From 640362faee1ce27304423da0d7d89246be196700 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 5 Oct 2023 08:49:31 +0200 Subject: [PATCH 1/5] update HACL to 1a20576fc736d51e1ab3c317b46ba81560b75786 --- CMakeLists.txt | 14 +- include/Hacl_RSAPSS.h | 45 ++- include/internal/Hacl_Bignum25519_51.h | 4 + include/msvc/Hacl_RSAPSS.h | 45 ++- include/msvc/internal/Hacl_Bignum25519_51.h | 4 + info.txt | 6 +- .../dist/minimal/fstar_uint128_gcc64.h | 4 +- ocaml/ctypes.depend | 10 +- src/EverCrypt_AEAD.c | 326 +++++++++--------- src/EverCrypt_AutoConfig2.c | 48 +-- src/EverCrypt_DRBG.c | 4 + src/EverCrypt_Hash.c | 5 +- src/EverCrypt_Poly1305.c | 9 +- src/Hacl_Chacha20_Vec128.c | 6 +- src/Hacl_Chacha20_Vec256.c | 6 +- src/Hacl_Chacha20_Vec32.c | 6 +- src/Hacl_Curve25519_64.c | 18 +- src/Hacl_Ed25519.c | 90 +++-- src/Hacl_FFDHE.c | 7 +- src/Hacl_Frodo_KEM.c | 2 +- src/Hacl_HMAC_DRBG.c | 3 + src/Hacl_Hash_Blake2.c | 2 + src/Hacl_Hash_Blake2b_256.c | 1 + src/Hacl_Hash_Blake2s_128.c | 1 + src/Hacl_Hash_MD5.c | 1 - src/Hacl_Hash_SHA1.c | 1 - src/Hacl_Hash_SHA2.c | 4 - src/Hacl_Hash_SHA3.c | 7 +- src/Hacl_K256_ECDSA.c | 28 +- src/Hacl_RSAPSS.c | 45 ++- src/Hacl_Salsa20.c | 8 +- src/Hacl_Streaming_Blake2.c | 2 - src/Hacl_Streaming_Blake2b_256.c | 1 - src/Hacl_Streaming_Blake2s_128.c | 1 - src/Hacl_Streaming_Poly1305_128.c | 3 +- src/Hacl_Streaming_Poly1305_256.c | 3 +- src/Hacl_Streaming_Poly1305_32.c | 1 - src/msvc/EverCrypt_AEAD.c | 326 +++++++++--------- src/msvc/EverCrypt_AutoConfig2.c | 48 +-- src/msvc/EverCrypt_DRBG.c | 4 + src/msvc/EverCrypt_Hash.c | 5 +- src/msvc/EverCrypt_Poly1305.c | 9 +- src/msvc/Hacl_Chacha20_Vec128.c | 6 +- src/msvc/Hacl_Chacha20_Vec256.c | 6 +- src/msvc/Hacl_Chacha20_Vec32.c | 6 +- src/msvc/Hacl_Curve25519_64.c | 18 +- src/msvc/Hacl_Ed25519.c | 90 +++-- src/msvc/Hacl_FFDHE.c | 7 +- src/msvc/Hacl_Frodo_KEM.c | 2 +- src/msvc/Hacl_HMAC_DRBG.c | 3 + src/msvc/Hacl_Hash_Blake2.c | 2 + src/msvc/Hacl_Hash_Blake2b_256.c | 1 + src/msvc/Hacl_Hash_Blake2s_128.c | 1 + src/msvc/Hacl_Hash_MD5.c | 1 - src/msvc/Hacl_Hash_SHA1.c | 1 - src/msvc/Hacl_Hash_SHA2.c | 4 - src/msvc/Hacl_Hash_SHA3.c | 7 +- src/msvc/Hacl_K256_ECDSA.c | 28 +- src/msvc/Hacl_RSAPSS.c | 45 ++- src/msvc/Hacl_Salsa20.c | 8 +- src/msvc/Hacl_Streaming_Blake2.c | 2 - src/msvc/Hacl_Streaming_Blake2b_256.c | 1 - src/msvc/Hacl_Streaming_Blake2s_128.c | 1 - src/msvc/Hacl_Streaming_Poly1305_128.c | 3 +- src/msvc/Hacl_Streaming_Poly1305_256.c | 3 +- src/msvc/Hacl_Streaming_Poly1305_32.c | 1 - src/wasm/EverCrypt_Hash.wasm | Bin 49374 -> 49325 bytes src/wasm/Hacl_Bignum256.wasm | Bin 100214 -> 100203 bytes src/wasm/Hacl_Bignum256_32.wasm | Bin 41067 -> 41054 bytes src/wasm/Hacl_Bignum32.wasm | Bin 15248 -> 15238 bytes src/wasm/Hacl_Bignum4096.wasm | Bin 63798 -> 63787 bytes src/wasm/Hacl_Bignum4096_32.wasm | Bin 32319 -> 32306 bytes src/wasm/Hacl_Bignum64.wasm | Bin 24421 -> 24411 bytes src/wasm/Hacl_Chacha20Poly1305_32.wasm | Bin 7661 -> 7657 bytes src/wasm/Hacl_Curve25519_51.wasm | Bin 7170 -> 7166 bytes src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm | Bin 21304 -> 21294 bytes src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm | Bin 21432 -> 21422 bytes src/wasm/Hacl_Hash_SHA3.wasm | Bin 17639 -> 17615 bytes src/wasm/Hacl_K256_ECDSA.wasm | Bin 98203 -> 98099 bytes src/wasm/Hacl_NaCl.wasm | Bin 5031 -> 5027 bytes src/wasm/Hacl_P256.wasm | Bin 83233 -> 83205 bytes src/wasm/INFO.txt | 4 +- 82 files changed, 698 insertions(+), 716 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 825b1192..be96526a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -88,17 +88,15 @@ include(build/config.cmake) # TODO: Set flags for MSVC if(NOT MSVC) add_compile_options( - # -Wall - # -Wextra - # -pedantic - # -Wconversion - # -Wsign-conversion - # -Werror=gcc-compat + -Wall + -Wextra + -pedantic + -Wconversion + -Wsign-conversion + -Werror=gcc-compat $<$:-g> $<$:-Og> $<$:-O3> - # $<$:-g> - # $<$:-Wno-deprecated-declarations> ) endif() diff --git a/include/Hacl_RSAPSS.h b/include/Hacl_RSAPSS.h index 8f4de949..90bd69ce 100644 --- a/include/Hacl_RSAPSS.h +++ b/include/Hacl_RSAPSS.h @@ -43,9 +43,9 @@ extern "C" { Sign a message `msg` and write the signature to `sgnt`. @param a Hash algorithm to use. Allowed values for `a` are ... - * Spec_Hash_Definitions_SHA2_256, - * Spec_Hash_Definitions_SHA2_384, and - * Spec_Hash_Definitions_SHA2_512. + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. @@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`. @@ -105,10 +108,10 @@ Load a public key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@return Returns an allocated public key. Note: caller must take care to `free()` the created key. +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb); @@ -119,11 +122,11 @@ Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. -@return Returns an allocated secret