/*  $OpenBSD: libcrux_mlkem768_sha3.h,v 1.2 2024/10/27 02:06:01 djm Exp $ */

/* Extracted from libcrux revision 84c5d87b3092c59294345aa269ceefe0eb97cc35 */

/*

 * MIT License

 *

 * Copyright (c) 2024 Cryspen

 *

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in all

 * copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

 * SOFTWARE.

 */

#if !defined(__GNUC__) || (__GNUC__ < 2)

# define __attribute__(x)

#endif

#define KRML_MUSTINLINE inline

#define KRML_NOINLINE __attribute__((noinline, unused))

#define KRML_HOST_EPRINTF(...)

#define KRML_HOST_EXIT(x) fatal_f("internal error")

/* from libcrux/libcrux-ml-kem/cg/eurydice_glue.h */

/*

 * SPDX-FileCopyrightText: 2024 Eurydice Contributors

 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>

 *

 * SPDX-License-Identifier: MIT or Apache-2.0

 */

#pragma once

#if defined(__cplusplus)

extern "C" {

#endif

// SLICES, ARRAYS, ETC.

// The MSVC C++ compiler does not support compound literals.

// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++

// compiler.

#if defined(__cplusplus)

#define CLITERAL(type) type

#else

#define CLITERAL(type) (type)

#endif

// We represent a slice as a pair of an (untyped) pointer, along with the length

// of the slice, i.e. the number of elements in the slice (this is NOT the

// number of bytes). This design choice has two important consequences.

// - if you need to use `ptr`, you MUST cast it to a proper type *before*

// performing pointer

//   arithmetic on it (remember that C desugars pointer arithmetic based on the

//   type of the address)

// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you

// need to multiply it

//   by sizeof t, where t is the type of the elements.

//

// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that

// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL +

// start`).

typedef struct {

  void *ptr;

  size_t len;

} Eurydice_slice;

// Helper macro to create a slice out of a pointer x, a start index in x

// (included), and an end index in x (excluded). The argument x must be suitably

// cast to something that can decay (see remark above about how pointer

// arithmetic works in C), meaning either pointer or array type.

#define EURYDICE_SLICE(x, start, end) \

  (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})

#define EURYDICE_SLICE_LEN(s, _) s.len

// This macro is a pain because in case the dereferenced element type is an

// array, you cannot simply write `t x` as it would yield `int[4] x` instead,

// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that

// adds an extra argument to this macro at the last minute so that we have the

// correct type of *pointers* to elements.

#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])

#define Eurydice_slice_subslice(s, r, t, _) \

  EURYDICE_SLICE((t *)s.ptr, r.start, r.end)

// Variant for when the start and end indices are statically known (i.e., the

// range argument `r` is a literal).

#define Eurydice_slice_subslice2(s, start, end, t) \

  EURYDICE_SLICE((t *)s.ptr, start, end)

#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \

  EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)

#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \

  EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)

#define Eurydice_array_to_slice(end, x, t) \

  EURYDICE_SLICE(x, 0,                     \

                 end) /* x is already at an array type, no need for cast */

#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \

  EURYDICE_SLICE((t *)x, r.start, r.end)

// Same as above, variant for when start and end are statically known

#define Eurydice_array_to_subslice2(x, start, end, t) \

  EURYDICE_SLICE((t *)x, start, end)

#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \

  EURYDICE_SLICE((t *)x, 0, r)

#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \

  EURYDICE_SLICE((t *)x, r, size)

#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)

#define Eurydice_slice_copy(dst, src, t) \

  memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))

#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \

  ((Eurydice_slice){.ptr = ptr_, .len = len_})

#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \

    len, src, dst, elem_type, _ret_t)                                \

  (memcpy(dst, src, len * sizeof(elem_type)))

#define TryFromSliceError uint8_t

#define Eurydice_array_eq(sz, a1, a2, t, _) \

  (memcmp(a1, a2, sz * sizeof(t)) == 0)

#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \

    sz, a1, a2, t, _, _ret_t)                                                           \

  Eurydice_array_eq(sz, a1, a2, t, _)

#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \

    sz, a1, a2, t, _, _ret_t)                                                               \

  Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)

#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \

  (CLITERAL(ret_t){                                              \

      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),  \

      .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})

#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \

  (CLITERAL(ret_t){                                                  \

      .fst = {.ptr = slice.ptr, .len = mid},                         \

      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \

              .len = slice.len - mid}})

// Conversion of slice to an array, rewritten (by Eurydice) to name the

// destination array, since arrays are not values in C.

