t)961513119252459U, - (uint64_t)233852556538333U, (uint64_t)3014783730323962U, (uint64_t)2955192634004574U, - (uint64_t)580546524951282U, (uint64_t)2982973948711252U, (uint64_t)226295722018730U, - (uint64_t)26457116218543U, (uint64_t)3401523493637663U, (uint64_t)2597746825024790U, - (uint64_t)1789211180483113U, (uint64_t)155862365823427U, (uint64_t)4056806876632134U, - (uint64_t)1742291745730568U, (uint64_t)3527759000626890U, (uint64_t)3740578471192596U, - (uint64_t)177295097700537U, (uint64_t)1533961415657770U, (uint64_t)4305228982382487U, - (uint64_t)4069090871282711U, (uint64_t)4090877481646667U, (uint64_t)220939617041498U, - (uint64_t)2057548127959588U, (uint64_t)45185623103252U, (uint64_t)2871963270423449U, - (uint64_t)3312974792248749U, (uint64_t)8710601879528U, (uint64_t)570612225194540U, - (uint64_t)2045632925323972U, (uint64_t)1263913878297555U, (uint64_t)1294592284757719U, - (uint64_t)238067747295054U, (uint64_t)1576659948829386U, (uint64_t)2315159636629917U, - (uint64_t)3624867787891655U, (uint64_t)647628266663887U, (uint64_t)75788399640253U, - (uint64_t)710811707847797U, (uint64_t)130020650130128U, (uint64_t)1975045425972589U, - (uint64_t)136351545314094U, (uint64_t)229292031212337U, (uint64_t)1061471455264148U, - (uint64_t)3281312694184822U, (uint64_t)1692442293921797U, (uint64_t)4171008525509513U, - (uint64_t)275424696197549U, (uint64_t)1170296303921965U, (uint64_t)4154092952807735U, - (uint64_t)4371262070870741U, (uint64_t)835769811036496U, (uint64_t)275812646528189U, - (uint64_t)4006745785521764U, (uint64_t)1965172239781114U, (uint64_t)4121055644916429U, - (uint64_t)3578995380229569U, (uint64_t)169798870760022U, (uint64_t)1834234783016431U, - (uint64_t)3186919121688538U, (uint64_t)1894269993170652U, (uint64_t)868603832348691U, - (uint64_t)110978471368876U, (uint64_t)1659296605881532U, (uint64_t)3257830829309297U, - (uint64_t)3381509832701119U, (uint64_t)4016163121121296U, (uint64_t)265240263496294U, - (uint64_t)4411285343933251U, (uint64_t)728746770806400U, (uint64_t)1767819098558739U, - (uint64_t)3002081480892841U, (uint64_t)96312133241935U, (uint64_t)468184501392107U, - (uint64_t)2061529496271208U, (uint64_t)801565111628867U, (uint64_t)3380678576799273U, - (uint64_t)121814978170941U, (uint64_t)3340363319165433U, (uint64_t)2764604325746928U, - (uint64_t)4475755976431968U, (uint64_t)3678073419927081U, (uint64_t)237001357924061U, - (uint64_t)4110487014553450U, (uint64_t)442517757833404U, (uint64_t)3976758767423859U, - (uint64_t)2559863799262476U, (uint64_t)178144664279213U, (uint64_t)2488702171798051U, - (uint64_t)4292079598620208U, (uint64_t)1642918280217329U, (uint64_t)3694920319798108U, - (uint64_t)111735528281657U, (uint64_t)2904433967156033U, (uint64_t)4391518032143166U, - (uint64_t)3018885875516259U, (uint64_t)3730342681447122U, (uint64_t)10320273322750U, - (uint64_t)555845881555519U, (uint64_t)58355404017985U, (uint64_t)379009359053696U, - (uint64_t)450317203955503U, (uint64_t)271063299686173U, (uint64_t)910340241794202U, - (uint64_t)4145234574853890U, (uint64_t)2059755654702755U, (uint64_t)626530377112246U, - (uint64_t)188918989156857U, (uint64_t)3316657461542117U, (uint64_t)778033563170765U, - (uint64_t)3568562306532187U, (uint64_t)2888619469733481U, (uint64_t)4364919962337U, - (uint64_t)4095057288587059U, (uint64_t)2275461355379988U, (uint64_t)1507422995910897U, - (uint64_t)3737691697116252U, (uint64_t)28779913258578U, (uint64_t)131453301647952U, - (uint64_t)3613515597508469U, (uint64_t)2389606941441321U, (uint64_t)2135459302594806U, - (uint64_t)105517262484263U, (uint64_t)2973432939331401U, (uint64_t)3447096622477885U, - (uint64_t)684654106536844U, (uint64_t)2815198316729695U, (uint64_t)280303067216071U, - (uint64_t)1841014812927024U, (uint64_t)1181026273060917U, (uint64_t)4092989148457730U, - (uint64_t)1381045116206278U, (uint64_t)112475725893965U, (uint64_t)2309144740156686U, - (uint64_t)1558825847609352U, (uint64_t)2008068002046292U, (uint64_t)3153511625856423U, - (uint64_t)38469701427673U, (uint64_t)4240572315518056U, (uint64_t)2295170987320580U, - (uint64_t)187734093837094U, (uint64_t)301041528077172U, (uint64_t)234553141005715U, - (uint64_t)4170513699279606U, (uint64_t)1600132848196146U, (uint64_t)3149113064155689U, - (uint64_t)2733255352600949U, (uint64_t)144915931419495U, (uint64_t)1221012073888926U, - (uint64_t)4395668111081710U, (uint64_t)2464799161496070U, (uint64_t)3664256125241313U, - (uint64_t)239705368981290U, (uint64_t)1415181408539490U, (uint64_t)2551836620449074U, - (uint64_t)3003106895689578U, (uint64_t)968947218886924U, (uint64_t)270781532362673U, - (uint64_t)2905980714350372U, (uint64_t)3246927349288975U, (uint64_t)2653377642686974U, - (uint64_t)1577457093418263U, (uint64_t)279488238785848U, (uint64_t)568335962564552U, - (uint64_t)4251365041645758U, (uint64_t)1257832559776007U, (uint64_t)2424022444243863U, - (uint64_t)261166122046343U, (uint64_t)4399874608082116U, (uint64_t)640509987891568U, - (uint64_t)3119706885332220U, (uint64_t)1990185416694007U, (uint64_t)119390098529341U, - (uint64_t)220106534694050U, (uint64_t)937225880034895U, (uint64_t)656288151358882U, - (uint64_t)1766967254772100U, (uint64_t)197900790969750U, (uint64_t)2992539221608875U, - (uint64_t)3960297171111858U, (uint64_t)3499202002925081U, (uint64_t)1103060980924705U, - (uint64_t)13670895919578U, (uint64_t)430132744187721U, (uint64_t)1206771838050953U, - (uint64_t)2474749300167198U, (uint64_t)296299539510780U, (uint64_t)61565517686436U, - (uint64_t)752778559080573U, (uint64_t)3049015829565410U, (uint64_t)3538647632527371U, - (uint64_t)1640473028662032U, (uint64_t)182488721849306U, (uint64_t)1234378482161516U, - (uint64_t)3736205988606381U, (uint64_t)2814216844344487U, (uint64_t)3877249891529557U, - (uint64_t)51681412928433U, (uint64_t)4275336620301239U, (uint64_t)3084074032750651U, - (uint64_t)42732308350456U, (uint64_t)3648603591552229U, (uint64_t)142450621701603U, - (uint64_t)4020045475009854U, (uint64_t)1050293952073054U, (uint64_t)1974773673079851U, - (uint64_t)1815515638724020U, (uint64_t)104845375825434U + 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, + 4496295042185355ULL, 3125448202219451ULL, 1239608518490046ULL, 2687445637493112ULL, + 77979604880139ULL, 3360310474215011ULL, 1216410458165163ULL, 177901593587973ULL, + 3209978938104985ULL, 118285133003718ULL, 434519962075150ULL, 1114612377498854ULL, + 3488596944003813ULL, 450716531072892ULL, 66044973203836ULL, 2822827191156652ULL, + 2417714248626059ULL, 2173117567943ULL, 961513119252459ULL, 233852556538333ULL, + 3014783730323962ULL, 2955192634004574ULL, 580546524951282ULL, 2982973948711252ULL, + 226295722018730ULL, 26457116218543ULL, 3401523493637663ULL, 2597746825024790ULL, + 1789211180483113ULL, 155862365823427ULL, 4056806876632134ULL, 1742291745730568ULL, + 3527759000626890ULL, 3740578471192596ULL, 177295097700537ULL, 1533961415657770ULL, + 4305228982382487ULL, 4069090871282711ULL, 4090877481646667ULL, 220939617041498ULL, + 2057548127959588ULL, 45185623103252ULL, 2871963270423449ULL, 3312974792248749ULL, + 8710601879528ULL, 570612225194540ULL, 2045632925323972ULL, 1263913878297555ULL, + 1294592284757719ULL, 238067747295054ULL, 1576659948829386ULL, 2315159636629917ULL, + 3624867787891655ULL, 647628266663887ULL, 75788399640253ULL, 710811707847797ULL, + 130020650130128ULL, 1975045425972589ULL, 136351545314094ULL, 229292031212337ULL, + 1061471455264148ULL, 3281312694184822ULL, 1692442293921797ULL, 4171008525509513ULL, + 275424696197549ULL, 1170296303921965ULL, 4154092952807735ULL, 4371262070870741ULL, + 835769811036496ULL, 275812646528189ULL, 4006745785521764ULL, 1965172239781114ULL, + 4121055644916429ULL, 3578995380229569ULL, 169798870760022ULL, 1834234783016431ULL, + 3186919121688538ULL, 1894269993170652ULL, 868603832348691ULL, 110978471368876ULL, + 1659296605881532ULL, 3257830829309297ULL, 3381509832701119ULL, 4016163121121296ULL, + 265240263496294ULL, 4411285343933251ULL, 728746770806400ULL, 1767819098558739ULL, + 3002081480892841ULL, 96312133241935ULL, 468184501392107ULL, 2061529496271208ULL, + 801565111628867ULL, 3380678576799273ULL, 121814978170941ULL, 3340363319165433ULL, + 2764604325746928ULL, 4475755976431968ULL, 3678073419927081ULL, 237001357924061ULL, + 4110487014553450ULL, 442517757833404ULL, 3976758767423859ULL, 2559863799262476ULL, + 178144664279213ULL, 2488702171798051ULL, 4292079598620208ULL, 1642918280217329ULL, + 3694920319798108ULL, 111735528281657ULL, 2904433967156033ULL, 4391518032143166ULL, + 3018885875516259ULL, 3730342681447122ULL, 10320273322750ULL, 555845881555519ULL, + 58355404017985ULL, 379009359053696ULL, 450317203955503ULL, 271063299686173ULL, + 910340241794202ULL, 4145234574853890ULL, 2059755654702755ULL, 626530377112246ULL, + 188918989156857ULL, 3316657461542117ULL, 778033563170765ULL, 3568562306532187ULL, + 2888619469733481ULL, 4364919962337ULL, 4095057288587059ULL, 2275461355379988ULL, + 1507422995910897ULL, 3737691697116252ULL, 28779913258578ULL, 131453301647952ULL, + 3613515597508469ULL, 2389606941441321ULL, 2135459302594806ULL, 105517262484263ULL, + 2973432939331401ULL, 3447096622477885ULL, 684654106536844ULL, 2815198316729695ULL, + 280303067216071ULL, 1841014812927024ULL, 1181026273060917ULL, 4092989148457730ULL, + 1381045116206278ULL, 112475725893965ULL, 2309144740156686ULL, 1558825847609352ULL, + 2008068002046292ULL, 3153511625856423ULL, 38469701427673ULL, 4240572315518056ULL, + 2295170987320580ULL, 187734093837094ULL, 301041528077172ULL, 234553141005715ULL, + 4170513699279606ULL, 1600132848196146ULL, 3149113064155689ULL, 2733255352600949ULL, + 144915931419495ULL, 1221012073888926ULL, 4395668111081710ULL, 2464799161496070ULL, + 3664256125241313ULL, 239705368981290ULL, 1415181408539490ULL, 2551836620449074ULL, + 3003106895689578ULL, 968947218886924ULL, 270781532362673ULL, 2905980714350372ULL, + 3246927349288975ULL, 2653377642686974ULL, 1577457093418263ULL, 279488238785848ULL, + 568335962564552ULL, 4251365041645758ULL, 1257832559776007ULL, 2424022444243863ULL, + 261166122046343ULL, 4399874608082116ULL, 640509987891568ULL, 3119706885332220ULL, + 1990185416694007ULL, 119390098529341ULL, 220106534694050ULL, 937225880034895ULL, + 656288151358882ULL, 1766967254772100ULL, 197900790969750ULL, 2992539221608875ULL, + 3960297171111858ULL, 3499202002925081ULL, 1103060980924705ULL, 13670895919578ULL, + 430132744187721ULL, 1206771838050953ULL, 2474749300167198ULL, 296299539510780ULL, + 61565517686436ULL, 752778559080573ULL, 3049015829565410ULL, 3538647632527371ULL, + 1640473028662032ULL, 182488721849306ULL, 1234378482161516ULL, 3736205988606381ULL, + 2814216844344487ULL, 3877249891529557ULL, 51681412928433ULL, 4275336620301239ULL, + 3084074032750651ULL, 42732308350456ULL, 3648603591552229ULL, 142450621701603ULL, + 4020045475009854ULL, 1050293952073054ULL, 1974773673079851ULL, 1815515638724020ULL, + 104845375825434ULL }; static const uint64_t Hacl_K256_PrecompTable_precomp_g_pow2_128_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1277614565900951U, - (uint64_t)378671684419493U, (uint64_t)3176260448102880U, (uint64_t)1575691435565077U, - (uint64_t)167304528382180U, (uint64_t)2600787765776588U, (uint64_t)7497946149293U, - (uint64_t)2184272641272202U, (uint64_t)2200235265236628U, (uint64_t)265969268774814U, - (uint64_t)1913228635640715U, (uint64_t)2831959046949342U, (uint64_t)888030405442963U, - (uint64_t)1817092932985033U, (uint64_t)101515844997121U, (uint64_t)3309468394859588U, - (uint64_t)3965334773689948U, (uint64_t)1945272965790738U, (uint64_t)4450939211427964U, - (uint64_t)211349698782702U, (uint64_t)2085160302160079U, (uint64_t)212812506072603U, - (uint64_t)3646122434511764U, (uint64_t)1711405092320514U, (uint64_t)95160920508464U, - (uint64_t)1677683368518073U, (uint64_t)4384656939250953U, (uint64_t)3548591046529893U, - (uint64_t)1683233536091384U, (uint64_t)105919586159941U, (uint64_t)1941416002726455U, - (uint64_t)246264372248216U, (uint64_t)3063044110922228U, (uint64_t)3772292170415825U, - (uint64_t)222933374989815U, (uint64_t)2417211163452935U, (uint64_t)2018230365573200U, - (uint64_t)1985974538911047U, (uint64_t)1387197705332739U, (uint64_t)186400825584956U, - (uint64_t)2469330487750329U, (uint64_t)1291983813301638U, (uint64_t)333416733706302U, - (uint64_t)3413315564261070U, (uint64_t)189444777569683U, (uint64_t)1062005622360420U, - (uint64_t)1800197715938740U, (uint64_t)3693110992551647U, (uint64_t)626990328941945U, - (uint64_t)40998857100520U, (uint64_t)3921983552805085U, (uint64_t)1016632437340656U, - (uint64_t)4016615929950878U, (uint64_t)2682554586771281U, (uint64_t)7043555162389U, - (uint64_t)3333819830676567U, (uint64_t)4120091964944036U, (uint64_t)1960788263484015U, - (uint64_t)1642145656273304U, (uint64_t)252814075789128U, (uint64_t)3085777342821357U, - (uint64_t)4166637997604052U, (uint64_t)1339401689756469U, (uint64_t)845938529607551U, - (uint64_t)223351828189283U, (uint64_t)1148648705186890U, (uint64_t)1230525014760605U, - (uint64_t)1869739475126720U, (uint64_t)4193966261205530U, (uint64_t)175684010336013U, - (uint64_t)4476719358931508U, (uint64_t)4209547487457638U, (uint64_t)2197536411673724U, - (uint64_t)3010838433412303U, (uint64_t)169318997251483U, (uint64_t)49493868302162U, - (uint64_t)3594601099078584U, (uint64_t)3662420905445942U, (uint64_t)3606544932233685U, - (uint64_t)270643652662165U, (uint64_t)180681786228544U, (uint64_t)2095882682308564U, - (uint64_t)813484483841391U, (uint64_t)1622665392824698U, (uint64_t)113821770225137U, - (uint64_t)3075432444115417U, (uint64_t)716502989978722U, (uint64_t)2304779892217245U, - (uint64_t)1760144151770127U, (uint64_t)235719156963938U, (uint64_t)3180013070471143U, - (uint64_t)1331027634540579U, (uint64_t)552273022992392U, (uint64_t)2858693077461887U, - (uint64_t)197914407731510U, (uint64_t)187252310910959U, (uint64_t)4160637171377125U, - (uint64_t)3225059526713298U, (uint64_t)2574558217383978U, (uint64_t)249695600622489U, - (uint64_t)364988742814327U, (uint64_t)4245298536326258U, (uint64_t)1812464706589342U, - (uint64_t)2734857123772998U, (uint64_t)120105577124628U, (uint64_t)160179251271109U, - (uint64_t)3604555733307834U, (uint64_t)150380003195715U, (uint64_t)1574304909935121U, - (uint64_t)142190285600761U, (uint64_t)1835385847725651U, (uint64_t)3168087139615901U, - (uint64_t)3201434861713736U, (uint64_t)741757984537760U, (uint64_t)163585009419543U, - (uint64_t)3837997981109783U, (uint64_t)3771946407870997U, (uint64_t)2867641360295452U, - (uint64_t)3097548691501578U, (uint64_t)124624912142104U, (uint64_t)2729896088769328U, - (uint64_t)1087786827035225U, (uint64_t)3934000813818614U, (uint64_t)1176792318645055U, - (uint64_t)125311882169270U, (uint64_t)3530709439299502U, (uint64_t)1561477829834527U, - (uint64_t)3927894570196761U, (uint64_t)3957765307669212U, (uint64_t)105720519513730U, - (uint64_t)3758969845816997U, (uint64_t)2738320452287300U, (uint64_t)2380753632109507U, - (uint64_t)2762090901149075U, (uint64_t)123455059136515U, (uint64_t)4222807813169807U, - (uint64_t)118064783651432U, (uint64_t)2877694712254934U, (uint64_t)3535027426396448U, - (uint64_t)100175663703417U, (uint64_t)3287921121213155U, (uint64_t)4497246481824206U, - (uint64_t)1960809949007025U, (uint64_t)3236854264159102U, (uint64_t)35028112623717U, - (uint64_t)338838627913273U, (uint64_t)2827531947914645U, (uint64_t)4231826783810670U, - (uint64_t)1082490106100389U, (uint64_t)13267544387448U, (uint64_t)4249975884259105U, - (uint64_t)2844862161652484U, (uint64_t)262742197948971U, (uint64_t)3525653802457116U, - (uint64_t)269963889261701U, (uint64_t)3690062482117102U, (uint64_t)675413453822147U, - (uint64_t)2170937868437574U, (uint64_t)2367632187022010U, (uint64_t)214032802409445U, - (uint64_t)2054007379612477U, (uint64_t)3558050826739009U, (uint64_t)266827184752634U, - (uint64_t)1946520293291195U, (uint64_t)238087872386556U, (uint64_t)490056555385700U, - (uint64_t)794405769357386U, (uint64_t)3886901294859702U, (uint64_t)3120414548626348U, - (uint64_t)84316625221136U, (uint64_t)223073962531835U, (uint64_t)4280846460577631U, - (uint64_t)344296282849308U, (uint64_t)3522116652699457U, (uint64_t)171817232053075U, - (uint64_t)3296636283062273U, (uint64_t)3587303364425579U, (uint64_t)1033485783633331U, - (uint64_t)3686984130812906U, (uint64_t)268290803650477U, (uint64_t)2803988215834467U, - (uint64_t)3821246410529720U, (uint64_t)1077722388925870U, (uint64_t)4187137036866164U, - (uint64_t)104696540795905U, (uint64_t)998770003854764U, (uint64_t)3960768137535019U, - (uint64_t)4293792474919135U, (uint64_t)3251297981727034U, (uint64_t)192479028790101U, - (uint64_t)1175880869349935U, (uint64_t)3506949259311937U, (uint64_t)2161711516160714U, - (uint64_t)2506820922270187U, (uint64_t)131002200661047U, (uint64_t)3532399477339994U, - (uint64_t)2515815721228719U, (uint64_t)4274974119021502U, (uint64_t)265752394510924U, - (uint64_t)163144272153395U, (uint64_t)2824260010502991U, (uint64_t)517077012665142U, - (uint64_t)602987073882924U, (uint64_t)2939630061751780U, (uint64_t)59211609557440U, - (uint64_t)963423614549333U, (uint64_t)495476232754434U, (uint64_t)94274496109103U, - (uint64_t)2245136222990187U, (uint64_t)185414764872288U, (uint64_t)2266067668609289U, - (uint64_t)3873978896235927U, (uint64_t)4428283513152105U, (uint64_t)3881481480259312U, - (uint64_t)207746202010862U, (uint64_t)1609437858011364U, (uint64_t)477585758421515U, - (uint64_t)3850430788664649U, (uint64_t)2682299074459173U, (uint64_t)149439089751274U, - (uint64_t)3665760243877698U, (uint64_t)1356661512658931U, (uint64_t)1675903262368322U, - (uint64_t)3355649228050892U, (uint64_t)99772108898412U + 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, + 1277614565900951ULL, 378671684419493ULL, 3176260448102880ULL, 1575691435565077ULL, + 167304528382180ULL, 2600787765776588ULL, 7497946149293ULL, 2184272641272202ULL, + 2200235265236628ULL, 265969268774814ULL, 1913228635640715ULL, 2831959046949342ULL, + 888030405442963ULL, 1817092932985033ULL, 101515844997121ULL, 3309468394859588ULL, + 3965334773689948ULL, 1945272965790738ULL, 4450939211427964ULL, 211349698782702ULL, + 2085160302160079ULL, 212812506072603ULL, 3646122434511764ULL, 1711405092320514ULL, + 95160920508464ULL, 1677683368518073ULL, 4384656939250953ULL, 3548591046529893ULL, + 1683233536091384ULL, 105919586159941ULL, 1941416002726455ULL, 246264372248216ULL, + 3063044110922228ULL, 3772292170415825ULL, 222933374989815ULL, 2417211163452935ULL, + 2018230365573200ULL, 1985974538911047ULL, 1387197705332739ULL, 186400825584956ULL, + 2469330487750329ULL, 1291983813301638ULL, 333416733706302ULL, 3413315564261070ULL, + 189444777569683ULL, 1062005622360420ULL, 1800197715938740ULL, 3693110992551647ULL, + 626990328941945ULL, 40998857100520ULL, 3921983552805085ULL, 1016632437340656ULL, + 4016615929950878ULL, 2682554586771281ULL, 7043555162389ULL, 3333819830676567ULL, + 4120091964944036ULL, 1960788263484015ULL, 1642145656273304ULL, 252814075789128ULL, + 3085777342821357ULL, 4166637997604052ULL, 1339401689756469ULL, 845938529607551ULL, + 223351828189283ULL, 1148648705186890ULL, 1230525014760605ULL, 1869739475126720ULL, + 4193966261205530ULL, 175684010336013ULL, 4476719358931508ULL, 4209547487457638ULL, + 2197536411673724ULL, 3010838433412303ULL, 169318997251483ULL, 49493868302162ULL, + 3594601099078584ULL, 3662420905445942ULL, 3606544932233685ULL, 270643652662165ULL, + 180681786228544ULL, 2095882682308564ULL, 813484483841391ULL, 1622665392824698ULL, + 113821770225137ULL, 3075432444115417ULL, 716502989978722ULL, 2304779892217245ULL, + 1760144151770127ULL, 235719156963938ULL, 3180013070471143ULL, 1331027634540579ULL, + 552273022992392ULL, 2858693077461887ULL, 197914407731510ULL, 187252310910959ULL, + 4160637171377125ULL, 3225059526713298ULL, 2574558217383978ULL, 249695600622489ULL, + 364988742814327ULL, 4245298536326258ULL, 1812464706589342ULL, 2734857123772998ULL, + 120105577124628ULL, 160179251271109ULL, 3604555733307834ULL, 150380003195715ULL, + 1574304909935121ULL, 142190285600761ULL, 1835385847725651ULL, 3168087139615901ULL, + 3201434861713736ULL, 741757984537760ULL, 163585009419543ULL, 3837997981109783ULL, + 3771946407870997ULL, 2867641360295452ULL, 3097548691501578ULL, 124624912142104ULL, + 2729896088769328ULL, 1087786827035225ULL, 3934000813818614ULL, 1176792318645055ULL, + 125311882169270ULL, 3530709439299502ULL, 1561477829834527ULL, 3927894570196761ULL, + 3957765307669212ULL, 105720519513730ULL, 3758969845816997ULL, 2738320452287300ULL, + 2380753632109507ULL, 2762090901149075ULL, 123455059136515ULL, 4222807813169807ULL, + 118064783651432ULL, 2877694712254934ULL, 3535027426396448ULL, 100175663703417ULL, + 3287921121213155ULL, 4497246481824206ULL, 1960809949007025ULL, 3236854264159102ULL, + 35028112623717ULL, 338838627913273ULL, 2827531947914645ULL, 4231826783810670ULL, + 1082490106100389ULL, 13267544387448ULL, 4249975884259105ULL, 2844862161652484ULL, + 262742197948971ULL, 3525653802457116ULL, 269963889261701ULL, 3690062482117102ULL, + 675413453822147ULL, 2170937868437574ULL, 2367632187022010ULL, 214032802409445ULL, + 2054007379612477ULL, 3558050826739009ULL, 266827184752634ULL, 1946520293291195ULL, + 238087872386556ULL, 490056555385700ULL, 794405769357386ULL, 3886901294859702ULL, + 3120414548626348ULL, 84316625221136ULL, 223073962531835ULL, 4280846460577631ULL, + 344296282849308ULL, 3522116652699457ULL, 171817232053075ULL, 3296636283062273ULL, + 3587303364425579ULL, 1033485783633331ULL, 3686984130812906ULL, 268290803650477ULL, + 2803988215834467ULL, 3821246410529720ULL, 1077722388925870ULL, 4187137036866164ULL, + 104696540795905ULL, 998770003854764ULL, 3960768137535019ULL, 4293792474919135ULL, + 3251297981727034ULL, 192479028790101ULL, 1175880869349935ULL, 3506949259311937ULL, + 2161711516160714ULL, 2506820922270187ULL, 131002200661047ULL, 3532399477339994ULL, + 2515815721228719ULL, 4274974119021502ULL, 265752394510924ULL, 163144272153395ULL, + 2824260010502991ULL, 517077012665142ULL, 602987073882924ULL, 2939630061751780ULL, + 59211609557440ULL, 963423614549333ULL, 495476232754434ULL, 94274496109103ULL, + 2245136222990187ULL, 185414764872288ULL, 2266067668609289ULL, 3873978896235927ULL, + 4428283513152105ULL, 3881481480259312ULL, 207746202010862ULL, 1609437858011364ULL, + 477585758421515ULL, 3850430788664649ULL, 2682299074459173ULL, 149439089751274ULL, + 3665760243877698ULL, 1356661512658931ULL, 1675903262368322ULL, 3355649228050892ULL, + 99772108898412ULL }; static const uint64_t Hacl_K256_PrecompTable_precomp_g_pow2_192_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)34056422761564U, - (uint64_t)3315864838337811U, (uint64_t)3797032336888745U, (uint64_t)2580641850480806U, - (uint64_t)208048944042500U, (uint64_t)1233795288689421U, (uint64_t)1048795233382631U, - (uint64_t)646545158071530U, (uint64_t)1816025742137285U, (uint64_t)12245672982162U, - (uint64_t)2119364213800870U, (uint64_t)2034960311715107U, (uint64_t)3172697815804487U, - (uint64_t)4185144850224160U, (uint64_t)2792055915674U, (uint64_t)795534452139321U, - (uint64_t)3647836177838185U, (uint64_t)2681403398797991U, (uint64_t)3149264270306207U, - (uint64_t)278704080615511U, (uint64_t)2752552368344718U, (uint64_t)1363840972378818U, - (uint64_t)1877521512083293U, (uint64_t)1862111388059470U, (uint64_t)36200324115014U, - (uint64_t)4183622899327217U, (uint64_t)747381675363076U, (uint64_t)2772916395314624U, - (uint64_t)833767013119965U, (uint64_t)246274452928088U, (uint64_t)1526238021297781U, - (uint64_t)3327534966022747U, (uint64_t)1169012581910517U, (uint64_t)4430894603030025U, - (uint64_t)149242742442115U, (uint64_t)1002569704307172U, (uint64_t)2763252093432365U, - (uint64_t)3037748497732938U, (uint64_t)2329811173939457U, (uint64_t)270769113180752U, - (uint64_t)4344092461623432U, (uint64_t)892200524589382U, (uint64_t)2511418516713970U, - (uint64_t)103575031265398U, (uint64_t)183736033430252U, (uint64_t)583003071257308U, - (uint64_t)3357167344738425U, (uint64_t)4038099763242651U, (uint64_t)1776250620957255U, - (uint64_t)51334115864192U, (uint64_t)2616405698969611U, (uint64_t)1196364755910565U, - (uint64_t)3135228056210500U, (uint64_t)533729417611761U, (uint64_t)86564351229326U, - (uint64_t)98936129527281U, (uint64_t)4425305036630677U, (uint64_t)2980296390253408U, - (uint64_t)2487091677325739U, (uint64_t)10501977234280U, (uint64_t)1805646499831077U, - (uint64_t)3120615962395477U, (uint64_t)3634629685307533U, (uint64_t)3009632755291436U, - (uint64_t)16794051906523U, (uint64_t)2465481597883214U, (uint64_t)211492787490403U, - (uint64_t)1120942867046103U, (uint64_t)486438308572108U, (uint64_t)76058986271771U, - (uint64_t)2435216584587357U, (uint64_t)3076359381968283U, (uint64_t)1071594491489655U, - (uint64_t)3148707450339154U, (uint64_t)249332205737851U, (uint64_t)4171051176626809U, - (uint64_t)3165176227956388U, (uint64_t)2400901591835233U, (uint64_t)1435783621333022U, - (uint64_t)20312753440321U, (uint64_t)1767293887448005U, (uint64_t)685150647587522U, - (uint64_t)2957187934449906U, (uint64_t)382661319140439U, (uint64_t)177583591139601U, - (uint64_t)2083572648630743U, (uint64_t)1083410277889419U, (uint64_t)4267902097868310U, - (uint64_t)679989918385081U, (uint64_t)123155311554032U, (uint64_t)2830267662472020U, - (uint64_t)4476040509735924U, (uint64_t)526697201585144U, (uint64_t)3465306430573135U, - (uint64_t)2296616218591U, (uint64_t)1270626872734279U, (uint64_t)1049740198790549U, - (uint64_t)4197567214843444U, (uint64_t)1962225231320591U, (uint64_t)186125026796856U, - (uint64_t)737027567341142U, (uint64_t)4364616098174U, (uint64_t)3618884818756660U, - (uint64_t)1236837563717668U, (uint64_t)162873772439548U, (uint64_t)3081542470065122U, - (uint64_t)910331750163991U, (uint64_t)2110498143869827U, (uint64_t)3208473121852657U, - (uint64_t)94687786224509U, (uint64_t)4113309027567819U, (uint64_t)4272179438357536U, - (uint64_t)1857418654076140U, (uint64_t)1672678841741004U, (uint64_t)94482160248411U, - (uint64_t)1928652436799020U, (uint64_t)1750866462381515U, (uint64_t)4048060485672270U, - (uint64_t)4006680581258587U, (uint64_t)14850434761312U, (uint64_t)2828734997081648U, - (uint64_t)1975589525873972U, (uint64_t)3724347738416009U, (uint64_t)597163266689736U, - (uint64_t)14568362978551U, (uint64_t)2203865455839744U, (uint64_t)2237034958890595U, - (uint64_t)1863572986731818U, (uint64_t)2329774560279041U, (uint64_t)245105447642201U, - (uint64_t)2179697447864822U, (uint64_t)1769609498189882U, (uint64_t)1916950746430931U, - (uint64_t)847019613787312U, (uint64_t)163210606565100U, (uint64_t)3658248417400062U, - (uint64_t)717138296045881U, (uint64_t)42531212306121U, (uint64_t)1040915917097532U, - (uint64_t)77364489101310U, (uint64_t)539253504015590U, (uint64_t)732690726289841U, - (uint64_t)3401622034697806U, (uint64_t)2864593278358513U, (uint64_t)142611941887017U, - (uint64_t)536364617506702U, (uint64_t)845071859974284U, (uint64_t)4461787417089721U, - (uint64_t)2633811871939723U, (uint64_t)113619731985610U, (uint64_t)2535870015489566U, - (uint64_t)2146224665077830U, (uint64_t)2593725534662047U, (uint64_t)1332349537449710U, - (uint64_t)153375287068096U, (uint64_t)3689977177165276U, (uint64_t)3631865615314120U, - (uint64_t)184644878348929U, (uint64_t)2220481726602813U, (uint64_t)204002551273091U, - (uint64_t)3022560051766785U, (uint64_t)3125940458001213U, (uint64_t)4258299086906325U, - (uint64_t)1072471915162030U, (uint64_t)2797562724530U, (uint64_t)3974298156223059U, - (uint64_t)1624778551002554U, (uint64_t)3490703864485971U, (uint64_t)2533877484212458U, - (uint64_t)176107782538555U, (uint64_t)4275987398312137U, (uint64_t)4397120757693722U, - (uint64_t)3001292763847390U, (uint64_t)1556490837621310U, (uint64_t)70442953037671U, - (uint64_t)1558915972545974U, (uint64_t)744724505252845U, (uint64_t)2697230204313363U, - (uint64_t)3495671924212144U, (uint64_t)95744296878924U, (uint64_t)1508848630912047U, - (uint64_t)4163599342850968U, (uint64_t)1234988733935901U, (uint64_t)3789722472212706U, - (uint64_t)219522007052022U, (uint64_t)2106597506701262U, (uint64_t)3231115099832239U, - (uint64_t)1296436890593905U, (uint64_t)1016795619587656U, (uint64_t)231150565033388U, - (uint64_t)4205501688458754U, (uint64_t)2271569140386062U, (uint64_t)3421769599058157U, - (uint64_t)4118408853784554U, (uint64_t)276709341465173U, (uint64_t)2681340614854362U, - (uint64_t)2514413365628788U, (uint64_t)62294545067341U, (uint64_t)277610220069365U, - (uint64_t)252463150123799U, (uint64_t)2547353593759399U, (uint64_t)1857438147448607U, - (uint64_t)2964811969681256U, (uint64_t)3303706463835387U, (uint64_t)248936570980853U, - (uint64_t)3208982702478009U, (uint64_t)2518671051730787U, (uint64_t)727433853033835U, - (uint64_t)1290389308223446U, (uint64_t)220742793981035U, (uint64_t)3851225361654709U, - (uint64_t)2307489307934273U, (uint64_t)1151710489948266U, (uint64_t)289775285210516U, - (uint64_t)222685002397295U, (uint64_t)1222117478082108U, (uint64_t)2822029169395728U, - (uint64_t)1172146252219882U, (uint64_t)2626108105510259U, (uint64_t)209803527887167U, - (uint64_t)2718831919953281U, (uint64_t)4348638387588593U, (uint64_t)3761438313263183U, - (uint64_t)13169515318095U, (uint64_t}; static const uint64_t Hacl_K256_PrecompTable_precomp_basepoint_table_w5[480U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U, - (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U, - (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U, - (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U, - (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U, - (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U, - (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U, - (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U, - (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U, - (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U, - (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U, - (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U, - (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U, - (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U, - (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U, - (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U, - (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U, - (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U, - (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U, - (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U, - (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U, - (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U, - (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U, - (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U, - (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U, - (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U, - (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U, - (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U, - (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U, - (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U, - (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U, - (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U, - (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U, - (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U, - (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U, - (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U, - (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U, - (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U, - (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U, - (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U, - (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U, - (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U, - (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U, - (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U, - (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U, - (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U, - (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U, - (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U, - (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U, - (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U, - (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U, - (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U, - (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U, - (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U, - (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U, - (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U, - (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U, - (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U, - (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U, - (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U, - (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U, - (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U, - (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U, - (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U, - (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U, - (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U, - (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U, - (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U, - (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U, - (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U, - (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U, - (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U, - (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U, - (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t)134460241077887U, - (uint64_t)2104196179349630U, (uint64_t)501632371208418U, (uint64_t)1666838991431177U, - (uint64_t)445606193139838U, (uint64_t)73704603396096U, (uint64_t)3140284774064777U, - (uint64_t)1356066420820179U, (uint64_t)227054159419281U, (uint64_t)1847611229198687U, - (uint64_t)82327838827660U, (uint64_t)3704027573265803U, (uint64_t)1585260489220244U, - (uint64_t)4404647914931933U, (uint64_t)2424649827425515U, (uint64_t)206821944206116U, - (uint64_t)1508635776287972U, (uint64_t)1933584575629676U, (uint64_t)1903635423783032U, - (uint64_t)4193642165165650U, (uint64_t)234321074690644U, (uint64_t)210406774251925U, - (uint64_t)1965845668185599U, (uint64_t)3059839433804731U, (uint64_t)1933300510683631U, - (uint64_t)150696600689211U, (uint64_t)4069293682158567U, (uint64_t)4346344602660044U, - (uint64_t)312200249664561U, (uint64_t)2495020807621840U, (uint64_t)1912707714385U, - (uint64_t)299345978159762U, (uint64_t)1164752722686920U, (uint64_t)225322433710338U, - (uint64_t)3128747381283759U, (uint64_t)275659067815583U, (uint64_t)1489671057429039U, - (uint64_t)1567693343342676U, (uint64_t)921672046098071U, (uint64_t)3707418899384085U, - (uint64_t)54646424931593U, (uint64_t)4026733380127147U, (uint64_t)2933435393699231U, - (uint64_t)3356593659521967U, (uint64_t)3637750749325529U, (uint64_t)232939412379045U, - (uint64_t)2298399636043069U, (uint64_t)270361546063041U, (uint64_t)2523933572551420U, - (uint64_t)3456896091572950U, (uint64_t)185447004732850U, (uint64_t)429322937697821U, - (uint64_t)2579704215668222U, (uint64_t)695065378803349U, (uint64_t)3987916247731243U, - (uint64_t)255159546348233U, (uint64_t)3057777929921282U, (uint64_t)1608970699916312U, - (uint64_t)1902369623063807U, (uint64_t)1413619643652777U, (uint64_t)94983996321227U, - (uint64_t)2832873179548050U, (uint64_t)4335430233622555U, (uint64_t)1559023976028843U, - (uint64_t)3297181988648895U, (uint64_t)100072021232323U, (uint64_t)2124984034109675U, - (uint64_t)4501252835618918U, (uint64_t)2053336899483297U, (uint64_t)638807226463876U, - (uint64_t)278445213600634U, (uint64_t)2311236445660555U, (uint64_t)303317664040012U, - (uint64_t)2659353858089024U, (uint64_t)3598827423980130U, (uint64_t)176059343827873U, - (uint64_t)3891639526275437U, (uint64_t)252823982819463U, (uint64_t)3404823300622345U, - (uint64_t)2758370772497456U, (uint64_t)91397496598783U, (uint64_t)2248661144141892U, - (uint64_t)491087075271969U, (uint64_t)1786344894571315U, (uint64_t)452497694885923U, - (uint64_t)34039628873357U, (uint64_t)2116503165025197U, (uint64_t)4436733709429923U, - (uint64_t)3045800776819238U, (uint64_t)1385518906078375U, (uint64_t)110495603336764U, - (uint64_t)4051447296249587U, (uint64_t)1103557421498625U, (uint64_t)1840785058439622U, - (uint64_t)425322753992314U, (uint64_t)98330046771676U, (uint64_t)365407468686431U, - (uint64_t)2611246859977123U, (uint64_t)3050253933135339U, (uint64_t)1006482220896688U, - (uint64_t)166818196428389U, (uint64_t)3415236093104372U, (uint64_t)1762308883882288U, - (uint64_t)1327828123094558U, (uint64_t)3403946425556706U, (uint64_t)96503464455441U, - (uint64_t)3893015304031471U, (uint64_t)3740839477490397U, (uint64_t)2411470812852231U, - (uint64_t)940927462436211U, (uint64_t)163825285911099U, (uint64_t)1622441495640386U, - (uint64_t)850224095680266U, (uint64_t)76199085900939U, (uint64_t)1941852365144042U, - (uint64_t)140326673652807U, (uint64_t)3161611011249524U, (uint64_t)317297150009965U, - (uint64_t)2145053259340619U, (uint64_t)2180498176457552U, (uint64_t)38457740506224U, - (uint64_t)394174899129468U, (uint64_t)2687474560485245U, (uint64_t)1542175980184516U, - (uint64_t)1628502671124819U, (uint64_t)48477401124385U, (uint64_t)4474181600025082U, - (uint64_t)2142747956365708U, (uint64_t)1638299432475478U, (uint64_t)2005869320353249U, - (uint64_t)112292630760956U, (uint64_t)1887521965171588U, (uint64_t)457587531429696U, - (uint64_t)840994209504042U, (uint64_t)4268060856325798U, (uint64_t)195597993440388U, - (uint64_t)4148484749020338U, (uint64_t)2074885000909672U, (uint64_t)2309839019263165U, - (uint64_t)2087616209681024U, (uint64_t)257214370719966U, (uint64_t)2331363508376581U, - (uint64_t)1233124357504711U, (uint64_t)2849542202650296U, (uint64_t)3790982825325736U, - (uint64_t)13381453503890U, (uint64_t)1665246594531069U, (uint64_t)4165624287443904U, - (uint64_t)3418759698027493U, (uint64_t)2118493255117399U, (uint64_t)136249206366067U, - (uint64_t)4064050233283309U, (uint64_t)1368779887911300U, (uint64_t)4370550759530269U, - (uint64_t)66992990631341U, (uint64_t)84442368922270U, (uint64_t)2139322635321394U, - (uint64_t)2076163483726795U, (uint64_t)657097866349103U, (uint64_t)2095579409488071U, - (uint64_t)226525774791341U, (uint64_t)4445744257665359U, (uint64_t)2035752839278107U, - (uint64_t)1998242662838304U, (uint64_t)1601548415521694U, (uint64_t)151297684296198U, - (uint64_t)1350963039017303U, (uint64_t)2624916349548281U, (uint64_t)2018863259670197U, - (uint64_t)2717274357461290U, (uint64_t)94024796961533U, (uint64_t)711335520409111U, - (uint64_t)4322093765820263U, (uint64_t)2041650358174649U, (uint64_t)3439791603157577U, - (uint64_t)179292018616267U, (uint64_t)2436436921286669U, (uint64_t)3905268797208340U, - (uint64_t)2829194895162985U, (uint64_t)1355175382191543U, (uint64_t)55128779761539U, - (uint64_t)2648428998786922U, (uint64_t)869805912573515U, (uint64_t)3706708942847864U, - (uint64_t)2785288916584667U, (uint64_t)37156862850147U, (uint64_t)1422245336293228U, - (uint64_t)4497066058933021U, (uint64_t)85588912978349U, (uint64_t)2616252221194611U, - (uint64_t)53506393720989U, (uint64_t)3727539190732644U, (uint64_t)872132446545237U, - (uint64_t)933583590986077U, (uint64_t)3794591170581203U, (uint64_t)167875550514069U, - (uint64_t)2267466834993297U, (uint64_t)3072652681756816U, (uint64_t)2108499037430803U, - (uint64_t)1606735192928366U, (uint64_t)72339568815255U, (uint64_t)3258484260684219U, - (uint64_t)3277927277719855U, (uint64_t)2459560373011535U, (uint64_t)1672794293294033U, - (uint64_t)227460934880669U, (uint64_t)3702454405413705U, (uint64_t)106168148441676U, - (uint64_t)1356617643071159U, (uint64_t)3280896569942762U, (uint64_t)142618711614302U, - (uint64_t)4291782740862057U, (uint64_t)4141020884874235U, (uint64_t)3720787221267125U, - (uint64_t)552884940089351U, (uint64_t)174626154407180U, (uint64_t)972071013326540U, - (uint64_t)4458530419931903U, (uint64_t)4435168973822858U, (uint64_t)1902967548748411U, - (uint64_t)53007977605840U, (uint64_t)2453997334323925U, (uint64_t)3653077937283262U, - (uint64_t)850660265046356U, (uint64_t)312721924805450U, (uint64_t)268503679240683U, - (uint64_t)256960167714122U, (uint64_t)1474492507858350U, (uint64_t)2456345526438488U, - (uint64_t)3686029507160255U, (uint64_t)279158933010398U, (uint64_t)3646946293948063U, - (uint64_t)704477527214036U, (uint64_t)3387744169891031U, (uint64_t)3772622670980241U, - (uint64_t)136368897543304U, (uint64_t)3744894052577607U, (uint64_t)1976007214443430U, - (uint64_t)2090045379763451U, (uint64_t)968565474458988U, (uint64_t}; #if defined(__cplusplus) diff --git a/include/internal/Hacl_Krmllib.h b/include/internal/Hacl_Krmllib.h index 278cb15b..70c84916 100644 --- a/include/internal/Hacl_Krmllib.h +++ b/include/internal/Hacl_Krmllib.h @@ -37,13 +37,13 @@ extern "C" { #include "../Hacl_Krmllib.h" -static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b); +static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b); -static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b); +static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b); -static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b); +static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b); -static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b); +static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b); static inline FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); diff --git a/include/msvc/Lib_Memzero0.h b/include/internal/Hacl_MAC_Poly1305.h similarity index 82% rename from include/msvc/Lib_Memzero0.h rename to include/internal/Hacl_MAC_Poly1305.h index 9a7c7ac5..29e1734a 100644 --- a/include/msvc/Lib_Memzero0.h +++ b/include/internal/Hacl_MAC_Poly1305.h @@ -23,8 +23,8 @@ */ -#ifndef __Lib_Memzero0_H -#define __Lib_Memzero0_H +#ifndef __internal_Hacl_MAC_Poly1305_H +#define __internal_Hacl_MAC_Poly1305_H #if defined(__cplusplus) extern "C" { @@ -35,11 +35,15 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -extern void Lib_Memzero0_memzero(void *x0, uint64_t x1); +#include "../Hacl_MAC_Poly1305.h" + +void Hacl_MAC_Poly1305_poly1305_init(uint64_t *ctx, uint8_t *key); + +void Hacl_MAC_Poly1305_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx); #if defined(__cplusplus) } #endif -#define __Lib_Memzero0_H_DEFINED +#define __internal_Hacl_MAC_Poly1305_H_DEFINED #endif diff --git a/include/internal/Hacl_Poly1305_128.h b/include/internal/Hacl_MAC_Poly1305_Simd128.h similarity index 73% rename from include/internal/Hacl_Poly1305_128.h rename to include/internal/Hacl_MAC_Poly1305_Simd128.h index b9964714..fe120e43 100644 --- a/include/internal/Hacl_Poly1305_128.h +++ b/include/internal/Hacl_MAC_Poly1305_Simd128.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_Poly1305_128_H -#define __internal_Hacl_Poly1305_128_H +#ifndef __internal_Hacl_MAC_Poly1305_Simd128_H +#define __internal_Hacl_MAC_Poly1305_Simd128_H #if defined(__cplusplus) extern "C" { @@ -35,21 +35,30 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "../Hacl_Poly1305_128.h" +#include "../Hacl_MAC_Poly1305_Simd128.h" #include "libintvector.h" -void -Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b); +void Hacl_MAC_Poly1305_Simd128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b); void -Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize( +Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize( Lib_IntVector_Intrinsics_vec128 *out, Lib_IntVector_Intrinsics_vec128 *p ); +void +Hacl_MAC_Poly1305_Simd128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key); + +void +Hacl_MAC_Poly1305_Simd128_poly1305_finish( + uint8_t *tag, + uint8_t *key, + Lib_IntVector_Intrinsics_vec128 *ctx +); + #if defined(__cplusplus) } #endif -#define __internal_Hacl_Poly1305_128_H_DEFINED +#define __internal_Hacl_MAC_Poly1305_Simd128_H_DEFINED #endif diff --git a/include/msvc/internal/Hacl_Poly1305_256.h b/include/internal/Hacl_MAC_Poly1305_Simd256.h similarity index 73% rename from include/msvc/internal/Hacl_Poly1305_256.h rename to include/internal/Hacl_MAC_Poly1305_Simd256.h index 21d78b16..7bf106c1 100644 --- a/include/msvc/internal/Hacl_Poly1305_256.h +++ b/include/internal/Hacl_MAC_Poly1305_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_Poly1305_256_H -#define __internal_Hacl_Poly1305_256_H +#ifndef __internal_Hacl_MAC_Poly1305_Simd256_H +#define __internal_Hacl_MAC_Poly1305_Simd256_H #if defined(__cplusplus) extern "C" { @@ -35,21 +35,30 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "../Hacl_Poly1305_256.h" +#include "../Hacl_MAC_Poly1305_Simd256.h" #include "libintvector.h" -void -Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b); +void Hacl_MAC_Poly1305_Simd256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b); void -Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize( +Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize( Lib_IntVector_Intrinsics_vec256 *out, Lib_IntVector_Intrinsics_vec256 *p ); +void +Hacl_MAC_Poly1305_Simd256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key); + +void +Hacl_MAC_Poly1305_Simd256_poly1305_finish( + uint8_t *tag, + uint8_t *key, + Lib_IntVector_Intrinsics_vec256 *ctx +); + #if defined(__cplusplus) } #endif -#define __internal_Hacl_Poly1305_256_H_DEFINED +#define __internal_Hacl_MAC_Poly1305_Simd256_H_DEFINED #endif diff --git a/include/internal/Hacl_P256_PrecompTable.h b/include/internal/Hacl_P256_PrecompTable.h index f185c2be..c852ef8c 100644 --- a/include/internal/Hacl_P256_PrecompTable.h +++ b/include/internal/Hacl_P256_PrecompTable.h @@ -39,476 +39,360 @@ static const uint64_t Hacl_P256_PrecompTable_precomp_basepoint_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U, - (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U, - (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U, - (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U, - (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U, - (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U, - (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U, - (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U, - (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U, - (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U, - (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U, - (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U, - (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U, - (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U, - (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U, - (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U, - (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U, - (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U, - (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U, - (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U, - (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U, - (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U, - (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U, - (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U, - (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U, - (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U, - (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U, - (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U, - (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U, - (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U, - (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U, - (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U, - (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U, - (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U, - (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U, - (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U, - (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U, - (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U, - (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U, - (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U, - (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U, - (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U, - (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U, - (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U, - (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U, - (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U, - (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U, - (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U, - (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U, - (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U, - (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U, - (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U, - (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U, - (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U, - (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U, - (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U, - (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U, - (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U, - (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U, - (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U, - (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U, - (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U, - (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U, - (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U, - (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U, - (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U, - (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U, - (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL, + 1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL, + 15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL, + 18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL, + 10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL, + 14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL, + 1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL, + 14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL, + 5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL, + 7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL, + 18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL, + 3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL, + 16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL, + 8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL, + 18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL, + 5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL, + 15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL, + 10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL, + 14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL, + 8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL, + 2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL, + 7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL, + 15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL, + 17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL, + 10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL, + 13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL, + 11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL, + 9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL, + 2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL, + 6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL, + 10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL, + 511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL, + 15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL, + 9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL, + 10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL, + 2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL, + 17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL, + 12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL, + 13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL, + 14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL, + 13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL, + 1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL, + 14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL, + 17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL, + 7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL, + 9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL, + 17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL, + 8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL, + 15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL, + 8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL, + 11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL, + 1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL, + 3538840175098724094ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1499621593102562565U, - (uint64_t)16692369783039433128U, (uint64_t)15337520135922861848U, - (uint64_t)5455737214495366228U, (uint64_t)17827017231032529600U, - (uint64_t)12413621606240782649U, (uint64_t)2290483008028286132U, - (uint64_t)15752017553340844820U, (uint64_t)4846430910634234874U, - (uint64_t)10861682798464583253U, (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U, - (uint64_t)9866710912401645115U, (uint64_t)1162548847543228595U, (uint64_t)7649967190445130486U, - (uint64_t)5212340432230915749U, (uint64_t)7572620550182916491U, (uint64_t)14876145112448665096U, - (uint64_t)2063227348838176167U, (uint64_t)3519435548295415847U, (uint64_t)8390400282019023103U, - (uint64_t)17666843593163037841U, (uint64_t)9450204148816496323U, (uint64_t)8483374507652916768U, - (uint64_t)6254661047265818424U, (uint64_t)16382127809582285023U, (uint64_t)125359443771153172U, - (uint64_t)1374336701588437897U, (uint64_t)11362596098420127726U, (uint64_t)2101654420738681387U, - (uint64_t)12772780342444840510U, (uint64_t)12546934328908550060U, - (uint64_t)8331880412333790397U, (uint64_t)11687262051473819904U, (uint64_t)8926848496503457587U, - (uint64_t)9603974142010467857U, (uint64_t)13199952163826973175U, (uint64_t)2189856264898797734U, - (uint64_t)11356074861870267226U, (uint64_t)2027714896422561895U, (uint64_t)5261606367808050149U, - (uint64_t)153855954337762312U, (uint64_t)6375919692894573986U, (uint64_t)12364041207536146533U, - (uint64_t)1891896010455057160U, (uint64_t)1568123795087313171U, (uint64_t)18138710056556660101U, - (uint64_t)6004886947510047736U, (uint64_t)4811859325589542932U, (uint64_t)3618763430148954981U, - (uint64_t)11434521746258554122U, (uint64_t)10086341535864049427U, - (uint64_t)8073421629570399570U, (uint64_t)12680586148814729338U, (uint64_t)9619958020761569612U, - (uint64_t)15827203580658384478U, (uint64_t)12832694810937550406U, - (uint64_t)14977975484447400910U, (uint64_t)5478002389061063653U, - (uint64_t)14731136312639060880U, (uint64_t)4317867687275472033U, (uint64_t)6642650962855259884U, - (uint64_t)2514254944289495285U, (uint64_t)14231405641534478436U, (uint64_t)4045448346091518946U, - (uint64_t)8985477013445972471U, (uint64_t)8869039454457032149U, (uint64_t)4356978486208692970U, - (uint64_t)10805288613335538577U, (uint64_t)12832353127812502042U, - (uint64_t)4576590051676547490U, (uint64_t)6728053735138655107U, (uint64_t)17814206719173206184U, - (uint64_t)79790138573994940U, (uint64_t)17920293215101822267U, (uint64_t)13422026625585728864U, - (uint64_t)5018058010492547271U, (uint64_t)110232326023384102U, (uint64_t)10834264070056942976U, - (uint64_t)15222249086119088588U, (uint64_t)15119439519142044997U, - (uint64_t)11655511970063167313U, (uint64_t)1614477029450566107U, (uint64_t)3619322817271059794U, - (uint64_t)9352862040415412867U, (uint64_t)14017522553242747074U, - (uint64_t)13138513643674040327U, (uint64_t)3610195242889455765U, (uint64_t)8371069193996567291U, - (uint64_t)12670227996544662654U, (uint64_t)1205961025092146303U, - (uint64_t)13106709934003962112U, (uint64_t)4350113471327723407U, - (uint64_t)15060941403739680459U, (uint64_t)13639127647823205030U, - (uint64_t)10790943339357725715U, (uint64_t)498760574280648264U, (uint64_t)17922071907832082887U, - (uint64_t)15122670976670152145U, (uint64_t)6275027991110214322U, (uint64_t)7250912847491816402U, - (uint64_t)15206617260142982380U, (uint64_t)3385668313694152877U, - (uint64_t)17522479771766801905U, (uint64_t)2965919117476170655U, (uint64_t)1553238516603269404U, - (uint64_t)5820770015631050991U, (uint64_t)4999445222232605348U, (uint64_t)9245650860833717444U, - (uint64_t)1508811811724230728U, (uint64_t)5190684913765614385U, (uint64_t)15692927070934536166U, - (uint64_t)12981978499190500902U, (uint64_t)5143491963193394698U, (uint64_t)7705698092144084129U, - (uint64_t)581120653055084783U, (uint64_t)13886552864486459714U, (uint64_t)6290301270652587255U, - (uint64_t)8663431529954393128U, (uint64_t)17033405846475472443U, (uint64_t)5206780355442651635U, - (uint64_t)12580364474736467688U, (uint64_t)17934601912005283310U, - (uint64_t)15119491731028933652U, (uint64_t)17848231399859044858U, - (uint64_t)4427673319524919329U, (uint64_t)2673607337074368008U, (uint64_t)14034876464294699949U, - (uint64_t)10938948975420813697U, (uint64_t)15202340615298669183U, - (uint64_t)5496603454069431071U, (uint64_t)2486526142064906845U, (uint64_t)4507882119510526802U, - (uint64_t)13888151172411390059U, (uint64_t)15049027856908071726U, - (uint64_t)9667231543181973158U, (uint64_t)6406671575277563202U, (uint64_t)3395801050331215139U, - (uint64_t)9813607433539108308U, (uint64_t)2681417728820980381U, (uint64_t)18407064643927113994U, - (uint64_t)7707177692113485527U, (uint64_t)14218149384635317074U, (uint64_t)3658668346206375919U, - (uint64_t)15404713991002362166U, (uint64_t)10152074687696195207U, - (uint64_t)10926946599582128139U, (uint64_t)16907298600007085320U, - (uint64_t)16544287219664720279U, (uint64_t)11007075933432813205U, - (uint64_t)8652245965145713599U, (uint64_t)7857626748965990384U, (uint64_t)5602306604520095870U, - (uint64_t)2525139243938658618U, (uint64_t)14405696176872077447U, - (uint64_t)18432270482137885332U, (uint64_t)9913880809120071177U, - (uint64_t)16896141737831216972U, (uint64_t)7484791498211214829U, - (uint64_t)15635259968266497469U, (uint64_t)8495118537612215624U, (uint64_t)4915477980562575356U, - (uint64_t)16453519279754924350U, (uint64_t)14462108244565406969U, - (uint64_t)14837837755237096687U, (uint64_t)14130171078892575346U, - (uint64_t)15423793222528491497U, (uint64_t)5460399262075036084U, - (uint64_t)16085440580308415349U, (uint64_t)26873200736954488U, (uint64_t)5603655807457499550U, - (uint64_t)3342202915871129617U, (uint64_t)1604413932150236626U, (uint64_t)9684226585089458974U, - (uint64_t)1213229904006618539U, (uint64_t)6782978662408837236U, (uint64_t)11197029877749307372U, - (uint64_t)14085968786551657744U, (uint64_t)17352273610494009342U, - (uint64_t)7876582961192434984U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 1499621593102562565ULL, 16692369783039433128ULL, + 15337520135922861848ULL, 5455737214495366228ULL, 17827017231032529600ULL, + 12413621606240782649ULL, 2290483008028286132ULL, 15752017553340844820ULL, + 4846430910634234874ULL, 10861682798464583253ULL, 15404737222404363049ULL, 363586619281562022ULL, + 9866710912401645115ULL, 1162548847543228595ULL, 7649967190445130486ULL, 5212340432230915749ULL, + 7572620550182916491ULL, 14876145112448665096ULL, 2063227348838176167ULL, 3519435548295415847ULL, + 8390400282019023103ULL, 17666843593163037841ULL, 9450204148816496323ULL, 8483374507652916768ULL, + 6254661047265818424ULL, 16382127809582285023ULL, 125359443771153172ULL, 1374336701588437897ULL, + 11362596098420127726ULL, 2101654420738681387ULL, 12772780342444840510ULL, + 12546934328908550060ULL, 8331880412333790397ULL, 11687262051473819904ULL, + 8926848496503457587ULL, 9603974142010467857ULL, 13199952163826973175ULL, 2189856264898797734ULL, + 11356074861870267226ULL, 2027714896422561895ULL, 5261606367808050149ULL, 153855954337762312ULL, + 6375919692894573986ULL, 12364041207536146533ULL, 1891896010455057160ULL, 1568123795087313171ULL, + 18138710056556660101ULL, 6004886947510047736ULL, 4811859325589542932ULL, 3618763430148954981ULL, + 11434521746258554122ULL, 10086341535864049427ULL, 8073421629570399570ULL, + 12680586148814729338ULL, 9619958020761569612ULL, 15827203580658384478ULL, + 12832694810937550406ULL, 14977975484447400910ULL, 5478002389061063653ULL, + 14731136312639060880ULL, 4317867687275472033ULL, 6642650962855259884ULL, 2514254944289495285ULL, + 14231405641534478436ULL, 4045448346091518946ULL, 8985477013445972471ULL, 8869039454457032149ULL, + 4356978486208692970ULL, 10805288613335538577ULL, 12832353127812502042ULL, + 4576590051676547490ULL, 6728053735138655107ULL, 17814206719173206184ULL, 79790138573994940ULL, + 17920293215101822267ULL, 13422026625585728864ULL, 5018058010492547271ULL, 110232326023384102ULL, + 10834264070056942976ULL, 15222249086119088588ULL, 15119439519142044997ULL, + 11655511970063167313ULL, 1614477029450566107ULL, 3619322817271059794ULL, 9352862040415412867ULL, + 14017522553242747074ULL, 13138513643674040327ULL, 3610195242889455765ULL, + 8371069193996567291ULL, 12670227996544662654ULL, 1205961025092146303ULL, + 13106709934003962112ULL, 4350113471327723407ULL, 15060941403739680459ULL, + 13639127647823205030ULL, 10790943339357725715ULL, 498760574280648264ULL, + 17922071907832082887ULL, 15122670976670152145ULL, 6275027991110214322ULL, + 7250912847491816402ULL, 15206617260142982380ULL, 3385668313694152877ULL, + 17522479771766801905ULL, 2965919117476170655ULL, 1553238516603269404ULL, 5820770015631050991ULL, + 4999445222232605348ULL, 9245650860833717444ULL, 1508811811724230728ULL, 5190684913765614385ULL, + 15692927070934536166ULL, 12981978499190500902ULL, 5143491963193394698ULL, + 7705698092144084129ULL, 581120653055084783ULL, 13886552864486459714ULL, 6290301270652587255ULL, + 8663431529954393128ULL, 17033405846475472443ULL, 5206780355442651635ULL, + 12580364474736467688ULL, 17934601912005283310ULL, 15119491731028933652ULL, + 17848231399859044858ULL, 4427673319524919329ULL, 2673607337074368008ULL, + 14034876464294699949ULL, 10938948975420813697ULL, 15202340615298669183ULL, + 5496603454069431071ULL, 2486526142064906845ULL, 4507882119510526802ULL, 13888151172411390059ULL, + 15049027856908071726ULL, 9667231543181973158ULL, 6406671575277563202ULL, 3395801050331215139ULL, + 9813607433539108308ULL, 2681417728820980381ULL, 18407064643927113994ULL, 7707177692113485527ULL, + 14218149384635317074ULL, 3658668346206375919ULL, 15404713991002362166ULL, + 10152074687696195207ULL, 10926946599582128139ULL, 16907298600007085320ULL, + 16544287219664720279ULL, 11007075933432813205ULL, 8652245965145713599ULL, + 7857626748965990384ULL, 5602306604520095870ULL, 2525139243938658618ULL, 14405696176872077447ULL, + 18432270482137885332ULL, 9913880809120071177ULL, 16896141737831216972ULL, + 7484791498211214829ULL, 15635259968266497469ULL, 8495118537612215624ULL, 4915477980562575356ULL, + 16453519279754924350ULL, 14462108244565406969ULL, 14837837755237096687ULL, + 14130171078892575346ULL, 15423793222528491497ULL, 5460399262075036084ULL, + 16085440580308415349ULL, 26873200736954488ULL, 5603655807457499550ULL, 3342202915871129617ULL, + 1604413932150236626ULL, 9684226585089458974ULL, 1213229904006618539ULL, 6782978662408837236ULL, + 11197029877749307372ULL, 14085968786551657744ULL, 17352273610494009342ULL, + 