Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-31 13:41:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

gh-134069: bump HACL* revision to incoporate memset_s (#134027)

Browse source 
Bumps the HACL* revision to include recent revisions that corrects issues
building with legacy/cross-platform macOS SDKs.

Signed-off-by: aeiouaeiouaeiouaeiouaeiouaeiou <aeioudev@outlook.com>
This commit is contained in:
aeiouaeiouaeiouaeiouaeiouaeiou 2025-05-16 13:23:11 +03:00 committed by GitHub
parent 7a504b3d5d
commit 1566c34dc7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 405 additions and 648 deletions
Download patch file Download diff file Expand all files Collapse all files

52
Misc/sbom.spdx.json generated
View file

@ -314,11 +314,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "4b6e7696e8d84f322fb24b1fbb08ccb9b0e7d51b" "checksumValue": "808af7ff8a2cb2b4ef3a9ce3dbfef58d90828c9f"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "50a65a34a7a7569eedf7fa864a7892eeee5840a7fdf6fa8f1e87d42c65f6c877" "checksumValue": "6a492aa586f2d10b1b300ce8ce4c72c976ff7548fee667aded2253f99969ac87"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_Blake2b.c" "fileName": "Modules/_hacl/Hacl_Hash_Blake2b.c"
@ -342,11 +342,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "0f75e44a42775247a46acc2beaa6bae8f199a3d9" "checksumValue": "1bb072f2be9e5d194274fdcc87825cb094e4b32e"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "03b612c24193464ed6848aeebbf44f9266b78ec6eed2486056211cde8992c49a" "checksumValue": "9eb22953ce60dde9dc970fec9dfce9d94235f4b7ccd8f0151cad4707dc835d1d"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c" "fileName": "Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c"
@ -384,11 +384,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "65bf44140691b046dcfed3ab1576dbf8bbf96dc5" "checksumValue": "cdd6e9ca86dbede92d1a47b9224d2af70c599a71"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "0f98959dafffce039ade9d296f7a05bed151c9c512498f48e4b326a5523a240b" "checksumValue": "f3204f3e60734d811b6630f879b69ce54eaf367f3fca5889c1026e7a1f3ee1e4"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_Blake2s.c" "fileName": "Modules/_hacl/Hacl_Hash_Blake2s.c"
@ -412,11 +412,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "0da9782455923aede8d8dce9dfdc38f4fc1de572" "checksumValue": "4056bb6e3ed184400d1610bdfd4260b3fd05ccbb"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "2d17ae768fd3d7d6decddd8b4aaf23ce02a809ee62bb98da32c8a7f54acf92d0" "checksumValue": "c93746df2f219cbb1634ee6fb0ab1c4cbd381d1f36c637114c68346c9935326d"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c" "fileName": "Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c"
@ -454,11 +454,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "38e8d96ef1879480780494058a93cec181f8d6d7" "checksumValue": "61f678cd9234c6eab5d4409ae66f470b068b959b"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "61e77d2063cf60c96e9ce06af215efe5d42c43026833bffed5732326fe97ed1e" "checksumValue": "5b91ed0339074e2e546119833398e2cdb7190c33a59c405bf43b2417c789547d"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_MD5.c" "fileName": "Modules/_hacl/Hacl_Hash_MD5.c"
@ -482,11 +482,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "986dd5ba0b34d15f3e5e5c656979aea1b502e8aa" "checksumValue": "c7fc5c9721caf37c5a24c9beff27b0ac2ed68cc9"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "38d5f1f2e67a0eb30789f81fc56c07a6e7246e2b1be6c65485bcca1dcd0e0806" "checksumValue": "ce08721d491f3b8a9bd4cde6c27bfcc8fc01471512ccca4bd3c0b764cb551d29"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_SHA1.c" "fileName": "Modules/_hacl/Hacl_Hash_SHA1.c"
@ -510,11 +510,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "f732a6710fe3e13cd28130f0f20504e347d1c412" "checksumValue": "fffe8c4f67669ac8ccd87c2e0f95db2427481df1"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "86cf32e4d1f3ba93a94108271923fdafe2204447792a918acf4a2250f352dbde" "checksumValue": "f8af382de7e29a73c726f9c70770498ddd99e2c4702489ed6e634f0b68597c95"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_SHA2.c" "fileName": "Modules/_hacl/Hacl_Hash_SHA2.c"
@ -538,11 +538,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "50f75337b31f509b5bfcc7ebb3d066b82a0f1b33" "checksumValue": "77d3d879dfa5949030bca0e8ee75d3d369ec54a7"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "c9e1442899e5b902fa39f413f1a3131f7ab5c2283d5100dc8ac675a7d5ebbdf1" "checksumValue": "8744f5b6e054c3e5c44f413a60f9154b76dd7230135dcee26fd063755ec64be1"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Hash_SHA3.c" "fileName": "Modules/_hacl/Hacl_Hash_SHA3.c"
@ -566,11 +566,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "8140310f505bb2619a749777a91487d666237bcf" "checksumValue": "417e68ac8498cb2f93a06a19003ea1cc3f0f6753"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "9d95e6a651c22185d9b7c38f363d30159f810e6fcdc2208f29492837ed891e82" "checksumValue": "843db4bba78a476d4d53dabe4eed5c9235f490ccc9fdaf19e22af488af858920"
} }
], ],
"fileName": "Modules/_hacl/Hacl_Streaming_HMAC.c" "fileName": "Modules/_hacl/Hacl_Streaming_HMAC.c"
@ -608,11 +608,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "c9651ef21479c4d8a3b04c5baa1902866dbb1cdf" "checksumValue": "0a0b7f3714167ad45ddf5a6a48d76f525a119c9c"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "e039c82ba670606ca111573942baad800f75da467abbc74cd7d1fe175ebcdfaf" "checksumValue": "135d4afb4812468885c963c9c87a55ba5fae9181df4431af5fbad08588dda229"
} }
], ],
"fileName": "Modules/_hacl/Lib_Memzero0.c" "fileName": "Modules/_hacl/Lib_Memzero0.c"
@ -622,11 +622,11 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA1", "algorithm": "SHA1",
"checksumValue": "eaa543c778300238dc23034aafeada0951154af1" "checksumValue": "911c97a0f24067635b164fbca49da76055f192cd"
}, },
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "3fd2552d527a23110d61ad2811c774810efb1eaee008f136c2a0d609daa77f5b" "checksumValue": "972b5111ebada8e11dd60df3119da1af505fd3e0b6c782ead6cab7f1daf134f1"
} }
], ],
"fileName": "Modules/_hacl/include/krml/FStar_UInt128_Verified.h" "fileName": "Modules/_hacl/include/krml/FStar_UInt128_Verified.h"
@ -1752,14 +1752,14 @@
"checksums": [ "checksums": [
{ {
"algorithm": "SHA256", "algorithm": "SHA256",
"checksumValue": "02dfcf0c79d488b120d7f2c2a0f9206301c7927ed5106545e0b6f2aef88da76a" "checksumValue": "39f6fd4f2fe98aecc995a2fd980fae0e0835cef6e563ebbf25f69d3d3102bafd"
} }
], ],
"downloadLocation": "https://github.com/hacl-star/hacl-star/archive/7720f6d4fc0468a99d5ea6120976bcc271e42727.zip", "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/4ef25b547b377dcef855db4289c6a00580e7221c.zip",
"externalRefs": [ "externalRefs": [
{ {
"referenceCategory": "SECURITY", "referenceCategory": "SECURITY",
"referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:7720f6d4fc0468a99d5ea6120976bcc271e42727:*:*:*:*:*:*:*", "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:4ef25b547b377dcef855db4289c6a00580e7221c:*:*:*:*:*:*:*",
"referenceType": "cpe23Type" "referenceType": "cpe23Type"
} }
], ],
@ -1767,7 +1767,7 @@
"name": "hacl-star", "name": "hacl-star",
"originator": "Organization: HACL* Developers", "originator": "Organization: HACL* Developers",
"primaryPackagePurpose": "SOURCE", "primaryPackagePurpose": "SOURCE",
"versionInfo": "7720f6d4fc0468a99d5ea6120976bcc271e42727" "versionInfo": "4ef25b547b377dcef855db4289c6a00580e7221c"
}, },
{ {
"SPDXID": "SPDXRef-PACKAGE-macholib", "SPDXID": "SPDXRef-PACKAGE-macholib",

52
Modules/_hacl/Hacl_Hash_Blake2b.c
View file

@ -544,11 +544,9 @@ void Hacl_Hash_Blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn)
uint64_t x = r; uint64_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn1 (uint64_t)nn1 ^
^ ((uint64_t)kk1 << 8U ^
((uint64_t)kk1 ((uint64_t)p.fanout << 16U ^ ((uint64_t)p.depth << 24U ^ (uint64_t)p.leaf_length << 32U)));
<< 8U
^ ((uint64_t)p.fanout << 16U ^ ((uint64_t)p.depth << 24U ^ (uint64_t)p.leaf_length << 32U)));
tmp[1U] = p.node_offset; tmp[1U] = p.node_offset;
tmp[2U] = (uint64_t)p.node_depth ^ (uint64_t)p.inner_length << 8U; tmp[2U] = (uint64_t)p.node_depth ^ (uint64_t)p.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;
@ -860,14 +858,10 @@ static Hacl_Hash_Blake2b_state_t
uint64_t x = r4; uint64_t x = r4;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn1 (uint64_t)nn1 ^
^ ((uint64_t)kk2 << 8U ^
((uint64_t)kk2 ((uint64_t)pv.fanout << 16U ^
<< 8U ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
^
((uint64_t)pv.fanout
<< 16U
^ ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
tmp[1U] = pv.node_offset; tmp[1U] = pv.node_offset;
tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U; tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;
@ -1059,11 +1053,9 @@ static void reset_raw(Hacl_Hash_Blake2b_state_t *state, Hacl_Hash_Blake2b_params
uint64_t x = r; uint64_t x = r;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn1 (uint64_t)nn1 ^
^ ((uint64_t)kk2 << 8U ^
((uint64_t)kk2 ((uint64_t)pv.fanout << 16U ^ ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
<< 8U
^ ((uint64_t)pv.fanout << 16U ^ ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
tmp[1U] = pv.node_offset; tmp[1U] = pv.node_offset;
tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U; tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;
@ -1200,8 +1192,7 @@ Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint3
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Hash_Blake2b_state_t){ (Hacl_Hash_Blake2b_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1265,8 +1256,7 @@ Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint3
nb); nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2b_state_t){ (Hacl_Hash_Blake2b_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1296,8 +1286,7 @@ Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint3
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Hash_Blake2b_state_t){ (Hacl_Hash_Blake2b_state_t){
.block_state = block_state10, .block_state = block_state10,
@ -1359,8 +1348,7 @@ Hacl_Hash_Blake2b_update(Hacl_Hash_Blake2b_state_t *state, uint8_t *chunk, uint3
nb); nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2b_state_t){ (Hacl_Hash_Blake2b_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1690,14 +1678,10 @@ Hacl_Hash_Blake2b_hash_with_key_and_params(
uint64_t x = r; uint64_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn (uint64_t)nn ^
^ ((uint64_t)kk << 8U ^
((uint64_t)kk ((uint64_t)params.fanout << 16U ^
<< 8U ((uint64_t)params.depth << 24U ^ (uint64_t)params.leaf_length << 32U)));
^
((uint64_t)params.fanout
<< 16U
^ ((uint64_t)params.depth << 24U ^ (uint64_t)params.leaf_length << 32U)));
tmp[1U] = params.node_offset; tmp[1U] = params.node_offset;
tmp[2U] = (uint64_t)params.node_depth ^ (uint64_t)params.inner_length << 8U; tmp[2U] = (uint64_t)params.node_depth ^ (uint64_t)params.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;