// N.B.: see note in karamel/lib/Inlining.ml if you change this.

#define Eurydice_slice_to_array2(dst, src, _, t_arr)                      \

  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \

                           sizeof(t_arr))

static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,

                                            Eurydice_slice src, size_t sz) {

  *dst_tag = 0;

  memcpy(dst_ok, src.ptr, sz);

}

// CORE STUFF (conversions, endianness, ...)

static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {

  v = htole64(v);

  memcpy(buf, &v, sizeof(v));

}

static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {

  uint64_t v;

  memcpy(&v, buf, sizeof(v));

  return le64toh(v);

}

static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {

  uint32_t v;

  memcpy(&v, buf, sizeof(v));

  return le32toh(v);

}

static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {

#if defined(_MSC_VER)

  return __popcnt(x0);

#elif !defined(MISSING_BUILTIN_POPCOUNT)

  return __builtin_popcount(x0);

#else

  const uint8_t v[16] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 };

  return v[x0 & 0xf] + v[(x0 >> 4) & 0xf];

#endif

}

// unsigned overflow wraparound semantics in C

static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) {

  return x + y;

}

static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {

  return x - y;

}

// ITERATORS

#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \

  (((iter_ptr)->start == (iter_ptr)->end)            \

       ? (CLITERAL(ret_t){.tag = None})              \

       : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))

#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \

  Eurydice_range_iter_next

// See note in karamel/lib/Inlining.ml if you change this

#define Eurydice_into_iter(x, t, _ret_t) (x)

#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \

  Eurydice_into_iter

#if defined(__cplusplus)

}

#endif

/* from libcrux/libcrux-ml-kem/cg/libcrux_core.h */

/*

 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>

 *

 * SPDX-License-Identifier: MIT or Apache-2.0

 *

 * This code was generated with the following revisions:

 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4

 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb

 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908

 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty

 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee

 */

#ifndef __libcrux_core_H

#define __libcrux_core_H

#if defined(__cplusplus)

extern "C" {

#endif

/**

A monomorphic instance of core.ops.range.Range

with types size_t

*/

typedef struct core_ops_range_Range_b3_s {

  size_t start;

  size_t end;

} core_ops_range_Range_b3;

#define Ok 0

#define Err 1

typedef uint8_t Result_86_tags;

#define None 0

#define Some 1

typedef uint8_t Option_ef_tags;

/**

A monomorphic instance of core.option.Option

with types size_t

*/

typedef struct Option_b3_s {

  Option_ef_tags tag;

  size_t f0;

} Option_b3;

static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1);

#define CORE_NUM__U32_8__BITS (32U)

static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);

static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]);

static inline uint32_t core_num__u8_6__count_ones(uint8_t x0);

static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1);

#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U)

#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U)

#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U)

#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \

  (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U)

#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \

  (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)

#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U)

#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U)

typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s {

  uint8_t fst[1152U];

  uint8_t snd[1184U];

} libcrux_ml_kem_utils_extraction_helper_Keypair768;

/**

A monomorphic instance of core.result.Result

with types uint8_t[24size_t], core_array_TryFromSliceError

*/

typedef struct Result_6f_s {

  Result_86_tags tag;

  union {

    uint8_t case_Ok[24U];

    TryFromSliceError case_Err;

  } val;

} Result_6f;

/**

This function found in impl {core::result::Result<T, E>}

*/

/**

A monomorphic instance of core.result.unwrap_41

with types uint8_t[24size_t], core_array_TryFromSliceError

*/

static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) {

  if (self.tag == Ok) {

    uint8_t f0[24U];

    memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t));

    memcpy(ret, f0, (size_t)24U * sizeof(uint8_t));