7876582961192434984ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)14619254753077084366U, - (uint64_t)13913835116514008593U, (uint64_t)15060744674088488145U, - (uint64_t)17668414598203068685U, (uint64_t)10761169236902342334U, - (uint64_t)15467027479157446221U, (uint64_t)14989185522423469618U, - (uint64_t)14354539272510107003U, (uint64_t)14298211796392133693U, - (uint64_t)13270323784253711450U, (uint64_t)13380964971965046957U, - (uint64_t)8686204248456909699U, (uint64_t)17434630286744937066U, (uint64_t)1355903775279084720U, - (uint64_t)7554695053550308662U, (uint64_t)11354971222741863570U, (uint64_t)564601613420749879U, - (uint64_t)8466325837259054896U, (uint64_t)10752965181772434263U, - (uint64_t)11405876547368426319U, (uint64_t)13791894568738930940U, - (uint64_t)8230587134406354675U, (uint64_t)12415514098722758608U, - (uint64_t)18414183046995786744U, (uint64_t)15508000368227372870U, - (uint64_t)5781062464627999307U, (uint64_t)15339429052219195590U, - (uint64_t)16038703753810741903U, (uint64_t)9587718938298980714U, (uint64_t)4822658817952386407U, - (uint64_t)1376351024833260660U, (uint64_t)1120174910554766702U, (uint64_t)1730170933262569274U, - (uint64_t)5187428548444533500U, (uint64_t)16242053503368957131U, (uint64_t)3036811119519868279U, - (uint64_t)1760267587958926638U, (uint64_t)170244572981065185U, (uint64_t)8063080791967388171U, - (uint64_t)4824892826607692737U, (uint64_t)16286391083472040552U, - (uint64_t)11945158615253358747U, (uint64_t)14096887760410224200U, - (uint64_t)1613720831904557039U, (uint64_t)14316966673761197523U, - (uint64_t)17411006201485445341U, (uint64_t)8112301506943158801U, (uint64_t)2069889233927989984U, - (uint64_t)10082848378277483927U, (uint64_t)3609691194454404430U, (uint64_t)6110437205371933689U, - (uint64_t)9769135977342231601U, (uint64_t)11977962151783386478U, - (uint64_t)18088718692559983573U, (uint64_t)11741637975753055U, (uint64_t)11110390325701582190U, - (uint64_t)1341402251566067019U, (uint64_t)3028229550849726478U, (uint64_t)10438984083997451310U, - (uint64_t)12730851885100145709U, (uint64_t)11524169532089894189U, - (uint64_t)4523375903229602674U, (uint64_t)2028602258037385622U, (uint64_t)17082839063089388410U, - (uint64_t)6103921364634113167U, (uint64_t)17066180888225306102U, - (uint64_t)11395680486707876195U, (uint64_t)10952892272443345484U, - (uint64_t)8792831960605859401U, (uint64_t)14194485427742325139U, - (uint64_t)15146020821144305250U, (uint64_t)1654766014957123343U, (uint64_t)7955526243090948551U, - (uint64_t)3989277566080493308U, (uint64_t)12229385116397931231U, - (uint64_t)13430548930727025562U, (uint64_t)3434892688179800602U, (uint64_t)8431998794645622027U, - (uint64_t)12132530981596299272U, (uint64_t)2289461608863966999U, - (uint64_t)18345870950201487179U, (uint64_t)13517947207801901576U, - (uint64_t)5213113244172561159U, (uint64_t)17632986594098340879U, (uint64_t)4405251818133148856U, - (uint64_t)11783009269435447793U, (uint64_t)9332138983770046035U, - (uint64_t)12863411548922539505U, (uint64_t)3717030292816178224U, - (uint64_t)10026078446427137374U, (uint64_t)11167295326594317220U, - (uint64_t)12425328773141588668U, (uint64_t)5760335125172049352U, (uint64_t)9016843701117277863U, - (uint64_t)5657892835694680172U, (uint64_t)11025130589305387464U, (uint64_t)1368484957977406173U, - (uint64_t)17361351345281258834U, (uint64_t)1907113641956152700U, - (uint64_t)16439233413531427752U, (uint64_t)5893322296986588932U, - (uint64_t)14000206906171746627U, (uint64_t)14979266987545792900U, - (uint64_t)6926291766898221120U, (uint64_t)7162023296083360752U, (uint64_t)14762747553625382529U, - (uint64_t)12610831658612406849U, (uint64_t)10462926899548715515U, - (uint64_t)4794017723140405312U, (uint64_t)5234438200490163319U, (uint64_t)8019519110339576320U, - (uint64_t)7194604241290530100U, (uint64_t)12626770134810813246U, - (uint64_t)10793074474236419890U, (uint64_t)11323224347913978783U, - (uint64_t)16831128015895380245U, (uint64_t)18323094195124693378U, - (uint64_t)2361097165281567692U, (uint64_t)15755578675014279498U, - (uint64_t)14289876470325854580U, (uint64_t)12856787656093616839U, - (uint64_t)3578928531243900594U, (uint64_t)3847532758790503699U, (uint64_t)8377953190224748743U, - (uint64_t)3314546646092744596U, (uint64_t)800810188859334358U, (uint64_t)4626344124229343596U, - (uint64_t)6620381605850876621U, (uint64_t)11422073570955989527U, - (uint64_t)12676813626484814469U, (uint64_t)16725029886764122240U, - (uint64_t)16648497372773830008U, (uint64_t)9135702594931291048U, - (uint64_t)16080949688826680333U, (uint64_t)11528096561346602947U, - (uint64_t)2632498067099740984U, (uint64_t)11583842699108800714U, (uint64_t)8378404864573610526U, - (uint64_t)1076560261627788534U, (uint64_t)13836015994325032828U, - (uint64_t)11234295937817067909U, (uint64_t)5893659808396722708U, - (uint64_t)11277421142886984364U, (uint64_t)8968549037166726491U, - (uint64_t)14841374331394032822U, (uint64_t)9967344773947889341U, (uint64_t)8799244393578496085U, - (uint64_t)5094686877301601410U, (uint64_t)8780316747074726862U, (uint64_t)9119697306829835718U, - (uint64_t)15381243327921855368U, (uint64_t)2686250164449435196U, - (uint64_t)16466917280442198358U, (uint64_t)13791704489163125216U, - (uint64_t)16955859337117924272U, (uint64_t)17112836394923783642U, - (uint64_t)4639176427338618063U, (uint64_t)16770029310141094964U, - (uint64_t)11049953922966416185U, (uint64_t)12012669590884098968U, - (uint64_t)4859326885929417214U, (uint64_t)896380084392586061U, (uint64_t)7153028362977034008U, - (uint64_t)10540021163316263301U, (uint64_t)9318277998512936585U, - (uint64_t)18344496977694796523U, (uint64_t)11374737400567645494U, - (uint64_t)17158800051138212954U, (uint64_t)18343197867863253153U, - (uint64_t)18204799297967861226U, (uint64_t)15798973531606348828U, - (uint64_t)9870158263408310459U, (uint64_t)17578869832774612627U, (uint64_t)8395748875822696932U, - (uint64_t)15310679007370670872U, (uint64_t)11205576736030808860U, - (uint64_t)10123429210002838967U, (uint64_t)5910544144088393959U, - (uint64_t)14016615653353687369U, (uint64_t)11191676704772957822U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 14619254753077084366ULL, 13913835116514008593ULL, + 15060744674088488145ULL, 17668414598203068685ULL, 10761169236902342334ULL, + 15467027479157446221ULL, 14989185522423469618ULL, 14354539272510107003ULL, + 14298211796392133693ULL, 13270323784253711450ULL, 13380964971965046957ULL, + 8686204248456909699ULL, 17434630286744937066ULL, 1355903775279084720ULL, 7554695053550308662ULL, + 11354971222741863570ULL, 564601613420749879ULL, 8466325837259054896ULL, 10752965181772434263ULL, + 11405876547368426319ULL, 13791894568738930940ULL, 8230587134406354675ULL, + 12415514098722758608ULL, 18414183046995786744ULL, 15508000368227372870ULL, + 5781062464627999307ULL, 15339429052219195590ULL, 16038703753810741903ULL, + 9587718938298980714ULL, 4822658817952386407ULL, 1376351024833260660ULL, 1120174910554766702ULL, + 1730170933262569274ULL, 5187428548444533500ULL, 16242053503368957131ULL, 3036811119519868279ULL, + 1760267587958926638ULL, 170244572981065185ULL, 8063080791967388171ULL, 4824892826607692737ULL, + 16286391083472040552ULL, 11945158615253358747ULL, 14096887760410224200ULL, + 1613720831904557039ULL, 14316966673761197523ULL, 17411006201485445341ULL, + 8112301506943158801ULL, 2069889233927989984ULL, 10082848378277483927ULL, 3609691194454404430ULL, + 6110437205371933689ULL, 9769135977342231601ULL, 11977962151783386478ULL, + 18088718692559983573ULL, 11741637975753055ULL, 11110390325701582190ULL, 1341402251566067019ULL, + 3028229550849726478ULL, 10438984083997451310ULL, 12730851885100145709ULL, + 11524169532089894189ULL, 4523375903229602674ULL, 2028602258037385622ULL, + 17082839063089388410ULL, 6103921364634113167ULL, 17066180888225306102ULL, + 11395680486707876195ULL, 10952892272443345484ULL, 8792831960605859401ULL, + 14194485427742325139ULL, 15146020821144305250ULL, 1654766014957123343ULL, + 7955526243090948551ULL, 3989277566080493308ULL, 12229385116397931231ULL, + 13430548930727025562ULL, 3434892688179800602ULL, 8431998794645622027ULL, + 12132530981596299272ULL, 2289461608863966999ULL, 18345870950201487179ULL, + 13517947207801901576ULL, 5213113244172561159ULL, 17632986594098340879ULL, + 4405251818133148856ULL, 11783009269435447793ULL, 9332138983770046035ULL, + 12863411548922539505ULL, 3717030292816178224ULL, 10026078446427137374ULL, + 11167295326594317220ULL, 12425328773141588668ULL, 5760335125172049352ULL, + 9016843701117277863ULL, 5657892835694680172ULL, 11025130589305387464ULL, 1368484957977406173ULL, + 17361351345281258834ULL, 1907113641956152700ULL, 16439233413531427752ULL, + 5893322296986588932ULL, 14000206906171746627ULL, 14979266987545792900ULL, + 6926291766898221120ULL, 7162023296083360752ULL, 14762747553625382529ULL, + 12610831658612406849ULL, 10462926899548715515ULL, 4794017723140405312ULL, + 5234438200490163319ULL, 8019519110339576320ULL, 7194604241290530100ULL, 12626770134810813246ULL, + 10793074474236419890ULL, 11323224347913978783ULL, 16831128015895380245ULL, + 18323094195124693378ULL, 2361097165281567692ULL, 15755578675014279498ULL, + 14289876470325854580ULL, 12856787656093616839ULL, 3578928531243900594ULL, + 3847532758790503699ULL, 8377953190224748743ULL, 3314546646092744596ULL, 800810188859334358ULL, + 4626344124229343596ULL, 6620381605850876621ULL, 11422073570955989527ULL, + 12676813626484814469ULL, 16725029886764122240ULL, 16648497372773830008ULL, + 9135702594931291048ULL, 16080949688826680333ULL, 11528096561346602947ULL, + 2632498067099740984ULL, 11583842699108800714ULL, 8378404864573610526ULL, 1076560261627788534ULL, + 13836015994325032828ULL, 11234295937817067909ULL, 5893659808396722708ULL, + 11277421142886984364ULL, 8968549037166726491ULL, 14841374331394032822ULL, + 9967344773947889341ULL, 8799244393578496085ULL, 5094686877301601410ULL, 8780316747074726862ULL, + 9119697306829835718ULL, 15381243327921855368ULL, 2686250164449435196ULL, + 16466917280442198358ULL, 13791704489163125216ULL, 16955859337117924272ULL, + 17112836394923783642ULL, 4639176427338618063ULL, 16770029310141094964ULL, + 11049953922966416185ULL, 12012669590884098968ULL, 4859326885929417214ULL, 896380084392586061ULL, + 7153028362977034008ULL, 10540021163316263301ULL, 9318277998512936585ULL, + 18344496977694796523ULL, 11374737400567645494ULL, 17158800051138212954ULL, + 18343197867863253153ULL, 18204799297967861226ULL, 15798973531606348828ULL, + 9870158263408310459ULL, 17578869832774612627ULL, 8395748875822696932ULL, + 15310679007370670872ULL, 11205576736030808860ULL, 10123429210002838967ULL, + 5910544144088393959ULL, 14016615653353687369ULL, 11191676704772957822ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)7870395003430845958U, - (uint64_t)18001862936410067720U, (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U, - (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U, (uint64_t)7139806720777708306U, - (uint64_t)8253938546650739833U, (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U, - (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U, (uint64_t)8392845221328116213U, - (uint64_t)14630296398338540788U, (uint64_t)4268947906723414372U, (uint64_t)9231207002243517909U, - (uint64_t)14261219637616504262U, (uint64_t)7786881626982345356U, - (uint64_t)11412720751765882139U, (uint64_t)14119585051365330009U, - (uint64_t)15281626286521302128U, (uint64_t)6350171933454266732U, - (uint64_t)16559468304937127866U, (uint64_t)13200760478271693417U, - (uint64_t)6733381546280350776U, (uint64_t)3801404890075189193U, (uint64_t)2741036364686993903U, - (uint64_t)3218612940540174008U, (uint64_t)10894914335165419505U, - (uint64_t)11862941430149998362U, (uint64_t)4223151729402839584U, (uint64_t)2913215088487087887U, - (uint64_t)14562168920104952953U, (uint64_t)2170089393468287453U, - (uint64_t)10520900655016579352U, (uint64_t)7040362608949989273U, (uint64_t)8376510559381705307U, - (uint64_t)9142237200448131532U, (uint64_t)5696859948123854080U, (uint64_t)925422306716081180U, - (uint64_t)11155545953469186421U, (uint64_t)1888208646862572812U, - (uint64_t)11151095998248845721U, (uint64_t)15793503271680275267U, - (uint64_t)7729877044494854851U, (uint64_t)6235134673193032913U, (uint64_t)7364280682182401564U, - (uint64_t)5479679373325519985U, (uint64_t)17966037684582301763U, - (uint64_t)14140891609330279185U, (uint64_t)5814744449740463867U, (uint64_t)5652588426712591652U, - (uint64_t)774745682988690912U, (uint64_t)13228255573220500373U, (uint64_t)11949122068786859397U, - (uint64_t)8021166392900770376U, (uint64_t)7994323710948720063U, (uint64_t)9924618472877849977U, - (uint64_t)17618517523141194266U, (uint64_t)2750424097794401714U, - (uint64_t)15481749570715253207U, (uint64_t)14646964509921760497U, - (uint64_t)1037442848094301355U, (uint64_t)6295995947389299132U, (uint64_t)16915049722317579514U, - (uint64_t)10493877400992990313U, (uint64_t)18391008753060553521U, (uint64_t)483942209623707598U, - (uint64_t)2017775662838016613U, (uint64_t)5933251998459363553U, (uint64_t)11789135019970707407U, - (uint64_t)5484123723153268336U, (uint64_t)13246954648848484954U, (uint64_t)4774374393926023505U, - (uint64_t)14863995618704457336U, (uint64_t)13220153167104973625U, - (uint64_t)5988445485312390826U, (uint64_t)17580359464028944682U, (uint64_t)7297100131969874771U, - (uint64_t)379931507867989375U, (uint64_t)10927113096513421444U, (uint64_t)17688881974428340857U, - (uint64_t)4259872578781463333U, (uint64_t)8573076295966784472U, (uint64_t)16389829450727275032U, - (uint64_t)1667243868963568259U, (uint64_t)17730726848925960919U, - (uint64_t)11408899874569778008U, (uint64_t)3576527582023272268U, - (uint64_t)16492920640224231656U, (uint64_t)7906130545972460130U, - (uint64_t)13878604278207681266U, (uint64_t)41446695125652041U, (uint64_t)8891615271337333503U, - (uint64_t)2594537723613594470U, (uint64_t)7699579176995770924U, (uint64_t)147458463055730655U, - (uint64_t)12120406862739088406U, (uint64_t)12044892493010567063U, - (uint64_t)8554076749615475136U, (uint64_t)1005097692260929999U, (uint64_t)2687202654471188715U, - (uint64_t)9457588752176879209U, (uint64_t)17472884880062444019U, (uint64_t)9792097892056020166U, - (uint64_t)2525246678512797150U, (uint64_t)15958903035313115662U, - (uint64_t)11336038170342247032U, (uint64_t)11560342382835141123U, - (uint64_t)6212009033479929024U, (uint64_t)8214308203775021229U, (uint64_t)8475469210070503698U, - (uint64_t)13287024123485719563U, (uint64_t)12956951963817520723U, - (uint64_t)10693035819908470465U, (uint64_t)11375478788224786725U, - (uint64_t)16934625208487120398U, (uint64_t)10094585729115874495U, - (uint64_t)2763884524395905776U, (uint64_t)13535890148969964883U, - (uint64_t)13514657411765064358U, (uint64_t)9903074440788027562U, - (uint64_t)17324720726421199990U, (uint64_t)2273931039117368789U, (uint64_t)3442641041506157854U, - (uint64_t)1119853641236409612U, (uint64_t)12037070344296077989U, (uint64_t)581736433335671746U, - (uint64_t)6019150647054369174U, (uint64_t)14864096138068789375U, (uint64_t)6652995210998318662U, - (uint64_t)12773883697029175304U, (uint64_t)12751275631451845119U, - (uint64_t)11449095003038250478U, (uint64_t)1025805267334366480U, (uint64_t)2764432500300815015U, - (uint64_t)18274564429002844381U, (uint64_t)10445634195592600351U, - (uint64_t)11814099592837202735U, (uint64_t)5006796893679120289U, (uint64_t)6908397253997261914U, - (uint64_t)13266696965302879279U, (uint64_t)7768715053015037430U, (uint64_t)3569923738654785686U, - (uint64_t)5844853453464857549U, (uint64_t)1837340805629559110U, (uint64_t)1034657624388283114U, - (uint64_t)711244516069456460U, (uint64_t)12519286026957934814U, (uint64_t)2613464944620837619U, - (uint64_t)10003023321338286213U, (uint64_t)7291332092642881376U, (uint64_t)9832199564117004897U, - (uint64_t)3280736694860799890U, (uint64_t)6416452202849179874U, (uint64_t)7326961381798642069U, - (uint64_t)8435688798040635029U, (uint64_t)16630141263910982958U, - (uint64_t)17222635514422533318U, (uint64_t)9482787389178881499U, (uint64_t)836561194658263905U, - (uint64_t)3405319043337616649U, (uint64_t)2786146577568026518U, (uint64_t)7625483685691626321U, - (uint64_t)6728084875304656716U, (uint64_t)1140997959232544268U, (uint64_t)12847384827606303792U, - (uint64_t)1719121337754572070U, (uint64_t)12863589482936438532U, (uint64_t)3880712899640530862U, - (uint64_t)2748456882813671564U, (uint64_t)4775988900044623019U, (uint64_t)8937847374382191162U, - (uint64_t)3767367347172252295U, (uint64_t)13468672401049388646U, - (uint64_t)14359032216842397576U, (uint64_t)2002555958685443975U, - (uint64_t)16488678606651526810U, (uint64_t)11826135409597474760U, - (uint64_t)15296495673182508601U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 7870395003430845958ULL, 18001862936410067720ULL, 8006461232116967215ULL, + 5921313779532424762ULL, 10702113371959864307ULL, 8070517410642379879ULL, 7139806720777708306ULL, + 8253938546650739833ULL, 17490482834545705718ULL, 1065249776797037500ULL, 5018258455937968775ULL, + 14100621120178668337ULL, 8392845221328116213ULL, 14630296398338540788ULL, + 4268947906723414372ULL, 9231207002243517909ULL, 14261219637616504262ULL, 7786881626982345356ULL, + 11412720751765882139ULL, 14119585051365330009ULL, 15281626286521302128ULL, + 6350171933454266732ULL, 16559468304937127866ULL, 13200760478271693417ULL, + 6733381546280350776ULL, 3801404890075189193ULL, 2741036364686993903ULL, 3218612940540174008ULL, + 10894914335165419505ULL, 11862941430149998362ULL, 4223151729402839584ULL, + 2913215088487087887ULL, 14562168920104952953ULL, 2170089393468287453ULL, + 10520900655016579352ULL, 7040362608949989273ULL, 8376510559381705307ULL, 9142237200448131532ULL, + 5696859948123854080ULL, 925422306716081180ULL, 11155545953469186421ULL, 1888208646862572812ULL, + 11151095998248845721ULL, 15793503271680275267ULL, 7729877044494854851ULL, + 6235134673193032913ULL, 7364280682182401564ULL, 5479679373325519985ULL, 17966037684582301763ULL, + 14140891609330279185ULL, 5814744449740463867ULL, 5652588426712591652ULL, 774745682988690912ULL, + 13228255573220500373ULL, 11949122068786859397ULL, 8021166392900770376ULL, + 7994323710948720063ULL, 9924618472877849977ULL, 17618517523141194266ULL, 2750424097794401714ULL, + 15481749570715253207ULL, 14646964509921760497ULL, 1037442848094301355ULL, + 6295995947389299132ULL, 16915049722317579514ULL, 10493877400992990313ULL, + 18391008753060553521ULL, 483942209623707598ULL, 2017775662838016613ULL, 5933251998459363553ULL, + 11789135019970707407ULL, 5484123723153268336ULL, 13246954648848484954ULL, + 4774374393926023505ULL, 14863995618704457336ULL, 13220153167104973625ULL, + 5988445485312390826ULL, 17580359464028944682ULL, 7297100131969874771ULL, 379931507867989375ULL, + 10927113096513421444ULL, 17688881974428340857ULL, 4259872578781463333ULL, + 8573076295966784472ULL, 16389829450727275032ULL, 1667243868963568259ULL, + 17730726848925960919ULL, 11408899874569778008ULL, 3576527582023272268ULL, + 16492920640224231656ULL, 7906130545972460130ULL, 13878604278207681266ULL, 41446695125652041ULL, + 8891615271337333503ULL, 2594537723613594470ULL, 7699579176995770924ULL, 147458463055730655ULL, + 12120406862739088406ULL, 12044892493010567063ULL, 8554076749615475136ULL, + 1005097692260929999ULL, 2687202654471188715ULL, 9457588752176879209ULL, 17472884880062444019ULL, + 9792097892056020166ULL, 2525246678512797150ULL, 15958903035313115662ULL, + 11336038170342247032ULL, 11560342382835141123ULL, 6212009033479929024ULL, + 8214308203775021229ULL, 8475469210070503698ULL, 13287024123485719563ULL, + 12956951963817520723ULL, 10693035819908470465ULL, 11375478788224786725ULL, + 16934625208487120398ULL, 10094585729115874495ULL, 2763884524395905776ULL, + 13535890148969964883ULL, 13514657411765064358ULL, 9903074440788027562ULL, + 17324720726421199990ULL, 2273931039117368789ULL, 3442641041506157854ULL, 1119853641236409612ULL, + 12037070344296077989ULL, 581736433335671746ULL, 6019150647054369174ULL, 14864096138068789375ULL, + 6652995210998318662ULL, 12773883697029175304ULL, 12751275631451845119ULL, + 11449095003038250478ULL, 1025805267334366480ULL, 2764432500300815015ULL, + 18274564429002844381ULL, 10445634195592600351ULL, 11814099592837202735ULL, + 5006796893679120289ULL, 6908397253997261914ULL, 13266696965302879279ULL, 7768715053015037430ULL, + 3569923738654785686ULL, 5844853453464857549ULL, 1837340805629559110ULL, 1034657624388283114ULL, + 711244516069456460ULL, 12519286026957934814ULL, 2613464944620837619ULL, 10003023321338286213ULL, + 7291332092642881376ULL, 9832199564117004897ULL, 3280736694860799890ULL, 6416452202849179874ULL, + 7326961381798642069ULL, 8435688798040635029ULL, 16630141263910982958ULL, + 17222635514422533318ULL, 9482787389178881499ULL, 836561194658263905ULL, 3405319043337616649ULL, + 2786146577568026518ULL, 7625483685691626321ULL, 6728084875304656716ULL, 1140997959232544268ULL, + 12847384827606303792ULL, 1719121337754572070ULL, 12863589482936438532ULL, + 3880712899640530862ULL, 2748456882813671564ULL, 4775988900044623019ULL, 8937847374382191162ULL, + 3767367347172252295ULL, 13468672401049388646ULL, 14359032216842397576ULL, + 2002555958685443975ULL, 16488678606651526810ULL, 11826135409597474760ULL, + 15296495673182508601ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_basepoint_table_w5[384U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U, - (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U, - (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U, - (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U, - (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U, - (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U, - (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U, - (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U, - (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U, - (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U, - (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U, - (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U, - (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U, - (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U, - (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U, - (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U, - (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U, - (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U, - (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U, - (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U, - (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U, - (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U, - (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U, - (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U, - (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U, - (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U, - (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U, - (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U, - (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U, - (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U, - (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U, - (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U, - (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U, - (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U, - (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U, - (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U, - (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U, - (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U, - (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U, - (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U, - (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U, - (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U, - (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U, - (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U, - (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U, - (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U, - (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U, - (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U, - (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U, - (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U, - (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U, - (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U, - (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U, - (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U, - (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U, - (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U, - (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U, - (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U, - (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U, - (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U, - (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U, - (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U, - (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U, - (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U, - (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U, - (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U, - (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U, - (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U, - (uint64_t)13240193491554624643U, (uint64_t)12365034249541329920U, - (uint64_t)2924326828590977357U, (uint64_t)5687195797140589099U, (uint64_t)16880427227292834531U, - (uint64_t)9691471435758991112U, (uint64_t)16642385273732487288U, - (uint64_t)12173806747523009914U, (uint64_t)13142722756877876849U, - (uint64_t)8370377548305121979U, (uint64_t)17988526053752025426U, (uint64_t)4818750752684100334U, - (uint64_t)5669241919350361655U, (uint64_t)4964810303238518540U, (uint64_t)16709712747671533191U, - (uint64_t)4461414404267448242U, (uint64_t)3971798785139504238U, (uint64_t)6276818948740422136U, - (uint64_t)1426735892164275762U, (uint64_t)7943622674892418919U, (uint64_t)9864274225563929680U, - (uint64_t)57815533745003233U, (uint64_t)10893588105168960233U, (uint64_t)15739162732907069535U, - (uint64_t)3923866849462073470U, (uint64_t)12279826158399226875U, (uint64_t)1533015761334846582U, - (uint64_t)15860156818568437510U, (uint64_t)8252625373831297988U, (uint64_t)9666953804812706358U, - (uint64_t)8767785238646914634U, (uint64_t)14382179044941403551U, - (uint64_t)10401039907264254245U, (uint64_t)8584860003763157350U, (uint64_t)3120462679504470266U, - (uint64_t)8670255778748340069U, (uint64_t)5313789577940369984U, (uint64_t)16977072364454789224U, - (uint64_t)12199578693972188324U, (uint64_t)18211098771672599237U, - (uint64_t)12868831556008795030U, (uint64_t)5310155061431048194U, - (uint64_t)18114153238435112606U, (uint64_t)14482365809278304512U, - (uint64_t)12520721662723001511U, (uint64_t)405943624021143002U, (uint64_t)8146944101507657423U, - (uint64_t)181739317780393495U, (uint64_t)81743892273670099U, (uint64_t)14759561962550473930U, - (uint64_t)4592623849546992939U, (uint64_t)6916440441743449719U, (uint64_t)1304610503530809833U, - (uint64_t)5464930909232486441U, (uint64_t)15414883617496224671U, (uint64_t)8129283345256790U, - (uint64_t)18294252198413739489U, (uint64_t)17394115281884857288U, - (uint64_t)7808348415224731235U, (uint64_t)13195566655747230608U, (uint64_t)8568194219353949094U, - (uint64_t)15329813048672122440U, (uint64_t)9604275495885785744U, (uint64_t)1577712551205219835U, - (uint64_t)15964209008022052790U, (uint64_t)15087297920782098160U, - (uint64_t)3946031512438511898U, (uint64_t)10050061168984440631U, - (uint64_t)11382452014533138316U, (uint64_t)6313670788911952792U, - (uint64_t)12015989229696164014U, (uint64_t)5946702628076168852U, (uint64_t)5219995658774362841U, - (uint64_t)12230141881068377972U, (uint64_t)12361195202673441956U, - (uint64_t)4732862275653856711U, (uint64_t)17221430380805252370U, - (uint64_t)15397525953897375810U, (uint64_t)16557437297239563045U, - (uint64_t)10101683801868971351U, (uint64_t)1402611372245592868U, (uint64_t)1931806383735563658U, - (uint64_t)10991705207471512479U, (uint64_t)861333583207471392U, (uint64_t)15207766844626322355U, - (uint64_t)9224628129811432393U, (uint64_t)3497069567089055613U, (uint64_t)11956632757898590316U, - (uint64_t)8733729372586312960U, (uint64_t)18091521051714930927U, (uint64_t)77582787724373283U, - (uint64_t)9922437373519669237U, (uint64_t)3079321456325704615U, (uint64_t)12171198408512478457U, - (uint64_t)17179130884012147596U, (uint64_t)6839115479620367181U, (uint64_t)4421032569964105406U, - (uint64_t)10353331468657256053U, (uint64_t)17400988720335968824U, - (uint64_t)17138855889417480540U, (uint64_t)4507980080381370611U, - (uint64_t)10703175719793781886U, (uint64_t)12598516658725890426U, - (uint64_t)8353463412173898932U, (uint64_t)17703029389228422404U, (uint64_t)9313111267107226233U, - (uint64_t)5441322942995154196U, (uint64_t)8952817660034465484U, (uint64_t)17571113341183703118U, - (uint64_t)7375087953801067019U, (uint64_t)13381466302076453648U, (uint64_t)3218165271423914596U, - (uint64_t)16956372157249382685U, (uint64_t)509080090049418841U, (uint64_t)13374233893294084913U, - (uint64_t)2988537624204297086U, (uint64_t)4979195832939384620U, (uint64_t)3803931594068976394U, - (uint64_t)10731535883829627646U, (uint64_t)12954845047607194278U, - (uint64_t)10494298062560667399U, (uint64_t)4967351022190213065U, - (uint64_t)13391917938145756456U, (uint64_t)951370484866918160U, (uint64_t)13531334179067685307U, - (uint64_t)12868421357919390599U, (uint64_t)15918857042998130258U, - (uint64_t)17769743831936974016U, (uint64_t)7137921979260368809U, - (uint64_t)12461369180685892062U, (uint64_t)827476514081935199U, (uint64_t)15107282134224767230U, - (uint64_t)10084765752802805748U, (uint64_t)3303739059392464407U, - (uint64_t)17859532612136591428U, (uint64_t)10949414770405040164U, - (uint64_t)12838613589371008785U, (uint64_t)5554397169231540728U, - (uint64_t)18375114572169624408U, (uint64_t)15649286703242390139U, - (uint64_t)2957281557463706877U, (uint64_t)14000350446219393213U, - (uint64_t)14355199721749620351U, (uint64_t)2730856240099299695U, - (uint64_t)17528131000714705752U, (uint64_t)2537498525883536360U, (uint64_t)6121058967084509393U, - (uint64_t)16897667060435514221U, (uint64_t)12367869599571112440U, - (uint64_t)3388831797050807508U, (uint64_t)16791449724090982798U, (uint64_t)2673426123453294928U, - (uint64_t)11369313542384405846U, (uint64_t)15641960333586432634U, - (uint64_t)15080962589658958379U, (uint64_t)7747943772340226569U, (uint64_t)8075023376199159152U, - (uint64_t)8485093027378306528U, (uint64_t)13503706844122243648U, (uint64_t)8401961362938086226U, - (uint64_t)8125426002124226402U, (uint64_t)9005399361407785203U, (uint64_t)6847968030066906634U, - (uint64_t)11934937736309295197U, (uint64_t)5116750888594772351U, (uint64_t)2817039227179245227U, - (uint64_t)17724206901239332980U, (uint64_t)4985702708254058578U, (uint64_t)5786345435756642871U, - (uint64_t)17772527414940936938U, (uint64_t)1201320251272957006U, - (uint64_t)15787430120324348129U, (uint64_t)6305488781359965661U, - (uint64_t)12423900845502858433U, (uint64_t)17485949424202277720U, - (uint64_t)2062237315546855852U, (uint64_t)10353639467860902375U, (uint64_t)2315398490451287299U, - (uint64_t)15394572894814882621U, (uint64_t)232866113801165640U, (uint64_t)7413443736109338926U, - (uint64_t)902719806551551191U, (uint64_t)16568853118619045174U, (uint64_t)14202214862428279177U, - (uint64_t)11719595395278861192U, (uint64_t)5890053236389907647U, (uint64_t)9996196494965833627U, - (uint64_t)12967056942364782577U, (uint64_t)9034128755157395787U, - (uint64_t)17898204904710512655U, (uint64_t)8229373445062993977U, - (uint64_t)13580036169519833644U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL, + 1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL, + 15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL, + 18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL, + 10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL, + 14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL, + 1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL, + 14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL, + 5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL, + 7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL, + 18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL, + 3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL, + 16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL, + 8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL, + 18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL, + 5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL, + 15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL, + 10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL, + 14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL, + 8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL, + 2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL, + 7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL, + 15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL, + 17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL, + 10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL, + 13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL, + 11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL, + 9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL, + 2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL, + 6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL, + 10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL, + 511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL, + 15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL, + 9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL, + 10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL, + 2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL, + 17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL, + 12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL, + 13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL, + 14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL, + 13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL, + 1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL, + 14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL, + 17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL, + 7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL, + 9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL, + 17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL, + 8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL, + 15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL, + 8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL, + 11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL, + 1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL, + 3538840175098724094ULL, 13240193491554624643ULL, 12365034249541329920ULL, + 2924326828590977357ULL, 5687195797140589099ULL, 16880427227292834531ULL, 9691471435758991112ULL, + 16642385273732487288ULL, 12173806747523009914ULL, 13142722756877876849ULL, + 8370377548305121979ULL, 17988526053752025426ULL, 4818750752684100334ULL, 5669241919350361655ULL, + 4964810303238518540ULL, 16709712747671533191ULL, 4461414404267448242ULL, 3971798785139504238ULL, + 6276818948740422136ULL, 1426735892164275762ULL, 7943622674892418919ULL, 9864274225563929680ULL, + 57815533745003233ULL, 10893588105168960233ULL, 15739162732907069535ULL, 3923866849462073470ULL, + 12279826158399226875ULL, 1533015761334846582ULL, 15860156818568437510ULL, + 8252625373831297988ULL, 9666953804812706358ULL, 8767785238646914634ULL, 14382179044941403551ULL, + 10401039907264254245ULL, 8584860003763157350ULL, 3120462679504470266ULL, 8670255778748340069ULL, + 5313789577940369984ULL, 16977072364454789224ULL, 12199578693972188324ULL, + 18211098771672599237ULL, 12868831556008795030ULL, 5310155061431048194ULL, + 18114153238435112606ULL, 14482365809278304512ULL, 12520721662723001511ULL, + 405943624021143002ULL, 8146944101507657423ULL, 181739317780393495ULL, 81743892273670099ULL, + 14759561962550473930ULL, 4592623849546992939ULL, 6916440441743449719ULL, 1304610503530809833ULL, + 5464930909232486441ULL, 15414883617496224671ULL, 8129283345256790ULL, 18294252198413739489ULL, + 17394115281884857288ULL, 7808348415224731235ULL, 13195566655747230608ULL, + 8568194219353949094ULL, 15329813048672122440ULL, 9604275495885785744ULL, 1577712551205219835ULL, + 15964209008022052790ULL, 15087297920782098160ULL, 3946031512438511898ULL, + 10050061168984440631ULL, 11382452014533138316ULL, 6313670788911952792ULL, + 12015989229696164014ULL, 5946702628076168852ULL, 5219995658774362841ULL, + 12230141881068377972ULL, 12361195202673441956ULL, 4732862275653856711ULL, + 17221430380805252370ULL, 15397525953897375810ULL, 16557437297239563045ULL, + 10101683801868971351ULL, 1402611372245592868ULL, 1931806383735563658ULL, + 10991705207471512479ULL, 861333583207471392ULL, 15207766844626322355ULL, 9224628129811432393ULL, + 3497069567089055613ULL, 11956632757898590316ULL, 8733729372586312960ULL, + 18091521051714930927ULL, 77582787724373283ULL, 9922437373519669237ULL, 3079321456325704615ULL, + 12171198408512478457ULL, 17179130884012147596ULL, 6839115479620367181ULL, + 4421032569964105406ULL, 10353331468657256053ULL, 17400988720335968824ULL, + 17138855889417480540ULL, 4507980080381370611ULL, 10703175719793781886ULL, + 12598516658725890426ULL, 8353463412173898932ULL, 17703029389228422404ULL, + 9313111267107226233ULL, 5441322942995154196ULL, 8952817660034465484ULL, 17571113341183703118ULL, + 7375087953801067019ULL, 13381466302076453648ULL, 3218165271423914596ULL, + 16956372157249382685ULL, 509080090049418841ULL, 13374233893294084913ULL, 2988537624204297086ULL, + 4979195832939384620ULL, 3803931594068976394ULL, 10731535883829627646ULL, + 12954845047607194278ULL, 10494298062560667399ULL, 4967351022190213065ULL, + 13391917938145756456ULL, 951370484866918160ULL, 13531334179067685307ULL, + 12868421357919390599ULL, 15918857042998130258ULL, 17769743831936974016ULL, + 7137921979260368809ULL, 12461369180685892062ULL, 827476514081935199ULL, 15107282134224767230ULL, + 10084765752802805748ULL, 3303739059392464407ULL, 17859532612136591428ULL, + 10949414770405040164ULL, 12838613589371008785ULL, 5554397169231540728ULL, + 18375114572169624408ULL, 15649286703242390139ULL, 2957281557463706877ULL, + 14000350446219393213ULL, 14355199721749620351ULL, 2730856240099299695ULL, + 17528131000714705752ULL, 2537498525883536360ULL, 6121058967084509393ULL, + 16897667060435514221ULL, 12367869599571112440ULL, 3388831797050807508ULL, + 16791449724090982798ULL, 2673426123453294928ULL, 11369313542384405846ULL, + 15641960333586432634ULL, 15080962589658958379ULL, 7747943772340226569ULL, + 8075023376199159152ULL, 8485093027378306528ULL, 13503706844122243648ULL, 8401961362938086226ULL, + 8125426002124226402ULL, 9005399361407785203ULL, 6847968030066906634ULL, 11934937736309295197ULL, + 5116750888594772351ULL, 2817039227179245227ULL, 17724206901239332980ULL, 4985702708254058578ULL, + 5786345435756642871ULL, 17772527414940936938ULL, 1201320251272957006ULL, + 15787430120324348129ULL, 6305488781359965661ULL, 12423900845502858433ULL, + 17485949424202277720ULL, 2062237315546855852ULL, 10353639467860902375ULL, + 2315398490451287299ULL, 15394572894814882621ULL, 232866113801165640ULL, 7413443736109338926ULL, + 902719806551551191ULL, 16568853118619045174ULL, 14202214862428279177ULL, + 11719595395278861192ULL, 5890053236389907647ULL, 9996196494965833627ULL, + 12967056942364782577ULL, 9034128755157395787ULL, 17898204904710512655ULL, + 8229373445062993977ULL, 13580036169519833644ULL }; #if defined(__cplusplus) diff --git a/include/internal/Hacl_SHA2_Types.h b/include/internal/Hacl_SHA2_Types.h index 1e51a0f1..5a1eb668 100644 --- a/include/internal/Hacl_SHA2_Types.h +++ b/include/internal/Hacl_SHA2_Types.h @@ -35,68 +35,68 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s +typedef struct Hacl_Hash_SHA2_uint8_2p_s { uint8_t *fst; uint8_t *snd; } -Hacl_Impl_SHA2_Types_uint8_2p; +Hacl_Hash_SHA2_uint8_2p; -typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s +typedef struct Hacl_Hash_SHA2_uint8_3p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_2p snd; + Hacl_Hash_SHA2_uint8_2p snd; } -Hacl_Impl_SHA2_Types_uint8_3p; +Hacl_Hash_SHA2_uint8_3p; -typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s +typedef struct Hacl_Hash_SHA2_uint8_4p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_3p snd; + Hacl_Hash_SHA2_uint8_3p snd; } -Hacl_Impl_SHA2_Types_uint8_4p; +Hacl_Hash_SHA2_uint8_4p; -typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s +typedef struct Hacl_Hash_SHA2_uint8_5p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_4p snd; + Hacl_Hash_SHA2_uint8_4p snd; } -Hacl_Impl_SHA2_Types_uint8_5p; +Hacl_Hash_SHA2_uint8_5p; -typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s +typedef struct Hacl_Hash_SHA2_uint8_6p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_5p snd; + Hacl_Hash_SHA2_uint8_5p snd; } -Hacl_Impl_SHA2_Types_uint8_6p; +Hacl_Hash_SHA2_uint8_6p; -typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s +typedef struct Hacl_Hash_SHA2_uint8_7p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_6p snd; + Hacl_Hash_SHA2_uint8_6p snd; } -Hacl_Impl_SHA2_Types_uint8_7p; +Hacl_Hash_SHA2_uint8_7p; -typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s +typedef struct Hacl_Hash_SHA2_uint8_8p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_7p snd; + Hacl_Hash_SHA2_uint8_7p snd; } -Hacl_Impl_SHA2_Types_uint8_8p; +Hacl_Hash_SHA2_uint8_8p; -typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s +typedef struct Hacl_Hash_SHA2_uint8_2x4p_s { - Hacl_Impl_SHA2_Types_uint8_4p fst; - Hacl_Impl_SHA2_Types_uint8_4p snd; + Hacl_Hash_SHA2_uint8_4p fst; + Hacl_Hash_SHA2_uint8_4p snd; } -Hacl_Impl_SHA2_Types_uint8_2x4p; +Hacl_Hash_SHA2_uint8_2x4p; -typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s +typedef struct Hacl_Hash_SHA2_uint8_2x8p_s { - Hacl_Impl_SHA2_Types_uint8_8p fst; - Hacl_Impl_SHA2_Types_uint8_8p snd; + Hacl_Hash_SHA2_uint8_8p fst; + Hacl_Hash_SHA2_uint8_8p snd; } -Hacl_Impl_SHA2_Types_uint8_2x8p; +Hacl_Hash_SHA2_uint8_2x8p; #if defined(__cplusplus) } diff --git a/include/lib_intrinsics.h b/include/lib_intrinsics.h index 0c35026e..8fa75b37 100644 --- a/include/lib_intrinsics.h +++ b/include/lib_intrinsics.h @@ -8,15 +8,20 @@ #endif #endif -#if defined(HACL_CAN_COMPILE_INTRINSICS) -#if defined(_MSC_VER) -#include -#else -#include -#endif -#endif +/* + GCC versions prior to 5.5 incorrectly optimize certain intrinsics. + + See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300 + + CLANG versions prior to 5 crash on certain intrinsics. + + See https://bugs.llvm.org/show_bug.cgi?id=24943 +*/ -#if !defined(HACL_CAN_COMPILE_INTRINSICS) +#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \ + (defined(__clang__) && (__clang_major__ < 5)) || \ + (defined(__GNUC__) && !defined(__clang__) && \ + (__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5)))) #include "Hacl_IntTypes_Intrinsics.h" @@ -25,35 +30,40 @@ #include "Hacl_IntTypes_Intrinsics_128.h" #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4)) #else #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)) #endif // defined(HACL_CAN_COMPILE_UINT128) #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)) #else // !defined(HACL_CAN_COMPILE_INTRINSICS) +#if defined(_MSC_VER) +#include +#else +#include +#endif + #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \ - (_addcarry_u32(x1, x2, x3, (unsigned int *) x4)) + (_addcarry_u32(x1, x2, x3, (unsigned int *)x4)) #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ - (_addcarry_u64(x1, x2, x3, (long long unsigned int *) x4)) - + (_addcarry_u64(x1, x2, x3, (long long unsigned int *)x4)) /* GCC versions prior to 7.2 pass arguments to _subborrow_u{32,64} @@ -61,22 +71,22 @@ See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81294 */ -#if defined(__GNUC__) && !defined (__clang__) && \ - (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2))) +#if defined(__GNUC__) && !defined(__clang__) && \ + (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2))) #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ - (_subborrow_u32(x1, x3, x2, (unsigned int *) x4)) + (_subborrow_u32(x1, x3, x2, (unsigned int *)x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (_subborrow_u64(x1, x3, x2, (long long unsigned int *) x4)) + (_subborrow_u64(x1, x3, x2, (long long unsigned int *)x4)) #else -#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ - (_subborrow_u32(x1, x2, x3, (unsigned int *) x4)) +#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ + (_subborrow_u32(x1, x2, x3, (unsigned int *)x4)) -#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (_subborrow_u64(x1, x2, x3, (long long unsigned int *) x4)) +#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ + (_subborrow_u64(x1, x2, x3, (long long unsigned int *)x4)) #endif // GCC < 7.2 diff --git a/include/lib_memzero0.h b/include/lib_memzero0.h new file mode 100644 index 00000000..506dd50f --- /dev/null +++ b/include/lib_memzero0.h @@ -0,0 +1,5 @@ +#include + +void Lib_Memzero0_memzero0(void *dst, uint64_t len); + +#define Lib_Memzero0_memzero(dst, len, t) Lib_Memzero0_memzero0(dst, len * sizeof(t)) diff --git a/include/msvc/EverCrypt_AEAD.h b/include/msvc/EverCrypt_AEAD.h index 4797df68..5d52493b 100644 --- a/include/msvc/EverCrypt_AEAD.h +++ b/include/msvc/EverCrypt_AEAD.h @@ -42,6 +42,10 @@ extern "C" { typedef struct EverCrypt_AEAD_state_s_s EverCrypt_AEAD_state_s; +/** +Both encryption and decryption require a state that holds the key. +The state may be reused as many times as desired. +*/ bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee); /** diff --git a/include/msvc/EverCrypt_Chacha20Poly1305.h b/include/msvc/EverCrypt_Chacha20Poly1305.h index c3eb2655..bd59e48b 100644 --- a/include/msvc/EverCrypt_Chacha20Poly1305.h +++ b/include/msvc/EverCrypt_Chacha20Poly1305.h @@ -35,9 +35,9 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Hacl_Chacha20Poly1305_32.h" -#include "Hacl_Chacha20Poly1305_256.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" #include "EverCrypt_AutoConfig2.h" void diff --git a/include/msvc/EverCrypt_DRBG.h b/include/msvc/EverCrypt_DRBG.h index aee4e800..b3161bfe 100644 --- a/include/msvc/EverCrypt_DRBG.h +++ b/include/msvc/EverCrypt_DRBG.h @@ -36,7 +36,6 @@ extern "C" { #include "krml/internal/target.h" #include "Lib_RandomBuffer_System.h" -#include "Lib_Memzero0.h" #include "Hacl_Streaming_Types.h" #include "Hacl_HMAC_DRBG.h" diff --git a/include/msvc/EverCrypt_HMAC.h b/include/msvc/EverCrypt_HMAC.h index 6c64a37f..7d1da14d 100644 --- a/include/msvc/EverCrypt_HMAC.h +++ b/include/msvc/EverCrypt_HMAC.h @@ -38,13 +38,14 @@ extern "C" { #include "Hacl_Streaming_Types.h" #include "Hacl_Krmllib.h" #include "Hacl_Hash_SHA2.h" -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b.h" bool EverCrypt_HMAC_is_supported_alg(Spec_Hash_Definitions_hash_alg uu___); typedef Spec_Hash_Definitions_hash_alg EverCrypt_HMAC_supported_alg; -extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint32_t x1, uint8_t *x2); +extern void (*EverCrypt_HMAC_hash_256)(uint8_t *x0, uint8_t *x1, uint32_t x2); void EverCrypt_HMAC_compute( diff --git a/include/msvc/EverCrypt_Hash.h b/include/msvc/EverCrypt_Hash.h index 6791dc27..b35dcf5f 100644 --- a/include/msvc/EverCrypt_Hash.h +++ b/include/msvc/EverCrypt_Hash.h @@ -39,9 +39,10 @@ extern "C" { #include "Hacl_Krmllib.h" #include "Hacl_Hash_SHA3.h" #include "Hacl_Hash_SHA2.h" -#include "Hacl_Hash_Blake2s_128.h" -#include "Hacl_Hash_Blake2b_256.h" -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s_Simd128.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b_Simd256.h" +#include "Hacl_Hash_Blake2b.h" #include "EverCrypt_Error.h" #include "EverCrypt_AutoConfig2.h" @@ -49,13 +50,13 @@ typedef struct EverCrypt_Hash_state_s_s EverCrypt_Hash_state_s; uint32_t EverCrypt_Hash_Incremental_hash_len(Spec_Hash_Definitions_hash_alg a); -typedef struct EverCrypt_Hash_Incremental_hash_state_s +typedef struct EverCrypt_Hash_Incremental_state_t_s { EverCrypt_Hash_state_s *block_state; uint8_t *buf; uint64_t total_len; } -EverCrypt_Hash_Incremental_hash_state; +EverCrypt_Hash_Incremental_state_t; /** Allocate initial state for the agile hash. The argument `a` stands for the @@ -63,13 +64,13 @@ choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most efficient implementation, provided you have called EverCrypt_AutoConfig2_init() before. The state is to be freed by calling `free`. */ -EverCrypt_Hash_Incremental_hash_state -*EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_hash_alg a); +EverCrypt_Hash_Incremental_state_t +*EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_hash_alg a); /** Reset an existing state to the initial hash state with empty data. */ -void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s); +void EverCrypt_Hash_Incremental_reset(EverCrypt_Hash_Incremental_state_t *state); /** Feed an arbitrary amount of data into the hash. This function returns @@ -80,34 +81,35 @@ algorithm. Both limits are unlikely to be attained in practice. */ EverCrypt_Error_error_code EverCrypt_Hash_Incremental_update( - EverCrypt_Hash_Incremental_hash_state *s, - uint8_t *data, - uint32_t len + EverCrypt_Hash_Incremental_state_t *state, + uint8_t *chunk, + uint32_t chunk_len ); /** Perform a run-time test to determine which algorithm was chosen for the given piece of state. */ Spec_Hash_Definitions_hash_alg -EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s); +EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_state_t *s); /** -Write the resulting hash into `dst`, an array whose length is +Write the resulting hash into `output`, an array whose length is algorithm-specific. You can use the macros defined earlier in this file to allocate a destination buffer of the right length. The state remains valid after -a call to `finish`, meaning the user may feed more data into the hash via +a call to `digest`, meaning the user may feed more data into the hash via `update`. (The finish function operates on an internal copy of the state and therefore does not invalidate the client-held state.) */ -void EverCrypt_Hash_Incremental_finish(EverCrypt_Hash_Incremental_hash_state *s, uint8_t *dst); +void +EverCrypt_Hash_Incremental_digest(EverCrypt_Hash_Incremental_state_t *state, uint8_t *output); /** Free a state previously allocated with `create_in`. */ -void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_hash_state *s); +void EverCrypt_Hash_Incremental_free(EverCrypt_Hash_Incremental_state_t *state); /** -Hash `input`, of len `len`, into `dst`, an array whose length is determined by +Hash `input`, of len `input_len`, into `output`, an array whose length is determined by your choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined earlier in this file to allocate a destination buffer of the right length. This API will automatically pick the most efficient implementation, provided you have @@ -116,34 +118,34 @@ called EverCrypt_AutoConfig2_init() before. void EverCrypt_Hash_Incremental_hash( Spec_Hash_Definitions_hash_alg a, - uint8_t *dst, + uint8_t *output, uint8_t *input, - uint32_t len + uint32_t input_len ); -#define MD5_HASH_LEN ((uint32_t)16U) +#define MD5_HASH_LEN (16U) -#define SHA1_HASH_LEN ((uint32_t)20U) +#define SHA1_HASH_LEN (20U) -#define SHA2_224_HASH_LEN ((uint32_t)28U) +#define SHA2_224_HASH_LEN (28U) -#define SHA2_256_HASH_LEN ((uint32_t)32U) +#define SHA2_256_HASH_LEN (32U) -#define SHA2_384_HASH_LEN ((uint32_t)48U) +#define SHA2_384_HASH_LEN (48U) -#define SHA2_512_HASH_LEN ((uint32_t)64U) +#define SHA2_512_HASH_LEN (64U) -#define SHA3_224_HASH_LEN ((uint32_t)28U) +#define SHA3_224_HASH_LEN (28U) -#define SHA3_256_HASH_LEN ((uint32_t)32U) +#define SHA3_256_HASH_LEN (32U) -#define SHA3_384_HASH_LEN ((uint32_t)48U) +#define SHA3_384_HASH_LEN (48U) -#define SHA3_512_HASH_LEN ((uint32_t)64U) +#define SHA3_512_HASH_LEN (64U) -#define BLAKE2S_HASH_LEN ((uint32_t)32U) +#define BLAKE2S_HASH_LEN (32U) -#define BLAKE2B_HASH_LEN ((uint32_t)64U) +#define BLAKE2B_HASH_LEN (64U) #if defined(__cplusplus) } diff --git a/include/msvc/EverCrypt_Poly1305.h b/include/msvc/EverCrypt_Poly1305.h index 62c00764..fba04059 100644 --- a/include/msvc/EverCrypt_Poly1305.h +++ b/include/msvc/EverCrypt_Poly1305.h @@ -35,12 +35,12 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Hacl_Poly1305_32.h" -#include "Hacl_Poly1305_256.h" -#include "Hacl_Poly1305_128.h" +#include "Hacl_MAC_Poly1305_Simd256.h" +#include "Hacl_MAC_Poly1305_Simd128.h" +#include "Hacl_MAC_Poly1305.h" #include "EverCrypt_AutoConfig2.h" -void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key); +void EverCrypt_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key); #if defined(__cplusplus) } diff --git a/include/msvc/Hacl_AEAD_Chacha20Poly1305.h b/include/msvc/Hacl_AEAD_Chacha20Poly1305.h new file mode 100644 index 00000000..2a8daa75 --- /dev/null +++ b/include/msvc/Hacl_AEAD_Chacha20Poly1305.h @@ -0,0 +1,104 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_AEAD_Chacha20Poly1305_H +#define __Hacl_AEAD_Chacha20Poly1305_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Chacha20.h" + +/** +Encrypt a message `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +@param output Pointer to `input_len` bytes of memory where the ciphertext is written to. +@param tag Pointer to 16 bytes of memory where the mac is written to. +@param input Pointer to `input_len` bytes of memory where the message is read from. +@param input_len Length of the message. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +*/ +void +Hacl_AEAD_Chacha20Poly1305_encrypt( + uint8_t *output, + uint8_t *tag, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce +); + +/** +Decrypt a ciphertext `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `output` and `input` can point to the same memory. + +If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0. +If decryption fails, the array `output` remains unchanged and the function returns the error code 1. + +@param output Pointer to `input_len` bytes of memory where the message is written to. +@param input Pointer to `input_len` bytes of memory where the ciphertext is read from. +@param input_len Length of the ciphertext. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +@param tag Pointer to 16 bytes of memory where the mac is read from. + +@returns 0 on succeess; 1 on failure. +*/ +uint32_t +Hacl_AEAD_Chacha20Poly1305_decrypt( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce, + uint8_t *tag +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_AEAD_Chacha20Poly1305_H_DEFINED +#endif diff --git a/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h new file mode 100644 index 00000000..de26c907 --- /dev/null +++ b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd128.h @@ -0,0 +1,104 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd128_H +#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Chacha20_Vec128.h" + +/** +Encrypt a message `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +@param output Pointer to `input_len` bytes of memory where the ciphertext is written to. +@param tag Pointer to 16 bytes of memory where the mac is written to. +@param input Pointer to `input_len` bytes of memory where the message is read from. +@param input_len Length of the message. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +*/ +void +Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt( + uint8_t *output, + uint8_t *tag, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce +); + +/** +Decrypt a ciphertext `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0. +If decryption fails, the array `output` remains unchanged and the function returns the error code 1. + +@param output Pointer to `input_len` bytes of memory where the message is written to. +@param input Pointer to `input_len` bytes of memory where the ciphertext is read from. +@param input_len Length of the ciphertext. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +@param tag Pointer to 16 bytes of memory where the mac is read from. + +@returns 0 on succeess; 1 on failure. +*/ +uint32_t +Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce, + uint8_t *tag +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_AEAD_Chacha20Poly1305_Simd128_H_DEFINED +#endif diff --git a/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h new file mode 100644 index 00000000..0abcdc59 --- /dev/null +++ b/include/msvc/Hacl_AEAD_Chacha20Poly1305_Simd256.h @@ -0,0 +1,104 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_AEAD_Chacha20Poly1305_Simd256_H +#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Chacha20_Vec256.h" + +/** +Encrypt a message `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +@param output Pointer to `input_len` bytes of memory where the ciphertext is written to. +@param tag Pointer to 16 bytes of memory where the mac is written to. +@param input Pointer to `input_len` bytes of memory where the message is read from. +@param input_len Length of the message. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +*/ +void +Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt( + uint8_t *output, + uint8_t *tag, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce +); + +/** +Decrypt a ciphertext `input` with key `key`. + +The arguments `key`, `nonce`, `data`, and `data_len` are same in encryption/decryption. +Note: Encryption and decryption can be executed in-place, i.e., `input` and `output` can point to the same memory. + +If decryption succeeds, the resulting plaintext is stored in `output` and the function returns the success code 0. +If decryption fails, the array `output` remains unchanged and the function returns the error code 1. + +@param output Pointer to `input_len` bytes of memory where the message is written to. +@param input Pointer to `input_len` bytes of memory where the ciphertext is read from. +@param input_len Length of the ciphertext. +@param data Pointer to `data_len` bytes of memory where the associated data is read from. +@param data_len Length of the associated data. +@param key Pointer to 32 bytes of memory where the AEAD key is read from. +@param nonce Pointer to 12 bytes of memory where the AEAD nonce is read from. +@param tag Pointer to 16 bytes of memory where the mac is read from. + +@returns 0 on succeess; 1 on failure. +*/ +uint32_t +Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *data, + uint32_t data_len, + uint8_t *key, + uint8_t *nonce, + uint8_t *tag +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_AEAD_Chacha20Poly1305_Simd256_H_DEFINED +#endif diff --git a/include/msvc/Hacl_Chacha20Poly1305_128.h b/include/msvc/Hacl_Chacha20Poly1305_128.h deleted file mode 100644 index 630fab93..00000000 --- a/include/msvc/Hacl_Chacha20Poly1305_128.h +++ /dev/null @@ -1,107 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Chacha20Poly1305_128_H -#define __Hacl_Chacha20Poly1305_128_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Poly1305_128.h" -#include "Hacl_Chacha20_Vec128.h" - -/** -Encrypt a message `m` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the message. -@param m Pointer to `mlen` bytes of memory where the message is read from. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to. -@param mac Pointer to 16 bytes of memory where the mac is written to. -*/ -void -Hacl_Chacha20Poly1305_128_aead_encrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -/** -Decrypt a ciphertext `cipher` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0. -If decryption fails, the array `m` remains unchanged and the function returns the error code 1. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the ciphertext. -@param m Pointer to `mlen` bytes of memory where the message is written to. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from. -@param mac Pointer to 16 bytes of memory where the mac is read from. - -@returns 0 on succeess; 1 on failure. -*/ -uint32_t -Hacl_Chacha20Poly1305_128_aead_decrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Chacha20Poly1305_128_H_DEFINED -#endif diff --git a/include/msvc/Hacl_Chacha20Poly1305_256.h b/include/msvc/Hacl_Chacha20Poly1305_256.h deleted file mode 100644 index ff0f2e60..00000000 --- a/include/msvc/Hacl_Chacha20Poly1305_256.h +++ /dev/null @@ -1,107 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Chacha20Poly1305_256_H -#define __Hacl_Chacha20Poly1305_256_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Poly1305_256.h" -#include "Hacl_Chacha20_Vec256.h" - -/** -Encrypt a message `m` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the message. -@param m Pointer to `mlen` bytes of memory where the message is read from. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to. -@param mac Pointer to 16 bytes of memory where the mac is written to. -*/ -void -Hacl_Chacha20Poly1305_256_aead_encrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -/** -Decrypt a ciphertext `cipher` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0. -If decryption fails, the array `m` remains unchanged and the function returns the error code 1. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the ciphertext. -@param m Pointer to `mlen` bytes of memory where the message is written to. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from. -@param mac Pointer to 16 bytes of memory where the mac is read from. - -@returns 0 on succeess; 1 on failure. -*/ -uint32_t -Hacl_Chacha20Poly1305_256_aead_decrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Chacha20Poly1305_256_H_DEFINED -#endif diff --git a/include/msvc/Hacl_Chacha20Poly1305_32.h b/include/msvc/Hacl_Chacha20Poly1305_32.h deleted file mode 100644 index 624e29fb..00000000 --- a/include/msvc/Hacl_Chacha20Poly1305_32.h +++ /dev/null @@ -1,107 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Chacha20Poly1305_32_H -#define __Hacl_Chacha20Poly1305_32_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Poly1305_32.h" -#include "Hacl_Chacha20.h" - -/** -Encrypt a message `m` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the message. -@param m Pointer to `mlen` bytes of memory where the message is read from. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to. -@param mac Pointer to 16 bytes of memory where the mac is written to. -*/ -void -Hacl_Chacha20Poly1305_32_aead_encrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -/** -Decrypt a ciphertext `cipher` with key `k`. - -The arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption. -Note: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory. - -If decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0. -If decryption fails, the array `m` remains unchanged and the function returns the error code 1. - -@param k Pointer to 32 bytes of memory where the AEAD key is read from. -@param n Pointer to 12 bytes of memory where the AEAD nonce is read from. -@param aadlen Length of the associated data. -@param aad Pointer to `aadlen` bytes of memory where the associated data is read from. - -@param mlen Length of the ciphertext. -@param m Pointer to `mlen` bytes of memory where the message is written to. -@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from. -@param mac Pointer to 16 bytes of memory where the mac is read from. - -@returns 0 on succeess; 1 on failure. -*/ -uint32_t -Hacl_Chacha20Poly1305_32_aead_decrypt( - uint8_t *k, - uint8_t *n, - uint32_t aadlen, - uint8_t *aad, - uint32_t mlen, - uint8_t *m, - uint8_t *cipher, - uint8_t *mac -); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Chacha20Poly1305_32_H_DEFINED -#endif diff --git a/include/msvc/Hacl_Frodo1344.h b/include/msvc/Hacl_Frodo1344.h index 85d29c9f..9fca4c82 100644 --- a/include/msvc/Hacl_Frodo1344.h +++ b/include/msvc/Hacl_Frodo1344.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" extern uint32_t Hacl_Frodo1344_crypto_bytes; diff --git a/include/msvc/Hacl_Frodo64.h b/include/msvc/Hacl_Frodo64.h index eb17defe..05aecb59 100644 --- a/include/msvc/Hacl_Frodo64.h +++ b/include/msvc/Hacl_Frodo64.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" /* diff --git a/include/msvc/Hacl_Frodo640.h b/include/msvc/Hacl_Frodo640.h index c4bf30d7..10c9bd47 100644 --- a/include/msvc/Hacl_Frodo640.h +++ b/include/msvc/Hacl_Frodo640.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" extern uint32_t Hacl_Frodo640_crypto_bytes; diff --git a/include/msvc/Hacl_Frodo976.h b/include/msvc/Hacl_Frodo976.h index 458ebd2f..c2d5f84f 100644 --- a/include/msvc/Hacl_Frodo976.h +++ b/include/msvc/Hacl_Frodo976.h @@ -35,7 +35,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" #include "Hacl_Hash_SHA3.h" extern uint32_t Hacl_Frodo976_crypto_bytes; diff --git a/include/msvc/Hacl_HMAC.h b/include/msvc/Hacl_HMAC.h index 84dbedf5..e1dc04f2 100644 --- a/include/msvc/Hacl_HMAC.h +++ b/include/msvc/Hacl_HMAC.h @@ -37,7 +37,8 @@ extern "C" { #include "Hacl_Krmllib.h" #include "Hacl_Hash_SHA2.h" -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b.h" /** Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`. @@ -46,7 +47,7 @@ The key can be any length and will be hashed if it is longer and padded if it is `dst` must point to 20 bytes of memory. */ void -Hacl_HMAC_legacy_compute_sha1( +Hacl_HMAC_compute_sha1( uint8_t *dst, uint8_t *key, uint32_t key_len, diff --git a/include/msvc/Hacl_HMAC_Blake2b_256.h b/include/msvc/Hacl_HMAC_Blake2b_256.h index e94ba05f..d8f3e9e1 100644 --- a/include/msvc/Hacl_HMAC_Blake2b_256.h +++ b/include/msvc/Hacl_HMAC_Blake2b_256.h @@ -36,7 +36,7 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Krmllib.h" -#include "Hacl_Hash_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" /** Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`. diff --git a/include/msvc/Hacl_HMAC_Blake2s_128.h b/include/msvc/Hacl_HMAC_Blake2s_128.h index 7f20343e..5ff79038 100644 --- a/include/msvc/Hacl_HMAC_Blake2s_128.h +++ b/include/msvc/Hacl_HMAC_Blake2s_128.h @@ -35,7 +35,7 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Hacl_Hash_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" /** Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`. diff --git a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h index a768df6b..a46db470 100644 --- a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h +++ b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve51_CP128_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h index a4388707..89091754 100644 --- a/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h +++ b/include/msvc/Hacl_HPKE_Curve51_CP128_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve51_CP128_SHA512_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h index 37b26f6a..83ba2adb 100644 --- a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h +++ b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve51_CP256_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h index f7240a95..1a796ab7 100644 --- a/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h +++ b/include/msvc/Hacl_HPKE_Curve51_CP256_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve51_CP256_SHA512_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h index e48242e6..d249ba05 100644 --- a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h +++ b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve51_CP32_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h index 057f8769..ddc00da3 100644 --- a/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h +++ b/include/msvc/Hacl_HPKE_Curve51_CP32_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_51.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve51_CP32_SHA512_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h index 1694a123..fda63e52 100644 --- a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h +++ b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve64_CP128_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h index 23f52f25..c8b06ca8 100644 --- a/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h +++ b/include/msvc/Hacl_HPKE_Curve64_CP128_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_Curve64_CP128_SHA512_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h index 33d471bc..2da8dbcf 100644 --- a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h +++ b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h index d59c1ee4..87d919e1 100644 --- a/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h +++ b/include/msvc/Hacl_HPKE_Curve64_CP256_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_Curve64_CP256_SHA512_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h index 5aaa07e1..bd4b9b59 100644 --- a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h +++ b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA256.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve64_CP32_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h index 594000f2..0d2bb8f0 100644 --- a/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h +++ b/include/msvc/Hacl_HPKE_Curve64_CP32_SHA512.h @@ -38,7 +38,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" #include "Hacl_Curve25519_64.