52
Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c
View file

@ -274,11 +274,9 @@ Hacl_Hash_Blake2b_Simd256_init(Lib_IntVector_Intrinsics_vec256 *hash, uint32_t k
uint64_t x = r; uint64_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn1 (uint64_t)nn1 ^
^ ((uint64_t)kk1 << 8U ^
((uint64_t)kk1 ((uint64_t)p.fanout << 16U ^ ((uint64_t)p.depth << 24U ^ (uint64_t)p.leaf_length << 32U)));
<< 8U
^ ((uint64_t)p.fanout << 16U ^ ((uint64_t)p.depth << 24U ^ (uint64_t)p.leaf_length << 32U)));
tmp[1U] = p.node_offset; tmp[1U] = p.node_offset;
tmp[2U] = (uint64_t)p.node_depth ^ (uint64_t)p.inner_length << 8U; tmp[2U] = (uint64_t)p.node_depth ^ (uint64_t)p.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;
@ -746,14 +744,10 @@ static Hacl_Hash_Blake2b_Simd256_state_t
uint64_t x = r4; uint64_t x = r4;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn1 (uint64_t)nn1 ^
^ ((uint64_t)kk2 << 8U ^
((uint64_t)kk2 ((uint64_t)pv.fanout << 16U ^
<< 8U ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
^
((uint64_t)pv.fanout
<< 16U
^ ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
tmp[1U] = pv.node_offset; tmp[1U] = pv.node_offset;
tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U; tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;
@ -936,11 +930,9 @@ reset_raw(Hacl_Hash_Blake2b_Simd256_state_t *state, Hacl_Hash_Blake2b_params_and
uint64_t x = r; uint64_t x = r;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn1 (uint64_t)nn1 ^
^ ((uint64_t)kk2 << 8U ^
((uint64_t)kk2 ((uint64_t)pv.fanout << 16U ^ ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
<< 8U
^ ((uint64_t)pv.fanout << 16U ^ ((uint64_t)pv.depth << 24U ^ (uint64_t)pv.leaf_length << 32U)));
tmp[1U] = pv.node_offset; tmp[1U] = pv.node_offset;
tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U; tmp[2U] = (uint64_t)pv.node_depth ^ (uint64_t)pv.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;
@ -1075,8 +1067,7 @@ Hacl_Hash_Blake2b_Simd256_update(
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Hash_Blake2b_Simd256_state_t){ (Hacl_Hash_Blake2b_Simd256_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1140,8 +1131,7 @@ Hacl_Hash_Blake2b_Simd256_update(
nb); nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2b_Simd256_state_t){ (Hacl_Hash_Blake2b_Simd256_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1171,8 +1161,7 @@ Hacl_Hash_Blake2b_Simd256_update(
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Hash_Blake2b_Simd256_state_t){ (Hacl_Hash_Blake2b_Simd256_state_t){
.block_state = block_state10, .block_state = block_state10,
@ -1234,8 +1223,7 @@ Hacl_Hash_Blake2b_Simd256_update(
nb); nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2b_Simd256_state_t){ (Hacl_Hash_Blake2b_Simd256_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1578,14 +1566,10 @@ Hacl_Hash_Blake2b_Simd256_hash_with_key_and_params(
uint64_t x = r; uint64_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint64_t)nn (uint64_t)nn ^
^ ((uint64_t)kk << 8U ^
((uint64_t)kk ((uint64_t)params.fanout << 16U ^
<< 8U ((uint64_t)params.depth << 24U ^ (uint64_t)params.leaf_length << 32U)));
^
((uint64_t)params.fanout
<< 16U
^ ((uint64_t)params.depth << 24U ^ (uint64_t)params.leaf_length << 32U)));
tmp[1U] = params.node_offset; tmp[1U] = params.node_offset;
tmp[2U] = (uint64_t)params.node_depth ^ (uint64_t)params.inner_length << 8U; tmp[2U] = (uint64_t)params.node_depth ^ (uint64_t)params.inner_length << 8U;
tmp[3U] = 0ULL; tmp[3U] = 0ULL;

52
Modules/_hacl/Hacl_Hash_Blake2s.c
View file

@ -543,13 +543,13 @@ void Hacl_Hash_Blake2s_init(uint32_t *hash, uint32_t kk, uint32_t nn)
uint32_t x = r; uint32_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)(uint8_t)nn (uint32_t)(uint8_t)nn ^
^ ((uint32_t)(uint8_t)kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U)); ((uint32_t)(uint8_t)kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U));
tmp[1U] = p.leaf_length; tmp[1U] = p.leaf_length;
tmp[2U] = (uint32_t)p.node_offset; tmp[2U] = (uint32_t)p.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(p.node_offset >> 32U) (uint32_t)(p.node_offset >> 32U) ^
^ ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U); ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];
@ -846,16 +846,14 @@ static Hacl_Hash_Blake2s_state_t
uint32_t x = r4; uint32_t x = r4;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)pv.digest_length (uint32_t)pv.digest_length ^
^ ((uint32_t)pv.key_length << 8U ^
((uint32_t)pv.key_length ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U));
<< 8U
^ ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U));
tmp[1U] = pv.leaf_length; tmp[1U] = pv.leaf_length;
tmp[2U] = (uint32_t)pv.node_offset; tmp[2U] = (uint32_t)pv.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(pv.node_offset >> 32U) (uint32_t)(pv.node_offset >> 32U) ^
^ ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U); ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];
@ -1042,13 +1040,13 @@ static void reset_raw(Hacl_Hash_Blake2s_state_t *state, Hacl_Hash_Blake2b_params
uint32_t x = r; uint32_t x = r;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)pv.digest_length (uint32_t)pv.digest_length ^
^ ((uint32_t)pv.key_length << 8U ^ ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U)); ((uint32_t)pv.key_length << 8U ^ ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U));
tmp[1U] = pv.leaf_length; tmp[1U] = pv.leaf_length;
tmp[2U] = (uint32_t)pv.node_offset; tmp[2U] = (uint32_t)pv.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(pv.node_offset >> 32U) (uint32_t)(pv.node_offset >> 32U) ^
^ ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U); ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];
@ -1182,8 +1180,7 @@ Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint3
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Hash_Blake2s_state_t){ (Hacl_Hash_Blake2s_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1237,8 +1234,7 @@ Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint3
Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb); Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2s_state_t){ (Hacl_Hash_Blake2s_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1268,8 +1264,7 @@ Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint3
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Hash_Blake2s_state_t){ (Hacl_Hash_Blake2s_state_t){
.block_state = block_state10, .block_state = block_state10,
@ -1321,8 +1316,7 @@ Hacl_Hash_Blake2s_update(Hacl_Hash_Blake2s_state_t *state, uint8_t *chunk, uint3
Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb); Hacl_Hash_Blake2s_update_multi(data1_len, wv, hash, total_len1, data1, nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2s_state_t){ (Hacl_Hash_Blake2s_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1639,16 +1633,14 @@ Hacl_Hash_Blake2s_hash_with_key_and_params(
uint32_t x = r; uint32_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)params.digest_length (uint32_t)params.digest_length ^
^ ((uint32_t)params.key_length << 8U ^
((uint32_t)params.key_length ((uint32_t)params.fanout << 16U ^ (uint32_t)params.depth << 24U));
<< 8U
^ ((uint32_t)params.fanout << 16U ^ (uint32_t)params.depth << 24U));
tmp[1U] = params.leaf_length; tmp[1U] = params.leaf_length;
tmp[2U] = (uint32_t)params.node_offset; tmp[2U] = (uint32_t)params.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(params.node_offset >> 32U) (uint32_t)(params.node_offset >> 32U) ^
^ ((uint32_t)params.node_depth << 16U ^ (uint32_t)params.inner_length << 24U); ((uint32_t)params.node_depth << 16U ^ (uint32_t)params.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];