  } else {

    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,

                      "unwrap not Ok");

    KRML_HOST_EXIT(255U);

  }

}

/**

A monomorphic instance of core.result.Result

with types uint8_t[20size_t], core_array_TryFromSliceError

*/

typedef struct Result_7a_s {

  Result_86_tags tag;

  union {

    uint8_t case_Ok[20U];

    TryFromSliceError case_Err;

  } val;

} Result_7a;

/**

This function found in impl {core::result::Result<T, E>}

*/

/**

A monomorphic instance of core.result.unwrap_41

with types uint8_t[20size_t], core_array_TryFromSliceError

*/

static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) {

  if (self.tag == Ok) {

    uint8_t f0[20U];

    memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t));

    memcpy(ret, f0, (size_t)20U * sizeof(uint8_t));

  } else {

    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,

                      "unwrap not Ok");

    KRML_HOST_EXIT(255U);

  }

}

/**

A monomorphic instance of core.result.Result

with types uint8_t[10size_t], core_array_TryFromSliceError

*/

typedef struct Result_cd_s {

  Result_86_tags tag;

  union {

    uint8_t case_Ok[10U];

    TryFromSliceError case_Err;

  } val;

} Result_cd;

/**

This function found in impl {core::result::Result<T, E>}

*/

/**

A monomorphic instance of core.result.unwrap_41

with types uint8_t[10size_t], core_array_TryFromSliceError

*/

static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) {

  if (self.tag == Ok) {

    uint8_t f0[10U];

    memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t));

    memcpy(ret, f0, (size_t)10U * sizeof(uint8_t));

  } else {

    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,

                      "unwrap not Ok");

    KRML_HOST_EXIT(255U);

  }

}

typedef struct Eurydice_slice_uint8_t_4size_t__x2_s {

  Eurydice_slice fst[4U];

  Eurydice_slice snd[4U];

} Eurydice_slice_uint8_t_4size_t__x2;

typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {

  uint8_t value[1088U];

} libcrux_ml_kem_mlkem768_MlKem768Ciphertext;

/**

 A reference to the raw byte slice.

*/

/**

This function found in impl {libcrux_ml_kem::types::MlKemCiphertext<SIZE>#6}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.as_slice_d4

with const generics

- SIZE= 1088

*/

static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d(

    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {

  return self->value;

}

/**

A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey

with const generics

- $1184size_t

*/

typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s {

  uint8_t value[1184U];

} libcrux_ml_kem_types_MlKemPublicKey_15;

/**

This function found in impl {(core::convert::From<@Array<u8, SIZE>> for

libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#14}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.from_b6

with const generics

- SIZE= 1184

*/

static inline libcrux_ml_kem_types_MlKemPublicKey_15

libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U]) {

  /* Passing arrays by value in Rust generates a copy in C */

  uint8_t copy_of_value[1184U];

  memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));

  libcrux_ml_kem_types_MlKemPublicKey_15 lit;

  memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));

  return lit;

}

/**

A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey

with const generics

- $2400size_t

*/

typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s {

  uint8_t value[2400U];

} libcrux_ml_kem_types_MlKemPrivateKey_55;

typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {

  libcrux_ml_kem_types_MlKemPrivateKey_55 sk;

  libcrux_ml_kem_types_MlKemPublicKey_15 pk;

} libcrux_ml_kem_mlkem768_MlKem768KeyPair;

/**

 Create a new [`MlKemKeyPair`] from the secret and public key.