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_Curve64_CP32_SHA512_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h b/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h index 613fef83..c76a100d 100644 --- a/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h +++ b/include/msvc/Hacl_HPKE_P256_CP128_SHA256.h @@ -37,7 +37,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" uint32_t Hacl_HPKE_P256_CP128_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h b/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h index 6e74b1db..4a33eb8a 100644 --- a/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h +++ b/include/msvc/Hacl_HPKE_P256_CP256_SHA256.h @@ -37,7 +37,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" uint32_t Hacl_HPKE_P256_CP256_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h b/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h index 1f8679d4..2818abed 100644 --- a/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h +++ b/include/msvc/Hacl_HPKE_P256_CP32_SHA256.h @@ -37,7 +37,7 @@ extern "C" { #include "Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h" #include "Hacl_HKDF.h" -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" uint32_t Hacl_HPKE_P256_CP32_SHA256_setupBaseS( diff --git a/include/msvc/Hacl_Hash_Blake2.h b/include/msvc/Hacl_Hash_Blake2.h deleted file mode 100644 index aff1c7a9..00000000 --- a/include/msvc/Hacl_Hash_Blake2.h +++ /dev/null @@ -1,156 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Hash_Blake2_H -#define __Hacl_Hash_Blake2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Lib_Memzero0.h" -#include "Hacl_Krmllib.h" - -void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn); - -void -Hacl_Blake2b_32_blake2b_update_key( - uint64_t *wv, - uint64_t *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2b_32_blake2b_update_multi( - uint32_t len, - uint64_t *wv, - uint64_t *hash, - FStar_UInt128_uint128 prev, - uint8_t *blocks, - uint32_t nb -); - -void -Hacl_Blake2b_32_blake2b_update_last( - uint32_t len, - uint64_t *wv, - uint64_t *hash, - FStar_UInt128_uint128 prev, - uint32_t rem, - uint8_t *d -); - -void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash); - -/** -Write the BLAKE2b digest of message `d` using key `k` into `output`. - -@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2b_32_blake2b( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - -uint64_t *Hacl_Blake2b_32_blake2b_malloc(void); - -void Hacl_Blake2s_32_blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn); - -void -Hacl_Blake2s_32_blake2s_update_key( - uint32_t *wv, - uint32_t *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2s_32_blake2s_update_multi( - uint32_t len, - uint32_t *wv, - uint32_t *hash, - uint64_t prev, - uint8_t *blocks, - uint32_t nb -); - -void -Hacl_Blake2s_32_blake2s_update_last( - uint32_t len, - uint32_t *wv, - uint32_t *hash, - uint64_t prev, - uint32_t rem, - uint8_t *d -); - -void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash); - -/** -Write the BLAKE2s digest of message `d` using key `k` into `output`. - -@param nn Length of to-be-generated digest with 1 <= `nn` <= 32. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2s_32_blake2s( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - -uint32_t *Hacl_Blake2s_32_blake2s_malloc(void); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Hash_Blake2_H_DEFINED -#endif diff --git a/include/msvc/Hacl_Streaming_Blake2b_256.h b/include/msvc/Hacl_Hash_Blake2b.h similarity index 56% rename from include/msvc/Hacl_Streaming_Blake2b_256.h rename to include/msvc/Hacl_Hash_Blake2b.h index 20e42d7c..414574f9 100644 --- a/include/msvc/Hacl_Streaming_Blake2b_256.h +++ b/include/msvc/Hacl_Hash_Blake2b.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Blake2b_256_H -#define __Hacl_Streaming_Blake2b_256_H +#ifndef __Hacl_Hash_Blake2b_H +#define __Hacl_Hash_Blake2b_H #if defined(__cplusplus) extern "C" { @@ -37,67 +37,71 @@ extern "C" { #include "Hacl_Streaming_Types.h" #include "Hacl_Krmllib.h" -#include "Hacl_Hash_Blake2b_256.h" -typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_block_state_s +typedef struct Hacl_Hash_Blake2b_block_state_t_s { - Lib_IntVector_Intrinsics_vec256 *fst; - Lib_IntVector_Intrinsics_vec256 *snd; + uint64_t *fst; + uint64_t *snd; } -Hacl_Streaming_Blake2b_256_blake2b_256_block_state; +Hacl_Hash_Blake2b_block_state_t; -typedef struct Hacl_Streaming_Blake2b_256_blake2b_256_state_s +typedef struct Hacl_Hash_Blake2b_state_t_s { - Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state; + Hacl_Hash_Blake2b_block_state_t block_state; uint8_t *buf; uint64_t total_len; } -Hacl_Streaming_Blake2b_256_blake2b_256_state; +Hacl_Hash_Blake2b_state_t; /** State allocation function when there is no key */ -Hacl_Streaming_Blake2b_256_blake2b_256_state -*Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(void); +Hacl_Hash_Blake2b_state_t *Hacl_Hash_Blake2b_malloc(void); /** - (Re-)initialization function when there is no key + Re-initialization function when there is no key */ -void -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init( - Hacl_Streaming_Blake2b_256_blake2b_256_state *s -); +void Hacl_Hash_Blake2b_reset(Hacl_Hash_Blake2b_state_t *state); /** Update function when there is no key; 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update( - Hacl_Streaming_Blake2b_256_blake2b_256_state *p, - uint8_t *data, - uint32_t len -); +Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint32_t chunk_len); /** Finish function when there is no key */ -void -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish( - Hacl_Streaming_Blake2b_256_blake2b_256_state *p, - uint8_t *dst -); +void Hacl_Hash_Blake2b_digest(Hacl_Hash_Blake2b_state_t *state, uint8_t *output); /** Free state function when there is no key */ +void Hacl_Hash_Blake2b_free(Hacl_Hash_Blake2b_state_t *state); + +/** +Write the BLAKE2b digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ void -Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free( - Hacl_Streaming_Blake2b_256_blake2b_256_state *s +Hacl_Hash_Blake2b_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len ); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Blake2b_256_H_DEFINED +#define __Hacl_Hash_Blake2b_H_DEFINED #endif diff --git a/include/msvc/Hacl_Hash_Blake2b_Simd256.h b/include/msvc/Hacl_Hash_Blake2b_Simd256.h new file mode 100644 index 00000000..adddce66 --- /dev/null +++ b/include/msvc/Hacl_Hash_Blake2b_Simd256.h @@ -0,0 +1,113 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_Hash_Blake2b_Simd256_H +#define __Hacl_Hash_Blake2b_Simd256_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Streaming_Types.h" +#include "Hacl_Krmllib.h" +#include "libintvector.h" + +typedef struct Hacl_Hash_Blake2b_Simd256_block_state_t_s +{ + Lib_IntVector_Intrinsics_vec256 *fst; + Lib_IntVector_Intrinsics_vec256 *snd; +} +Hacl_Hash_Blake2b_Simd256_block_state_t; + +typedef struct Hacl_Hash_Blake2b_Simd256_state_t_s +{ + Hacl_Hash_Blake2b_Simd256_block_state_t block_state; + uint8_t *buf; + uint64_t total_len; +} +Hacl_Hash_Blake2b_Simd256_state_t; + +/** + State allocation function when there is no key +*/ +Hacl_Hash_Blake2b_Simd256_state_t *Hacl_Hash_Blake2b_Simd256_malloc(void); + +/** + Re-initialization function when there is no key +*/ +void Hacl_Hash_Blake2b_Simd256_reset(Hacl_Hash_Blake2b_Simd256_state_t *state); + +/** + Update function when there is no key; 0 = success, 1 = max length exceeded +*/ +Hacl_Streaming_Types_error_code +Hacl_Hash_Blake2b_Simd256_update( + Hacl_Hash_Blake2b_Simd256_state_t *state, + uint8_t *chunk, + uint32_t chunk_len +); + +/** + Finish function when there is no key +*/ +void +Hacl_Hash_Blake2b_Simd256_digest(Hacl_Hash_Blake2b_Simd256_state_t *state, uint8_t *output); + +/** + Free state function when there is no key +*/ +void Hacl_Hash_Blake2b_Simd256_free(Hacl_Hash_Blake2b_Simd256_state_t *state); + +/** +Write the BLAKE2b digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 64. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ +void +Hacl_Hash_Blake2b_Simd256_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_Hash_Blake2b_Simd256_H_DEFINED +#endif diff --git a/include/msvc/Hacl_Streaming_Blake2s_128.h b/include/msvc/Hacl_Hash_Blake2s.h similarity index 56% rename from include/msvc/Hacl_Streaming_Blake2s_128.h rename to include/msvc/Hacl_Hash_Blake2s.h index 60e209ff..2c0d7c5b 100644 --- a/include/msvc/Hacl_Streaming_Blake2s_128.h +++ b/include/msvc/Hacl_Hash_Blake2s.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Blake2s_128_H -#define __Hacl_Streaming_Blake2s_128_H +#ifndef __Hacl_Hash_Blake2s_H +#define __Hacl_Hash_Blake2s_H #if defined(__cplusplus) extern "C" { @@ -36,67 +36,71 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Hash_Blake2s_128.h" -typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_block_state_s +typedef struct Hacl_Hash_Blake2s_block_state_t_s { - Lib_IntVector_Intrinsics_vec128 *fst; - Lib_IntVector_Intrinsics_vec128 *snd; + uint32_t *fst; + uint32_t *snd; } -Hacl_Streaming_Blake2s_128_blake2s_128_block_state; +Hacl_Hash_Blake2s_block_state_t; -typedef struct Hacl_Streaming_Blake2s_128_blake2s_128_state_s +typedef struct Hacl_Hash_Blake2s_state_t_s { - Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state; + Hacl_Hash_Blake2s_block_state_t block_state; uint8_t *buf; uint64_t total_len; } -Hacl_Streaming_Blake2s_128_blake2s_128_state; +Hacl_Hash_Blake2s_state_t; /** State allocation function when there is no key */ -Hacl_Streaming_Blake2s_128_blake2s_128_state -*Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(void); +Hacl_Hash_Blake2s_state_t *Hacl_Hash_Blake2s_malloc(void); /** - (Re-)initialization function when there is no key + Re-initialization function when there is no key */ -void -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init( - Hacl_Streaming_Blake2s_128_blake2s_128_state *s -); +void Hacl_Hash_Blake2s_reset(Hacl_Hash_Blake2s_state_t *state); /** Update function when there is no key; 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update( - Hacl_Streaming_Blake2s_128_blake2s_128_state *p, - uint8_t *data, - uint32_t len -); +Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint32_t chunk_len); /** Finish function when there is no key */ -void -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish( - Hacl_Streaming_Blake2s_128_blake2s_128_state *p, - uint8_t *dst -); +void Hacl_Hash_Blake2s_digest(Hacl_Hash_Blake2s_state_t *state, uint8_t *output); /** Free state function when there is no key */ +void Hacl_Hash_Blake2s_free(Hacl_Hash_Blake2s_state_t *state); + +/** +Write the BLAKE2s digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ void -Hacl_Streaming_Blake2s_128_blake2s_128_no_key_free( - Hacl_Streaming_Blake2s_128_blake2s_128_state *s +Hacl_Hash_Blake2s_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len ); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Blake2s_128_H_DEFINED +#define __Hacl_Hash_Blake2s_H_DEFINED #endif diff --git a/include/msvc/Hacl_Hash_Blake2s_Simd128.h b/include/msvc/Hacl_Hash_Blake2s_Simd128.h new file mode 100644 index 00000000..6484005e --- /dev/null +++ b/include/msvc/Hacl_Hash_Blake2s_Simd128.h @@ -0,0 +1,112 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_Hash_Blake2s_Simd128_H +#define __Hacl_Hash_Blake2s_Simd128_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Streaming_Types.h" +#include "libintvector.h" + +typedef struct Hacl_Hash_Blake2s_Simd128_block_state_t_s +{ + Lib_IntVector_Intrinsics_vec128 *fst; + Lib_IntVector_Intrinsics_vec128 *snd; +} +Hacl_Hash_Blake2s_Simd128_block_state_t; + +typedef struct Hacl_Hash_Blake2s_Simd128_state_t_s +{ + Hacl_Hash_Blake2s_Simd128_block_state_t block_state; + uint8_t *buf; + uint64_t total_len; +} +Hacl_Hash_Blake2s_Simd128_state_t; + +/** + State allocation function when there is no key +*/ +Hacl_Hash_Blake2s_Simd128_state_t *Hacl_Hash_Blake2s_Simd128_malloc(void); + +/** + Re-initialization function when there is no key +*/ +void Hacl_Hash_Blake2s_Simd128_reset(Hacl_Hash_Blake2s_Simd128_state_t *state); + +/** + Update function when there is no key; 0 = success, 1 = max length exceeded +*/ +Hacl_Streaming_Types_error_code +Hacl_Hash_Blake2s_Simd128_update( + Hacl_Hash_Blake2s_Simd128_state_t *state, + uint8_t *chunk, + uint32_t chunk_len +); + +/** + Finish function when there is no key +*/ +void +Hacl_Hash_Blake2s_Simd128_digest(Hacl_Hash_Blake2s_Simd128_state_t *state, uint8_t *output); + +/** + Free state function when there is no key +*/ +void Hacl_Hash_Blake2s_Simd128_free(Hacl_Hash_Blake2s_Simd128_state_t *state); + +/** +Write the BLAKE2s digest of message `input` using key `key` into `output`. + +@param output Pointer to `output_len` bytes of memory where the digest is written to. +@param output_len Length of the to-be-generated digest with 1 <= `output_len` <= 32. +@param input Pointer to `input_len` bytes of memory where the input message is read from. +@param input_len Length of the input message. +@param key Pointer to `key_len` bytes of memory where the key is read from. +@param key_len Length of the key. Can be 0. +*/ +void +Hacl_Hash_Blake2s_Simd128_hash_with_key( + uint8_t *output, + uint32_t output_len, + uint8_t *input, + uint32_t input_len, + uint8_t *key, + uint32_t key_len +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_Hash_Blake2s_Simd128_H_DEFINED +#endif diff --git a/include/msvc/Hacl_Hash_MD5.h b/include/msvc/Hacl_Hash_MD5.h index dd4c75e0..db93d7d6 100644 --- a/include/msvc/Hacl_Hash_MD5.h +++ b/include/msvc/Hacl_Hash_MD5.h @@ -37,25 +37,25 @@ extern "C" { #include "Hacl_Streaming_Types.h" -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_MD5_state; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_MD5_state_t; -Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_create_in(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void); -void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_MD5_reset(Hacl_Streaming_MD_state_32 *state); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len); +Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len); -void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_MD5_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output); -void Hacl_Streaming_MD5_legacy_free(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_MD5_free(Hacl_Streaming_MD_state_32 *state); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_MD5_legacy_copy(Hacl_Streaming_MD_state_32 *s0); +Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_copy(Hacl_Streaming_MD_state_32 *state); -void Hacl_Streaming_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_MD5_hash(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/msvc/Hacl_Hash_SHA1.h b/include/msvc/Hacl_Hash_SHA1.h index 2737b20f..19045440 100644 --- a/include/msvc/Hacl_Hash_SHA1.h +++ b/include/msvc/Hacl_Hash_SHA1.h @@ -37,25 +37,25 @@ extern "C" { #include "Hacl_Streaming_Types.h" -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA1_state; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA1_state_t; -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_create_in(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_malloc(void); -void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA1_reset(Hacl_Streaming_MD_state_32 *state); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len); +Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk_len); -void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_SHA1_digest(Hacl_Streaming_MD_state_32 *state, uint8_t *output); -void Hacl_Streaming_SHA1_legacy_free(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA1_free(Hacl_Streaming_MD_state_32 *state); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA1_legacy_copy(Hacl_Streaming_MD_state_32 *s0); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA1_copy(Hacl_Streaming_MD_state_32 *state); -void Hacl_Streaming_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA1_hash(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/msvc/Hacl_Hash_SHA2.h b/include/msvc/Hacl_Hash_SHA2.h index 8f98d878..d17eab94 100644 --- a/include/msvc/Hacl_Hash_SHA2.h +++ b/include/msvc/Hacl_Hash_SHA2.h @@ -38,19 +38,19 @@ extern "C" { #include "Hacl_Streaming_Types.h" #include "Hacl_Krmllib.h" -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_224; -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256; +typedef Hacl_Streaming_MD_state_32 Hacl_Hash_SHA2_state_t_256; -typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384; +typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_384; -typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512; +typedef Hacl_Streaming_MD_state_64 Hacl_Hash_SHA2_state_t_512; /** Allocate initial state for the SHA2_256 hash. The state is to be freed by calling `free_256`. */ -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_256(void); /** Copies the state passed as argument into a newly allocated state (deep copy). @@ -58,73 +58,73 @@ The state is to be freed by calling `free_256`. Cloning the state this way is useful, for instance, if your control-flow diverges and you need to feed more (different) data into the hash in each branch. */ -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_copy_256(Hacl_Streaming_MD_state_32 *state); /** Reset an existing state to the initial hash state with empty data. */ -void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA2_reset_256(Hacl_Streaming_MD_state_32 *state); /** Feed an arbitrary amount of data into the hash. This function returns 0 for success, or 1 if the combined length of all of the data passed to `update_256` -(since the last call to `init_256`) exceeds 2^61-1 bytes. +(since the last call to `reset_256`) exceeds 2^61-1 bytes. This function is identical to the update function for SHA2_224. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_256( - Hacl_Streaming_MD_state_32 *p, +Hacl_Hash_SHA2_update_256( + Hacl_Streaming_MD_state_32 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 32 bytes. The state remains -valid after a call to `finish_256`, meaning the user may feed more data into -the hash via `update_256`. (The finish_256 function operates on an internal copy of +Write the resulting hash into `output`, an array of 32 bytes. The state remains +valid after a call to `digest_256`, meaning the user may feed more data into +the hash via `update_256`. (The digest_256 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_256(Hacl_Streaming_MD_state_32 *state, uint8_t *output); /** -Free a state allocated with `create_in_256`. +Free a state allocated with `malloc_256`. This function is identical to the free function for SHA2_224. */ -void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA2_free_256(Hacl_Streaming_MD_state_32 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 32 bytes. */ -void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void); +Hacl_Streaming_MD_state_32 *Hacl_Hash_SHA2_malloc_224(void); -void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s); +void Hacl_Hash_SHA2_reset_224(Hacl_Streaming_MD_state_32 *state); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_224( - Hacl_Streaming_MD_state_32 *p, +Hacl_Hash_SHA2_update_224( + Hacl_Streaming_MD_state_32 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 28 bytes. The state remains -valid after a call to `finish_224`, meaning the user may feed more data into +Write the resulting hash into `output`, an array of 28 bytes. The state remains +valid after a call to `digest_224`, meaning the user may feed more data into the hash via `update_224`. */ -void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *output); -void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p); +void Hacl_Hash_SHA2_free_224(Hacl_Streaming_MD_state_32 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 28 bytes. */ -void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len); -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void); +Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_512(void); /** Copies the state passed as argument into a newly allocated state (deep copy). @@ -132,68 +132,68 @@ The state is to be freed by calling `free_512`. Cloning the state this way is useful, for instance, if your control-flow diverges and you need to feed more (different) data into the hash in each branch. */ -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0); +Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_copy_512(Hacl_Streaming_MD_state_64 *state); -void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s); +void Hacl_Hash_SHA2_reset_512(Hacl_Streaming_MD_state_64 *state); /** Feed an arbitrary amount of data into the hash. This function returns 0 for success, or 1 if the combined length of all of the data passed to `update_512` -(since the last call to `init_512`) exceeds 2^125-1 bytes. +(since the last call to `reset_512`) exceeds 2^125-1 bytes. This function is identical to the update function for SHA2_384. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_512( - Hacl_Streaming_MD_state_64 *p, +Hacl_Hash_SHA2_update_512( + Hacl_Streaming_MD_state_64 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 64 bytes. The state remains -valid after a call to `finish_512`, meaning the user may feed more data into -the hash via `update_512`. (The finish_512 function operates on an internal copy of +Write the resulting hash into `output`, an array of 64 bytes. The state remains +valid after a call to `digest_512`, meaning the user may feed more data into +the hash via `update_512`. (The digest_512 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_512(Hacl_Streaming_MD_state_64 *state, uint8_t *output); /** -Free a state allocated with `create_in_512`. +Free a state allocated with `malloc_512`. This function is identical to the free function for SHA2_384. */ -void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s); +void Hacl_Hash_SHA2_free_512(Hacl_Streaming_MD_state_64 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 64 bytes. */ -void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_512(uint8_t *output, uint8_t *input, uint32_t input_len); -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void); +Hacl_Streaming_MD_state_64 *Hacl_Hash_SHA2_malloc_384(void); -void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s); +void Hacl_Hash_SHA2_reset_384(Hacl_Streaming_MD_state_64 *state); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_384( - Hacl_Streaming_MD_state_64 *p, +Hacl_Hash_SHA2_update_384( + Hacl_Streaming_MD_state_64 *state, uint8_t *input, uint32_t input_len ); /** -Write the resulting hash into `dst`, an array of 48 bytes. The state remains -valid after a call to `finish_384`, meaning the user may feed more data into +Write the resulting hash into `output`, an array of 48 bytes. The state remains +valid after a call to `digest_384`, meaning the user may feed more data into the hash via `update_384`. */ -void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst); +void Hacl_Hash_SHA2_digest_384(Hacl_Streaming_MD_state_64 *state, uint8_t *output); -void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p); +void Hacl_Hash_SHA2_free_384(Hacl_Streaming_MD_state_64 *state); /** -Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. +Hash `input`, of len `input_len`, into `output`, an array of 48 bytes. */ -void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst); +void Hacl_Hash_SHA2_hash_384(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/msvc/Hacl_Hash_SHA3.h b/include/msvc/Hacl_Hash_SHA3.h index e2f5ff06..e09f8745 100644 --- a/include/msvc/Hacl_Hash_SHA3.h +++ b/include/msvc/Hacl_Hash_SHA3.h @@ -37,48 +37,48 @@ extern "C" { #include "Hacl_Streaming_Types.h" -typedef struct Hacl_Streaming_Keccak_hash_buf_s +typedef struct Hacl_Hash_SHA3_hash_buf_s { Spec_Hash_Definitions_hash_alg fst; uint64_t *snd; } -Hacl_Streaming_Keccak_hash_buf; +Hacl_Hash_SHA3_hash_buf; -typedef struct Hacl_Streaming_Keccak_state_s +typedef struct Hacl_Hash_SHA3_state_t_s { - Hacl_Streaming_Keccak_hash_buf block_state; + Hacl_Hash_SHA3_hash_buf block_state; uint8_t *buf; uint64_t total_len; } -Hacl_Streaming_Keccak_state; +Hacl_Hash_SHA3_state_t; -Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s); +Spec_Hash_Definitions_hash_alg Hacl_Hash_SHA3_get_alg(Hacl_Hash_SHA3_state_t *s); -Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_hash_alg a); +Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_hash_alg a); -void Hacl_Streaming_Keccak_free(Hacl_Streaming_Keccak_state *s); +void Hacl_Hash_SHA3_free(Hacl_Hash_SHA3_state_t *state); -Hacl_Streaming_Keccak_state *Hacl_Streaming_Keccak_copy(Hacl_Streaming_Keccak_state *s0); +Hacl_Hash_SHA3_state_t *Hacl_Hash_SHA3_copy(Hacl_Hash_SHA3_state_t *state); -void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s); +void Hacl_Hash_SHA3_reset(Hacl_Hash_SHA3_state_t *state); Hacl_Streaming_Types_error_code -Hacl_Streaming_Keccak_update(Hacl_Streaming_Keccak_state *p, uint8_t *data, uint32_t len); +Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t chunk_len); Hacl_Streaming_Types_error_code -Hacl_Streaming_Keccak_finish(Hacl_Streaming_Keccak_state *s, uint8_t *dst); +Hacl_Hash_SHA3_digest(Hacl_Hash_SHA3_state_t *state, uint8_t *output); Hacl_Streaming_Types_error_code -Hacl_Streaming_Keccak_squeeze(Hacl_Streaming_Keccak_state *s, uint8_t *dst, uint32_t l); +Hacl_Hash_SHA3_squeeze(Hacl_Hash_SHA3_state_t *s, uint8_t *dst, uint32_t l); -uint32_t Hacl_Streaming_Keccak_block_len(Hacl_Streaming_Keccak_state *s); +uint32_t Hacl_Hash_SHA3_block_len(Hacl_Hash_SHA3_state_t *s); -uint32_t Hacl_Streaming_Keccak_hash_len(Hacl_Streaming_Keccak_state *s); +uint32_t Hacl_Hash_SHA3_hash_len(Hacl_Hash_SHA3_state_t *s); -bool Hacl_Streaming_Keccak_is_shake(Hacl_Streaming_Keccak_state *s); +bool Hacl_Hash_SHA3_is_shake(Hacl_Hash_SHA3_state_t *s); void -Hacl_SHA3_shake128_hacl( +Hacl_Hash_SHA3_shake128_hacl( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, @@ -86,25 +86,25 @@ Hacl_SHA3_shake128_hacl( ); void -Hacl_SHA3_shake256_hacl( +Hacl_Hash_SHA3_shake256_hacl( uint32_t inputByteLen, uint8_t *input, uint32_t outputByteLen, uint8_t *output ); -void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_224(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_256(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_384(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); +void Hacl_Hash_SHA3_sha3_512(uint8_t *output, uint8_t *input, uint32_t input_len); -void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s); +void Hacl_Hash_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, uint64_t *s); void -Hacl_Impl_SHA3_squeeze( +Hacl_Hash_SHA3_squeeze0( uint64_t *s, uint32_t rateInBytes, uint32_t outputByteLen, @@ -112,7 +112,7 @@ Hacl_Impl_SHA3_squeeze( ); void -Hacl_Impl_SHA3_keccak( +Hacl_Hash_SHA3_keccak( uint32_t rate, uint32_t capacity, uint32_t inputByteLen, diff --git a/include/msvc/Hacl_IntTypes_Intrinsics.h b/include/msvc/Hacl_IntTypes_Intrinsics.h index e2a193e9..c816b046 100644 --- a/include/msvc/Hacl_IntTypes_Intrinsics.h +++ b/include/msvc/Hacl_IntTypes_Intrinsics.h @@ -41,7 +41,7 @@ static inline uint32_t Hacl_IntTypes_Intrinsics_add_carry_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r) { uint64_t res = (uint64_t)x + (uint64_t)cin + (uint64_t)y; - uint32_t c = (uint32_t)(res >> (uint32_t)32U); + uint32_t c = (uint32_t)(res >> 32U); r[0U] = (uint32_t)res; return c; } @@ -50,7 +50,7 @@ static inline uint32_t Hacl_IntTypes_Intrinsics_sub_borrow_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r) { uint64_t res = (uint64_t)x - (uint64_t)y - (uint64_t)cin; - uint32_t c = (uint32_t)(res >> (uint32_t)32U) & (uint32_t)1U; + uint32_t c = (uint32_t)(res >> 32U) & 1U; r[0U] = (uint32_t)res; return c; } @@ -59,8 +59,7 @@ static inline uint64_t Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) { uint64_t res = x + cin + y; - uint64_t - c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & (uint64_t)1U; + uint64_t c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & 1ULL; r[0U] = res; return c; } @@ -73,7 +72,7 @@ Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, ui c = ((FStar_UInt64_gte_mask(res, x) & ~FStar_UInt64_eq_mask(res, x)) | (FStar_UInt64_eq_mask(res, x) & cin)) - & (uint64_t)1U; + & 1ULL; r[0U] = res; return c; } diff --git a/include/msvc/Hacl_IntTypes_Intrinsics_128.h b/include/msvc/Hacl_IntTypes_Intrinsics_128.h index aa843a6c..d3008969 100644 --- a/include/msvc/Hacl_IntTypes_Intrinsics_128.h +++ b/include/msvc/Hacl_IntTypes_Intrinsics_128.h @@ -45,7 +45,7 @@ Hacl_IntTypes_Intrinsics_128_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_uint64_to_uint128(x), FStar_UInt128_uint64_to_uint128(cin)), FStar_UInt128_uint64_to_uint128(y)); - uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); + uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)); r[0U] = FStar_UInt128_uint128_to_uint64(res); return c; } @@ -58,10 +58,7 @@ Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y FStar_UInt128_sub_mod(FStar_UInt128_sub_mod(FStar_UInt128_uint64_to_uint128(x), FStar_UInt128_uint64_to_uint128(y)), FStar_UInt128_uint64_to_uint128(cin)); - uint64_t - c = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)) - & (uint64_t)1U; + uint64_t c = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)) & 1ULL; r[0U] = FStar_UInt128_uint128_to_uint64(res); return c; } diff --git a/include/msvc/Hacl_Krmllib.h b/include/msvc/Hacl_Krmllib.h index 6916db3d..c0ea70bf 100644 --- a/include/msvc/Hacl_Krmllib.h +++ b/include/msvc/Hacl_Krmllib.h @@ -35,9 +35,9 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b); +static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b); -static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b); +static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b); static inline FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); diff --git a/include/Hacl_Streaming_Poly1305_32.h b/include/msvc/Hacl_MAC_Poly1305.h similarity index 67% rename from include/Hacl_Streaming_Poly1305_32.h rename to include/msvc/Hacl_MAC_Poly1305.h index 88d1a513..95ac4be2 100644 --- a/include/Hacl_Streaming_Poly1305_32.h +++ b/include/msvc/Hacl_MAC_Poly1305.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Poly1305_32_H -#define __Hacl_Streaming_Poly1305_32_H +#ifndef __Hacl_MAC_Poly1305_H +#define __Hacl_MAC_Poly1305_H #if defined(__cplusplus) extern "C" { @@ -36,43 +36,36 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Poly1305_32.h" +#include "Hacl_Krmllib.h" -typedef struct Hacl_Streaming_Poly1305_32_poly1305_32_state_s +typedef struct Hacl_MAC_Poly1305_state_t_s { uint64_t *block_state; uint8_t *buf; uint64_t total_len; uint8_t *p_key; } -Hacl_Streaming_Poly1305_32_poly1305_32_state; +Hacl_MAC_Poly1305_state_t; -Hacl_Streaming_Poly1305_32_poly1305_32_state *Hacl_Streaming_Poly1305_32_create_in(uint8_t *k); +Hacl_MAC_Poly1305_state_t *Hacl_MAC_Poly1305_malloc(uint8_t *key); -void -Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_32_state *s); +void Hacl_MAC_Poly1305_reset(Hacl_MAC_Poly1305_state_t *state, uint8_t *key); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Poly1305_32_update( - Hacl_Streaming_Poly1305_32_poly1305_32_state *p, - uint8_t *data, - uint32_t len -); +Hacl_MAC_Poly1305_update(Hacl_MAC_Poly1305_state_t *state, uint8_t *chunk, uint32_t chunk_len); -void -Hacl_Streaming_Poly1305_32_finish( - Hacl_Streaming_Poly1305_32_poly1305_32_state *p, - uint8_t *dst -); +void Hacl_MAC_Poly1305_digest(Hacl_MAC_Poly1305_state_t *state, uint8_t *output); -void Hacl_Streaming_Poly1305_32_free(Hacl_Streaming_Poly1305_32_poly1305_32_state *s); +void Hacl_MAC_Poly1305_free(Hacl_MAC_Poly1305_state_t *state); + +void Hacl_MAC_Poly1305_mac(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *key); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Poly1305_32_H_DEFINED +#define __Hacl_MAC_Poly1305_H_DEFINED #endif diff --git a/include/msvc/Hacl_Streaming_Poly1305_128.h b/include/msvc/Hacl_MAC_Poly1305_Simd128.h similarity index 67% rename from include/msvc/Hacl_Streaming_Poly1305_128.h rename to include/msvc/Hacl_MAC_Poly1305_Simd128.h index d6299052..9b69ebd4 100644 --- a/include/msvc/Hacl_Streaming_Poly1305_128.h +++ b/include/msvc/Hacl_MAC_Poly1305_Simd128.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Poly1305_128_H -#define __Hacl_Streaming_Poly1305_128_H +#ifndef __Hacl_MAC_Poly1305_Simd128_H +#define __Hacl_MAC_Poly1305_Simd128_H #if defined(__cplusplus) extern "C" { @@ -36,44 +36,47 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Poly1305_128.h" +#include "libintvector.h" -typedef struct Hacl_Streaming_Poly1305_128_poly1305_128_state_s +typedef struct Hacl_MAC_Poly1305_Simd128_state_t_s { Lib_IntVector_Intrinsics_vec128 *block_state; uint8_t *buf; uint64_t total_len; uint8_t *p_key; } -Hacl_Streaming_Poly1305_128_poly1305_128_state; +Hacl_MAC_Poly1305_Simd128_state_t; -Hacl_Streaming_Poly1305_128_poly1305_128_state -*Hacl_Streaming_Poly1305_128_create_in(uint8_t *k); +Hacl_MAC_Poly1305_Simd128_state_t *Hacl_MAC_Poly1305_Simd128_malloc(uint8_t *key); -void -Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly1305_128_state *s); +void Hacl_MAC_Poly1305_Simd128_reset(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *key); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Poly1305_128_update( - Hacl_Streaming_Poly1305_128_poly1305_128_state *p, - uint8_t *data, - uint32_t len +Hacl_MAC_Poly1305_Simd128_update( + Hacl_MAC_Poly1305_Simd128_state_t *state, + uint8_t *chunk, + uint32_t chunk_len ); void -Hacl_Streaming_Poly1305_128_finish( - Hacl_Streaming_Poly1305_128_poly1305_128_state *p, - uint8_t *dst -); +Hacl_MAC_Poly1305_Simd128_digest(Hacl_MAC_Poly1305_Simd128_state_t *state, uint8_t *output); + +void Hacl_MAC_Poly1305_Simd128_free(Hacl_MAC_Poly1305_Simd128_state_t *state); -void Hacl_Streaming_Poly1305_128_free(Hacl_Streaming_Poly1305_128_poly1305_128_state *s); +void +Hacl_MAC_Poly1305_Simd128_mac( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *key +); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Poly1305_128_H_DEFINED +#define __Hacl_MAC_Poly1305_Simd128_H_DEFINED #endif diff --git a/include/Hacl_Streaming_Poly1305_256.h b/include/msvc/Hacl_MAC_Poly1305_Simd256.h similarity index 67% rename from include/Hacl_Streaming_Poly1305_256.h rename to include/msvc/Hacl_MAC_Poly1305_Simd256.h index 689b837b..89f4a104 100644 --- a/include/Hacl_Streaming_Poly1305_256.h +++ b/include/msvc/Hacl_MAC_Poly1305_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Streaming_Poly1305_256_H -#define __Hacl_Streaming_Poly1305_256_H +#ifndef __Hacl_MAC_Poly1305_Simd256_H +#define __Hacl_MAC_Poly1305_Simd256_H #if defined(__cplusplus) extern "C" { @@ -36,44 +36,47 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Streaming_Types.h" -#include "Hacl_Poly1305_256.h" +#include "libintvector.h" -typedef struct Hacl_Streaming_Poly1305_256_poly1305_256_state_s +typedef struct Hacl_MAC_Poly1305_Simd256_state_t_s { Lib_IntVector_Intrinsics_vec256 *block_state; uint8_t *buf; uint64_t total_len; uint8_t *p_key; } -Hacl_Streaming_Poly1305_256_poly1305_256_state; +Hacl_MAC_Poly1305_Simd256_state_t; -Hacl_Streaming_Poly1305_256_poly1305_256_state -*Hacl_Streaming_Poly1305_256_create_in(uint8_t *k); +Hacl_MAC_Poly1305_Simd256_state_t *Hacl_MAC_Poly1305_Simd256_malloc(uint8_t *key); -void -Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly1305_256_state *s); +void Hacl_MAC_Poly1305_Simd256_reset(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *key); /** 0 = success, 1 = max length exceeded */ Hacl_Streaming_Types_error_code -Hacl_Streaming_Poly1305_256_update( - Hacl_Streaming_Poly1305_256_poly1305_256_state *p, - uint8_t *data, - uint32_t len +Hacl_MAC_Poly1305_Simd256_update( + Hacl_MAC_Poly1305_Simd256_state_t *state, + uint8_t *chunk, + uint32_t chunk_len ); void -Hacl_Streaming_Poly1305_256_finish( - Hacl_Streaming_Poly1305_256_poly1305_256_state *p, - uint8_t *dst -); +Hacl_MAC_Poly1305_Simd256_digest(Hacl_MAC_Poly1305_Simd256_state_t *state, uint8_t *output); + +void Hacl_MAC_Poly1305_Simd256_free(Hacl_MAC_Poly1305_Simd256_state_t *state); -void Hacl_Streaming_Poly1305_256_free(Hacl_Streaming_Poly1305_256_poly1305_256_state *s); +void +Hacl_MAC_Poly1305_Simd256_mac( + uint8_t *output, + uint8_t *input, + uint32_t input_len, + uint8_t *key +); #if defined(__cplusplus) } #endif -#define __Hacl_Streaming_Poly1305_256_H_DEFINED +#define __Hacl_MAC_Poly1305_Simd256_H_DEFINED #endif diff --git a/include/msvc/Hacl_NaCl.h b/include/msvc/Hacl_NaCl.h index b7e91a4b..a3ca6804 100644 --- a/include/msvc/Hacl_NaCl.h +++ b/include/msvc/Hacl_NaCl.h @@ -36,7 +36,7 @@ extern "C" { #include "krml/internal/target.h" #include "Hacl_Salsa20.h" -#include "Hacl_Poly1305_32.h" +#include "Hacl_MAC_Poly1305.h" #include "Hacl_Curve25519_51.h" /** diff --git a/include/msvc/Hacl_Poly1305_128.h b/include/msvc/Hacl_Poly1305_128.h deleted file mode 100644 index 834d4a8a..00000000 --- a/include/msvc/Hacl_Poly1305_128.h +++ /dev/null @@ -1,67 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Poly1305_128_H -#define __Hacl_Poly1305_128_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "libintvector.h" - -typedef Lib_IntVector_Intrinsics_vec128 *Hacl_Poly1305_128_poly1305_ctx; - -void Hacl_Poly1305_128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key); - -void Hacl_Poly1305_128_poly1305_update1(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *text); - -void -Hacl_Poly1305_128_poly1305_update( - Lib_IntVector_Intrinsics_vec128 *ctx, - uint32_t len, - uint8_t *text -); - -void -Hacl_Poly1305_128_poly1305_finish( - uint8_t *tag, - uint8_t *key, - Lib_IntVector_Intrinsics_vec128 *ctx -); - -void Hacl_Poly1305_128_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Poly1305_128_H_DEFINED -#endif diff --git a/include/msvc/Hacl_Poly1305_256.h b/include/msvc/Hacl_Poly1305_256.h deleted file mode 100644 index 9d1ae8c3..00000000 --- a/include/msvc/Hacl_Poly1305_256.h +++ /dev/null @@ -1,67 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Poly1305_256_H -#define __Hacl_Poly1305_256_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "libintvector.h" - -typedef Lib_IntVector_Intrinsics_vec256 *Hacl_Poly1305_256_poly1305_ctx; - -void Hacl_Poly1305_256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key); - -void Hacl_Poly1305_256_poly1305_update1(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *text); - -void -Hacl_Poly1305_256_poly1305_update( - Lib_IntVector_Intrinsics_vec256 *ctx, - uint32_t len, - uint8_t *text -); - -void -Hacl_Poly1305_256_poly1305_finish( - uint8_t *tag, - uint8_t *key, - Lib_IntVector_Intrinsics_vec256 *ctx -); - -void Hacl_Poly1305_256_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Poly1305_256_H_DEFINED -#endif diff --git a/include/msvc/Hacl_Poly1305_32.h b/include/msvc/Hacl_Poly1305_32.h deleted file mode 100644 index f3233b90..00000000 --- a/include/msvc/Hacl_Poly1305_32.h +++ /dev/null @@ -1,57 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Poly1305_32_H -#define __Hacl_Poly1305_32_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Krmllib.h" - -typedef uint64_t *Hacl_Poly1305_32_poly1305_ctx; - -void Hacl_Poly1305_32_poly1305_init(uint64_t *ctx, uint8_t *key); - -void Hacl_Poly1305_32_poly1305_update1(uint64_t *ctx, uint8_t *text); - -void Hacl_Poly1305_32_poly1305_update(uint64_t *ctx, uint32_t len, uint8_t *text); - -void Hacl_Poly1305_32_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx); - -void Hacl_Poly1305_32_poly1305_mac(uint8_t *tag, uint32_t len, uint8_t *text, uint8_t *key); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Poly1305_32_H_DEFINED -#endif diff --git a/include/msvc/Hacl_RSAPSS.h b/include/msvc/Hacl_RSAPSS.h index 8f4de949..90bd69ce 100644 --- a/include/msvc/Hacl_RSAPSS.h +++ b/include/msvc/Hacl_RSAPSS.h @@ -43,9 +43,9 @@ extern "C" { Sign a message `msg` and write the signature to `sgnt`. @param a Hash algorithm to use. Allowed values for `a` are ... - * Spec_Hash_Definitions_SHA2_256, - * Spec_Hash_Definitions_SHA2_384, and - * Spec_Hash_Definitions_SHA2_512. + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. @@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`. @@ -105,10 +108,10 @@ Load a public key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@return Returns an allocated public key. Note: caller must take care to `free()` the created key. +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb); @@ -119,11 +122,11 @@ Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. -@return Returns an allocated secret key. Note: caller must take care to `free()` the created key. +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_skey( @@ -138,13 +141,16 @@ uint64_t /** Sign a message `msg` and write the signature to `sgnt`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param salt Pointer to `saltLen` bytes where the salt is read from. @param msgLen Length of message. @@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param sgntLen Length of signature. @param sgnt Pointer to `sgntLen` bytes where the signature is read from. diff --git a/include/msvc/Hacl_Streaming_Blake2.h b/include/msvc/Hacl_Streaming_Blake2.h deleted file mode 100644 index bfb05e4f..00000000 --- a/include/msvc/Hacl_Streaming_Blake2.h +++ /dev/null @@ -1,147 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#ifndef __Hacl_Streaming_Blake2_H -#define __Hacl_Streaming_Blake2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include "krml/internal/types.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#include "Hacl_Streaming_Types.h" -#include "Hacl_Krmllib.h" -#include "Hacl_Hash_Blake2.h" - -typedef struct Hacl_Streaming_Blake2_blake2s_32_block_state_s -{ - uint32_t *fst; - uint32_t *snd; -} -Hacl_Streaming_Blake2_blake2s_32_block_state; - -typedef struct Hacl_Streaming_Blake2_blake2b_32_block_state_s -{ - uint64_t *fst; - uint64_t *snd; -} -Hacl_Streaming_Blake2_blake2b_32_block_state; - -typedef struct Hacl_Streaming_Blake2_blake2s_32_state_s -{ - Hacl_Streaming_Blake2_blake2s_32_block_state block_state; - uint8_t *buf; - uint64_t total_len; -} -Hacl_Streaming_Blake2_blake2s_32_state; - -typedef struct Hacl_Streaming_Blake2_blake2b_32_state_s -{ - Hacl_Streaming_Blake2_blake2b_32_block_state block_state; - uint8_t *buf; - uint64_t total_len; -} -Hacl_Streaming_Blake2_blake2b_32_state; - -/** - State allocation function when there is no key -*/ -Hacl_Streaming_Blake2_blake2s_32_state -*Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(void); - -/** - (Re-)initialization function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_32_state *s1); - -/** - Update function when there is no key; 0 = success, 1 = max length exceeded -*/ -Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2_blake2s_32_no_key_update( - Hacl_Streaming_Blake2_blake2s_32_state *p, - uint8_t *data, - uint32_t len -); - -/** - Finish function when there is no key -*/ -void -Hacl_Streaming_Blake2_blake2s_32_no_key_finish( - Hacl_Streaming_Blake2_blake2s_32_state *p, - uint8_t *dst -); - -/** - Free state function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2s_32_no_key_free(Hacl_Streaming_Blake2_blake2s_32_state *s1); - -/** - State allocation function when there is no key -*/ -Hacl_Streaming_Blake2_blake2b_32_state -*Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(void); - -/** - (Re)-initialization function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_32_state *s1); - -/** - Update function when there is no key; 0 = success, 1 = max length exceeded -*/ -Hacl_Streaming_Types_error_code -Hacl_Streaming_Blake2_blake2b_32_no_key_update( - Hacl_Streaming_Blake2_blake2b_32_state *p, - uint8_t *data, - uint32_t len -); - -/** - Finish function when there is no key -*/ -void -Hacl_Streaming_Blake2_blake2b_32_no_key_finish( - Hacl_Streaming_Blake2_blake2b_32_state *p, - uint8_t *dst -); - -/** - Free state function when there is no key -*/ -void Hacl_Streaming_Blake2_blake2b_32_no_key_free(Hacl_Streaming_Blake2_blake2b_32_state *s1); - -#if defined(__cplusplus) -} -#endif - -#define __Hacl_Streaming_Blake2_H_DEFINED -#endif diff --git a/include/msvc/TestLib.h b/include/msvc/TestLib.h index 3928a462..62399c0c 100644 --- a/include/msvc/TestLib.h +++ b/include/msvc/TestLib.h @@ -55,7 +55,8 @@ extern void TestLib_checku32(uint32_t uu___, uint32_t uu___1); extern void TestLib_checku64(uint64_t uu___, uint64_t uu___1); -extern void TestLib_compare_and_print(C_String_t uu___, uint8_t *b1, uint8_t *b2, uint32_t l); +extern void +TestLib_compare_and_print(Prims_string uu___, uint8_t *b1, uint8_t *b2, uint32_t l); extern uint8_t *TestLib_unsafe_malloc(uint32_t l); diff --git a/include/msvc/internal/EverCrypt_HMAC.h b/include/msvc/internal/EverCrypt_HMAC.h index 02986e6c..debea462 100644 --- a/include/msvc/internal/EverCrypt_HMAC.h +++ b/include/msvc/internal/EverCrypt_HMAC.h @@ -38,7 +38,9 @@ extern "C" { #include "internal/Hacl_Krmllib.h" #include "internal/Hacl_Hash_SHA2.h" #include "internal/Hacl_Hash_SHA1.h" -#include "internal/Hacl_Hash_Blake2.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" +#include "internal/Hacl_HMAC.h" #include "internal/EverCrypt_Hash.h" #include "../EverCrypt_HMAC.h" diff --git a/include/msvc/internal/EverCrypt_Hash.h b/include/msvc/internal/EverCrypt_Hash.h index c9417677..cd706161 100644 --- a/include/msvc/internal/EverCrypt_Hash.h +++ b/include/msvc/internal/EverCrypt_Hash.h @@ -41,11 +41,15 @@ extern "C" { #include "internal/Hacl_Hash_SHA2.h" #include "internal/Hacl_Hash_SHA1.h" #include "internal/Hacl_Hash_MD5.h" +#include "internal/Hacl_Hash_Blake2s_Simd128.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b_Simd256.h" +#include "internal/Hacl_Hash_Blake2b.h" #include "../EverCrypt_Hash.h" void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n); -void EverCrypt_Hash_Incremental_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst); +void EverCrypt_Hash_Incremental_hash_256(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/msvc/internal/Hacl_Bignum.h b/include/msvc/internal/Hacl_Bignum.h index 901a8dad..4b31236d 100644 --- a/include/msvc/internal/Hacl_Bignum.h +++ b/include/msvc/internal/Hacl_Bignum.h @@ -124,15 +124,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32( uint32_t *res ); -void -Hacl_Bignum_Montgomery_bn_mont_reduction_u32( - uint32_t len, - uint32_t *n, - uint32_t nInv, - uint32_t *c, - uint32_t *res -); - void Hacl_Bignum_Montgomery_bn_to_mont_u32( uint32_t len, @@ -181,15 +172,6 @@ Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64( uint64_t *res ); -void -Hacl_Bignum_Montgomery_bn_mont_reduction_u64( - uint32_t len, - uint64_t *n, - uint64_t nInv, - uint64_t *c, - uint64_t *res -); - void Hacl_Bignum_Montgomery_bn_to_mont_u64( uint32_t len, @@ -228,6 +210,24 @@ Hacl_Bignum_Montgomery_bn_mont_sqr_u64( uint64_t *resM ); +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv, + uint32_t *c, + uint32_t *res +); + +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv, + uint64_t *c, + uint64_t *res +); + uint32_t Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32( uint32_t len, diff --git a/include/msvc/internal/Hacl_Bignum25519_51.h b/include/msvc/internal/Hacl_Bignum25519_51.h index 9fe5e9fc..4678f8a0 100644 --- a/include/msvc/internal/Hacl_Bignum25519_51.h +++ b/include/msvc/internal/Hacl_Bignum25519_51.h @@ -69,11 +69,11 @@ static inline void Hacl_Impl_Curve25519_Field51_fsub(uint64_t *out, uint64_t *f1 uint64_t f23 = f2[3U]; uint64_t f14 = f1[4U]; uint64_t f24 = f2[4U]; - out[0U] = f10 + (uint64_t)0x3fffffffffff68U - f20; - out[1U] = f11 + (uint64_t)0x3ffffffffffff8U - f21; - out[2U] = f12 + (uint64_t)0x3ffffffffffff8U - f22; - out[3U] = f13 + (uint64_t)0x3ffffffffffff8U - f23; - out[4U] = f14 + (uint64_t)0x3ffffffffffff8U - f24; + out[0U] = f10 + 0x3fffffffffff68ULL - f20; + out[1U] = f11 + 0x3ffffffffffff8ULL - f21; + out[2U] = f12 + 0x3ffffffffffff8ULL - f22; + out[3U] = f13 + 0x3ffffffffffff8ULL - f23; + out[4U] = f14 + 0x3ffffffffffff8ULL - f24; } static inline void @@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul( FStar_UInt128_uint128 *uu___ ) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -94,10 +95,10 @@ Hacl_Impl_Curve25519_Field51_fmul( uint64_t f22 = f2[2U]; uint64_t f23 = f2[3U]; uint64_t f24 = f2[4U]; - uint64_t tmp1 = f21 * (uint64_t)19U; - uint64_t tmp2 = f22 * (uint64_t)19U; - uint64_t tmp3 = f23 * (uint64_t)19U; - uint64_t tmp4 = f24 * (uint64_t)19U; + uint64_t tmp1 = f21 * 19ULL; + uint64_t tmp2 = f22 * 19ULL; + uint64_t tmp3 = f23 * 19ULL; + uint64_t tmp4 = f24 * 19ULL; FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20); FStar_UInt128_uint128 o10 = FStar_UInt128_mul_wide(f10, f21); FStar_UInt128_uint128 o20 = FStar_UInt128_mul_wide(f10, f22); @@ -128,25 +129,24 @@ Hacl_Impl_Curve25519_Field51_fmul( FStar_UInt128_uint128 tmp_w2 = o24; FStar_UInt128_uint128 tmp_w3 = o34; FStar_UInt128_uint128 tmp_w4 = o44; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp01 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp11 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp21 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp31 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp01 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp41 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp01 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t o0 = tmp0_; uint64_t o1 = tmp11 + c5; uint64_t o2 = tmp21; @@ -167,6 +167,7 @@ Hacl_Impl_Curve25519_Field51_fmul2( FStar_UInt128_uint128 *uu___ ) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -187,14 +188,14 @@ Hacl_Impl_Curve25519_Field51_fmul2( uint64_t f42 = f2[7U]; uint64_t f43 = f2[8U]; uint64_t f44 = f2[9U]; - uint64_t tmp11 = f21 * (uint64_t)19U; - uint64_t tmp12 = f22 * (uint64_t)19U; - uint64_t tmp13 = f23 * (uint64_t)19U; - uint64_t tmp14 = f24 * (uint64_t)19U; - uint64_t tmp21 = f41 * (uint64_t)19U; - uint64_t tmp22 = f42 * (uint64_t)19U; - uint64_t tmp23 = f43 * (uint64_t)19U; - uint64_t tmp24 = f44 * (uint64_t)19U; + uint64_t tmp11 = f21 * 19ULL; + uint64_t tmp12 = f22 * 19ULL; + uint64_t tmp13 = f23 * 19ULL; + uint64_t tmp14 = f24 * 19ULL; + uint64_t tmp21 = f41 * 19ULL; + uint64_t tmp22 = f42 * 19ULL; + uint64_t tmp23 = f43 * 19ULL; + uint64_t tmp24 = f44 * 19ULL; FStar_UInt128_uint128 o00 = FStar_UInt128_mul_wide(f10, f20); FStar_UInt128_uint128 o15 = FStar_UInt128_mul_wide(f10, f21); FStar_UInt128_uint128 o25 = FStar_UInt128_mul_wide(f10, f22); @@ -255,49 +256,47 @@ Hacl_Impl_Curve25519_Field51_fmul2( FStar_UInt128_uint128 tmp_w22 = o241; FStar_UInt128_uint128 tmp_w23 = o34; FStar_UInt128_uint128 tmp_w24 = o44; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w10, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w11, FStar_UInt128_uint64_to_uint128(c00)); - uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w12, FStar_UInt128_uint64_to_uint128(c10)); - uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w13, FStar_UInt128_uint64_to_uint128(c20)); - uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w14, FStar_UInt128_uint64_to_uint128(c30)); - uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp00 + c40 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c50 = l_4 >> (uint32_t)51U; + uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp00 + c40 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c50 = l_4 >> 51U; uint64_t o100 = tmp0_; uint64_t o112 = tmp10 + c50; uint64_t o122 = tmp20; uint64_t o132 = tmp30; uint64_t o142 = tmp40; - FStar_UInt128_uint128 - l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U)); + FStar_UInt128_uint128 l_5 = FStar_UInt128_add(tmp_w20, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U)); FStar_UInt128_uint128 l_6 = FStar_UInt128_add(tmp_w21, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U)); FStar_UInt128_uint128 l_7 = FStar_UInt128_add(tmp_w22, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U)); FStar_UInt128_uint128 l_8 = FStar_UInt128_add(tmp_w23, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U)); FStar_UInt128_uint128 l_9 = FStar_UInt128_add(tmp_w24, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U)); - uint64_t l_10 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_10 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U)); + uint64_t l_10 = tmp0 + c4 * 19ULL; + uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL; + uint64_t c5 = l_10 >> 51U; uint64_t o200 = tmp0_0; uint64_t o212 = tmp1 + c5; uint64_t o222 = tmp2; @@ -337,25 +336,24 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f FStar_UInt128_uint128 tmp_w2 = FStar_UInt128_mul_wide(f2, f12); FStar_UInt128_uint128 tmp_w3 = FStar_UInt128_mul_wide(f2, f13); FStar_UInt128_uint128 tmp_w4 = FStar_UInt128_mul_wide(f2, f14); - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(tmp_w0, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(tmp_w1, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(tmp_w2, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(tmp_w3, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(tmp_w4, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp0 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t o0 = tmp0_; uint64_t o1 = tmp1 + c5; uint64_t o2 = tmp2; @@ -371,17 +369,18 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f static inline void Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f0 = f[0U]; uint64_t f1 = f[1U]; uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - uint64_t d0 = (uint64_t)2U * f0; - uint64_t d1 = (uint64_t)2U * f1; - uint64_t d2 = (uint64_t)38U * f2; - uint64_t d3 = (uint64_t)19U * f3; - uint64_t d419 = (uint64_t)19U * f4; - uint64_t d4 = (uint64_t)2U * d419; + uint64_t d0 = 2ULL * f0; + uint64_t d1 = 2ULL * f1; + uint64_t d2 = 38ULL * f2; + uint64_t d3 = 19ULL * f3; + uint64_t d419 = 19ULL * f4; + uint64_t d4 = 2ULL * d419; FStar_UInt128_uint128 s0 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f0, f0), @@ -412,25 +411,24 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint FStar_UInt128_uint128 o20 = s2; FStar_UInt128_uint128 o30 = s3; FStar_UInt128_uint128 o40 = s4; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(o00, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o10, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o20, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o30, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o40, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp0 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t o0 = tmp0_; uint64_t o1 = tmp1 + c5; uint64_t o2 = tmp2; @@ -446,6 +444,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint static inline void Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_MAYBE_UNUSED_VAR(uu___); uint64_t f10 = f[0U]; uint64_t f11 = f[1U]; uint64_t f12 = f[2U]; @@ -456,12 +455,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin uint64_t f22 = f[7U]; uint64_t f23 = f[8U]; uint64_t f24 = f[9U]; - uint64_t d00 = (uint64_t)2U * f10; - uint64_t d10 = (uint64_t)2U * f11; - uint64_t d20 = (uint64_t)38U * f12; - uint64_t d30 = (uint64_t)19U * f13; - uint64_t d4190 = (uint64_t)19U * f14; - uint64_t d40 = (uint64_t)2U * d4190; + uint64_t d00 = 2ULL * f10; + uint64_t d10 = 2ULL * f11; + uint64_t d20 = 38ULL * f12; + uint64_t d30 = 19ULL * f13; + uint64_t d4190 = 19ULL * f14; + uint64_t d40 = 2ULL * d4190; FStar_UInt128_uint128 s00 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f10, f10), @@ -492,12 +491,12 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin FStar_UInt128_uint128 o120 = s20; FStar_UInt128_uint128 o130 = s30; FStar_UInt128_uint128 o140 = s40; - uint64_t d0 = (uint64_t)2U * f20; - uint64_t d1 = (uint64_t)2U * f21; - uint64_t d2 = (uint64_t)38U * f22; - uint64_t d3 = (uint64_t)19U * f23; - uint64_t d419 = (uint64_t)19U * f24; - uint64_t d4 = (uint64_t)2U * d419; + uint64_t d0 = 2ULL * f20; + uint64_t d1 = 2ULL * f21; + uint64_t d2 = 38ULL * f22; + uint64_t d3 = 19ULL * f23; + uint64_t d419 = 19ULL * f24; + uint64_t d4 = 2ULL * d419; FStar_UInt128_uint128 s0 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(f20, f20), @@ -528,49 +527,47 @@ Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uin FStar_UInt128_uint128 o220 = s2; FStar_UInt128_uint128 o230 = s3; FStar_UInt128_uint128 o240 = s4; - FStar_UInt128_uint128 - l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & (uint64_t)0x7ffffffffffffU; - uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, (uint32_t)51U)); + FStar_UInt128_uint128 l_ = FStar_UInt128_add(o100, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp00 = FStar_UInt128_uint128_to_uint64(l_) & 0x7ffffffffffffULL; + uint64_t c00 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_, 51U)); FStar_UInt128_uint128 l_0 = FStar_UInt128_add(o110, FStar_UInt128_uint64_to_uint128(c00)); - uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & (uint64_t)0x7ffffffffffffU; - uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, (uint32_t)51U)); + uint64_t tmp10 = FStar_UInt128_uint128_to_uint64(l_0) & 0x7ffffffffffffULL; + uint64_t c10 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_0, 51U)); FStar_UInt128_uint128 l_1 = FStar_UInt128_add(o120, FStar_UInt128_uint64_to_uint128(c10)); - uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & (uint64_t)0x7ffffffffffffU; - uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, (uint32_t)51U)); + uint64_t tmp20 = FStar_UInt128_uint128_to_uint64(l_1) & 0x7ffffffffffffULL; + uint64_t c20 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_1, 51U)); FStar_UInt128_uint128 l_2 = FStar_UInt128_add(o130, FStar_UInt128_uint64_to_uint128(c20)); - uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & (uint64_t)0x7ffffffffffffU; - uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, (uint32_t)51U)); + uint64_t tmp30 = FStar_UInt128_uint128_to_uint64(l_2) & 0x7ffffffffffffULL; + uint64_t c30 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_2, 51U)); FStar_UInt128_uint128 l_3 = FStar_UInt128_add(o140, FStar_UInt128_uint64_to_uint128(c30)); - uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & (uint64_t)0x7ffffffffffffU; - uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, (uint32_t)51U)); - uint64_t l_4 = tmp00 + c40 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c50 = l_4 >> (uint32_t)51U; + uint64_t tmp40 = FStar_UInt128_uint128_to_uint64(l_3) & 0x7ffffffffffffULL; + uint64_t c40 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_3, 51U)); + uint64_t l_4 = tmp00 + c40 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c50 = l_4 >> 51U; uint64_t o101 = tmp0_; uint64_t o111 = tmp10 + c50; uint64_t o121 = tmp20; uint64_t o131 = tmp30; uint64_t o141 = tmp40; - FStar_UInt128_uint128 - l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128((uint64_t)0U)); - uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, (uint32_t)51U)); + FStar_UInt128_uint128 l_5 = FStar_UInt128_add(o200, FStar_UInt128_uint64_to_uint128(0ULL)); + uint64_t tmp0 = FStar_UInt128_uint128_to_uint64(l_5) & 0x7ffffffffffffULL; + uint64_t c0 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_5, 51U)); FStar_UInt128_uint128 l_6 = FStar_UInt128_add(o210, FStar_UInt128_uint64_to_uint128(c0)); - uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, (uint32_t)51U)); + uint64_t tmp1 = FStar_UInt128_uint128_to_uint64(l_6) & 0x7ffffffffffffULL; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_6, 51U)); FStar_UInt128_uint128 l_7 = FStar_UInt128_add(o220, FStar_UInt128_uint64_to_uint128(c1)); - uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, (uint32_t)51U)); + uint64_t tmp2 = FStar_UInt128_uint128_to_uint64(l_7) & 0x7ffffffffffffULL; + uint64_t c2 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_7, 51U)); FStar_UInt128_uint128 l_8 = FStar_UInt128_add(o230, FStar_UInt128_uint64_to_uint128(c2)); - uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, (uint32_t)51U)); + uint64_t tmp3 = FStar_UInt128_uint128_to_uint64(l_8) & 0x7ffffffffffffULL; + uint64_t c3 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_8, 51U)); FStar_UInt128_uint128 l_9 = FStar_UInt128_add(o240, FStar_UInt128_uint64_to_uint128(c3)); - uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, (uint32_t)51U)); - uint64_t l_10 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_0 = l_10 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_10 >> (uint32_t)51U; + uint64_t tmp4 = FStar_UInt128_uint128_to_uint64(l_9) & 0x7ffffffffffffULL; + uint64_t c4 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(l_9, 51U)); + uint64_t l_10 = tmp0 + c4 * 19ULL; + uint64_t tmp0_0 = l_10 & 0x7ffffffffffffULL; + uint64_t c5 = l_10 >> 51U; uint64_t o201 = tmp0_0; uint64_t o211 = tmp1 + c5; uint64_t o221 = tmp2; @@ -605,49 +602,49 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - uint64_t l_ = f0 + (uint64_t)0U; - uint64_t tmp0 = l_ & (uint64_t)0x7ffffffffffffU; - uint64_t c0 = l_ >> (uint32_t)51U; + uint64_t l_ = f0 + 0ULL; + uint64_t tmp0 = l_ & 0x7ffffffffffffULL; + uint64_t c0 = l_ >> 51U; uint64_t l_0 = f1 + c0; - uint64_t tmp1 = l_0 & (uint64_t)0x7ffffffffffffU; - uint64_t c1 = l_0 >> (uint32_t)51U; + uint64_t tmp1 = l_0 & 0x7ffffffffffffULL; + uint64_t c1 = l_0 >> 51U; uint64_t l_1 = f2 + c1; - uint64_t tmp2 = l_1 & (uint64_t)0x7ffffffffffffU; - uint64_t c2 = l_1 >> (uint32_t)51U; + uint64_t tmp2 = l_1 & 0x7ffffffffffffULL; + uint64_t c2 = l_1 >> 51U; uint64_t l_2 = f3 + c2; - uint64_t tmp3 = l_2 & (uint64_t)0x7ffffffffffffU; - uint64_t c3 = l_2 >> (uint32_t)51U; + uint64_t tmp3 = l_2 & 0x7ffffffffffffULL; + uint64_t c3 = l_2 >> 51U; uint64_t l_3 = f4 + c3; - uint64_t tmp4 = l_3 & (uint64_t)0x7ffffffffffffU; - uint64_t c4 = l_3 >> (uint32_t)51U; - uint64_t l_4 = tmp0 + c4 * (uint64_t)19U; - uint64_t tmp0_ = l_4 & (uint64_t)0x7ffffffffffffU; - uint64_t c5 = l_4 >> (uint32_t)51U; + uint64_t tmp4 = l_3 & 0x7ffffffffffffULL; + uint64_t c4 = l_3 >> 51U; + uint64_t l_4 = tmp0 + c4 * 19ULL; + uint64_t tmp0_ = l_4 & 0x7ffffffffffffULL; + uint64_t c5 = l_4 >> 51U; uint64_t f01 = tmp0_; uint64_t f11 = tmp1 + c5; uint64_t f21 = tmp2; uint64_t f31 = tmp3; uint64_t f41 = tmp4; - uint64_t m0 = FStar_UInt64_gte_mask(f01, (uint64_t)0x7ffffffffffedU); - uint64_t m1 = FStar_UInt64_eq_mask(f11, (uint64_t)0x7ffffffffffffU); - uint64_t m2 = FStar_UInt64_eq_mask(f21, (uint64_t)0x7ffffffffffffU); - uint64_t m3 = FStar_UInt64_eq_mask(f31, (uint64_t)0x7ffffffffffffU); - uint64_t m4 = FStar_UInt64_eq_mask(f41, (uint64_t)0x7ffffffffffffU); + uint64_t m0 = FStar_UInt64_gte_mask(f01, 0x7ffffffffffedULL); + uint64_t m1 = FStar_UInt64_eq_mask(f11, 0x7ffffffffffffULL); + uint64_t m2 = FStar_UInt64_eq_mask(f21, 0x7ffffffffffffULL); + uint64_t m3 = FStar_UInt64_eq_mask(f31, 0x7ffffffffffffULL); + uint64_t m4 = FStar_UInt64_eq_mask(f41, 0x7ffffffffffffULL); uint64_t mask = (((m0 & m1) & m2) & m3) & m4; - uint64_t f0_ = f01 - (mask & (uint64_t)0x7ffffffffffedU); - uint64_t f1_ = f11 - (mask & (uint64_t)0x7ffffffffffffU); - uint64_t f2_ = f21 - (mask & (uint64_t)0x7ffffffffffffU); - uint64_t f3_ = f31 - (mask & (uint64_t)0x7ffffffffffffU); - uint64_t f4_ = f41 - (mask & (uint64_t)0x7ffffffffffffU); + uint64_t f0_ = f01 - (mask & 0x7ffffffffffedULL); + uint64_t f1_ = f11 - (mask & 0x7ffffffffffffULL); + uint64_t f2_ = f21 - (mask & 0x7ffffffffffffULL); + uint64_t f3_ = f31 - (mask & 0x7ffffffffffffULL); + uint64_t f4_ = f41 - (mask & 0x7ffffffffffffULL); uint64_t f02 = f0_; uint64_t f12 = f1_; uint64_t f22 = f2_; uint64_t f32 = f3_; uint64_t f42 = f4_; - uint64_t o00 = f02 | f12 << (uint32_t)51U; - uint64_t o10 = f12 >> (uint32_t)13U | f22 << (uint32_t)38U; - uint64_t o20 = f22 >> (uint32_t)26U | f32 << (uint32_t)25U; - uint64_t o30 = f32 >> (uint32_t)39U | f42 << (uint32_t)12U; + uint64_t o00 = f02 | f12 << 51U; + uint64_t o10 = f12 >> 13U | f22 << 38U; + uint64_t o20 = f22 >> 26U | f32 << 25U; + uint64_t o30 = f32 >> 39U | f42 << 12U; uint64_t o0 = o00; uint64_t o1 = o10; uint64_t o2 = o20; @@ -661,11 +658,11 @@ static inline void Hacl_Impl_Curve25519_Field51_store_felem(uint64_t *u64s, uint static inline void Hacl_Impl_Curve25519_Field51_cswap2(uint64_t bit, uint64_t *p1, uint64_t *p2) { - uint64_t mask = (uint64_t)0U - bit; + uint64_t mask = 0ULL - bit; KRML_MAYBE_FOR10(i, - (uint32_t)0U, - (uint32_t)10U, - (uint32_t)1U, + 0U, + 10U, + 1U, uint64_t dummy = mask & (p1[i] ^ p2[i]); p1[i] = p1[i] ^ dummy; p2[i] = p2[i] ^ dummy;); diff --git a/include/msvc/internal/Hacl_Bignum_Base.h b/include/msvc/internal/Hacl_Bignum_Base.h index 590fcbd0..bafd4896 100644 --- a/include/msvc/internal/Hacl_Bignum_Base.h +++ b/include/msvc/internal/Hacl_Bignum_Base.h @@ -45,7 +45,7 @@ Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32 uint32_t out0 = out[0U]; uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0; out[0U] = (uint32_t)res; - return (uint32_t)(res >> (uint32_t)32U); + return (uint32_t)(res >> 32U); } static inline uint64_t @@ -58,22 +58,22 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64 FStar_UInt128_uint64_to_uint128(c_in)), FStar_UInt128_uint64_to_uint128(out0)); out[0U] = FStar_UInt128_uint128_to_uint64(res); - return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); + return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)); } static inline void Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res) { - uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; - uint32_t tmpLen = (uint32_t)8U * bnLen; + uint32_t bnLen = (len - 1U) / 8U + 1U; + uint32_t tmpLen = 8U * bnLen; KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t)); memset(tmp, 0U, tmpLen * sizeof (uint8_t)); memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t)); - for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + for (uint32_t i = 0U; i < bnLen; i++) { uint64_t *os = res; - uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U); + uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U); uint64_t x = u; os[i] = x; } @@ -82,24 +82,24 @@ Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t * static inline void Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res) { - uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; - uint32_t