52
Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c
View file

@ -271,13 +271,13 @@ Hacl_Hash_Blake2s_Simd128_init(Lib_IntVector_Intrinsics_vec128 *hash, uint32_t k
uint32_t x = r; uint32_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)(uint8_t)nn (uint32_t)(uint8_t)nn ^
^ ((uint32_t)(uint8_t)kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U)); ((uint32_t)(uint8_t)kk << 8U ^ ((uint32_t)p.fanout << 16U ^ (uint32_t)p.depth << 24U));
tmp[1U] = p.leaf_length; tmp[1U] = p.leaf_length;
tmp[2U] = (uint32_t)p.node_offset; tmp[2U] = (uint32_t)p.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(p.node_offset >> 32U) (uint32_t)(p.node_offset >> 32U) ^
^ ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U); ((uint32_t)p.node_depth << 16U ^ (uint32_t)p.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];
@ -736,16 +736,14 @@ static Hacl_Hash_Blake2s_Simd128_state_t
uint32_t x = r4; uint32_t x = r4;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)pv.digest_length (uint32_t)pv.digest_length ^
^ ((uint32_t)pv.key_length << 8U ^
((uint32_t)pv.key_length ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U));
<< 8U
^ ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U));
tmp[1U] = pv.leaf_length; tmp[1U] = pv.leaf_length;
tmp[2U] = (uint32_t)pv.node_offset; tmp[2U] = (uint32_t)pv.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(pv.node_offset >> 32U) (uint32_t)(pv.node_offset >> 32U) ^
^ ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U); ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];
@ -923,13 +921,13 @@ reset_raw(Hacl_Hash_Blake2s_Simd128_state_t *state, Hacl_Hash_Blake2b_params_and
uint32_t x = r; uint32_t x = r;
os[i0] = x;); os[i0] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)pv.digest_length (uint32_t)pv.digest_length ^
^ ((uint32_t)pv.key_length << 8U ^ ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U)); ((uint32_t)pv.key_length << 8U ^ ((uint32_t)pv.fanout << 16U ^ (uint32_t)pv.depth << 24U));
tmp[1U] = pv.leaf_length; tmp[1U] = pv.leaf_length;
tmp[2U] = (uint32_t)pv.node_offset; tmp[2U] = (uint32_t)pv.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(pv.node_offset >> 32U) (uint32_t)(pv.node_offset >> 32U) ^
^ ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U); ((uint32_t)pv.node_depth << 16U ^ (uint32_t)pv.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];
@ -1061,8 +1059,7 @@ Hacl_Hash_Blake2s_Simd128_update(
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Hash_Blake2s_Simd128_state_t){ (Hacl_Hash_Blake2s_Simd128_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1116,8 +1113,7 @@ Hacl_Hash_Blake2s_Simd128_update(
Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb); Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2s_Simd128_state_t){ (Hacl_Hash_Blake2s_Simd128_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1147,8 +1143,7 @@ Hacl_Hash_Blake2s_Simd128_update(
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Hash_Blake2s_Simd128_state_t){ (Hacl_Hash_Blake2s_Simd128_state_t){
.block_state = block_state10, .block_state = block_state10,
@ -1200,8 +1195,7 @@ Hacl_Hash_Blake2s_Simd128_update(
Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb); Hacl_Hash_Blake2s_Simd128_update_multi(data1_len, wv, hash, total_len1, data1, nb);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_Blake2s_Simd128_state_t){ (Hacl_Hash_Blake2s_Simd128_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -1531,16 +1525,14 @@ Hacl_Hash_Blake2s_Simd128_hash_with_key_and_params(
uint32_t x = r; uint32_t x = r;
os[i] = x;); os[i] = x;);
tmp[0U] = tmp[0U] =
(uint32_t)params.digest_length (uint32_t)params.digest_length ^
^ ((uint32_t)params.key_length << 8U ^
((uint32_t)params.key_length ((uint32_t)params.fanout << 16U ^ (uint32_t)params.depth << 24U));
<< 8U
^ ((uint32_t)params.fanout << 16U ^ (uint32_t)params.depth << 24U));
tmp[1U] = params.leaf_length; tmp[1U] = params.leaf_length;
tmp[2U] = (uint32_t)params.node_offset; tmp[2U] = (uint32_t)params.node_offset;
tmp[3U] = tmp[3U] =
(uint32_t)(params.node_offset >> 32U) (uint32_t)(params.node_offset >> 32U) ^
^ ((uint32_t)params.node_depth << 16U ^ (uint32_t)params.inner_length << 24U); ((uint32_t)params.node_depth << 16U ^ (uint32_t)params.inner_length << 24U);
uint32_t tmp0 = tmp[0U]; uint32_t tmp0 = tmp[0U];
uint32_t tmp1 = tmp[1U]; uint32_t tmp1 = tmp[1U];
uint32_t tmp2 = tmp[2U]; uint32_t tmp2 = tmp[2U];