*/

/**

This function found in impl

{libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.from_17

with const generics

- PRIVATE_KEY_SIZE= 2400

- PUBLIC_KEY_SIZE= 1184

*/

static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair

libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,

                                libcrux_ml_kem_types_MlKemPublicKey_15 pk) {

  return (

      CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});

}

/**

This function found in impl {(core::convert::From<@Array<u8, SIZE>> for

libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#8}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.from_05

with const generics

- SIZE= 2400

*/

static inline libcrux_ml_kem_types_MlKemPrivateKey_55

libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U]) {

  /* Passing arrays by value in Rust generates a copy in C */

  uint8_t copy_of_value[2400U];

  memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));

  libcrux_ml_kem_types_MlKemPrivateKey_55 lit;

  memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t));

  return lit;

}

/**

A monomorphic instance of core.result.Result

with types uint8_t[32size_t], core_array_TryFromSliceError

*/

typedef struct Result_00_s {

  Result_86_tags tag;

  union {

    uint8_t case_Ok[32U];

    TryFromSliceError case_Err;

  } val;

} Result_00;

/**

This function found in impl {core::result::Result<T, E>}

*/

/**

A monomorphic instance of core.result.unwrap_41

with types uint8_t[32size_t], core_array_TryFromSliceError

*/

static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) {

  if (self.tag == Ok) {

    uint8_t f0[32U];

    memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));

    memcpy(ret, f0, (size_t)32U * sizeof(uint8_t));

  } else {

    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,

                      "unwrap not Ok");

    KRML_HOST_EXIT(255U);

  }

}

/**

A monomorphic instance of K.

with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]],

uint8_t[32size_t]

*/

typedef struct tuple_3c_s {

  libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst;

  uint8_t snd[32U];

} tuple_3c;

/**

This function found in impl {(core::convert::From<@Array<u8, SIZE>> for

libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.from_01

with const generics

- SIZE= 1088

*/

static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext

libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) {

  /* Passing arrays by value in Rust generates a copy in C */

  uint8_t copy_of_value[1088U];

  memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));

  libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit;

  memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t));

  return lit;

}

/**

 A reference to the raw byte slice.

*/

/**

This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>#18}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.as_slice_cb

with const generics

- SIZE= 1184

*/

static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50(

    libcrux_ml_kem_types_MlKemPublicKey_15 *self) {

  return self->value;

}

/**

 Pad the `slice` with `0`s at the end.

*/

/**

A monomorphic instance of libcrux_ml_kem.utils.into_padded_array

with const generics

- LEN= 33

*/

static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2(

    Eurydice_slice slice, uint8_t ret[33U]) {

  uint8_t out[33U] = {0U};

  uint8_t *uu____0 = out;

  Eurydice_slice_copy(

      Eurydice_array_to_subslice2(uu____0, (size_t)0U,

                                  Eurydice_slice_len(slice, uint8_t), uint8_t),

      slice, uint8_t);

  memcpy(ret, out, (size_t)33U * sizeof(uint8_t));

}

/**

 Pad the `slice` with `0`s at the end.

*/

/**

A monomorphic instance of libcrux_ml_kem.utils.into_padded_array

with const generics

- LEN= 34

*/

static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1(

    Eurydice_slice slice, uint8_t ret[34U]) {

  uint8_t out[34U] = {0U};

  uint8_t *uu____0 = out;

  Eurydice_slice_copy(

      Eurydice_array_to_subslice2(uu____0, (size_t)0U,

                                  Eurydice_slice_len(slice, uint8_t), uint8_t),

      slice, uint8_t);

  memcpy(ret, out, (size_t)34U * sizeof(uint8_t));

}

/**

This function found in impl {(core::convert::AsRef<@Slice<u8>> for

libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}

*/

/**

A monomorphic instance of libcrux_ml_kem.types.as_ref_00

with const generics

- SIZE= 1088

*/

static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24(

    libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {

  return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);

}

/**

 Pad the `slice` with `0`s at the end.

*/

/**

A monomorphic instance of libcrux_ml_kem.utils.into_padded_array

with const generics

- LEN= 1120

*/

static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0(

    Eurydice_slice slice, uint8_t ret[1120U]) {

  uint8_t out[1120U] = {0U};

  uint8_t *uu____0 = out;

  Eurydice_slice_copy(

      Eurydice_array_to_subslice2(uu____0, (size_t)0U,

                                  Eurydice_slice_len(slice, uint8_t), uint8_t),

      slice, uint8_t);

  memcpy(ret, out, (size_t)1120U * sizeof(uint8_t));

}

/**

 Pad the `slice` with `0`s at the end.