tmpLen = (uint32_t)8U * bnLen; + uint32_t bnLen = (len - 1U) / 8U + 1U; + uint32_t tmpLen = 8U * bnLen; KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t)); memset(tmp, 0U, tmpLen * sizeof (uint8_t)); - for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + for (uint32_t i = 0U; i < bnLen; i++) { - store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]); + store64_be(tmp + i * 8U, b[bnLen - i - 1U]); } memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t)); } static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b) { - uint32_t priv = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < len; i++) + uint32_t priv = 0U; + for (uint32_t i = 0U; i < len; i++) { - uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U); + uint32_t mask = FStar_UInt32_eq_mask(b[i], 0U); priv = (mask & priv) | (~mask & i); } return priv; @@ -107,10 +107,10 @@ static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32 static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b) { - uint64_t priv = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < len; i++) + uint64_t priv = 0ULL; + for (uint32_t i = 0U; i < len; i++) { - uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U); + uint64_t mask = FStar_UInt64_eq_mask(b[i], 0ULL); priv = (mask & priv) | (~mask & (uint64_t)i); } return priv; @@ -119,63 +119,63 @@ static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64 static inline uint32_t Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l) { - uint32_t i1 = i / (uint32_t)32U; - uint32_t j = i % (uint32_t)32U; + uint32_t i1 = i / 32U; + uint32_t j = i % 32U; uint32_t p1 = b[i1] >> j; uint32_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + if (i1 + 1U < len && 0U < j) { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j); + ite = p1 | b[i1 + 1U] << (32U - j); } else { ite = p1; } - return ite & (((uint32_t)1U << l) - (uint32_t)1U); + return ite & ((1U << l) - 1U); } static inline uint64_t Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l) { - uint32_t i1 = i / (uint32_t)64U; - uint32_t j = i % (uint32_t)64U; + uint32_t i1 = i / 64U; + uint32_t j = i % 64U; uint64_t p1 = b[i1] >> j; uint64_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + if (i1 + 1U < len && 0U < j) { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); + ite = p1 | b[i1 + 1U] << (64U - j); } else { ite = p1; } - return ite & (((uint64_t)1U << l) - (uint64_t)1U); + return ite & ((1ULL << l) - 1ULL); } static inline uint32_t Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) { - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t t1 = a[(uint32_t)4U * i]; - uint32_t t20 = b[(uint32_t)4U * i]; - uint32_t *res_i0 = res + (uint32_t)4U * i; + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0); - uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1); - uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2); - uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t t1 = a[i]; uint32_t t2 = b[i]; @@ -188,27 +188,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, static inline uint64_t Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) { - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t t1 = a[i]; uint64_t t2 = b[i]; @@ -221,27 +221,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, static inline uint32_t Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) { - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t t1 = a[(uint32_t)4U * i]; - uint32_t t20 = b[(uint32_t)4U * i]; - uint32_t *res_i0 = res + (uint32_t)4U * i; + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0); - uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1); - uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2); - uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t t1 = a[i]; uint32_t t2 = b[i]; @@ -254,27 +254,27 @@ Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, static inline uint64_t Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) { - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t t1 = a[i]; uint64_t t2 = b[i]; @@ -294,27 +294,27 @@ Hacl_Bignum_Multiplication_bn_mul_u32( ) { memset(res, 0U, (aLen + bLen) * sizeof (uint32_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + for (uint32_t i0 = 0U; i0 < bLen; i0++) { uint32_t bj = b[i0]; uint32_t *res_j = res + i0; - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t a_i = a[(uint32_t)4U * i]; - uint32_t *res_i0 = res_j + (uint32_t)4U * i; + uint32_t a_i = a[4U * i]; + uint32_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0); - uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint32_t a_i0 = a[4U * i + 1U]; + uint32_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1); - uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint32_t a_i1 = a[4U * i + 2U]; + uint32_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2); - uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint32_t a_i2 = a[4U * i + 3U]; + uint32_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t a_i = a[i]; uint32_t *res_i = res_j + i; @@ -335,27 +335,27 @@ Hacl_Bignum_Multiplication_bn_mul_u64( ) { memset(res, 0U, (aLen + bLen) * sizeof (uint64_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + for (uint32_t i0 = 0U; i0 < bLen; i0++) { uint64_t bj = b[i0]; uint64_t *res_j = res + i0; - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t a_i = a[(uint32_t)4U * i]; - uint64_t *res_i0 = res_j + (uint32_t)4U * i; + uint64_t a_i = a[4U * i]; + uint64_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0); - uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint64_t a_i0 = a[4U * i + 1U]; + uint64_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1); - uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint64_t a_i1 = a[4U * i + 2U]; + uint64_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2); - uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint64_t a_i2 = a[4U * i + 3U]; + uint64_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t a_i = a[i]; uint64_t *res_i = res_j + i; @@ -370,28 +370,28 @@ static inline void Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) { memset(res, 0U, (aLen + aLen) * sizeof (uint32_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + for (uint32_t i0 = 0U; i0 < aLen; i0++) { uint32_t *ab = a; uint32_t a_j = a[i0]; uint32_t *res_j = res + i0; - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint32_t a_i = ab[(uint32_t)4U * i]; - uint32_t *res_i0 = res_j + (uint32_t)4U * i; + uint32_t a_i = ab[4U * i]; + uint32_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0); - uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint32_t a_i0 = ab[4U * i + 1U]; + uint32_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1); - uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint32_t a_i1 = ab[4U * i + 2U]; + uint32_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2); - uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint32_t a_i2 = ab[4U * i + 3U]; + uint32_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i); } - for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { uint32_t a_i = ab[i]; uint32_t *res_i = res_j + i; @@ -401,46 +401,48 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) res[i0 + i0] = r; } uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res); + KRML_MAYBE_UNUSED_VAR(c0); KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen); uint32_t *tmp = (uint32_t *)alloca((aLen + aLen) * sizeof (uint32_t)); memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t)); - for (uint32_t i = (uint32_t)0U; i < aLen; i++) + for (uint32_t i = 0U; i < aLen; i++) { uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i]; - uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U); + uint32_t hi = (uint32_t)(res1 >> 32U); uint32_t lo = (uint32_t)res1; - tmp[(uint32_t)2U * i] = lo; - tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + tmp[2U * i] = lo; + tmp[2U * i + 1U] = hi; } uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res); + KRML_MAYBE_UNUSED_VAR(c1); } static inline void Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) { memset(res, 0U, (aLen + aLen) * sizeof (uint64_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + for (uint32_t i0 = 0U; i0 < aLen; i0++) { uint64_t *ab = a; uint64_t a_j = a[i0]; uint64_t *res_j = res + i0; - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint64_t a_i = ab[(uint32_t)4U * i]; - uint64_t *res_i0 = res_j + (uint32_t)4U * i; + uint64_t a_i = ab[4U * i]; + uint64_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0); - uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint64_t a_i0 = ab[4U * i + 1U]; + uint64_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1); - uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint64_t a_i1 = ab[4U * i + 2U]; + uint64_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2); - uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint64_t a_i2 = ab[4U * i + 3U]; + uint64_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i); } - for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { uint64_t a_i = ab[i]; uint64_t *res_i = res_j + i; @@ -450,18 +452,20 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) res[i0 + i0] = r; } uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res); + KRML_MAYBE_UNUSED_VAR(c0); KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen); uint64_t *tmp = (uint64_t *)alloca((aLen + aLen) * sizeof (uint64_t)); memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t)); - for (uint32_t i = (uint32_t)0U; i < aLen; i++) + for (uint32_t i = 0U; i < aLen; i++) { FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]); - uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U)); + uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U)); uint64_t lo = FStar_UInt128_uint128_to_uint64(res1); - tmp[(uint32_t)2U * i] = lo; - tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + tmp[2U * i] = lo; + tmp[2U * i + 1U] = hi; } uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res); + KRML_MAYBE_UNUSED_VAR(c1); } #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_Bignum_K256.h b/include/msvc/internal/Hacl_Bignum_K256.h index 59aff176..fe72fffe 100644 --- a/include/msvc/internal/Hacl_Bignum_K256.h +++ b/include/msvc/internal/Hacl_Bignum_K256.h @@ -45,13 +45,7 @@ static inline bool Hacl_K256_Field_is_felem_zero_vartime(uint64_t *f) uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - return - f0 - == (uint64_t)0U - && f1 == (uint64_t)0U - && f2 == (uint64_t)0U - && f3 == (uint64_t)0U - && f4 == (uint64_t)0U; + return f0 == 0ULL && f1 == 0ULL && f2 == 0ULL && f3 == 0ULL && f4 == 0ULL; } static inline bool Hacl_K256_Field_is_felem_eq_vartime(uint64_t *f1, uint64_t *f2) @@ -76,42 +70,42 @@ static inline bool Hacl_K256_Field_is_felem_lt_prime_minus_order_vartime(uint64_ uint64_t f2 = f[2U]; uint64_t f3 = f[3U]; uint64_t f4 = f[4U]; - if (f4 > (uint64_t)0U) + if (f4 > 0ULL) { return false; } - if (f3 > (uint64_t)0U) + if (f3 > 0ULL) { return false; } - if (f2 < (uint64_t)0x1455123U) + if (f2 < 0x1455123ULL) { return true; } - if (f2 > (uint64_t)0x1455123U) + if (f2 > 0x1455123ULL) { return false; } - if (f1 < (uint64_t)0x1950b75fc4402U) + if (f1 < 0x1950b75fc4402ULL) { return true; } - if (f1 > (uint64_t)0x1950b75fc4402U) + if (f1 > 0x1950b75fc4402ULL) { return false; } - return f0 < (uint64_t)0xda1722fc9baeeU; + return f0 < 0xda1722fc9baeeULL; } static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b) { uint64_t tmp[4U] = { 0U }; KRML_MAYBE_FOR4(i, - (uint32_t)0U, - (uint32_t)4U, - (uint32_t)1U, + 0U, + 4U, + 1U, uint64_t *os = tmp; - uint8_t *bj = b + i * (uint32_t)8U; + uint8_t *bj = b + i * 8U; uint64_t u = load64_be(bj); uint64_t r = u; uint64_t x = r; @@ -120,11 +114,11 @@ static inline void Hacl_K256_Field_load_felem(uint64_t *f, uint8_t *b) uint64_t s1 = tmp[2U]; uint64_t s2 = tmp[1U]; uint64_t s3 = tmp[0U]; - uint64_t f00 = s0 & (uint64_t)0xfffffffffffffU; - uint64_t f10 = s0 >> (uint32_t)52U | (s1 & (uint64_t)0xffffffffffU) << (uint32_t)12U; - uint64_t f20 = s1 >> (uint32_t)40U | (s2 & (uint64_t)0xfffffffU) << (uint32_t)24U; - uint64_t f30 = s2 >> (uint32_t)28U | (s3 & (uint64_t)0xffffU) << (uint32_t)36U; - uint64_t f40 = s3 >> (uint32_t)16U; + uint64_t f00 = s0 & 0xfffffffffffffULL; + uint64_t f10 = s0 >> 52U | (s1 & 0xffffffffffULL) << 12U; + uint64_t f20 = s1 >> 40U | (s2 & 0xfffffffULL) << 24U; + uint64_t f30 = s2 >> 28U | (s3 & 0xffffULL) << 36U; + uint64_t f40 = s3 >> 16U; uint64_t f0 = f00; uint64_t f1 = f10; uint64_t f2 = f20; @@ -148,11 +142,11 @@ static inline bool Hacl_K256_Field_load_felem_lt_prime_vartime(uint64_t *f, uint bool is_ge_p = f0 - >= (uint64_t)0xffffefffffc2fU - && f1 == (uint64_t)0xfffffffffffffU - && f2 == (uint64_t)0xfffffffffffffU - && f3 == (uint64_t)0xfffffffffffffU - && f4 == (uint64_t)0xffffffffffffU; + >= 0xffffefffffc2fULL + && f1 == 0xfffffffffffffULL + && f2 == 0xfffffffffffffULL + && f3 == 0xfffffffffffffULL + && f4 == 0xffffffffffffULL; return !is_ge_p; } @@ -164,10 +158,10 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f) uint64_t f20 = f[2U]; uint64_t f30 = f[3U]; uint64_t f4 = f[4U]; - uint64_t o0 = f00 | f10 << (uint32_t)52U; - uint64_t o1 = f10 >> (uint32_t)12U | f20 << (uint32_t)40U; - uint64_t o2 = f20 >> (uint32_t)24U | f30 << (uint32_t)28U; - uint64_t o3 = f30 >> (uint32_t)36U | f4 << (uint32_t)16U; + uint64_t o0 = f00 | f10 << 52U; + uint64_t o1 = f10 >> 12U | f20 << 40U; + uint64_t o2 = f20 >> 24U | f30 << 28U; + uint64_t o3 = f30 >> 36U | f4 << 16U; uint64_t f0 = o0; uint64_t f1 = o1; uint64_t f2 = o2; @@ -176,11 +170,7 @@ static inline void Hacl_K256_Field_store_felem(uint8_t *b, uint64_t *f) tmp[1U] = f2; tmp[2U] = f1; tmp[3U] = f0; - KRML_MAYBE_FOR4(i, - (uint32_t)0U, - (uint32_t)4U, - (uint32_t)1U, - store64_be(b + i * (uint32_t)8U, tmp[i]);); + KRML_MAYBE_FOR4(i, 0U, 4U, 1U, store64_be(b + i * 8U, tmp[i]);); } static inline void Hacl_K256_Field_fmul_small_num(uint64_t *out, uint64_t *f, uint64_t num) @@ -248,11 +238,11 @@ static inline void Hacl_K256_Field_fsub(uint64_t *out, uint64_t *f1, uint64_t *f uint64_t b2 = f2[2U]; uint64_t b3 = f2[3U]; uint64_t b4 = f2[4U]; - uint64_t r00 = (uint64_t)9007190664804446U * x - b0; - uint64_t r10 = (uint64_t)9007199254740990U * x - b1; - uint64_t r20 = (uint64_t)9007199254740990U * x - b2; - uint64_t r30 = (uint64_t)9007199254740990U * x - b3; - uint64_t r40 = (uint64_t)562949953421310U * x - b4; + uint64_t r00 = 9007190664804446ULL * x - b0; + uint64_t r10 = 9007199254740990ULL * x - b1; + uint64_t r20 = 9007199254740990ULL * x - b2; + uint64_t r30 = 9007199254740990ULL * x - b3; + uint64_t r40 = 562949953421310ULL * x - b4; uint64_t r0 = r00; uint64_t r1 = r10; uint64_t r2 = r20; @@ -287,7 +277,7 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f uint64_t b2 = f2[2U]; uint64_t b3 = f2[3U]; uint64_t b4 = f2[4U]; - uint64_t r = (uint64_t)0x1000003D10U; + uint64_t r = 0x1000003D10ULL; FStar_UInt128_uint128 d0 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0, @@ -298,9 +288,9 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, b4); FStar_UInt128_uint128 d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0))); - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U)); - uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U); + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U)); + uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U); FStar_UInt128_uint128 d3 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2, @@ -309,12 +299,11 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_mul_wide(a2, b2)), FStar_UInt128_mul_wide(a3, b1)), FStar_UInt128_mul_wide(a4, b0)); - FStar_UInt128_uint128 - d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1)); - uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U); - uint64_t tx = t4 >> (uint32_t)48U; - uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU; + FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1)); + uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U); + uint64_t tx = t4 >> 48U; + uint64_t t4_ = t4 & 0xffffffffffffULL; FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, b0); FStar_UInt128_uint128 d6 = @@ -323,13 +312,12 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_mul_wide(a2, b3)), FStar_UInt128_mul_wide(a3, b2)), FStar_UInt128_mul_wide(a4, b1)); - uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U); - uint64_t u0_ = tx | u0 << (uint32_t)4U; - FStar_UInt128_uint128 - c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U)); - uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U); + uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U); + uint64_t u0_ = tx | u0 << 4U; + FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U)); + uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U); FStar_UInt128_uint128 c5 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a0, b1)), @@ -343,10 +331,10 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_uint128 c6 = FStar_UInt128_add_mod(c5, - FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r)); - FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U); - uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U); + FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r)); + FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U); + uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U); FStar_UInt128_uint128 c8 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7, @@ -359,16 +347,15 @@ static inline void Hacl_K256_Field_fmul(uint64_t *out, uint64_t *f1, uint64_t *f FStar_UInt128_mul_wide(a4, b3)); FStar_UInt128_uint128 c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10))); - uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U)); - uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U); + uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U)); + uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U); FStar_UInt128_uint128 c11 = - FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, - FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)), + FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)), FStar_UInt128_uint64_to_uint128(t3)); - uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU; - uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U)); + uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL; + uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U)); uint64_t r4 = c12 + t4_; uint64_t f0 = r0; uint64_t f11 = r1; @@ -389,43 +376,41 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f) uint64_t a2 = f[2U]; uint64_t a3 = f[3U]; uint64_t a4 = f[4U]; - uint64_t r = (uint64_t)0x1000003D10U; + uint64_t r = 0x1000003D10ULL; FStar_UInt128_uint128 d0 = - FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * (uint64_t)2U, a3), - FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a2)); + FStar_UInt128_add_mod(FStar_UInt128_mul_wide(a0 * 2ULL, a3), + FStar_UInt128_mul_wide(a1 * 2ULL, a2)); FStar_UInt128_uint128 c0 = FStar_UInt128_mul_wide(a4, a4); FStar_UInt128_uint128 d1 = FStar_UInt128_add_mod(d0, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(c0))); - uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, (uint32_t)64U)); - uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, (uint32_t)52U); - uint64_t a41 = a4 * (uint64_t)2U; + uint64_t c1 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c0, 64U)); + uint64_t t3 = FStar_UInt128_uint128_to_uint64(d1) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d2 = FStar_UInt128_shift_right(d1, 52U); + uint64_t a41 = a4 * 2ULL; FStar_UInt128_uint128 d3 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(d2, FStar_UInt128_mul_wide(a0, a41)), - FStar_UInt128_mul_wide(a1 * (uint64_t)2U, a3)), + FStar_UInt128_mul_wide(a1 * 2ULL, a3)), FStar_UInt128_mul_wide(a2, a2)); - FStar_UInt128_uint128 - d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << (uint32_t)12U, c1)); - uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, (uint32_t)52U); - uint64_t tx = t4 >> (uint32_t)48U; - uint64_t t4_ = t4 & (uint64_t)0xffffffffffffU; + FStar_UInt128_uint128 d4 = FStar_UInt128_add_mod(d3, FStar_UInt128_mul_wide(r << 12U, c1)); + uint64_t t4 = FStar_UInt128_uint128_to_uint64(d4) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d5 = FStar_UInt128_shift_right(d4, 52U); + uint64_t tx = t4 >> 48U; + uint64_t t4_ = t4 & 0xffffffffffffULL; FStar_UInt128_uint128 c2 = FStar_UInt128_mul_wide(a0, a0); FStar_UInt128_uint128 d6 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(d5, FStar_UInt128_mul_wide(a1, a41)), - FStar_UInt128_mul_wide(a2 * (uint64_t)2U, a3)); - uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, (uint32_t)52U); - uint64_t u0_ = tx | u0 << (uint32_t)4U; - FStar_UInt128_uint128 - c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> (uint32_t)4U)); - uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, (uint32_t)52U); - uint64_t a01 = a0 * (uint64_t)2U; + FStar_UInt128_mul_wide(a2 * 2ULL, a3)); + uint64_t u0 = FStar_UInt128_uint128_to_uint64(d6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 d7 = FStar_UInt128_shift_right(d6, 52U); + uint64_t u0_ = tx | u0 << 4U; + FStar_UInt128_uint128 c3 = FStar_UInt128_add_mod(c2, FStar_UInt128_mul_wide(u0_, r >> 4U)); + uint64_t r0 = FStar_UInt128_uint128_to_uint64(c3) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c4 = FStar_UInt128_shift_right(c3, 52U); + uint64_t a01 = a0 * 2ULL; FStar_UInt128_uint128 c5 = FStar_UInt128_add_mod(c4, FStar_UInt128_mul_wide(a01, a1)); FStar_UInt128_uint128 d8 = @@ -434,10 +419,10 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f) FStar_UInt128_uint128 c6 = FStar_UInt128_add_mod(c5, - FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & (uint64_t)0xfffffffffffffU, r)); - FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, (uint32_t)52U); - uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, (uint32_t)52U); + FStar_UInt128_mul_wide(FStar_UInt128_uint128_to_uint64(d8) & 0xfffffffffffffULL, r)); + FStar_UInt128_uint128 d9 = FStar_UInt128_shift_right(d8, 52U); + uint64_t r1 = FStar_UInt128_uint128_to_uint64(c6) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c7 = FStar_UInt128_shift_right(c6, 52U); FStar_UInt128_uint128 c8 = FStar_UInt128_add_mod(FStar_UInt128_add_mod(c7, FStar_UInt128_mul_wide(a01, a2)), @@ -445,16 +430,15 @@ static inline void Hacl_K256_Field_fsqr(uint64_t *out, uint64_t *f) FStar_UInt128_uint128 d10 = FStar_UInt128_add_mod(d9, FStar_UInt128_mul_wide(a3, a41)); FStar_UInt128_uint128 c9 = FStar_UInt128_add_mod(c8, FStar_UInt128_mul_wide(r, FStar_UInt128_uint128_to_uint64(d10))); - uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, (uint32_t)64U)); - uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & (uint64_t)0xfffffffffffffU; - FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, (uint32_t)52U); + uint64_t d11 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(d10, 64U)); + uint64_t r2 = FStar_UInt128_uint128_to_uint64(c9) & 0xfffffffffffffULL; + FStar_UInt128_uint128 c10 = FStar_UInt128_shift_right(c9, 52U); FStar_UInt128_uint128 c11 = - FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, - FStar_UInt128_mul_wide(r << (uint32_t)12U, d11)), + FStar_UInt128_add_mod(FStar_UInt128_add_mod(c10, FStar_UInt128_mul_wide(r << 12U, d11)), FStar_UInt128_uint64_to_uint128(t3)); - uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & (uint64_t)0xfffffffffffffU; - uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, (uint32_t)52U)); + uint64_t r3 = FStar_UInt128_uint128_to_uint64(c11) & 0xfffffffffffffULL; + uint64_t c12 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(c11, 52U)); uint64_t r4 = c12 + t4_; uint64_t f0 = r0; uint64_t f1 = r1; @@ -475,23 +459,23 @@ static inline void Hacl_K256_Field_fnormalize_weak(uint64_t *out, uint64_t *f) uint64_t t2 = f[2U]; uint64_t t3 = f[3U]; uint64_t t4 = f[4U]; - uint64_t x0 = t4 >> (uint32_t)48U; - uint64_t t410 = t4 & (uint64_t)0xffffffffffffU; + uint64_t x0 = t4 >> 48U; + uint64_t t410 = t4 & 0xffffffffffffULL; uint64_t x = x0; uint64_t t01 = t0; uint64_t t11 = t1; uint64_t t21 = t2; uint64_t t31 = t3; uint64_t t41 = t410; - uint64_t t02 = t01 + x * (uint64_t)0x1000003D1U; - uint64_t t12 = t11 + (t02 >> (uint32_t)52U); - uint64_t t03 = t02 & (uint64_t)0xfffffffffffffU; - uint64_t t22 = t21 + (t12 >> (uint32_t)52U); - uint64_t t13 = t12 & (uint64_t)0xfffffffffffffU; - uint64_t t32 = t31 + (t22 >> (uint32_t)52U); - uint64_t t23 = t22 & (uint64_t)0xfffffffffffffU; - uint64_t t42 = t41 + (t32 >> (uint32_t)52U); - uint64_t t33 = t32 & (uint64_t)0xfffffffffffffU; + uint64_t t02 = t01 + x * 0x1000003D1ULL; + uint64_t t12 = t11 + (t02 >> 52U); + uint64_t t03 = t02 & 0xfffffffffffffULL; + uint64_t t22 = t21 + (t12 >> 52U); + uint64_t t13 = t12 & 0xfffffffffffffULL; + uint64_t t32 = t31 + (t22 >> 52U); + uint64_t t23 = t22 & 0xfffffffffffffULL; + uint64_t t42 = t41 + (t32 >> 52U); + uint64_t t33 = t32 & 0xfffffffffffffULL; uint64_t f0 = t03; uint64_t f1 = t13; uint64_t f2 = t23; @@ -511,59 +495,59 @@ static inline void Hacl_K256_Field_fnormalize(uint64_t *out, uint64_t *f) uint64_t f20 = f[2U]; uint64_t f30 = f[3U]; uint64_t f40 = f[4U]; - uint64_t x0 = f40 >> (uint32_t)48U; - uint64_t t40 = f40 & (uint64_t)0xffffffffffffU; + uint64_t x0 = f40 >> 48U; + uint64_t t40 = f40 & 0xffffffffffffULL; uint64_t x1 = x0; uint64_t t00 = f00; uint64_t t10 = f10; uint64_t t20 = f20; uint64_t t30 = f30; uint64_t t42 = t40; - uint64_t t01 = t00 + x1 * (uint64_t)0x1000003D1U; - uint64_t t110 = t10 + (t01 >> (uint32_t)52U); - uint64_t t020 = t01 & (uint64_t)0xfffffffffffffU; - uint64_t t210 = t20 + (t110 >> (uint32_t)52U); - uint64_t t120 = t110 & (uint64_t)0xfffffffffffffU; - uint64_t t310 = t30 + (t210 >> (uint32_t)52U); - uint64_t t220 = t210 & (uint64_t)0xfffffffffffffU; - uint64_t t410 = t42 + (t310 >> (uint32_t)52U); - uint64_t t320 = t310 & (uint64_t)0xfffffffffffffU; + uint64_t t01 = t00 + x1 * 0x1000003D1ULL; + uint64_t t110 = t10 + (t01 >> 52U); + uint64_t t020 = t01 & 0xfffffffffffffULL; + uint64_t t210 = t20 + (t110 >> 52U); + uint64_t t120 = t110 & 0xfffffffffffffULL; + uint64_t t310 = t30 + (t210 >> 52U); + uint64_t t220 = t210 & 0xfffffffffffffULL; + uint64_t t410 = t42 + (t310 >> 52U); + uint64_t t320 = t310 & 0xfffffffffffffULL; uint64_t t0 = t020; uint64_t t1 = t120; uint64_t t2 = t220; uint64_t t3 = t320; uint64_t t4 = t410; - uint64_t x2 = t4 >> (uint32_t)48U; - uint64_t t411 = t4 & (uint64_t)0xffffffffffffU; + uint64_t x2 = t4 >> 48U; + uint64_t t411 = t4 & 0xffffffffffffULL; uint64_t x = x2; uint64_t r0 = t0; uint64_t r1 = t1; uint64_t r2 = t2; uint64_t r3 = t3; uint64_t r4 = t411; - uint64_t m4 = FStar_UInt64_eq_mask(r4, (uint64_t)0xffffffffffffU); - uint64_t m3 = FStar_UInt64_eq_mask(r3, (uint64_t)0xfffffffffffffU); - uint64_t m2 = FStar_UInt64_eq_mask(r2, (uint64_t)0xfffffffffffffU); - uint64_t m1 = FStar_UInt64_eq_mask(r1, (uint64_t)0xfffffffffffffU); - uint64_t m0 = FStar_UInt64_gte_mask(r0, (uint64_t)0xffffefffffc2fU); + uint64_t m4 = FStar_UInt64_eq_mask(r4, 0xffffffffffffULL); + uint64_t m3 = FStar_UInt64_eq_mask(r3, 0xfffffffffffffULL); + uint64_t m2 = FStar_UInt64_eq_mask(r2, 0xfffffffffffffULL); + uint64_t m1 = FStar_UInt64_eq_mask(r1, 0xfffffffffffffULL); + uint64_t m0 = FStar_UInt64_gte_mask(r0, 0xffffefffffc2fULL); uint64_t is_ge_p_m = (((m0 & m1) & m2) & m3) & m4; - uint64_t m_to_one = is_ge_p_m & (uint64_t)1U; + uint64_t m_to_one = is_ge_p_m & 1ULL; uint64_t x10 = m_to_one | x; - uint64_t t010 = r0 + x10 * (uint64_t)0x1000003D1U; - uint64_t t11 = r1 + (t010 >> (uint32_t)52U); - uint64_t t02 = t010 & (uint64_t)0xfffffffffffffU; - uint64_t t21 = r2 + (t11 >> (uint32_t)52U); - uint64_t t12 = t11 & (uint64_t)0xfffffffffffffU; - uint64_t t31 = r3 + (t21 >> (uint32_t)52U); - uint64_t t22 = t21 & (uint64_t)0xfffffffffffffU; - uint64_t t41 = r4 + (t31 >> (uint32_t)52U); - uint64_t t32 = t31 & (uint64_t)0xfffffffffffffU; + uint64_t t010 = r0 + x10 * 0x1000003D1ULL; + uint64_t t11 = r1 + (t010 >> 52U); + uint64_t t02 = t010 & 0xfffffffffffffULL; + uint64_t t21 = r2 + (t11 >> 52U); + uint64_t t12 = t11 & 0xfffffffffffffULL; + uint64_t t31 = r3 + (t21 >> 52U); + uint64_t t22 = t21 & 0xfffffffffffffULL; + uint64_t t41 = r4 + (t31 >> 52U); + uint64_t t32 = t31 & 0xfffffffffffffULL; uint64_t s0 = t02; uint64_t s1 = t12; uint64_t s2 = t22; uint64_t s3 = t32; uint64_t s4 = t41; - uint64_t t412 = s4 & (uint64_t)0xffffffffffffU; + uint64_t t412 = s4 & 0xffffffffffffULL; uint64_t k0 = s0; uint64_t k1 = s1; uint64_t k2 = s2; @@ -590,11 +574,11 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool uint64_t a2 = f[2U]; uint64_t a3 = f[3U]; uint64_t a4 = f[4U]; - uint64_t r0 = (uint64_t)9007190664804446U - a0; - uint64_t r1 = (uint64_t)9007199254740990U - a1; - uint64_t r2 = (uint64_t)9007199254740990U - a2; - uint64_t r3 = (uint64_t)9007199254740990U - a3; - uint64_t r4 = (uint64_t)562949953421310U - a4; + uint64_t r0 = 9007190664804446ULL - a0; + uint64_t r1 = 9007199254740990ULL - a1; + uint64_t r2 = 9007199254740990ULL - a2; + uint64_t r3 = 9007199254740990ULL - a3; + uint64_t r4 = 562949953421310ULL - a4; uint64_t f0 = r0; uint64_t f1 = r1; uint64_t f2 = r2; @@ -612,7 +596,7 @@ static inline void Hacl_K256_Field_fnegate_conditional_vartime(uint64_t *f, bool static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uint32_t b) { - for (uint32_t i = (uint32_t)0U; i < b; i++) + for (uint32_t i = 0U; i < b; i++) { Hacl_K256_Field_fsqr(out, out); } @@ -620,8 +604,8 @@ static inline void Hacl_Impl_K256_Finv_fsquare_times_in_place(uint64_t *out, uin static inline void Hacl_Impl_K256_Finv_fsquare_times(uint64_t *out, uint64_t *a, uint32_t b) { - memcpy(out, a, (uint32_t)5U * sizeof (uint64_t)); - for (uint32_t i = (uint32_t)0U; i < b; i++) + memcpy(out, a, 5U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < b; i++) { Hacl_K256_Field_fsqr(out, out); } @@ -633,29 +617,29 @@ static inline void Hacl_Impl_K256_Finv_fexp_223_23(uint64_t *out, uint64_t *x2, uint64_t x22[5U] = { 0U }; uint64_t x44[5U] = { 0U }; uint64_t x88[5U] = { 0U }; - Hacl_Impl_K256_Finv_fsquare_times(x2, f, (uint32_t)1U); + Hacl_Impl_K256_Finv_fsquare_times(x2, f, 1U); Hacl_K256_Field_fmul(x2, x2, f); - Hacl_Impl_K256_Finv_fsquare_times(x3, x2, (uint32_t)1U); + Hacl_Impl_K256_Finv_fsquare_times(x3, x2, 1U); Hacl_K256_Field_fmul(x3, x3, f); - Hacl_Impl_K256_Finv_fsquare_times(out, x3, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times(out, x3, 3U); Hacl_K256_Field_fmul(out, out, x3); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U); Hacl_K256_Field_fmul(out, out, x3); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U); Hacl_K256_Field_fmul(out, out, x2); - Hacl_Impl_K256_Finv_fsquare_times(x22, out, (uint32_t)11U); + Hacl_Impl_K256_Finv_fsquare_times(x22, out, 11U); Hacl_K256_Field_fmul(x22, x22, out); - Hacl_Impl_K256_Finv_fsquare_times(x44, x22, (uint32_t)22U); + Hacl_Impl_K256_Finv_fsquare_times(x44, x22, 22U); Hacl_K256_Field_fmul(x44, x44, x22); - Hacl_Impl_K256_Finv_fsquare_times(x88, x44, (uint32_t)44U); + Hacl_Impl_K256_Finv_fsquare_times(x88, x44, 44U); Hacl_K256_Field_fmul(x88, x88, x44); - Hacl_Impl_K256_Finv_fsquare_times(out, x88, (uint32_t)88U); + Hacl_Impl_K256_Finv_fsquare_times(out, x88, 88U); Hacl_K256_Field_fmul(out, out, x88); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)44U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 44U); Hacl_K256_Field_fmul(out, out, x44); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U); Hacl_K256_Field_fmul(out, out, x3); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)23U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 23U); Hacl_K256_Field_fmul(out, out, x22); } @@ -663,11 +647,11 @@ static inline void Hacl_Impl_K256_Finv_finv(uint64_t *out, uint64_t *f) { uint64_t x2[5U] = { 0U }; Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)5U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 5U); Hacl_K256_Field_fmul(out, out, f); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)3U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 3U); Hacl_K256_Field_fmul(out, out, x2); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U); Hacl_K256_Field_fmul(out, out, f); } @@ -675,9 +659,9 @@ static inline void Hacl_Impl_K256_Finv_fsqrt(uint64_t *out, uint64_t *f) { uint64_t x2[5U] = { 0U }; Hacl_Impl_K256_Finv_fexp_223_23(out, x2, f); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)6U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 6U); Hacl_K256_Field_fmul(out, out, x2); - Hacl_Impl_K256_Finv_fsquare_times_in_place(out, (uint32_t)2U); + Hacl_Impl_K256_Finv_fsquare_times_in_place(out, 2U); } #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_Ed25519_PrecompTable.h b/include/msvc/internal/Hacl_Ed25519_PrecompTable.h index 77d2244c..a20cd912 100644 --- a/include/msvc/internal/Hacl_Ed25519_PrecompTable.h +++ b/include/msvc/internal/Hacl_Ed25519_PrecompTable.h @@ -39,655 +39,491 @@ static const uint64_t Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U, - (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U, - (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U, - (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U, - (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U, - (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U, - (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U, - (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U, - (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U, - (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U, - (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U, - (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U, - (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U, - (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U, - (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U, - (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U, - (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U, - (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U, - (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U, - (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U, - (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U, - (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U, - (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U, - (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U, - (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U, - (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U, - (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U, - (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U, - (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U, - (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U, - (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U, - (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U, - (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U, - (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U, - (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U, - (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U, - (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U, - (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U, - (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U, - (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U, - (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U, - (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U, - (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U, - (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U, - (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U, - (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U, - (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U, - (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U, - (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U, - (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U, - (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U, - (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U, - (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U, - (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U, - (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U, - (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U, - (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U, - (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U, - (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U, - (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U, - (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U, - (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U, - (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U, - (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U, - (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U, - (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U, - (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U, - (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U, - (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U, - (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U, - (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U, - (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U, - (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U, - (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U, - (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U, - (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U, - (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U, - (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U, - (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U, - (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U, - (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U, - (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U, - (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U, - (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U, - (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U, - (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U, - (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U, - (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U, - (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U, - (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U, - (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U, - (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U, - (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U, - (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U, - (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U, - (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U, - (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U, - (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U, - (uint64_t)1873264887608046U, (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_g_pow2_64_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)13559344787725U, (uint64_t)2051621493703448U, - (uint64_t)1947659315640708U, (uint64_t)626856790370168U, (uint64_t)1592804284034836U, - (uint64_t)1781728767459187U, (uint64_t)278818420518009U, (uint64_t)2038030359908351U, - (uint64_t)910625973862690U, (uint64_t)471887343142239U, (uint64_t)1298543306606048U, - (uint64_t)794147365642417U, (uint64_t)129968992326749U, (uint64_t)523140861678572U, - (uint64_t)1166419653909231U, (uint64_t)2009637196928390U, (uint64_t)1288020222395193U, - (uint64_t)1007046974985829U, (uint64_t)208981102651386U, (uint64_t)2074009315253380U, - (uint64_t)1564056062071967U, (uint64_t)276822668750618U, (uint64_t)206621292512572U, - (uint64_t)470304361809269U, (uint64_t)895215438398493U, (uint64_t)1527859053868686U, - (uint64_t)1624967223409369U, (uint64_t)811821865979736U, (uint64_t)350450534838340U, - (uint64_t)219143807921807U, (uint64_t)507994540371254U, (uint64_t)986513794574720U, - (uint64_t)1142661369967121U, (uint64_t)621278293399257U, (uint64_t)556189161519781U, - (uint64_t)351964007865066U, (uint64_t)2011573453777822U, (uint64_t)1367125527151537U, - (uint64_t)1691316722438196U, (uint64_t)731328817345164U, (uint64_t)1284781192709232U, - (uint64_t)478439299539269U, (uint64_t)204842178076429U, (uint64_t)2085125369913651U, - (uint64_t)1980773492792985U, (uint64_t)1480264409524940U, (uint64_t)688389585376233U, - (uint64_t)612962643526972U, (uint64_t)165595382536676U, (uint64_t)1850300069212263U, - (uint64_t)1176357203491551U, (uint64_t)1880164984292321U, (uint64_t)10786153104736U, - (uint64_t)1242293560510203U, (uint64_t)1358399951884084U, (uint64_t)1901358796610357U, - (uint64_t)1385092558795806U, (uint64_t)1734893785311348U, (uint64_t)2046201851951191U, - (uint64_t)1233811309557352U, (uint64_t)1531160168656129U, (uint64_t)1543287181303358U, - (uint64_t)516121446374119U, (uint64_t)723422668089935U, (uint64_t)1228176774959679U, - (uint64_t)1598014722726267U, (uint64_t)1630810326658412U, (uint64_t)1343833067463760U, - (uint64_t)1024397964362099U, (uint64_t)1157142161346781U, (uint64_t)56422174971792U, - (uint64_t)544901687297092U, (uint64_t)1291559028869009U, (uint64_t)1336918672345120U, - (uint64_t)1390874603281353U, (uint64_t)1127199512010904U, (uint64_t)992644979940964U, - (uint64_t)1035213479783573U, (uint64_t)36043651196100U, (uint64_t)1220961519321221U, - (uint64_t)1348190007756977U, (uint64_t)579420200329088U, (uint64_t)1703819961008985U, - (uint64_t)1993919213460047U, (uint64_t)2225080008232251U, (uint64_t)392785893702372U, - (uint64_t)464312521482632U, (uint64_t)1224525362116057U, (uint64_t)810394248933036U, - (uint64_t)932513521649107U, (uint64_t)592314953488703U, (uint64_t)586334603791548U, - (uint64_t)1310888126096549U, (uint64_t)650842674074281U, (uint64_t)1596447001791059U, - (uint64_t)2086767406328284U, (uint64_t)1866377645879940U, (uint64_t)1721604362642743U, - (uint64_t)738502322566890U, (uint64_t)1851901097729689U, (uint64_t)1158347571686914U, - (uint64_t)2023626733470827U, (uint64_t)329625404653699U, (uint64_t)563555875598551U, - (uint64_t)516554588079177U, (uint64_t)1134688306104598U, (uint64_t)186301198420809U, - (uint64_t)1339952213563300U, (uint64_t)643605614625891U, (uint64_t)1947505332718043U, - (uint64_t)1722071694852824U, (uint64_t)601679570440694U, (uint64_t)1821275721236351U, - (uint64_t)1808307842870389U, (uint64_t)1654165204015635U, (uint64_t)1457334100715245U, - (uint64_t)217784948678349U, (uint64_t)1820622417674817U, (uint64_t)1946121178444661U, - (uint64_t)597980757799332U, (uint64_t)1745271227710764U, (uint64_t)2010952890941980U, - (uint64_t)339811849696648U, (uint64_t)1066120666993872U, (uint64_t)261276166508990U, - (uint64_t)323098645774553U, (uint64_t)207454744271283U, (uint64_t)941448672977675U, - (uint64_t)71890920544375U, (uint64_t)840849789313357U, (uint64_t)1223996070717926U, - (uint64_t)196832550853408U, (uint64_t)115986818309231U, (uint64_t)1586171527267675U, - (uint64_t)1666169080973450U, (uint64_t)1456454731176365U, (uint64_t)44467854369003U, - (uint64_t)2149656190691480U, (uint64_t)283446383597589U, (uint64_t)2040542647729974U, - (uint64_t)305705593840224U, (uint64_t)475315822269791U, (uint64_t)648133452550632U, - (uint64_t)169218658835720U, (uint64_t)24960052338251U, (uint64_t)938907951346766U, - (uint64_t)425970950490510U, (uint64_t)1037622011013183U, (uint64_t)1026882082708180U, - (uint64_t)1635699409504916U, (uint64_t)1644776942870488U, (uint64_t)2151820331175914U, - (uint64_t)824120674069819U, (uint64_t)835744976610113U, (uint64_t)1991271032313190U, - (uint64_t)96507354724855U, (uint64_t)400645405133260U, (uint64_t)343728076650825U, - (uint64_t)1151585441385566U, (uint64_t)1403339955333520U, (uint64_t)230186314139774U, - (uint64_t)1736248861506714U, (uint64_t)1010804378904572U, (uint64_t)1394932289845636U, - (uint64_t)1901351256960852U, (uint64_t)2187471430089807U, (uint64_t)1003853262342670U, - (uint64_t)1327743396767461U, (uint64_t)1465160415991740U, (uint64_t)366625359144534U, - (uint64_t)1534791405247604U, (uint64_t)1790905930250187U, (uint64_t)1255484115292738U, - (uint64_t)2223291365520443U, (uint64_t)210967717407408U, (uint64_t)26722916813442U, - (uint64_t)1919574361907910U, (uint64_t)468825088280256U, (uint64_t)2230011775946070U, - (uint64_t)1628365642214479U, (uint64_t)568871869234932U, (uint64_t)1066987968780488U, - (uint64_t)1692242903745558U, (uint64_t)1678903997328589U, (uint64_t)214262165888021U, - (uint64_t)1929686748607204U, (uint64_t)1790138967989670U, (uint64_t)1790261616022076U, - (uint64_t)1559824537553112U, (uint64_t)1230364591311358U, (uint64_t)147531939886346U, - (uint64_t)1528207085815487U, (uint64_t)477957922927292U, (uint64_t)285670243881618U, - (uint64_t)264430080123332U, (uint64_t)1163108160028611U, (uint64_t)373201522147371U, - (uint64_t)34903775270979U, (uint64_t)1750870048600662U, (uint64_t)1319328308741084U, - (uint64_t)1547548634278984U, (uint64_t)1691259592202927U, (uint64_t)2247758037259814U, - (uint64_t)329611399953677U, (uint64_t)1385555496268877U, (uint64_t)2242438354031066U, - (uint64_t)1329523854843632U, (uint64_t)399895373846055U, (uint64_t)678005703193452U, - (uint64_t)1496357700997771U, (uint64_t)71909969781942U, (uint64_t)1515391418612349U, - (uint64_t)470110837888178U, (uint64_t)1981307309417466U, (uint64_t)1259888737412276U, - (uint64_t)669991710228712U, (uint64_t)1048546834514303U, (uint64_t)1678323291295512U, - (uint64_t)2172033978088071U, (uint64_t)1529278455500556U, (uint64_t)901984601941894U, - (uint64_t)780867622403807U, (uint64_t)550105677282793U, (uint64_t)975860231176136U, - (uint64_t)525188281689178U, (uint64_t)49966114807992U, (uint64_t)1776449263836645U, - (uint64_t)267851776380338U, (uint64_t)2225969494054620U, (uint64_t)2016794225789822U, - (uint64_t)1186108678266608U, (uint64_t)1023083271408882U, (uint64_t)1119289418565906U, - (uint64_t)1248185897348801U, (uint64_t)1846081539082697U, (uint64_t)23756429626075U, - (uint64_t)1441999021105403U, (uint64_t)724497586552825U, (uint64_t)1287761623605379U, - (uint64_t)685303359654224U, (uint64_t)2217156930690570U, (uint64_t)163769288918347U, - (uint64_t)1098423278284094U, (uint64_t)1391470723006008U, (uint64_t)570700152353516U, - (uint64_t)744804507262556U, (uint64_t)2200464788609495U, (uint64_t)624141899161992U, - (uint64_t)2249570166275684U, (uint64_t)378706441983561U, (uint64_t)122486379999375U, - (uint64_t)430741162798924U, (uint64_t)113847463452574U, (uint64_t)266250457840685U, - (uint64_t)2120743625072743U, (uint64_t)222186221043927U, (uint64_t)1964290018305582U, - (uint64_t)1435278008132477U, (uint64_t)1670867456663734U, (uint64_t)2009989552599079U, - (uint64_t)1348024113448744U, (uint64_t)1158423886300455U, (uint64_t)1356467152691569U, - (uint64_t)306943042363674U, (uint64_t)926879628664255U, (uint64_t)1349295689598324U, - (uint64_t)725558330071205U, (uint64_t)536569987519948U, (uint64_t)116436990335366U, - (uint64_t)1551888573800376U, (uint64_t)2044698345945451U, (uint64_t)104279940291311U, - (uint64_t)251526570943220U, (uint64_t)754735828122925U, (uint64_t)33448073576361U, - (uint64_t)994605876754543U, (uint64_t)546007584022006U, (uint64_t)2217332798409487U, - (uint64_t)706477052561591U, (uint64_t)131174619428653U, (uint64_t)2148698284087243U, - (uint64_t)239290486205186U, (uint64_t)2161325796952184U, (uint64_t)1713452845607994U, - (uint64_t)1297861562938913U, (uint64_t)1779539876828514U, (uint64_t)1926559018603871U, - (uint64_t)296485747893968U, (uint64_t)1859208206640686U, (uint64_t)538513979002718U, - (uint64_t)103998826506137U, (uint64_t)2025375396538469U, (uint64_t)1370680785701206U, - (uint64_t)1698557311253840U, (uint64_t)1411096399076595U, (uint64_t)2132580530813677U, - (uint64_t)2071564345845035U, (uint64_t)498581428556735U, (uint64_t)1136010486691371U, - (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_g_pow2_128_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)557549315715710U, (uint64_t)196756086293855U, - (uint64_t)846062225082495U, (uint64_t)1865068224838092U, (uint64_t)991112090754908U, - (uint64_t)522916421512828U, (uint64_t)2098523346722375U, (uint64_t)1135633221747012U, - (uint64_t)858420432114866U, (uint64_t)186358544306082U, (uint64_t)1044420411868480U, - (uint64_t)2080052304349321U, (uint64_t)557301814716724U, (uint64_t)1305130257814057U, - (uint64_t)2126012765451197U, (uint64_t)1441004402875101U, (uint64_t)353948968859203U, - (uint64_t)470765987164835U, (uint64_t)1507675957683570U, (uint64_t)1086650358745097U, - (uint64_t)1911913434398388U, (uint64_t)66086091117182U, (uint64_t)1137511952425971U, - (uint64_t)36958263512141U, (uint64_t)2193310025325256U, (uint64_t)1085191426269045U, - (uint64_t)1232148267909446U, (uint64_t)1449894406170117U, (uint64_t)1241416717139557U, - (uint64_t)1940876999212868U, (uint64_t)829758415918121U, (uint64_t)309608450373449U, - (uint64_t)2228398547683851U, (uint64_t)1580623271960188U, (uint64_t)1675601502456740U, - (uint64_t)1360363115493548U, (uint64_t)1098397313096815U, (uint64_t)1809255384359797U, - (uint64_t)1458261916834384U, (uint64_t)210682545649705U, (uint64_t)1606836641068115U, - (uint64_t)1230478270405318U, (uint64_t)1843192771547802U, (uint64_t)1794596343564051U, - (uint64_t)229060710252162U, (uint64_t)2169742775467181U, (uint64_t)701467067318072U, - (uint64_t)696018499035555U, (uint64_t)521051885339807U, (uint64_t)158329567901874U, - (uint64_t)740426481832143U, (uint64_t)1369811177301441U, (uint64_t)503351589084015U, - (uint64_t)1781114827942261U, (uint64_t)1650493549693035U, (uint64_t)2174562418345156U, - (uint64_t)456517194809244U, (uint64_t)2052761522121179U, (uint64_t)2233342271123682U, - (uint64_t)1445872925177435U, (uint64_t)1131882576902813U, (uint64_t)220765848055241U, - (uint64_t)1280259961403769U, (uint64_t)1581497080160712U, (uint64_t)1477441080108824U, - (uint64_t)218428165202767U, (uint64_t)1970598141278907U, (uint64_t)643366736173069U, - (uint64_t)2167909426804014U, (uint64_t)834993711408259U, (uint64_t)1922437166463212U, - (uint64_t)1900036281472252U, (uint64_t)513794844386304U, (uint64_t)1297904164900114U, - (uint64_t)1147626295373268U, (uint64_t)1910101606251299U, (uint64_t)182933838633381U, - (uint64_t)806229530787362U, (uint64_t)155511666433200U, (uint64_t)290522463375462U, - (uint64_t)534373523491751U, (uint64_t)1302938814480515U, (uint64_t)1664979184120445U, - (uint64_t)304235649499423U, (uint64_t)339284524318609U, (uint64_t)1881717946973483U, - (uint64_t)1670802286833842U, (uint64_t)2223637120675737U, (uint64_t)135818919485814U, - (uint64_t)1144856572842792U, (uint64_t)2234981613434386U, (uint64_t)963917024969826U, - (uint64_t)402275378284993U, (uint64_t)141532417412170U, (uint64_t)921537468739387U, - (uint64_t)963905069722607U, (uint64_t)1405442890733358U, (uint64_t)1567763927164655U, - (uint64_t)1664776329195930U, (uint64_t)2095924165508507U, (uint64_t)994243110271379U, - (uint64_t)1243925610609353U, (uint64_t)1029845815569727U, (uint64_t)1001968867985629U, - (uint64_t)170368934002484U, (uint64_t)1100906131583801U, (uint64_t)1825190326449569U, - (uint64_t)1462285121182096U, (uint64_t)1545240767016377U, (uint64_t)797859025652273U, - (uint64_t)1062758326657530U, (uint64_t)1125600735118266U, (uint64_t)739325756774527U, - (uint64_t)1420144485966996U, (uint64_t)1915492743426702U, (uint64_t)752968196344993U, - (uint64_t)882156396938351U, (uint64_t)1909097048763227U, (uint64_t)849058590685611U, - (uint64_t)840754951388500U, (uint64_t)1832926948808323U, (uint64_t)2023317100075297U, - (uint64_t)322382745442827U, (uint64_t)1569741341737601U, (uint64_t)1678986113194987U, - (uint64_t)757598994581938U, (uint64_t)29678659580705U, (uint64_t)1239680935977986U, - (uint64_t)1509239427168474U, (uint64_t)1055981929287006U, (uint64_t)1894085471158693U, - (uint64_t)916486225488490U, (uint64_t)642168890366120U, (uint64_t)300453362620010U, - (uint64_t)1858797242721481U, (uint64_t)2077989823177130U, (uint64_t)510228455273334U, - (uint64_t)1473284798689270U, (uint64_t)5173934574301U, (uint64_t)765285232030050U, - (uint64_t)1007154707631065U, (uint64_t)1862128712885972U, (uint64_t)168873464821340U, - (uint64_t)1967853269759318U, (uint64_t)1489896018263031U, (uint64_t)592451806166369U, - (uint64_t)1242298565603883U, (uint64_t)1838918921339058U, (uint64_t)697532763910695U, - (uint64_t)294335466239059U, (uint64_t)135687058387449U, (uint64_t)2133734403874176U, - (uint64_t)2121911143127699U, (uint64_t)20222476737364U, (uint64_t)1200824626476747U, - (uint64_t)1397731736540791U, (uint64_t)702378430231418U, (uint64_t)59059527640068U, - (uint64_t)460992547183981U, (uint64_t)1016125857842765U, (uint64_t)1273530839608957U, - (uint64_t)96724128829301U, (uint64_t)1313433042425233U, (uint64_t)3543822857227U, - (uint64_t)761975685357118U, (uint64_t)110417360745248U, (uint64_t)1079634164577663U, - (uint64_t)2044574510020457U, (uint64_t)338709058603120U, (uint64_t)94541336042799U, - (uint64_t)127963233585039U, (uint64_t)94427896272258U, (uint64_t)1143501979342182U, - (uint64_t)1217958006212230U, (uint64_t)2153887831492134U, (uint64_t)1519219513255575U, - (uint64_t)251793195454181U, (uint64_t)392517349345200U, (uint64_t)1507033011868881U, - (uint64_t)2208494254670752U, (uint64_t)1364389582694359U, (uint64_t)2214069430728063U, - (uint64_t)1272814257105752U, (uint64_t)741450148906352U, (uint64_t)1105776675555685U, - (uint64_t)824447222014984U, (uint64_t)528745219306376U, (uint64_t)589427609121575U, - (uint64_t)1501786838809155U, (uint64_t)379067373073147U, (uint64_t)184909476589356U, - (uint64_t)1346887560616185U, (uint64_t)1932023742314082U, (uint64_t)1633302311869264U, - (uint64_t)1685314821133069U, (uint64_t)1836610282047884U, (uint64_t)1595571594397150U, - (uint64_t)615441688872198U, (uint64_t)1926435616702564U, (uint64_t)235632180396480U, - (uint64_t)1051918343571810U, (uint64_t)2150570051687050U, (uint64_t)879198845408738U, - (uint64_t)1443966275205464U, (uint64_t)481362545245088U, (uint64_t)512807443532642U, - (uint64_t)641147578283480U, (uint64_t)1594276116945596U, (uint64_t)1844812743300602U, - (uint64_t)2044559316019485U, (uint64_t)202620777969020U, (uint64_t)852992984136302U, - (uint64_t)1500869642692910U, (uint64_t)1085216217052457U, (uint64_t)1736294372259758U, - (uint64_t)2009666354486552U, (uint64_t)1262389020715248U, (uint64_t)1166527705256867U, - (uint64_t)1409917450806036U, (uint64_t)1705819160057637U, (uint64_t)1116901782584378U, - (uint64_t)1278460472285473U, (uint64_t)257879811360157U, (uint64_t)40314007176886U, - (uint64_t)701309846749639U, (uint64_t)1380457676672777U, (uint64_t)631519782380272U, - (uint64_t)1196339573466793U, (uint64_t)955537708940017U, (uint64_t)532725633381530U, - (uint64_t)641190593731833U, (uint64_t)7214357153807U, (uint64_t)481922072107983U, - (uint64_t)1634886189207352U, (uint64_t)1247659758261633U, (uint64_t)1655809614786430U, - (uint64_t)43105797900223U, (uint64_t)76205809912607U, (uint64_t)1936575107455823U, - (uint64_t)1107927314642236U, (uint64_t)2199986333469333U, (uint64_t)802974829322510U, - (uint64_t)718173128143482U, (uint64_t)539385184235615U, (uint64_t)2075693785611221U, - (uint64_t)953281147333690U, (uint64_t)1623571637172587U, (uint64_t)655274535022250U, - (uint64_t)1568078078819021U, (uint64_t)101142125049712U, (uint64_t)1488441673350881U, - (uint64_t)1457969561944515U, (uint64_t)1492622544287712U, (uint64_t)2041460689280803U, - (uint64_t)1961848091392887U, (uint64_t)461003520846938U, (uint64_t)934728060399807U, - (uint64_t)117723291519705U, (uint64_t)1027773762863526U, (uint64_t)56765304991567U, - (uint64_t)2184028379550479U, (uint64_t)1768767711894030U, (uint64_t)1304432068983172U, - (uint64_t)498080974452325U, (uint64_t)2134905654858163U, (uint64_t)1446137427202647U, - (uint64_t)551613831549590U, (uint64_t)680288767054205U, (uint64_t)1278113339140386U, - (uint64_t)378149431842614U, (uint64_t)80520494426960U, (uint64_t)2080985256348782U, - (uint64_t)673432591799820U, (uint64_t)739189463724560U, (uint64_t)1847191452197509U, - (uint64_t)527737312871602U, (uint64_t)477609358840073U, (uint64_t)1891633072677946U, - (uint64_t)1841456828278466U, (uint64_t)2242502936489002U, (uint64_t)524791829362709U, - (uint64_t)276648168514036U, (uint64_t)991706903257619U, (uint64_t)512580228297906U, - (uint64_t)1216855104975946U, (uint64_t)67030930303149U, (uint64_t)769593945208213U, - (uint64_t)2048873385103577U, (uint64_t)455635274123107U, (uint64_t)2077404927176696U, - (uint64_t)1803539634652306U, (uint64_t)1837579953843417U, (uint64_t)1564240068662828U, - (uint64_t)1964310918970435U, (uint64_t)832822906252492U, (uint64_t)1516044634195010U, - (uint64_t)770571447506889U, (uint64_t)602215152486818U, (uint64_t)1760828333136947U, - (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_g_pow2_192_table_w4[320U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)1129953239743101U, (uint64_t)1240339163956160U, - (uint64_t)61002583352401U, (uint64_t)2017604552196030U, (uint64_t)1576867829229863U, - (uint64_t)1508654942849389U, (uint64_t)270111619664077U, (uint64_t)1253097517254054U, - (uint64_t)721798270973250U, (uint64_t)161923365415298U, (uint64_t)828530877526011U, - (uint64_t)1494851059386763U, (uint64_t)662034171193976U, (uint64_t)1315349646974670U, - (uint64_t)2199229517308806U, (uint64_t)497078277852673U, (uint64_t)1310507715989956U, - (uint64_t)1881315714002105U, (uint64_t)2214039404983803U, (uint64_t)1331036420272667U, - (uint64_t)296286697520787U, (uint64_t)1179367922639127U, (uint64_t)25348441419697U, - (uint64_t)2200984961703188U, (uint64_t)150893128908291U, (uint64_t)1978614888570852U, - (uint64_t)1539657347172046U, (uint64_t)553810196523619U, (uint64_t)246017573977646U, - (uint64_t)1440448985385485U, (uint64_t)346049108099981U, (uint64_t)601166606218546U, - (uint64_t)855822004151713U, (uint64_t)1957521326383188U, (uint64_t)1114240380430887U, - (uint64_t)1349639675122048U, (uint64_t)957375954499040U, (uint64_t)111551795360136U, - (uint64_t)618586733648988U, (uint64_t)490708840688866U, (uint64_t)1267002049697314U, - (uint64_t)1130723224930028U, (uint64_t)215603029480828U, (uint64_t)1277138555414710U, - (uint64_t)1556750324971322U, (uint64_t)1407903521793741U, (uint64_t)1836836546590749U, - (uint64_t)576500297444199U, (uint64_t)2074707599091135U, (uint64_t)1826239864380012U, - (uint64_t)1935365705983312U, (uint64_t)239501825683682U, (uint64_t)1594236669034980U, - (uint64_t)1283078975055301U, (uint64_t)856745636255925U, (uint64_t)1342128647959981U, - (uint64_t)945216428379689U, (uint64_t)938746202496410U, (uint64_t)105775123333919U, - (uint64_t)1379852610117266U, (uint64_t)1770216827500275U, (uint64_t)1016017267535704U, - (uint64_t)1902885522469532U, (uint64_t)994184703730489U, (uint64_t)2227487538793763U, - (uint64_t)53155967096055U, (uint64_t)1264120808114350U, (uint64_t)1334928769376729U, - (uint64_t)393911808079997U, (uint64_t)826229239481845U, (uint64_t)1827903006733192U, - (uint64_t)1449283706008465U, (uint64_t)1258040415217849U, (uint64_t)1641484112868370U, - (uint64_t)1140150841968176U, (uint64_t)391113338021313U, (uint64_t)162138667815833U, - (uint64_t)742204396566060U, (uint64_t)110709233440557U, (uint64_t)90179377432917U, - (uint64_t)530511949644489U, (uint64_t)911568635552279U, (uint64_t)135869304780166U, - (uint64_t)617719999563692U, (uint64_t)1802525001631319U, (uint64_t)1836394639510490U, - (uint64_t)1862739456475085U, (uint64_t)1378284444664288U, (uint64_t)1617882529391756U, - (uint64_t)876124429891172U, (uint64_t)1147654641445091U, (uint64_t)1476943370400542U, - (uint64_t)688601222759067U, (uint64_t)2120281968990205U, (uint64_t)1387113236912611U, - (uint64_t)2125245820685788U, (uint64_t)1030674016350092U, (uint64_t)1594684598654247U, - (uint64_t)1165939511879820U, (uint64_t)271499323244173U, (uint64_t)546587254515484U, - (uint64_t)945603425742936U, (uint64_t)1242252568170226U, (uint64_t)561598728058142U, - (uint64_t)604827091794712U, (uint64_t)19869753585186U, (uint64_t)565367744708915U, - (uint64_t)536755754533603U, (uint64_t)1767258313589487U, (uint64_t)907952975936127U, - (uint64_t)292851652613937U, (uint64_t)163573546237963U, (uint64_t)837601408384564U, - (uint64_t)591996990118301U, (uint64_t)2126051747693057U, (uint64_t)182247548824566U, - (uint64_t)908369044122868U, (uint64_t)1335442699947273U, (uint64_t)2234292296528612U, - (uint64_t)689537529333034U, (uint64_t)2174778663790714U, (uint64_t)1011407643592667U, - (uint64_t)1856130618715473U, (uint64_t)1557437221651741U, (uint64_t)2250285407006102U, - (uint64_t)1412384213410827U, (uint64_t)1428042038612456U, (uint64_t)962709733973660U, - (uint64_t)313995703125919U, (uint64_t)1844969155869325U, (uint64_t)787716782673657U, - (uint64_t)622504542173478U, (uint64_t)930119043384654U, (uint64_t)2128870043952488U, - (uint64_t)537781531479523U, (uint64_t)1556666269904940U, (uint64_t)417333635741346U, - (uint64_t)1986743846438415U, (uint64_t)877620478041197U, (uint64_t)2205624582983829U, - (uint64_t)595260668884488U, (uint64_t)2025159350373157U, (uint64_t)2091659716088235U, - (uint64_t)1423634716596391U, (uint64_t)653686638634080U, (uint64_t)1972388399989956U, - (uint64_t)795575741798014U, (uint64_t)889240107997846U, (uint64_t)1446156876910732U, - (uint64_t)1028507012221776U, (uint64_t)1071697574586478U, (uint64_t)1689630411899691U, - (uint64_t)604092816502174U, (uint64_t)1909917373896122U, (uint64_t)1602544877643837U, - (uint64_t)1227177032923867U, (uint64_t)62684197535630U, (uint64_t)186146290753883U, - (uint64_t)414449055316766U, (uint64_t)1560555880866750U, (uint64_t)157579947096755U, - (uint64_t)230526795502384U, (uint64_t)1197673369665894U, (uint64_t)593779215869037U, - (uint64_t)214638834474097U, (uint64_t)1796344443484478U, (uint64_t)493550548257317U, - (uint64_t)1628442824033694U, (uint64_t)1410811655893495U, (uint64_t)1009361960995171U, - (uint64_t)604736219740352U, (uint64_t)392445928555351U, (uint64_t)1254295770295706U, - (uint64_t)1958074535046128U, (uint64_t)508699942241019U, (uint64_t)739405911261325U, - (uint64_t)1678760393882409U, (uint64_t)517763708545996U, (uint64_t)640040257898722U, - (uint64_t)384966810872913U, (uint64_t)407454748380128U, (uint64_t)152604679407451U, - (uint64_t)185102854927662U, (uint64_t)1448175503649595U, (uint64_t)100328519208674U, - (uint64_t)1153263667012830U, (uint64_t)1643926437586490U, (uint64_t)609632142834154U, - (uint64_t)980984004749261U, (uint64_t)855290732258779U, (uint64_t)2186022163021506U, - (uint64_t)1254052618626070U, (uint64_t)1850030517182611U, (uint64_t)162348933090207U, - (uint64_t)1948712273679932U, (uint64_t)1331832516262191U, (uint64_t)1219400369175863U, - (uint64_t)89689036937483U, (uint64_t)1554886057235815U, (uint64_t)1520047528432789U, - (uint64_t)81263957652811U, (uint64_t)146612464257008U, (uint64_t)2207945627164163U, - (uint64_t)919846660682546U, (uint64_t)1925694087906686U, (uint64_t)2102027292388012U, - (uint64_t)887992003198635U, (uint64_t)1817924871537027U, (uint64_t)746660005584342U, - (uint64_t)753757153275525U, (uint64_t)91394270908699U, (uint64_t)511837226544151U, - (uint64_t)736341543649373U, (uint64_t)1256371121466367U, (uint64_t)1977778299551813U, - (uint64_t)817915174462263U, (uint64_t)1602323381418035U, (uint64_t)190035164572930U, - (uint64_t)603796401391181U, (uint64_t)2152666873671669U, (uint64_t)1813900316324112U, - (uint64_t)1292622433358041U, (uint64_t)888439870199892U, (uint64_t)978918155071994U, - (uint64_t)534184417909805U, (uint64_t)466460084317313U, (uint64_t)1275223140288685U, - (uint64_t)786407043883517U, (uint64_t)1620520623925754U, (uint64_t)1753625021290269U, - (uint64_t)751937175104525U, (uint64_t)905301961820613U, (uint64_t)697059847245437U, - (uint64_t)584919033981144U, (uint64_t)1272165506533156U, (uint64_t)1532180021450866U, - (uint64_t)1901407354005301U, (uint64_t)1421319720492586U, (uint64_t)2179081609765456U, - (uint64_t)2193253156667632U, (uint64_t)1080248329608584U, (uint64_t)2158422436462066U, - (uint64_t)759167597017850U, (uint64_t)545759071151285U, (uint64_t)641600428493698U, - (uint64_t)943791424499848U, (uint64_t)469571542427864U, (uint64_t)951117845222467U, - (uint64_t)1780538594373407U, (uint64_t)614611122040309U, (uint64_t)1354826131886963U, - (uint64_t)221898131992340U, (uint64_t)1145699723916219U, (uint64_t)798735379961769U, - (uint64_t)1843560518208287U, (uint64_t)1424523160161545U, (uint64_t)205549016574779U, - (uint64_t)2239491587362749U, (uint64_t)1918363582399888U, (uint64_t)1292183072788455U, - (uint64_t)1783513123192567U, (uint64_t)1584027954317205U, (uint64_t)1890421443925740U, - (uint64_t)1718459319874929U, (uint64_t)1522091040748809U, (uint64_t)399467600667219U, - (uint64_t)1870973059066576U, (uint64_t)287514433150348U, (uint64_t)1397845311152885U, - (uint64_t)1880440629872863U, (uint64_t)709302939340341U, (uint64_t)1813571361109209U, - (uint64_t)86598795876860U, (uint64_t)1146964554310612U, (uint64_t)1590956584862432U, - (uint64_t)2097004628155559U, (uint64_t)656227622102390U, (uint64_t)1808500445541891U, - (uint64_t)958336726523135U, (uint64_t)2007604569465975U, (uint64_t)313504950390997U, - (uint64_t)1399686004953620U, (uint64_t)1759732788465234U, (uint64_t)1562539721055836U, - (uint64_t)1575722765016293U, (uint64_t)793318366641259U, (uint64_t)443876859384887U, - (uint64_t)547308921989704U, (uint64_t)636698687503328U, (uint64_t)2179175835287340U, - (uint64_t)498333551718258U, (uint64_t)932248760026176U, (uint64_t)1612395686304653U, - (uint64_t)2179774103745626U, (uint64_t)1359658123541018U, (uint64_t)171488501802442U, - (uint64_t)1625034951791350U, (uint64_t)520196922773633U, (uint64_t)1873787546341877U, - (uint64_t}; static const