523
Modules/_hacl/Hacl_Hash_MD5.c
View file

@ -66,11 +66,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti0 = _t[0U]; uint32_t ti0 = _t[0U];
uint32_t uint32_t
v = v =
vb0 vb0 +
+ ((va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) << 7U |
((va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) (va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) >> 25U);
<< 7U
| (va + ((vb0 & vc0) | (~vb0 & vd0)) + xk + ti0) >> 25U);
abcd[0U] = v; abcd[0U] = v;
uint32_t va0 = abcd[3U]; uint32_t va0 = abcd[3U];
uint32_t vb1 = abcd[0U]; uint32_t vb1 = abcd[0U];
@ -82,11 +80,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti1 = _t[1U]; uint32_t ti1 = _t[1U];
uint32_t uint32_t
v0 = v0 =
vb1 vb1 +
+ ((va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) << 12U |
((va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) (va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) >> 20U);
<< 12U
| (va0 + ((vb1 & vc1) | (~vb1 & vd1)) + xk0 + ti1) >> 20U);
abcd[3U] = v0; abcd[3U] = v0;
uint32_t va1 = abcd[2U]; uint32_t va1 = abcd[2U];
uint32_t vb2 = abcd[3U]; uint32_t vb2 = abcd[3U];
@ -98,11 +94,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti2 = _t[2U]; uint32_t ti2 = _t[2U];
uint32_t uint32_t
v1 = v1 =
vb2 vb2 +
+ ((va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) << 17U |
((va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) (va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) >> 15U);
<< 17U
| (va1 + ((vb2 & vc2) | (~vb2 & vd2)) + xk1 + ti2) >> 15U);
abcd[2U] = v1; abcd[2U] = v1;
uint32_t va2 = abcd[1U]; uint32_t va2 = abcd[1U];
uint32_t vb3 = abcd[2U]; uint32_t vb3 = abcd[2U];
@ -114,11 +108,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti3 = _t[3U]; uint32_t ti3 = _t[3U];
uint32_t uint32_t
v2 = v2 =
vb3 vb3 +
+ ((va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) << 22U |
((va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) (va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) >> 10U);
<< 22U
| (va2 + ((vb3 & vc3) | (~vb3 & vd3)) + xk2 + ti3) >> 10U);
abcd[1U] = v2; abcd[1U] = v2;
uint32_t va3 = abcd[0U]; uint32_t va3 = abcd[0U];
uint32_t vb4 = abcd[1U]; uint32_t vb4 = abcd[1U];
@ -130,11 +122,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti4 = _t[4U]; uint32_t ti4 = _t[4U];
uint32_t uint32_t
v3 = v3 =
vb4 vb4 +
+ ((va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) << 7U |
((va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) (va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) >> 25U);
<< 7U
| (va3 + ((vb4 & vc4) | (~vb4 & vd4)) + xk3 + ti4) >> 25U);
abcd[0U] = v3; abcd[0U] = v3;
uint32_t va4 = abcd[3U]; uint32_t va4 = abcd[3U];
uint32_t vb5 = abcd[0U]; uint32_t vb5 = abcd[0U];
@ -146,11 +136,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti5 = _t[5U]; uint32_t ti5 = _t[5U];
uint32_t uint32_t
v4 = v4 =
vb5 vb5 +
+ ((va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) << 12U |
((va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) (va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) >> 20U);
<< 12U
| (va4 + ((vb5 & vc5) | (~vb5 & vd5)) + xk4 + ti5) >> 20U);
abcd[3U] = v4; abcd[3U] = v4;
uint32_t va5 = abcd[2U]; uint32_t va5 = abcd[2U];
uint32_t vb6 = abcd[3U]; uint32_t vb6 = abcd[3U];
@ -162,11 +150,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti6 = _t[6U]; uint32_t ti6 = _t[6U];
uint32_t uint32_t
v5 = v5 =
vb6 vb6 +
+ ((va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) << 17U |
((va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) (va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) >> 15U);
<< 17U
| (va5 + ((vb6 & vc6) | (~vb6 & vd6)) + xk5 + ti6) >> 15U);
abcd[2U] = v5; abcd[2U] = v5;
uint32_t va6 = abcd[1U]; uint32_t va6 = abcd[1U];
uint32_t vb7 = abcd[2U]; uint32_t vb7 = abcd[2U];
@ -178,11 +164,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti7 = _t[7U]; uint32_t ti7 = _t[7U];
uint32_t uint32_t
v6 = v6 =
vb7 vb7 +
+ ((va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) << 22U |
((va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) (va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) >> 10U);
<< 22U
| (va6 + ((vb7 & vc7) | (~vb7 & vd7)) + xk6 + ti7) >> 10U);
abcd[1U] = v6; abcd[1U] = v6;
uint32_t va7 = abcd[0U]; uint32_t va7 = abcd[0U];
uint32_t vb8 = abcd[1U]; uint32_t vb8 = abcd[1U];
@ -194,11 +178,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti8 = _t[8U]; uint32_t ti8 = _t[8U];
uint32_t uint32_t
v7 = v7 =
vb8 vb8 +
+ ((va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) << 7U |
((va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) (va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) >> 25U);
<< 7U
| (va7 + ((vb8 & vc8) | (~vb8 & vd8)) + xk7 + ti8) >> 25U);
abcd[0U] = v7; abcd[0U] = v7;
uint32_t va8 = abcd[3U]; uint32_t va8 = abcd[3U];
uint32_t vb9 = abcd[0U]; uint32_t vb9 = abcd[0U];
@ -210,11 +192,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti9 = _t[9U]; uint32_t ti9 = _t[9U];
uint32_t uint32_t
v8 = v8 =
vb9 vb9 +
+ ((va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) << 12U |
((va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) (va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) >> 20U);
<< 12U
| (va8 + ((vb9 & vc9) | (~vb9 & vd9)) + xk8 + ti9) >> 20U);
abcd[3U] = v8; abcd[3U] = v8;
uint32_t va9 = abcd[2U]; uint32_t va9 = abcd[2U];
uint32_t vb10 = abcd[3U]; uint32_t vb10 = abcd[3U];
@ -226,11 +206,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti10 = _t[10U]; uint32_t ti10 = _t[10U];
uint32_t uint32_t
v9 = v9 =
vb10 vb10 +
+ ((va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) << 17U |
((va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) (va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) >> 15U);
<< 17U
| (va9 + ((vb10 & vc10) | (~vb10 & vd10)) + xk9 + ti10) >> 15U);
abcd[2U] = v9; abcd[2U] = v9;
uint32_t va10 = abcd[1U]; uint32_t va10 = abcd[1U];
uint32_t vb11 = abcd[2U]; uint32_t vb11 = abcd[2U];
@ -242,11 +220,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti11 = _t[11U]; uint32_t ti11 = _t[11U];
uint32_t uint32_t
v10 = v10 =
vb11 vb11 +
+ ((va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) << 22U |
((va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) (va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) >> 10U);
<< 22U
| (va10 + ((vb11 & vc11) | (~vb11 & vd11)) + xk10 + ti11) >> 10U);
abcd[1U] = v10; abcd[1U] = v10;
uint32_t va11 = abcd[0U]; uint32_t va11 = abcd[0U];
uint32_t vb12 = abcd[1U]; uint32_t vb12 = abcd[1U];
@ -258,11 +234,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti12 = _t[12U]; uint32_t ti12 = _t[12U];
uint32_t uint32_t
v11 = v11 =
vb12 vb12 +
+ ((va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) << 7U |
((va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) (va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) >> 25U);
<< 7U
| (va11 + ((vb12 & vc12) | (~vb12 & vd12)) + xk11 + ti12) >> 25U);
abcd[0U] = v11; abcd[0U] = v11;
uint32_t va12 = abcd[3U]; uint32_t va12 = abcd[3U];
uint32_t vb13 = abcd[0U]; uint32_t vb13 = abcd[0U];
@ -274,11 +248,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti13 = _t[13U]; uint32_t ti13 = _t[13U];
uint32_t uint32_t
v12 = v12 =
vb13 vb13 +
+ ((va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) << 12U |
((va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) (va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) >> 20U);
<< 12U
| (va12 + ((vb13 & vc13) | (~vb13 & vd13)) + xk12 + ti13) >> 20U);
abcd[3U] = v12; abcd[3U] = v12;
uint32_t va13 = abcd[2U]; uint32_t va13 = abcd[2U];
uint32_t vb14 = abcd[3U]; uint32_t vb14 = abcd[3U];
@ -290,11 +262,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti14 = _t[14U]; uint32_t ti14 = _t[14U];
uint32_t uint32_t
v13 = v13 =
vb14 vb14 +
+ ((va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) << 17U |
((va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) (va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) >> 15U);
<< 17U
| (va13 + ((vb14 & vc14) | (~vb14 & vd14)) + xk13 + ti14) >> 15U);
abcd[2U] = v13; abcd[2U] = v13;
uint32_t va14 = abcd[1U]; uint32_t va14 = abcd[1U];
uint32_t vb15 = abcd[2U]; uint32_t vb15 = abcd[2U];
@ -306,11 +276,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti15 = _t[15U]; uint32_t ti15 = _t[15U];
uint32_t uint32_t
v14 = v14 =
vb15 vb15 +
+ ((va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) << 22U |
((va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) (va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) >> 10U);
<< 22U
| (va14 + ((vb15 & vc15) | (~vb15 & vd15)) + xk14 + ti15) >> 10U);
abcd[1U] = v14; abcd[1U] = v14;
uint32_t va15 = abcd[0U]; uint32_t va15 = abcd[0U];
uint32_t vb16 = abcd[1U]; uint32_t vb16 = abcd[1U];
@ -322,11 +290,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti16 = _t[16U]; uint32_t ti16 = _t[16U];
uint32_t uint32_t
v15 = v15 =
vb16 vb16 +
+ ((va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) << 5U |
((va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) (va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) >> 27U);
<< 5U
| (va15 + ((vb16 & vd16) | (vc16 & ~vd16)) + xk15 + ti16) >> 27U);
abcd[0U] = v15; abcd[0U] = v15;
uint32_t va16 = abcd[3U]; uint32_t va16 = abcd[3U];
uint32_t vb17 = abcd[0U]; uint32_t vb17 = abcd[0U];
@ -338,11 +304,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti17 = _t[17U]; uint32_t ti17 = _t[17U];
uint32_t uint32_t
v16 = v16 =
vb17 vb17 +
+ ((va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) << 9U |
((va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) (va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) >> 23U);
<< 9U
| (va16 + ((vb17 & vd17) | (vc17 & ~vd17)) + xk16 + ti17) >> 23U);
abcd[3U] = v16; abcd[3U] = v16;
uint32_t va17 = abcd[2U]; uint32_t va17 = abcd[2U];
uint32_t vb18 = abcd[3U]; uint32_t vb18 = abcd[3U];
@ -354,11 +318,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti18 = _t[18U]; uint32_t ti18 = _t[18U];
uint32_t uint32_t
v17 = v17 =
vb18 vb18 +
+ ((va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) << 14U |
((va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) (va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) >> 18U);
<< 14U
| (va17 + ((vb18 & vd18) | (vc18 & ~vd18)) + xk17 + ti18) >> 18U);
abcd[2U] = v17; abcd[2U] = v17;
uint32_t va18 = abcd[1U]; uint32_t va18 = abcd[1U];
uint32_t vb19 = abcd[2U]; uint32_t vb19 = abcd[2U];
@ -370,11 +332,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti19 = _t[19U]; uint32_t ti19 = _t[19U];
uint32_t uint32_t
v18 = v18 =
vb19 vb19 +
+ ((va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) << 20U |
((va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) (va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) >> 12U);
<< 20U
| (va18 + ((vb19 & vd19) | (vc19 & ~vd19)) + xk18 + ti19) >> 12U);
abcd[1U] = v18; abcd[1U] = v18;
uint32_t va19 = abcd[0U]; uint32_t va19 = abcd[0U];
uint32_t vb20 = abcd[1U]; uint32_t vb20 = abcd[1U];
@ -386,11 +346,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti20 = _t[20U]; uint32_t ti20 = _t[20U];
uint32_t uint32_t
v19 = v19 =
vb20 vb20 +
+ ((va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) << 5U |
((va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) (va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) >> 27U);
<< 5U
| (va19 + ((vb20 & vd20) | (vc20 & ~vd20)) + xk19 + ti20) >> 27U);
abcd[0U] = v19; abcd[0U] = v19;
uint32_t va20 = abcd[3U]; uint32_t va20 = abcd[3U];
uint32_t vb21 = abcd[0U]; uint32_t vb21 = abcd[0U];
@ -402,11 +360,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti21 = _t[21U]; uint32_t ti21 = _t[21U];
uint32_t uint32_t
v20 = v20 =
vb21 vb21 +
+ ((va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) << 9U |
((va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) (va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) >> 23U);
<< 9U
| (va20 + ((vb21 & vd21) | (vc21 & ~vd21)) + xk20 + ti21) >> 23U);