*/

/**

A monomorphic instance of libcrux_ml_kem.utils.into_padded_array

with const generics

- LEN= 64

*/

static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea(

    Eurydice_slice slice, uint8_t ret[64U]) {

  uint8_t out[64U] = {0U};

  uint8_t *uu____0 = out;

  Eurydice_slice_copy(

      Eurydice_array_to_subslice2(uu____0, (size_t)0U,

                                  Eurydice_slice_len(slice, uint8_t), uint8_t),

      slice, uint8_t);

  memcpy(ret, out, (size_t)64U * sizeof(uint8_t));

}

/**

A monomorphic instance of core.result.Result

with types int16_t[16size_t], core_array_TryFromSliceError

*/

typedef struct Result_c0_s {

  Result_86_tags tag;

  union {

    int16_t case_Ok[16U];

    TryFromSliceError case_Err;

  } val;

} Result_c0;

/**

This function found in impl {core::result::Result<T, E>}

*/

/**

A monomorphic instance of core.result.unwrap_41

with types int16_t[16size_t], core_array_TryFromSliceError

*/

static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) {

  if (self.tag == Ok) {

    int16_t f0[16U];

    memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t));

    memcpy(ret, f0, (size_t)16U * sizeof(int16_t));

  } else {

    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,

                      "unwrap not Ok");

    KRML_HOST_EXIT(255U);

  }

}

/**

A monomorphic instance of core.result.Result

with types uint8_t[8size_t], core_array_TryFromSliceError

*/

typedef struct Result_56_s {

  Result_86_tags tag;

  union {

    uint8_t case_Ok[8U];

    TryFromSliceError case_Err;

  } val;

} Result_56;

/**

This function found in impl {core::result::Result<T, E>}

*/

/**

A monomorphic instance of core.result.unwrap_41

with types uint8_t[8size_t], core_array_TryFromSliceError

*/

static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) {

  if (self.tag == Ok) {

    uint8_t f0[8U];

    memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));

    memcpy(ret, f0, (size_t)8U * sizeof(uint8_t));

  } else {

    KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,

                      "unwrap not Ok");

    KRML_HOST_EXIT(255U);

  }

}

typedef struct Eurydice_slice_uint8_t_x2_s {

  Eurydice_slice fst;

  Eurydice_slice snd;

} Eurydice_slice_uint8_t_x2;

typedef struct Eurydice_slice_uint8_t_1size_t__x2_s {

  Eurydice_slice fst[1U];

  Eurydice_slice snd[1U];

} Eurydice_slice_uint8_t_1size_t__x2;

#if defined(__cplusplus)

}

#endif

#define __libcrux_core_H_DEFINED

#endif

/* from libcrux/libcrux-ml-kem/cg/libcrux_ct_ops.h */

/*

 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>

 *

 * SPDX-License-Identifier: MIT or Apache-2.0

 *

 * This code was generated with the following revisions:

 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4

 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb

 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908

 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty

 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee

 */

#ifndef __libcrux_ct_ops_H

#define __libcrux_ct_ops_H

#if defined(__cplusplus)

extern "C" {

#endif

/**

 Return 1 if `value` is not zero and 0 otherwise.

*/

static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) {

  uint16_t value0 = (uint16_t)value;

  uint16_t result = (((uint32_t)value0 |

                      (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) &

                     0xFFFFU) >>

                        8U &

                    1U;

  return (uint8_t)result;

}

static KRML_NOINLINE uint8_t

libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) {

  return libcrux_ml_kem_constant_time_ops_inz(value);

}

/**

 Return 1 if the bytes of `lhs` and `rhs` do not exactly

 match and 0 otherwise.

*/

static inline uint8_t libcrux_ml_kem_constant_time_ops_compare(

    Eurydice_slice lhs, Eurydice_slice rhs) {

  uint8_t r = 0U;

  for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) {

    size_t i0 = i;

    r = (uint32_t)r |

        ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^

         (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *));

  }

  return libcrux_ml_kem_constant_time_ops_is_non_zero(r);

}

static KRML_NOINLINE uint8_t

libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(

    Eurydice_slice lhs, Eurydice_slice rhs) {

  return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs);

}

/**

 If `selector` is not zero, return the bytes in `rhs`; return the bytes in

 `lhs` otherwise.