uint64_t Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w5[640U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)1738742601995546U, (uint64_t)1146398526822698U, - (uint64_t)2070867633025821U, (uint64_t)562264141797630U, (uint64_t)587772402128613U, - (uint64_t)1801439850948184U, (uint64_t)1351079888211148U, (uint64_t)450359962737049U, - (uint64_t)900719925474099U, (uint64_t)1801439850948198U, (uint64_t)1U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1841354044333475U, - (uint64_t)16398895984059U, (uint64_t)755974180946558U, (uint64_t)900171276175154U, - (uint64_t)1821297809914039U, (uint64_t)1661154287933054U, (uint64_t)284530020860578U, - (uint64_t)1390261174866914U, (uint64_t)1524110943907984U, (uint64_t)1045603498418422U, - (uint64_t)928651508580478U, (uint64_t)1383326941296346U, (uint64_t)961937908925785U, - (uint64_t)80455759693706U, (uint64_t)904734540352947U, (uint64_t)1507481815385608U, - (uint64_t)2223447444246085U, (uint64_t)1083941587175919U, (uint64_t)2059929906842505U, - (uint64_t)1581435440146976U, (uint64_t)782730187692425U, (uint64_t)9928394897574U, - (uint64_t)1539449519985236U, (uint64_t)1923587931078510U, (uint64_t)552919286076056U, - (uint64_t)376925408065760U, (uint64_t)447320488831784U, (uint64_t)1362918338468019U, - (uint64_t)1470031896696846U, (uint64_t)2189796996539902U, (uint64_t)1337552949959847U, - (uint64_t)1762287177775726U, (uint64_t)237994495816815U, (uint64_t)1277840395970544U, - (uint64_t)543972849007241U, (uint64_t)1224692671618814U, (uint64_t)162359533289271U, - (uint64_t)282240927125249U, (uint64_t)586909166382289U, (uint64_t)17726488197838U, - (uint64_t)377014554985659U, (uint64_t)1433835303052512U, (uint64_t)702061469493692U, - (uint64_t)1142253108318154U, (uint64_t)318297794307551U, (uint64_t)954362646308543U, - (uint64_t)517363881452320U, (uint64_t)1868013482130416U, (uint64_t)262562472373260U, - (uint64_t)902232853249919U, (uint64_t)2107343057055746U, (uint64_t)462368348619024U, - (uint64_t)1893758677092974U, (uint64_t)2177729767846389U, (uint64_t)2168532543559143U, - (uint64_t)443867094639821U, (uint64_t)730169342581022U, (uint64_t)1564589016879755U, - (uint64_t)51218195700649U, (uint64_t)76684578423745U, (uint64_t)560266272480743U, - (uint64_t)922517457707697U, (uint64_t)2066645939860874U, (uint64_t)1318277348414638U, - (uint64_t)1576726809084003U, (uint64_t)1817337608563665U, (uint64_t)1874240939237666U, - (uint64_t)754733726333910U, (uint64_t)97085310406474U, (uint64_t)751148364309235U, - (uint64_t)1622159695715187U, (uint64_t)1444098819684916U, (uint64_t)130920805558089U, - (uint64_t)1260449179085308U, (uint64_t)1860021740768461U, (uint64_t)110052860348509U, - (uint64_t)193830891643810U, (uint64_t)164148413933881U, (uint64_t)180017794795332U, - (uint64_t)1523506525254651U, (uint64_t)465981629225956U, (uint64_t)559733514964572U, - (uint64_t)1279624874416974U, (uint64_t)2026642326892306U, (uint64_t)1425156829982409U, - (uint64_t)2160936383793147U, (uint64_t)1061870624975247U, (uint64_t)2023497043036941U, - (uint64_t)117942212883190U, (uint64_t)490339622800774U, (uint64_t)1729931303146295U, - (uint64_t)422305932971074U, (uint64_t)529103152793096U, (uint64_t)1211973233775992U, - (uint64_t)721364955929681U, (uint64_t)1497674430438813U, (uint64_t)342545521275073U, - (uint64_t)2102107575279372U, (uint64_t)2108462244669966U, (uint64_t)1382582406064082U, - (uint64_t)2206396818383323U, (uint64_t)2109093268641147U, (uint64_t)10809845110983U, - (uint64_t)1605176920880099U, (uint64_t)744640650753946U, (uint64_t)1712758897518129U, - (uint64_t)373410811281809U, (uint64_t)648838265800209U, (uint64_t)813058095530999U, - (uint64_t)513987632620169U, (uint64_t)465516160703329U, (uint64_t)2136322186126330U, - (uint64_t)1979645899422932U, (uint64_t)1197131006470786U, (uint64_t)1467836664863979U, - (uint64_t)1340751381374628U, (uint64_t)1810066212667962U, (uint64_t)1009933588225499U, - (uint64_t)1106129188080873U, (uint64_t)1388980405213901U, (uint64_t)533719246598044U, - (uint64_t)1169435803073277U, (uint64_t)198920999285821U, (uint64_t)487492330629854U, - (uint64_t)1807093008537778U, (uint64_t)1540899012923865U, (uint64_t)2075080271659867U, - (uint64_t)1527990806921523U, (uint64_t)1323728742908002U, (uint64_t)1568595959608205U, - (uint64_t)1388032187497212U, (uint64_t)2026968840050568U, (uint64_t)1396591153295755U, - (uint64_t)820416950170901U, (uint64_t)520060313205582U, (uint64_t)2016404325094901U, - (uint64_t)1584709677868520U, (uint64_t)272161374469956U, (uint64_t)1567188603996816U, - (uint64_t)1986160530078221U, (uint64_t)553930264324589U, (uint64_t)1058426729027503U, - (uint64_t)8762762886675U, (uint64_t)2216098143382988U, (uint64_t)1835145266889223U, - (uint64_t)1712936431558441U, (uint64_t)1017009937844974U, (uint64_t)585361667812740U, - (uint64_t)2114711541628181U, (uint64_t)2238729632971439U, (uint64_t)121257546253072U, - (uint64_t)847154149018345U, (uint64_t)211972965476684U, (uint64_t)287499084460129U, - (uint64_t)2098247259180197U, (uint64_t)839070411583329U, (uint64_t)339551619574372U, - (uint64_t)1432951287640743U, (uint64_t)526481249498942U, (uint64_t)931991661905195U, - (uint64_t)1884279965674487U, (uint64_t)200486405604411U, (uint64_t)364173020594788U, - (uint64_t)518034455936955U, (uint64_t)1085564703965501U, (uint64_t)16030410467927U, - (uint64_t)604865933167613U, (uint64_t)1695298441093964U, (uint64_t)498856548116159U, - (uint64_t)2193030062787034U, (uint64_t)1706339802964179U, (uint64_t)1721199073493888U, - (uint64_t)820740951039755U, (uint64_t)1216053436896834U, (uint64_t)23954895815139U, - (uint64_t)1662515208920491U, (uint64_t)1705443427511899U, (uint64_t)1957928899570365U, - (uint64_t)1189636258255725U, (uint64_t)1795695471103809U, (uint64_t)1691191297654118U, - (uint64_t)282402585374360U, (uint64_t)460405330264832U, (uint64_t)63765529445733U, - (uint64_t)469763447404473U, (uint64_t)733607089694996U, (uint64_t)685410420186959U, - (uint64_t)1096682630419738U, (uint64_t)1162548510542362U, (uint64_t)1020949526456676U, - (uint64_t)1211660396870573U, (uint64_t)613126398222696U, (uint64_t)1117829165843251U, - (uint64_t)742432540886650U, (uint64_t)1483755088010658U, (uint64_t)942392007134474U, - (uint64_t)1447834130944107U, (uint64_t)489368274863410U, (uint64_t)23192985544898U, - (uint64_t)648442406146160U, (uint64_t)785438843373876U, (uint64_t)249464684645238U, - (uint64_t)170494608205618U, (uint64_t)335112827260550U, (uint64_t)1462050123162735U, - (uint64_t)1084803668439016U, (uint64_t)853459233600325U, (uint64_t)215777728187495U, - (uint64_t)1965759433526974U, (uint64_t)1349482894446537U, (uint64_t)694163317612871U, - (uint64_t)860536766165036U, (uint64_t)1178788094084321U, (uint64_t)1652739626626996U, - (uint64_t)2115723946388185U, (uint64_t)1577204379094664U, (uint64_t)1083882859023240U, - (uint64_t)1768759143381635U, (uint64_t)1737180992507258U, (uint64_t)246054513922239U, - (uint64_t)577253134087234U, (uint64_t)356340280578042U, (uint64_t)1638917769925142U, - (uint64_t)223550348130103U, (uint64_t)470592666638765U, (uint64_t)22663573966996U, - (uint64_t)596552461152400U, (uint64_t)364143537069499U, (uint64_t)3942119457699U, - (uint64_t)107951982889287U, (uint64_t)1843471406713209U, (uint64_t)1625773041610986U, - (uint64_t)1466141092501702U, (uint64_t)1043024095021271U, (uint64_t)310429964047508U, - (uint64_t)98559121500372U, (uint64_t)152746933782868U, (uint64_t)259407205078261U, - (uint64_t)828123093322585U, (uint64_t)1576847274280091U, (uint64_t)1170871375757302U, - (uint64_t)1588856194642775U, (uint64_t)984767822341977U, (uint64_t)1141497997993760U, - (uint64_t)809325345150796U, (uint64_t)1879837728202511U, (uint64_t)201340910657893U, - (uint64_t)1079157558888483U, (uint64_t)1052373448588065U, (uint64_t)1732036202501778U, - (uint64_t)2105292670328445U, (uint64_t)679751387312402U, (uint64_t)1679682144926229U, - (uint64_t)1695823455818780U, (uint64_t)498852317075849U, (uint64_t)1786555067788433U, - (uint64_t)1670727545779425U, (uint64_t)117945875433544U, (uint64_t)407939139781844U, - (uint64_t)854632120023778U, (uint64_t)1413383148360437U, (uint64_t)286030901733673U, - (uint64_t)1207361858071196U, (uint64_t)461340408181417U, (uint64_t)1096919590360164U, - (uint64_t)1837594897475685U, (uint64_t)533755561544165U, (uint64_t)1638688042247712U, - (uint64_t)1431653684793005U, (uint64_t)1036458538873559U, (uint64_t)390822120341779U, - (uint64_t)1920929837111618U, (uint64_t)543426740024168U, (uint64_t)645751357799929U, - (uint64_t)2245025632994463U, (uint64_t)1550778638076452U, (uint64_t)223738153459949U, - (uint64_t)1337209385492033U, (uint64_t)1276967236456531U, (uint64_t)1463815821063071U, - (uint64_t)2070620870191473U, (uint64_t)1199170709413753U, (uint64_t)273230877394166U, - (uint64_t)1873264887608046U, (uint64_t)890877152910775U, (uint64_t)983226445635730U, - (uint64_t)44873798519521U, (uint64_t)697147127512130U, (uint64_t)961631038239304U, - (uint64_t)709966160696826U, (uint64_t)1706677689540366U, (uint64_t)502782733796035U, - (uint64_t)812545535346033U, (uint64_t)1693622521296452U, (uint64_t)1955813093002510U, - (uint64_t)1259937612881362U, (uint64_t)1873032503803559U, (uint64_t)1140330566016428U, - (uint64_t)1675726082440190U, (uint64_t)60029928909786U, (uint64_t)170335608866763U, - (uint64_t)766444312315022U, (uint64_t)2025049511434113U, (uint64_t)2200845622430647U, - (uint64_t)1201269851450408U, (uint64_t)590071752404907U, (uint64_t)1400995030286946U, - (uint64_t)2152637413853822U, (uint64_t)2108495473841983U, (uint64_t)3855406710349U, - (uint64_t)1726137673168580U, (uint64_t)51004317200100U, (uint64_t)1749082328586939U, - (uint64_t)1704088976144558U, (uint64_t)1977318954775118U, (uint64_t)2062602253162400U, - (uint64_t)948062503217479U, (uint64_t)361953965048030U, (uint64_t)1528264887238440U, - (uint64_t)62582552172290U, (uint64_t)2241602163389280U, (uint64_t)156385388121765U, - (uint64_t)2124100319761492U, (uint64_t)388928050571382U, (uint64_t)1556123596922727U, - (uint64_t)979310669812384U, (uint64_t)113043855206104U, (uint64_t)2023223924825469U, - (uint64_t)643651703263034U, (uint64_t)2234446903655540U, (uint64_t)1577241261424997U, - (uint64_t)860253174523845U, (uint64_t)1691026473082448U, (uint64_t)1091672764933872U, - (uint64_t)1957463109756365U, (uint64_t)530699502660193U, (uint64_t)349587141723569U, - (uint64_t)674661681919563U, (uint64_t)1633727303856240U, (uint64_t)708909037922144U, - (uint64_t)2160722508518119U, (uint64_t)1302188051602540U, (uint64_t)976114603845777U, - (uint64_t)120004758721939U, (uint64_t)1681630708873780U, (uint64_t)622274095069244U, - (uint64_t)1822346309016698U, (uint64_t)1100921177951904U, (uint64_t)2216952659181677U, - (uint64_t)1844020550362490U, (uint64_t)1976451368365774U, (uint64_t)1321101422068822U, - (uint64_t)1189859436282668U, (uint64_t)2008801879735257U, (uint64_t)2219413454333565U, - (uint64_t)424288774231098U, (uint64_t)359793146977912U, (uint64_t)270293357948703U, - (uint64_t)587226003677000U, (uint64_t)1482071926139945U, (uint64_t)1419630774650359U, - (uint64_t)1104739070570175U, (uint64_t)1662129023224130U, (uint64_t)1609203612533411U, - (uint64_t)1250932720691980U, (uint64_t)95215711818495U, (uint64_t)498746909028150U, - (uint64_t)158151296991874U, (uint64_t)1201379988527734U, (uint64_t)561599945143989U, - (uint64_t)2211577425617888U, (uint64_t)2166577612206324U, (uint64_t)1057590354233512U, - (uint64_t)1968123280416769U, (uint64_t)1316586165401313U, (uint64_t)762728164447634U, - (uint64_t)2045395244316047U, (uint64_t)1531796898725716U, (uint64_t)315385971670425U, - (uint64_t)1109421039396756U, (uint64_t)2183635256408562U, (uint64_t)1896751252659461U, - (uint64_t)840236037179080U, (uint64_t)796245792277211U, (uint64_t)508345890111193U, - (uint64_t)1275386465287222U, (uint64_t)513560822858784U, (uint64_t)1784735733120313U, - (uint64_t)1346467478899695U, (uint64_t)601125231208417U, (uint64_t)701076661112726U, - (uint64_t)1841998436455089U, (uint64_t)1156768600940434U, (uint64_t)1967853462343221U, - (uint64_t)2178318463061452U, (uint64_t)481885520752741U, (uint64_t)675262828640945U, - (uint64_t)1033539418596582U, (uint64_t)1743329872635846U, (uint64_t)159322641251283U, - (uint64_t)1573076470127113U, (uint64_t)954827619308195U, (uint64_t)778834750662635U, - (uint64_t)619912782122617U, (uint64_t)515681498488209U, (uint64_t)1675866144246843U, - (uint64_t)811716020969981U, (uint64_t)1125515272217398U, (uint64_t)1398917918287342U, - (uint64_t)1301680949183175U, (uint64_t)726474739583734U, (uint64_t)587246193475200U, - (uint64_t)1096581582611864U, (uint64_t)1469911826213486U, (uint64_t)1990099711206364U, - (uint64_t)1256496099816508U, (uint64_t)2019924615195672U, (uint64_t)1251232456707555U, - (uint64_t)2042971196009755U, (uint64_t)214061878479265U, (uint64_t)115385726395472U, - (uint64_t)1677875239524132U, (uint64_t)756888883383540U, (uint64_t)1153862117756233U, - (uint64_t)503391530851096U, (uint64_t)946070017477513U, (uint64_t)1878319040542579U, - (uint64_t)1101349418586920U, (uint64_t)793245696431613U, (uint64_t)397920495357645U, - (uint64_t)2174023872951112U, (uint64_t)1517867915189593U, (uint64_t)1829855041462995U, - (uint64_t)1046709983503619U, (uint64_t)424081940711857U, (uint64_t)2112438073094647U, - (uint64_t)1504338467349861U, (uint64_t)2244574127374532U, (uint64_t)2136937537441911U, - (uint64_t)1741150838990304U, (uint64_t)25894628400571U, (uint64_t)512213526781178U, - (uint64_t)1168384260796379U, (uint64_t)1424607682379833U, (uint64_t)938677789731564U, - (uint64_t)872882241891896U, (uint64_t)1713199397007700U, (uint64_t)1410496326218359U, - (uint64_t)854379752407031U, (uint64_t)465141611727634U, (uint64_t)315176937037857U, - (uint64_t)1020115054571233U, (uint64_t)1856290111077229U, (uint64_t)2028366269898204U, - (uint64_t)1432980880307543U, (uint64_t)469932710425448U, (uint64_t)581165267592247U, - (uint64_t)496399148156603U, (uint64_t)2063435226705903U, (uint64_t)2116841086237705U, - (uint64_t)498272567217048U, (uint64_t)1829438076967906U, (uint64_t)1573925801278491U, - (uint64_t)460763576329867U, (uint64_t)1705264723728225U, (uint64_t)999514866082412U, - (uint64_t)29635061779362U, (uint64_t)1884233592281020U, (uint64_t)1449755591461338U, - (uint64_t)42579292783222U, (uint64_t)1869504355369200U, (uint64_t)495506004805251U, - (uint64_t)264073104888427U, (uint64_t)2088880861028612U, (uint64_t)104646456386576U, - (uint64_t)1258445191399967U, (uint64_t)1348736801545799U, (uint64_t)2068276361286613U, - (uint64_t)884897216646374U, (uint64_t)922387476801376U, (uint64_t)1043886580402805U, - (uint64_t)1240883498470831U, (uint64_t)1601554651937110U, (uint64_t)804382935289482U, - (uint64_t)512379564477239U, (uint64_t)1466384519077032U, (uint64_t)1280698500238386U, - (uint64_t)211303836685749U, (uint64_t)2081725624793803U, (uint64_t)545247644516879U, - (uint64_t)215313359330384U, (uint64_t)286479751145614U, (uint64_t)2213650281751636U, - (uint64_t)2164927945999874U, (uint64_t)2072162991540882U, (uint64_t)1443769115444779U, - (uint64_t)1581473274363095U, (uint64_t)434633875922699U, (uint64_t)340456055781599U, - (uint64_t)373043091080189U, (uint64_t)839476566531776U, (uint64_t)1856706858509978U, - (uint64_t)931616224909153U, (uint64_t)1888181317414065U, (uint64_t)213654322650262U, - (uint64_t)1161078103416244U, (uint64_t)1822042328851513U, (uint64_t)915817709028812U, - (uint64_t)1828297056698188U, (uint64_t)1212017130909403U, (uint64_t)60258343247333U, - (uint64_t)342085800008230U, (uint64_t)930240559508270U, (uint64_t)1549884999174952U, - (uint64_t)809895264249462U, (uint64_t)184726257947682U, (uint64_t)1157065433504828U, - (uint64_t)1209999630381477U, (uint64_t)999920399374391U, (uint64_t)1714770150788163U, - (uint64_t)2026130985413228U, (uint64_t)506776632883140U, (uint64_t)1349042668246528U, - (uint64_t)1937232292976967U, (uint64_t)942302637530730U, (uint64_t)160211904766226U, - (uint64_t)1042724500438571U, (uint64_t)212454865139142U, (uint64_t)244104425172642U, - (uint64_t)1376990622387496U, (uint64_t)76126752421227U, (uint64_t)1027540886376422U, - (uint64_t)1912210655133026U, (uint64_t)13410411589575U, (uint64_t)1475856708587773U, - (uint64_t)615563352691682U, (uint64_t)1446629324872644U, (uint64_t)1683670301784014U, - (uint64_t)1049873327197127U, (uint64_t)1826401704084838U, (uint64_t)2032577048760775U, - (uint64_t)1922203607878853U, (uint64_t)836708788764806U, (uint64_t)2193084654695012U, - (uint64_t)1342923183256659U, (uint64_t)849356986294271U, (uint64_t)1228863973965618U, - (uint64_t)94886161081867U, (uint64_t)1423288430204892U, (uint64_t)2016167528707016U, - (uint64_t)1633187660972877U, (uint64_t)1550621242301752U, (uint64_t)340630244512994U, - (uint64_t)2103577710806901U, (uint64_t)221625016538931U, (uint64_t)421544147350960U, - (uint64_t)580428704555156U, (uint64_t)1479831381265617U, (uint64_t)518057926544698U, - (uint64_t)955027348790630U, (uint64_t)1326749172561598U, (uint64_t)1118304625755967U, - (uint64_t)1994005916095176U, (uint64_t)1799757332780663U, (uint64_t)751343129396941U, - (uint64_t)1468672898746144U, (uint64_t)1451689964451386U, (uint64_t)755070293921171U, - (uint64_t)904857405877052U, (uint64_t)1276087530766984U, (uint64_t)403986562858511U, - (uint64_t)1530661255035337U, (uint64_t)1644972908910502U, (uint64_t)1370170080438957U, - (uint64_t)139839536695744U, (uint64_t)909930462436512U, (uint64_t)1899999215356933U, - (uint64_t)635992381064566U, (uint64_t)788740975837654U, (uint64_t)224241231493695U, - (uint64_t)1267090030199302U, (uint64_t)998908061660139U, (uint64_t)1784537499699278U, - (uint64_t)859195370018706U, (uint64_t)1953966091439379U, (uint64_t)2189271820076010U, - (uint64_t)2039067059943978U, (uint64_t)1526694380855202U, (uint64_t)2040321513194941U, - (uint64_t)329922071218689U, (uint64_t)1953032256401326U, (uint64_t)989631424403521U, - (uint64_t)328825014934242U, (uint64_t)9407151397696U, (uint64_t)63551373671268U, - (uint64_t)1624728632895792U, (uint64_t)1608324920739262U, (uint64_t)1178239350351945U, - (uint64_t)1198077399579702U, (uint64_t)277620088676229U, (uint64_t)1775359437312528U, - (uint64_t)1653558177737477U, (uint64_t)1652066043408850U, (uint64_t)1063359889686622U, - (uint64_t}; #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_Frodo_KEM.h b/include/msvc/internal/Hacl_Frodo_KEM.h index 61574981..6a1ece49 100644 --- a/include/msvc/internal/Hacl_Frodo_KEM.h +++ b/include/msvc/internal/Hacl_Frodo_KEM.h @@ -55,22 +55,22 @@ Hacl_Keccak_shake128_4x( uint8_t *output3 ) { - Hacl_SHA3_shake128_hacl(input_len, input0, output_len, output0); - Hacl_SHA3_shake128_hacl(input_len, input1, output_len, output1); - Hacl_SHA3_shake128_hacl(input_len, input2, output_len, output2); - Hacl_SHA3_shake128_hacl(input_len, input3, output_len, output3); + Hacl_Hash_SHA3_shake128_hacl(input_len, input0, output_len, output0); + Hacl_Hash_SHA3_shake128_hacl(input_len, input1, output_len, output1); + Hacl_Hash_SHA3_shake128_hacl(input_len, input2, output_len, output2); + Hacl_Hash_SHA3_shake128_hacl(input_len, input3, output_len, output3); } static inline void Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a) { - if (logq < (uint32_t)16U) + if (logq < 16U) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i = (uint32_t)0U; i < n2; i++) + for (uint32_t i = 0U; i < n2; i++) { - a[i0 * n2 + i] = a[i0 * n2 + i] & (((uint16_t)1U << logq) - (uint16_t)1U); + a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] & ((1U << logq) - 1U); } } return; @@ -80,11 +80,11 @@ Hacl_Impl_Matrix_mod_pow2(uint32_t n1, uint32_t n2, uint32_t logq, uint16_t *a) static inline void Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i = (uint32_t)0U; i < n2; i++) + for (uint32_t i = 0U; i < n2; i++) { - a[i0 * n2 + i] = a[i0 * n2 + i] + b[i0 * n2 + i]; + a[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] + (uint32_t)b[i0 * n2 + i]; } } } @@ -92,11 +92,11 @@ Hacl_Impl_Matrix_matrix_add(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) static inline void Hacl_Impl_Matrix_matrix_sub(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i = (uint32_t)0U; i < n2; i++) + for (uint32_t i = 0U; i < n2; i++) { - b[i0 * n2 + i] = a[i0 * n2 + i] - b[i0 * n2 + i]; + b[i0 * n2 + i] = (uint32_t)a[i0 * n2 + i] - (uint32_t)b[i0 * n2 + i]; } } } @@ -111,17 +111,17 @@ Hacl_Impl_Matrix_matrix_mul( uint16_t *c ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++) + for (uint32_t i1 = 0U; i1 < n3; i1++) { - uint16_t res = (uint16_t)0U; - for (uint32_t i = (uint32_t)0U; i < n2; i++) + uint16_t res = 0U; + for (uint32_t i = 0U; i < n2; i++) { uint16_t aij = a[i0 * n2 + i]; uint16_t bjk = b[i * n3 + i1]; uint16_t res0 = res; - res = res0 + aij * bjk; + res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk; } c[i0 * n3 + i1] = res; } @@ -138,17 +138,17 @@ Hacl_Impl_Matrix_matrix_mul_s( uint16_t *c ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n3; i1++) + for (uint32_t i1 = 0U; i1 < n3; i1++) { - uint16_t res = (uint16_t)0U; - for (uint32_t i = (uint32_t)0U; i < n2; i++) + uint16_t res = 0U; + for (uint32_t i = 0U; i < n2; i++) { uint16_t aij = a[i0 * n2 + i]; uint16_t bjk = b[i1 * n2 + i]; uint16_t res0 = res; - res = res0 + aij * bjk; + res = (uint32_t)res0 + (uint32_t)aij * (uint32_t)bjk; } c[i0 * n3 + i1] = res; } @@ -158,11 +158,11 @@ Hacl_Impl_Matrix_matrix_mul_s( static inline uint16_t Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) { - uint16_t res = (uint16_t)0xFFFFU; - for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++) + uint16_t res = 0xFFFFU; + for (uint32_t i = 0U; i < n1 * n2; i++) { uint16_t uu____0 = FStar_UInt16_eq_mask(a[i], b[i]); - res = uu____0 & res; + res = (uint32_t)uu____0 & (uint32_t)res; } uint16_t r = res; return r; @@ -171,19 +171,19 @@ Hacl_Impl_Matrix_matrix_eq(uint32_t n1, uint32_t n2, uint16_t *a, uint16_t *b) static inline void Hacl_Impl_Matrix_matrix_to_lbytes(uint32_t n1, uint32_t n2, uint16_t *m, uint8_t *res) { - for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++) + for (uint32_t i = 0U; i < n1 * n2; i++) { - store16_le(res + (uint32_t)2U * i, m[i]); + store16_le(res + 2U * i, m[i]); } } static inline void Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16_t *res) { - for (uint32_t i = (uint32_t)0U; i < n1 * n2; i++) + for (uint32_t i = 0U; i < n1 * n2; i++) { uint16_t *os = res; - uint16_t u = load16_le(b + (uint32_t)2U * i); + uint16_t u = load16_le(b + 2U * i); uint16_t x = u; os[i] = x; } @@ -192,53 +192,53 @@ Hacl_Impl_Matrix_matrix_from_lbytes(uint32_t n1, uint32_t n2, uint8_t *b, uint16 static inline void Hacl_Impl_Frodo_Gen_frodo_gen_matrix_shake_4x(uint32_t n, uint8_t *seed, uint16_t *res) { - KRML_CHECK_SIZE(sizeof (uint8_t), (uint32_t)8U * n); - uint8_t *r = (uint8_t *)alloca((uint32_t)8U * n * sizeof (uint8_t)); - memset(r, 0U, (uint32_t)8U * n * sizeof (uint8_t)); + KRML_CHECK_SIZE(sizeof (uint8_t), 8U * n); + uint8_t *r = (uint8_t *)alloca(8U * n * sizeof (uint8_t)); + memset(r, 0U, 8U * n * sizeof (uint8_t)); uint8_t tmp_seed[72U] = { 0U }; - memcpy(tmp_seed + (uint32_t)2U, seed, (uint32_t)16U * sizeof (uint8_t)); - memcpy(tmp_seed + (uint32_t)20U, seed, (uint32_t)16U * sizeof (uint8_t)); - memcpy(tmp_seed + (uint32_t)38U, seed, (uint32_t)16U * sizeof (uint8_t)); - memcpy(tmp_seed + (uint32_t)56U, seed, (uint32_t)16U * sizeof (uint8_t)); + memcpy(tmp_seed + 2U, seed, 16U * sizeof (uint8_t)); + memcpy(tmp_seed + 20U, seed, 16U * sizeof (uint8_t)); + memcpy(tmp_seed + 38U, seed, 16U * sizeof (uint8_t)); + memcpy(tmp_seed + 56U, seed, 16U * sizeof (uint8_t)); memset(res, 0U, n * n * sizeof (uint16_t)); - for (uint32_t i = (uint32_t)0U; i < n / (uint32_t)4U; i++) + for (uint32_t i = 0U; i < n / 4U; i++) { - uint8_t *r0 = r + (uint32_t)0U * n; - uint8_t *r1 = r + (uint32_t)2U * n; - uint8_t *r2 = r + (uint32_t)4U * n; - uint8_t *r3 = r + (uint32_t)6U * n; + uint8_t *r0 = r + 0U * n; + uint8_t *r1 = r + 2U * n; + uint8_t *r2 = r + 4U * n; + uint8_t *r3 = r + 6U * n; uint8_t *tmp_seed0 = tmp_seed; - uint8_t *tmp_seed1 = tmp_seed + (uint32_t)18U; - uint8_t *tmp_seed2 = tmp_seed + (uint32_t)36U; - uint8_t *tmp_seed3 = tmp_seed + (uint32_t)54U; - store16_le(tmp_seed0, (uint16_t)((uint32_t)4U * i + (uint32_t)0U)); - store16_le(tmp_seed1, (uint16_t)((uint32_t)4U * i + (uint32_t)1U)); - store16_le(tmp_seed2, (uint16_t)((uint32_t)4U * i + (uint32_t)2U)); - store16_le(tmp_seed3, (uint16_t)((uint32_t)4U * i + (uint32_t)3U)); - Hacl_Keccak_shake128_4x((uint32_t)18U, + uint8_t *tmp_seed1 = tmp_seed + 18U; + uint8_t *tmp_seed2 = tmp_seed + 36U; + uint8_t *tmp_seed3 = tmp_seed + 54U; + store16_le(tmp_seed0, (uint16_t)(4U * i + 0U)); + store16_le(tmp_seed1, (uint16_t)(4U * i + 1U)); + store16_le(tmp_seed2, (uint16_t)(4U * i + 2U)); + store16_le(tmp_seed3, (uint16_t)(4U * i + 3U)); + Hacl_Keccak_shake128_4x(18U, tmp_seed0, tmp_seed1, tmp_seed2, tmp_seed3, - (uint32_t)2U * n, + 2U * n, r0, r1, r2, r3); - for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++) + for (uint32_t i0 = 0U; i0 < n; i0++) { - uint8_t *resij0 = r0 + i0 * (uint32_t)2U; - uint8_t *resij1 = r1 + i0 * (uint32_t)2U; - uint8_t *resij2 = r2 + i0 * (uint32_t)2U; - uint8_t *resij3 = r3 + i0 * (uint32_t)2U; + uint8_t *resij0 = r0 + i0 * 2U; + uint8_t *resij1 = r1 + i0 * 2U; + uint8_t *resij2 = r2 + i0 * 2U; + uint8_t *resij3 = r3 + i0 * 2U; uint16_t u = load16_le(resij0); - res[((uint32_t)4U * i + (uint32_t)0U) * n + i0] = u; + res[(4U * i + 0U) * n + i0] = u; uint16_t u0 = load16_le(resij1); - res[((uint32_t)4U * i + (uint32_t)1U) * n + i0] = u0; + res[(4U * i + 1U) * n + i0] = u0; uint16_t u1 = load16_le(resij2); - res[((uint32_t)4U * i + (uint32_t)2U) * n + i0] = u1; + res[(4U * i + 2U) * n + i0] = u1; uint16_t u2 = load16_le(resij3); - res[((uint32_t)4U * i + (uint32_t)3U) * n + i0] = u2; + res[(4U * i + 3U) * n + i0] = u2; } } } @@ -270,27 +270,19 @@ static const uint16_t Hacl_Impl_Frodo_Params_cdf_table640[13U] = { - (uint16_t)4643U, (uint16_t)13363U, (uint16_t)20579U, (uint16_t)25843U, (uint16_t)29227U, - (uint16_t)31145U, (uint16_t)32103U, (uint16_t)32525U, (uint16_t)32689U, (uint16_t)32745U, - (uint16_t)32762U, (uint16_t)32766U, (uint16_t)32767U + 4643U, 13363U, 20579U, 25843U, 29227U, 31145U, 32103U, 32525U, 32689U, 32745U, 32762U, 32766U, + 32767U }; static const uint16_t Hacl_Impl_Frodo_Params_cdf_table976[11U] = - { - (uint16_t)5638U, (uint16_t)15915U, (uint16_t)23689U, (uint16_t)28571U, (uint16_t)31116U, - (uint16_t)32217U, (uint16_t)32613U, (uint16_t)32731U, (uint16_t)32760U, (uint16_t)32766U, - (uint16_t)32767U - }; + { 5638U, 15915U, 23689U, 28571U, 31116U, 32217U, 32613U, 32731U, 32760U, 32766U, 32767U }; static const uint16_t Hacl_Impl_Frodo_Params_cdf_table1344[7U] = - { - (uint16_t)9142U, (uint16_t)23462U, (uint16_t)30338U, (uint16_t)32361U, (uint16_t)32725U, - (uint16_t)32765U, (uint16_t)32767U - }; + { 9142U, 23462U, 30338U, 32361U, 32725U, 32765U, 32767U }; static inline void Hacl_Impl_Frodo_Sample_frodo_sample_matrix64( @@ -301,26 +293,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix64( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)12U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 12U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -334,26 +326,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix640( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)12U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 12U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table640[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -367,26 +359,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix976( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)10U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 10U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table976[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -400,26 +392,26 @@ Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344( ) { memset(res, 0U, n1 * n2 * sizeof (uint16_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < n1; i0++) + for (uint32_t i0 = 0U; i0 < n1; i0++) { - for (uint32_t i1 = (uint32_t)0U; i1 < n2; i1++) + for (uint32_t i1 = 0U; i1 < n2; i1++) { - uint8_t *resij = r + (uint32_t)2U * (n2 * i0 + i1); + uint8_t *resij = r + 2U * (n2 * i0 + i1); uint16_t u = load16_le(resij); uint16_t uu____0 = u; - uint16_t prnd = uu____0 >> (uint32_t)1U; - uint16_t sign = uu____0 & (uint16_t)1U; - uint16_t sample = (uint16_t)0U; - uint32_t bound = (uint32_t)6U; - for (uint32_t i = (uint32_t)0U; i < bound; i++) + uint16_t prnd = (uint32_t)uu____0 >> 1U; + uint16_t sign = (uint32_t)uu____0 & 1U; + uint16_t sample = 0U; + uint32_t bound = 6U; + for (uint32_t i = 0U; i < bound; i++) { uint16_t sample0 = sample; uint16_t ti = Hacl_Impl_Frodo_Params_cdf_table1344[i]; - uint16_t samplei = (uint16_t)(uint32_t)(ti - prnd) >> (uint32_t)15U; - sample = samplei + sample0; + uint16_t samplei = (uint32_t)(uint16_t)(uint32_t)((uint32_t)ti - (uint32_t)prnd) >> 15U; + sample = (uint32_t)samplei + (uint32_t)sample0; } uint16_t sample0 = sample; - res[i0 * n2 + i1] = ((~sign + (uint16_t)1U) ^ sample0) + sign; + res[i0 * n2 + i1] = (((uint32_t)~sign + 1U) ^ (uint32_t)sample0) + (uint32_t)sign; } } } @@ -435,39 +427,34 @@ Hacl_Impl_Frodo_Pack_frodo_pack( uint8_t *res ) { - uint32_t n = n1 * n2 / (uint32_t)8U; - for (uint32_t i = (uint32_t)0U; i < n; i++) + uint32_t n = n1 * n2 / 8U; + for (uint32_t i = 0U; i < n; i++) { - uint16_t *a1 = a + (uint32_t)8U * i; + uint16_t *a1 = a + 8U * i; uint8_t *r = res + d * i; - uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U; + uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U; uint8_t v16[16U] = { 0U }; - uint16_t a0 = a1[0U] & maskd; - uint16_t a11 = a1[1U] & maskd; - uint16_t a2 = a1[2U] & maskd; - uint16_t a3 = a1[3U] & maskd; - uint16_t a4 = a1[4U] & maskd; - uint16_t a5 = a1[5U] & maskd; - uint16_t a6 = a1[6U] & maskd; - uint16_t a7 = a1[7U] & maskd; + uint16_t a0 = (uint32_t)a1[0U] & (uint32_t)maskd; + uint16_t a11 = (uint32_t)a1[1U] & (uint32_t)maskd; + uint16_t a2 = (uint32_t)a1[2U] & (uint32_t)maskd; + uint16_t a3 = (uint32_t)a1[3U] & (uint32_t)maskd; + uint16_t a4 = (uint32_t)a1[4U] & (uint32_t)maskd; + uint16_t a5 = (uint32_t)a1[5U] & (uint32_t)maskd; + uint16_t a6 = (uint32_t)a1[6U] & (uint32_t)maskd; + uint16_t a7 = (uint32_t)a1[7U] & (uint32_t)maskd; FStar_UInt128_uint128 templong = FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a0), - (uint32_t)7U * d), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11), - (uint32_t)6U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2), - (uint32_t)5U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3), - (uint32_t)4U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4), - (uint32_t)3U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5), - (uint32_t)2U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), (uint32_t)1U * d)), - FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), (uint32_t)0U * d)); + 7U * d), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a11), 6U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a2), 5U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a3), 4U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a4), 3U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a5), 2U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a6), 1U * d)), + FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)a7), 0U * d)); store128_be(v16, templong); - uint8_t *src = v16 + (uint32_t)16U - d; + uint8_t *src = v16 + 16U - d; memcpy(r, src, d * sizeof (uint8_t)); } } @@ -481,48 +468,48 @@ Hacl_Impl_Frodo_Pack_frodo_unpack( uint16_t *res ) { - uint32_t n = n1 * n2 / (uint32_t)8U; - for (uint32_t i = (uint32_t)0U; i < n; i++) + uint32_t n = n1 * n2 / 8U; + for (uint32_t i = 0U; i < n; i++) { uint8_t *b1 = b + d * i; - uint16_t *r = res + (uint32_t)8U * i; - uint16_t maskd = (uint16_t)((uint32_t)1U << d) - (uint16_t)1U; + uint16_t *r = res + 8U * i; + uint16_t maskd = (uint32_t)(uint16_t)(1U << d) - 1U; uint8_t src[16U] = { 0U }; - memcpy(src + (uint32_t)16U - d, b1, d * sizeof (uint8_t)); + memcpy(src + 16U - d, b1, d * sizeof (uint8_t)); FStar_UInt128_uint128 u = load128_be(src); FStar_UInt128_uint128 templong = u; r[0U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)7U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 7U * d)) + & (uint32_t)maskd; r[1U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)6U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 6U * d)) + & (uint32_t)maskd; r[2U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)5U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 5U * d)) + & (uint32_t)maskd; r[3U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)4U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 4U * d)) + & (uint32_t)maskd; r[4U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)3U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 3U * d)) + & (uint32_t)maskd; r[5U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)2U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 2U * d)) + & (uint32_t)maskd; r[6U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)1U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 1U * d)) + & (uint32_t)maskd; r[7U] = - (uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, - (uint32_t)0U * d)) - & maskd; + (uint32_t)(uint16_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(templong, + 0U * d)) + & (uint32_t)maskd; } } @@ -535,7 +522,7 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode( uint16_t *res ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++) + for (uint32_t i0 = 0U; i0 < n; i0++) { uint8_t v8[8U] = { 0U }; uint8_t *chunk = a + i0 * b; @@ -544,11 +531,11 @@ Hacl_Impl_Frodo_Encode_frodo_key_encode( uint64_t x = u; uint64_t x0 = x; KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - uint64_t rk = x0 >> b * i & (((uint64_t)1U << b) - (uint64_t)1U); - res[i0 * n + i] = (uint16_t)rk << (logq - b);); + 0U, + 8U, + 1U, + uint64_t rk = x0 >> b * i & ((1ULL << b) - 1ULL); + res[i0 * n + i] = (uint32_t)(uint16_t)rk << (logq - b);); } } @@ -561,16 +548,16 @@ Hacl_Impl_Frodo_Encode_frodo_key_decode( uint8_t *res ) { - for (uint32_t i0 = (uint32_t)0U; i0 < n; i0++) + for (uint32_t i0 = 0U; i0 < n; i0++) { - uint64_t templong = (uint64_t)0U; + uint64_t templong = 0ULL; KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, + 0U, + 8U, + 1U, uint16_t aik = a[i0 * n + i]; - uint16_t res1 = (aik + ((uint16_t)1U << (logq - b - (uint32_t)1U))) >> (logq - b); - templong = templong | (uint64_t)(res1 & (((uint16_t)1U << b) - (uint16_t)1U)) << b * i;); + uint16_t res1 = (((uint32_t)aik + (1U << (logq - b - 1U))) & 0xFFFFU) >> (logq - b); + templong = templong | (uint64_t)((uint32_t)res1 & ((1U << b) - 1U)) << b * i;); uint64_t templong0 = templong; uint8_t v8[8U] = { 0U }; store64_le(v8, templong0); diff --git a/include/msvc/internal/Hacl_Hash_Blake2.h b/include/msvc/internal/Hacl_HMAC.h similarity index 82% rename from include/msvc/internal/Hacl_Hash_Blake2.h rename to include/msvc/internal/Hacl_HMAC.h index 8f308bd9..ad344c4c 100644 --- a/include/msvc/internal/Hacl_Hash_Blake2.h +++ b/include/msvc/internal/Hacl_HMAC.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_Hash_Blake2_H -#define __internal_Hacl_Hash_Blake2_H +#ifndef __internal_Hacl_HMAC_H +#define __internal_Hacl_HMAC_H #if defined(__cplusplus) extern "C" { @@ -35,8 +35,12 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "internal/Hacl_Impl_Blake2_Constants.h" -#include "../Hacl_Hash_Blake2.h" +#include "internal/Hacl_Krmllib.h" +#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_Hash_SHA1.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" +#include "../Hacl_HMAC.h" typedef struct K___uint32_t_uint32_t_s { @@ -49,5 +53,5 @@ K___uint32_t_uint32_t; } #endif -#define __internal_Hacl_Hash_Blake2_H_DEFINED +#define __internal_Hacl_HMAC_H_DEFINED #endif diff --git a/include/msvc/internal/Hacl_Hash_Blake2b.h b/include/msvc/internal/Hacl_Hash_Blake2b.h new file mode 100644 index 00000000..21689d60 --- /dev/null +++ b/include/msvc/internal/Hacl_Hash_Blake2b.h @@ -0,0 +1,70 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_Hash_Blake2b_H +#define __internal_Hacl_Hash_Blake2b_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2b.h" + +void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn); + +void +Hacl_Hash_Blake2b_update_multi( + uint32_t len, + uint64_t *wv, + uint64_t *hash, + FStar_UInt128_uint128 prev, + uint8_t *blocks, + uint32_t nb +); + +void +Hacl_Hash_Blake2b_update_last( + uint32_t len, + uint64_t *wv, + uint64_t *hash, + FStar_UInt128_uint128 prev, + uint32_t rem, + uint8_t *d +); + +void Hacl_Hash_Blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash); + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_Hash_Blake2b_H_DEFINED +#endif diff --git a/include/msvc/Hacl_Hash_Blake2b_256.h b/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h similarity index 61% rename from include/msvc/Hacl_Hash_Blake2b_256.h rename to include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h index 88bf9ab2..4cc07869 100644 --- a/include/msvc/Hacl_Hash_Blake2b_256.h +++ b/include/msvc/internal/Hacl_Hash_Blake2b_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Hash_Blake2b_256_H -#define __Hacl_Hash_Blake2b_256_H +#ifndef __internal_Hacl_Hash_Blake2b_Simd256_H +#define __internal_Hacl_Hash_Blake2b_Simd256_H #if defined(__cplusplus) extern "C" { @@ -35,24 +35,15 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" -#include "Hacl_Krmllib.h" +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2b_Simd256.h" #include "libintvector.h" void -Hacl_Blake2b_256_blake2b_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn); +Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t kk, uint32_t nn); void -Hacl_Blake2b_256_blake2b_update_key( - Lib_IntVector_Intrinsics_vec256 *wv, - Lib_IntVector_Intrinsics_vec256 *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2b_256_blake2b_update_multi( +Hacl_Hash_Blake2b_Simd256_update_multi( uint32_t len, Lib_IntVector_Intrinsics_vec256 *wv, Lib_IntVector_Intrinsics_vec256 *hash, @@ -62,7 +53,7 @@ Hacl_Blake2b_256_blake2b_update_multi( ); void -Hacl_Blake2b_256_blake2b_update_last( +Hacl_Hash_Blake2b_Simd256_update_last( uint32_t len, Lib_IntVector_Intrinsics_vec256 *wv, Lib_IntVector_Intrinsics_vec256 *hash, @@ -72,49 +63,29 @@ Hacl_Blake2b_256_blake2b_update_last( ); void -Hacl_Blake2b_256_blake2b_finish( +Hacl_Hash_Blake2b_Simd256_finish( uint32_t nn, uint8_t *output, Lib_IntVector_Intrinsics_vec256 *hash ); -/** -Write the BLAKE2b digest of message `d` using key `k` into `output`. - -@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2b_256_blake2b( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - void -Hacl_Blake2b_256_load_state256b_from_state32( +Hacl_Hash_Blake2b_Simd256_load_state256b_from_state32( Lib_IntVector_Intrinsics_vec256 *st, uint64_t *st32 ); void -Hacl_Blake2b_256_store_state256b_to_state32( +Hacl_Hash_Blake2b_Simd256_store_state256b_to_state32( uint64_t *st32, Lib_IntVector_Intrinsics_vec256 *st ); -Lib_IntVector_Intrinsics_vec256 *Hacl_Blake2b_256_blake2b_malloc(void); +Lib_IntVector_Intrinsics_vec256 *Hacl_Hash_Blake2b_Simd256_malloc_with_key(void); #if defined(__cplusplus) } #endif -#define __Hacl_Hash_Blake2b_256_H_DEFINED +#define __internal_Hacl_Hash_Blake2b_Simd256_H_DEFINED #endif diff --git a/include/msvc/internal/Hacl_Hash_Blake2s.h b/include/msvc/internal/Hacl_Hash_Blake2s.h new file mode 100644 index 00000000..f814aa95 --- /dev/null +++ b/include/msvc/internal/Hacl_Hash_Blake2s.h @@ -0,0 +1,70 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_Hash_Blake2s_H +#define __internal_Hacl_Hash_Blake2s_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2s.h" + +void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn); + +void +Hacl_Hash_Blake2s_update_multi( + uint32_t len, + uint32_t *wv, + uint32_t *hash, + uint64_t prev, + uint8_t *blocks, + uint32_t nb +); + +void +Hacl_Hash_Blake2s_update_last( + uint32_t len, + uint32_t *wv, + uint32_t *hash, + uint64_t prev, + uint32_t rem, + uint8_t *d +); + +void Hacl_Hash_Blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash); + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_Hash_Blake2s_H_DEFINED +#endif diff --git a/include/Hacl_Hash_Blake2s_128.h b/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h similarity index 61% rename from include/Hacl_Hash_Blake2s_128.h rename to include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h index 0e424152..0589aec5 100644 --- a/include/Hacl_Hash_Blake2s_128.h +++ b/include/msvc/internal/Hacl_Hash_Blake2s_Simd128.h @@ -23,8 +23,8 @@ */ -#ifndef __Hacl_Hash_Blake2s_128_H -#define __Hacl_Hash_Blake2s_128_H +#ifndef __internal_Hacl_Hash_Blake2s_Simd128_H +#define __internal_Hacl_Hash_Blake2s_Simd128_H #if defined(__cplusplus) extern "C" { @@ -35,23 +35,15 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "Lib_Memzero0.h" +#include "internal/Hacl_Impl_Blake2_Constants.h" +#include "../Hacl_Hash_Blake2s_Simd128.h" #include "libintvector.h" void -Hacl_Blake2s_128_blake2s_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn); +Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t kk, uint32_t nn); void -Hacl_Blake2s_128_blake2s_update_key( - Lib_IntVector_Intrinsics_vec128 *wv, - Lib_IntVector_Intrinsics_vec128 *hash, - uint32_t kk, - uint8_t *k, - uint32_t ll -); - -void -Hacl_Blake2s_128_blake2s_update_multi( +Hacl_Hash_Blake2s_Simd128_update_multi( uint32_t len, Lib_IntVector_Intrinsics_vec128 *wv, Lib_IntVector_Intrinsics_vec128 *hash, @@ -61,7 +53,7 @@ Hacl_Blake2s_128_blake2s_update_multi( ); void -Hacl_Blake2s_128_blake2s_update_last( +Hacl_Hash_Blake2s_Simd128_update_last( uint32_t len, Lib_IntVector_Intrinsics_vec128 *wv, Lib_IntVector_Intrinsics_vec128 *hash, @@ -71,49 +63,29 @@ Hacl_Blake2s_128_blake2s_update_last( ); void -Hacl_Blake2s_128_blake2s_finish( +Hacl_Hash_Blake2s_Simd128_finish( uint32_t nn, uint8_t *output, Lib_IntVector_Intrinsics_vec128 *hash ); -/** -Write the BLAKE2s digest of message `d` using key `k` into `output`. - -@param nn Length of to-be-generated digest with 1 <= `nn` <= 32. -@param output Pointer to `nn` bytes of memory where the digest is written to. -@param ll Length of the input message. -@param d Pointer to `ll` bytes of memory where the input message is read from. -@param kk Length of the key. Can be 0. -@param k Pointer to `kk` bytes of memory where the key is read from. -*/ -void -Hacl_Blake2s_128_blake2s( - uint32_t nn, - uint8_t *output, - uint32_t ll, - uint8_t *d, - uint32_t kk, - uint8_t *k -); - void -Hacl_Blake2s_128_store_state128s_to_state32( +Hacl_Hash_Blake2s_Simd128_store_state128s_to_state32( uint32_t *st32, Lib_IntVector_Intrinsics_vec128 *st ); void -Hacl_Blake2s_128_load_state128s_from_state32( +Hacl_Hash_Blake2s_Simd128_load_state128s_from_state32( Lib_IntVector_Intrinsics_vec128 *st, uint32_t *st32 ); -Lib_IntVector_Intrinsics_vec128 *Hacl_Blake2s_128_blake2s_malloc(void); +Lib_IntVector_Intrinsics_vec128 *Hacl_Hash_Blake2s_Simd128_malloc_with_key(void); #if defined(__cplusplus) } #endif -#define __Hacl_Hash_Blake2s_128_H_DEFINED +#define __internal_Hacl_Hash_Blake2s_Simd128_H_DEFINED #endif diff --git a/include/msvc/internal/Hacl_Hash_MD5.h b/include/msvc/internal/Hacl_Hash_MD5.h index 7fd567f3..dd77aaf1 100644 --- a/include/msvc/internal/Hacl_Hash_MD5.h +++ b/include/msvc/internal/Hacl_Hash_MD5.h @@ -37,21 +37,16 @@ extern "C" { #include "../Hacl_Hash_MD5.h" -void Hacl_Hash_Core_MD5_legacy_init(uint32_t *s); +void Hacl_Hash_MD5_init(uint32_t *s); -void Hacl_Hash_Core_MD5_legacy_finish(uint32_t *s, uint8_t *dst); +void Hacl_Hash_MD5_finish(uint32_t *s, uint8_t *dst); -void Hacl_Hash_MD5_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); +void Hacl_Hash_MD5_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); void -Hacl_Hash_MD5_legacy_update_last( - uint32_t *s, - uint64_t prev_len, - uint8_t *input, - uint32_t input_len -); - -void Hacl_Hash_MD5_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +Hacl_Hash_MD5_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len); + +void Hacl_Hash_MD5_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/msvc/internal/Hacl_Hash_SHA1.h b/include/msvc/internal/Hacl_Hash_SHA1.h index 72cf492c..ed53be55 100644 --- a/include/msvc/internal/Hacl_Hash_SHA1.h +++ b/include/msvc/internal/Hacl_Hash_SHA1.h @@ -37,21 +37,16 @@ extern "C" { #include "../Hacl_Hash_SHA1.h" -void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s); +void Hacl_Hash_SHA1_init(uint32_t *s); -void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst); +void Hacl_Hash_SHA1_finish(uint32_t *s, uint8_t *dst); -void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); +void Hacl_Hash_SHA1_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks); void -Hacl_Hash_SHA1_legacy_update_last( - uint32_t *s, - uint64_t prev_len, - uint8_t *input, - uint32_t input_len -); - -void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst); +Hacl_Hash_SHA1_update_last(uint32_t *s, uint64_t prev_len, uint8_t *input, uint32_t input_len); + +void Hacl_Hash_SHA1_hash_oneshot(uint8_t *output, uint8_t *input, uint32_t input_len); #if defined(__cplusplus) } diff --git a/include/msvc/internal/Hacl_Hash_SHA2.h b/include/msvc/internal/Hacl_Hash_SHA2.h index bbffdc50..7dade3f3 100644 --- a/include/msvc/internal/Hacl_Hash_SHA2.h +++ b/include/msvc/internal/Hacl_Hash_SHA2.h @@ -40,141 +40,121 @@ extern "C" { static const uint32_t -Hacl_Impl_SHA2_Generic_h224[8U] = +Hacl_Hash_SHA2_h224[8U] = { - (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U, - (uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U + 0xc1059ed8U, 0x367cd507U, 0x3070dd17U, 0xf70e5939U, 0xffc00b31U, 0x68581511U, 0x64f98fa7U, + 0xbefa4fa4U }; static const uint32_t -Hacl_Impl_SHA2_Generic_h256[8U] = +Hacl_Hash_SHA2_h256[8U] = { - (uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU, - (uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U + 0x6a09e667U, 0xbb67ae85U, 0x3c6ef372U, 0xa54ff53aU, 0x510e527fU, 0x9b05688cU, 0x1f83d9abU, + 0x5be0cd19U }; static const uint64_t -Hacl_Impl_SHA2_Generic_h384[8U] = +Hacl_Hash_SHA2_h384[8U] = { - (uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U, - (uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U, - (uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U + 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL }; static const uint64_t -Hacl_Impl_SHA2_Generic_h512[8U] = +Hacl_Hash_SHA2_h512[8U] = { - (uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU, - (uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU, - (uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; static const uint32_t -Hacl_Impl_SHA2_Generic_k224_256[64U] = +Hacl_Hash_SHA2_k224_256[64U] = { - (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U, - (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U, - (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U, - (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U, - (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU, - (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU, - (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U, - (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U, - (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U, - (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U, - (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U, - (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U, - (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U, - (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U, - (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U, - (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U + 0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U, + 0xab1c5ed5U, 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU, + 0x9bdc06a7U, 0xc19bf174U, 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU, + 0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU, 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U, + 0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U, 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU, + 0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U, 0xa2bfe8a1U, 0xa81a664bU, + 0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U, 0x19a4c116U, + 0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U, + 0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U, + 0xc67178f2U }; static const uint64_t -Hacl_Impl_SHA2_Generic_k384_512[80U] = +Hacl_Hash_SHA2_k384_512[80U] = { - (uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU, - (uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U, - (uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U, - (uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U, - (uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U, - (uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U, - (uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U, - (uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U, - (uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU, - (uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U, - (uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU, - (uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU, - (uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U, - (uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U, - (uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U, - (uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U, - (uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U, - (uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU, - (uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU, - (uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU, - (uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U, - (uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U, - (uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU, - (uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU, - (uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU, - (uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU, - (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL }; -void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash); +void Hacl_Hash_SHA2_sha256_init(uint32_t *hash); -void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st); +void Hacl_Hash_SHA2_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st); void -Hacl_SHA2_Scalar32_sha256_update_last( - uint64_t totlen, - uint32_t len, - uint8_t *b, - uint32_t *hash -); +Hacl_Hash_SHA2_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash); -void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h); -void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash); +void Hacl_Hash_SHA2_sha224_init(uint32_t *hash); void -Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st); +Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st); -void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha224_finish(uint32_t *st, uint8_t *h); -void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash); +void Hacl_Hash_SHA2_sha512_init(uint64_t *hash); -void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); +void Hacl_Hash_SHA2_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); void -Hacl_SHA2_Scalar32_sha512_update_last( +Hacl_Hash_SHA2_sha512_update_last( FStar_UInt128_uint128 totlen, uint32_t len, uint8_t *b, uint64_t *hash ); -void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha512_finish(uint64_t *st, uint8_t *h); -void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash); +void Hacl_Hash_SHA2_sha384_init(uint64_t *hash); -void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); +void Hacl_Hash_SHA2_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st); void -Hacl_SHA2_Scalar32_sha384_update_last( +Hacl_Hash_SHA2_sha384_update_last( FStar_UInt128_uint128 totlen, uint32_t len, uint8_t *b, uint64_t *st ); -void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h); +void Hacl_Hash_SHA2_sha384_finish(uint64_t *st, uint8_t *h); #if defined(__cplusplus) } diff --git a/include/msvc/internal/Hacl_Hash_SHA3.h b/include/msvc/internal/Hacl_Hash_SHA3.h index 6f53d37c..1c8129fb 100644 --- a/include/msvc/internal/Hacl_Hash_SHA3.h +++ b/include/msvc/internal/Hacl_Hash_SHA3.h @@ -53,9 +53,9 @@ Hacl_Hash_SHA3_update_last_sha3( uint32_t input_len ); -void Hacl_Impl_SHA3_state_permute(uint64_t *s); +void Hacl_Hash_SHA3_state_permute(uint64_t *s); -void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s); +void Hacl_Hash_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, uint64_t *s); #if defined(__cplusplus) } diff --git a/include/msvc/internal/Hacl_Impl_Blake2_Constants.h b/include/msvc/internal/Hacl_Impl_Blake2_Constants.h index 185317ba..aedc2486 100644 --- a/include/msvc/internal/Hacl_Impl_Blake2_Constants.h +++ b/include/msvc/internal/Hacl_Impl_Blake2_Constants.h @@ -37,52 +37,32 @@ extern "C" { static const uint32_t -Hacl_Impl_Blake2_Constants_sigmaTable[160U] = +Hacl_Hash_Blake2s_sigmaTable[160U] = { - (uint32_t)0U, (uint32_t)1U, (uint32_t)2U, (uint32_t)3U, (uint32_t)4U, (uint32_t)5U, - (uint32_t)6U, (uint32_t)7U, (uint32_t)8U, (uint32_t)9U, (uint32_t)10U, (uint32_t)11U, - (uint32_t)12U, (uint32_t)13U, (uint32_t)14U, (uint32_t)15U, (uint32_t)14U, (uint32_t)10U, - (uint32_t)4U, (uint32_t)8U, (uint32_t)9U, (uint32_t)15U, (uint32_t)13U, (uint32_t)6U, - (uint32_t)1U, (uint32_t)12U, (uint32_t)0U, (uint32_t)2U, (uint32_t)11U, (uint32_t)7U, - (uint32_t)5U, (uint32_t)3U, (uint32_t)11U, (uint32_t)8U, (uint32_t)12U, (uint32_t)0U, - (uint32_t)5U, (uint32_t)2U, (uint32_t)15U, (uint32_t)13U, (uint32_t)10U, (uint32_t)14U, - (uint32_t)3U, (uint32_t)6U, (uint32_t)7U, (uint32_t)1U, (uint32_t)9U, (uint32_t)4U, - (uint32_t)7U, (uint32_t)9U, (uint32_t)3U, (uint32_t)1U, (uint32_t)13U, (uint32_t)12U, - (uint32_t)11U, (uint32_t)14U, (uint32_t)2U, (uint32_t)6U, (uint32_t)5U, (uint32_t)10U, - (uint32_t)4U, (uint32_t)0U, (uint32_t)15U, (uint32_t)8U, (uint32_t)9U, (uint32_t)0U, - (uint32_t)5U, (uint32_t)7U, (uint32_t)2U, (uint32_t)4U, (uint32_t)10U, (uint32_t)15U, - (uint32_t)14U, (uint32_t)1U, (uint32_t)11U, (uint32_t)12U, (uint32_t)6U, (uint32_t)8U, - (uint32_t)3U, (uint32_t)13U, (uint32_t)2U, (uint32_t)12U, (uint32_t)6U, (uint32_t)10U, - (uint32_t)0U, (uint32_t)11U, (uint32_t)8U, (uint32_t)3U, (uint32_t)4U, (uint32_t)13U, - (uint32_t)7U, (uint32_t)5U, (uint32_t)15U, (uint32_t)14U, (uint32_t)1U, (uint32_t)9U, - (uint32_t)12U, (uint32_t)5U, (uint32_t)1U, (uint32_t)15U, (uint32_t)14U, (uint32_t)13U, - (uint32_t)4U, (uint32_t)10U, (uint32_t)0U, (uint32_t)7U, (uint32_t)6U, (uint32_t)3U, - (uint32_t)9U, (uint32_t)2U, (uint32_t)8U, (uint32_t)11U, (uint32_t)13U, (uint32_t)11U, - (uint32_t)7U, (uint32_t)14U, (uint32_t)12U, (uint32_t)1U, (uint32_t)3U, (uint32_t)9U, - (uint32_t)5U, (uint32_t)0U, (uint32_t)15U, (uint32_t)4U, (uint32_t)8U, (uint32_t)6U, - (uint32_t)2U, (uint32_t)10U, (uint32_t)6U, (uint32_t)15U, (uint32_t)14U, (uint32_t)9U, - (uint32_t)11U, (uint32_t)3U, (uint32_t)0U, (uint32_t)8U, (uint32_t)12U, (uint32_t)2U, - (uint32_t)13U, (uint32_t)7U, (uint32_t)1U, (uint32_t)4U, (uint32_t)10U, (uint32_t)5U, - (uint32_t)10U, (uint32_t)2U, (uint32_t)8U, (uint32_t)4U, (uint32_t)7U, (uint32_t)6U, - (uint32_t)1U, (uint32_t)5U, (uint32_t)15U, (uint32_t)11U, (uint32_t)9U, (uint32_t)14U, - (uint32_t)3U, (uint32_t)12U, (uint32_t)13U + 0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 14U, 10U, 4U, 8U, 9U, 15U, + 13U, 6U, 1U, 12U, 0U, 2U, 11U, 7U, 5U, 3U, 11U, 8U, 12U, 0U, 5U, 2U, 15U, 13U, 10U, 14U, 3U, 6U, + 7U, 1U, 9U, 4U, 7U, 9U, 3U, 1U, 13U, 12U, 11U, 14U, 2U, 6U, 5U, 10U, 4U, 0U, 15U, 8U, 9U, 0U, + 5U, 7U, 2U, 4U, 10U, 15U, 14U, 1U, 11U, 12U, 6U, 8U, 3U, 13U, 2U, 12U, 6U, 10U, 0U, 11U, 8U, 3U, + 4U, 13U, 7U, 5U, 15U, 14U, 1U, 9U, 12U, 5U, 1U, 15U, 14U, 13U, 4U, 10U, 0U, 7U, 6U, 3U, 9U, 2U, + 8U, 11U, 13U, 11U, 7U, 14U, 12U, 1U, 3U, 9U, 5U, 0U, 15U, 4U, 8U, 6U, 2U, 10U, 6U, 15U, 14U, 9U, + 11U, 3U, 0U, 8U, 12U, 2U, 13U, 7U, 1U, 4U, 10U, 5U, 10U, 2U, 8U, 4U, 7U, 6U, 1U, 5U, 15U, 11U, + 9U, 14U, 3U, 12U, 13U }; static const uint32_t -Hacl_Impl_Blake2_Constants_ivTable_S[8U] = +Hacl_Hash_Blake2s_ivTable_S[8U] = { - (uint32_t)0x6A09E667U, (uint32_t)0xBB67AE85U, (uint32_t)0x3C6EF372U, (uint32_t)0xA54FF53AU, - (uint32_t)0x510E527FU, (uint32_t)0x9B05688CU, (uint32_t)0x1F83D9ABU, (uint32_t)0x5BE0CD19U + 0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU, 0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, + 0x5BE0CD19U }; static const uint64_t -Hacl_Impl_Blake2_Constants_ivTable_B[8U] = +Hacl_Hash_Blake2s_ivTable_B[8U] = { - (uint64_t)0x6A09E667F3BCC908U, (uint64_t)0xBB67AE8584CAA73BU, (uint64_t)0x3C6EF372FE94F82BU, - (uint64_t)0xA54FF53A5F1D36F1U, (uint64_t)0x510E527FADE682D1U, (uint64_t)0x9B05688C2B3E6C1FU, - (uint64_t)0x1F83D9ABFB41BD6BU, (uint64_t)0x5BE0CD19137E2179U + 0x6A09E667F3BCC908ULL, 0xBB67AE8584CAA73BULL, 0x3C6EF372FE94F82BULL, 0xA54FF53A5F1D36F1ULL, + 0x510E527FADE682D1ULL, 0x9B05688C2B3E6C1FULL, 0x1F83D9ABFB41BD6BULL, 0x5BE0CD19137E2179ULL }; #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h b/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h index c746c411..80cbdd52 100644 --- a/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h +++ b/include/msvc/internal/Hacl_Impl_FFDHE_Constants.h @@ -35,528 +35,265 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { (uint8_t)0x02U }; +static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_g2[1U] = { 0x02U }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p2048[256U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x28U, - (uint8_t)0x5CU, (uint8_t)0x97U, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x28U, 0x5CU, + 0x97U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p3072[384U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0xC6U, (uint8_t)0x2EU, (uint8_t)0x37U, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0xC6U, 0x2EU, 0x37U, 0xFFU, + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p4096[512U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU, - (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU, - (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U, - (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U, - (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U, - (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U, - (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U, - (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U, - (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU, - (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U, - (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U, - (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U, - (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U, - (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU, - (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U, - (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U, - (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U, - (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU, - (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U, - (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U, - (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU, - (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x65U, (uint8_t)0x5FU, (uint8_t)0x6AU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU, + 0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U, + 0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU, + 0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU, + 0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU, + 0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U, + 0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU, + 0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U, + 0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU, + 0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U, + 0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x65U, 0x5FU, 0x6AU, 0xFFU, 0xFFU, 0xFFU, + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p6144[768U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU, - (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU, - (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U, - (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U, - (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U, - (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U, - (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U, - (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U, - (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU, - (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U, - (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U, - (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U, - (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U, - (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU, - (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U, - (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U, - (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U, - (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU, - (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U, - (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U, - (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU, - (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U, - (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U, - (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU, - (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU, - (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U, - (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U, - (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U, - (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU, - (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU, - (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU, - (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU, - (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U, - (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U, - (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U, - (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU, - (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU, - (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U, - (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U, - (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU, - (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU, - (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U, - (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U, - (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU, - (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU, - (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U, - (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U, - (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U, - (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U, - (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU, - (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U, - (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U, - (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU, - (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU, - (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU, - (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U, - (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU, - (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U, - (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU, - (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU, - (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U, - (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U, - (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U, - (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU, - (uint8_t)0xD0U, (uint8_t)0xE4U, (uint8_t)0x0EU, (uint8_t)0x65U, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU, + 0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U, + 0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU, + 0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU, + 0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU, + 0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U, + 0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU, + 0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U, + 0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU, + 0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U, + 0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U, + 0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU, + 0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU, + 0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU, + 0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU, + 0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU, + 0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U, + 0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U, + 0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU, + 0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U, + 0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U, + 0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U, + 0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU, + 0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U, + 0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U, + 0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU, + 0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U, + 0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U, + 0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U, + 0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU, + 0x32U, 0x9CU, 0xD0U, 0xE4U, 0x0EU, 0x65U, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, + 0xFFU }; static const uint8_t