abcd[3U] = v20; abcd[3U] = v20;
uint32_t va21 = abcd[2U]; uint32_t va21 = abcd[2U];
uint32_t vb22 = abcd[3U]; uint32_t vb22 = abcd[3U];
@ -418,11 +374,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti22 = _t[22U]; uint32_t ti22 = _t[22U];
uint32_t uint32_t
v21 = v21 =
vb22 vb22 +
+ ((va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) << 14U |
((va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) (va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) >> 18U);
<< 14U
| (va21 + ((vb22 & vd22) | (vc22 & ~vd22)) + xk21 + ti22) >> 18U);
abcd[2U] = v21; abcd[2U] = v21;
uint32_t va22 = abcd[1U]; uint32_t va22 = abcd[1U];
uint32_t vb23 = abcd[2U]; uint32_t vb23 = abcd[2U];
@ -434,11 +388,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti23 = _t[23U]; uint32_t ti23 = _t[23U];
uint32_t uint32_t
v22 = v22 =
vb23 vb23 +
+ ((va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) << 20U |
((va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) (va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) >> 12U);
<< 20U
| (va22 + ((vb23 & vd23) | (vc23 & ~vd23)) + xk22 + ti23) >> 12U);
abcd[1U] = v22; abcd[1U] = v22;
uint32_t va23 = abcd[0U]; uint32_t va23 = abcd[0U];
uint32_t vb24 = abcd[1U]; uint32_t vb24 = abcd[1U];
@ -450,11 +402,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti24 = _t[24U]; uint32_t ti24 = _t[24U];
uint32_t uint32_t
v23 = v23 =
vb24 vb24 +
+ ((va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) << 5U |
((va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) (va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) >> 27U);
<< 5U
| (va23 + ((vb24 & vd24) | (vc24 & ~vd24)) + xk23 + ti24) >> 27U);
abcd[0U] = v23; abcd[0U] = v23;
uint32_t va24 = abcd[3U]; uint32_t va24 = abcd[3U];
uint32_t vb25 = abcd[0U]; uint32_t vb25 = abcd[0U];
@ -466,11 +416,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti25 = _t[25U]; uint32_t ti25 = _t[25U];
uint32_t uint32_t
v24 = v24 =
vb25 vb25 +
+ ((va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) << 9U |
((va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) (va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) >> 23U);
<< 9U
| (va24 + ((vb25 & vd25) | (vc25 & ~vd25)) + xk24 + ti25) >> 23U);
abcd[3U] = v24; abcd[3U] = v24;
uint32_t va25 = abcd[2U]; uint32_t va25 = abcd[2U];
uint32_t vb26 = abcd[3U]; uint32_t vb26 = abcd[3U];
@ -482,11 +430,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti26 = _t[26U]; uint32_t ti26 = _t[26U];
uint32_t uint32_t
v25 = v25 =
vb26 vb26 +
+ ((va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) << 14U |
((va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) (va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) >> 18U);
<< 14U
| (va25 + ((vb26 & vd26) | (vc26 & ~vd26)) + xk25 + ti26) >> 18U);
abcd[2U] = v25; abcd[2U] = v25;
uint32_t va26 = abcd[1U]; uint32_t va26 = abcd[1U];
uint32_t vb27 = abcd[2U]; uint32_t vb27 = abcd[2U];
@ -498,11 +444,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti27 = _t[27U]; uint32_t ti27 = _t[27U];
uint32_t uint32_t
v26 = v26 =
vb27 vb27 +
+ ((va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) << 20U |
((va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) (va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) >> 12U);
<< 20U
| (va26 + ((vb27 & vd27) | (vc27 & ~vd27)) + xk26 + ti27) >> 12U);
abcd[1U] = v26; abcd[1U] = v26;
uint32_t va27 = abcd[0U]; uint32_t va27 = abcd[0U];
uint32_t vb28 = abcd[1U]; uint32_t vb28 = abcd[1U];
@ -514,11 +458,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti28 = _t[28U]; uint32_t ti28 = _t[28U];
uint32_t uint32_t
v27 = v27 =
vb28 vb28 +
+ ((va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) << 5U |
((va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) (va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) >> 27U);
<< 5U
| (va27 + ((vb28 & vd28) | (vc28 & ~vd28)) + xk27 + ti28) >> 27U);
abcd[0U] = v27; abcd[0U] = v27;
uint32_t va28 = abcd[3U]; uint32_t va28 = abcd[3U];
uint32_t vb29 = abcd[0U]; uint32_t vb29 = abcd[0U];
@ -530,11 +472,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti29 = _t[29U]; uint32_t ti29 = _t[29U];
uint32_t uint32_t
v28 = v28 =
vb29 vb29 +
+ ((va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) << 9U |
((va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) (va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) >> 23U);
<< 9U
| (va28 + ((vb29 & vd29) | (vc29 & ~vd29)) + xk28 + ti29) >> 23U);
abcd[3U] = v28; abcd[3U] = v28;
uint32_t va29 = abcd[2U]; uint32_t va29 = abcd[2U];
uint32_t vb30 = abcd[3U]; uint32_t vb30 = abcd[3U];
@ -546,11 +486,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti30 = _t[30U]; uint32_t ti30 = _t[30U];
uint32_t uint32_t
v29 = v29 =
vb30 vb30 +
+ ((va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) << 14U |
((va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) (va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) >> 18U);
<< 14U
| (va29 + ((vb30 & vd30) | (vc30 & ~vd30)) + xk29 + ti30) >> 18U);
abcd[2U] = v29; abcd[2U] = v29;
uint32_t va30 = abcd[1U]; uint32_t va30 = abcd[1U];
uint32_t vb31 = abcd[2U]; uint32_t vb31 = abcd[2U];
@ -562,11 +500,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti31 = _t[31U]; uint32_t ti31 = _t[31U];
uint32_t uint32_t
v30 = v30 =
vb31 vb31 +
+ ((va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) << 20U |
((va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) (va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) >> 12U);
<< 20U
| (va30 + ((vb31 & vd31) | (vc31 & ~vd31)) + xk30 + ti31) >> 12U);
abcd[1U] = v30; abcd[1U] = v30;
uint32_t va31 = abcd[0U]; uint32_t va31 = abcd[0U];
uint32_t vb32 = abcd[1U]; uint32_t vb32 = abcd[1U];
@ -578,11 +514,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti32 = _t[32U]; uint32_t ti32 = _t[32U];
uint32_t uint32_t
v31 = v31 =
vb32 vb32 +
+ ((va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) << 4U |
((va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) (va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) >> 28U);
<< 4U
| (va31 + (vb32 ^ (vc32 ^ vd32)) + xk31 + ti32) >> 28U);
abcd[0U] = v31; abcd[0U] = v31;
uint32_t va32 = abcd[3U]; uint32_t va32 = abcd[3U];
uint32_t vb33 = abcd[0U]; uint32_t vb33 = abcd[0U];
@ -594,11 +528,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti33 = _t[33U]; uint32_t ti33 = _t[33U];
uint32_t uint32_t
v32 = v32 =
vb33 vb33 +
+ ((va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) << 11U |
((va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) (va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) >> 21U);
<< 11U
| (va32 + (vb33 ^ (vc33 ^ vd33)) + xk32 + ti33) >> 21U);
abcd[3U] = v32; abcd[3U] = v32;
uint32_t va33 = abcd[2U]; uint32_t va33 = abcd[2U];
uint32_t vb34 = abcd[3U]; uint32_t vb34 = abcd[3U];
@ -610,11 +542,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti34 = _t[34U]; uint32_t ti34 = _t[34U];
uint32_t uint32_t
v33 = v33 =
vb34 vb34 +
+ ((va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) << 16U |
((va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) (va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) >> 16U);
<< 16U
| (va33 + (vb34 ^ (vc34 ^ vd34)) + xk33 + ti34) >> 16U);
abcd[2U] = v33; abcd[2U] = v33;
uint32_t va34 = abcd[1U]; uint32_t va34 = abcd[1U];
uint32_t vb35 = abcd[2U]; uint32_t vb35 = abcd[2U];
@ -626,11 +556,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti35 = _t[35U]; uint32_t ti35 = _t[35U];
uint32_t uint32_t
v34 = v34 =
vb35 vb35 +
+ ((va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) << 23U |
((va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) (va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) >> 9U);
<< 23U
| (va34 + (vb35 ^ (vc35 ^ vd35)) + xk34 + ti35) >> 9U);
abcd[1U] = v34; abcd[1U] = v34;
uint32_t va35 = abcd[0U]; uint32_t va35 = abcd[0U];
uint32_t vb36 = abcd[1U]; uint32_t vb36 = abcd[1U];
@ -642,11 +570,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti36 = _t[36U]; uint32_t ti36 = _t[36U];
uint32_t uint32_t
v35 = v35 =
vb36 vb36 +
+ ((va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) << 4U |
((va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) (va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) >> 28U);
<< 4U
| (va35 + (vb36 ^ (vc36 ^ vd36)) + xk35 + ti36) >> 28U);
abcd[0U] = v35; abcd[0U] = v35;
uint32_t va36 = abcd[3U]; uint32_t va36 = abcd[3U];
uint32_t vb37 = abcd[0U]; uint32_t vb37 = abcd[0U];
@ -658,11 +584,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti37 = _t[37U]; uint32_t ti37 = _t[37U];
uint32_t uint32_t
v36 = v36 =
vb37 vb37 +
+ ((va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) << 11U |
((va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) (va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) >> 21U);
<< 11U
| (va36 + (vb37 ^ (vc37 ^ vd37)) + xk36 + ti37) >> 21U);
abcd[3U] = v36; abcd[3U] = v36;
uint32_t va37 = abcd[2U]; uint32_t va37 = abcd[2U];
uint32_t vb38 = abcd[3U]; uint32_t vb38 = abcd[3U];
@ -674,11 +598,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti38 = _t[38U]; uint32_t ti38 = _t[38U];
uint32_t uint32_t
v37 = v37 =
vb38 vb38 +
+ ((va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) << 16U |
((va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) (va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) >> 16U);
<< 16U
| (va37 + (vb38 ^ (vc38 ^ vd38)) + xk37 + ti38) >> 16U);
abcd[2U] = v37; abcd[2U] = v37;
uint32_t va38 = abcd[1U]; uint32_t va38 = abcd[1U];
uint32_t vb39 = abcd[2U]; uint32_t vb39 = abcd[2U];
@ -690,11 +612,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti39 = _t[39U]; uint32_t ti39 = _t[39U];
uint32_t uint32_t
v38 = v38 =
vb39 vb39 +
+ ((va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) << 23U |
((va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) (va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) >> 9U);
<< 23U
| (va38 + (vb39 ^ (vc39 ^ vd39)) + xk38 + ti39) >> 9U);
abcd[1U] = v38; abcd[1U] = v38;
uint32_t va39 = abcd[0U]; uint32_t va39 = abcd[0U];
uint32_t vb40 = abcd[1U]; uint32_t vb40 = abcd[1U];
@ -706,11 +626,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti40 = _t[40U]; uint32_t ti40 = _t[40U];
uint32_t uint32_t
v39 = v39 =
vb40 vb40 +
+ ((va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) << 4U |
((va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) (va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) >> 28U);
<< 4U
| (va39 + (vb40 ^ (vc40 ^ vd40)) + xk39 + ti40) >> 28U);
abcd[0U] = v39; abcd[0U] = v39;
uint32_t va40 = abcd[3U]; uint32_t va40 = abcd[3U];
uint32_t vb41 = abcd[0U]; uint32_t vb41 = abcd[0U];
@ -722,11 +640,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti41 = _t[41U]; uint32_t ti41 = _t[41U];
uint32_t uint32_t
v40 = v40 =
vb41 vb41 +
+ ((va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) << 11U |
((va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) (va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) >> 21U);
<< 11U
| (va40 + (vb41 ^ (vc41 ^ vd41)) + xk40 + ti41) >> 21U);
abcd[3U] = v40; abcd[3U] = v40;
uint32_t va41 = abcd[2U]; uint32_t va41 = abcd[2U];
uint32_t vb42 = abcd[3U]; uint32_t vb42 = abcd[3U];
@ -738,11 +654,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti42 = _t[42U]; uint32_t ti42 = _t[42U];
uint32_t uint32_t
v41 = v41 =
vb42 vb42 +
+ ((va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) << 16U |
((va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) (va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) >> 16U);
<< 16U
| (va41 + (vb42 ^ (vc42 ^ vd42)) + xk41 + ti42) >> 16U);
abcd[2U] = v41; abcd[2U] = v41;
uint32_t va42 = abcd[1U]; uint32_t va42 = abcd[1U];
uint32_t vb43 = abcd[2U]; uint32_t vb43 = abcd[2U];
@ -754,11 +668,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti43 = _t[43U]; uint32_t ti43 = _t[43U];
uint32_t uint32_t
v42 = v42 =
vb43 vb43 +