*/

static inline void libcrux_ml_kem_constant_time_ops_select_ct(

    Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,

    uint8_t ret[32U]) {

  uint8_t mask = core_num__u8_6__wrapping_sub(

      libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U);

  uint8_t out[32U] = {0U};

  for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE;

       i++) {

    size_t i0 = i;

    out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) &

               (uint32_t)mask) |

              ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) &

               (uint32_t)~mask);

  }

  memcpy(ret, out, (size_t)32U * sizeof(uint8_t));

}

static KRML_NOINLINE void

libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(

    Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,

    uint8_t ret[32U]) {

  libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret);

}

static inline void

libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(

    Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s,

    Eurydice_slice rhs_s, uint8_t ret[32U]) {

  uint8_t selector =

      libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(

          lhs_c, rhs_c);

  uint8_t ret0[32U];

  libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(

      lhs_s, rhs_s, selector, ret0);

  memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));

}

#if defined(__cplusplus)

}

#endif

#define __libcrux_ct_ops_H_DEFINED

#endif

/* from libcrux/libcrux-ml-kem/cg/libcrux_sha3_portable.h */

/*

 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>

 *

 * SPDX-License-Identifier: MIT or Apache-2.0

 *

 * This code was generated with the following revisions:

 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4

 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb

 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908

 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty

 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee

 */

#ifndef __libcrux_sha3_portable_H

#define __libcrux_sha3_portable_H

#if defined(__cplusplus)

extern "C" {

#endif

static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = {

    1ULL,

    32898ULL,

    9223372036854808714ULL,

    9223372039002292224ULL,

    32907ULL,

    2147483649ULL,

    9223372039002292353ULL,

    9223372036854808585ULL,

    138ULL,

    136ULL,

    2147516425ULL,

    2147483658ULL,

    2147516555ULL,

    9223372036854775947ULL,

    9223372036854808713ULL,

    9223372036854808579ULL,

    9223372036854808578ULL,

    9223372036854775936ULL,

    32778ULL,

    9223372039002259466ULL,

    9223372039002292353ULL,

    9223372036854808704ULL,

    2147483649ULL,

    9223372039002292232ULL};

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_zero_5a(void) {

  return 0ULL;

}

static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__veor5q_u64(

    uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {

  uint64_t ab = a ^ b;

  uint64_t cd = c ^ d;

  uint64_t abcd = ab ^ cd;

  return abcd ^ e;

}

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_xor5_5a(

    uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {

  return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e);

}

/**

A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left

with const generics

- LEFT= 1

- RIGHT= 63

*/

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) {

  return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63;

}

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) {

  uint64_t uu____0 = a;

  return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b);

}

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a, uint64_t b) {

  return libcrux_sha3_portable_keccak__vrax1q_u64(a, b);

}

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) {

  return a ^ (b & ~c);

}

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_and_not_xor_5a(

    uint64_t a, uint64_t b, uint64_t c) {

  return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c);

}

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) {

  return a ^ c;

}

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a, uint64_t c) {

  return libcrux_sha3_portable_keccak__veorq_n_u64(a, c);

}

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE uint64_t

libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) {

  return a ^ b;

}

static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1(

    Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {

  ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t);

}

/**

This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:

usize> for u64)}

*/

static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a(

    Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {

  /* Passing arrays by value in Rust generates a copy in C */

  Eurydice_slice copy_of_a[1U];

  memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice));

  Eurydice_slice ret0[1U];

  libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0);

  memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice));

}

static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2

libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U],

                                            size_t mid) {

  Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut(

      out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2);

  Eurydice_slice out00 = uu____0.fst;

  Eurydice_slice out01 = uu____0.snd;

  Eurydice_slice_uint8_t_1size_t__x2 lit;

  lit.fst[0U] = out00;

  lit.snd[0U] = out01;

  return lit;