Hacl_Impl_FFDHE_Constants_ffdhe_p8192[1024U] = { - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xADU, (uint8_t)0xF8U, (uint8_t)0x54U, (uint8_t)0x58U, - (uint8_t)0xA2U, (uint8_t)0xBBU, (uint8_t)0x4AU, (uint8_t)0x9AU, (uint8_t)0xAFU, (uint8_t)0xDCU, - (uint8_t)0x56U, (uint8_t)0x20U, (uint8_t)0x27U, (uint8_t)0x3DU, (uint8_t)0x3CU, (uint8_t)0xF1U, - (uint8_t)0xD8U, (uint8_t)0xB9U, (uint8_t)0xC5U, (uint8_t)0x83U, (uint8_t)0xCEU, (uint8_t)0x2DU, - (uint8_t)0x36U, (uint8_t)0x95U, (uint8_t)0xA9U, (uint8_t)0xE1U, (uint8_t)0x36U, (uint8_t)0x41U, - (uint8_t)0x14U, (uint8_t)0x64U, (uint8_t)0x33U, (uint8_t)0xFBU, (uint8_t)0xCCU, (uint8_t)0x93U, - (uint8_t)0x9DU, (uint8_t)0xCEU, (uint8_t)0x24U, (uint8_t)0x9BU, (uint8_t)0x3EU, (uint8_t)0xF9U, - (uint8_t)0x7DU, (uint8_t)0x2FU, (uint8_t)0xE3U, (uint8_t)0x63U, (uint8_t)0x63U, (uint8_t)0x0CU, - (uint8_t)0x75U, (uint8_t)0xD8U, (uint8_t)0xF6U, (uint8_t)0x81U, (uint8_t)0xB2U, (uint8_t)0x02U, - (uint8_t)0xAEU, (uint8_t)0xC4U, (uint8_t)0x61U, (uint8_t)0x7AU, (uint8_t)0xD3U, (uint8_t)0xDFU, - (uint8_t)0x1EU, (uint8_t)0xD5U, (uint8_t)0xD5U, (uint8_t)0xFDU, (uint8_t)0x65U, (uint8_t)0x61U, - (uint8_t)0x24U, (uint8_t)0x33U, (uint8_t)0xF5U, (uint8_t)0x1FU, (uint8_t)0x5FU, (uint8_t)0x06U, - (uint8_t)0x6EU, (uint8_t)0xD0U, (uint8_t)0x85U, (uint8_t)0x63U, (uint8_t)0x65U, (uint8_t)0x55U, - (uint8_t)0x3DU, (uint8_t)0xEDU, (uint8_t)0x1AU, (uint8_t)0xF3U, (uint8_t)0xB5U, (uint8_t)0x57U, - (uint8_t)0x13U, (uint8_t)0x5EU, (uint8_t)0x7FU, (uint8_t)0x57U, (uint8_t)0xC9U, (uint8_t)0x35U, - (uint8_t)0x98U, (uint8_t)0x4FU, (uint8_t)0x0CU, (uint8_t)0x70U, (uint8_t)0xE0U, (uint8_t)0xE6U, - (uint8_t)0x8BU, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0xA6U, (uint8_t)0x89U, (uint8_t)0xDAU, - (uint8_t)0xF3U, (uint8_t)0xEFU, (uint8_t)0xE8U, (uint8_t)0x72U, (uint8_t)0x1DU, (uint8_t)0xF1U, - (uint8_t)0x58U, (uint8_t)0xA1U, (uint8_t)0x36U, (uint8_t)0xADU, (uint8_t)0xE7U, (uint8_t)0x35U, - (uint8_t)0x30U, (uint8_t)0xACU, (uint8_t)0xCAU, (uint8_t)0x4FU, (uint8_t)0x48U, (uint8_t)0x3AU, - (uint8_t)0x79U, (uint8_t)0x7AU, (uint8_t)0xBCU, (uint8_t)0x0AU, (uint8_t)0xB1U, (uint8_t)0x82U, - (uint8_t)0xB3U, (uint8_t)0x24U, (uint8_t)0xFBU, (uint8_t)0x61U, (uint8_t)0xD1U, (uint8_t)0x08U, - (uint8_t)0xA9U, (uint8_t)0x4BU, (uint8_t)0xB2U, (uint8_t)0xC8U, (uint8_t)0xE3U, (uint8_t)0xFBU, - (uint8_t)0xB9U, (uint8_t)0x6AU, (uint8_t)0xDAU, (uint8_t)0xB7U, (uint8_t)0x60U, (uint8_t)0xD7U, - (uint8_t)0xF4U, (uint8_t)0x68U, (uint8_t)0x1DU, (uint8_t)0x4FU, (uint8_t)0x42U, (uint8_t)0xA3U, - (uint8_t)0xDEU, (uint8_t)0x39U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xAEU, (uint8_t)0x56U, - (uint8_t)0xEDU, (uint8_t)0xE7U, (uint8_t)0x63U, (uint8_t)0x72U, (uint8_t)0xBBU, (uint8_t)0x19U, - (uint8_t)0x0BU, (uint8_t)0x07U, (uint8_t)0xA7U, (uint8_t)0xC8U, (uint8_t)0xEEU, (uint8_t)0x0AU, - (uint8_t)0x6DU, (uint8_t)0x70U, (uint8_t)0x9EU, (uint8_t)0x02U, (uint8_t)0xFCU, (uint8_t)0xE1U, - (uint8_t)0xCDU, (uint8_t)0xF7U, (uint8_t)0xE2U, (uint8_t)0xECU, (uint8_t)0xC0U, (uint8_t)0x34U, - (uint8_t)0x04U, (uint8_t)0xCDU, (uint8_t)0x28U, (uint8_t)0x34U, (uint8_t)0x2FU, (uint8_t)0x61U, - (uint8_t)0x91U, (uint8_t)0x72U, (uint8_t)0xFEU, (uint8_t)0x9CU, (uint8_t)0xE9U, (uint8_t)0x85U, - (uint8_t)0x83U, (uint8_t)0xFFU, (uint8_t)0x8EU, (uint8_t)0x4FU, (uint8_t)0x12U, (uint8_t)0x32U, - (uint8_t)0xEEU, (uint8_t)0xF2U, (uint8_t)0x81U, (uint8_t)0x83U, (uint8_t)0xC3U, (uint8_t)0xFEU, - (uint8_t)0x3BU, (uint8_t)0x1BU, (uint8_t)0x4CU, (uint8_t)0x6FU, (uint8_t)0xADU, (uint8_t)0x73U, - (uint8_t)0x3BU, (uint8_t)0xB5U, (uint8_t)0xFCU, (uint8_t)0xBCU, (uint8_t)0x2EU, (uint8_t)0xC2U, - (uint8_t)0x20U, (uint8_t)0x05U, (uint8_t)0xC5U, (uint8_t)0x8EU, (uint8_t)0xF1U, (uint8_t)0x83U, - (uint8_t)0x7DU, (uint8_t)0x16U, (uint8_t)0x83U, (uint8_t)0xB2U, (uint8_t)0xC6U, (uint8_t)0xF3U, - (uint8_t)0x4AU, (uint8_t)0x26U, (uint8_t)0xC1U, (uint8_t)0xB2U, (uint8_t)0xEFU, (uint8_t)0xFAU, - (uint8_t)0x88U, (uint8_t)0x6BU, (uint8_t)0x42U, (uint8_t)0x38U, (uint8_t)0x61U, (uint8_t)0x1FU, - (uint8_t)0xCFU, (uint8_t)0xDCU, (uint8_t)0xDEU, (uint8_t)0x35U, (uint8_t)0x5BU, (uint8_t)0x3BU, - (uint8_t)0x65U, (uint8_t)0x19U, (uint8_t)0x03U, (uint8_t)0x5BU, (uint8_t)0xBCU, (uint8_t)0x34U, - (uint8_t)0xF4U, (uint8_t)0xDEU, (uint8_t)0xF9U, (uint8_t)0x9CU, (uint8_t)0x02U, (uint8_t)0x38U, - (uint8_t)0x61U, (uint8_t)0xB4U, (uint8_t)0x6FU, (uint8_t)0xC9U, (uint8_t)0xD6U, (uint8_t)0xE6U, - (uint8_t)0xC9U, (uint8_t)0x07U, (uint8_t)0x7AU, (uint8_t)0xD9U, (uint8_t)0x1DU, (uint8_t)0x26U, - (uint8_t)0x91U, (uint8_t)0xF7U, (uint8_t)0xF7U, (uint8_t)0xEEU, (uint8_t)0x59U, (uint8_t)0x8CU, - (uint8_t)0xB0U, (uint8_t)0xFAU, (uint8_t)0xC1U, (uint8_t)0x86U, (uint8_t)0xD9U, (uint8_t)0x1CU, - (uint8_t)0xAEU, (uint8_t)0xFEU, (uint8_t)0x13U, (uint8_t)0x09U, (uint8_t)0x85U, (uint8_t)0x13U, - (uint8_t)0x92U, (uint8_t)0x70U, (uint8_t)0xB4U, (uint8_t)0x13U, (uint8_t)0x0CU, (uint8_t)0x93U, - (uint8_t)0xBCU, (uint8_t)0x43U, (uint8_t)0x79U, (uint8_t)0x44U, (uint8_t)0xF4U, (uint8_t)0xFDU, - (uint8_t)0x44U, (uint8_t)0x52U, (uint8_t)0xE2U, (uint8_t)0xD7U, (uint8_t)0x4DU, (uint8_t)0xD3U, - (uint8_t)0x64U, (uint8_t)0xF2U, (uint8_t)0xE2U, (uint8_t)0x1EU, (uint8_t)0x71U, (uint8_t)0xF5U, - (uint8_t)0x4BU, (uint8_t)0xFFU, (uint8_t)0x5CU, (uint8_t)0xAEU, (uint8_t)0x82U, (uint8_t)0xABU, - (uint8_t)0x9CU, (uint8_t)0x9DU, (uint8_t)0xF6U, (uint8_t)0x9EU, (uint8_t)0xE8U, (uint8_t)0x6DU, - (uint8_t)0x2BU, (uint8_t)0xC5U, (uint8_t)0x22U, (uint8_t)0x36U, (uint8_t)0x3AU, (uint8_t)0x0DU, - (uint8_t)0xABU, (uint8_t)0xC5U, (uint8_t)0x21U, (uint8_t)0x97U, (uint8_t)0x9BU, (uint8_t)0x0DU, - (uint8_t)0xEAU, (uint8_t)0xDAU, (uint8_t)0x1DU, (uint8_t)0xBFU, (uint8_t)0x9AU, (uint8_t)0x42U, - (uint8_t)0xD5U, (uint8_t)0xC4U, (uint8_t)0x48U, (uint8_t)0x4EU, (uint8_t)0x0AU, (uint8_t)0xBCU, - (uint8_t)0xD0U, (uint8_t)0x6BU, (uint8_t)0xFAU, (uint8_t)0x53U, (uint8_t)0xDDU, (uint8_t)0xEFU, - (uint8_t)0x3CU, (uint8_t)0x1BU, (uint8_t)0x20U, (uint8_t)0xEEU, (uint8_t)0x3FU, (uint8_t)0xD5U, - (uint8_t)0x9DU, (uint8_t)0x7CU, (uint8_t)0x25U, (uint8_t)0xE4U, (uint8_t)0x1DU, (uint8_t)0x2BU, - (uint8_t)0x66U, (uint8_t)0x9EU, (uint8_t)0x1EU, (uint8_t)0xF1U, (uint8_t)0x6EU, (uint8_t)0x6FU, - (uint8_t)0x52U, (uint8_t)0xC3U, (uint8_t)0x16U, (uint8_t)0x4DU, (uint8_t)0xF4U, (uint8_t)0xFBU, - (uint8_t)0x79U, (uint8_t)0x30U, (uint8_t)0xE9U, (uint8_t)0xE4U, (uint8_t)0xE5U, (uint8_t)0x88U, - (uint8_t)0x57U, (uint8_t)0xB6U, (uint8_t)0xACU, (uint8_t)0x7DU, (uint8_t)0x5FU, (uint8_t)0x42U, - (uint8_t)0xD6U, (uint8_t)0x9FU, (uint8_t)0x6DU, (uint8_t)0x18U, (uint8_t)0x77U, (uint8_t)0x63U, - (uint8_t)0xCFU, (uint8_t)0x1DU, (uint8_t)0x55U, (uint8_t)0x03U, (uint8_t)0x40U, (uint8_t)0x04U, - (uint8_t)0x87U, (uint8_t)0xF5U, (uint8_t)0x5BU, (uint8_t)0xA5U, (uint8_t)0x7EU, (uint8_t)0x31U, - (uint8_t)0xCCU, (uint8_t)0x7AU, (uint8_t)0x71U, (uint8_t)0x35U, (uint8_t)0xC8U, (uint8_t)0x86U, - (uint8_t)0xEFU, (uint8_t)0xB4U, (uint8_t)0x31U, (uint8_t)0x8AU, (uint8_t)0xEDU, (uint8_t)0x6AU, - (uint8_t)0x1EU, (uint8_t)0x01U, (uint8_t)0x2DU, (uint8_t)0x9EU, (uint8_t)0x68U, (uint8_t)0x32U, - (uint8_t)0xA9U, (uint8_t)0x07U, (uint8_t)0x60U, (uint8_t)0x0AU, (uint8_t)0x91U, (uint8_t)0x81U, - (uint8_t)0x30U, (uint8_t)0xC4U, (uint8_t)0x6DU, (uint8_t)0xC7U, (uint8_t)0x78U, (uint8_t)0xF9U, - (uint8_t)0x71U, (uint8_t)0xADU, (uint8_t)0x00U, (uint8_t)0x38U, (uint8_t)0x09U, (uint8_t)0x29U, - (uint8_t)0x99U, (uint8_t)0xA3U, (uint8_t)0x33U, (uint8_t)0xCBU, (uint8_t)0x8BU, (uint8_t)0x7AU, - (uint8_t)0x1AU, (uint8_t)0x1DU, (uint8_t)0xB9U, (uint8_t)0x3DU, (uint8_t)0x71U, (uint8_t)0x40U, - (uint8_t)0x00U, (uint8_t)0x3CU, (uint8_t)0x2AU, (uint8_t)0x4EU, (uint8_t)0xCEU, (uint8_t)0xA9U, - (uint8_t)0xF9U, (uint8_t)0x8DU, (uint8_t)0x0AU, (uint8_t)0xCCU, (uint8_t)0x0AU, (uint8_t)0x82U, - (uint8_t)0x91U, (uint8_t)0xCDU, (uint8_t)0xCEU, (uint8_t)0xC9U, (uint8_t)0x7DU, (uint8_t)0xCFU, - (uint8_t)0x8EU, (uint8_t)0xC9U, (uint8_t)0xB5U, (uint8_t)0x5AU, (uint8_t)0x7FU, (uint8_t)0x88U, - (uint8_t)0xA4U, (uint8_t)0x6BU, (uint8_t)0x4DU, (uint8_t)0xB5U, (uint8_t)0xA8U, (uint8_t)0x51U, - (uint8_t)0xF4U, (uint8_t)0x41U, (uint8_t)0x82U, (uint8_t)0xE1U, (uint8_t)0xC6U, (uint8_t)0x8AU, - (uint8_t)0x00U, (uint8_t)0x7EU, (uint8_t)0x5EU, (uint8_t)0x0DU, (uint8_t)0xD9U, (uint8_t)0x02U, - (uint8_t)0x0BU, (uint8_t)0xFDU, (uint8_t)0x64U, (uint8_t)0xB6U, (uint8_t)0x45U, (uint8_t)0x03U, - (uint8_t)0x6CU, (uint8_t)0x7AU, (uint8_t)0x4EU, (uint8_t)0x67U, (uint8_t)0x7DU, (uint8_t)0x2CU, - (uint8_t)0x38U, (uint8_t)0x53U, (uint8_t)0x2AU, (uint8_t)0x3AU, (uint8_t)0x23U, (uint8_t)0xBAU, - (uint8_t)0x44U, (uint8_t)0x42U, (uint8_t)0xCAU, (uint8_t)0xF5U, (uint8_t)0x3EU, (uint8_t)0xA6U, - (uint8_t)0x3BU, (uint8_t)0xB4U, (uint8_t)0x54U, (uint8_t)0x32U, (uint8_t)0x9BU, (uint8_t)0x76U, - (uint8_t)0x24U, (uint8_t)0xC8U, (uint8_t)0x91U, (uint8_t)0x7BU, (uint8_t)0xDDU, (uint8_t)0x64U, - (uint8_t)0xB1U, (uint8_t)0xC0U, (uint8_t)0xFDU, (uint8_t)0x4CU, (uint8_t)0xB3U, (uint8_t)0x8EU, - (uint8_t)0x8CU, (uint8_t)0x33U, (uint8_t)0x4CU, (uint8_t)0x70U, (uint8_t)0x1CU, (uint8_t)0x3AU, - (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x06U, (uint8_t)0x57U, (uint8_t)0xFCU, (uint8_t)0xCFU, - (uint8_t)0xECU, (uint8_t)0x71U, (uint8_t)0x9BU, (uint8_t)0x1FU, (uint8_t)0x5CU, (uint8_t)0x3EU, - (uint8_t)0x4EU, (uint8_t)0x46U, (uint8_t)0x04U, (uint8_t)0x1FU, (uint8_t)0x38U, (uint8_t)0x81U, - (uint8_t)0x47U, (uint8_t)0xFBU, (uint8_t)0x4CU, (uint8_t)0xFDU, (uint8_t)0xB4U, (uint8_t)0x77U, - (uint8_t)0xA5U, (uint8_t)0x24U, (uint8_t)0x71U, (uint8_t)0xF7U, (uint8_t)0xA9U, (uint8_t)0xA9U, - (uint8_t)0x69U, (uint8_t)0x10U, (uint8_t)0xB8U, (uint8_t)0x55U, (uint8_t)0x32U, (uint8_t)0x2EU, - (uint8_t)0xDBU, (uint8_t)0x63U, (uint8_t)0x40U, (uint8_t)0xD8U, (uint8_t)0xA0U, (uint8_t)0x0EU, - (uint8_t)0xF0U, (uint8_t)0x92U, (uint8_t)0x35U, (uint8_t)0x05U, (uint8_t)0x11U, (uint8_t)0xE3U, - (uint8_t)0x0AU, (uint8_t)0xBEU, (uint8_t)0xC1U, (uint8_t)0xFFU, (uint8_t)0xF9U, (uint8_t)0xE3U, - (uint8_t)0xA2U, (uint8_t)0x6EU, (uint8_t)0x7FU, (uint8_t)0xB2U, (uint8_t)0x9FU, (uint8_t)0x8CU, - (uint8_t)0x18U, (uint8_t)0x30U, (uint8_t)0x23U, (uint8_t)0xC3U, (uint8_t)0x58U, (uint8_t)0x7EU, - (uint8_t)0x38U, (uint8_t)0xDAU, (uint8_t)0x00U, (uint8_t)0x77U, (uint8_t)0xD9U, (uint8_t)0xB4U, - (uint8_t)0x76U, (uint8_t)0x3EU, (uint8_t)0x4EU, (uint8_t)0x4BU, (uint8_t)0x94U, (uint8_t)0xB2U, - (uint8_t)0xBBU, (uint8_t)0xC1U, (uint8_t)0x94U, (uint8_t)0xC6U, (uint8_t)0x65U, (uint8_t)0x1EU, - (uint8_t)0x77U, (uint8_t)0xCAU, (uint8_t)0xF9U, (uint8_t)0x92U, (uint8_t)0xEEU, (uint8_t)0xAAU, - (uint8_t)0xC0U, (uint8_t)0x23U, (uint8_t)0x2AU, (uint8_t)0x28U, (uint8_t)0x1BU, (uint8_t)0xF6U, - (uint8_t)0xB3U, (uint8_t)0xA7U, (uint8_t)0x39U, (uint8_t)0xC1U, (uint8_t)0x22U, (uint8_t)0x61U, - (uint8_t)0x16U, (uint8_t)0x82U, (uint8_t)0x0AU, (uint8_t)0xE8U, (uint8_t)0xDBU, (uint8_t)0x58U, - (uint8_t)0x47U, (uint8_t)0xA6U, (uint8_t)0x7CU, (uint8_t)0xBEU, (uint8_t)0xF9U, (uint8_t)0xC9U, - (uint8_t)0x09U, (uint8_t)0x1BU, (uint8_t)0x46U, (uint8_t)0x2DU, (uint8_t)0x53U, (uint8_t)0x8CU, - (uint8_t)0xD7U, (uint8_t)0x2BU, (uint8_t)0x03U, (uint8_t)0x74U, (uint8_t)0x6AU, (uint8_t)0xE7U, - (uint8_t)0x7FU, (uint8_t)0x5EU, (uint8_t)0x62U, (uint8_t)0x29U, (uint8_t)0x2CU, (uint8_t)0x31U, - (uint8_t)0x15U, (uint8_t)0x62U, (uint8_t)0xA8U, (uint8_t)0x46U, (uint8_t)0x50U, (uint8_t)0x5DU, - (uint8_t)0xC8U, (uint8_t)0x2DU, (uint8_t)0xB8U, (uint8_t)0x54U, (uint8_t)0x33U, (uint8_t)0x8AU, - (uint8_t)0xE4U, (uint8_t)0x9FU, (uint8_t)0x52U, (uint8_t)0x35U, (uint8_t)0xC9U, (uint8_t)0x5BU, - (uint8_t)0x91U, (uint8_t)0x17U, (uint8_t)0x8CU, (uint8_t)0xCFU, (uint8_t)0x2DU, (uint8_t)0xD5U, - (uint8_t)0xCAU, (uint8_t)0xCEU, (uint8_t)0xF4U, (uint8_t)0x03U, (uint8_t)0xECU, (uint8_t)0x9DU, - (uint8_t)0x18U, (uint8_t)0x10U, (uint8_t)0xC6U, (uint8_t)0x27U, (uint8_t)0x2BU, (uint8_t)0x04U, - (uint8_t)0x5BU, (uint8_t)0x3BU, (uint8_t)0x71U, (uint8_t)0xF9U, (uint8_t)0xDCU, (uint8_t)0x6BU, - (uint8_t)0x80U, (uint8_t)0xD6U, (uint8_t)0x3FU, (uint8_t)0xDDU, (uint8_t)0x4AU, (uint8_t)0x8EU, - (uint8_t)0x9AU, (uint8_t)0xDBU, (uint8_t)0x1EU, (uint8_t)0x69U, (uint8_t)0x62U, (uint8_t)0xA6U, - (uint8_t)0x95U, (uint8_t)0x26U, (uint8_t)0xD4U, (uint8_t)0x31U, (uint8_t)0x61U, (uint8_t)0xC1U, - (uint8_t)0xA4U, (uint8_t)0x1DU, (uint8_t)0x57U, (uint8_t)0x0DU, (uint8_t)0x79U, (uint8_t)0x38U, - (uint8_t)0xDAU, (uint8_t)0xD4U, (uint8_t)0xA4U, (uint8_t)0x0EU, (uint8_t)0x32U, (uint8_t)0x9CU, - (uint8_t)0xCFU, (uint8_t)0xF4U, (uint8_t)0x6AU, (uint8_t)0xAAU, (uint8_t)0x36U, (uint8_t)0xADU, - (uint8_t)0x00U, (uint8_t)0x4CU, (uint8_t)0xF6U, (uint8_t)0x00U, (uint8_t)0xC8U, (uint8_t)0x38U, - (uint8_t)0x1EU, (uint8_t)0x42U, (uint8_t)0x5AU, (uint8_t)0x31U, (uint8_t)0xD9U, (uint8_t)0x51U, - (uint8_t)0xAEU, (uint8_t)0x64U, (uint8_t)0xFDU, (uint8_t)0xB2U, (uint8_t)0x3FU, (uint8_t)0xCEU, - (uint8_t)0xC9U, (uint8_t)0x50U, (uint8_t)0x9DU, (uint8_t)0x43U, (uint8_t)0x68U, (uint8_t)0x7FU, - (uint8_t)0xEBU, (uint8_t)0x69U, (uint8_t)0xEDU, (uint8_t)0xD1U, (uint8_t)0xCCU, (uint8_t)0x5EU, - (uint8_t)0x0BU, (uint8_t)0x8CU, (uint8_t)0xC3U, (uint8_t)0xBDU, (uint8_t)0xF6U, (uint8_t)0x4BU, - (uint8_t)0x10U, (uint8_t)0xEFU, (uint8_t)0x86U, (uint8_t)0xB6U, (uint8_t)0x31U, (uint8_t)0x42U, - (uint8_t)0xA3U, (uint8_t)0xABU, (uint8_t)0x88U, (uint8_t)0x29U, (uint8_t)0x55U, (uint8_t)0x5BU, - (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x7CU, (uint8_t)0x93U, (uint8_t)0x26U, (uint8_t)0x65U, - (uint8_t)0xCBU, (uint8_t)0x2CU, (uint8_t)0x0FU, (uint8_t)0x1CU, (uint8_t)0xC0U, (uint8_t)0x1BU, - (uint8_t)0xD7U, (uint8_t)0x02U, (uint8_t)0x29U, (uint8_t)0x38U, (uint8_t)0x88U, (uint8_t)0x39U, - (uint8_t)0xD2U, (uint8_t)0xAFU, (uint8_t)0x05U, (uint8_t)0xE4U, (uint8_t)0x54U, (uint8_t)0x50U, - (uint8_t)0x4AU, (uint8_t)0xC7U, (uint8_t)0x8BU, (uint8_t)0x75U, (uint8_t)0x82U, (uint8_t)0x82U, - (uint8_t)0x28U, (uint8_t)0x46U, (uint8_t)0xC0U, (uint8_t)0xBAU, (uint8_t)0x35U, (uint8_t)0xC3U, - (uint8_t)0x5FU, (uint8_t)0x5CU, (uint8_t)0x59U, (uint8_t)0x16U, (uint8_t)0x0CU, (uint8_t)0xC0U, - (uint8_t)0x46U, (uint8_t)0xFDU, (uint8_t)0x82U, (uint8_t)0x51U, (uint8_t)0x54U, (uint8_t)0x1FU, - (uint8_t)0xC6U, (uint8_t)0x8CU, (uint8_t)0x9CU, (uint8_t)0x86U, (uint8_t)0xB0U, (uint8_t)0x22U, - (uint8_t)0xBBU, (uint8_t)0x70U, (uint8_t)0x99U, (uint8_t)0x87U, (uint8_t)0x6AU, (uint8_t)0x46U, - (uint8_t)0x0EU, (uint8_t)0x74U, (uint8_t)0x51U, (uint8_t)0xA8U, (uint8_t)0xA9U, (uint8_t)0x31U, - (uint8_t)0x09U, (uint8_t)0x70U, (uint8_t)0x3FU, (uint8_t)0xEEU, (uint8_t)0x1CU, (uint8_t)0x21U, - (uint8_t)0x7EU, (uint8_t)0x6CU, (uint8_t)0x38U, (uint8_t)0x26U, (uint8_t)0xE5U, (uint8_t)0x2CU, - (uint8_t)0x51U, (uint8_t)0xAAU, (uint8_t)0x69U, (uint8_t)0x1EU, (uint8_t)0x0EU, (uint8_t)0x42U, - (uint8_t)0x3CU, (uint8_t)0xFCU, (uint8_t)0x99U, (uint8_t)0xE9U, (uint8_t)0xE3U, (uint8_t)0x16U, - (uint8_t)0x50U, (uint8_t)0xC1U, (uint8_t)0x21U, (uint8_t)0x7BU, (uint8_t)0x62U, (uint8_t)0x48U, - (uint8_t)0x16U, (uint8_t)0xCDU, (uint8_t)0xADU, (uint8_t)0x9AU, (uint8_t)0x95U, (uint8_t)0xF9U, - (uint8_t)0xD5U, (uint8_t)0xB8U, (uint8_t)0x01U, (uint8_t)0x94U, (uint8_t)0x88U, (uint8_t)0xD9U, - (uint8_t)0xC0U, (uint8_t)0xA0U, (uint8_t)0xA1U, (uint8_t)0xFEU, (uint8_t)0x30U, (uint8_t)0x75U, - (uint8_t)0xA5U, (uint8_t)0x77U, (uint8_t)0xE2U, (uint8_t)0x31U, (uint8_t)0x83U, (uint8_t)0xF8U, - (uint8_t)0x1DU, (uint8_t)0x4AU, (uint8_t)0x3FU, (uint8_t)0x2FU, (uint8_t)0xA4U, (uint8_t)0x57U, - (uint8_t)0x1EU, (uint8_t)0xFCU, (uint8_t)0x8CU, (uint8_t)0xE0U, (uint8_t)0xBAU, (uint8_t)0x8AU, - (uint8_t)0x4FU, (uint8_t)0xE8U, (uint8_t)0xB6U, (uint8_t)0x85U, (uint8_t)0x5DU, (uint8_t)0xFEU, - (uint8_t)0x72U, (uint8_t)0xB0U, (uint8_t)0xA6U, (uint8_t)0x6EU, (uint8_t)0xDEU, (uint8_t)0xD2U, - (uint8_t)0xFBU, (uint8_t)0xABU, (uint8_t)0xFBU, (uint8_t)0xE5U, (uint8_t)0x8AU, (uint8_t)0x30U, - (uint8_t)0xFAU, (uint8_t)0xFAU, (uint8_t)0xBEU, (uint8_t)0x1CU, (uint8_t)0x5DU, (uint8_t)0x71U, - (uint8_t)0xA8U, (uint8_t)0x7EU, (uint8_t)0x2FU, (uint8_t)0x74U, (uint8_t)0x1EU, (uint8_t)0xF8U, - (uint8_t)0xC1U, (uint8_t)0xFEU, (uint8_t)0x86U, (uint8_t)0xFEU, (uint8_t)0xA6U, (uint8_t)0xBBU, - (uint8_t)0xFDU, (uint8_t)0xE5U, (uint8_t)0x30U, (uint8_t)0x67U, (uint8_t)0x7FU, (uint8_t)0x0DU, - (uint8_t)0x97U, (uint8_t)0xD1U, (uint8_t)0x1DU, (uint8_t)0x49U, (uint8_t)0xF7U, (uint8_t)0xA8U, - (uint8_t)0x44U, (uint8_t)0x3DU, (uint8_t)0x08U, (uint8_t)0x22U, (uint8_t)0xE5U, (uint8_t)0x06U, - (uint8_t)0xA9U, (uint8_t)0xF4U, (uint8_t)0x61U, (uint8_t)0x4EU, (uint8_t)0x01U, (uint8_t)0x1EU, - (uint8_t)0x2AU, (uint8_t)0x94U, (uint8_t)0x83U, (uint8_t)0x8FU, (uint8_t)0xF8U, (uint8_t)0x8CU, - (uint8_t)0xD6U, (uint8_t)0x8CU, (uint8_t)0x8BU, (uint8_t)0xB7U, (uint8_t)0xC5U, (uint8_t)0xC6U, - (uint8_t)0x42U, (uint8_t)0x4CU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, - (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU, (uint8_t)0xFFU + 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xADU, 0xF8U, 0x54U, 0x58U, 0xA2U, + 0xBBU, 0x4AU, 0x9AU, 0xAFU, 0xDCU, 0x56U, 0x20U, 0x27U, 0x3DU, 0x3CU, 0xF1U, 0xD8U, 0xB9U, + 0xC5U, 0x83U, 0xCEU, 0x2DU, 0x36U, 0x95U, 0xA9U, 0xE1U, 0x36U, 0x41U, 0x14U, 0x64U, 0x33U, + 0xFBU, 0xCCU, 0x93U, 0x9DU, 0xCEU, 0x24U, 0x9BU, 0x3EU, 0xF9U, 0x7DU, 0x2FU, 0xE3U, 0x63U, + 0x63U, 0x0CU, 0x75U, 0xD8U, 0xF6U, 0x81U, 0xB2U, 0x02U, 0xAEU, 0xC4U, 0x61U, 0x7AU, 0xD3U, + 0xDFU, 0x1EU, 0xD5U, 0xD5U, 0xFDU, 0x65U, 0x61U, 0x24U, 0x33U, 0xF5U, 0x1FU, 0x5FU, 0x06U, + 0x6EU, 0xD0U, 0x85U, 0x63U, 0x65U, 0x55U, 0x3DU, 0xEDU, 0x1AU, 0xF3U, 0xB5U, 0x57U, 0x13U, + 0x5EU, 0x7FU, 0x57U, 0xC9U, 0x35U, 0x98U, 0x4FU, 0x0CU, 0x70U, 0xE0U, 0xE6U, 0x8BU, 0x77U, + 0xE2U, 0xA6U, 0x89U, 0xDAU, 0xF3U, 0xEFU, 0xE8U, 0x72U, 0x1DU, 0xF1U, 0x58U, 0xA1U, 0x36U, + 0xADU, 0xE7U, 0x35U, 0x30U, 0xACU, 0xCAU, 0x4FU, 0x48U, 0x3AU, 0x79U, 0x7AU, 0xBCU, 0x0AU, + 0xB1U, 0x82U, 0xB3U, 0x24U, 0xFBU, 0x61U, 0xD1U, 0x08U, 0xA9U, 0x4BU, 0xB2U, 0xC8U, 0xE3U, + 0xFBU, 0xB9U, 0x6AU, 0xDAU, 0xB7U, 0x60U, 0xD7U, 0xF4U, 0x68U, 0x1DU, 0x4FU, 0x42U, 0xA3U, + 0xDEU, 0x39U, 0x4DU, 0xF4U, 0xAEU, 0x56U, 0xEDU, 0xE7U, 0x63U, 0x72U, 0xBBU, 0x19U, 0x0BU, + 0x07U, 0xA7U, 0xC8U, 0xEEU, 0x0AU, 0x6DU, 0x70U, 0x9EU, 0x02U, 0xFCU, 0xE1U, 0xCDU, 0xF7U, + 0xE2U, 0xECU, 0xC0U, 0x34U, 0x04U, 0xCDU, 0x28U, 0x34U, 0x2FU, 0x61U, 0x91U, 0x72U, 0xFEU, + 0x9CU, 0xE9U, 0x85U, 0x83U, 0xFFU, 0x8EU, 0x4FU, 0x12U, 0x32U, 0xEEU, 0xF2U, 0x81U, 0x83U, + 0xC3U, 0xFEU, 0x3BU, 0x1BU, 0x4CU, 0x6FU, 0xADU, 0x73U, 0x3BU, 0xB5U, 0xFCU, 0xBCU, 0x2EU, + 0xC2U, 0x20U, 0x05U, 0xC5U, 0x8EU, 0xF1U, 0x83U, 0x7DU, 0x16U, 0x83U, 0xB2U, 0xC6U, 0xF3U, + 0x4AU, 0x26U, 0xC1U, 0xB2U, 0xEFU, 0xFAU, 0x88U, 0x6BU, 0x42U, 0x38U, 0x61U, 0x1FU, 0xCFU, + 0xDCU, 0xDEU, 0x35U, 0x5BU, 0x3BU, 0x65U, 0x19U, 0x03U, 0x5BU, 0xBCU, 0x34U, 0xF4U, 0xDEU, + 0xF9U, 0x9CU, 0x02U, 0x38U, 0x61U, 0xB4U, 0x6FU, 0xC9U, 0xD6U, 0xE6U, 0xC9U, 0x07U, 0x7AU, + 0xD9U, 0x1DU, 0x26U, 0x91U, 0xF7U, 0xF7U, 0xEEU, 0x59U, 0x8CU, 0xB0U, 0xFAU, 0xC1U, 0x86U, + 0xD9U, 0x1CU, 0xAEU, 0xFEU, 0x13U, 0x09U, 0x85U, 0x13U, 0x92U, 0x70U, 0xB4U, 0x13U, 0x0CU, + 0x93U, 0xBCU, 0x43U, 0x79U, 0x44U, 0xF4U, 0xFDU, 0x44U, 0x52U, 0xE2U, 0xD7U, 0x4DU, 0xD3U, + 0x64U, 0xF2U, 0xE2U, 0x1EU, 0x71U, 0xF5U, 0x4BU, 0xFFU, 0x5CU, 0xAEU, 0x82U, 0xABU, 0x9CU, + 0x9DU, 0xF6U, 0x9EU, 0xE8U, 0x6DU, 0x2BU, 0xC5U, 0x22U, 0x36U, 0x3AU, 0x0DU, 0xABU, 0xC5U, + 0x21U, 0x97U, 0x9BU, 0x0DU, 0xEAU, 0xDAU, 0x1DU, 0xBFU, 0x9AU, 0x42U, 0xD5U, 0xC4U, 0x48U, + 0x4EU, 0x0AU, 0xBCU, 0xD0U, 0x6BU, 0xFAU, 0x53U, 0xDDU, 0xEFU, 0x3CU, 0x1BU, 0x20U, 0xEEU, + 0x3FU, 0xD5U, 0x9DU, 0x7CU, 0x25U, 0xE4U, 0x1DU, 0x2BU, 0x66U, 0x9EU, 0x1EU, 0xF1U, 0x6EU, + 0x6FU, 0x52U, 0xC3U, 0x16U, 0x4DU, 0xF4U, 0xFBU, 0x79U, 0x30U, 0xE9U, 0xE4U, 0xE5U, 0x88U, + 0x57U, 0xB6U, 0xACU, 0x7DU, 0x5FU, 0x42U, 0xD6U, 0x9FU, 0x6DU, 0x18U, 0x77U, 0x63U, 0xCFU, + 0x1DU, 0x55U, 0x03U, 0x40U, 0x04U, 0x87U, 0xF5U, 0x5BU, 0xA5U, 0x7EU, 0x31U, 0xCCU, 0x7AU, + 0x71U, 0x35U, 0xC8U, 0x86U, 0xEFU, 0xB4U, 0x31U, 0x8AU, 0xEDU, 0x6AU, 0x1EU, 0x01U, 0x2DU, + 0x9EU, 0x68U, 0x32U, 0xA9U, 0x07U, 0x60U, 0x0AU, 0x91U, 0x81U, 0x30U, 0xC4U, 0x6DU, 0xC7U, + 0x78U, 0xF9U, 0x71U, 0xADU, 0x00U, 0x38U, 0x09U, 0x29U, 0x99U, 0xA3U, 0x33U, 0xCBU, 0x8BU, + 0x7AU, 0x1AU, 0x1DU, 0xB9U, 0x3DU, 0x71U, 0x40U, 0x00U, 0x3CU, 0x2AU, 0x4EU, 0xCEU, 0xA9U, + 0xF9U, 0x8DU, 0x0AU, 0xCCU, 0x0AU, 0x82U, 0x91U, 0xCDU, 0xCEU, 0xC9U, 0x7DU, 0xCFU, 0x8EU, + 0xC9U, 0xB5U, 0x5AU, 0x7FU, 0x88U, 0xA4U, 0x6BU, 0x4DU, 0xB5U, 0xA8U, 0x51U, 0xF4U, 0x41U, + 0x82U, 0xE1U, 0xC6U, 0x8AU, 0x00U, 0x7EU, 0x5EU, 0x0DU, 0xD9U, 0x02U, 0x0BU, 0xFDU, 0x64U, + 0xB6U, 0x45U, 0x03U, 0x6CU, 0x7AU, 0x4EU, 0x67U, 0x7DU, 0x2CU, 0x38U, 0x53U, 0x2AU, 0x3AU, + 0x23U, 0xBAU, 0x44U, 0x42U, 0xCAU, 0xF5U, 0x3EU, 0xA6U, 0x3BU, 0xB4U, 0x54U, 0x32U, 0x9BU, + 0x76U, 0x24U, 0xC8U, 0x91U, 0x7BU, 0xDDU, 0x64U, 0xB1U, 0xC0U, 0xFDU, 0x4CU, 0xB3U, 0x8EU, + 0x8CU, 0x33U, 0x4CU, 0x70U, 0x1CU, 0x3AU, 0xCDU, 0xADU, 0x06U, 0x57U, 0xFCU, 0xCFU, 0xECU, + 0x71U, 0x9BU, 0x1FU, 0x5CU, 0x3EU, 0x4EU, 0x46U, 0x04U, 0x1FU, 0x38U, 0x81U, 0x47U, 0xFBU, + 0x4CU, 0xFDU, 0xB4U, 0x77U, 0xA5U, 0x24U, 0x71U, 0xF7U, 0xA9U, 0xA9U, 0x69U, 0x10U, 0xB8U, + 0x55U, 0x32U, 0x2EU, 0xDBU, 0x63U, 0x40U, 0xD8U, 0xA0U, 0x0EU, 0xF0U, 0x92U, 0x35U, 0x05U, + 0x11U, 0xE3U, 0x0AU, 0xBEU, 0xC1U, 0xFFU, 0xF9U, 0xE3U, 0xA2U, 0x6EU, 0x7FU, 0xB2U, 0x9FU, + 0x8CU, 0x18U, 0x30U, 0x23U, 0xC3U, 0x58U, 0x7EU, 0x38U, 0xDAU, 0x00U, 0x77U, 0xD9U, 0xB4U, + 0x76U, 0x3EU, 0x4EU, 0x4BU, 0x94U, 0xB2U, 0xBBU, 0xC1U, 0x94U, 0xC6U, 0x65U, 0x1EU, 0x77U, + 0xCAU, 0xF9U, 0x92U, 0xEEU, 0xAAU, 0xC0U, 0x23U, 0x2AU, 0x28U, 0x1BU, 0xF6U, 0xB3U, 0xA7U, + 0x39U, 0xC1U, 0x22U, 0x61U, 0x16U, 0x82U, 0x0AU, 0xE8U, 0xDBU, 0x58U, 0x47U, 0xA6U, 0x7CU, + 0xBEU, 0xF9U, 0xC9U, 0x09U, 0x1BU, 0x46U, 0x2DU, 0x53U, 0x8CU, 0xD7U, 0x2BU, 0x03U, 0x74U, + 0x6AU, 0xE7U, 0x7FU, 0x5EU, 0x62U, 0x29U, 0x2CU, 0x31U, 0x15U, 0x62U, 0xA8U, 0x46U, 0x50U, + 0x5DU, 0xC8U, 0x2DU, 0xB8U, 0x54U, 0x33U, 0x8AU, 0xE4U, 0x9FU, 0x52U, 0x35U, 0xC9U, 0x5BU, + 0x91U, 0x17U, 0x8CU, 0xCFU, 0x2DU, 0xD5U, 0xCAU, 0xCEU, 0xF4U, 0x03U, 0xECU, 0x9DU, 0x18U, + 0x10U, 0xC6U, 0x27U, 0x2BU, 0x04U, 0x5BU, 0x3BU, 0x71U, 0xF9U, 0xDCU, 0x6BU, 0x80U, 0xD6U, + 0x3FU, 0xDDU, 0x4AU, 0x8EU, 0x9AU, 0xDBU, 0x1EU, 0x69U, 0x62U, 0xA6U, 0x95U, 0x26U, 0xD4U, + 0x31U, 0x61U, 0xC1U, 0xA4U, 0x1DU, 0x57U, 0x0DU, 0x79U, 0x38U, 0xDAU, 0xD4U, 0xA4U, 0x0EU, + 0x32U, 0x9CU, 0xCFU, 0xF4U, 0x6AU, 0xAAU, 0x36U, 0xADU, 0x00U, 0x4CU, 0xF6U, 0x00U, 0xC8U, + 0x38U, 0x1EU, 0x42U, 0x5AU, 0x31U, 0xD9U, 0x51U, 0xAEU, 0x64U, 0xFDU, 0xB2U, 0x3FU, 0xCEU, + 0xC9U, 0x50U, 0x9DU, 0x43U, 0x68U, 0x7FU, 0xEBU, 0x69U, 0xEDU, 0xD1U, 0xCCU, 0x5EU, 0x0BU, + 0x8CU, 0xC3U, 0xBDU, 0xF6U, 0x4BU, 0x10U, 0xEFU, 0x86U, 0xB6U, 0x31U, 0x42U, 0xA3U, 0xABU, + 0x88U, 0x29U, 0x55U, 0x5BU, 0x2FU, 0x74U, 0x7CU, 0x93U, 0x26U, 0x65U, 0xCBU, 0x2CU, 0x0FU, + 0x1CU, 0xC0U, 0x1BU, 0xD7U, 0x02U, 0x29U, 0x38U, 0x88U, 0x39U, 0xD2U, 0xAFU, 0x05U, 0xE4U, + 0x54U, 0x50U, 0x4AU, 0xC7U, 0x8BU, 0x75U, 0x82U, 0x82U, 0x28U, 0x46U, 0xC0U, 0xBAU, 0x35U, + 0xC3U, 0x5FU, 0x5CU, 0x59U, 0x16U, 0x0CU, 0xC0U, 0x46U, 0xFDU, 0x82U, 0x51U, 0x54U, 0x1FU, + 0xC6U, 0x8CU, 0x9CU, 0x86U, 0xB0U, 0x22U, 0xBBU, 0x70U, 0x99U, 0x87U, 0x6AU, 0x46U, 0x0EU, + 0x74U, 0x51U, 0xA8U, 0xA9U, 0x31U, 0x09U, 0x70U, 0x3FU, 0xEEU, 0x1CU, 0x21U, 0x7EU, 0x6CU, + 0x38U, 0x26U, 0xE5U, 0x2CU, 0x51U, 0xAAU, 0x69U, 0x1EU, 0x0EU, 0x42U, 0x3CU, 0xFCU, 0x99U, + 0xE9U, 0xE3U, 0x16U, 0x50U, 0xC1U, 0x21U, 0x7BU, 0x62U, 0x48U, 0x16U, 0xCDU, 0xADU, 0x9AU, + 0x95U, 0xF9U, 0xD5U, 0xB8U, 0x01U, 0x94U, 0x88U, 0xD9U, 0xC0U, 0xA0U, 0xA1U, 0xFEU, 0x30U, + 0x75U, 0xA5U, 0x77U, 0xE2U, 0x31U, 0x83U, 0xF8U, 0x1DU, 0x4AU, 0x3FU, 0x2FU, 0xA4U, 0x57U, + 0x1EU, 0xFCU, 0x8CU, 0xE0U, 0xBAU, 0x8AU, 0x4FU, 0xE8U, 0xB6U, 0x85U, 0x5DU, 0xFEU, 0x72U, + 0xB0U, 0xA6U, 0x6EU, 0xDEU, 0xD2U, 0xFBU, 0xABU, 0xFBU, 0xE5U, 0x8AU, 0x30U, 0xFAU, 0xFAU, + 0xBEU, 0x1CU, 0x5DU, 0x71U, 0xA8U, 0x7EU, 0x2FU, 0x74U, 0x1EU, 0xF8U, 0xC1U, 0xFEU, 0x86U, + 0xFEU, 0xA6U, 0xBBU, 0xFDU, 0xE5U, 0x30U, 0x67U, 0x7FU, 0x0DU, 0x97U, 0xD1U, 0x1DU, 0x49U, + 0xF7U, 0xA8U, 0x44U, 0x3DU, 0x08U, 0x22U, 0xE5U, 0x06U, 0xA9U, 0xF4U, 0x61U, 0x4EU, 0x01U, + 0x1EU, 0x2AU, 0x94U, 0x83U, 0x8FU, 0xF8U, 0x8CU, 0xD6U, 0x8CU, 0x8BU, 0xB7U, 0xC5U, 0xC6U, + 0x42U, 0x4CU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU }; #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_K256_PrecompTable.h b/include/msvc/internal/Hacl_K256_PrecompTable.h index 26bdfa1f..ff15f1c9 100644 --- a/include/msvc/internal/Hacl_K256_PrecompTable.h +++ b/include/msvc/internal/Hacl_K256_PrecompTable.h @@ -39,498 +39,378 @@ static const uint64_t Hacl_K256_PrecompTable_precomp_basepoint_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U, - (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U, - (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U, - (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U, - (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U, - (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U, - (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U, - (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U, - (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U, - (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U, - (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U, - (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U, - (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U, - (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U, - (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U, - (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U, - (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U, - (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U, - (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U, - (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U, - (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U, - (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U, - (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U, - (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U, - (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U, - (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U, - (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U, - (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U, - (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U, - (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U, - (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U, - (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U, - (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U, - (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U, - (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U, - (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U, - (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U, - (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U, - (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U, - (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U, - (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U, - (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U, - (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U, - (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U, - (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U, - (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U, - (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U, - (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U, - (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U, - (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U, - (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U, - (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U, - (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U, - (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U, - (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U, - (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U, - (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U, - (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U, - (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U, - (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U, - (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U, - (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U, - (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U, - (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U, - (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U, - (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U, - (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U, - (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U, - (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U, - (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U, - (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U, - (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U, - (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U, - (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t}; static const uint64_t Hacl_K256_PrecompTable_precomp_g_pow2_64_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)4496295042185355U, - (uint64_t)3125448202219451U, (uint64_t)1239608518490046U, (uint64_t)2687445637493112U, - (uint64_t)77979604880139U, (uint64_t)3360310474215011U, (uint64_t)1216410458165163U, - (uint64_t)177901593587973U, (uint64_t)3209978938104985U, (uint64_t)118285133003718U, - (uint64_t)434519962075150U, (uint64_t)1114612377498854U, (uint64_t)3488596944003813U, - (uint64_t)450716531072892U, (uint64_t)66044973203836U, (uint64_t)2822827191156652U, - (uint64_t)2417714248626059U, (uint64_t)2173117567943U, (uint64_t)961513119252459U, - (uint64_t)233852556538333U, (uint64_t)3014783730323962U, (uint64_t)2955192634004574U, - (uint64_t)580546524951282U, (uint64_t)2982973948711252U, (uint64_t)226295722018730U, - (uint64_t)26457116218543U, (uint64_t)3401523493637663U, (uint64_t)2597746825024790U, - (uint64_t)1789211180483113U, (uint64_t)155862365823427U, (uint64_t)4056806876632134U, - (uint64_t)1742291745730568U, (uint64_t)3527759000626890U, (uint64_t)3740578471192596U, - (uint64_t)177295097700537U, (uint64_t)1533961415657770U, (uint64_t)4305228982382487U, - (uint64_t)4069090871282711U, (uint64_t)4090877481646667U, (uint64_t)220939617041498U, - (uint64_t)2057548127959588U, (uint64_t)45185623103252U, (uint64_t)2871963270423449U, - (uint64_t)3312974792248749U, (uint64_t)8710601879528U, (uint64_t)570612225194540U, - (uint64_t)2045632925323972U, (uint64_t)1263913878297555U, (uint64_t)1294592284757719U, - (uint64_t)238067747295054U, (uint64_t)1576659948829386U, (uint64_t)2315159636629917U, - (uint64_t)3624867787891655U, (uint64_t)647628266663887U, (uint64_t)75788399640253U, - (uint64_t)710811707847797U, (uint64_t)130020650130128U, (uint64_t)1975045425972589U, - (uint64_t)136351545314094U, (uint64_t)229292031212337U, (uint64_t)1061471455264148U, - (uint64_t)3281312694184822U, (uint64_t)1692442293921797U, (uint64_t)4171008525509513U, - (uint64_t)275424696197549U, (uint64_t)1170296303921965U, (uint64_t)4154092952807735U, - (uint64_t)4371262070870741U, (uint64_t)835769811036496U, (uint64_t)275812646528189U, - (uint64_t)4006745785521764U, (uint64_t)1965172239781114U, (uint64_t)4121055644916429U, - (uint64_t)3578995380229569U, (uint64_t)169798870760022U, (uint64_t)1834234783016431U, - (uint64_t)3186919121688538U, (uint64_t)1894269993170652U, (uint64_t)868603832348691U, - (uint64_t)110978471368876U, (uint64_t)1659296605881532U, (uint64_t)3257830829309297U, - (uint64_t)3381509832701119U, (uint64_t)4016163121121296U, (uint64_t)265240263496294U, - (uint64_t)4411285343933251U, (uint64_t)728746770806400U, (uint64_t)1767819098558739U, - (uint64_t)3002081480892841U, (uint64_t)96312133241935U, (uint64_t)468184501392107U, - (uint64_t)2061529496271208U, (uint64_t)801565111628867U, (uint64_t)3380678576799273U, - (uint64_t)121814978170941U, (uint64_t)3340363319165433U, (uint64_t)2764604325746928U, - (uint64_t)4475755976431968U, (uint64_t)3678073419927081U, (uint64_t)237001357924061U, - (uint64_t)4110487014553450U, (uint64_t)442517757833404U, (uint64_t)3976758767423859U, - (uint64_t)2559863799262476U, (uint64_t)178144664279213U, (uint64_t)2488702171798051U, - (uint64_t)4292079598620208U, (uint64_t)1642918280217329U, (uint64_t)3694920319798108U, - (uint64_t)111735528281657U, (uint64_t)2904433967156033U, (uint64_t)4391518032143166U, - (uint64_t)3018885875516259U, (uint64_t)3730342681447122U, (uint64_t)10320273322750U, - (uint64_t)555845881555519U, (uint64_t)58355404017985U, (uint64_t)379009359053696U, - (uint64_t)450317203955503U, (uint64_t)271063299686173U, (uint64_t)910340241794202U, - (uint64_t)4145234574853890U, (uint64_t)2059755654702755U, (uint64_t)626530377112246U, - (uint64_t)188918989156857U, (uint64_t)3316657461542117U, (uint64_t)778033563170765U, - (uint64_t)3568562306532187U, (uint64_t)2888619469733481U, (uint64_t)4364919962337U, - (uint64_t)4095057288587059U, (uint64_t)2275461355379988U, (uint64_t)1507422995910897U, - (uint64_t)3737691697116252U, (uint64_t)28779913258578U, (uint64_t)131453301647952U, - (uint64_t)3613515597508469U, (uint64_t)2389606941441321U, (uint64_t)2135459302594806U, - (uint64_t)105517262484263U, (uint64_t)2973432939331401U, (uint64_t)3447096622477885U, - (uint64_t)684654106536844U, (uint64_t)2815198316729695U, (uint64_t)280303067216071U, - (uint64_t)1841014812927024U, (uint64_t)1181026273060917U, (uint64_t)4092989148457730U, - (uint64_t)1381045116206278U, (uint64_t)112475725893965U, (uint64_t)2309144740156686U, - (uint64_t)1558825847609352U, (uint64_t)2008068002046292U, (uint64_t)3153511625856423U, - (uint64_t)38469701427673U, (uint64_t)4240572315518056U, (uint64_t)2295170987320580U, - (uint64_t)187734093837094U, (uint64_t)301041528077172U, (uint64_t)234553141005715U, - (uint64_t)4170513699279606U, (uint64_t)1600132848196146U, (uint64_t)3149113064155689U, - (uint64_t)2733255352600949U, (uint64_t)144915931419495U, (uint64_t)1221012073888926U, - (uint64_t)4395668111081710U, (uint64_t)2464799161496070U, (uint64_t)3664256125241313U, - (uint64_t)239705368981290U, (uint64_t)1415181408539490U, (uint64_t)2551836620449074U, - (uint64_t)3003106895689578U, (uint64_t)968947218886924U, (uint64_t)270781532362673U, - (uint64_t)2905980714350372U, (uint64_t)3246927349288975U, (uint64_t)2653377642686974U, - (uint64_t)1577457093418263U, (uint64_t)279488238785848U, (uint64_t)568335962564552U, - (uint64_t)4251365041645758U, (uint64_t)1257832559776007U, (uint64_t)2424022444243863U, - (uint64_t)261166122046343U, (uint64_t)4399874608082116U, (uint64_t)640509987891568U, - (uint64_t)3119706885332220U, (uint64_t)1990185416694007U, (uint64_t)119390098529341U, - (uint64_t)220106534694050U, (uint64_t)937225880034895U, (uint64_t)656288151358882U, - (uint64_t)1766967254772100U, (uint64_t)197900790969750U, (uint64_t)2992539221608875U, - (uint64_t)3960297171111858U, (uint64_t)3499202002925081U, (uint64_t)1103060980924705U, - (uint64_t)13670895919578U, (uint64_t)430132744187721U, (uint64_t)1206771838050953U, - (uint64_t)2474749300167198U, (uint64_t)296299539510780U, (uint64_t)61565517686436U, - (uint64_t)752778559080573U, (uint64_t)3049015829565410U, (uint64_t)3538647632527371U, - (uint64_t)1640473028662032U, (uint64_t)182488721849306U, (uint64_t)1234378482161516U, - (uint64_t)3736205988606381U, (uint64_t)2814216844344487U, (uint64_t)3877249891529557U, - (uint64_t)51681412928433U, (uint64_t)4275336620301239U, (uint64_t)3084074032750651U, - (uint64_t)42732308350456U, (uint64_t)3648603591552229U, (uint64_t)142450621701603U, - (uint64_t)4020045475009854U, (uint64_t)1050293952073054U, (uint64_t)1974773673079851U, - (uint64_t)1815515638724020U, (uint64_t}; static const uint64_t Hacl_K256_PrecompTable_precomp_g_pow2_128_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1277614565900951U, - (uint64_t)378671684419493U, (uint64_t)3176260448102880U, (uint64_t)1575691435565077U, - (uint64_t)167304528382180U, (uint64_t)2600787765776588U, (uint64_t)7497946149293U, - (uint64_t)2184272641272202U, (uint64_t)2200235265236628U, (uint64_t)265969268774814U, - (uint64_t)1913228635640715U, (uint64_t)2831959046949342U, (uint64_t)888030405442963U, - (uint64_t)1817092932985033U, (uint64_t)101515844997121U, (uint64_t)3309468394859588U, - (uint64_t)3965334773689948U, (uint64_t)1945272965790738U, (uint64_t)4450939211427964U, - (uint64_t)211349698782702U, (uint64_t)2085160302160079U, (uint64_t)212812506072603U, - (uint64_t)3646122434511764U, (uint64_t)1711405092320514U, (uint64_t)95160920508464U, - (uint64_t)1677683368518073U, (uint64_t)4384656939250953U, (uint64_t)3548591046529893U, - (uint64_t)1683233536091384U, (uint64_t)105919586159941U, (uint64_t)1941416002726455U, - (uint64_t)246264372248216U, (uint64_t)3063044110922228U, (uint64_t)3772292170415825U, - (uint64_t)222933374989815U, (uint64_t)2417211163452935U, (uint64_t)2018230365573200U, - (uint64_t)1985974538911047U, (uint64_t)1387197705332739U, (uint64_t)186400825584956U, - (uint64_t)2469330487750329U, (uint64_t)1291983813301638U, (uint64_t)333416733706302U, - (uint64_t)3413315564261070U, (uint64_t)189444777569683U, (uint64_t)1062005622360420U, - (uint64_t)1800197715938740U, (uint64_t)3693110992551647U, (uint64_t)626990328941945U, - (uint64_t)40998857100520U, (uint64_t)3921983552805085U, (uint64_t)1016632437340656U, - (uint64_t)4016615929950878U, (uint64_t)2682554586771281U, (uint64_t)7043555162389U, - (uint64_t)3333819830676567U, (uint64_t)4120091964944036U, (uint64_t)1960788263484015U, - (uint64_t)1642145656273304U, (uint64_t)252814075789128U, (uint64_t)3085777342821357U, - (uint64_t)4166637997604052U, (uint64_t)1339401689756469U, (uint64_t)845938529607551U, - (uint64_t)223351828189283U, (uint64_t)1148648705186890U, (uint64_t)1230525014760605U, - (uint64_t)1869739475126720U, (uint64_t)4193966261205530U, (uint64_t)175684010336013U, - (uint64_t)4476719358931508U, (uint64_t)4209547487457638U, (uint64_t)2197536411673724U, - (uint64_t)3010838433412303U, (uint64_t)169318997251483U, (uint64_t)49493868302162U, - (uint64_t)3594601099078584U, (uint64_t)3662420905445942U, (uint64_t)3606544932233685U, - (uint64_t)270643652662165U, (uint64_t)180681786228544U, (uint64_t)2095882682308564U, - (uint64_t)813484483841391U, (uint64_t)1622665392824698U, (uint64_t)113821770225137U, - (uint64_t)3075432444115417U, (uint64_t)716502989978722U, (uint64_t)2304779892217245U, - (uint64_t)1760144151770127U, (uint64_t)235719156963938U, (uint64_t)3180013070471143U, - (uint64_t)1331027634540579U, (uint64_t)552273022992392U, (uint64_t)2858693077461887U, - (uint64_t)197914407731510U, (uint64_t)187252310910959U, (uint64_t)4160637171377125U, - (uint64_t)3225059526713298U, (uint64_t)2574558217383978U, (uint64_t)249695600622489U, - (uint64_t)364988742814327U, (uint64_t)4245298536326258U, (uint64_t)1812464706589342U, - (uint64_t)2734857123772998U, (uint64_t)120105577124628U, (uint64_t)160179251271109U, - (uint64_t)3604555733307834U, (uint64_t)150380003195715U, (uint64_t)1574304909935121U, - (uint64_t)142190285600761U, (uint64_t)1835385847725651U, (uint64_t)3168087139615901U, - (uint64_t)3201434861713736U, (uint64_t)741757984537760U, (uint64_t)163585009419543U, - (uint64_t)3837997981109783U, (uint64_t)3771946407870997U, (uint64_t)2867641360295452U, - (uint64_t)3097548691501578U, (uint64_t)124624912142104U, (uint64_t)2729896088769328U, - (uint64_t)1087786827035225U, (uint64_t)3934000813818614U, (uint64_t)1176792318645055U, - (uint64_t)125311882169270U, (uint64_t)3530709439299502U, (uint64_t)1561477829834527U, - (uint64_t)3927894570196761U, (uint64_t)3957765307669212U, (uint64_t)105720519513730U, - (uint64_t)3758969845816997U, (uint64_t)2738320452287300U, (uint64_t)2380753632109507U, - (uint64_t)2762090901149075U, (uint64_t)123455059136515U, (uint64_t)4222807813169807U, - (uint64_t)118064783651432U, (uint64_t)2877694712254934U, (uint64_t)3535027426396448U, - (uint64_t)100175663703417U, (uint64_t)3287921121213155U, (uint64_t)4497246481824206U, - (uint64_t)1960809949007025U, (uint64_t)3236854264159102U, (uint64_t)35028112623717U, - (uint64_t)338838627913273U, (uint64_t)2827531947914645U, (uint64_t)4231826783810670U, - (uint64_t)1082490106100389U, (uint64_t)13267544387448U, (uint64_t)4249975884259105U, - (uint64_t)2844862161652484U, (uint64_t)262742197948971U, (uint64_t)3525653802457116U, - (uint64_t)269963889261701U, (uint64_t)3690062482117102U, (uint64_t)675413453822147U, - (uint64_t)2170937868437574U, (uint64_t)2367632187022010U, (uint64_t)214032802409445U, - (uint64_t)2054007379612477U, (uint64_t)3558050826739009U, (uint64_t)266827184752634U, - (uint64_t)1946520293291195U, (uint64_t)238087872386556U, (uint64_t)490056555385700U, - (uint64_t)794405769357386U, (uint64_t)3886901294859702U, (uint64_t)3120414548626348U, - (uint64_t)84316625221136U, (uint64_t)223073962531835U, (uint64_t)4280846460577631U, - (uint64_t)344296282849308U, (uint64_t)3522116652699457U, (uint64_t)171817232053075U, - (uint64_t)3296636283062273U, (uint64_t)3587303364425579U, (uint64_t)1033485783633331U, - (uint64_t)3686984130812906U, (uint64_t)268290803650477U, (uint64_t)2803988215834467U, - (uint64_t)3821246410529720U, (uint64_t)1077722388925870U, (uint64_t)4187137036866164U, - (uint64_t)104696540795905U, (uint64_t)998770003854764U, (uint64_t)3960768137535019U, - (uint64_t)4293792474919135U, (uint64_t)3251297981727034U, (uint64_t)192479028790101U, - (uint64_t)1175880869349935U, (uint64_t)3506949259311937U, (uint64_t)2161711516160714U, - (uint64_t)2506820922270187U, (uint64_t)131002200661047U, (uint64_t)3532399477339994U, - (uint64_t)2515815721228719U, (uint64_t)4274974119021502U, (uint64_t)265752394510924U, - (uint64_t)163144272153395U, (uint64_t)2824260010502991U, (uint64_t)517077012665142U, - (uint64_t)602987073882924U, (uint64_t)2939630061751780U, (uint64_t)59211609557440U, - (uint64_t)963423614549333U, (uint64_t)495476232754434U, (uint64_t)94274496109103U, - (uint64_t)2245136222990187U, (uint64_t)185414764872288U, (uint64_t)2266067668609289U, - (uint64_t)3873978896235927U, (uint64_t)4428283513152105U, (uint64_t)3881481480259312U, - (uint64_t)207746202010862U, (uint64_t)1609437858011364U, (uint64_t)477585758421515U, - (uint64_t)3850430788664649U, (uint64_t)2682299074459173U, (uint64_t)149439089751274U, - (uint64_t)3665760243877698U, (uint64_t)1356661512658931U, (uint64_t)1675903262368322U, - (uint64_t)3355649228050892U, (uint64_t)99772108898412U + 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, + 1277614565900951ULL, 378671684419493ULL, 3176260448102880ULL, 1575691435565077ULL, + 167304528382180ULL, 2600787765776588ULL, 7497946149293ULL, 2184272641272202ULL, + 2200235265236628ULL, 265969268774814ULL, 1913228635640715ULL, 2831959046949342ULL, + 888030405442963ULL, 1817092932985033ULL, 101515844997121ULL, 3309468394859588ULL, + 3965334773689948ULL, 1945272965790738ULL, 4450939211427964ULL, 211349698782702ULL, + 2085160302160079ULL, 212812506072603ULL, 3646122434511764ULL, 1711405092320514ULL, + 95160920508464ULL, 1677683368518073ULL, 4384656939250953ULL, 3548591046529893ULL, + 1683233536091384ULL, 105919586159941ULL, 1941416002726455ULL, 246264372248216ULL, + 3063044110922228ULL, 3772292170415825ULL, 222933374989815ULL, 2417211163452935ULL, + 2018230365573200ULL, 1985974538911047ULL, 1387197705332739ULL, 186400825584956ULL, + 2469330487750329ULL, 1291983813301638ULL, 333416733706302ULL, 3413315564261070ULL, + 189444777569683ULL, 1062005622360420ULL, 1800197715938740ULL, 3693110992551647ULL, + 626990328941945ULL, 40998857100520ULL, 3921983552805085ULL, 1016632437340656ULL, + 4016615929950878ULL, 2682554586771281ULL, 7043555162389ULL, 3333819830676567ULL, + 4120091964944036ULL, 1960788263484015ULL, 1642145656273304ULL, 252814075789128ULL, + 3085777342821357ULL, 4166637997604052ULL, 1339401689756469ULL, 845938529607551ULL, + 223351828189283ULL, 1148648705186890ULL, 1230525014760605ULL, 1869739475126720ULL, + 4193966261205530ULL, 175684010336013ULL, 4476719358931508ULL, 4209547487457638ULL, + 2197536411673724ULL, 3010838433412303ULL, 169318997251483ULL, 49493868302162ULL, + 3594601099078584ULL, 3662420905445942ULL, 3606544932233685ULL, 270643652662165ULL, + 180681786228544ULL, 2095882682308564ULL, 813484483841391ULL, 1622665392824698ULL, + 113821770225137ULL, 3075432444115417ULL, 716502989978722ULL, 2304779892217245ULL, + 1760144151770127ULL, 235719156963938ULL, 3180013070471143ULL, 1331027634540579ULL, + 552273022992392ULL, 2858693077461887ULL, 197914407731510ULL, 187252310910959ULL, + 4160637171377125ULL, 3225059526713298ULL, 2574558217383978ULL, 249695600622489ULL, + 364988742814327ULL, 4245298536326258ULL, 1812464706589342ULL, 2734857123772998ULL, + 120105577124628ULL, 160179251271109ULL, 3604555733307834ULL, 150380003195715ULL, + 1574304909935121ULL, 142190285600761ULL, 1835385847725651ULL, 3168087139615901ULL, + 3201434861713736ULL, 741757984537760ULL, 163585009419543ULL, 3837997981109783ULL, + 3771946407870997ULL, 2867641360295452ULL, 3097548691501578ULL, 124624912142104ULL, + 2729896088769328ULL, 1087786827035225ULL, 3934000813818614ULL, 1176792318645055ULL, + 125311882169270ULL, 3530709439299502ULL, 1561477829834527ULL, 3927894570196761ULL, + 3957765307669212ULL, 105720519513730ULL, 3758969845816997ULL, 2738320452287300ULL, + 2380753632109507ULL, 2762090901149075ULL, 123455059136515ULL, 4222807813169807ULL, + 118064783651432ULL, 2877694712254934ULL, 3535027426396448ULL, 100175663703417ULL, + 3287921121213155ULL, 4497246481824206ULL, 1960809949007025ULL, 3236854264159102ULL, + 35028112623717ULL, 338838627913273ULL, 2827531947914645ULL, 4231826783810670ULL, + 1082490106100389ULL, 13267544387448ULL, 4249975884259105ULL, 2844862161652484ULL, + 262742197948971ULL, 3525653802457116ULL, 269963889261701ULL, 3690062482117102ULL, + 675413453822147ULL, 2170937868437574ULL, 2367632187022010ULL, 214032802409445ULL, + 2054007379612477ULL, 3558050826739009ULL, 266827184752634ULL, 1946520293291195ULL, + 238087872386556ULL, 490056555385700ULL, 794405769357386ULL, 3886901294859702ULL, + 3120414548626348ULL, 84316625221136ULL, 223073962531835ULL, 4280846460577631ULL, + 344296282849308ULL, 3522116652699457ULL, 171817232053075ULL, 3296636283062273ULL, + 3587303364425579ULL, 1033485783633331ULL, 3686984130812906ULL, 268290803650477ULL, + 2803988215834467ULL, 3821246410529720ULL, 1077722388925870ULL, 4187137036866164ULL, + 104696540795905ULL, 998770003854764ULL, 3960768137535019ULL, 4293792474919135ULL, + 3251297981727034ULL, 192479028790101ULL, 1175880869349935ULL, 3506949259311937ULL, + 2161711516160714ULL, 2506820922270187ULL, 131002200661047ULL, 3532399477339994ULL, + 2515815721228719ULL, 4274974119021502ULL, 265752394510924ULL, 163144272153395ULL, + 2824260010502991ULL, 517077012665142ULL, 602987073882924ULL, 2939630061751780ULL, + 59211609557440ULL, 963423614549333ULL, 495476232754434ULL, 94274496109103ULL, + 2245136222990187ULL, 185414764872288ULL, 2266067668609289ULL, 3873978896235927ULL, + 4428283513152105ULL, 3881481480259312ULL, 207746202010862ULL, 1609437858011364ULL, + 477585758421515ULL, 3850430788664649ULL, 2682299074459173ULL, 149439089751274ULL, + 3665760243877698ULL, 1356661512658931ULL, 1675903262368322ULL, 3355649228050892ULL, + 99772108898412ULL }; static const uint64_t Hacl_K256_PrecompTable_precomp_g_pow2_192_table_w4[240U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)34056422761564U, - (uint64_t)3315864838337811U, (uint64_t)3797032336888745U, (uint64_t)2580641850480806U, - (uint64_t)208048944042500U, (uint64_t)1233795288689421U, (uint64_t)1048795233382631U, - (uint64_t)646545158071530U, (uint64_t)1816025742137285U, (uint64_t)12245672982162U, - (uint64_t)2119364213800870U, (uint64_t)2034960311715107U, (uint64_t)3172697815804487U, - (uint64_t)4185144850224160U, (uint64_t)2792055915674U, (uint64_t)795534452139321U, - (uint64_t)3647836177838185U, (uint64_t)2681403398797991U, (uint64_t)3149264270306207U, - (uint64_t)278704080615511U, (uint64_t)2752552368344718U, (uint64_t)1363840972378818U, - (uint64_t)1877521512083293U, (uint64_t)1862111388059470U, (uint64_t)36200324115014U, - (uint64_t)4183622899327217U, (uint64_t)747381675363076U, (uint64_t)2772916395314624U, - (uint64_t)833767013119965U, (uint64_t)246274452928088U, (uint64_t)1526238021297781U, - (uint64_t)3327534966022747U, (uint64_t)1169012581910517U, (uint64_t)4430894603030025U, - (uint64_t)149242742442115U, (uint64_t)1002569704307172U, (uint64_t)2763252093432365U, - (uint64_t)3037748497732938U, (uint64_t)2329811173939457U, (uint64_t)270769113180752U, - (uint64_t)4344092461623432U, (uint64_t)892200524589382U, (uint64_t)2511418516713970U, - (uint64_t)103575031265398U, (uint64_t)183736033430252U, (uint64_t)583003071257308U, - (uint64_t)3357167344738425U, (uint64_t)4038099763242651U, (uint64_t)1776250620957255U, - (uint64_t)51334115864192U, (uint64_t)2616405698969611U, (uint64_t)1196364755910565U, - (uint64_t)3135228056210500U, (uint64_t)533729417611761U, (uint64_t)86564351229326U, - (uint64_t)98936129527281U, (uint64_t)4425305036630677U, (uint64_t)2980296390253408U, - (uint64_t)2487091677325739U, (uint64_t)10501977234280U, (uint64_t)1805646499831077U, - (uint64_t)3120615962395477U, (uint64_t)3634629685307533U, (uint64_t)3009632755291436U, - (uint64_t)16794051906523U, (uint64_t)2465481597883214U, (uint64_t)211492787490403U, - (uint64_t)1120942867046103U, (uint64_t)486438308572108U, (uint64_t)76058986271771U, - (uint64_t)2435216584587357U, (uint64_t)3076359381968283U, (uint64_t)1071594491489655U, - (uint64_t)3148707450339154U, (uint64_t)249332205737851U, (uint64_t)4171051176626809U, - (uint64_t)3165176227956388U, (uint64_t)2400901591835233U, (uint64_t)1435783621333022U, - (uint64_t)20312753440321U, (uint64_t)1767293887448005U, (uint64_t)685150647587522U, - (uint64_t)2957187934449906U, (uint64_t)382661319140439U, (uint64_t)177583591139601U, - (uint64_t)2083572648630743U, (uint64_t)1083410277889419U, (uint64_t)4267902097868310U, - (uint64_t)679989918385081U, (uint64_t)123155311554032U, (uint64_t)2830267662472020U, - (uint64_t)4476040509735924U, (uint64_t)526697201585144U, (uint64_t)3465306430573135U, - (uint64_t)2296616218591U, (uint64_t)1270626872734279U, (uint64_t)1049740198790549U, - (uint64_t)4197567214843444U, (uint64_t)1962225231320591U, (uint64_t)186125026796856U, - (uint64_t)737027567341142U, (uint64_t)4364616098174U, (uint64_t)3618884818756660U, - (uint64_t)1236837563717668U, (uint64_t)162873772439548U, (uint64_t)3081542470065122U, - (uint64_t)910331750163991U, (uint64_t)2110498143869827U, (uint64_t)3208473121852657U, - (uint64_t)94687786224509U, (uint64_t)4113309027567819U, (uint64_t)4272179438357536U, - (uint64_t)1857418654076140U, (uint64_t)1672678841741004U, (uint64_t)94482160248411U, - (uint64_t)1928652436799020U, (uint64_t)1750866462381515U, (uint64_t)4048060485672270U, - (uint64_t)4006680581258587U, (uint64_t)14850434761312U, (uint64_t)2828734997081648U, - (uint64_t)1975589525873972U, (uint64_t)3724347738416009U, (uint64_t)597163266689736U, - (uint64_t)14568362978551U, (uint64_t)2203865455839744U, (uint64_t)2237034958890595U, - (uint64_t)1863572986731818U, (uint64_t)2329774560279041U, (uint64_t)245105447642201U, - (uint64_t)2179697447864822U, (uint64_t)1769609498189882U, (uint64_t)1916950746430931U, - (uint64_t)847019613787312U, (uint64_t)163210606565100U, (uint64_t)3658248417400062U, - (uint64_t)717138296045881U, (uint64_t)42531212306121U, (uint64_t)1040915917097532U, - (uint64_t)77364489101310U, (uint64_t)539253504015590U, (uint64_t)732690726289841U, - (uint64_t)3401622034697806U, (uint64_t)2864593278358513U, (uint64_t)142611941887017U, - (uint64_t)536364617506702U, (uint64_t)845071859974284U, (uint64_t)4461787417089721U, - (uint64_t)2633811871939723U, (uint64_t)113619731985610U, (uint64_t)2535870015489566U, - (uint64_t)2146224665077830U, (uint64_t)2593725534662047U, (uint64_t)1332349537449710U, - (uint64_t)153375287068096U, (uint64_t)3689977177165276U, (uint64_t)3631865615314120U, - (uint64_t)184644878348929U, (uint64_t)2220481726602813U, (uint64_t)204002551273091U, - (uint64_t)3022560051766785U, (uint64_t)3125940458001213U, (uint64_t)4258299086906325U, - (uint64_t)1072471915162030U, (uint64_t)2797562724530U, (uint64_t)3974298156223059U, - (uint64_t)1624778551002554U, (uint64_t)3490703864485971U, (uint64_t)2533877484212458U, - (uint64_t)176107782538555U, (uint64_t)4275987398312137U, (uint64_t)4397120757693722U, - (uint64_t)3001292763847390U, (uint64_t)1556490837621310U, (uint64_t)70442953037671U, - (uint64_t)1558915972545974U, (uint64_t)744724505252845U, (uint64_t)2697230204313363U, - (uint64_t)3495671924212144U, (uint64_t)95744296878924U, (uint64_t)1508848630912047U, - (uint64_t)4163599342850968U, (uint64_t)1234988733935901U, (uint64_t)3789722472212706U, - (uint64_t)219522007052022U, (uint64_t)2106597506701262U, (uint64_t)3231115099832239U, - (uint64_t)1296436890593905U, (uint64_t)1016795619587656U, (uint64_t)231150565033388U, - (uint64_t)4205501688458754U, (uint64_t)2271569140386062U, (uint64_t)3421769599058157U, - (uint64_t)4118408853784554U, (uint64_t)276709341465173U, (uint64_t)2681340614854362U, - (uint64_t)2514413365628788U, (uint64_t)62294545067341U, (uint64_t)277610220069365U, - (uint64_t)252463150123799U, (uint64_t)2547353593759399U, (uint64_t)1857438147448607U, - (uint64_t)2964811969681256U, (uint64_t)3303706463835387U, (uint64_t)248936570980853U, - (uint64_t)3208982702478009U, (uint64_t)2518671051730787U, (uint64_t)727433853033835U, - (uint64_t)1290389308223446U, (uint64_t)220742793981035U, (uint64_t)3851225361654709U, - (uint64_t)2307489307934273U, (uint64_t)1151710489948266U, (uint64_t)289775285210516U, - (uint64_t)222685002397295U, (uint64_t)1222117478082108U, (uint64_t)2822029169395728U, - (uint64_t)1172146252219882U, (uint64_t)2626108105510259U, (uint64_t)209803527887167U, - (uint64_t)2718831919953281U, (uint64_t)4348638387588593U, (uint64_t)3761438313263183U, - (uint64_t)13169515318095U, (uint64_t}; static const uint64_t Hacl_K256_PrecompTable_precomp_basepoint_table_w5[480U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)705178180786072U, - (uint64_t)3855836460717471U, (uint64_t)4089131105950716U, (uint64_t)3301581525494108U, - (uint64_t)133858670344668U, (uint64_t)2199641648059576U, (uint64_t)1278080618437060U, - (uint64_t)3959378566518708U, (uint64_t)3455034269351872U, (uint64_t)79417610544803U, - (uint64_t)1U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, - (uint64_t)1282049064345544U, (uint64_t)971732600440099U, (uint64_t)1014594595727339U, - (uint64_t)4392159187541980U, (uint64_t)268327875692285U, (uint64_t)2411661712280539U, - (uint64_t)1092576199280126U, (uint64_t)4328619610718051U, (uint64_t)3535440816471627U, - (uint64_t)95182251488556U, (uint64_t)1893725512243753U, (uint64_t)3619861457111820U, - (uint64_t)879374960417905U, (uint64_t)2868056058129113U, (uint64_t)273195291893682U, - (uint64_t)2044797305960112U, (uint64_t)2357106853933780U, (uint64_t)3563112438336058U, - (uint64_t)2430811541762558U, (uint64_t)106443809495428U, (uint64_t)2231357633909668U, - (uint64_t)3641705835951936U, (uint64_t)80642569314189U, (uint64_t)2254841882373268U, - (uint64_t)149848031966573U, (uint64_t)2304615661367764U, (uint64_t)2410957403736446U, - (uint64_t)2712754805859804U, (uint64_t)2440183877540536U, (uint64_t)99784623895865U, - (uint64_t)3667773127482758U, (uint64_t)1354899394473308U, (uint64_t)3636602998800808U, - (uint64_t)2709296679846364U, (uint64_t)7253362091963U, (uint64_t)3585950735562744U, - (uint64_t)935775991758415U, (uint64_t)4108078106735201U, (uint64_t)556081800336307U, - (uint64_t)229585977163057U, (uint64_t)4055594186679801U, (uint64_t)1767681004944933U, - (uint64_t)1432634922083242U, (uint64_t)534935602949197U, (uint64_t)251753159522567U, - (uint64_t)2846474078499321U, (uint64_t)4488649590348702U, (uint64_t)2437476916025038U, - (uint64_t)3040577412822874U, (uint64_t)79405234918614U, (uint64_t)3030621226551508U, - (uint64_t)2801117003929806U, (uint64_t)1642927515498422U, (uint64_t)2802725079726297U, - (uint64_t)8472780626107U, (uint64_t)866068070352655U, (uint64_t)188080768545106U, - (uint64_t)2152119998903058U, (uint64_t)3391239985029665U, (uint64_t)23820026013564U, - (uint64_t)2965064154891949U, (uint64_t)1846516097921398U, (uint64_t)4418379948133146U, - (uint64_t)3137755426942400U, (uint64_t)47705291301781U, (uint64_t)4278533051105665U, - (uint64_t)3453643211214931U, (uint64_t)3379734319145156U, (uint64_t)3762442192097039U, - (uint64_t)40243003528694U, (uint64_t)4063448994211201U, (uint64_t)5697015368785U, - (uint64_t)1006545411838613U, (uint64_t)4242291693755210U, (uint64_t)135184629190512U, - (uint64_t)264898689131035U, (uint64_t)611796474823597U, (uint64_t)3255382250029089U, - (uint64_t)3490429246984696U, (uint64_t)236558595864362U, (uint64_t)2055934691551704U, - (uint64_t)1487711670114502U, (uint64_t)1823930698221632U, (uint64_t)2130937287438472U, - (uint64_t)154610053389779U, (uint64_t)2746573287023216U, (uint64_t)2430987262221221U, - (uint64_t)1668741642878689U, (uint64_t)904982541243977U, (uint64_t)56087343124948U, - (uint64_t)393905062353536U, (uint64_t)412681877350188U, (uint64_t)3153602040979977U, - (uint64_t)4466820876224989U, (uint64_t)146579165617857U, (uint64_t)2628741216508991U, - (uint64_t)747994231529806U, (uint64_t)750506569317681U, (uint64_t)1887492790748779U, - (uint64_t)35259008682771U, (uint64_t)2085116434894208U, (uint64_t)543291398921711U, - (uint64_t)1144362007901552U, (uint64_t)679305136036846U, (uint64_t)141090902244489U, - (uint64_t)632480954474859U, (uint64_t)2384513102652591U, (uint64_t)2225529790159790U, - (uint64_t)692258664851625U, (uint64_t)198681843567699U, (uint64_t)2397092587228181U, - (uint64_t)145862822166614U, (uint64_t)196976540479452U, (uint64_t)3321831130141455U, - (uint64_t)69266673089832U, (uint64_t)4469644227342284U, (uint64_t)3899271145504796U, - (uint64_t)1261890974076660U, (uint64_t)525357673886694U, (uint64_t)182135997828583U, - (uint64_t)4292760618810332U, (uint64_t)3404186545541683U, (uint64_t)312297386688768U, - (uint64_t)204377466824608U, (uint64_t)230900767857952U, (uint64_t)3871485172339693U, - (uint64_t)779449329662955U, (uint64_t)978655822464694U, (uint64_t)2278252139594027U, - (uint64_t)104641527040382U, (uint64_t)3528840153625765U, (uint64_t)4484699080275273U, - (uint64_t)1463971951102316U, (uint64_t)4013910812844749U, (uint64_t)228915589433620U, - (uint64_t)1209641433482461U, (uint64_t)4043178788774759U, (uint64_t)3008668238856634U, - (uint64_t)1448425089071412U, (uint64_t)26269719725037U, (uint64_t)3330785027545223U, - (uint64_t)852657975349259U, (uint64_t)227245054466105U, (uint64_t)1534632353984777U, - (uint64_t)207715098574660U, (uint64_t)3209837527352280U, (uint64_t)4051688046309066U, - (uint64_t)3839009590725955U, (uint64_t)1321506437398842U, (uint64_t)68340219159928U, - (uint64_t)1806950276956275U, (uint64_t)3923908055275295U, (uint64_t)743963253393575U, - (uint64_t)42162407478783U, (uint64_t)261334584474610U, (uint64_t)3728224928885214U, - (uint64_t)4004701081842869U, (uint64_t)709043201644674U, (uint64_t)4267294249150171U, - (uint64_t)255540582975025U, (uint64_t)875490593722211U, (uint64_t)796393708218375U, - (uint64_t)14774425627956U, (uint64_t)1500040516752097U, (uint64_t)141076627721678U, - (uint64_t)2634539368480628U, (uint64_t)1106488853550103U, (uint64_t)2346231921151930U, - (uint64_t)897108283954283U, (uint64_t)64616679559843U, (uint64_t)400244949840943U, - (uint64_t)1731263826831733U, (uint64_t)1649996579904651U, (uint64_t)3643693449640761U, - (uint64_t)172543068638991U, (uint64_t)329537981097182U, (uint64_t)2029799860802869U, - (uint64_t)4377737515208862U, (uint64_t)29103311051334U, (uint64_t)265583594111499U, - (uint64_t)3798074876561255U, (uint64_t)184749333259352U, (uint64_t)3117395073661801U, - (uint64_t)3695784565008833U, (uint64_t)64282709896721U, (uint64_t)1618968913246422U, - (uint64_t)3185235128095257U, (uint64_t)3288745068118692U, (uint64_t)1963818603508782U, - (uint64_t)281054350739495U, (uint64_t)1658639050810346U, (uint64_t)3061097601679552U, - (uint64_t)3023781433263746U, (uint64_t)2770283391242475U, (uint64_t)144508864751908U, - (uint64_t)173576288079856U, (uint64_t)46114579547054U, (uint64_t)1679480127300211U, - (uint64_t)1683062051644007U, (uint64_t)117183826129323U, (uint64_t)1894068608117440U, - (uint64_t)3846899838975733U, (uint64_t)4289279019496192U, (uint64_t)176995887914031U, - (uint64_t)78074942938713U, (uint64_t)454207263265292U, (uint64_t)972683614054061U, - (uint64_t)808474205144361U, (uint64_t)942703935951735U, (uint64_t)134460241077887U, - (uint64_t)2104196179349630U, (uint64_t)501632371208418U, (uint64_t)1666838991431177U, - (uint64_t)445606193139838U, (uint64_t)73704603396096U, (uint64_t)3140284774064777U, - (uint64_t)1356066420820179U, (uint64_t)227054159419281U, (uint64_t)1847611229198687U, - (uint64_t)82327838827660U, (uint64_t)3704027573265803U, (uint64_t)1585260489220244U, - (uint64_t)4404647914931933U, (uint64_t)2424649827425515U, (uint64_t)206821944206116U, - (uint64_t)1508635776287972U, (uint64_t)1933584575629676U, (uint64_t)1903635423783032U, - (uint64_t)4193642165165650U, (uint64_t)234321074690644U, (uint64_t)210406774251925U, - (uint64_t)1965845668185599U, (uint64_t)3059839433804731U, (uint64_t)1933300510683631U, - (uint64_t)150696600689211U, (uint64_t)4069293682158567U, (uint64_t)4346344602660044U, - (uint64_t)312200249664561U, (uint64_t)2495020807621840U, (uint64_t)1912707714385U, - (uint64_t)299345978159762U, (uint64_t)1164752722686920U, (uint64_t)225322433710338U, - (uint64_t)3128747381283759U, (uint64_t)275659067815583U, (uint64_t)1489671057429039U, - (uint64_t)1567693343342676U, (uint64_t)921672046098071U, (uint64_t)3707418899384085U, - (uint64_t)54646424931593U, (uint64_t)4026733380127147U, (uint64_t)2933435393699231U, - (uint64_t)3356593659521967U, (uint64_t)3637750749325529U, (uint64_t)232939412379045U, - (uint64_t)2298399636043069U, (uint64_t)270361546063041U, (uint64_t)2523933572551420U, - (uint64_t)3456896091572950U, (uint64_t)185447004732850U, (uint64_t)429322937697821U, - (uint64_t)2579704215668222U, (uint64_t)695065378803349U, (uint64_t)3987916247731243U, - (uint64_t)255159546348233U, (uint64_t)3057777929921282U, (uint64_t)1608970699916312U, - (uint64_t)1902369623063807U, (uint64_t)1413619643652777U, (uint64_t)94983996321227U, - (uint64_t)2832873179548050U, (uint64_t)4335430233622555U, (uint64_t)1559023976028843U, - (uint64_t)3297181988648895U, (uint64_t)100072021232323U, (uint64_t)2124984034109675U, - (uint64_t)4501252835618918U, (uint64_t)2053336899483297U, (uint64_t)638807226463876U, - (uint64_t)278445213600634U, (uint64_t)2311236445660555U, (uint64_t)303317664040012U, - (uint64_t)2659353858089024U, (uint64_t)3598827423980130U, (uint64_t)176059343827873U, - (uint64_t)3891639526275437U, (uint64_t)252823982819463U, (uint64_t)3404823300622345U, - (uint64_t)2758370772497456U, (uint64_t)91397496598783U, (uint64_t)2248661144141892U, - (uint64_t)491087075271969U, (uint64_t)1786344894571315U, (uint64_t)452497694885923U, - (uint64_t)34039628873357U, (uint64_t)2116503165025197U, (uint64_t)4436733709429923U, - (uint64_t)3045800776819238U, (uint64_t)1385518906078375U, (uint64_t)110495603336764U, - (uint64_t)4051447296249587U, (uint64_t)1103557421498625U, (uint64_t)1840785058439622U, - (uint64_t)425322753992314U, (uint64_t)98330046771676U, (uint64_t)365407468686431U, - (uint64_t)2611246859977123U, (uint64_t)3050253933135339U, (uint64_t)1006482220896688U, - (uint64_t)166818196428389U, (uint64_t)3415236093104372U, (uint64_t)1762308883882288U, - (uint64_t)1327828123094558U, (uint64_t)3403946425556706U, (uint64_t)96503464455441U, - (uint64_t)3893015304031471U, (uint64_t)3740839477490397U, (uint64_t)2411470812852231U, - (uint64_t)940927462436211U, (uint64_t)163825285911099U, (uint64_t)1622441495640386U, - (uint64_t)850224095680266U, (uint64_t)76199085900939U, (uint64_t)1941852365144042U, - (uint64_t)140326673652807U, (uint64_t)3161611011249524U, (uint64_t)317297150009965U, - (uint64_t)2145053259340619U, (uint64_t)2180498176457552U, (uint64_t)38457740506224U, - (uint64_t)394174899129468U, (uint64_t)2687474560485245U, (uint64_t)1542175980184516U, - (uint64_t)1628502671124819U, (uint64_t)48477401124385U, (uint64_t)4474181600025082U, - (uint64_t)2142747956365708U, (uint64_t)1638299432475478U, (uint64_t)2005869320353249U, - (uint64_t)112292630760956U, (uint64_t)1887521965171588U, (uint64_t)457587531429696U, - (uint64_t)840994209504042U, (uint64_t)4268060856325798U, (uint64_t)195597993440388U, - (uint64_t)4148484749020338U, (uint64_t)2074885000909672U, (uint64_t)2309839019263165U, - (uint64_t)2087616209681024U, (uint64_t)257214370719966U, (uint64_t)2331363508376581U, - (uint64_t)1233124357504711U, (uint64_t)2849542202650296U, (uint64_t)3790982825325736U, - (uint64_t)13381453503890U, (uint64_t)1665246594531069U, (uint64_t)4165624287443904U, - (uint64_t)3418759698027493U, (uint64_t)2118493255117399U, (uint64_t)136249206366067U, - (uint64_t)4064050233283309U, (uint64_t)1368779887911300U, (uint64_t)4370550759530269U, - (uint64_t)66992990631341U, (uint64_t)84442368922270U, (uint64_t)2139322635321394U, - (uint64_t)2076163483726795U, (uint64_t)657097866349103U, (uint64_t)2095579409488071U, - (uint64_t)226525774791341U, (uint64_t)4445744257665359U, (uint64_t)2035752839278107U, - (uint64_t)1998242662838304U, (uint64_t)1601548415521694U, (uint64_t)151297684296198U, - (uint64_t)1350963039017303U, (uint64_t)2624916349548281U, (uint64_t)2018863259670197U, - (uint64_t)2717274357461290U, (uint64_t)94024796961533U, (uint64_t)711335520409111U, - (uint64_t)4322093765820263U, (uint64_t)2041650358174649U, (uint64_t)3439791603157577U, - (uint64_t)179292018616267U, (uint64_t)2436436921286669U, (uint64_t)3905268797208340U, - (uint64_t)2829194895162985U, (uint64_t)1355175382191543U, (uint64_t)55128779761539U, - (uint64_t)2648428998786922U, (uint64_t)869805912573515U, (uint64_t)3706708942847864U, - (uint64_t)2785288916584667U, (uint64_t)37156862850147U, (uint64_t)1422245336293228U, - (uint64_t)4497066058933021U, (uint64_t)85588912978349U, (uint64_t)2616252221194611U, - (uint64_t)53506393720989U, (uint64_t)3727539190732644U, (uint64_t)872132446545237U, - (uint64_t)933583590986077U, (uint64_t)3794591170581203U, (uint64_t)167875550514069U, - (uint64_t)2267466834993297U, (uint64_t)3072652681756816U, (uint64_t)2108499037430803U, - (uint64_t)1606735192928366U, (uint64_t)72339568815255U, (uint64_t)3258484260684219U, - (uint64_t)3277927277719855U, (uint64_t)2459560373011535U, (uint64_t)1672794293294033U, - (uint64_t)227460934880669U, (uint64_t)3702454405413705U, (uint64_t)106168148441676U, - (uint64_t)1356617643071159U, (uint64_t)3280896569942762U, (uint64_t)142618711614302U, - (uint64_t)4291782740862057U, (uint64_t)4141020884874235U, (uint64_t)3720787221267125U, - (uint64_t)552884940089351U, (uint64_t)174626154407180U, (uint64_t)972071013326540U, - (uint64_t)4458530419931903U, (uint64_t)4435168973822858U, (uint64_t)1902967548748411U, - (uint64_t)53007977605840U, (uint64_t)2453997334323925U, (uint64_t)3653077937283262U, - (uint64_t)850660265046356U, (uint64_t)312721924805450U, (uint64_t)268503679240683U, - (uint64_t)256960167714122U, (uint64_t)1474492507858350U, (uint64_t)2456345526438488U, - (uint64_t)3686029507160255U, (uint64_t)279158933010398U, (uint64_t)3646946293948063U, - (uint64_t)704477527214036U, (uint64_t)3387744169891031U, (uint64_t)3772622670980241U, - (uint64_t)136368897543304U, (uint64_t)3744894052577607U, (uint64_t)1976007214443430U, - (uint64_t)2090045379763451U, (uint64_t)968565474458988U, (uint64_t}; #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_Krmllib.h b/include/msvc/internal/Hacl_Krmllib.h index 278cb15b..70c84916 100644 --- a/include/msvc/internal/Hacl_Krmllib.h +++ b/include/msvc/internal/Hacl_Krmllib.h @@ -37,13 +37,13 @@ extern "C" { #include "../Hacl_Krmllib.h" -static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b); +static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b); -static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b); +static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b); -static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b); +static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b); -static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b); +static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b); static inline FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); diff --git a/include/Lib_Memzero0.h b/include/msvc/internal/Hacl_MAC_Poly1305.h similarity index 82% rename from include/Lib_Memzero0.h rename to include/msvc/internal/Hacl_MAC_Poly1305.h index 9a7c7ac5..29e1734a 100644 --- a/include/Lib_Memzero0.h +++ b/include/msvc/internal/Hacl_MAC_Poly1305.h @@ -23,8 +23,8 @@ */ -#ifndef __Lib_Memzero0_H -#define __Lib_Memzero0_H +#ifndef __internal_Hacl_MAC_Poly1305_H +#define __internal_Hacl_MAC_Poly1305_H #if defined(__cplusplus) extern "C" { @@ -35,11 +35,15 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -extern void Lib_Memzero0_memzero(void *x0, uint64_t x1); +#include "../Hacl_MAC_Poly1305.h" + +void Hacl_MAC_Poly1305_poly1305_init(uint64_t *ctx, uint8_t *key); + +void Hacl_MAC_Poly1305_poly1305_finish(uint8_t *tag, uint8_t *key, uint64_t *ctx); #if defined(__cplusplus) } #endif -#define __Lib_Memzero0_H_DEFINED +#define __internal_Hacl_MAC_Poly1305_H_DEFINED #endif diff --git a/include/msvc/internal/Hacl_Poly1305_128.h b/include/msvc/internal/Hacl_MAC_Poly1305_Simd128.h similarity index 73% rename from include/msvc/internal/Hacl_Poly1305_128.h rename to include/msvc/internal/Hacl_MAC_Poly1305_Simd128.h index b9964714..fe120e43 100644 --- a/include/msvc/internal/Hacl_Poly1305_128.h +++ b/include/msvc/internal/Hacl_MAC_Poly1305_Simd128.