+ ((va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) << 23U |
((va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) (va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) >> 9U);
<< 23U
| (va42 + (vb43 ^ (vc43 ^ vd43)) + xk42 + ti43) >> 9U);
abcd[1U] = v42; abcd[1U] = v42;
uint32_t va43 = abcd[0U]; uint32_t va43 = abcd[0U];
uint32_t vb44 = abcd[1U]; uint32_t vb44 = abcd[1U];
@ -770,11 +682,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti44 = _t[44U]; uint32_t ti44 = _t[44U];
uint32_t uint32_t
v43 = v43 =
vb44 vb44 +
+ ((va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) << 4U |
((va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) (va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) >> 28U);
<< 4U
| (va43 + (vb44 ^ (vc44 ^ vd44)) + xk43 + ti44) >> 28U);
abcd[0U] = v43; abcd[0U] = v43;
uint32_t va44 = abcd[3U]; uint32_t va44 = abcd[3U];
uint32_t vb45 = abcd[0U]; uint32_t vb45 = abcd[0U];
@ -786,11 +696,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti45 = _t[45U]; uint32_t ti45 = _t[45U];
uint32_t uint32_t
v44 = v44 =
vb45 vb45 +
+ ((va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) << 11U |
((va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) (va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) >> 21U);
<< 11U
| (va44 + (vb45 ^ (vc45 ^ vd45)) + xk44 + ti45) >> 21U);
abcd[3U] = v44; abcd[3U] = v44;
uint32_t va45 = abcd[2U]; uint32_t va45 = abcd[2U];
uint32_t vb46 = abcd[3U]; uint32_t vb46 = abcd[3U];
@ -802,11 +710,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti46 = _t[46U]; uint32_t ti46 = _t[46U];
uint32_t uint32_t
v45 = v45 =
vb46 vb46 +
+ ((va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) << 16U |
((va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) (va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) >> 16U);
<< 16U
| (va45 + (vb46 ^ (vc46 ^ vd46)) + xk45 + ti46) >> 16U);
abcd[2U] = v45; abcd[2U] = v45;
uint32_t va46 = abcd[1U]; uint32_t va46 = abcd[1U];
uint32_t vb47 = abcd[2U]; uint32_t vb47 = abcd[2U];
@ -818,11 +724,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti47 = _t[47U]; uint32_t ti47 = _t[47U];
uint32_t uint32_t
v46 = v46 =
vb47 vb47 +
+ ((va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) << 23U |
((va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) (va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) >> 9U);
<< 23U
| (va46 + (vb47 ^ (vc47 ^ vd47)) + xk46 + ti47) >> 9U);
abcd[1U] = v46; abcd[1U] = v46;
uint32_t va47 = abcd[0U]; uint32_t va47 = abcd[0U];
uint32_t vb48 = abcd[1U]; uint32_t vb48 = abcd[1U];
@ -834,11 +738,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti48 = _t[48U]; uint32_t ti48 = _t[48U];
uint32_t uint32_t
v47 = v47 =
vb48 vb48 +
+ ((va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) << 6U |
((va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) (va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) >> 26U);
<< 6U
| (va47 + (vc48 ^ (vb48 | ~vd48)) + xk47 + ti48) >> 26U);
abcd[0U] = v47; abcd[0U] = v47;
uint32_t va48 = abcd[3U]; uint32_t va48 = abcd[3U];
uint32_t vb49 = abcd[0U]; uint32_t vb49 = abcd[0U];
@ -850,11 +752,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti49 = _t[49U]; uint32_t ti49 = _t[49U];
uint32_t uint32_t
v48 = v48 =
vb49 vb49 +
+ ((va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) << 10U |
((va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) (va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) >> 22U);
<< 10U
| (va48 + (vc49 ^ (vb49 | ~vd49)) + xk48 + ti49) >> 22U);
abcd[3U] = v48; abcd[3U] = v48;
uint32_t va49 = abcd[2U]; uint32_t va49 = abcd[2U];
uint32_t vb50 = abcd[3U]; uint32_t vb50 = abcd[3U];
@ -866,11 +766,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti50 = _t[50U]; uint32_t ti50 = _t[50U];
uint32_t uint32_t
v49 = v49 =
vb50 vb50 +
+ ((va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) << 15U |
((va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) (va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) >> 17U);
<< 15U
| (va49 + (vc50 ^ (vb50 | ~vd50)) + xk49 + ti50) >> 17U);
abcd[2U] = v49; abcd[2U] = v49;
uint32_t va50 = abcd[1U]; uint32_t va50 = abcd[1U];
uint32_t vb51 = abcd[2U]; uint32_t vb51 = abcd[2U];
@ -882,11 +780,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti51 = _t[51U]; uint32_t ti51 = _t[51U];
uint32_t uint32_t
v50 = v50 =
vb51 vb51 +
+ ((va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) << 21U |
((va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) (va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) >> 11U);
<< 21U
| (va50 + (vc51 ^ (vb51 | ~vd51)) + xk50 + ti51) >> 11U);
abcd[1U] = v50; abcd[1U] = v50;
uint32_t va51 = abcd[0U]; uint32_t va51 = abcd[0U];
uint32_t vb52 = abcd[1U]; uint32_t vb52 = abcd[1U];
@ -898,11 +794,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti52 = _t[52U]; uint32_t ti52 = _t[52U];
uint32_t uint32_t
v51 = v51 =
vb52 vb52 +
+ ((va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) << 6U |
((va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) (va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) >> 26U);
<< 6U
| (va51 + (vc52 ^ (vb52 | ~vd52)) + xk51 + ti52) >> 26U);
abcd[0U] = v51; abcd[0U] = v51;
uint32_t va52 = abcd[3U]; uint32_t va52 = abcd[3U];
uint32_t vb53 = abcd[0U]; uint32_t vb53 = abcd[0U];
@ -914,11 +808,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti53 = _t[53U]; uint32_t ti53 = _t[53U];
uint32_t uint32_t
v52 = v52 =
vb53 vb53 +
+ ((va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) << 10U |
((va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) (va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) >> 22U);
<< 10U
| (va52 + (vc53 ^ (vb53 | ~vd53)) + xk52 + ti53) >> 22U);
abcd[3U] = v52; abcd[3U] = v52;
uint32_t va53 = abcd[2U]; uint32_t va53 = abcd[2U];
uint32_t vb54 = abcd[3U]; uint32_t vb54 = abcd[3U];
@ -930,11 +822,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti54 = _t[54U]; uint32_t ti54 = _t[54U];
uint32_t uint32_t
v53 = v53 =
vb54 vb54 +
+ ((va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) << 15U |
((va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) (va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) >> 17U);
<< 15U
| (va53 + (vc54 ^ (vb54 | ~vd54)) + xk53 + ti54) >> 17U);
abcd[2U] = v53; abcd[2U] = v53;
uint32_t va54 = abcd[1U]; uint32_t va54 = abcd[1U];
uint32_t vb55 = abcd[2U]; uint32_t vb55 = abcd[2U];
@ -946,11 +836,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti55 = _t[55U]; uint32_t ti55 = _t[55U];
uint32_t uint32_t
v54 = v54 =
vb55 vb55 +
+ ((va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) << 21U |
((va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) (va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) >> 11U);
<< 21U
| (va54 + (vc55 ^ (vb55 | ~vd55)) + xk54 + ti55) >> 11U);
abcd[1U] = v54; abcd[1U] = v54;
uint32_t va55 = abcd[0U]; uint32_t va55 = abcd[0U];
uint32_t vb56 = abcd[1U]; uint32_t vb56 = abcd[1U];
@ -962,11 +850,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti56 = _t[56U]; uint32_t ti56 = _t[56U];
uint32_t uint32_t
v55 = v55 =
vb56 vb56 +
+ ((va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) << 6U |
((va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) (va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) >> 26U);
<< 6U
| (va55 + (vc56 ^ (vb56 | ~vd56)) + xk55 + ti56) >> 26U);
abcd[0U] = v55; abcd[0U] = v55;
uint32_t va56 = abcd[3U]; uint32_t va56 = abcd[3U];
uint32_t vb57 = abcd[0U]; uint32_t vb57 = abcd[0U];
@ -978,11 +864,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti57 = _t[57U]; uint32_t ti57 = _t[57U];
uint32_t uint32_t
v56 = v56 =
vb57 vb57 +
+ ((va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) << 10U |
((va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) (va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) >> 22U);
<< 10U
| (va56 + (vc57 ^ (vb57 | ~vd57)) + xk56 + ti57) >> 22U);
abcd[3U] = v56; abcd[3U] = v56;
uint32_t va57 = abcd[2U]; uint32_t va57 = abcd[2U];
uint32_t vb58 = abcd[3U]; uint32_t vb58 = abcd[3U];
@ -994,11 +878,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti58 = _t[58U]; uint32_t ti58 = _t[58U];
uint32_t uint32_t
v57 = v57 =
vb58 vb58 +
+ ((va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) << 15U |
((va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) (va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) >> 17U);
<< 15U
| (va57 + (vc58 ^ (vb58 | ~vd58)) + xk57 + ti58) >> 17U);
abcd[2U] = v57; abcd[2U] = v57;
uint32_t va58 = abcd[1U]; uint32_t va58 = abcd[1U];
uint32_t vb59 = abcd[2U]; uint32_t vb59 = abcd[2U];
@ -1010,11 +892,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti59 = _t[59U]; uint32_t ti59 = _t[59U];
uint32_t uint32_t
v58 = v58 =
vb59 vb59 +
+ ((va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) << 21U |
((va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) (va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) >> 11U);
<< 21U
| (va58 + (vc59 ^ (vb59 | ~vd59)) + xk58 + ti59) >> 11U);
abcd[1U] = v58; abcd[1U] = v58;
uint32_t va59 = abcd[0U]; uint32_t va59 = abcd[0U];
uint32_t vb60 = abcd[1U]; uint32_t vb60 = abcd[1U];
@ -1026,11 +906,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti60 = _t[60U]; uint32_t ti60 = _t[60U];
uint32_t uint32_t
v59 = v59 =
vb60 vb60 +
+ ((va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) << 6U |
((va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) (va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) >> 26U);
<< 6U
| (va59 + (vc60 ^ (vb60 | ~vd60)) + xk59 + ti60) >> 26U);
abcd[0U] = v59; abcd[0U] = v59;
uint32_t va60 = abcd[3U]; uint32_t va60 = abcd[3U];
uint32_t vb61 = abcd[0U]; uint32_t vb61 = abcd[0U];
@ -1042,11 +920,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti61 = _t[61U]; uint32_t ti61 = _t[61U];
uint32_t uint32_t
v60 = v60 =
vb61 vb61 +
+ ((va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) << 10U |
((va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) (va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) >> 22U);
<< 10U
| (va60 + (vc61 ^ (vb61 | ~vd61)) + xk60 + ti61) >> 22U);
abcd[3U] = v60; abcd[3U] = v60;
uint32_t va61 = abcd[2U]; uint32_t va61 = abcd[2U];
uint32_t vb62 = abcd[3U]; uint32_t vb62 = abcd[3U];
@ -1058,11 +934,9 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti62 = _t[62U]; uint32_t ti62 = _t[62U];
uint32_t uint32_t
v61 = v61 =
vb62 vb62 +
+ ((va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) << 15U |
((va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) (va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) >> 17U);
<< 15U
| (va61 + (vc62 ^ (vb62 | ~vd62)) + xk61 + ti62) >> 17U);
abcd[2U] = v61; abcd[2U] = v61;
uint32_t va62 = abcd[1U]; uint32_t va62 = abcd[1U];
uint32_t vb = abcd[2U]; uint32_t vb = abcd[2U];
@ -1074,11 +948,8 @@ static void update(uint32_t *abcd, uint8_t *x)
uint32_t ti = _t[63U]; uint32_t ti = _t[63U];
uint32_t uint32_t
v62 = v62 =
vb vb +
+ ((va62 + (vc ^ (vb | ~vd)) + xk62 + ti) << 21U | (va62 + (vc ^ (vb | ~vd)) + xk62 + ti) >> 11U);
((va62 + (vc ^ (vb | ~vd)) + xk62 + ti)
<< 21U
| (va62 + (vc ^ (vb | ~vd)) + xk62 + ti) >> 11U);
abcd[1U] = v62; abcd[1U] = v62;
uint32_t a = abcd[0U]; uint32_t a = abcd[0U];
uint32_t b = abcd[1U]; uint32_t b = abcd[1U];
@ -1282,8 +1153,7 @@ Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -1328,8 +1198,7 @@ Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t
Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U); Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -1359,8 +1228,7 @@ Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state10, .block_state = block_state10,
@ -1403,8 +1271,7 @@ Hacl_Hash_MD5_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t
Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U); Hacl_Hash_MD5_update_multi(block_state1, data1, data1_len / 64U);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,