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_Poly1305_128_H -#define __internal_Hacl_Poly1305_128_H +#ifndef __internal_Hacl_MAC_Poly1305_Simd128_H +#define __internal_Hacl_MAC_Poly1305_Simd128_H #if defined(__cplusplus) extern "C" { @@ -35,21 +35,30 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "../Hacl_Poly1305_128.h" +#include "../Hacl_MAC_Poly1305_Simd128.h" #include "libintvector.h" -void -Hacl_Impl_Poly1305_Field32xN_128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b); +void Hacl_MAC_Poly1305_Simd128_load_acc2(Lib_IntVector_Intrinsics_vec128 *acc, uint8_t *b); void -Hacl_Impl_Poly1305_Field32xN_128_fmul_r2_normalize( +Hacl_MAC_Poly1305_Simd128_fmul_r2_normalize( Lib_IntVector_Intrinsics_vec128 *out, Lib_IntVector_Intrinsics_vec128 *p ); +void +Hacl_MAC_Poly1305_Simd128_poly1305_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key); + +void +Hacl_MAC_Poly1305_Simd128_poly1305_finish( + uint8_t *tag, + uint8_t *key, + Lib_IntVector_Intrinsics_vec128 *ctx +); + #if defined(__cplusplus) } #endif -#define __internal_Hacl_Poly1305_128_H_DEFINED +#define __internal_Hacl_MAC_Poly1305_Simd128_H_DEFINED #endif diff --git a/include/internal/Hacl_Poly1305_256.h b/include/msvc/internal/Hacl_MAC_Poly1305_Simd256.h similarity index 73% rename from include/internal/Hacl_Poly1305_256.h rename to include/msvc/internal/Hacl_MAC_Poly1305_Simd256.h index 21d78b16..7bf106c1 100644 --- a/include/internal/Hacl_Poly1305_256.h +++ b/include/msvc/internal/Hacl_MAC_Poly1305_Simd256.h @@ -23,8 +23,8 @@ */ -#ifndef __internal_Hacl_Poly1305_256_H -#define __internal_Hacl_Poly1305_256_H +#ifndef __internal_Hacl_MAC_Poly1305_Simd256_H +#define __internal_Hacl_MAC_Poly1305_Simd256_H #if defined(__cplusplus) extern "C" { @@ -35,21 +35,30 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -#include "../Hacl_Poly1305_256.h" +#include "../Hacl_MAC_Poly1305_Simd256.h" #include "libintvector.h" -void -Hacl_Impl_Poly1305_Field32xN_256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b); +void Hacl_MAC_Poly1305_Simd256_load_acc4(Lib_IntVector_Intrinsics_vec256 *acc, uint8_t *b); void -Hacl_Impl_Poly1305_Field32xN_256_fmul_r4_normalize( +Hacl_MAC_Poly1305_Simd256_fmul_r4_normalize( Lib_IntVector_Intrinsics_vec256 *out, Lib_IntVector_Intrinsics_vec256 *p ); +void +Hacl_MAC_Poly1305_Simd256_poly1305_init(Lib_IntVector_Intrinsics_vec256 *ctx, uint8_t *key); + +void +Hacl_MAC_Poly1305_Simd256_poly1305_finish( + uint8_t *tag, + uint8_t *key, + Lib_IntVector_Intrinsics_vec256 *ctx +); + #if defined(__cplusplus) } #endif -#define __internal_Hacl_Poly1305_256_H_DEFINED +#define __internal_Hacl_MAC_Poly1305_Simd256_H_DEFINED #endif diff --git a/include/msvc/internal/Hacl_P256_PrecompTable.h b/include/msvc/internal/Hacl_P256_PrecompTable.h index f185c2be..c852ef8c 100644 --- a/include/msvc/internal/Hacl_P256_PrecompTable.h +++ b/include/msvc/internal/Hacl_P256_PrecompTable.h @@ -39,476 +39,360 @@ static const uint64_t Hacl_P256_PrecompTable_precomp_basepoint_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U, - (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U, - (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U, - (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U, - (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U, - (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U, - (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U, - (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U, - (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U, - (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U, - (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U, - (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U, - (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U, - (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U, - (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U, - (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U, - (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U, - (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U, - (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U, - (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U, - (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U, - (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U, - (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U, - (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U, - (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U, - (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U, - (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U, - (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U, - (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U, - (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U, - (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U, - (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U, - (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U, - (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U, - (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U, - (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U, - (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U, - (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U, - (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U, - (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U, - (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U, - (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U, - (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U, - (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U, - (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U, - (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U, - (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U, - (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U, - (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U, - (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U, - (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U, - (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U, - (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U, - (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U, - (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U, - (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U, - (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U, - (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U, - (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U, - (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U, - (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U, - (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U, - (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U, - (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U, - (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U, - (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U, - (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U, - (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL, + 1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL, + 15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL, + 18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL, + 10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL, + 14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL, + 1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL, + 14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL, + 5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL, + 7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL, + 18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL, + 3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL, + 16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL, + 8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL, + 18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL, + 5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL, + 15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL, + 10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL, + 14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL, + 8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL, + 2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL, + 7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL, + 15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL, + 17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL, + 10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL, + 13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL, + 11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL, + 9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL, + 2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL, + 6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL, + 10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL, + 511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL, + 15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL, + 9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL, + 10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL, + 2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL, + 17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL, + 12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL, + 13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL, + 14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL, + 13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL, + 1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL, + 14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL, + 17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL, + 7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL, + 9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL, + 17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL, + 8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL, + 15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL, + 8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL, + 11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL, + 1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL, + 3538840175098724094ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1499621593102562565U, - (uint64_t)16692369783039433128U, (uint64_t)15337520135922861848U, - (uint64_t)5455737214495366228U, (uint64_t)17827017231032529600U, - (uint64_t)12413621606240782649U, (uint64_t)2290483008028286132U, - (uint64_t)15752017553340844820U, (uint64_t)4846430910634234874U, - (uint64_t)10861682798464583253U, (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U, - (uint64_t)9866710912401645115U, (uint64_t)1162548847543228595U, (uint64_t)7649967190445130486U, - (uint64_t)5212340432230915749U, (uint64_t)7572620550182916491U, (uint64_t)14876145112448665096U, - (uint64_t)2063227348838176167U, (uint64_t)3519435548295415847U, (uint64_t)8390400282019023103U, - (uint64_t)17666843593163037841U, (uint64_t)9450204148816496323U, (uint64_t)8483374507652916768U, - (uint64_t)6254661047265818424U, (uint64_t)16382127809582285023U, (uint64_t)125359443771153172U, - (uint64_t)1374336701588437897U, (uint64_t)11362596098420127726U, (uint64_t)2101654420738681387U, - (uint64_t)12772780342444840510U, (uint64_t)12546934328908550060U, - (uint64_t)8331880412333790397U, (uint64_t)11687262051473819904U, (uint64_t)8926848496503457587U, - (uint64_t)9603974142010467857U, (uint64_t)13199952163826973175U, (uint64_t)2189856264898797734U, - (uint64_t)11356074861870267226U, (uint64_t)2027714896422561895U, (uint64_t)5261606367808050149U, - (uint64_t)153855954337762312U, (uint64_t)6375919692894573986U, (uint64_t)12364041207536146533U, - (uint64_t)1891896010455057160U, (uint64_t)1568123795087313171U, (uint64_t)18138710056556660101U, - (uint64_t)6004886947510047736U, (uint64_t)4811859325589542932U, (uint64_t)3618763430148954981U, - (uint64_t)11434521746258554122U, (uint64_t)10086341535864049427U, - (uint64_t)8073421629570399570U, (uint64_t)12680586148814729338U, (uint64_t)9619958020761569612U, - (uint64_t)15827203580658384478U, (uint64_t)12832694810937550406U, - (uint64_t)14977975484447400910U, (uint64_t)5478002389061063653U, - (uint64_t)14731136312639060880U, (uint64_t)4317867687275472033U, (uint64_t)6642650962855259884U, - (uint64_t)2514254944289495285U, (uint64_t)14231405641534478436U, (uint64_t)4045448346091518946U, - (uint64_t)8985477013445972471U, (uint64_t)8869039454457032149U, (uint64_t)4356978486208692970U, - (uint64_t)10805288613335538577U, (uint64_t)12832353127812502042U, - (uint64_t)4576590051676547490U, (uint64_t)6728053735138655107U, (uint64_t)17814206719173206184U, - (uint64_t)79790138573994940U, (uint64_t)17920293215101822267U, (uint64_t)13422026625585728864U, - (uint64_t)5018058010492547271U, (uint64_t)110232326023384102U, (uint64_t)10834264070056942976U, - (uint64_t)15222249086119088588U, (uint64_t)15119439519142044997U, - (uint64_t)11655511970063167313U, (uint64_t)1614477029450566107U, (uint64_t)3619322817271059794U, - (uint64_t)9352862040415412867U, (uint64_t)14017522553242747074U, - (uint64_t)13138513643674040327U, (uint64_t)3610195242889455765U, (uint64_t)8371069193996567291U, - (uint64_t)12670227996544662654U, (uint64_t)1205961025092146303U, - (uint64_t)13106709934003962112U, (uint64_t)4350113471327723407U, - (uint64_t)15060941403739680459U, (uint64_t)13639127647823205030U, - (uint64_t)10790943339357725715U, (uint64_t)498760574280648264U, (uint64_t)17922071907832082887U, - (uint64_t)15122670976670152145U, (uint64_t)6275027991110214322U, (uint64_t)7250912847491816402U, - (uint64_t)15206617260142982380U, (uint64_t)3385668313694152877U, - (uint64_t)17522479771766801905U, (uint64_t)2965919117476170655U, (uint64_t)1553238516603269404U, - (uint64_t)5820770015631050991U, (uint64_t)4999445222232605348U, (uint64_t)9245650860833717444U, - (uint64_t)1508811811724230728U, (uint64_t)5190684913765614385U, (uint64_t)15692927070934536166U, - (uint64_t)12981978499190500902U, (uint64_t)5143491963193394698U, (uint64_t)7705698092144084129U, - (uint64_t)581120653055084783U, (uint64_t)13886552864486459714U, (uint64_t)6290301270652587255U, - (uint64_t)8663431529954393128U, (uint64_t)17033405846475472443U, (uint64_t)5206780355442651635U, - (uint64_t)12580364474736467688U, (uint64_t)17934601912005283310U, - (uint64_t)15119491731028933652U, (uint64_t)17848231399859044858U, - (uint64_t)4427673319524919329U, (uint64_t)2673607337074368008U, (uint64_t)14034876464294699949U, - (uint64_t)10938948975420813697U, (uint64_t)15202340615298669183U, - (uint64_t)5496603454069431071U, (uint64_t)2486526142064906845U, (uint64_t)4507882119510526802U, - (uint64_t)13888151172411390059U, (uint64_t)15049027856908071726U, - (uint64_t)9667231543181973158U, (uint64_t)6406671575277563202U, (uint64_t)3395801050331215139U, - (uint64_t)9813607433539108308U, (uint64_t)2681417728820980381U, (uint64_t)18407064643927113994U, - (uint64_t)7707177692113485527U, (uint64_t)14218149384635317074U, (uint64_t)3658668346206375919U, - (uint64_t)15404713991002362166U, (uint64_t)10152074687696195207U, - (uint64_t)10926946599582128139U, (uint64_t)16907298600007085320U, - (uint64_t)16544287219664720279U, (uint64_t)11007075933432813205U, - (uint64_t)8652245965145713599U, (uint64_t)7857626748965990384U, (uint64_t)5602306604520095870U, - (uint64_t)2525139243938658618U, (uint64_t)14405696176872077447U, - (uint64_t)18432270482137885332U, (uint64_t)9913880809120071177U, - (uint64_t)16896141737831216972U, (uint64_t)7484791498211214829U, - (uint64_t)15635259968266497469U, (uint64_t)8495118537612215624U, (uint64_t)4915477980562575356U, - (uint64_t)16453519279754924350U, (uint64_t)14462108244565406969U, - (uint64_t)14837837755237096687U, (uint64_t)14130171078892575346U, - (uint64_t)15423793222528491497U, (uint64_t)5460399262075036084U, - (uint64_t)16085440580308415349U, (uint64_t)26873200736954488U, (uint64_t)5603655807457499550U, - (uint64_t)3342202915871129617U, (uint64_t)1604413932150236626U, (uint64_t)9684226585089458974U, - (uint64_t)1213229904006618539U, (uint64_t)6782978662408837236U, (uint64_t)11197029877749307372U, - (uint64_t)14085968786551657744U, (uint64_t)17352273610494009342U, - (uint64_t)7876582961192434984U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 1499621593102562565ULL, 16692369783039433128ULL, + 15337520135922861848ULL, 5455737214495366228ULL, 17827017231032529600ULL, + 12413621606240782649ULL, 2290483008028286132ULL, 15752017553340844820ULL, + 4846430910634234874ULL, 10861682798464583253ULL, 15404737222404363049ULL, 363586619281562022ULL, + 9866710912401645115ULL, 1162548847543228595ULL, 7649967190445130486ULL, 5212340432230915749ULL, + 7572620550182916491ULL, 14876145112448665096ULL, 2063227348838176167ULL, 3519435548295415847ULL, + 8390400282019023103ULL, 17666843593163037841ULL, 9450204148816496323ULL, 8483374507652916768ULL, + 6254661047265818424ULL, 16382127809582285023ULL, 125359443771153172ULL, 1374336701588437897ULL, + 11362596098420127726ULL, 2101654420738681387ULL, 12772780342444840510ULL, + 12546934328908550060ULL, 8331880412333790397ULL, 11687262051473819904ULL, + 8926848496503457587ULL, 9603974142010467857ULL, 13199952163826973175ULL, 2189856264898797734ULL, + 11356074861870267226ULL, 2027714896422561895ULL, 5261606367808050149ULL, 153855954337762312ULL, + 6375919692894573986ULL, 12364041207536146533ULL, 1891896010455057160ULL, 1568123795087313171ULL, + 18138710056556660101ULL, 6004886947510047736ULL, 4811859325589542932ULL, 3618763430148954981ULL, + 11434521746258554122ULL, 10086341535864049427ULL, 8073421629570399570ULL, + 12680586148814729338ULL, 9619958020761569612ULL, 15827203580658384478ULL, + 12832694810937550406ULL, 14977975484447400910ULL, 5478002389061063653ULL, + 14731136312639060880ULL, 4317867687275472033ULL, 6642650962855259884ULL, 2514254944289495285ULL, + 14231405641534478436ULL, 4045448346091518946ULL, 8985477013445972471ULL, 8869039454457032149ULL, + 4356978486208692970ULL, 10805288613335538577ULL, 12832353127812502042ULL, + 4576590051676547490ULL, 6728053735138655107ULL, 17814206719173206184ULL, 79790138573994940ULL, + 17920293215101822267ULL, 13422026625585728864ULL, 5018058010492547271ULL, 110232326023384102ULL, + 10834264070056942976ULL, 15222249086119088588ULL, 15119439519142044997ULL, + 11655511970063167313ULL, 1614477029450566107ULL, 3619322817271059794ULL, 9352862040415412867ULL, + 14017522553242747074ULL, 13138513643674040327ULL, 3610195242889455765ULL, + 8371069193996567291ULL, 12670227996544662654ULL, 1205961025092146303ULL, + 13106709934003962112ULL, 4350113471327723407ULL, 15060941403739680459ULL, + 13639127647823205030ULL, 10790943339357725715ULL, 498760574280648264ULL, + 17922071907832082887ULL, 15122670976670152145ULL, 6275027991110214322ULL, + 7250912847491816402ULL, 15206617260142982380ULL, 3385668313694152877ULL, + 17522479771766801905ULL, 2965919117476170655ULL, 1553238516603269404ULL, 5820770015631050991ULL, + 4999445222232605348ULL, 9245650860833717444ULL, 1508811811724230728ULL, 5190684913765614385ULL, + 15692927070934536166ULL, 12981978499190500902ULL, 5143491963193394698ULL, + 7705698092144084129ULL, 581120653055084783ULL, 13886552864486459714ULL, 6290301270652587255ULL, + 8663431529954393128ULL, 17033405846475472443ULL, 5206780355442651635ULL, + 12580364474736467688ULL, 17934601912005283310ULL, 15119491731028933652ULL, + 17848231399859044858ULL, 4427673319524919329ULL, 2673607337074368008ULL, + 14034876464294699949ULL, 10938948975420813697ULL, 15202340615298669183ULL, + 5496603454069431071ULL, 2486526142064906845ULL, 4507882119510526802ULL, 13888151172411390059ULL, + 15049027856908071726ULL, 9667231543181973158ULL, 6406671575277563202ULL, 3395801050331215139ULL, + 9813607433539108308ULL, 2681417728820980381ULL, 18407064643927113994ULL, 7707177692113485527ULL, + 14218149384635317074ULL, 3658668346206375919ULL, 15404713991002362166ULL, + 10152074687696195207ULL, 10926946599582128139ULL, 16907298600007085320ULL, + 16544287219664720279ULL, 11007075933432813205ULL, 8652245965145713599ULL, + 7857626748965990384ULL, 5602306604520095870ULL, 2525139243938658618ULL, 14405696176872077447ULL, + 18432270482137885332ULL, 9913880809120071177ULL, 16896141737831216972ULL, + 7484791498211214829ULL, 15635259968266497469ULL, 8495118537612215624ULL, 4915477980562575356ULL, + 16453519279754924350ULL, 14462108244565406969ULL, 14837837755237096687ULL, + 14130171078892575346ULL, 15423793222528491497ULL, 5460399262075036084ULL, + 16085440580308415349ULL, 26873200736954488ULL, 5603655807457499550ULL, 3342202915871129617ULL, + 1604413932150236626ULL, 9684226585089458974ULL, 1213229904006618539ULL, 6782978662408837236ULL, + 11197029877749307372ULL, 14085968786551657744ULL, 17352273610494009342ULL, + 7876582961192434984ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)14619254753077084366U, - (uint64_t)13913835116514008593U, (uint64_t)15060744674088488145U, - (uint64_t)17668414598203068685U, (uint64_t)10761169236902342334U, - (uint64_t)15467027479157446221U, (uint64_t)14989185522423469618U, - (uint64_t)14354539272510107003U, (uint64_t)14298211796392133693U, - (uint64_t)13270323784253711450U, (uint64_t)13380964971965046957U, - (uint64_t)8686204248456909699U, (uint64_t)17434630286744937066U, (uint64_t)1355903775279084720U, - (uint64_t)7554695053550308662U, (uint64_t)11354971222741863570U, (uint64_t)564601613420749879U, - (uint64_t)8466325837259054896U, (uint64_t)10752965181772434263U, - (uint64_t)11405876547368426319U, (uint64_t)13791894568738930940U, - (uint64_t)8230587134406354675U, (uint64_t)12415514098722758608U, - (uint64_t)18414183046995786744U, (uint64_t)15508000368227372870U, - (uint64_t)5781062464627999307U, (uint64_t)15339429052219195590U, - (uint64_t)16038703753810741903U, (uint64_t)9587718938298980714U, (uint64_t)4822658817952386407U, - (uint64_t)1376351024833260660U, (uint64_t)1120174910554766702U, (uint64_t)1730170933262569274U, - (uint64_t)5187428548444533500U, (uint64_t)16242053503368957131U, (uint64_t)3036811119519868279U, - (uint64_t)1760267587958926638U, (uint64_t)170244572981065185U, (uint64_t)8063080791967388171U, - (uint64_t)4824892826607692737U, (uint64_t)16286391083472040552U, - (uint64_t)11945158615253358747U, (uint64_t)14096887760410224200U, - (uint64_t)1613720831904557039U, (uint64_t)14316966673761197523U, - (uint64_t)17411006201485445341U, (uint64_t)8112301506943158801U, (uint64_t)2069889233927989984U, - (uint64_t)10082848378277483927U, (uint64_t)3609691194454404430U, (uint64_t)6110437205371933689U, - (uint64_t)9769135977342231601U, (uint64_t)11977962151783386478U, - (uint64_t)18088718692559983573U, (uint64_t)11741637975753055U, (uint64_t)11110390325701582190U, - (uint64_t)1341402251566067019U, (uint64_t)3028229550849726478U, (uint64_t)10438984083997451310U, - (uint64_t)12730851885100145709U, (uint64_t)11524169532089894189U, - (uint64_t)4523375903229602674U, (uint64_t)2028602258037385622U, (uint64_t)17082839063089388410U, - (uint64_t)6103921364634113167U, (uint64_t)17066180888225306102U, - (uint64_t)11395680486707876195U, (uint64_t)10952892272443345484U, - (uint64_t)8792831960605859401U, (uint64_t)14194485427742325139U, - (uint64_t)15146020821144305250U, (uint64_t)1654766014957123343U, (uint64_t)7955526243090948551U, - (uint64_t)3989277566080493308U, (uint64_t)12229385116397931231U, - (uint64_t)13430548930727025562U, (uint64_t)3434892688179800602U, (uint64_t)8431998794645622027U, - (uint64_t)12132530981596299272U, (uint64_t)2289461608863966999U, - (uint64_t)18345870950201487179U, (uint64_t)13517947207801901576U, - (uint64_t)5213113244172561159U, (uint64_t)17632986594098340879U, (uint64_t)4405251818133148856U, - (uint64_t)11783009269435447793U, (uint64_t)9332138983770046035U, - (uint64_t)12863411548922539505U, (uint64_t)3717030292816178224U, - (uint64_t)10026078446427137374U, (uint64_t)11167295326594317220U, - (uint64_t)12425328773141588668U, (uint64_t)5760335125172049352U, (uint64_t)9016843701117277863U, - (uint64_t)5657892835694680172U, (uint64_t)11025130589305387464U, (uint64_t)1368484957977406173U, - (uint64_t)17361351345281258834U, (uint64_t)1907113641956152700U, - (uint64_t)16439233413531427752U, (uint64_t)5893322296986588932U, - (uint64_t)14000206906171746627U, (uint64_t)14979266987545792900U, - (uint64_t)6926291766898221120U, (uint64_t)7162023296083360752U, (uint64_t)14762747553625382529U, - (uint64_t)12610831658612406849U, (uint64_t)10462926899548715515U, - (uint64_t)4794017723140405312U, (uint64_t)5234438200490163319U, (uint64_t)8019519110339576320U, - (uint64_t)7194604241290530100U, (uint64_t)12626770134810813246U, - (uint64_t)10793074474236419890U, (uint64_t)11323224347913978783U, - (uint64_t)16831128015895380245U, (uint64_t)18323094195124693378U, - (uint64_t)2361097165281567692U, (uint64_t)15755578675014279498U, - (uint64_t)14289876470325854580U, (uint64_t)12856787656093616839U, - (uint64_t)3578928531243900594U, (uint64_t)3847532758790503699U, (uint64_t)8377953190224748743U, - (uint64_t)3314546646092744596U, (uint64_t)800810188859334358U, (uint64_t)4626344124229343596U, - (uint64_t)6620381605850876621U, (uint64_t)11422073570955989527U, - (uint64_t)12676813626484814469U, (uint64_t)16725029886764122240U, - (uint64_t)16648497372773830008U, (uint64_t)9135702594931291048U, - (uint64_t)16080949688826680333U, (uint64_t)11528096561346602947U, - (uint64_t)2632498067099740984U, (uint64_t)11583842699108800714U, (uint64_t)8378404864573610526U, - (uint64_t)1076560261627788534U, (uint64_t)13836015994325032828U, - (uint64_t)11234295937817067909U, (uint64_t)5893659808396722708U, - (uint64_t)11277421142886984364U, (uint64_t)8968549037166726491U, - (uint64_t)14841374331394032822U, (uint64_t)9967344773947889341U, (uint64_t)8799244393578496085U, - (uint64_t)5094686877301601410U, (uint64_t)8780316747074726862U, (uint64_t)9119697306829835718U, - (uint64_t)15381243327921855368U, (uint64_t)2686250164449435196U, - (uint64_t)16466917280442198358U, (uint64_t)13791704489163125216U, - (uint64_t)16955859337117924272U, (uint64_t)17112836394923783642U, - (uint64_t)4639176427338618063U, (uint64_t)16770029310141094964U, - (uint64_t)11049953922966416185U, (uint64_t)12012669590884098968U, - (uint64_t)4859326885929417214U, (uint64_t)896380084392586061U, (uint64_t)7153028362977034008U, - (uint64_t)10540021163316263301U, (uint64_t)9318277998512936585U, - (uint64_t)18344496977694796523U, (uint64_t)11374737400567645494U, - (uint64_t)17158800051138212954U, (uint64_t)18343197867863253153U, - (uint64_t)18204799297967861226U, (uint64_t)15798973531606348828U, - (uint64_t)9870158263408310459U, (uint64_t)17578869832774612627U, (uint64_t)8395748875822696932U, - (uint64_t)15310679007370670872U, (uint64_t)11205576736030808860U, - (uint64_t)10123429210002838967U, (uint64_t)5910544144088393959U, - (uint64_t)14016615653353687369U, (uint64_t)11191676704772957822U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 14619254753077084366ULL, 13913835116514008593ULL, + 15060744674088488145ULL, 17668414598203068685ULL, 10761169236902342334ULL, + 15467027479157446221ULL, 14989185522423469618ULL, 14354539272510107003ULL, + 14298211796392133693ULL, 13270323784253711450ULL, 13380964971965046957ULL, + 8686204248456909699ULL, 17434630286744937066ULL, 1355903775279084720ULL, 7554695053550308662ULL, + 11354971222741863570ULL, 564601613420749879ULL, 8466325837259054896ULL, 10752965181772434263ULL, + 11405876547368426319ULL, 13791894568738930940ULL, 8230587134406354675ULL, + 12415514098722758608ULL, 18414183046995786744ULL, 15508000368227372870ULL, + 5781062464627999307ULL, 15339429052219195590ULL, 16038703753810741903ULL, + 9587718938298980714ULL, 4822658817952386407ULL, 1376351024833260660ULL, 1120174910554766702ULL, + 1730170933262569274ULL, 5187428548444533500ULL, 16242053503368957131ULL, 3036811119519868279ULL, + 1760267587958926638ULL, 170244572981065185ULL, 8063080791967388171ULL, 4824892826607692737ULL, + 16286391083472040552ULL, 11945158615253358747ULL, 14096887760410224200ULL, + 1613720831904557039ULL, 14316966673761197523ULL, 17411006201485445341ULL, + 8112301506943158801ULL, 2069889233927989984ULL, 10082848378277483927ULL, 3609691194454404430ULL, + 6110437205371933689ULL, 9769135977342231601ULL, 11977962151783386478ULL, + 18088718692559983573ULL, 11741637975753055ULL, 11110390325701582190ULL, 1341402251566067019ULL, + 3028229550849726478ULL, 10438984083997451310ULL, 12730851885100145709ULL, + 11524169532089894189ULL, 4523375903229602674ULL, 2028602258037385622ULL, + 17082839063089388410ULL, 6103921364634113167ULL, 17066180888225306102ULL, + 11395680486707876195ULL, 10952892272443345484ULL, 8792831960605859401ULL, + 14194485427742325139ULL, 15146020821144305250ULL, 1654766014957123343ULL, + 7955526243090948551ULL, 3989277566080493308ULL, 12229385116397931231ULL, + 13430548930727025562ULL, 3434892688179800602ULL, 8431998794645622027ULL, + 12132530981596299272ULL, 2289461608863966999ULL, 18345870950201487179ULL, + 13517947207801901576ULL, 5213113244172561159ULL, 17632986594098340879ULL, + 4405251818133148856ULL, 11783009269435447793ULL, 9332138983770046035ULL, + 12863411548922539505ULL, 3717030292816178224ULL, 10026078446427137374ULL, + 11167295326594317220ULL, 12425328773141588668ULL, 5760335125172049352ULL, + 9016843701117277863ULL, 5657892835694680172ULL, 11025130589305387464ULL, 1368484957977406173ULL, + 17361351345281258834ULL, 1907113641956152700ULL, 16439233413531427752ULL, + 5893322296986588932ULL, 14000206906171746627ULL, 14979266987545792900ULL, + 6926291766898221120ULL, 7162023296083360752ULL, 14762747553625382529ULL, + 12610831658612406849ULL, 10462926899548715515ULL, 4794017723140405312ULL, + 5234438200490163319ULL, 8019519110339576320ULL, 7194604241290530100ULL, 12626770134810813246ULL, + 10793074474236419890ULL, 11323224347913978783ULL, 16831128015895380245ULL, + 18323094195124693378ULL, 2361097165281567692ULL, 15755578675014279498ULL, + 14289876470325854580ULL, 12856787656093616839ULL, 3578928531243900594ULL, + 3847532758790503699ULL, 8377953190224748743ULL, 3314546646092744596ULL, 800810188859334358ULL, + 4626344124229343596ULL, 6620381605850876621ULL, 11422073570955989527ULL, + 12676813626484814469ULL, 16725029886764122240ULL, 16648497372773830008ULL, + 9135702594931291048ULL, 16080949688826680333ULL, 11528096561346602947ULL, + 2632498067099740984ULL, 11583842699108800714ULL, 8378404864573610526ULL, 1076560261627788534ULL, + 13836015994325032828ULL, 11234295937817067909ULL, 5893659808396722708ULL, + 11277421142886984364ULL, 8968549037166726491ULL, 14841374331394032822ULL, + 9967344773947889341ULL, 8799244393578496085ULL, 5094686877301601410ULL, 8780316747074726862ULL, + 9119697306829835718ULL, 15381243327921855368ULL, 2686250164449435196ULL, + 16466917280442198358ULL, 13791704489163125216ULL, 16955859337117924272ULL, + 17112836394923783642ULL, 4639176427338618063ULL, 16770029310141094964ULL, + 11049953922966416185ULL, 12012669590884098968ULL, 4859326885929417214ULL, 896380084392586061ULL, + 7153028362977034008ULL, 10540021163316263301ULL, 9318277998512936585ULL, + 18344496977694796523ULL, 11374737400567645494ULL, 17158800051138212954ULL, + 18343197867863253153ULL, 18204799297967861226ULL, 15798973531606348828ULL, + 9870158263408310459ULL, 17578869832774612627ULL, 8395748875822696932ULL, + 15310679007370670872ULL, 11205576736030808860ULL, 10123429210002838967ULL, + 5910544144088393959ULL, 14016615653353687369ULL, 11191676704772957822ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4[192U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)7870395003430845958U, - (uint64_t)18001862936410067720U, (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U, - (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U, (uint64_t)7139806720777708306U, - (uint64_t)8253938546650739833U, (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U, - (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U, (uint64_t)8392845221328116213U, - (uint64_t)14630296398338540788U, (uint64_t)4268947906723414372U, (uint64_t)9231207002243517909U, - (uint64_t)14261219637616504262U, (uint64_t)7786881626982345356U, - (uint64_t)11412720751765882139U, (uint64_t)14119585051365330009U, - (uint64_t)15281626286521302128U, (uint64_t)6350171933454266732U, - (uint64_t)16559468304937127866U, (uint64_t)13200760478271693417U, - (uint64_t)6733381546280350776U, (uint64_t)3801404890075189193U, (uint64_t)2741036364686993903U, - (uint64_t)3218612940540174008U, (uint64_t)10894914335165419505U, - (uint64_t)11862941430149998362U, (uint64_t)4223151729402839584U, (uint64_t)2913215088487087887U, - (uint64_t)14562168920104952953U, (uint64_t)2170089393468287453U, - (uint64_t)10520900655016579352U, (uint64_t)7040362608949989273U, (uint64_t)8376510559381705307U, - (uint64_t)9142237200448131532U, (uint64_t)5696859948123854080U, (uint64_t)925422306716081180U, - (uint64_t)11155545953469186421U, (uint64_t)1888208646862572812U, - (uint64_t)11151095998248845721U, (uint64_t)15793503271680275267U, - (uint64_t)7729877044494854851U, (uint64_t)6235134673193032913U, (uint64_t)7364280682182401564U, - (uint64_t)5479679373325519985U, (uint64_t)17966037684582301763U, - (uint64_t)14140891609330279185U, (uint64_t)5814744449740463867U, (uint64_t)5652588426712591652U, - (uint64_t)774745682988690912U, (uint64_t)13228255573220500373U, (uint64_t)11949122068786859397U, - (uint64_t)8021166392900770376U, (uint64_t)7994323710948720063U, (uint64_t)9924618472877849977U, - (uint64_t)17618517523141194266U, (uint64_t)2750424097794401714U, - (uint64_t)15481749570715253207U, (uint64_t)14646964509921760497U, - (uint64_t)1037442848094301355U, (uint64_t)6295995947389299132U, (uint64_t)16915049722317579514U, - (uint64_t)10493877400992990313U, (uint64_t)18391008753060553521U, (uint64_t)483942209623707598U, - (uint64_t)2017775662838016613U, (uint64_t)5933251998459363553U, (uint64_t)11789135019970707407U, - (uint64_t)5484123723153268336U, (uint64_t)13246954648848484954U, (uint64_t)4774374393926023505U, - (uint64_t)14863995618704457336U, (uint64_t)13220153167104973625U, - (uint64_t)5988445485312390826U, (uint64_t)17580359464028944682U, (uint64_t)7297100131969874771U, - (uint64_t)379931507867989375U, (uint64_t)10927113096513421444U, (uint64_t)17688881974428340857U, - (uint64_t)4259872578781463333U, (uint64_t)8573076295966784472U, (uint64_t)16389829450727275032U, - (uint64_t)1667243868963568259U, (uint64_t)17730726848925960919U, - (uint64_t)11408899874569778008U, (uint64_t)3576527582023272268U, - (uint64_t)16492920640224231656U, (uint64_t)7906130545972460130U, - (uint64_t)13878604278207681266U, (uint64_t)41446695125652041U, (uint64_t)8891615271337333503U, - (uint64_t)2594537723613594470U, (uint64_t)7699579176995770924U, (uint64_t)147458463055730655U, - (uint64_t)12120406862739088406U, (uint64_t)12044892493010567063U, - (uint64_t)8554076749615475136U, (uint64_t)1005097692260929999U, (uint64_t)2687202654471188715U, - (uint64_t)9457588752176879209U, (uint64_t)17472884880062444019U, (uint64_t)9792097892056020166U, - (uint64_t)2525246678512797150U, (uint64_t)15958903035313115662U, - (uint64_t)11336038170342247032U, (uint64_t)11560342382835141123U, - (uint64_t)6212009033479929024U, (uint64_t)8214308203775021229U, (uint64_t)8475469210070503698U, - (uint64_t)13287024123485719563U, (uint64_t)12956951963817520723U, - (uint64_t)10693035819908470465U, (uint64_t)11375478788224786725U, - (uint64_t)16934625208487120398U, (uint64_t)10094585729115874495U, - (uint64_t)2763884524395905776U, (uint64_t)13535890148969964883U, - (uint64_t)13514657411765064358U, (uint64_t)9903074440788027562U, - (uint64_t)17324720726421199990U, (uint64_t)2273931039117368789U, (uint64_t)3442641041506157854U, - (uint64_t)1119853641236409612U, (uint64_t)12037070344296077989U, (uint64_t)581736433335671746U, - (uint64_t)6019150647054369174U, (uint64_t)14864096138068789375U, (uint64_t)6652995210998318662U, - (uint64_t)12773883697029175304U, (uint64_t)12751275631451845119U, - (uint64_t)11449095003038250478U, (uint64_t)1025805267334366480U, (uint64_t)2764432500300815015U, - (uint64_t)18274564429002844381U, (uint64_t)10445634195592600351U, - (uint64_t)11814099592837202735U, (uint64_t)5006796893679120289U, (uint64_t)6908397253997261914U, - (uint64_t)13266696965302879279U, (uint64_t)7768715053015037430U, (uint64_t)3569923738654785686U, - (uint64_t)5844853453464857549U, (uint64_t)1837340805629559110U, (uint64_t)1034657624388283114U, - (uint64_t)711244516069456460U, (uint64_t)12519286026957934814U, (uint64_t)2613464944620837619U, - (uint64_t)10003023321338286213U, (uint64_t)7291332092642881376U, (uint64_t)9832199564117004897U, - (uint64_t)3280736694860799890U, (uint64_t)6416452202849179874U, (uint64_t)7326961381798642069U, - (uint64_t)8435688798040635029U, (uint64_t)16630141263910982958U, - (uint64_t)17222635514422533318U, (uint64_t)9482787389178881499U, (uint64_t)836561194658263905U, - (uint64_t)3405319043337616649U, (uint64_t)2786146577568026518U, (uint64_t)7625483685691626321U, - (uint64_t)6728084875304656716U, (uint64_t)1140997959232544268U, (uint64_t)12847384827606303792U, - (uint64_t)1719121337754572070U, (uint64_t)12863589482936438532U, (uint64_t)3880712899640530862U, - (uint64_t)2748456882813671564U, (uint64_t)4775988900044623019U, (uint64_t)8937847374382191162U, - (uint64_t)3767367347172252295U, (uint64_t)13468672401049388646U, - (uint64_t)14359032216842397576U, (uint64_t)2002555958685443975U, - (uint64_t)16488678606651526810U, (uint64_t)11826135409597474760U, - (uint64_t)15296495673182508601U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 7870395003430845958ULL, 18001862936410067720ULL, 8006461232116967215ULL, + 5921313779532424762ULL, 10702113371959864307ULL, 8070517410642379879ULL, 7139806720777708306ULL, + 8253938546650739833ULL, 17490482834545705718ULL, 1065249776797037500ULL, 5018258455937968775ULL, + 14100621120178668337ULL, 8392845221328116213ULL, 14630296398338540788ULL, + 4268947906723414372ULL, 9231207002243517909ULL, 14261219637616504262ULL, 7786881626982345356ULL, + 11412720751765882139ULL, 14119585051365330009ULL, 15281626286521302128ULL, + 6350171933454266732ULL, 16559468304937127866ULL, 13200760478271693417ULL, + 6733381546280350776ULL, 3801404890075189193ULL, 2741036364686993903ULL, 3218612940540174008ULL, + 10894914335165419505ULL, 11862941430149998362ULL, 4223151729402839584ULL, + 2913215088487087887ULL, 14562168920104952953ULL, 2170089393468287453ULL, + 10520900655016579352ULL, 7040362608949989273ULL, 8376510559381705307ULL, 9142237200448131532ULL, + 5696859948123854080ULL, 925422306716081180ULL, 11155545953469186421ULL, 1888208646862572812ULL, + 11151095998248845721ULL, 15793503271680275267ULL, 7729877044494854851ULL, + 6235134673193032913ULL, 7364280682182401564ULL, 5479679373325519985ULL, 17966037684582301763ULL, + 14140891609330279185ULL, 5814744449740463867ULL, 5652588426712591652ULL, 774745682988690912ULL, + 13228255573220500373ULL, 11949122068786859397ULL, 8021166392900770376ULL, + 7994323710948720063ULL, 9924618472877849977ULL, 17618517523141194266ULL, 2750424097794401714ULL, + 15481749570715253207ULL, 14646964509921760497ULL, 1037442848094301355ULL, + 6295995947389299132ULL, 16915049722317579514ULL, 10493877400992990313ULL, + 18391008753060553521ULL, 483942209623707598ULL, 2017775662838016613ULL, 5933251998459363553ULL, + 11789135019970707407ULL, 5484123723153268336ULL, 13246954648848484954ULL, + 4774374393926023505ULL, 14863995618704457336ULL, 13220153167104973625ULL, + 5988445485312390826ULL, 17580359464028944682ULL, 7297100131969874771ULL, 379931507867989375ULL, + 10927113096513421444ULL, 17688881974428340857ULL, 4259872578781463333ULL, + 8573076295966784472ULL, 16389829450727275032ULL, 1667243868963568259ULL, + 17730726848925960919ULL, 11408899874569778008ULL, 3576527582023272268ULL, + 16492920640224231656ULL, 7906130545972460130ULL, 13878604278207681266ULL, 41446695125652041ULL, + 8891615271337333503ULL, 2594537723613594470ULL, 7699579176995770924ULL, 147458463055730655ULL, + 12120406862739088406ULL, 12044892493010567063ULL, 8554076749615475136ULL, + 1005097692260929999ULL, 2687202654471188715ULL, 9457588752176879209ULL, 17472884880062444019ULL, + 9792097892056020166ULL, 2525246678512797150ULL, 15958903035313115662ULL, + 11336038170342247032ULL, 11560342382835141123ULL, 6212009033479929024ULL, + 8214308203775021229ULL, 8475469210070503698ULL, 13287024123485719563ULL, + 12956951963817520723ULL, 10693035819908470465ULL, 11375478788224786725ULL, + 16934625208487120398ULL, 10094585729115874495ULL, 2763884524395905776ULL, + 13535890148969964883ULL, 13514657411765064358ULL, 9903074440788027562ULL, + 17324720726421199990ULL, 2273931039117368789ULL, 3442641041506157854ULL, 1119853641236409612ULL, + 12037070344296077989ULL, 581736433335671746ULL, 6019150647054369174ULL, 14864096138068789375ULL, + 6652995210998318662ULL, 12773883697029175304ULL, 12751275631451845119ULL, + 11449095003038250478ULL, 1025805267334366480ULL, 2764432500300815015ULL, + 18274564429002844381ULL, 10445634195592600351ULL, 11814099592837202735ULL, + 5006796893679120289ULL, 6908397253997261914ULL, 13266696965302879279ULL, 7768715053015037430ULL, + 3569923738654785686ULL, 5844853453464857549ULL, 1837340805629559110ULL, 1034657624388283114ULL, + 711244516069456460ULL, 12519286026957934814ULL, 2613464944620837619ULL, 10003023321338286213ULL, + 7291332092642881376ULL, 9832199564117004897ULL, 3280736694860799890ULL, 6416452202849179874ULL, + 7326961381798642069ULL, 8435688798040635029ULL, 16630141263910982958ULL, + 17222635514422533318ULL, 9482787389178881499ULL, 836561194658263905ULL, 3405319043337616649ULL, + 2786146577568026518ULL, 7625483685691626321ULL, 6728084875304656716ULL, 1140997959232544268ULL, + 12847384827606303792ULL, 1719121337754572070ULL, 12863589482936438532ULL, + 3880712899640530862ULL, 2748456882813671564ULL, 4775988900044623019ULL, 8937847374382191162ULL, + 3767367347172252295ULL, 13468672401049388646ULL, 14359032216842397576ULL, + 2002555958685443975ULL, 16488678606651526810ULL, 11826135409597474760ULL, + 15296495673182508601ULL }; static const uint64_t Hacl_P256_PrecompTable_precomp_basepoint_table_w5[384U] = { - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U, - (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U, - (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U, - (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U, - (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, - (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U, - (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U, - (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U, - (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U, - (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U, - (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U, - (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U, - (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U, - (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U, - (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U, - (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U, - (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U, - (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U, - (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U, - (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U, - (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U, - (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U, - (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U, - (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U, - (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U, - (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U, - (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U, - (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U, - (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U, - (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U, - (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U, - (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U, - (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U, - (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U, - (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U, - (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U, - (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U, - (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U, - (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U, - (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U, - (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U, - (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U, - (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U, - (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U, - (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U, - (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U, - (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U, - (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U, - (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U, - (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U, - (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U, - (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U, - (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U, - (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U, - (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U, - (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U, - (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U, - (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U, - (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U, - (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U, - (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U, - (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U, - (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U, - (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U, - (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U, - (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U, - (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U, - (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U, - (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U, - (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U, - (uint64_t)13240193491554624643U, (uint64_t)12365034249541329920U, - (uint64_t)2924326828590977357U, (uint64_t)5687195797140589099U, (uint64_t)16880427227292834531U, - (uint64_t)9691471435758991112U, (uint64_t)16642385273732487288U, - (uint64_t)12173806747523009914U, (uint64_t)13142722756877876849U, - (uint64_t)8370377548305121979U, (uint64_t)17988526053752025426U, (uint64_t)4818750752684100334U, - (uint64_t)5669241919350361655U, (uint64_t)4964810303238518540U, (uint64_t)16709712747671533191U, - (uint64_t)4461414404267448242U, (uint64_t)3971798785139504238U, (uint64_t)6276818948740422136U, - (uint64_t)1426735892164275762U, (uint64_t)7943622674892418919U, (uint64_t)9864274225563929680U, - (uint64_t)57815533745003233U, (uint64_t)10893588105168960233U, (uint64_t)15739162732907069535U, - (uint64_t)3923866849462073470U, (uint64_t)12279826158399226875U, (uint64_t)1533015761334846582U, - (uint64_t)15860156818568437510U, (uint64_t)8252625373831297988U, (uint64_t)9666953804812706358U, - (uint64_t)8767785238646914634U, (uint64_t)14382179044941403551U, - (uint64_t)10401039907264254245U, (uint64_t)8584860003763157350U, (uint64_t)3120462679504470266U, - (uint64_t)8670255778748340069U, (uint64_t)5313789577940369984U, (uint64_t)16977072364454789224U, - (uint64_t)12199578693972188324U, (uint64_t)18211098771672599237U, - (uint64_t)12868831556008795030U, (uint64_t)5310155061431048194U, - (uint64_t)18114153238435112606U, (uint64_t)14482365809278304512U, - (uint64_t)12520721662723001511U, (uint64_t)405943624021143002U, (uint64_t)8146944101507657423U, - (uint64_t)181739317780393495U, (uint64_t)81743892273670099U, (uint64_t)14759561962550473930U, - (uint64_t)4592623849546992939U, (uint64_t)6916440441743449719U, (uint64_t)1304610503530809833U, - (uint64_t)5464930909232486441U, (uint64_t)15414883617496224671U, (uint64_t)8129283345256790U, - (uint64_t)18294252198413739489U, (uint64_t)17394115281884857288U, - (uint64_t)7808348415224731235U, (uint64_t)13195566655747230608U, (uint64_t)8568194219353949094U, - (uint64_t)15329813048672122440U, (uint64_t)9604275495885785744U, (uint64_t)1577712551205219835U, - (uint64_t)15964209008022052790U, (uint64_t)15087297920782098160U, - (uint64_t)3946031512438511898U, (uint64_t)10050061168984440631U, - (uint64_t)11382452014533138316U, (uint64_t)6313670788911952792U, - (uint64_t)12015989229696164014U, (uint64_t)5946702628076168852U, (uint64_t)5219995658774362841U, - (uint64_t)12230141881068377972U, (uint64_t)12361195202673441956U, - (uint64_t)4732862275653856711U, (uint64_t)17221430380805252370U, - (uint64_t)15397525953897375810U, (uint64_t)16557437297239563045U, - (uint64_t)10101683801868971351U, (uint64_t)1402611372245592868U, (uint64_t)1931806383735563658U, - (uint64_t)10991705207471512479U, (uint64_t)861333583207471392U, (uint64_t)15207766844626322355U, - (uint64_t)9224628129811432393U, (uint64_t)3497069567089055613U, (uint64_t)11956632757898590316U, - (uint64_t)8733729372586312960U, (uint64_t)18091521051714930927U, (uint64_t)77582787724373283U, - (uint64_t)9922437373519669237U, (uint64_t)3079321456325704615U, (uint64_t)12171198408512478457U, - (uint64_t)17179130884012147596U, (uint64_t)6839115479620367181U, (uint64_t)4421032569964105406U, - (uint64_t)10353331468657256053U, (uint64_t)17400988720335968824U, - (uint64_t)17138855889417480540U, (uint64_t)4507980080381370611U, - (uint64_t)10703175719793781886U, (uint64_t)12598516658725890426U, - (uint64_t)8353463412173898932U, (uint64_t)17703029389228422404U, (uint64_t)9313111267107226233U, - (uint64_t)5441322942995154196U, (uint64_t)8952817660034465484U, (uint64_t)17571113341183703118U, - (uint64_t)7375087953801067019U, (uint64_t)13381466302076453648U, (uint64_t)3218165271423914596U, - (uint64_t)16956372157249382685U, (uint64_t)509080090049418841U, (uint64_t)13374233893294084913U, - (uint64_t)2988537624204297086U, (uint64_t)4979195832939384620U, (uint64_t)3803931594068976394U, - (uint64_t)10731535883829627646U, (uint64_t)12954845047607194278U, - (uint64_t)10494298062560667399U, (uint64_t)4967351022190213065U, - (uint64_t)13391917938145756456U, (uint64_t)951370484866918160U, (uint64_t)13531334179067685307U, - (uint64_t)12868421357919390599U, (uint64_t)15918857042998130258U, - (uint64_t)17769743831936974016U, (uint64_t)7137921979260368809U, - (uint64_t)12461369180685892062U, (uint64_t)827476514081935199U, (uint64_t)15107282134224767230U, - (uint64_t)10084765752802805748U, (uint64_t)3303739059392464407U, - (uint64_t)17859532612136591428U, (uint64_t)10949414770405040164U, - (uint64_t)12838613589371008785U, (uint64_t)5554397169231540728U, - (uint64_t)18375114572169624408U, (uint64_t)15649286703242390139U, - (uint64_t)2957281557463706877U, (uint64_t)14000350446219393213U, - (uint64_t)14355199721749620351U, (uint64_t)2730856240099299695U, - (uint64_t)17528131000714705752U, (uint64_t)2537498525883536360U, (uint64_t)6121058967084509393U, - (uint64_t)16897667060435514221U, (uint64_t)12367869599571112440U, - (uint64_t)3388831797050807508U, (uint64_t)16791449724090982798U, (uint64_t)2673426123453294928U, - (uint64_t)11369313542384405846U, (uint64_t)15641960333586432634U, - (uint64_t)15080962589658958379U, (uint64_t)7747943772340226569U, (uint64_t)8075023376199159152U, - (uint64_t)8485093027378306528U, (uint64_t)13503706844122243648U, (uint64_t)8401961362938086226U, - (uint64_t)8125426002124226402U, (uint64_t)9005399361407785203U, (uint64_t)6847968030066906634U, - (uint64_t)11934937736309295197U, (uint64_t)5116750888594772351U, (uint64_t)2817039227179245227U, - (uint64_t)17724206901239332980U, (uint64_t)4985702708254058578U, (uint64_t)5786345435756642871U, - (uint64_t)17772527414940936938U, (uint64_t)1201320251272957006U, - (uint64_t)15787430120324348129U, (uint64_t)6305488781359965661U, - (uint64_t)12423900845502858433U, (uint64_t)17485949424202277720U, - (uint64_t)2062237315546855852U, (uint64_t)10353639467860902375U, (uint64_t)2315398490451287299U, - (uint64_t)15394572894814882621U, (uint64_t)232866113801165640U, (uint64_t)7413443736109338926U, - (uint64_t)902719806551551191U, (uint64_t)16568853118619045174U, (uint64_t)14202214862428279177U, - (uint64_t)11719595395278861192U, (uint64_t)5890053236389907647U, (uint64_t)9996196494965833627U, - (uint64_t)12967056942364782577U, (uint64_t)9034128755157395787U, - (uint64_t)17898204904710512655U, (uint64_t)8229373445062993977U, - (uint64_t)13580036169519833644U + 0ULL, 0ULL, 0ULL, 0ULL, 1ULL, 18446744069414584320ULL, 18446744073709551615ULL, 4294967294ULL, + 0ULL, 0ULL, 0ULL, 0ULL, 8784043285714375740ULL, 8483257759279461889ULL, 8789745728267363600ULL, + 1770019616739251654ULL, 15992936863339206154ULL, 10037038012062884956ULL, + 15197544864945402661ULL, 9615747158586711429ULL, 1ULL, 18446744069414584320ULL, + 18446744073709551615ULL, 4294967294ULL, 10634854829044225757ULL, 351552716085025155ULL, + 10645315080955407736ULL, 3609262091244858135ULL, 15760741698986874125ULL, + 14936374388219697827ULL, 15751360096993017895ULL, 18012233706239762398ULL, + 1993877568177495041ULL, 10345888787846536528ULL, 7746511691117935375ULL, + 14517043990409914413ULL, 14122549297570634151ULL, 16934610359517083771ULL, + 5724511325497097418ULL, 8983432969107448705ULL, 2687429970334080245ULL, 16525396802810050288ULL, + 7602596488871585854ULL, 4813919589149203084ULL, 7680395813780804519ULL, 6687709583048023590ULL, + 18086445169104142027ULL, 9637814708330203929ULL, 14785108459960679090ULL, + 3838023279095023581ULL, 3555615526157830307ULL, 5177066488380472871ULL, 18218186719108038403ULL, + 16281556341699656105ULL, 1524227924561461191ULL, 4148060517641909597ULL, 2858290374115363433ULL, + 8942772026334130620ULL, 3034451298319885113ULL, 8447866036736640940ULL, 11204933433076256578ULL, + 18333595740249588297ULL, 8259597024804538246ULL, 9539734295777539786ULL, 9797290423046626413ULL, + 5777303437849646537ULL, 8739356909899132020ULL, 14815960973766782158ULL, + 15286581798204509801ULL, 17597362577777019682ULL, 13259283710820519742ULL, + 10501322996899164670ULL, 1221138904338319642ULL, 14586685489551951885ULL, 895326705426031212ULL, + 14398171728560617847ULL, 9592550823745097391ULL, 17240998489162206026ULL, + 8085479283308189196ULL, 14844657737893882826ULL, 15923425394150618234ULL, + 2997808084773249525ULL, 494323555453660587ULL, 1215695327517794764ULL, 9476207381098391690ULL, + 7480789678419122995ULL, 15212230329321082489ULL, 436189395349576388ULL, 17377474396456660834ULL, + 15237013929655017939ULL, 11444428846883781676ULL, 5112749694521428575ULL, 950829367509872073ULL, + 17665036182057559519ULL, 17205133339690002313ULL, 16233765170251334549ULL, + 10122775683257972591ULL, 3352514236455632420ULL, 9143148522359954691ULL, 601191684005658860ULL, + 13398772186646349998ULL, 15512696600132928431ULL, 9128416073728948653ULL, + 11233051033546138578ULL, 6769345682610122833ULL, 10823233224575054288ULL, + 9997725227559980175ULL, 6733425642852897415ULL, 16302206918151466066ULL, 1669330822143265921ULL, + 2661645605036546002ULL, 17182558479745802165ULL, 1165082692376932040ULL, 9470595929011488359ULL, + 6142147329285324932ULL, 4829075085998111287ULL, 10231370681107338930ULL, 9591876895322495239ULL, + 10316468561384076618ULL, 11592503647238064235ULL, 13395813606055179632ULL, + 511127033980815508ULL, 12434976573147649880ULL, 3425094795384359127ULL, 6816971736303023445ULL, + 15444670609021139344ULL, 9464349818322082360ULL, 16178216413042376883ULL, + 9595540370774317348ULL, 7229365182662875710ULL, 4601177649460012843ULL, 5455046447382487090ULL, + 10854066421606187521ULL, 15913416821879788071ULL, 2297365362023460173ULL, + 2603252216454941350ULL, 6768791943870490934ULL, 15705936687122754810ULL, 9537096567546600694ULL, + 17580538144855035062ULL, 4496542856965746638ULL, 8444341625922124942ULL, + 12191263903636183168ULL, 17427332907535974165ULL, 14307569739254103736ULL, + 13900598742063266169ULL, 7176996424355977650ULL, 5709008170379717479ULL, + 14471312052264549092ULL, 1464519909491759867ULL, 3328154641049602121ULL, + 13020349337171136774ULL, 2772166279972051938ULL, 10854476939425975292ULL, + 1967189930534630940ULL, 2802919076529341959ULL, 14792226094833519208ULL, + 14675640928566522177ULL, 14838974364643800837ULL, 17631460696099549980ULL, + 17434186275364935469ULL, 2665648200587705473ULL, 13202122464492564051ULL, + 7576287350918073341ULL, 2272206013910186424ULL, 14558761641743937843ULL, 5675729149929979729ULL, + 9043135187561613166ULL, 11750149293830589225ULL, 740555197954307911ULL, 9871738005087190699ULL, + 17178667634283502053ULL, 18046255991533013265ULL, 4458222096988430430ULL, + 8452427758526311627ULL, 13825286929656615266ULL, 13956286357198391218ULL, + 15875692916799995079ULL, 10634895319157013920ULL, 13230116118036304207ULL, + 8795317393614625606ULL, 7001710806858862020ULL, 7949746088586183478ULL, 14677556044923602317ULL, + 11184023437485843904ULL, 11215864722023085094ULL, 6444464081471519014ULL, + 1706241174022415217ULL, 8243975633057550613ULL, 15502902453836085864ULL, 3799182188594003953ULL, + 3538840175098724094ULL, 13240193491554624643ULL, 12365034249541329920ULL, + 2924326828590977357ULL, 5687195797140589099ULL, 16880427227292834531ULL, 9691471435758991112ULL, + 16642385273732487288ULL, 12173806747523009914ULL, 13142722756877876849ULL, + 8370377548305121979ULL, 17988526053752025426ULL, 4818750752684100334ULL, 5669241919350361655ULL, + 4964810303238518540ULL, 16709712747671533191ULL, 4461414404267448242ULL, 3971798785139504238ULL, + 6276818948740422136ULL, 1426735892164275762ULL, 7943622674892418919ULL, 9864274225563929680ULL, + 57815533745003233ULL, 10893588105168960233ULL, 15739162732907069535ULL, 3923866849462073470ULL, + 12279826158399226875ULL, 1533015761334846582ULL, 15860156818568437510ULL, + 8252625373831297988ULL, 9666953804812706358ULL, 8767785238646914634ULL, 14382179044941403551ULL, + 10401039907264254245ULL, 8584860003763157350ULL, 3120462679504470266ULL, 8670255778748340069ULL, + 5313789577940369984ULL, 16977072364454789224ULL, 12199578693972188324ULL, + 18211098771672599237ULL, 12868831556008795030ULL, 5310155061431048194ULL, + 18114153238435112606ULL, 14482365809278304512ULL, 12520721662723001511ULL, + 405943624021143002ULL, 8146944101507657423ULL, 181739317780393495ULL, 81743892273670099ULL, + 14759561962550473930ULL, 4592623849546992939ULL, 6916440441743449719ULL, 1304610503530809833ULL, + 5464930909232486441ULL, 15414883617496224671ULL, 8129283345256790ULL, 18294252198413739489ULL, + 17394115281884857288ULL, 7808348415224731235ULL, 13195566655747230608ULL, + 8568194219353949094ULL, 15329813048672122440ULL, 9604275495885785744ULL, 1577712551205219835ULL, + 15964209008022052790ULL, 15087297920782098160ULL, 3946031512438511898ULL, + 10050061168984440631ULL, 11382452014533138316ULL, 6313670788911952792ULL, + 12015989229696164014ULL, 5946702628076168852ULL, 5219995658774362841ULL, + 12230141881068377972ULL, 12361195202673441956ULL, 4732862275653856711ULL, + 17221430380805252370ULL, 15397525953897375810ULL, 16557437297239563045ULL, + 10101683801868971351ULL, 1402611372245592868ULL, 1931806383735563658ULL, + 10991705207471512479ULL, 861333583207471392ULL, 15207766844626322355ULL, 9224628129811432393ULL, + 3497069567089055613ULL, 11956632757898590316ULL, 8733729372586312960ULL, + 18091521051714930927ULL, 77582787724373283ULL, 9922437373519669237ULL, 3079321456325704615ULL, + 12171198408512478457ULL, 17179130884012147596ULL, 6839115479620367181ULL, + 4421032569964105406ULL, 10353331468657256053ULL, 17400988720335968824ULL, + 17138855889417480540ULL, 4507980080381370611ULL, 10703175719793781886ULL, + 12598516658725890426ULL, 8353463412173898932ULL, 17703029389228422404ULL, + 9313111267107226233ULL, 5441322942995154196ULL, 8952817660034465484ULL, 17571113341183703118ULL, + 7375087953801067019ULL, 13381466302076453648ULL, 3218165271423914596ULL, + 16956372157249382685ULL, 509080090049418841ULL, 13374233893294084913ULL, 2988537624204297086ULL, + 4979195832939384620ULL, 3803931594068976394ULL, 10731535883829627646ULL, + 12954845047607194278ULL, 10494298062560667399ULL, 4967351022190213065ULL, + 13391917938145756456ULL, 951370484866918160ULL, 13531334179067685307ULL, + 12868421357919390599ULL, 15918857042998130258ULL, 17769743831936974016ULL, + 7137921979260368809ULL, 12461369180685892062ULL, 827476514081935199ULL, 15107282134224767230ULL, + 10084765752802805748ULL, 3303739059392464407ULL, 17859532612136591428ULL, + 10949414770405040164ULL, 12838613589371008785ULL, 5554397169231540728ULL, + 18375114572169624408ULL, 15649286703242390139ULL, 2957281557463706877ULL, + 14000350446219393213ULL, 14355199721749620351ULL, 2730856240099299695ULL, + 17528131000714705752ULL, 2537498525883536360ULL, 6121058967084509393ULL, + 16897667060435514221ULL, 12367869599571112440ULL, 3388831797050807508ULL, + 16791449724090982798ULL, 2673426123453294928ULL, 11369313542384405846ULL, + 15641960333586432634ULL, 15080962589658958379ULL, 7747943772340226569ULL, + 8075023376199159152ULL, 8485093027378306528ULL, 13503706844122243648ULL, 8401961362938086226ULL, + 8125426002124226402ULL, 9005399361407785203ULL, 6847968030066906634ULL, 11934937736309295197ULL, + 5116750888594772351ULL, 2817039227179245227ULL, 17724206901239332980ULL, 4985702708254058578ULL, + 5786345435756642871ULL, 17772527414940936938ULL, 1201320251272957006ULL, + 15787430120324348129ULL, 6305488781359965661ULL, 12423900845502858433ULL, + 17485949424202277720ULL, 2062237315546855852ULL, 10353639467860902375ULL, + 2315398490451287299ULL, 15394572894814882621ULL, 232866113801165640ULL, 7413443736109338926ULL, + 902719806551551191ULL, 16568853118619045174ULL, 14202214862428279177ULL, + 11719595395278861192ULL, 5890053236389907647ULL, 9996196494965833627ULL, + 12967056942364782577ULL, 9034128755157395787ULL, 17898204904710512655ULL, + 8229373445062993977ULL, 13580036169519833644ULL }; #if defined(__cplusplus) diff --git a/include/msvc/internal/Hacl_SHA2_Types.h b/include/msvc/internal/Hacl_SHA2_Types.h index 1e51a0f1..5a1eb668 100644 --- a/include/msvc/internal/Hacl_SHA2_Types.h +++ b/include/msvc/internal/Hacl_SHA2_Types.h @@ -35,68 +35,68 @@ extern "C" { #include "krml/lowstar_endianness.h" #include "krml/internal/target.h" -typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s +typedef struct Hacl_Hash_SHA2_uint8_2p_s { uint8_t *fst; uint8_t *snd; } -Hacl_Impl_SHA2_Types_uint8_2p; +Hacl_Hash_SHA2_uint8_2p; -typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s +typedef struct Hacl_Hash_SHA2_uint8_3p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_2p snd; + Hacl_Hash_SHA2_uint8_2p snd; } -Hacl_Impl_SHA2_Types_uint8_3p; +Hacl_Hash_SHA2_uint8_3p; -typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s +typedef struct Hacl_Hash_SHA2_uint8_4p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_3p snd; + Hacl_Hash_SHA2_uint8_3p snd; } -Hacl_Impl_SHA2_Types_uint8_4p; +Hacl_Hash_SHA2_uint8_4p; -typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s +typedef struct Hacl_Hash_SHA2_uint8_5p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_4p snd; + Hacl_Hash_SHA2_uint8_4p snd; } -Hacl_Impl_SHA2_Types_uint8_5p; +Hacl_Hash_SHA2_uint8_5p; -typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s +typedef struct Hacl_Hash_SHA2_uint8_6p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_5p snd; + Hacl_Hash_SHA2_uint8_5p snd; } -Hacl_Impl_SHA2_Types_uint8_6p; +Hacl_Hash_SHA2_uint8_6p; -typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s +typedef struct Hacl_Hash_SHA2_uint8_7p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_6p snd; + Hacl_Hash_SHA2_uint8_6p snd; } -Hacl_Impl_SHA2_Types_uint8_7p; +Hacl_Hash_SHA2_uint8_7p; -typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s +typedef struct Hacl_Hash_SHA2_uint8_8p_s { uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_7p snd; + Hacl_Hash_SHA2_uint8_7p snd; } -Hacl_Impl_SHA2_Types_uint8_8p; +Hacl_Hash_SHA2_uint8_8p; -typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s +typedef struct