12
Modules/_hacl/Hacl_Hash_SHA1.c
View file

@ -315,8 +315,7 @@ Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -361,8 +360,7 @@ Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_
Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U); Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -392,8 +390,7 @@ Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state10, .block_state = block_state10,
@ -436,8 +433,7 @@ Hacl_Hash_SHA1_update(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_
Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U); Hacl_Hash_SHA1_update_multi(block_state1, data1, data1_len / 64U);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,

42
Modules/_hacl/Hacl_Hash_SHA2.c
View file

@ -100,15 +100,14 @@ static inline void sha256_update(uint8_t *b, uint32_t *hash)
uint32_t k_e_t = k_t; uint32_t k_e_t = k_t;
uint32_t uint32_t
t1 = t1 =
h02 h02 + ((e0 << 26U | e0 >> 6U) ^ ((e0 << 21U | e0 >> 11U) ^ (e0 << 7U | e0 >> 25U))) +
+ ((e0 << 26U | e0 >> 6U) ^ ((e0 << 21U | e0 >> 11U) ^ (e0 << 7U | e0 >> 25U))) ((e0 & f0) ^ (~e0 & g0))
+ ((e0 & f0) ^ (~e0 & g0))
+ k_e_t + k_e_t
+ ws_t; + ws_t;
uint32_t uint32_t
t2 = t2 =
((a0 << 30U | a0 >> 2U) ^ ((a0 << 19U | a0 >> 13U) ^ (a0 << 10U | a0 >> 22U))) ((a0 << 30U | a0 >> 2U) ^ ((a0 << 19U | a0 >> 13U) ^ (a0 << 10U | a0 >> 22U))) +
+ ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0)));
uint32_t a1 = t1 + t2; uint32_t a1 = t1 + t2;
uint32_t b1 = a0; uint32_t b1 = a0;
uint32_t c1 = b0; uint32_t c1 = b0;
@ -301,15 +300,14 @@ static inline void sha512_update(uint8_t *b, uint64_t *hash)
uint64_t k_e_t = k_t; uint64_t k_e_t = k_t;
uint64_t uint64_t
t1 = t1 =
h02 h02 + ((e0 << 50U | e0 >> 14U) ^ ((e0 << 46U | e0 >> 18U) ^ (e0 << 23U | e0 >> 41U))) +
+ ((e0 << 50U | e0 >> 14U) ^ ((e0 << 46U | e0 >> 18U) ^ (e0 << 23U | e0 >> 41U))) ((e0 & f0) ^ (~e0 & g0))
+ ((e0 & f0) ^ (~e0 & g0))
+ k_e_t + k_e_t
+ ws_t; + ws_t;
uint64_t uint64_t
t2 = t2 =
((a0 << 36U | a0 >> 28U) ^ ((a0 << 30U | a0 >> 34U) ^ (a0 << 25U | a0 >> 39U))) ((a0 << 36U | a0 >> 28U) ^ ((a0 << 30U | a0 >> 34U) ^ (a0 << 25U | a0 >> 39U))) +
+ ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0)));
uint64_t a1 = t1 + t2; uint64_t a1 = t1 + t2;
uint64_t b1 = a0; uint64_t b1 = a0;
uint64_t c1 = b0; uint64_t c1 = b0;
@ -639,8 +637,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -685,8 +682,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk
Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1); Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -716,8 +712,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state10, .block_state = block_state10,
@ -760,8 +755,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *state, uint8_t *chunk, uint32_t chunk
Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1); Hacl_Hash_SHA2_sha256_update_nblocks(data1_len / 64U * 64U, data1, block_state1);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_32){ (Hacl_Streaming_MD_state_32){
.block_state = block_state1, .block_state = block_state1,
@ -1205,8 +1199,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *state, uint8_t *chunk, uint32_t chunk
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Streaming_MD_state_64){ (Hacl_Streaming_MD_state_64){
.block_state = block_state1, .block_state = block_state1,
@ -1251,8 +1244,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *state, uint8_t *chunk, uint32_t chunk
Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1); Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_64){ (Hacl_Streaming_MD_state_64){
.block_state = block_state1, .block_state = block_state1,
@ -1282,8 +1274,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *state, uint8_t *chunk, uint32_t chunk
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Streaming_MD_state_64){ (Hacl_Streaming_MD_state_64){
.block_state = block_state10, .block_state = block_state10,
@ -1326,8 +1317,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *state, uint8_t *chunk, uint32_t chunk
Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1); Hacl_Hash_SHA2_sha512_update_nblocks(data1_len / 128U * 128U, data1, block_state1);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_MD_state_64){ (Hacl_Streaming_MD_state_64){
.block_state = block_state1, .block_state = block_state1,

22
Modules/_hacl/Hacl_Hash_SHA3.c
View file

@ -866,8 +866,7 @@ Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t ch
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
((Hacl_Hash_SHA3_state_t){ .block_state = block_state1, .buf = buf, .total_len = total_len2 }); ((Hacl_Hash_SHA3_state_t){ .block_state = block_state1, .buf = buf, .total_len = total_len2 });
} }
else if (sz == 0U) else if (sz == 0U)
@ -910,8 +909,7 @@ Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t ch
Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1)); Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_SHA3_state_t){ (Hacl_Hash_SHA3_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -941,8 +939,7 @@ Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t ch
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Hash_SHA3_state_t){ (Hacl_Hash_SHA3_state_t){
.block_state = block_state10, .block_state = block_state10,
@ -972,10 +969,8 @@ Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t ch
uint32_t ite; uint32_t ite;
if if
( (
(uint64_t)(chunk_len - diff) (uint64_t)(chunk_len - diff) % (uint64_t)block_len(i) == 0ULL &&
% (uint64_t)block_len(i) (uint64_t)(chunk_len - diff) > 0ULL
== 0ULL
&& (uint64_t)(chunk_len - diff) > 0ULL
) )
{ {
ite = block_len(i); ite = block_len(i);
@ -994,8 +989,7 @@ Hacl_Hash_SHA3_update(Hacl_Hash_SHA3_state_t *state, uint8_t *chunk, uint32_t ch
Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1)); Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, data1_len / block_len(a1));
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Hash_SHA3_state_t){ (Hacl_Hash_SHA3_state_t){
.block_state = block_state1, .block_state = block_state1,
@ -2422,9 +2416,7 @@ Hacl_Hash_SHA3_shake128_squeeze_nblocks(
5U, 5U,
1U, 1U,
_C[i] = _C[i] =
state[i state[i + 0U] ^ (state[i + 5U] ^ (state[i + 10U] ^ (state[i + 15U] ^ state[i + 20U]))););
+ 0U]
^ (state[i + 5U] ^ (state[i + 10U] ^ (state[i + 15U] ^ state[i + 20U]))););
KRML_MAYBE_FOR5(i2, KRML_MAYBE_FOR5(i2,
0U, 0U,
5U, 5U,

127
Modules/_hacl/Hacl_Streaming_HMAC.c
View file

@ -198,8 +198,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] = ((Hacl_Agile_Hash_state_s){ .tag = Hacl_Agile_Hash_MD5_a, { .case_MD5_a = s1 } });
= ((Hacl_Agile_Hash_state_s){ .tag = Hacl_Agile_Hash_MD5_a, { .case_MD5_a = s1 } });
} }
if (st == NULL) if (st == NULL)
{ {
@ -220,8 +219,8 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
= ((Hacl_Agile_Hash_state_s){ .tag = Hacl_Agile_Hash_SHA1_a, { .case_SHA1_a = s1 } }); ((Hacl_Agile_Hash_state_s){ .tag = Hacl_Agile_Hash_SHA1_a, { .case_SHA1_a = s1 } });
} }
if (st == NULL) if (st == NULL)
{ {
@ -242,8 +241,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA2_224_a, .tag = Hacl_Agile_Hash_SHA2_224_a,
@ -270,8 +268,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA2_256_a, .tag = Hacl_Agile_Hash_SHA2_256_a,
@ -298,8 +295,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA2_384_a, .tag = Hacl_Agile_Hash_SHA2_384_a,
@ -326,8 +322,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA2_512_a, .tag = Hacl_Agile_Hash_SHA2_512_a,
@ -354,8 +349,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA3_224_a, .tag = Hacl_Agile_Hash_SHA3_224_a,
@ -382,8 +376,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA3_256_a, .tag = Hacl_Agile_Hash_SHA3_256_a,
@ -410,8 +403,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA3_384_a, .tag = Hacl_Agile_Hash_SHA3_384_a,
@ -438,8 +430,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_SHA3_512_a, .tag = Hacl_Agile_Hash_SHA3_512_a,
@ -466,8 +457,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_Blake2S_a, .tag = Hacl_Agile_Hash_Blake2S_a,
@ -495,8 +485,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_Blake2S_128_a, .tag = Hacl_Agile_Hash_Blake2S_128_a,
@ -531,8 +520,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_Blake2B_a, .tag = Hacl_Agile_Hash_Blake2B_a,
@ -560,8 +548,7 @@ static Hacl_Agile_Hash_state_s *malloc_(Hacl_Agile_Hash_impl a)
*st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s)); *st = (Hacl_Agile_Hash_state_s *)KRML_HOST_MALLOC(sizeof (Hacl_Agile_Hash_state_s));
if (st != NULL) if (st != NULL)
{ {
st[0U] st[0U] =
=
( (
(Hacl_Agile_Hash_state_s){ (Hacl_Agile_Hash_state_s){
.tag = Hacl_Agile_Hash_Blake2B_256_a, .tag = Hacl_Agile_Hash_Blake2B_256_a,
@ -2059,8 +2046,8 @@ Hacl_Streaming_HMAC_update(
Hacl_Streaming_HMAC_Definitions_index i1 = Hacl_Streaming_HMAC_index_of_state(block_state); Hacl_Streaming_HMAC_Definitions_index i1 = Hacl_Streaming_HMAC_index_of_state(block_state);
if if
( (
(uint64_t)chunk_len (uint64_t)chunk_len >
> max_input_len64(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) - total_len max_input_len64(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) - total_len
) )
{ {
return Hacl_Streaming_Types_MaximumLengthExceeded; return Hacl_Streaming_Types_MaximumLengthExceeded;
@ -2068,9 +2055,7 @@ Hacl_Streaming_HMAC_update(
uint32_t sz; uint32_t sz;
if if
( (
total_len total_len % (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) == 0ULL
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL
&& total_len > 0ULL && total_len > 0ULL
) )
{ {
@ -2079,8 +2064,8 @@ Hacl_Streaming_HMAC_update(
else else
{ {
sz = sz =
(uint32_t)(total_len (uint32_t)(total_len %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
if (chunk_len <= block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) - sz) if (chunk_len <= block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) - sz)
{ {
@ -2091,9 +2076,7 @@ Hacl_Streaming_HMAC_update(
uint32_t sz1; uint32_t sz1;
if if
( (
total_len1 total_len1 % (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) == 0ULL
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL
&& total_len1 > 0ULL && total_len1 > 0ULL
) )
{ {
@ -2102,14 +2085,13 @@ Hacl_Streaming_HMAC_update(
else else
{ {
sz1 = sz1 =
(uint32_t)(total_len1 (uint32_t)(total_len1 %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
uint8_t *buf2 = buf + sz1; uint8_t *buf2 = buf + sz1;
memcpy(buf2, chunk, chunk_len * sizeof (uint8_t)); memcpy(buf2, chunk, chunk_len * sizeof (uint8_t));
uint64_t total_len2 = total_len1 + (uint64_t)chunk_len; uint64_t total_len2 = total_len1 + (uint64_t)chunk_len;
*state *state =
=
( (
(Hacl_Streaming_HMAC_agile_state){ (Hacl_Streaming_HMAC_agile_state){
.block_state = block_state1, .block_state = block_state1,
@ -2127,9 +2109,7 @@ Hacl_Streaming_HMAC_update(
uint32_t sz1; uint32_t sz1;
if if
( (
total_len1 total_len1 % (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) == 0ULL
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL
&& total_len1 > 0ULL && total_len1 > 0ULL
) )
{ {
@ -2138,8 +2118,8 @@ Hacl_Streaming_HMAC_update(
else else
{ {
sz1 = sz1 =
(uint32_t)(total_len1 (uint32_t)(total_len1 %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
if (!(sz1 == 0U)) if (!(sz1 == 0U))
{ {
@ -2153,8 +2133,8 @@ Hacl_Streaming_HMAC_update(
uint32_t ite; uint32_t ite;
if if
( (
(uint64_t)chunk_len (uint64_t)chunk_len %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL == 0ULL
&& (uint64_t)chunk_len > 0ULL && (uint64_t)chunk_len > 0ULL
) )
@ -2164,8 +2144,8 @@ Hacl_Streaming_HMAC_update(
else else
{ {
ite = ite =
(uint32_t)((uint64_t)chunk_len (uint32_t)((uint64_t)chunk_len %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
uint32_t uint32_t
n_blocks = (chunk_len - ite) / block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))); n_blocks = (chunk_len - ite) / block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)));
@ -2178,8 +2158,7 @@ Hacl_Streaming_HMAC_update(
update_multi(s11, total_len1, data1, data1_len); update_multi(s11, total_len1, data1, data1_len);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_HMAC_agile_state){ (Hacl_Streaming_HMAC_agile_state){
.block_state = block_state1, .block_state = block_state1,
@ -2200,9 +2179,8 @@ Hacl_Streaming_HMAC_update(
uint32_t sz10; uint32_t sz10;
if if
( (
total_len10 total_len10 % (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) ==
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) 0ULL
== 0ULL
&& total_len10 > 0ULL && total_len10 > 0ULL
) )
{ {
@ -2211,14 +2189,13 @@ Hacl_Streaming_HMAC_update(
else else
{ {
sz10 = sz10 =
(uint32_t)(total_len10 (uint32_t)(total_len10 %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
uint8_t *buf2 = buf0 + sz10; uint8_t *buf2 = buf0 + sz10;
memcpy(buf2, chunk1, diff * sizeof (uint8_t)); memcpy(buf2, chunk1, diff * sizeof (uint8_t));
uint64_t total_len2 = total_len10 + (uint64_t)diff; uint64_t total_len2 = total_len10 + (uint64_t)diff;
*state *state =
=
( (
(Hacl_Streaming_HMAC_agile_state){ (Hacl_Streaming_HMAC_agile_state){
.block_state = block_state10, .block_state = block_state10,
@ -2233,9 +2210,7 @@ Hacl_Streaming_HMAC_update(
uint32_t sz1; uint32_t sz1;
if if
( (
total_len1 total_len1 % (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) == 0ULL
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL
&& total_len1 > 0ULL && total_len1 > 0ULL
) )
{ {
@ -2244,8 +2219,8 @@ Hacl_Streaming_HMAC_update(
else else
{ {
sz1 = sz1 =
(uint32_t)(total_len1 (uint32_t)(total_len1 %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
if (!(sz1 == 0U)) if (!(sz1 == 0U))
{ {
@ -2259,8 +2234,8 @@ Hacl_Streaming_HMAC_update(
uint32_t ite; uint32_t ite;
if if
( (
(uint64_t)(chunk_len - diff) (uint64_t)(chunk_len - diff) %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL == 0ULL
&& (uint64_t)(chunk_len - diff) > 0ULL && (uint64_t)(chunk_len - diff) > 0ULL
) )
@ -2270,13 +2245,12 @@ Hacl_Streaming_HMAC_update(
else else
{ {
ite = ite =
(uint32_t)((uint64_t)(chunk_len - diff) (uint32_t)((uint64_t)(chunk_len - diff) %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
uint32_t uint32_t
n_blocks = n_blocks =
(chunk_len - diff - ite) (chunk_len - diff - ite) / block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)));
/ block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)));
uint32_t uint32_t
data1_len = n_blocks * block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))); data1_len = n_blocks * block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)));
uint32_t data2_len = chunk_len - diff - data1_len; uint32_t data2_len = chunk_len - diff - data1_len;
@ -2286,8 +2260,7 @@ Hacl_Streaming_HMAC_update(
update_multi(s11, total_len1, data1, data1_len); update_multi(s11, total_len1, data1, data1_len);
uint8_t *dst = buf; uint8_t *dst = buf;
memcpy(dst, data2, data2_len * sizeof (uint8_t)); memcpy(dst, data2, data2_len * sizeof (uint8_t));
*state *state =
=
( (
(Hacl_Streaming_HMAC_agile_state){ (Hacl_Streaming_HMAC_agile_state){
.block_state = block_state1, .block_state = block_state1,
@ -2324,9 +2297,7 @@ Hacl_Streaming_HMAC_digest(
uint32_t r; uint32_t r;
if if
( (
total_len total_len % (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))) == 0ULL
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))
== 0ULL
&& total_len > 0ULL && total_len > 0ULL
) )
{ {
@ -2335,8 +2306,8 @@ Hacl_Streaming_HMAC_digest(
else else
{ {
r = r =
(uint32_t)(total_len (uint32_t)(total_len %
% (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)))); (uint64_t)block_len(alg_of_impl(dfst__Hacl_Agile_Hash_impl_uint32_t(i1))));
} }
uint8_t *buf_1 = buf_; uint8_t *buf_1 = buf_;
Hacl_Agile_Hash_state_s *s110 = malloc_(dfst__Hacl_Agile_Hash_impl_uint32_t(i1)); Hacl_Agile_Hash_state_s *s110 = malloc_(dfst__Hacl_Agile_Hash_impl_uint32_t(i1));