Hacl_Hash_SHA2_uint8_2x4p_s { - Hacl_Impl_SHA2_Types_uint8_4p fst; - Hacl_Impl_SHA2_Types_uint8_4p snd; + Hacl_Hash_SHA2_uint8_4p fst; + Hacl_Hash_SHA2_uint8_4p snd; } -Hacl_Impl_SHA2_Types_uint8_2x4p; +Hacl_Hash_SHA2_uint8_2x4p; -typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s +typedef struct Hacl_Hash_SHA2_uint8_2x8p_s { - Hacl_Impl_SHA2_Types_uint8_8p fst; - Hacl_Impl_SHA2_Types_uint8_8p snd; + Hacl_Hash_SHA2_uint8_8p fst; + Hacl_Hash_SHA2_uint8_8p snd; } -Hacl_Impl_SHA2_Types_uint8_2x8p; +Hacl_Hash_SHA2_uint8_2x8p; #if defined(__cplusplus) } diff --git a/include/msvc/lib_intrinsics.h b/include/msvc/lib_intrinsics.h index 0c35026e..8fa75b37 100644 --- a/include/msvc/lib_intrinsics.h +++ b/include/msvc/lib_intrinsics.h @@ -8,15 +8,20 @@ #endif #endif -#if defined(HACL_CAN_COMPILE_INTRINSICS) -#if defined(_MSC_VER) -#include -#else -#include -#endif -#endif +/* + GCC versions prior to 5.5 incorrectly optimize certain intrinsics. + + See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300 + + CLANG versions prior to 5 crash on certain intrinsics. + + See https://bugs.llvm.org/show_bug.cgi?id=24943 +*/ -#if !defined(HACL_CAN_COMPILE_INTRINSICS) +#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \ + (defined(__clang__) && (__clang_major__ < 5)) || \ + (defined(__GNUC__) && !defined(__clang__) && \ + (__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5)))) #include "Hacl_IntTypes_Intrinsics.h" @@ -25,35 +30,40 @@ #include "Hacl_IntTypes_Intrinsics_128.h" #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4)) #else #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)) #endif // defined(HACL_CAN_COMPILE_UINT128) #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ - (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)) + (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)) #else // !defined(HACL_CAN_COMPILE_INTRINSICS) +#if defined(_MSC_VER) +#include +#else +#include +#endif + #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \ - (_addcarry_u32(x1, x2, x3, (unsigned int *) x4)) + (_addcarry_u32(x1, x2, x3, (unsigned int *)x4)) #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ - (_addcarry_u64(x1, x2, x3, (long long unsigned int *) x4)) - + (_addcarry_u64(x1, x2, x3, (long long unsigned int *)x4)) /* GCC versions prior to 7.2 pass arguments to _subborrow_u{32,64} @@ -61,22 +71,22 @@ See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81294 */ -#if defined(__GNUC__) && !defined (__clang__) && \ - (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2))) +#if defined(__GNUC__) && !defined(__clang__) && \ + (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2))) #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ - (_subborrow_u32(x1, x3, x2, (unsigned int *) x4)) + (_subborrow_u32(x1, x3, x2, (unsigned int *)x4)) #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (_subborrow_u64(x1, x3, x2, (long long unsigned int *) x4)) + (_subborrow_u64(x1, x3, x2, (long long unsigned int *)x4)) #else -#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ - (_subborrow_u32(x1, x2, x3, (unsigned int *) x4)) +#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ + (_subborrow_u32(x1, x2, x3, (unsigned int *)x4)) -#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ - (_subborrow_u64(x1, x2, x3, (long long unsigned int *) x4)) +#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ + (_subborrow_u64(x1, x2, x3, (long long unsigned int *)x4)) #endif // GCC < 7.2 diff --git a/include/msvc/lib_memzero0.h b/include/msvc/lib_memzero0.h new file mode 100644 index 00000000..506dd50f --- /dev/null +++ b/include/msvc/lib_memzero0.h @@ -0,0 +1,5 @@ +#include + +void Lib_Memzero0_memzero0(void *dst, uint64_t len); + +#define Lib_Memzero0_memzero(dst, len, t) Lib_Memzero0_memzero0(dst, len * sizeof(t)) diff --git a/info.txt b/info.txt index ac05510e..a34b82c2 100644 --- a/info.txt +++ b/info.txt @@ -1,5 +1,5 @@ The code was generated with the following toolchain. -F* version: e617752a1b014a16892f7d8772d62e5c234f06c1 -KaRaMeL version: 2cf2974007f4103dba5619e4eb9e3eaeefad533b -HACL* version: 86a0aed822bd80b03e4810e23518181f0edec5f6 +F* version: 6e23042e74555544267731295b7d382c86edc574 +Karamel version: a7be2a7c43eca637ceb57fe8f3ffd16fc6627ebd +HACL* version: ae5d839c2e1fa95055b618cda60aeb1c486c720c Vale version: 0.3.19 diff --git a/js/api.js b/js/api.js index bd8c6c0d..5ad3bdde 100644 --- a/js/api.js +++ b/js/api.js @@ -217,9 +217,9 @@ var HaclWasm = (function() { // We defined a few WASM-specific "compile-time macros". var my_imports = { EverCrypt_TargetConfig: (mem) => ({ - hacl_can_compile_vale: 0, - hacl_can_compile_vec128: 0, - hacl_can_compile_vec256: 0, + HACL_CAN_COMPILE_VALE: 0, + HACL_CAN_COMPILE_VEC128: 0, + HACL_CAN_COMPILE_VEC256: 0, has_vec128_not_avx: () => false, has_vec256_not_avx2: () => false, }), diff --git a/js/api.json b/js/api.json index eec09b22..f6fa0e60 100644 --- a/js/api.json +++ b/js/api.json @@ -110,31 +110,40 @@ } }, "Chacha20Poly1305": { - "aead_encrypt": { - "module": "Hacl_Chacha20Poly1305_32", - "name": "aead_encrypt", - "args": [{ - "name": "key", - "kind": "input", + "encrypt": { + "module": "Hacl_AEAD_Chacha20Poly1305", + "name": "encrypt", + "args": [ + { + "name": "ciphertext", + "kind": "output", "type": "buffer", - "size": 32, - "interface_index": 0, + "size": "len", "tests": [ - "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" + "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116" ] }, { - "name": "nonce", + "name": "mac", + "kind": "output", + "type": "buffer", + "size": 16, + "tests": [ + "1ae10b594f09e26a7e902ecbd0600691" + ] + }, + { + "name": "plaintext", "kind": "input", "type": "buffer", - "size": 12, - "interface_index": 1, + "size": "len", + "interface_index": 0, "tests": [ - "070000004041424344454647" + "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" ] }, { - "name": "alen", + "name": "len", "kind": "input", "type": "uint32" }, @@ -143,42 +152,34 @@ "kind": "input", "type": "buffer", "size": "alen", - "interface_index": 2, + "interface_index": 1, "tests": [ "50515253c0c1c2c3c4c5c6c7" ] }, { - "name": "len", + "name": "alen", "kind": "input", "type": "uint32" }, { - "name": "plaintext", + "name": "key", "kind": "input", "type": "buffer", - "size": "len", - "interface_index": 3, - "tests": [ - "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" - ] - }, - { - "name": "ciphertext", - "kind": "output", - "type": "buffer", - "size": "len", + "size": 32, + "interface_index": 2, "tests": [ - "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116" + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" ] }, { - "name": "mac", - "kind": "output", + "name": "nonce", + "kind": "input", "type": "buffer", - "size": 16, + "size": 12, + "interface_index": 3, "tests": [ - "1ae10b594f09e26a7e902ecbd0600691" + "070000004041424344454647" ] } ], @@ -186,31 +187,31 @@ "type": "void" } }, - "aead_decrypt": { - "module": "Hacl_Chacha20Poly1305_32", - "name": "aead_decrypt", - "args": [{ - "name": "key", - "kind": "input", + "decrypt": { + "module": "Hacl_AEAD_Chacha20Poly1305", + "name": "decrypt", + "args": [ + { + "name": "plaintext", + "kind": "output", "type": "buffer", - "size": 32, - "interface_index": 0, + "size": "len", "tests": [ - "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" + "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" ] }, { - "name": "nonce", + "name": "ciphertext", "kind": "input", "type": "buffer", - "size": 12, - "interface_index": 1, + "size": "len", + "interface_index": 0, "tests": [ - "070000004041424344454647" + "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116" ] }, { - "name": "alen", + "name": "len", "kind": "input", "type": "uint32" }, @@ -219,33 +220,34 @@ "kind": "input", "type": "buffer", "size": "alen", - "interface_index": 2, + "interface_index": 1, "tests": [ "50515253c0c1c2c3c4c5c6c7" ] }, { - "name": "len", + "name": "alen", "kind": "input", "type": "uint32" }, { - "name": "plaintext", - "kind": "output", + "name": "key", + "kind": "input", "type": "buffer", - "size": "len", + "size": 32, + "interface_index": 2, "tests": [ - "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" ] }, { - "name": "ciphertext", + "name": "nonce", "kind": "input", "type": "buffer", - "size": "len", + "size": 12, "interface_index": 3, "tests": [ - "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116" + "070000004041424344454647" ] }, { @@ -407,9 +409,19 @@ "SHA2": { "hash_512": { "module": "Hacl_Hash_SHA2", - "custom_module_name": true, - "name": "Hacl_Streaming_SHA2_hash_512", + "name": "hash_512", "args": [{ + "name": "output", + "kind": "output", + "type": "buffer", + "size": 64, + "tests": [ + "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f", + "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", + "204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445", + "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" + ] + }, { "name": "input", "kind": "input", "type": "buffer", @@ -421,23 +433,10 @@ "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" ] - }, - { + }, { "name": "input_len", "kind": "input", "type": "uint32" - }, - { - "name": "hash", - "kind": "output", - "type": "buffer", - "size": 64, - "tests": [ - "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f", - "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", - "204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445", - "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" - ] } ], "return": { @@ -446,9 +445,19 @@ }, "hash_384": { "module": "Hacl_Hash_SHA2", - "custom_module_name": true, - "name": "Hacl_Streaming_SHA2_hash_384", + "name": "hash_384", "args": [{ + "name": "hash", + "kind": "output", + "type": "buffer", + "size": 48, + "tests": [ + "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7", + "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", + "3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b", + "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039" + ] + }, { "name": "input", "kind": "input", "type": "buffer", @@ -460,23 +469,10 @@ "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" ] - }, - { + }, { "name": "input_len", "kind": "input", "type": "uint32" - }, - { - "name": "hash", - "kind": "output", - "type": "buffer", - "size": 48, - "tests": [ - "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7", - "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", - "3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b", - "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039" - ] } ], "return": { @@ -485,9 +481,19 @@ }, "hash_256": { "module": "Hacl_Hash_SHA2", - "custom_module_name": true, - "name": "Hacl_Streaming_SHA2_hash_256", + "name": "hash_256", "args": [{ + "name": "hash", + "kind": "output", + "type": "buffer", + "size": 32, + "tests": [ + "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", + "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1", + "cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1" + ] + }, { "name": "input", "kind": "input", "type": "buffer", @@ -499,23 +505,10 @@ "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" ] - }, - { + }, { "name": "input_len", "kind": "input", "type": "uint32" - }, - { - "name": "hash", - "kind": "output", - "type": "buffer", - "size": 32, - "tests": [ - "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", - "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", - "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1", - "cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1" - ] } ], "return": { @@ -525,18 +518,10 @@ }, "Blake2": { "blake2b": { - "module": "Hacl_Hash_Blake2", + "module": "Hacl_Hash_Blake2b", "custom_module_name": true, - "name": "Hacl_Blake2b_32_blake2b", + "name": "Hacl_Hash_Blake2b_hash_with_key", "args": [{ - "type": "uint32", - "kind": "input", - "name": "output_len", - "interface_index": 0, - "tests": [ - 64, 64 - ] - }, { "name": "output", "kind": "output", "type": "buffer", @@ -545,26 +530,28 @@ "ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923", "e47bb6f20fbf14984f72a4c3cd9f3dc0d38928e536733ba7c5b153c71546584b7371f9b7070777b9a0947703409650fd04cfc9a5d561f99ed134ef262b03db94" ] - }, - { + }, { "type": "uint32", "kind": "input", - "name": "data_len" + "name": "output_len", + "interface_index": 0, + "tests": [ + 64, 64 + ] }, { - "name": "data", + "name": "input", "kind": "input", "type": "buffer", - "size": "data_len", + "size": "input_len", "interface_index": 1, "tests": [ "616263", "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ] - }, - { + }, { "type": "uint32", "kind": "input", - "name": "key_len" + "name": "input_len" }, { "name": "key", "kind": "input", @@ -575,6 +562,10 @@ "", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ] + }, { + "type": "uint32", + "kind": "input", + "name": "key_len" } ], "return": { @@ -582,21 +573,10 @@ } }, "blake2s": { - "module": "Hacl_Hash_Blake2", + "module": "Hacl_Hash_Blake2s", "custom_module_name": true, - "name": "Hacl_Blake2s_32_blake2s", + "name": "Hacl_Hash_Blake2s_hash_with_key", "args": [{ - "type": "uint32", - "kind": "input", - "name": "output_len", - "interface_index": 0, - "tests": [ - 32, - 32, - 32, - 32 - ] - }, { "name": "output", "kind": "output", "type": "buffer", @@ -607,16 +587,22 @@ "3fb735061abc519dfe979e54c1ee5bfad0a9d858b3315bad34bde999efd724dd", "d12bf3732ef4af5c22fa90356af8fc50fcb40f8f2ea5c8594737a3b3d5abdbd7" ] - }, - { + }, { "type": "uint32", "kind": "input", - "name": "data_len" + "name": "output_len", + "interface_index": 0, + "tests": [ + 32, + 32, + 32, + 32 + ] }, { - "name": "data", + "name": "input", "kind": "input", "type": "buffer", - "size": "data_len", + "size": "input_len", "interface_index": 1, "tests": [ "616263", @@ -624,11 +610,10 @@ "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fa" ] - }, - { + }, { "type": "uint32", "kind": "input", - "name": "key_len" + "name": "input_len" }, { "name": "key", "kind": "input", @@ -641,6 +626,10 @@ "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" ] + }, { + "type": "uint32", + "kind": "input", + "name": "key_len" } ], "return": { @@ -652,27 +641,10 @@ "hash_512": { "module": "Hacl_Hash_SHA3", "custom_module_name": true, - "name": "Hacl_SHA3_sha3_512", - "args": [{ - "name": "input_len", - "kind": "input", - "type": "uint32" - }, - { - "name": "input", - "kind": "input", - "type": "buffer", - "size": "input_len", - "interface_index": 0, - "tests": [ - "", - "616263", - "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", - "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" - ] - }, + "name": "Hacl_Hash_SHA3_sha3_512", + "args": [ { - "name": "hash", + "name": "output", "kind": "output", "type": "buffer", "size": 64, @@ -682,22 +654,7 @@ "04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e", "afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" ] - } - ], - "return": { - "type": "void" - } - }, - "hash_384": { - "module": "Hacl_Hash_SHA3", - "custom_module_name": true, - "name": "Hacl_SHA3_sha3_384", - "args": [{ - "name": "input_len", - "kind": "input", - "type": "uint32" - }, - { + }, { "name": "input", "kind": "input", "type": "buffer", @@ -709,7 +666,21 @@ "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" ] - }, + }, { + "name": "input_len", + "kind": "input", + "type": "uint32" + } + ], + "return": { + "type": "void" + } + }, + "hash_384": { + "module": "Hacl_Hash_SHA3", + "custom_module_name": true, + "name": "Hacl_Hash_SHA3_sha3_384", + "args": [ { "name": "hash", "kind": "output", @@ -721,22 +692,7 @@ "991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22", "79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7" ] - } - ], - "return": { - "type": "void" - } - }, - "hash_256": { - "module": "Hacl_Hash_SHA3", - "custom_module_name": true, - "name": "Hacl_SHA3_sha3_256", - "args": [{ - "name": "input_len", - "kind": "input", - "type": "uint32" - }, - { + }, { "name": "input", "kind": "input", "type": "buffer", @@ -748,7 +704,21 @@ "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" ] - }, + }, { + "name": "input_len", + "kind": "input", + "type": "uint32" + } + ], + "return": { + "type": "void" + } + }, + "hash_256": { + "module": "Hacl_Hash_SHA3", + "custom_module_name": true, + "name": "Hacl_Hash_SHA3_sha3_256", + "args": [ { "name": "hash", "kind": "output", @@ -760,22 +730,7 @@ "41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376", "916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18" ] - } - ], - "return": { - "type": "void" - } - }, - "hash_224": { - "module": "Hacl_Hash_SHA3", - "custom_module_name": true, - "name": "Hacl_SHA3_sha3_224", - "args": [{ - "name": "input_len", - "kind": "input", - "type": "uint32" - }, - { + }, { "name": "input", "kind": "input", "type": "buffer", @@ -787,7 +742,21 @@ "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" ] - }, + },{ + "name": "input_len", + "kind": "input", + "type": "uint32" + } + ], + "return": { + "type": "void" + } + }, + "hash_224": { + "module": "Hacl_Hash_SHA3", + "custom_module_name": true, + "name": "Hacl_Hash_SHA3_sha3_224", + "args": [ { "name": "hash", "kind": "output", @@ -799,7 +768,23 @@ "8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33", "543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc" ] - } + }, { + "name": "input", + "kind": "input", + "type": "buffer", + "size": "input_len", + "interface_index": 0, + "tests": [ + "", + "616263", + "6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071", + "61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475" + ] + }, { + "name": "input_len", + "kind": "input", + "type": "uint32" + } ], "return": { "type": "void" @@ -807,8 +792,7 @@ }, "keccak": { "module": "Hacl_Hash_SHA3", - "name": "Hacl_Impl_SHA3_keccak", - "custom_module_name": true, + "name": "keccak", "args": [{ "name": "rate", "kind": "input", @@ -3694,7 +3678,7 @@ "args": [{ "name": "state", "kind": "input", - "type": "EverCrypt_Hash_Incremental_hash_state", + "type": "EverCrypt_Hash_Incremental_state_t", "interface_index": 0, "tests": [ ] @@ -3706,10 +3690,10 @@ ] } }, - "create": { + "malloc": { "module": "EverCrypt_Hash", "custom_module_name": true, - "name": "EverCrypt_Hash_Incremental_create_in", + "name": "EverCrypt_Hash_Incremental_malloc", "args": [{ "name": "hash_alg", "kind": "input", @@ -3721,7 +3705,7 @@ ], "return": { "kind": "layout", - "type": "EverCrypt_Hash_Incremental_hash_state", + "type": "EverCrypt_Hash_Incremental_state_t", "tests": [ ] } @@ -3733,7 +3717,7 @@ "args": [{ "name": "state", "kind": "output", - "type": "EverCrypt_Hash_Incremental_hash_state", + "type": "EverCrypt_Hash_Incremental_state_t", "interface_index": 0, "tests": [ ] @@ -3757,14 +3741,14 @@ ] } }, - "finish": { + "digest": { "module": "EverCrypt_Hash", "custom_module_name": true, - "name": "EverCrypt_Hash_Incremental_finish", + "name": "EverCrypt_Hash_Incremental_digest", "args": [{ "name": "state", "kind": "input", - "type": "EverCrypt_Hash_Incremental_hash_state", + "type": "EverCrypt_Hash_Incremental_state_t", "interface_index": 0, "tests": [ ] diff --git a/js/test.html b/js/test.html index 6f5c40c8..a93dfdb3 100644 --- a/js/test.html +++ b/js/test.html @@ -5,7 +5,7 @@ KaRaMeL main driver diff --git a/src/wasm/shell.js b/src/wasm/shell.js index 7c0dd16d..cc877fd1 100644 --- a/src/wasm/shell.js +++ b/src/wasm/shell.js @@ -1,7 +1,7 @@ // To be loaded by main.js var my_js_files = ["./test.js"]; -var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Hash_Blake2", "Hacl_Hash_Blake2b_256", "Hacl_Hash_Blake2s_128", "Hacl_Hash_SHA3", "Hacl_Hash_Base", "Hacl_Hash_MD5", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_Poly1305_32", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HMAC", "Hacl_HKDF", "Hacl_Chacha20Poly1305_32", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_Streaming_Blake2b_256", "Hacl_Streaming_Blake2s_128", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HMAC_Blake2s_128", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_Streaming_Poly1305_32", "Hacl_HMAC_DRBG", "Hacl_Streaming_Blake2", "Hacl_Bignum64", "Hacl_HMAC_Blake2b_256", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"]; +var my_modules = ["WasmSupport", "FStar", "LowStar_Endianness", "Hacl_Impl_Blake2_Constants", "Hacl_Lib", "Hacl_Hash_Blake2b", "Hacl_Hash_Blake2s", "Hacl_Hash_Blake2b_Simd256", "Hacl_Hash_Blake2s_Simd128", "Hacl_Hash_Base", "Hacl_Hash_SHA1", "Hacl_Hash_SHA2", "Hacl_HMAC", "Hacl_HMAC_Blake2s_128", "Hacl_HMAC_Blake2b_256", "Hacl_Hash_SHA3", "Hacl_Hash_MD5", "EverCrypt_TargetConfig", "EverCrypt", "Vale", "EverCrypt_Hash", "Hacl_Chacha20", "Hacl_Chacha20_Vec128_Hacl_Chacha20_Vec256", "Hacl_Salsa20", "Hacl_IntTypes_Intrinsics", "Hacl_Bignum_Base", "Hacl_Bignum", "Hacl_Bignum25519_51", "Hacl_Curve25519_51", "Hacl_MAC_Poly1305", "Hacl_AEAD_Chacha20Poly1305", "Hacl_Poly1305_128_Hacl_Poly1305_256_Hacl_Impl_Poly1305", "Hacl_AEAD_Chacha20Poly1305_Simd128", "Hacl_AEAD_Chacha20Poly1305_Simd256", "Hacl_Ed25519_PrecompTable", "Hacl_Ed25519", "Hacl_NaCl", "Hacl_P256_PrecompTable", "Hacl_P256", "Hacl_Bignum_K256", "Hacl_K256_PrecompTable", "Hacl_K256_ECDSA", "Hacl_HKDF", "Hacl_HPKE_Curve51_CP32_SHA256", "Hacl_HPKE_Curve51_CP32_SHA512", "Hacl_GenericField32", "Hacl_SHA2_Vec256", "Hacl_EC_K256", "Hacl_Bignum4096", "Hacl_Chacha20_Vec32", "Hacl_Bignum4096_32", "Hacl_HKDF_Blake2s_128", "Hacl_GenericField64", "Hacl_Bignum32", "Hacl_Bignum256_32", "Hacl_SHA2_Vec128", "Hacl_HMAC_DRBG", "Hacl_Bignum64", "Hacl_HKDF_Blake2b_256", "Hacl_EC_Ed25519", "Hacl_Bignum256"]; var my_debug = false; if (typeof module !== "undefined") diff --git a/tests/blake2b.cc b/tests/blake2b.cc index 95559bb7..a58c5ba3 100644 --- a/tests/blake2b.cc +++ b/tests/blake2b.cc @@ -11,17 +11,15 @@ #include "EverCrypt_Hash.h" // ANCHOR(example header) -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2b.h" // ANCHOR_END(example header) -#include "Hacl_Streaming_Blake2.h" #include "config.h" #include "evercrypt.h" #include "hacl-cpu-features.h" #include "util.h" #ifdef HACL_CAN_COMPILE_VEC256 -#include "Hacl_Hash_Blake2b_256.h" -#include "Hacl_Streaming_Blake2b_256.h" +#include "Hacl_Hash_Blake2b_Simd256.h" #endif #define VALE \ @@ -61,12 +59,10 @@ TEST(ApiTestSuite, ApiTest) uint32_t key_len = 0; uint8_t* key = 0; - Hacl_Blake2b_32_blake2b(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, - output, - message_len, - (uint8_t*)message, - key_len, - key); + Hacl_Hash_Blake2b_hash_with_key( + output, HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, + (uint8_t*)message, message_len, + key, key_len); print_hex_ln(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, output); // ANCHOR_END(example) @@ -96,25 +92,22 @@ TEST(ApiTestSuite, ApiTest) uint8_t digest_2[HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX]; // Init - Hacl_Streaming_Blake2_blake2b_32_state_s* state = - Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(); - Hacl_Streaming_Blake2_blake2b_32_no_key_init(state); + Hacl_Hash_Blake2b_state_t* state = Hacl_Hash_Blake2b_malloc(); + Hacl_Hash_Blake2b_reset(state); // 1/2 Include `Hello, ` into the hash calculation and // obtain the intermediate hash of "Hello, ". - Hacl_Streaming_Blake2_blake2b_32_no_key_update( - state, (uint8_t*)chunk_1, chunk_1_size); + Hacl_Hash_Blake2b_update(state, (uint8_t*)chunk_1, chunk_1_size); // This is optional when no intermediate results are required. - Hacl_Streaming_Blake2_blake2b_32_no_key_finish(state, digest_1); + Hacl_Hash_Blake2b_digest(state, digest_1); // 2/2 Include `World!` into the hash calculation and // obtain the final hash of "Hello, World!". - Hacl_Streaming_Blake2_blake2b_32_no_key_update( - state, (uint8_t*)chunk_2, chunk_2_size); - Hacl_Streaming_Blake2_blake2b_32_no_key_finish(state, digest_2); + Hacl_Hash_Blake2b_update(state, (uint8_t*)chunk_2, chunk_2_size); + Hacl_Hash_Blake2b_digest(state, digest_2); // Cleanup - Hacl_Streaming_Blake2_blake2b_32_no_key_free(state); + Hacl_Hash_Blake2b_free(state); print_hex_ln(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, digest_1); print_hex_ln(HACL_HASH_BLAKE2B_DIGEST_LENGTH_MAX, digest_2); @@ -233,12 +226,9 @@ TEST_P(Blake2b, KAT) { bytes got_digest(test.out_len); - Hacl_Blake2b_32_blake2b(test.out_len, - got_digest.data(), - test.input.size(), - test.input.data(), - test.key.size(), - test.key.data()); + Hacl_Hash_Blake2b_hash_with_key( + got_digest.data(), test.out_len, test.input.data(), test.input.size(), + test.key.data(), test.key.size()); bool outcome = compare_and_print(test.out_len, got_digest.data(), test.digest.data()); @@ -266,19 +256,17 @@ TEST_P(Blake2bStreaming, KAT) bytes got_digest(64); // Init - Hacl_Streaming_Blake2_blake2b_32_state_s* state = - Hacl_Streaming_Blake2_blake2b_32_no_key_create_in(); - Hacl_Streaming_Blake2_blake2b_32_no_key_init(state); + Hacl_Hash_Blake2b_state_t* state = Hacl_Hash_Blake2b_malloc(); + Hacl_Hash_Blake2b_reset(state); // Update for (auto chunk : split_by_index_list(test_case.input, lengths)) { - Hacl_Streaming_Blake2_blake2b_32_no_key_update( - state, chunk.data(), chunk.size()); + Hacl_Hash_Blake2b_update(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Blake2_blake2b_32_no_key_finish(state, got_digest.data()); - Hacl_Streaming_Blake2_blake2b_32_no_key_free(state); + Hacl_Hash_Blake2b_digest(state, got_digest.data()); + Hacl_Hash_Blake2b_free(state); EXPECT_EQ(test_case.digest, got_digest); } @@ -291,18 +279,17 @@ TEST_P(Blake2bStreaming, KAT) bytes got_hash(64); // Init - Hacl_Streaming_Blake2b_256_blake2b_256_state* state = - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_create_in(); - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init(state); + Hacl_Hash_Blake2b_Simd256_state_t* state = + Hacl_Hash_Blake2b_Simd256_malloc(); + Hacl_Hash_Blake2b_Simd256_reset(state); // Update - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_update( + Hacl_Hash_Blake2b_Simd256_update( state, test_case.input.data(), test_case.input.size()); // Finish - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_finish(state, - got_hash.data()); - Hacl_Streaming_Blake2b_256_blake2b_256_no_key_free(state); + Hacl_Hash_Blake2b_Simd256_digest(state, got_hash.data()); + Hacl_Hash_Blake2b_Simd256_free(state); EXPECT_EQ(test_case.digest, got_hash); } else { @@ -344,16 +331,16 @@ TEST_P(EverCryptSuiteTestCase, HashTest) { bytes got_digest(test.digest.size(), 0); - EverCrypt_Hash_Incremental_hash_state* state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2B); + EverCrypt_Hash_Incremental_state_t* state = + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2B); - EverCrypt_Hash_Incremental_init(state); + EverCrypt_Hash_Incremental_reset(state); for (auto chunk : split_by_index_list(test.input, lengths)) { EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size()); } - EverCrypt_Hash_Incremental_finish(state, got_digest.data()); + EverCrypt_Hash_Incremental_digest(state, got_digest.data()); EverCrypt_Hash_Incremental_free(state); EXPECT_EQ(test.digest, got_digest); diff --git a/tests/blake2s.cc b/tests/blake2s.cc index 2b8b142f..903d2378 100644 --- a/tests/blake2s.cc +++ b/tests/blake2s.cc @@ -12,16 +12,14 @@ #include "EverCrypt_Hash.h" // ANCHOR(example header) -#include "Hacl_Hash_Blake2.h" +#include "Hacl_Hash_Blake2s.h" // ANCHOR_END(example header) -#include "Hacl_Streaming_Blake2.h" #include "evercrypt.h" #include "hacl-cpu-features.h" #include "util.h" #ifdef HACL_CAN_COMPILE_VEC128 -#include "Hacl_Hash_Blake2s_128.h" -#include "Hacl_Streaming_Blake2s_128.h" +#include "Hacl_Hash_Blake2s_Simd128.h" #endif // ANCHOR(example define) @@ -73,12 +71,10 @@ TEST(ApiTestSuite, ApiTest) uint32_t key_len = 0; uint8_t* key = 0; - Hacl_Blake2s_32_blake2s(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, - output, - message_len, - (uint8_t*)message, - key_len, - key); + Hacl_Hash_Blake2s_hash_with_key( + output, HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, + (uint8_t*)message, message_len, + key, key_len); print_hex_ln(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, output); // ANCHOR_END(example) @@ -107,25 +103,22 @@ TEST(ApiTestSuite, ApiTest) uint8_t digest_2[HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX]; // Init - Hacl_Streaming_Blake2_blake2s_32_state_s* state = - Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(); - Hacl_Streaming_Blake2_blake2s_32_no_key_init(state); + Hacl_Hash_Blake2s_state_t* state = Hacl_Hash_Blake2s_malloc(); + Hacl_Hash_Blake2s_reset(state); // 1/2 Include `Hello, ` into the hash calculation and // obtain the intermediate hash of "Hello, ". - Hacl_Streaming_Blake2_blake2s_32_no_key_update( - state, (uint8_t*)chunk_1, chunk_1_size); + Hacl_Hash_Blake2s_update(state, (uint8_t*)chunk_1, chunk_1_size); // This is optional when no intermediate results are required. - Hacl_Streaming_Blake2_blake2s_32_no_key_finish(state, digest_1); + Hacl_Hash_Blake2s_digest(state, digest_1); // 2/2 Include `World!` into the hash calculation and // obtain the final hash of "Hello, World!". - Hacl_Streaming_Blake2_blake2s_32_no_key_update( - state, (uint8_t*)chunk_2, chunk_2_size); - Hacl_Streaming_Blake2_blake2s_32_no_key_finish(state, digest_2); + Hacl_Hash_Blake2s_update(state, (uint8_t*)chunk_2, chunk_2_size); + Hacl_Hash_Blake2s_digest(state, digest_2); // Cleanup - Hacl_Streaming_Blake2_blake2s_32_no_key_free(state); + Hacl_Hash_Blake2s_free(state); print_hex_ln(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, digest_1); print_hex_ln(HACL_HASH_BLAKE2S_DIGEST_LENGTH_MAX, digest_2); @@ -161,12 +154,9 @@ TEST_P(Blake2s, TryKAT) { bytes got_digest(test.out_len); - Hacl_Blake2s_32_blake2s(test.out_len, - got_digest.data(), - test.input.size(), - test.input.data(), - test.key.size(), - test.key.data()); + Hacl_Hash_Blake2s_hash_with_key( + got_digest.data(), test.out_len, test.input.data(), test.input.size(), + test.key.data(), test.key.size()); bool outcome = false; outcome = @@ -181,19 +171,17 @@ TEST_P(Blake2s, TryKAT) if (test.key.size() == 0) { // Init - Hacl_Streaming_Blake2_blake2s_32_state* state = - Hacl_Streaming_Blake2_blake2s_32_no_key_create_in(); - Hacl_Streaming_Blake2_blake2s_32_no_key_init(state); + Hacl_Hash_Blake2s_state_t* state = Hacl_Hash_Blake2s_malloc(); + Hacl_Hash_Blake2s_reset(state); // Update for (auto chunk : split_by_index_list(test.input, lengths)) { - Hacl_Streaming_Blake2_blake2s_32_no_key_update( - state, chunk.data(), chunk.size()); + Hacl_Hash_Blake2s_update(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Blake2_blake2s_32_no_key_finish(state, got_digest.data()); - Hacl_Streaming_Blake2_blake2s_32_no_key_free(state); + Hacl_Hash_Blake2s_digest(state, got_digest.data()); + Hacl_Hash_Blake2s_free(state); bool outcome = compare_and_print( test.digest.size(), got_digest.data(), test.digest.data()); @@ -210,23 +198,21 @@ TEST_P(Blake2s, TryKAT) // TODO: Enable this. See // https://github.com/project-everest/hacl-star/issues/586 // - // Hacl_Blake2s_128_blake2s(expected_len, got_digest.data(), input_len, - // input, key_len, key); outcome = outcome && + // Hacl_Hash_Blake2s_Simd128_hash(got_digest.data(), expected_len, input, + // input_len, key, key_len); outcome = outcome && // compare_and_print(expected_len, got_digest.data(), expected); // // // Streaming variant. // if (key_len == 0) { // // Init - // Hacl_Streaming_Blake2s_128_blake2s_128_state_s* state = - // Hacl_Streaming_Blake2s_128_blake2s_128_no_key_create_in(); + // Hacl_Hash_Blake2s_Simd128_state_t* state = + // Hacl_Hash_Blake2s_Simd128_malloc(); // // // Update - // Hacl_Streaming_Blake2s_128_blake2s_128_no_key_update(state, input, - // input_len); + // Hacl_Hash_Blake2s_Simd128_update(state, input, input_len); // // // Finish - // Hacl_Streaming_Blake2s_128_blake2s_128_no_key_finish(state, - // got_digest.data()); + // Hacl_Hash_Blake2s_Simd128_digest(state, got_digest.data()); // // outcome = outcome && compare_and_print(expected_len, // got_digest.data(), expected); @@ -326,14 +312,14 @@ TEST_P(EverCryptSuiteTestCase, HashTest) { bytes got_digest(test.digest.size(), 0); - EverCrypt_Hash_Incremental_hash_state* state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_Blake2S); + EverCrypt_Hash_Incremental_state_t* state = + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_Blake2S); - EverCrypt_Hash_Incremental_init(state); + EverCrypt_Hash_Incremental_reset(state); for (auto chunk : split_by_index_list(test.input, lengths)) { EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size()); } - EverCrypt_Hash_Incremental_finish(state, got_digest.data()); + EverCrypt_Hash_Incremental_digest(state, got_digest.data()); EverCrypt_Hash_Incremental_free(state); EXPECT_EQ(test.digest, got_digest); diff --git a/tests/chacha20poly1305.cc b/tests/chacha20poly1305.cc index fe2e6970..aa07c88e 100644 --- a/tests/chacha20poly1305.cc +++ b/tests/chacha20poly1305.cc @@ -8,7 +8,7 @@ #include -#include "Hacl_Chacha20Poly1305_32.h" +#include "Hacl_AEAD_Chacha20Poly1305.h" #include "Hacl_Chacha20_Vec32.h" #include "chacha20poly1305_vectors.h" #include "hacl-cpu-features.h" @@ -16,11 +16,11 @@ #include "wycheproof.h" #ifdef HACL_CAN_COMPILE_VEC128 -#include "Hacl_Chacha20Poly1305_128.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h" #endif #ifdef HACL_CAN_COMPILE_VEC256 -#include "Hacl_Chacha20Poly1305_256.h" +#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h" #endif #define VALE \ @@ -34,10 +34,10 @@ // Function pointer to multiplex between the different implementations. typedef void (*test_encrypt)(uint8_t*, uint8_t*, - uint32_t, uint8_t*, uint32_t, uint8_t*, + uint32_t, uint8_t*, uint8_t*); @@ -68,12 +68,12 @@ print_test(test_encrypt aead_encrypt, memset(ciphertext, 0, in_len * sizeof ciphertext[0]); uint8_t mac[16] = { 0 }; - (*aead_encrypt)(key, nonce, aad_len, aad, in_len, in, ciphertext, mac); + (*aead_encrypt)(ciphertext, mac, in, in_len, aad, aad_len, key, nonce); bool ok = compare_and_print(in_len, ciphertext, exp_cipher); ok = ok && compare_and_print(16, mac, exp_mac); int res = (*aead_decrypt)( - key, nonce, aad_len, aad, in_len, plaintext, exp_cipher, exp_mac); + plaintext, exp_cipher, in_len, aad, aad_len, key, nonce, exp_mac); ok = ok && (res == 0); ok = ok && compare_and_print(in_len, plaintext, in); @@ -125,22 +125,16 @@ TEST(ApiSuite, ApiTest) uint8_t mac[HACL_AEAD_CHACHA20_POLY1305_MAC_LEN]; // Encryption. - Hacl_Chacha20Poly1305_32_aead_encrypt( - key, nonce, aad_len, (uint8_t*)aad, msg_len, (uint8_t*)msg, cipher, mac); + Hacl_AEAD_Chacha20Poly1305_encrypt( + cipher, mac, (uint8_t*)msg, msg_len, (uint8_t*)aad, aad_len, key, nonce); // Decryption. // Allocate the same amount of memory for the recovered message as for the // ciphertext. uint8_t* recovered = (uint8_t*)malloc(msg_len); - uint32_t res = Hacl_Chacha20Poly1305_32_aead_decrypt(key, - nonce, - aad_len, - (uint8_t*)aad, - msg_len, - (uint8_t*)recovered, - cipher, - mac); + uint32_t res = Hacl_AEAD_Chacha20Poly1305_decrypt( + (uint8_t*)recovered, cipher, msg_len, (uint8_t*)aad, aad_len, key, nonce, mac); if (res == 0) { printf("Decryption successful."); @@ -164,8 +158,8 @@ TEST_P(Chacha20Poly1305Testing, TryTestVectors) hacl_init_cpu_features(); const chacha20poly1305_test_vector& vectors(GetParam()); - bool test = print_test(&Hacl_Chacha20Poly1305_32_aead_encrypt, - &Hacl_Chacha20Poly1305_32_aead_decrypt, + bool test = print_test(&Hacl_AEAD_Chacha20Poly1305_encrypt, + &Hacl_AEAD_Chacha20Poly1305_decrypt, vectors.input_len, vectors.input, &vectors.key[0], @@ -180,8 +174,8 @@ TEST_P(Chacha20Poly1305Testing, TryTestVectors) // We might have compiled vec128 chachapoly but don't have it available on the // CPU when running now. if (hacl_vec128_support()) { - test = print_test(&Hacl_Chacha20Poly1305_128_aead_encrypt, - &Hacl_Chacha20Poly1305_128_aead_decrypt, + test = print_test(&Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt, + &Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt, vectors.input_len, vectors.input, &vectors.key[0], @@ -200,8 +194,8 @@ TEST_P(Chacha20Poly1305Testing, TryTestVectors) // We might have compiled vec256 chachapoly but don't have it available on the // CPU when running now. if (hacl_vec256_support()) { - test = print_test(&Hacl_Chacha20Poly1305_256_aead_encrypt, - &Hacl_Chacha20Poly1305_256_aead_decrypt, + test = print_test(&Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt, + &Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt, vectors.input_len, vectors.input, &vectors.key[0], @@ -247,15 +241,15 @@ TEST_P(Chacha20Poly1305Wycheproof, TryWycheproof) uint8_t* ct = const_cast(test_case.ct.data()); // Check that encryption yields the expected cipher text. - Hacl_Chacha20Poly1305_32_aead_encrypt( - key, iv, test_case.aad.size(), aad, msg_size, msg, ciphertext.data(), mac); + Hacl_AEAD_Chacha20Poly1305_encrypt( + ciphertext.data(), mac, msg, msg_size, aad, test_case.aad.size(), key, iv); if (test_case.valid) { EXPECT_EQ(ciphertext, test_case.ct); EXPECT_EQ(std::vector(mac, mac + 16), test_case.tag); } - int res = Hacl_Chacha20Poly1305_32_aead_decrypt( - key, iv, test_case.aad.size(), aad, msg_size, plaintext.data(), ct, tag); + int res = Hacl_AEAD_Chacha20Poly1305_decrypt( + plaintext.data(), ct, msg_size, aad, test_case.aad.size(), key, iv, tag); EXPECT_EQ(res, test_case.valid ? 0 : 1); { @@ -278,21 +272,15 @@ TEST_P(Chacha20Poly1305Wycheproof, TryWycheproof) // CPU when running now. if (hacl_vec128_support()) { // Check that encryption yields the expected cipher text. - Hacl_Chacha20Poly1305_128_aead_encrypt(key, - iv, - test_case.aad.size(), - aad, - msg_size, - msg, - ciphertext.data(), - mac); + Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt( + ciphertext.data(), mac, msg, msg_size, aad, test_case.aad.size(), key, iv); if (test_case.valid) { EXPECT_EQ(ciphertext, test_case.ct); EXPECT_EQ(std::vector(mac, mac + 16), test_case.tag); } - res = Hacl_Chacha20Poly1305_128_aead_decrypt( - key, iv, test_case.aad.size(), aad, msg_size, plaintext.data(), ct, tag); + res = Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt( + plaintext.data(), ct, msg_size, aad, test_case.aad.size(), key, iv, tag); EXPECT_EQ(res, test_case.valid ? 0 : 1); } else { printf(" ! Vec128 was compiled but it is not available on this CPU.\n"); @@ -305,21 +293,15 @@ TEST_P(Chacha20Poly1305Wycheproof, TryWycheproof) // CPU when running now. if (hacl_vec256_support()) { // Check that encryption yields the expected cipher text. - Hacl_Chacha20Poly1305_256_aead_encrypt(key, - iv, - test_case.aad.size(), - aad, - msg_size, - msg, - ciphertext.data(), - mac); + Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt( + ciphertext.data(), mac, msg, msg_size, aad, test_case.aad.size(), key, iv); if (test_case.valid) { EXPECT_EQ(ciphertext, test_case.ct); EXPECT_EQ(std::vector(mac, mac + 16), test_case.tag); } - res = Hacl_Chacha20Poly1305_256_aead_decrypt( - key, iv, test_case.aad.size(), aad, msg_size, plaintext.data(), ct, tag); + res = Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt( + plaintext.data(), ct, msg_size, aad, test_case.aad.size(), key, iv, tag); EXPECT_EQ(res, test_case.valid ? 0 : 1); } else { printf(" ! Vec256 was compiled but it is not available on this CPU.\n"); diff --git a/tests/hmac.cc b/tests/hmac.cc index 942aa296..77c86ebd 100644 --- a/tests/hmac.cc +++ b/tests/hmac.cc @@ -155,7 +155,7 @@ TEST_P(HmacKAT, TryKAT) bytes tag(test_case.full_size, 0); if (test_case.full_size == 20) { - Hacl_HMAC_legacy_compute_sha1( + Hacl_HMAC_compute_sha1( tag.data(), key, test_case.key.size(), msg, test_case.msg.size()); } else if (test_case.full_size == 28) { std::cout << "Skipping \"full_size=" << test_case.full_size << "\"" diff --git a/tests/k256_ecdsa.cc b/tests/k256_ecdsa.cc index b3bf7aaf..d6643b2c 100644 --- a/tests/k256_ecdsa.cc +++ b/tests/k256_ecdsa.cc @@ -178,7 +178,7 @@ TEST_P(P256EcdsaWycheproof, TryWycheproof) // TODO: Only testing non low-S normalized here for now. uint8_t digest[32] = { 0 }; - Hacl_Streaming_SHA2_hash_256(msg, test_case.msg.size(), &digest[0]); + Hacl_Hash_SHA2_hash_256(&digest[0], msg, test_case.msg.size()); EXPECT_EQ(test_case.valid, Hacl_K256_ECDSA_ecdsa_verify_hashed_msg( &digest[0], plain_public_key, rs.data())); diff --git a/tests/md5.cc b/tests/md5.cc index 827152e9..b212a4b7 100644 --- a/tests/md5.cc +++ b/tests/md5.cc @@ -33,8 +33,7 @@ TEST_P(Md5Suite, TestCase) auto test = GetParam(); bytes got_hash = std::vector(16); - Hacl_Streaming_MD5_legacy_hash( - test.message.data(), test.message.size(), got_hash.data()); + Hacl_Hash_MD5_hash(got_hash.data(), test.message.data(), test.message.size()); EXPECT_EQ(got_hash, test.hash); } @@ -63,12 +62,12 @@ TEST_P(EverCryptSuiteTestCase, HashTest) { bytes got_digest(Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_MD5)); - EverCrypt_Hash_Incremental_hash_state* state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_MD5); - EverCrypt_Hash_Incremental_init(state); + EverCrypt_Hash_Incremental_state_t* state = + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_MD5); + EverCrypt_Hash_Incremental_reset(state); EverCrypt_Hash_Incremental_update( state, test.message.data(), test.message.size()); - EverCrypt_Hash_Incremental_finish(state, got_digest.data()); + EverCrypt_Hash_Incremental_digest(state, got_digest.data()); EverCrypt_Hash_Incremental_free(state); ASSERT_EQ(test.hash, got_digest); diff --git a/tests/poly1305.cc b/tests/poly1305.cc index d12f0216..5b1f0bde 100644 --- a/tests/poly1305.cc +++ b/tests/poly1305.cc @@ -11,19 +11,16 @@ #include #include "EverCrypt_Poly1305.h" -#include "Hacl_Poly1305_32.h" -#include "Hacl_Streaming_Poly1305_32.h" +#include "Hacl_MAC_Poly1305.h" #include "hacl-cpu-features.h" #include "util.h" #ifdef HACL_CAN_COMPILE_VEC128 -#include "Hacl_Poly1305_128.h" -#include "Hacl_Streaming_Poly1305_128.h" +#include "Hacl_MAC_Poly1305_Simd128.h" #endif #ifdef HACL_CAN_COMPILE_VEC256 -#include "Hacl_Poly1305_256.h" -#include "Hacl_Streaming_Poly1305_256.h" +#include "Hacl_MAC_Poly1305_Simd256.h" #endif using json = nlohmann::json; @@ -62,16 +59,15 @@ poly1305_mac(bytes key, bytes text, bytes& tag) // This works everywhere. Let's use it as a base for comparisons. bytes base_tag = vector(POLY1305_TAG_SIZE); - Hacl_Poly1305_32_poly1305_mac( - base_tag.data(), text.size(), text.data(), key.data()); + Hacl_MAC_Poly1305_mac(base_tag.data(), text.data(), text.size(), key.data()); #ifdef HACL_CAN_COMPILE_VEC128 if (hacl_vec128_support()) { cout << "Poly1305.Mac (VEC128)" << endl; bytes tag = vector(POLY1305_TAG_SIZE); - Hacl_Poly1305_128_poly1305_mac( - tag.data(), text.size(), text.data(), key.data()); + Hacl_MAC_Poly1305_Simd128_mac( + tag.data(), text.data(), text.size(), key.data()); EXPECT_EQ(base_tag, tag) << "Detected difference between base and _128 version"; @@ -85,8 +81,8 @@ poly1305_mac(bytes key, bytes text, bytes& tag) cout << "Poly1305.Mac (VEC256)" << endl; bytes tag = vector(POLY1305_TAG_SIZE); - Hacl_Poly1305_256_poly1305_mac( - tag.data(), text.size(), text.data(), key.data()); + Hacl_MAC_Poly1305_Simd256_mac( + tag.data(), text.data(), text.size(), key.data()); EXPECT_EQ(base_tag, tag) << "Detected difference between base and _256 version"; @@ -103,7 +99,7 @@ poly1305_mac(bytes key, bytes text, bytes& tag) bytes tag = bytes(POLY1305_TAG_SIZE); - EverCrypt_Poly1305_poly1305( + EverCrypt_Poly1305_mac( tag.data(), text.data(), text.size(), key.data()); EXPECT_EQ(base_tag, tag) @@ -119,87 +115,46 @@ poly1305_mac_streaming(bytes key, vector lengths, bytes expected_tag) { - cout << "Poly1305.Mac (Streaming, Variant 1)" << endl; - { - bytes got_tag = vector(POLY1305_TAG_SIZE); - - // Init - vector ctx(32); - Hacl_Poly1305_32_poly1305_init(ctx.data(), key.data()); - - // Update - // Note: This doesn't work with arbitrary chunks. - for (auto chunk : chunk(text, 16)) { - Hacl_Poly1305_32_poly1305_update(ctx.data(), chunk.size(), chunk.data()); - } - - // Finish - Hacl_Poly1305_32_poly1305_finish(got_tag.data(), key.data(), ctx.data()); - - ASSERT_EQ(expected_tag, got_tag); - } - - cout << "Poly1305.Mac (Streaming, Variant 2)" << endl; + cout << "Poly1305.Mac (Streaming)" << endl; { bytes got_tag = vector(POLY1305_TAG_SIZE); // Init uint8_t raw_state[32]; - Hacl_Streaming_Poly1305_32_poly1305_32_state_s* state = - Hacl_Streaming_Poly1305_32_create_in(raw_state); - Hacl_Streaming_Poly1305_32_init(key.data(), state); + Hacl_MAC_Poly1305_state_t* state = Hacl_MAC_Poly1305_malloc(raw_state); + Hacl_MAC_Poly1305_reset(state, key.data()); // Update for (auto chunk : split_by_index_list(text, lengths)) { - Hacl_Streaming_Poly1305_32_update(state, chunk.data(), chunk.size()); + Hacl_MAC_Poly1305_update(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Poly1305_32_finish(state, got_tag.data()); - Hacl_Streaming_Poly1305_32_free(state); + Hacl_MAC_Poly1305_digest(state, got_tag.data()); + Hacl_MAC_Poly1305_free(state); ASSERT_EQ(expected_tag, got_tag); } #ifdef HACL_CAN_COMPILE_VEC128 if (hacl_vec128_support()) { - cout << "Poly1305.Mac (VEC128, Streaming, Variant 1)" << endl; - { - bytes got_tag = vector(POLY1305_TAG_SIZE); - - // Init - Lib_IntVector_Intrinsics_vec128 ctx[32]; - Hacl_Poly1305_128_poly1305_init(ctx, key.data()); - - // Update - // Note: This doesn't work with arbitrary chunks. - for (auto chunk : chunk(text, 16)) { - Hacl_Poly1305_128_poly1305_update(ctx, chunk.size(), chunk.data()); - } - - // Finish - Hacl_Poly1305_128_poly1305_finish(got_tag.data(), key.data(), ctx); - - ASSERT_EQ(expected_tag, got_tag); - } - - cout << "Poly1305.Mac (VEC128, Streaming, Variant 2)" << endl; + cout << "Poly1305.Mac (VEC128, Streaming)" << endl; { bytes got_tag = vector(POLY1305_TAG_SIZE); // Init - Hacl_Streaming_Poly1305_128_poly1305_128_state* state = - Hacl_Streaming_Poly1305_128_create_in(key.data()); - Hacl_Streaming_Poly1305_128_init(key.data(), state); + Hacl_MAC_Poly1305_Simd128_state_t* state = + Hacl_MAC_Poly1305_Simd128_malloc(key.data()); + Hacl_MAC_Poly1305_Simd128_reset(state, key.data()); // Update for (auto chunk : split_by_index_list(text, lengths)) { - Hacl_Streaming_Poly1305_128_update(state, chunk.data(), chunk.size()); + Hacl_MAC_Poly1305_Simd128_update(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_Poly1305_128_finish(state, got_tag.data()); - Hacl_Streaming_Poly1305_128_free(state); + Hacl_MAC_Poly1305_Simd128_digest(state, got_tag.data()); + Hacl_MAC_Poly1305_Simd128_free(state); ASSERT_EQ(expected_tag, got_tag); } @@ -210,49 +165,25 @@ poly1305_mac_streaming(bytes key, #ifdef HACL_CAN_COMPILE_VEC256 if (hacl_vec256_support()) { - cout << "Poly1305.Mac (VEC256, Streaming, Variant 1)" << endl; + cout << "Poly1305.Mac (VEC256, Streaming)" << endl; { - bytes got_tag = vector(POLY1305_TAG_SIZE); - + bytes tag = vector(POLY1305_TAG_SIZE); + // Init - Lib_IntVector_Intrinsics_vec256 ctx[32]; - Hacl_Poly1305_256_poly1305_init(ctx, key.data()); - + Hacl_MAC_Poly1305_Simd256_state_t* state = + Hacl_MAC_Poly1305_Simd256_malloc(key.data()); + // Update - // Note: This doesn't work with arbitrary chunks. - for (auto chunk : chunk(text, 16)) { - Hacl_Poly1305_256_poly1305_update(ctx, chunk.size(), chunk.data()); + for (auto chunk : split_by_index_list(text, lengths)) { + Hacl_MAC_Poly1305_Simd256_update(state, chunk.data(), chunk.size()); } - + // Finish - Hacl_Poly1305_256_poly1305_finish(got_tag.data(), key.data(), ctx); - - ASSERT_EQ(expected_tag, got_tag); - } - - cout << "Poly1305.Mac (VEC256, Streaming, Variant 2)" << endl; - { - // TODO: This doesn't work currently. - // See https://github.com/project-everest/hacl-star/issues/586 - - // bytes tag = vector(POLY1305_TAG_SIZE); - // - // // Init - // Hacl_Streaming_Poly1305_256_poly1305_256_state* state = - // Hacl_Streaming_Poly1305_256_create_in(key.data()); - // - // // Update - // for (auto chunk : chunks) { - // Hacl_Streaming_Poly1305_256_update(state, chunk.data(), - // chunk.size()); - // } - // - // // Finish - // Hacl_Streaming_Poly1305_256_finish(state, tag.data()); - // Hacl_Streaming_Poly1305_256_free(state); - // - // EXPECT_EQ(base_tag, tag) - // << "Detected difference between _32 and _128 version"; + Hacl_MAC_Poly1305_Simd256_digest(state, tag.data()); + Hacl_MAC_Poly1305_Simd256_free(state); + + EXPECT_EQ(expected_tag, tag) + << "Detected difference between _32 and _128 version"; } } else { cout << "No support for VEC256 on this CPU." << endl; diff --git a/tests/rsapss.cc b/tests/rsapss.cc index 029065a2..440e63e3 100644 --- a/tests/rsapss.cc +++ b/tests/rsapss.cc @@ -35,8 +35,17 @@ TEST(ApiSuite, ApiTest) generate_rsapss_key(&e, &eBits, &d, &dBits, &mod, &modBits); uint64_t* skey = Hacl_RSAPSS_new_rsapss_load_skey(modBits, eBits, dBits, mod, e, d); + + if (skey == NULL) { + //Error + } + uint64_t* pkey = Hacl_RSAPSS_new_rsapss_load_pkey(modBits, eBits, mod, e); + if (pkey == NULL) { + //Error + } + // Message const char* msg = "Hello, World!"; size_t msgLen = strlen(msg); diff --git a/tests/sha1.cc b/tests/sha1.cc index b0c13a3e..b253d7e9 100644 --- a/tests/sha1.cc +++ b/tests/sha1.cc @@ -76,7 +76,7 @@ TEST(ApiSuite, ApiTest) uint8_t digest[HACL_HASH_SHA1_DIGEST_LENGTH]; - Hacl_Streaming_SHA1_legacy_hash((uint8_t*)message, message_size, digest); + Hacl_Hash_SHA1_hash(digest, (uint8_t*)message, message_size); // END OneShot bytes expected_digest = @@ -94,7 +94,7 @@ TEST(ApiSuite, ApiTest) // ANCHOR(streaming) // This example shows how to hash the byte sequence "Hello, World!" in two // chunks. As a bonus, it also shows how to obtain intermediate results by - // calling `finish` more than once. + // calling `digest` more than once. const char* chunk_1 = "Hello, "; const char* chunk_2 = "World!"; @@ -105,22 +105,22 @@ TEST(ApiSuite, ApiTest) uint8_t digest_2[HACL_HASH_SHA1_DIGEST_LENGTH]; // Init - Hacl_Streaming_SHA1_state* state = Hacl_Streaming_SHA1_legacy_create_in(); - Hacl_Streaming_SHA1_legacy_init(state); + Hacl_Hash_SHA1_state_t* state = Hacl_Hash_SHA1_malloc(); + Hacl_Hash_SHA1_reset(state); // 1/2 Include `Hello, ` into the hash calculation and // obtain the intermediate hash of "Hello, ". - Hacl_Streaming_SHA1_legacy_update(state, (uint8_t*)chunk_1, chunk_1_size); + Hacl_Hash_SHA1_update(state, (uint8_t*)chunk_1, chunk_1_size); // This is optional when no intermediate results are required. - Hacl_Streaming_SHA1_legacy_finish(state, digest_1); + Hacl_Hash_SHA1_digest(state, digest_1); // 2/2 Include `World!` into the hash calculation and // obtain the final hash of "Hello, World!". - Hacl_Streaming_SHA1_legacy_update(state, (uint8_t*)chunk_2, chunk_2_size); - Hacl_Streaming_SHA1_legacy_finish(state, digest_2); + Hacl_Hash_SHA1_update(state, (uint8_t*)chunk_2, chunk_2_size); + Hacl_Hash_SHA1_digest(state, digest_2); // Cleanup - Hacl_Streaming_SHA1_legacy_free(state); + Hacl_Hash_SHA1_free(state); print_hex_ln(HACL_HASH_SHA1_DIGEST_LENGTH, digest_1); print_hex_ln(HACL_HASH_SHA1_DIGEST_LENGTH, digest_2); @@ -154,17 +154,17 @@ TEST_P(Sha1, KAT) bytes digest(test.md.size()); // Init - Hacl_Streaming_SHA1_state* state = Hacl_Streaming_SHA1_legacy_create_in(); - Hacl_Streaming_SHA1_legacy_init(state); + Hacl_Hash_SHA1_state_t* state = Hacl_Hash_SHA1_malloc(); + Hacl_Hash_SHA1_reset(state); // Update for (auto chunk : split_by_index_list(test.msg, lengths)) { - Hacl_Streaming_SHA1_legacy_update(state, chunk.data(), chunk.size()); + Hacl_Hash_SHA1_update(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_SHA1_legacy_finish(state, digest.data()); - Hacl_Streaming_SHA1_legacy_free(state); + Hacl_Hash_SHA1_digest(state, digest.data()); + Hacl_Hash_SHA1_free(state); EXPECT_EQ(test.md, digest) << bytes_to_hex(test.md) << endl << bytes_to_hex(digest) << endl; @@ -198,15 +198,15 @@ TEST_P(EverCryptSuiteTestCase, HashTest) bytes got_digest( Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_SHA1)); - EverCrypt_Hash_Incremental_hash_state* state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA1); - EverCrypt_Hash_Incremental_init(state); + EverCrypt_Hash_Incremental_state_t* state = + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA1); + EverCrypt_Hash_Incremental_reset(state); for (auto chunk : split_by_index_list(test.msg, lengths)) { EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size()); } - EverCrypt_Hash_Incremental_finish(state, got_digest.data()); + EverCrypt_Hash_Incremental_digest(state, got_digest.data()); EverCrypt_Hash_Incremental_free(state); ASSERT_EQ(test.md, got_digest); diff --git a/tests/sha2.cc b/tests/sha2.cc index 12cdbd21..9ccce2e6 100644 --- a/tests/sha2.cc +++ b/tests/sha2.cc @@ -80,7 +80,7 @@ TEST(ApiSuite, ApiTest) uint8_t digest[HACL_HASH_SHA2_256_DIGEST_LENGTH]; - Hacl_Streaming_SHA2_hash_256((uint8_t*)message, message_size, digest); + Hacl_Hash_SHA2_hash_256(digest, (uint8_t*)message, message_size); // END OneShot bytes expected_digest = from_hex( @@ -98,7 +98,7 @@ TEST(ApiSuite, ApiTest) // ANCHOR(example streaming) // This example shows how to hash the byte sequence "Hello, World!" in two // chunks. As a bonus, it also shows how to obtain intermediate results by - // calling `finish` more than once. + // calling `digest` more than once. const char* chunk_1 = "Hello, "; const char* chunk_2 = "World!"; @@ -109,23 +109,22 @@ TEST(ApiSuite, ApiTest) uint8_t digest_2[HACL_HASH_SHA2_256_DIGEST_LENGTH]; // Init - Hacl_Streaming_SHA2_state_sha2_256* state = - Hacl_Streaming_SHA2_create_in_256(); - Hacl_Streaming_SHA2_init_256(state); + Hacl_Hash_SHA2_state_t_256* state = + Hacl_Hash_SHA2_malloc_256(); // 1/2 Include `Hello, ` into the hash calculation and // obtain the intermediate hash of "Hello, ". - Hacl_Streaming_SHA2_update_256(state, (uint8_t*)chunk_1, chunk_1_size); + Hacl_Hash_SHA2_update_256(state, (uint8_t*)chunk_1, chunk_1_size); // This is optional when no intermediate results are required. - Hacl_Streaming_SHA2_finish_256(state, digest_1); + Hacl_Hash_SHA2_digest_256(state, digest_1); // 2/2 Include `World!` into the hash calculation and // obtain the final hash of "Hello, World!". - Hacl_Streaming_SHA2_update_256(state, (uint8_t*)chunk_2, chunk_2_size); - Hacl_Streaming_SHA2_finish_256(state, digest_2); + Hacl_Hash_SHA2_update_256(state, (uint8_t*)chunk_2, chunk_2_size); + Hacl_Hash_SHA2_digest_256(state, digest_2); // Cleanup - Hacl_Streaming_SHA2_free_256(state); + Hacl_Hash_SHA2_free_256(state); print_hex_ln(HACL_HASH_SHA2_256_DIGEST_LENGTH, digest_1); print_hex_ln(HACL_HASH_SHA2_256_DIGEST_LENGTH, digest_2); @@ -158,13 +157,13 @@ TEST_P(Sha2KAT, TryKAT) bytes digest(test.md.size(), 0); if (test.md.size() == 224 / 8) { - Hacl_Streaming_SHA2_hash_224(test.msg.data(), test.msg.size(), digest.data()); + Hacl_Hash_SHA2_hash_224(digest.data(), test.msg.data(), test.msg.size()); } else if (test.md.size() == 256 / 8) { - Hacl_Streaming_SHA2_hash_256(test.msg.data(), test.msg.size(), digest.data()); + Hacl_Hash_SHA2_hash_256(digest.data(), test.msg.data(), test.msg.size()); } else if (test.md.size() == 384 / 8) { - Hacl_Streaming_SHA2_hash_384(test.msg.data(), test.msg.size(), digest.data()); + Hacl_Hash_SHA2_hash_384(digest.data(), test.msg.data(), test.msg.size()); } else if (test.md.size() == 512 / 8) { - Hacl_Streaming_SHA2_hash_512(test.msg.data(), test.msg.size(), digest.data()); + Hacl_Hash_SHA2_hash_512(digest.data(), test.msg.data(), test.msg.size()); } EXPECT_EQ(test.md, digest) << bytes_to_hex(test.md) << endl @@ -176,60 +175,60 @@ TEST_P(Sha2KAT, TryKAT) if (test.md.size() == 224 / 8) { // Init - Hacl_Streaming_SHA2_state_sha2_224* state = - Hacl_Streaming_SHA2_create_in_224(); - Hacl_Streaming_SHA2_init_224(state); + Hacl_Hash_SHA2_state_t_224* state = + Hacl_Hash_SHA2_malloc_224(); + Hacl_Hash_SHA2_reset_224(state); // Update for (auto chunk : split_by_index_list(test.msg, lengths)) { - Hacl_Streaming_SHA2_update_224(state, chunk.data(), chunk.size()); + Hacl_Hash_SHA2_update_224(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_SHA2_finish_224(state, digest.data()); - Hacl_Streaming_SHA2_free_224(state); + Hacl_Hash_SHA2_digest_224(state, digest.data()); + Hacl_Hash_SHA2_free_224(state); } else if (test.md.size() == 256 / 8) { // Init - Hacl_Streaming_SHA2_state_sha2_224* state = - Hacl_Streaming_SHA2_create_in_256(); - Hacl_Streaming_SHA2_init_256(state); + Hacl_Hash_SHA2_state_t_224* state = + Hacl_Hash_SHA2_malloc_256(); + Hacl_Hash_SHA2_reset_256(state); // Update for (auto chunk : split_by_index_list(test.msg, lengths)) { - Hacl_Streaming_SHA2_update_256(state, chunk.data(), chunk.size()); + Hacl_Hash_SHA2_update_256(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_SHA2_finish_256(state, digest.data()); - Hacl_Streaming_SHA2_free_256(state); + Hacl_Hash_SHA2_digest_256(state, digest.data()); + Hacl_Hash_SHA2_free_256(state); } else if (test.md.size() == 384 / 8) { // Init - Hacl_Streaming_SHA2_state_sha2_384* state = - Hacl_Streaming_SHA2_create_in_384(); - Hacl_Streaming_SHA2_init_384(state); + Hacl_Hash_SHA2_state_t_384* state = + Hacl_Hash_SHA2_malloc_384(); + Hacl_Hash_SHA2_reset_384(state); // Update for (auto chunk : split_by_index_list(test.msg, lengths)) { - Hacl_Streaming_SHA2_update_384(state, chunk.data(), chunk.size()); + Hacl_Hash_SHA2_update_384(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_SHA2_finish_384(state, digest.data()); - Hacl_Streaming_SHA2_free_384(state); + Hacl_Hash_SHA2_digest_384(state, digest.data()); + Hacl_Hash_SHA2_free_384(state); } else if (test.md.size() == 512 / 8) { // Init - Hacl_Streaming_SHA2_state_sha2_512* state = - Hacl_Streaming_SHA2_create_in_512(); - Hacl_Streaming_SHA2_init_512(state); + Hacl_Hash_SHA2_state_t_512* state = + Hacl_Hash_SHA2_malloc_512(); + Hacl_Hash_SHA2_reset_512(state); // Update for (auto chunk : split_by_index_list(test.msg, lengths)) { - Hacl_Streaming_SHA2_update_512(state, chunk.data(), chunk.size()); + Hacl_Hash_SHA2_update_512(state, chunk.data(), chunk.size()); } // Finish - Hacl_Streaming_SHA2_finish_512(state, digest.data()); - Hacl_Streaming_SHA2_free_512(state); + Hacl_Hash_SHA2_digest_512(state, digest.data()); + Hacl_Hash_SHA2_free_512(state); } EXPECT_EQ(test.md, digest) << bytes_to_hex(test.md) << endl @@ -284,30 +283,30 @@ TEST_P(EverCryptSuiteTestCase, HashTest) { bytes got_digest(test.md.size(), 0); - EverCrypt_Hash_Incremental_hash_state* state; + EverCrypt_Hash_Incremental_state_t* state; if (test.md.size() == 224 / 8) { state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_224); + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_224); } else if (test.md.size() == 256 / 8) { state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_256); + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_256); } else if (test.md.size() == 384 / 8) { state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_384); + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_384); } else if (test.md.size() == 512 / 8) { state = - EverCrypt_Hash_Incremental_create_in(Spec_Hash_Definitions_SHA2_512); + EverCrypt_Hash_Incremental_malloc(Spec_Hash_Definitions_SHA2_512); } else { FAIL(); } - EverCrypt_Hash_Incremental_init(state); + EverCrypt_Hash_Incremental_reset(state); for (auto chunk : split_by_index_list(test.msg, lengths)) { EverCrypt_Hash_Incremental_update(state, chunk.data(), chunk.size()); } - EverCrypt_Hash_Incremental_finish(state, got_digest.data()); + EverCrypt_Hash_Incremental_digest(state, got_digest.data()); EverCrypt_Hash_Incremental_free(state); EXPECT_EQ(test.md, got_digest); diff --git a/tests/sha3.cc b/tests/sha3.cc index cc481970..7f9aeabe 100644 --- a/tests/sha3.cc +++ b/tests/sha3.cc @@ -65,7 +65,7 @@ TEST(ApiSuite, ApiTest) uint8_t digest[HACL_HASH_SHA3_256_DIGEST_LENGTH]; - Hacl_SHA3_sha3_256(message_size, (uint8_t*)message, digest); + Hacl_Hash_SHA3_sha3_256(digest, (uint8_t*)message, message_size); // END OneShot bytes expected_digest = from_hex( @@ -83,7 +83,7 @@ TEST(ApiSuite, ApiTest) // ANCHOR(streaming) // This example shows how to hash the byte sequence "Hello, World!" in two // chunks. As a bonus, it also shows how to obtain intermediate results by - // calling `finish` more than once. + // calling `digest` more than once. const char* chunk_1 = "Hello, "; const char* chunk_2 = "World!"; @@ -94,29 +94,28 @@ TEST(ApiSuite, ApiTest) uint8_t digest_2[HACL_HASH_SHA3_256_DIGEST_LENGTH]; // Init - Hacl_Streaming_Keccak_state* state = - Hacl_Streaming_Keccak_malloc(Spec_Hash_Definitions_SHA3_256); - Hacl_Streaming_Keccak_reset(state); + Hacl_Hash_SHA3_state_t* state = + Hacl_Hash_SHA3_malloc(Spec_Hash_Definitions_SHA3_256); // 1/2 Include `Hello, ` into the hash calculation and // obtain the intermediate hash of "Hello, ". uint32_t update_res = - Hacl_Streaming_Keccak_update(state, (uint8_t*)chunk_1, chunk_1_size); + Hacl_Hash_SHA3_update(state, (uint8_t*)chunk_1, chunk_1_size); ASSERT_EQ(0, update_res); // This is optional when no intermediate results are required. - auto finish_res = Hacl_Streaming_Keccak_finish(state, digest_1); + auto finish_res = Hacl_Hash_SHA3_digest(state, digest_1); ASSERT_EQ(Hacl_Streaming_Types_Success, finish_res); // 2/2 Include `World!` into the hash calculation and // obtain the final hash of "Hello, World!". uint32_t update_res_2 = - Hacl_Streaming_Keccak_update(state, (uint8_t*)chunk_2, chunk_2_size); + Hacl_Hash_SHA3_update(state, (uint8_t*)chunk_2, chunk_2_size); ASSERT_EQ(0, update_res_2); - auto finish_res_2 = Hacl_Streaming_Keccak_finish(state, digest_2); + auto finish_res_2 = Hacl_Hash_SHA3_digest(state, digest_2); ASSERT_EQ(Hacl_Streaming_Types_Success, finish_res_2); // Cleanup - Hacl_Streaming_Keccak_free(state); + Hacl_Hash_SHA3_free(state); print_hex_ln(HACL_HASH_SHA3_256_DIGEST_LENGTH, digest_1); print_hex_ln(HACL_HASH_SHA3_256_DIGEST_LENGTH, digest_2); @@ -150,7 +149,7 @@ TEST(ApiSuite, ApiTest) uint32_t digest_size = 42; uint8_t digest[42]; - Hacl_SHA3_shake128_hacl( + Hacl_Hash_SHA3_shake128_hacl( message_size, (uint8_t*)message, digest_size, digest); // ANCHOR_END(example shake128) @@ -173,17 +172,17 @@ TEST_P(Sha3KAT, TryKAT) { bytes digest(test_case.md.size(), 0); if (test_case.md.size() == 224 / 8) { - Hacl_SHA3_sha3_224( - test_case.msg.size(), test_case.msg.data(), digest.data()); + Hacl_Hash_SHA3_sha3_224( + digest.data(), test_case.msg.data(), test_case.msg.size()); } else if (test_case.md.size() == 256 / 8) { - Hacl_SHA3_sha3_256( - test_case.msg.size(), test_case.msg.data(), digest.data()); + Hacl_Hash_SHA3_sha3_256( + digest.data(), test_case.msg.data(), test_case.msg.size()); } else if (test_case.md.size() == 384 / 8) { - Hacl_SHA3_sha3_384( - test_case.msg.size(), test_case.msg.data(), digest.data()); + Hacl_Hash_SHA3_sha3_384( + digest.data(), test_case.msg.data(), test_case.msg.size()); } else if (test_case.md.size() == 512 / 8) { - Hacl_SHA3_sha3_512( - test_case.msg.size(), test_case.msg.data(), digest.data()); + Hacl_Hash_SHA3_sha3_512( + digest.data(), test_case.msg.data(), test_case.msg.size()); } EXPECT_EQ(test_case.md, digest) << bytes_to_hex(test_case.md) << std::endl @@ -202,20 +201,16 @@ TEST_P(ShakeKAT, TryKAT) if (test_case.md.size() == 128 / 8) { bytes digest(test_case.md.size(), 128 / 8); - Hacl_SHA3_shake128_hacl(test_case.msg.size(), - test_case.msg.data(), - digest.size(), - digest.data()); + Hacl_Hash_SHA3_shake128_hacl( + test_case.msg.size(), test_case.msg.data(), digest.size(), digest.data()); EXPECT_EQ(test_case.md, digest) << bytes_to_hex(test_case.md) << std::endl << bytes_to_hex(digest) << std::endl; } else if (test_case.md.size() == 256 / 8) { bytes digest(test_case.md.size(), 256 / 8); - Hacl_SHA3_shake256_hacl(test_case.msg.size(), - test_case.msg.data(), - digest.size(), - digest.data()); + Hacl_Hash_SHA3_shake256_hacl( + test_case.msg.size(), test_case.msg.data(), digest.size(), digest.data()); EXPECT_EQ(test_case.md, digest) << bytes_to_hex(test_case.md) << std::endl << bytes_to_hex(digest) << std::endl; diff --git a/tools/configure.py b/tools/configure.py index 9d5e06d1..1edd68e0 100644 --- a/tools/configure.py +++ b/tools/configure.py @@ -72,7 +72,8 @@ def dependencies(self, source_dir, algorithm, source_file): files = [] for line in stdout.splitlines(): # Remove object file and the c file itself - first_line_search = "(\w*).o: " + re.escape(join(source_dir, "(\w*).c")) + first_line_search = "(\w*).o: " + \ + re.escape(join(source_dir, "(\w*).c")) line = re.sub(first_line_search, "", line) line = line.strip() line = line.split(" ") @@ -86,7 +87,8 @@ def dependencies(self, source_dir, algorithm, source_file): # Get all source files in source_dir source_files = glob(join(source_dir, "*.c")) # remove source_dir and .c - source_files = list(map(lambda s: s[len(source_dir) + 1 : -2], source_files)) + source_files = list( + map(lambda s: s[len(source_dir) + 1: -2], source_files)) # Now let's collect the c files from the included headers # This adds all files without looking at the feature requirements into deps. @@ -96,8 +98,9 @@ def dependencies(self, source_dir, algorithm, source_file): # Get the file name from the path file_name = os.path.splitext(os.path.basename(include))[0] # Only add the dependency if there's a corresponding source file. - if file_name in source_files: - deps.append(join(source_dir, file_name + ".c")) + for s in source_files: + if s.lower() == file_name.lower(): + deps.append(join(source_dir, s + ".c")) # We take all includes though if include.endswith(".h"): includes.append(include) @@ -174,7 +177,8 @@ def __init__( self.hacl_includes = [] for a in self.hacl_files: for source_file in self.hacl_files[a]: - files, includes = self.dependencies(source_dir, a, source_file["file"]) + files, includes = self.dependencies( + source_dir, a, source_file["file"]) self.hacl_includes.extend( includes if type(includes) == list else [includes] ) @@ -236,7 +240,8 @@ def __init__( self.hacl_compile_feature[k] = list( dict.fromkeys(self.hacl_compile_feature[k]) ) - self.evercrypt_compile_files = list(dict.fromkeys(self.evercrypt_compile_files)) + self.evercrypt_compile_files = list( + dict.fromkeys(self.evercrypt_compile_files)) self.hacl_includes = list(dict.fromkeys(self.hacl_includes)) # Drop Hacl_ files from evercrypt self.evercrypt_compile_files = [