20
Modules/_hacl/Lib_Memzero0.c
View file

@ -11,18 +11,18 @@
#if defined(__APPLE__) && defined(__MACH__) #if defined(__APPLE__) && defined(__MACH__)
#include <AvailabilityMacros.h> #include <AvailabilityMacros.h>
// memset_s is available from macOS 10.9, iOS 7, watchOS 2, and on all tvOS and visionOS versions. // memset_s is available from macOS 10.9, iOS 7, watchOS 2, and on all tvOS and visionOS versions.
# if (defined(MAC_OS_X_VERSION_MIN_REQUIRED) && (MAC_OS_X_VERSION_MIN_REQUIRED >= __MAC_10_9)) # if (defined(MAC_OS_X_VERSION_MIN_REQUIRED) && defined(MAC_OS_X_VERSION_10_9) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_9))
# define APPLE_HAS_MEMSET_S 1 # define APPLE_HAS_MEMSET_S
# elif (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && (__IPHONE_OS_VERSION_MIN_REQUIRED >= __IPHONE_7_0)) # elif (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && defined(__IPHONE_7_0) && (__IPHONE_OS_VERSION_MIN_REQUIRED >= __IPHONE_7_0))
# define APPLE_HAS_MEMSET_S 1 # define APPLE_HAS_MEMSET_S
# elif (defined(TARGET_OS_TV) && TARGET_OS_TV) # elif (defined(TARGET_OS_TV) && TARGET_OS_TV)
# define APPLE_HAS_MEMSET_S 1 # define APPLE_HAS_MEMSET_S
# elif (defined(__WATCH_OS_VERSION_MIN_REQUIRED) && (__WATCH_OS_VERSION_MIN_REQUIRED >= __WATCHOS_2_0)) # elif (defined(__WATCH_OS_VERSION_MIN_REQUIRED) && defined(__WATCHOS_2_0) && (__WATCH_OS_VERSION_MIN_REQUIRED >= __WATCHOS_2_0))
# define APPLE_HAS_MEMSET_S 1 # define APPLE_HAS_MEMSET_S
# elif (defined(TARGET_OS_VISION) && TARGET_OS_VISION) # elif (defined(TARGET_OS_VISION) && TARGET_OS_VISION)
# define APPLE_HAS_MEMSET_S 1 # define APPLE_HAS_MEMSET_S
# else # else
# define APPLE_HAS_MEMSET_S 0 # undef APPLE_HAS_MEMSET_S
# endif # endif
#endif #endif
@ -55,7 +55,7 @@ void Lib_Memzero0_memzero0(void *dst, uint64_t len) {
#ifdef _WIN32 #ifdef _WIN32
SecureZeroMemory(dst, len_); SecureZeroMemory(dst, len_);
#elif defined(__APPLE__) && defined(__MACH__) && APPLE_HAS_MEMSET_S #elif defined(__APPLE__) && defined(__MACH__) && defined(APPLE_HAS_MEMSET_S)
memset_s(dst, len_, 0, len_); memset_s(dst, len_, 0, len_);
#elif (defined(__linux__) && !defined(LINUX_NO_EXPLICIT_BZERO)) || defined(__FreeBSD__) || defined(__OpenBSD__) #elif (defined(__linux__) && !defined(LINUX_NO_EXPLICIT_BZERO)) || defined(__FreeBSD__) || defined(__OpenBSD__)
explicit_bzero(dst, len_); explicit_bzero(dst, len_);

45
Modules/_hacl/include/krml/FStar_UInt128_Verified.h
View file

@ -257,11 +257,11 @@ FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b)
{ {
FStar_UInt128_uint128 lit; FStar_UInt128_uint128 lit;
lit.low = lit.low =
(FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) |
| (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low));
lit.high = lit.high =
(FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) |
| (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low));
return lit; return lit;
} }
@ -294,14 +294,12 @@ static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y)
{ {
FStar_UInt128_uint128 lit; FStar_UInt128_uint128 lit;
lit.low = lit.low =
FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) * (uint64_t)y +
* (uint64_t)y (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32),
+ (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32),
FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y));
lit.high = lit.high =
((x >> FStar_UInt128_u32_32) ((x >> FStar_UInt128_u32_32) * (uint64_t)y +
* (uint64_t)y (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32))
+ (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32))
>> FStar_UInt128_u32_32; >> FStar_UInt128_u32_32;
return lit; return lit;
} }
@ -315,28 +313,19 @@ static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t
{ {
FStar_UInt128_uint128 lit; FStar_UInt128_uint128 lit;
lit.low = lit.low =
FStar_UInt128_u32_combine_(FStar_UInt128_u64_mod_32(x) FStar_UInt128_u32_combine_(FStar_UInt128_u64_mod_32(x) * (y >> FStar_UInt128_u32_32) +
* (y >> FStar_UInt128_u32_32) FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) +
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)),
FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32)
* FStar_UInt128_u64_mod_32(y)
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)),
FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y))); FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)));
lit.high = lit.high =
(x >> FStar_UInt128_u32_32) (x >> FStar_UInt128_u32_32) * (y >> FStar_UInt128_u32_32) +
* (y >> FStar_UInt128_u32_32) (((x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) +
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32))
(((x >> FStar_UInt128_u32_32)
* FStar_UInt128_u64_mod_32(y)
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32))
>> FStar_UInt128_u32_32) >> FStar_UInt128_u32_32)
+ +
((FStar_UInt128_u64_mod_32(x) ((FStar_UInt128_u64_mod_32(x) * (y >> FStar_UInt128_u32_32) +
* (y >> FStar_UInt128_u32_32) FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) +
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)))
FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32)
* FStar_UInt128_u64_mod_32(y)
+ (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)))
>> FStar_UInt128_u32_32); >> FStar_UInt128_u32_32);
return lit; return lit;
} }

2
Modules/_hacl/refresh.sh
View file

@ -22,7 +22,7 @@ fi
# Update this when updating to a new version after verifying that the changes # Update this when updating to a new version after verifying that the changes
# the update brings in are good. # the update brings in are good.
expected_hacl_star_rev=7720f6d4fc0468a99d5ea6120976bcc271e42727 expected_hacl_star_rev=4ef25b547b377dcef855db4289c6a00580e7221c
hacl_dir="$(realpath "$1")" hacl_dir="$(realpath "$1")"
cd "$(dirname "$0")" cd "$(dirname "$0")"