key. Note: caller must take care to `free()` the created key. +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_skey( @@ -138,13 +141,16 @@ uint64_t /** Sign a message `msg` and write the signature to `sgnt`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param salt Pointer to `saltLen` bytes where the salt is read from. @param msgLen Length of message. @@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param sgntLen Length of signature. @param sgnt Pointer to `sgntLen` bytes where the signature is read from. diff --git a/include/internal/Hacl_Bignum25519_51.h b/include/internal/Hacl_Bignum25519_51.h index 9fe5e9fc..25a10503 100644 --- a/include/internal/Hacl_Bignum25519_51.h +++ b/include/internal/Hacl_Bignum25519_51.h @@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul( FStar_UInt128_uint128 *uu___ ) { + KRML_HOST_IGNORE(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -167,6 +168,7 @@ Hacl_Impl_Curve25519_Field51_fmul2( FStar_UInt128_uint128 *uu___ ) { + KRML_HOST_IGNORE(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -371,6 +373,7 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f static inline void Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_HOST_IGNORE(uu___); uint64_t f0 = f[0U]; uint64_t f1 = f[1U]; uint64_t f2 = f[2U]; @@ -446,6 +449,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint static inline void Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_HOST_IGNORE(uu___); uint64_t f10 = f[0U]; uint64_t f11 = f[1U]; uint64_t f12 = f[2U]; diff --git a/include/msvc/Hacl_RSAPSS.h b/include/msvc/Hacl_RSAPSS.h index 8f4de949..90bd69ce 100644 --- a/include/msvc/Hacl_RSAPSS.h +++ b/include/msvc/Hacl_RSAPSS.h @@ -43,9 +43,9 @@ extern "C" { Sign a message `msg` and write the signature to `sgnt`. @param a Hash algorithm to use. Allowed values for `a` are ... - * Spec_Hash_Definitions_SHA2_256, - * Spec_Hash_Definitions_SHA2_384, and - * Spec_Hash_Definitions_SHA2_512. + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. @@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`. @@ -105,10 +108,10 @@ Load a public key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@return Returns an allocated public key. Note: caller must take care to `free()` the created key. +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb); @@ -119,11 +122,11 @@ Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. -@return Returns an allocated secret key. Note: caller must take care to `free()` the created key. +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_skey( @@ -138,13 +141,16 @@ uint64_t /** Sign a message `msg` and write the signature to `sgnt`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param salt Pointer to `saltLen` bytes where the salt is read from. @param msgLen Length of message. @@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param sgntLen Length of signature. @param sgnt Pointer to `sgntLen` bytes where the signature is read from. diff --git a/include/msvc/internal/Hacl_Bignum25519_51.h b/include/msvc/internal/Hacl_Bignum25519_51.h index 9fe5e9fc..25a10503 100644 --- a/include/msvc/internal/Hacl_Bignum25519_51.h +++ b/include/msvc/internal/Hacl_Bignum25519_51.h @@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul( FStar_UInt128_uint128 *uu___ ) { + KRML_HOST_IGNORE(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -167,6 +168,7 @@ Hacl_Impl_Curve25519_Field51_fmul2( FStar_UInt128_uint128 *uu___ ) { + KRML_HOST_IGNORE(uu___); uint64_t f10 = f1[0U]; uint64_t f11 = f1[1U]; uint64_t f12 = f1[2U]; @@ -371,6 +373,7 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f static inline void Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_HOST_IGNORE(uu___); uint64_t f0 = f[0U]; uint64_t f1 = f[1U]; uint64_t f2 = f[2U]; @@ -446,6 +449,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint static inline void Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___) { + KRML_HOST_IGNORE(uu___); uint64_t f10 = f[0U]; uint64_t f11 = f[1U]; uint64_t f12 = f[2U]; diff --git a/info.txt b/info.txt index 1a29e888..7dc2a1a0 100644 --- a/info.txt +++ b/info.txt @@ -1,5 +1,5 @@ The code was generated with the following toolchain. -F* version: 155853a14336aa0713dba7db5408f4c8ab512a06 -KaRaMeL version: db63c1de17565be0ec4989f58532717a04e3ff40 -HACL* version: ad60c9d98c9ce8f6a4fa13090511fa4b3a2c137b +F* version: bc622701c668f6b4092760879372968265d4a4e1 +KaRaMeL version: aef72b2b5a44b338b856a177819d1bfa0d7cc5b6 +HACL* version: 1a20576fc736d51e1ab3c317b46ba81560b75786 Vale version: 0.3.19 diff --git a/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h index e40304b2..ae109004 100644 --- a/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h +++ b/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h @@ -110,7 +110,7 @@ inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { uint64_t mask = FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) & - FStar_UInt64_eq_mask(x, y); + FStar_UInt64_eq_mask((uint64_t)x, (uint64_t)y); return ((uint128_t)mask) << 64 | mask; } @@ -118,7 +118,7 @@ inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { uint64_t mask = (FStar_UInt64_gte_mask(x >> 64, y >> 64) & ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | - (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask(x, y)); + (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y)); return ((uint128_t)mask) << 64 | mask; } diff --git a/ocaml/ctypes.depend b/ocaml/ctypes.depend index 86af86df..31393b5e 100644 --- a/ocaml/ctypes.depend +++ b/ocaml/ctypes.depend @@ -1,4 +1,4 @@ -CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx +CTYPES_DEPS=lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_Hash_SHA3_stubs.cmx lib/Hacl_Hash_SHA3_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx lib/Hacl_Streaming_Types_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmo: lib_gen/Hacl_Streaming_Types_gen.cmx: lib/Hacl_Streaming_Types_bindings.cmx @@ -283,14 +283,14 @@ lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Imp lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx: lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx -lib/EverCrypt_Poly1305_bindings.cmx: -lib/EverCrypt_Poly1305_bindings.cmo: -lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx -lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmo: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmo lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmo lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx +lib/EverCrypt_Poly1305_bindings.cmx: +lib/EverCrypt_Poly1305_bindings.cmo: +lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx +lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx: lib/Hacl_Streaming_Types_bindings.cmx lib/Hacl_Streaming_Types_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmo: lib/Hacl_Streaming_Types_bindings.cmo lib/Hacl_Streaming_Types_stubs.cmo lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx: lib/Hacl_Streaming_Poly1305_32_bindings.cmx diff --git a/src/EverCrypt_AEAD.c b/src/EverCrypt_AEAD.c index 564dbc2e..21039bd4 100644 --- a/src/EverCrypt_AEAD.c +++ b/src/EverCrypt_AEAD.c @@ -46,6 +46,8 @@ The state may be reused as many times as desired. */ bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee) { + KRML_HOST_IGNORE(a); + KRML_HOST_IGNORE(projectee); return true; } @@ -58,8 +60,7 @@ Return the algorithm used in the AEAD state. */ Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s) { - EverCrypt_AEAD_state_s scrut = *s; - Spec_Cipher_Expansion_impl impl = scrut.impl; + Spec_Cipher_Expansion_impl impl = (*s).impl; switch (impl) { case Spec_Cipher_Expansion_Hacl_CHACHA20: @@ -108,8 +109,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t)); uint8_t *keys_b = ek; uint8_t *hkeys_b = ek + (uint32_t)176U; - uint64_t scrut = aes128_key_expansion(k, keys_b); - uint64_t scrut0 = aes128_keyhash_init(keys_b, hkeys_b); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b)); EverCrypt_AEAD_state_s *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s)); p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }); @@ -136,8 +137,8 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t)); uint8_t *keys_b = ek; uint8_t *hkeys_b = ek + (uint32_t)240U; - uint64_t scrut = aes256_key_expansion(k, keys_b); - uint64_t scrut0 = aes256_keyhash_init(keys_b, hkeys_b); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b)); EverCrypt_AEAD_state_s *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s)); p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }); @@ -212,8 +213,7 @@ encrypt_aes128_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)304U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -223,8 +223,12 @@ encrypt_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -250,9 +254,7 @@ encrypt_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut0 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -268,7 +270,7 @@ encrypt_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -281,9 +283,7 @@ encrypt_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut0 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -299,7 +299,7 @@ encrypt_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, @@ -336,8 +336,7 @@ encrypt_aes256_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)368U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -347,8 +346,12 @@ encrypt_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -374,9 +377,7 @@ encrypt_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut0 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -392,7 +393,7 @@ encrypt_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -405,9 +406,7 @@ encrypt_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut0 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -423,7 +422,7 @@ encrypt_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, @@ -529,23 +528,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut0 = aes128_key_expansion(k, keys_b0); - uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -555,8 +552,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -582,9 +583,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -600,7 +599,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -613,9 +612,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -631,12 +628,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; #else @@ -673,23 +670,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut0 = aes256_key_expansion(k, keys_b0); - uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -699,8 +694,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -726,9 +725,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -744,7 +741,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -757,9 +754,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -775,12 +770,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; #else @@ -816,23 +811,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut0 = aes128_key_expansion(k, keys_b0); - uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -842,8 +835,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -869,9 +866,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -887,7 +882,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -900,9 +895,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -918,12 +911,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; } @@ -957,23 +950,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut0 = aes256_key_expansion(k, keys_b0); - uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -983,8 +974,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1010,9 +1005,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -1028,7 +1021,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -1041,9 +1034,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -1059,12 +1050,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; } @@ -1087,12 +1078,12 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305( uint8_t *tag ) { + KRML_HOST_IGNORE(iv_len); uint8_t ek[32U] = { 0U }; EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek }; memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t)); EverCrypt_AEAD_state_s *s = &p; - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag); return EverCrypt_Error_Success; } @@ -1182,8 +1173,7 @@ decrypt_aes128_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)304U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -1193,8 +1183,12 @@ decrypt_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1222,7 +1216,7 @@ decrypt_aes128_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut0 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1240,7 +1234,6 @@ decrypt_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } else @@ -1255,7 +1248,7 @@ decrypt_aes128_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut0 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1273,7 +1266,6 @@ decrypt_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1316,8 +1308,7 @@ decrypt_aes256_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)368U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -1327,8 +1318,12 @@ decrypt_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1356,7 +1351,7 @@ decrypt_aes256_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut0 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1374,7 +1369,6 @@ decrypt_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } else @@ -1389,7 +1383,7 @@ decrypt_aes256_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut0 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1407,7 +1401,6 @@ decrypt_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1449,8 +1442,7 @@ decrypt_chacha20_poly1305( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint32_t r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag); if (r == (uint32_t)0U) @@ -1508,8 +1500,7 @@ EverCrypt_AEAD_decrypt( { return EverCrypt_Error_InvalidKey; } - EverCrypt_AEAD_state_s scrut = *s; - Spec_Cipher_Expansion_impl i = scrut.impl; + Spec_Cipher_Expansion_impl i = (*s).impl; switch (i) { case Spec_Cipher_Expansion_Vale_AES128: @@ -1557,8 +1548,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut = aes128_key_expansion(k, keys_b0); - uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -1569,8 +1560,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -1580,8 +1570,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1609,7 +1603,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1627,7 +1621,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -1642,7 +1635,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1660,7 +1653,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1706,8 +1698,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut = aes256_key_expansion(k, keys_b0); - uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -1718,8 +1710,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -1729,8 +1720,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1758,7 +1753,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1776,7 +1771,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -1791,7 +1785,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1809,7 +1803,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1854,8 +1847,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut = aes128_key_expansion(k, keys_b0); - uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -1866,8 +1859,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -1877,8 +1869,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1906,7 +1902,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1924,7 +1920,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -1939,7 +1934,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1957,7 +1952,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -2000,8 +1994,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut = aes256_key_expansion(k, keys_b0); - uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -2012,8 +2006,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -2023,8 +2016,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -2052,7 +2049,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -2070,7 +2067,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -2085,7 +2081,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -2103,7 +2099,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -2214,8 +2209,7 @@ Cleanup and free the AEAD state. */ void EverCrypt_AEAD_free(EverCrypt_AEAD_state_s *s) { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; KRML_HOST_FREE(ek); KRML_HOST_FREE(s); } diff --git a/src/EverCrypt_AutoConfig2.c b/src/EverCrypt_AutoConfig2.c index fe93ef8a..b549d020 100644 --- a/src/EverCrypt_AutoConfig2.c +++ b/src/EverCrypt_AutoConfig2.c @@ -113,75 +113,59 @@ void EverCrypt_AutoConfig2_recall(void) void EverCrypt_AutoConfig2_init(void) { #if HACL_CAN_COMPILE_VALE - uint64_t scrut = check_aesni(); - if (scrut != (uint64_t)0U) + if (check_aesni() != (uint64_t)0U) { cpu_has_aesni[0U] = true; cpu_has_pclmulqdq[0U] = true; } - uint64_t scrut0 = check_sha(); - if (scrut0 != (uint64_t)0U) + if (check_sha() != (uint64_t)0U) { cpu_has_shaext[0U] = true; } - uint64_t scrut1 = check_adx_bmi2(); - if (scrut1 != (uint64_t)0U) + if (check_adx_bmi2() != (uint64_t)0U) { cpu_has_bmi2[0U] = true; cpu_has_adx[0U] = true; } - uint64_t scrut2 = check_avx(); - if (scrut2 != (uint64_t)0U) + if (check_avx() != (uint64_t)0U) { - uint64_t scrut3 = check_osxsave(); - if (scrut3 != (uint64_t)0U) + if (check_osxsave() != (uint64_t)0U) { - uint64_t scrut4 = check_avx_xcr0(); - if (scrut4 != (uint64_t)0U) + if (check_avx_xcr0() != (uint64_t)0U) { cpu_has_avx[0U] = true; } } } - uint64_t scrut3 = check_avx2(); - if (scrut3 != (uint64_t)0U) + if (check_avx2() != (uint64_t)0U) { - uint64_t scrut4 = check_osxsave(); - if (scrut4 != (uint64_t)0U) + if (check_osxsave() != (uint64_t)0U) { - uint64_t scrut5 = check_avx_xcr0(); - if (scrut5 != (uint64_t)0U) + if (check_avx_xcr0() != (uint64_t)0U) { cpu_has_avx2[0U] = true; } } } - uint64_t scrut4 = check_sse(); - if (scrut4 != (uint64_t)0U) + if (check_sse() != (uint64_t)0U) { cpu_has_sse[0U] = true; } - uint64_t scrut5 = check_movbe(); - if (scrut5 != (uint64_t)0U) + if (check_movbe() != (uint64_t)0U) { cpu_has_movbe[0U] = true; } - uint64_t scrut6 = check_rdrand(); - if (scrut6 != (uint64_t)0U) + if (check_rdrand() != (uint64_t)0U) { cpu_has_rdrand[0U] = true; } - uint64_t scrut7 = check_avx512(); - if (scrut7 != (uint64_t)0U) + if (check_avx512() != (uint64_t)0U) { - uint64_t scrut8 = check_osxsave(); - if (scrut8 != (uint64_t)0U) + if (check_osxsave() != (uint64_t)0U) { - uint64_t scrut9 = check_avx_xcr0(); - if (scrut9 != (uint64_t)0U) + if (check_avx_xcr0() != (uint64_t)0U) { - uint64_t scrut10 = check_avx512_xcr0(); - if (scrut10 != (uint64_t)0U) + if (check_avx512_xcr0() != (uint64_t)0U) { cpu_has_avx512[0U] = true; return; diff --git a/src/EverCrypt_DRBG.c b/src/EverCrypt_DRBG.c index f21313e9..13e517e5 100644 --- a/src/EverCrypt_DRBG.c +++ b/src/EverCrypt_DRBG.c @@ -92,6 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA1_s) { return true; @@ -105,6 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA2_256_s) { return true; @@ -118,6 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA2_384_s) { return true; @@ -131,6 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA2_512_s) { return true; diff --git a/src/EverCrypt_Hash.c b/src/EverCrypt_Hash.c index 914a105f..b88df9e2 100644 --- a/src/EverCrypt_Hash.c +++ b/src/EverCrypt_Hash.c @@ -399,7 +399,7 @@ void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n) if (has_shaext && has_sse) { uint64_t n1 = (uint64_t)n; - uint64_t scrut = sha256_update(s, blocks, n1, k224_256); + KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256)); return; } Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s); @@ -2156,8 +2156,7 @@ Perform a run-time test to determine which algorithm was chosen for the given pi Spec_Hash_Definitions_hash_alg EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s) { - EverCrypt_Hash_Incremental_hash_state scrut = *s; - EverCrypt_Hash_state_s *block_state = scrut.block_state; + EverCrypt_Hash_state_s *block_state = (*s).block_state; return alg_of_state(block_state); } diff --git a/src/EverCrypt_Poly1305.c b/src/EverCrypt_Poly1305.c index 717b9527..82ca9b99 100644 --- a/src/EverCrypt_Poly1305.c +++ b/src/EverCrypt_Poly1305.c @@ -38,19 +38,16 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key uint8_t tmp[16U] = { 0U }; if (n_extra == (uint32_t)0U) { - uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U); - KRML_HOST_IGNORE((void *)(uint8_t)0U); + KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U)); } else { uint32_t len16 = n_blocks * (uint32_t)16U; uint8_t *src16 = src; memcpy(tmp, src + len16, n_extra * sizeof (uint8_t)); - uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U); - KRML_HOST_IGNORE((void *)(uint8_t)0U); + KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U)); memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t)); - uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U); - KRML_HOST_IGNORE((void *)(uint8_t)0U); + KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U)); } memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t)); #endif diff --git a/src/Hacl_Chacha20_Vec128.c b/src/Hacl_Chacha20_Vec128.c index ed112654..1e0c4ec1 100644 --- a/src/Hacl_Chacha20_Vec128.c +++ b/src/Hacl_Chacha20_Vec128.c @@ -370,9 +370,8 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)256U; - uint8_t *uu____3 = text + nb * (uint32_t)256U; uint8_t plain[256U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U }; chacha20_core_128(k, ctx, nb); Lib_IntVector_Intrinsics_vec128 st0 = k[0U]; @@ -676,9 +675,8 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)256U; - uint8_t *uu____3 = cipher + nb * (uint32_t)256U; uint8_t plain[256U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U }; chacha20_core_128(k, ctx, nb); Lib_IntVector_Intrinsics_vec128 st0 = k[0U]; diff --git a/src/Hacl_Chacha20_Vec256.c b/src/Hacl_Chacha20_Vec256.c index 2df300b6..620f5040 100644 --- a/src/Hacl_Chacha20_Vec256.c +++ b/src/Hacl_Chacha20_Vec256.c @@ -470,9 +470,8 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)512U; - uint8_t *uu____3 = text + nb * (uint32_t)512U; uint8_t plain[512U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U }; chacha20_core_256(k, ctx, nb); Lib_IntVector_Intrinsics_vec256 st0 = k[0U]; @@ -968,9 +967,8 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)512U; - uint8_t *uu____3 = cipher + nb * (uint32_t)512U; uint8_t plain[512U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U }; chacha20_core_256(k, ctx, nb); Lib_IntVector_Intrinsics_vec256 st0 = k[0U]; diff --git a/src/Hacl_Chacha20_Vec32.c b/src/Hacl_Chacha20_Vec32.c index 6f137f39..2bf4764c 100644 --- a/src/Hacl_Chacha20_Vec32.c +++ b/src/Hacl_Chacha20_Vec32.c @@ -229,9 +229,8 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = text + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k[16U] = { 0U }; chacha20_core_32(k, ctx, nb); KRML_MAYBE_FOR16(i, @@ -279,9 +278,8 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = cipher + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k[16U] = { 0U }; chacha20_core_32(k, ctx, nb); KRML_MAYBE_FOR16(i, diff --git a/src/Hacl_Curve25519_64.c b/src/Hacl_Curve25519_64.c index 526fbd22..fb0974fe 100644 --- a/src/Hacl_Curve25519_64.c +++ b/src/Hacl_Curve25519_64.c @@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2) #if HACL_CAN_COMPILE_INLINE_ASM add_scalar(out, f1, f2); #else - uint64_t uu____0 = add_scalar_e(out, f1, f2); + KRML_HOST_IGNORE(add_scalar_e(out, f1, f2)); #endif } @@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2) #if HACL_CAN_COMPILE_INLINE_ASM fadd(out, f1, f2); #else - uint64_t uu____0 = fadd_e(out, f1, f2); + KRML_HOST_IGNORE(fadd_e(out, f1, f2)); #endif } @@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2) #if HACL_CAN_COMPILE_INLINE_ASM fsub(out, f1, f2); #else - uint64_t uu____0 = fsub_e(out, f1, f2); + KRML_HOST_IGNORE(fsub_e(out, f1, f2)); #endif } @@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm #if HACL_CAN_COMPILE_INLINE_ASM fmul(out, f1, f2, tmp); #else - uint64_t uu____0 = fmul_e(tmp, f1, out, f2); + KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2)); #endif } @@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t #if HACL_CAN_COMPILE_INLINE_ASM fmul2(out, f1, f2, tmp); #else - uint64_t uu____0 = fmul2_e(tmp, f1, out, f2); + KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2)); #endif } @@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2) #if HACL_CAN_COMPILE_INLINE_ASM fmul_scalar(out, f1, f2); #else - uint64_t uu____0 = fmul_scalar_e(out, f1, f2); + KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2)); #endif } @@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp) #if HACL_CAN_COMPILE_INLINE_ASM fsqr(out, f1, tmp); #else - uint64_t uu____0 = fsqr_e(tmp, f1, out); + KRML_HOST_IGNORE(fsqr_e(tmp, f1, out)); #endif } @@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp) #if HACL_CAN_COMPILE_INLINE_ASM fsqr2(out, f, tmp); #else - uint64_t uu____0 = fsqr2_e(tmp, f, out); + KRML_HOST_IGNORE(fsqr2_e(tmp, f, out)); #endif } @@ -107,7 +107,7 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2) #if HACL_CAN_COMPILE_INLINE_ASM cswap2(bit, p1, p2); #else - uint64_t uu____0 = cswap2_e(bit, p1, p2); + KRML_HOST_IGNORE(cswap2_e(bit, p1, p2)); #endif } diff --git a/src/Hacl_Ed25519.c b/src/Hacl_Ed25519.c index 9d7c3bd4..36113197 100644 --- a/src/Hacl_Ed25519.c +++ b/src/Hacl_Ed25519.c @@ -711,65 +711,59 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) FStar_UInt128_uint128 c00 = carry0; FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U); - uint64_t - t100 = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00)) - & (uint64_t)0xffffffffffffffU; + KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00)) + & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c10 = carry1; FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U); - uint64_t - t101 = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10)) - & (uint64_t)0xffffffffffffffU; + KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10)) + & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c20 = carry2; FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U); - uint64_t - t102 = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20)) - & (uint64_t)0xffffffffffffffU; + KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20)) + & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c30 = carry3; FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U); uint64_t - t103 = + t100 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c40 = carry4; - uint64_t t410 = t103; + uint64_t t410 = t100; FStar_UInt128_uint128 carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U); uint64_t - t104 = + t101 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c5 = carry5; - uint64_t t51 = t104; + uint64_t t51 = t101; FStar_UInt128_uint128 carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U); uint64_t - t105 = + t102 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c6 = carry6; - uint64_t t61 = t105; + uint64_t t61 = t102; FStar_UInt128_uint128 carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U); uint64_t - t106 = + t103 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c7 = carry7; - uint64_t t71 = t106; + uint64_t t71 = t103; FStar_UInt128_uint128 carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U); uint64_t - t107 = + t104 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c8 = carry8; - uint64_t t81 = t107; + uint64_t t81 = t104; uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8); uint64_t qmu4_ = t410; uint64_t qmu5_ = t51; @@ -818,19 +812,19 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1); FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0); FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U); - uint64_t t108 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU; + uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c0 = carry9; - uint64_t t010 = t108; + uint64_t t010 = t105; FStar_UInt128_uint128 carry10 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0), (uint32_t)56U); uint64_t - t109 = + t106 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c11 = carry10; - uint64_t t110 = t109; + uint64_t t110 = t106; FStar_UInt128_uint128 carry11 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02, @@ -839,14 +833,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) c11), (uint32_t)56U); uint64_t - t1010 = + t107 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02, xy11), xy20), c11)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c21 = carry11; - uint64_t t210 = t1010; + uint64_t t210 = t107; FStar_UInt128_uint128 carry = FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03, @@ -856,7 +850,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) c21), (uint32_t)56U); uint64_t - t1011 = + t108 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03, xy12), xy21), @@ -864,7 +858,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) c21)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c31 = carry; - uint64_t t310 = t1011; + uint64_t t310 = t108; uint64_t t411 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy04, @@ -880,24 +874,24 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) uint64_t qmul3 = t310; uint64_t qmul4 = t411; uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U; - uint64_t t1012 = (b5 << (uint32_t)56U) + r0 - qmul0; + uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0; uint64_t c1 = b5; - uint64_t t011 = t1012; + uint64_t t011 = t109; uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U; - uint64_t t1013 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1); + uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1); uint64_t c2 = b6; - uint64_t t111 = t1013; + uint64_t t111 = t1010; uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U; - uint64_t t1014 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2); + uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2); uint64_t c3 = b7; - uint64_t t211 = t1014; + uint64_t t211 = t1011; uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U; - uint64_t t1015 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3); + uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3); uint64_t c4 = b8; - uint64_t t311 = t1015; + uint64_t t311 = t1012; uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U; - uint64_t t1016 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4); - uint64_t t412 = t1016; + uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4); + uint64_t t412 = t1013; uint64_t s0 = t011; uint64_t s1 = t111; uint64_t s2 = t211; @@ -914,21 +908,21 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) uint64_t y3 = m31; uint64_t y4 = m41; uint64_t b10 = (s0 - y0) >> (uint32_t)63U; - uint64_t t1017 = (b10 << (uint32_t)56U) + s0 - y0; + uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0; uint64_t b0 = b10; - uint64_t t01 = t1017; + uint64_t t01 = t1014; uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U; - uint64_t t1018 = (b11 << (uint32_t)56U) + s1 - (y1 + b0); + uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0); uint64_t b1 = b11; - uint64_t t11 = t1018; + uint64_t t11 = t1015; uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U; - uint64_t t1019 = (b12 << (uint32_t)56U) + s2 - (y2 + b1); + uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1); uint64_t b2 = b12; - uint64_t t21 = t1019; + uint64_t t21 = t1016; uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U; - uint64_t t1020 = (b13 << (uint32_t)56U) + s3 - (y3 + b2); + uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2); uint64_t b3 = b13; - uint64_t t31 = t1020; + uint64_t t31 = t1017; uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U; uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3); uint64_t b4 = b; diff --git a/src/Hacl_FFDHE.c b/src/Hacl_FFDHE.c index 78aaaab6..9cf2ddfb 100644 --- a/src/Hacl_FFDHE.c +++ b/src/Hacl_FFDHE.c @@ -127,7 +127,6 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui memset(p_n1, 0U, nLen * sizeof (uint64_t)); uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1); - uint64_t c1; if ((uint32_t)1U < nLen) { uint64_t *a1 = p_n + (uint32_t)1U; @@ -159,12 +158,12 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui uint64_t *res_i = res1 + i; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i); } - uint64_t c10 = c; - c1 = c10; + uint64_t c1 = c; + KRML_HOST_IGNORE(c1); } else { - c1 = c0; + KRML_HOST_IGNORE(c0); } KRML_CHECK_SIZE(sizeof (uint64_t), nLen); uint64_t b2[nLen]; diff --git a/src/Hacl_Frodo_KEM.c b/src/Hacl_Frodo_KEM.c index 13db363a..4265ac0e 100644 --- a/src/Hacl_Frodo_KEM.c +++ b/src/Hacl_Frodo_KEM.c @@ -30,6 +30,6 @@ void randombytes_(uint32_t len, uint8_t *res) { - bool b = Lib_RandomBuffer_System_randombytes(res, len); + KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len)); } diff --git a/src/Hacl_HMAC_DRBG.c b/src/Hacl_HMAC_DRBG.c index 181a8ef4..0a09aaed 100644 --- a/src/Hacl_HMAC_DRBG.c +++ b/src/Hacl_HMAC_DRBG.c @@ -71,6 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a) bool Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee) { + KRML_HOST_IGNORE(a); + KRML_HOST_IGNORE(projectee); return true; } @@ -1084,6 +1086,7 @@ Hacl_HMAC_DRBG_generate( void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s) { + KRML_HOST_IGNORE(uu___); uint8_t *k = s.k; uint8_t *v = s.v; uint32_t *ctr = s.reseed_counter; diff --git a/src/Hacl_Hash_Blake2.c b/src/Hacl_Hash_Blake2.c index 194e7157..aecc6165 100644 --- a/src/Hacl_Hash_Blake2.c +++ b/src/Hacl_Hash_Blake2.c @@ -545,6 +545,7 @@ Hacl_Blake2b_32_blake2b_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { FStar_UInt128_uint128 @@ -1192,6 +1193,7 @@ Hacl_Blake2s_32_blake2s_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U); diff --git a/src/Hacl_Hash_Blake2b_256.c b/src/Hacl_Hash_Blake2b_256.c index d0df7cd8..b37ffc5f 100644 --- a/src/Hacl_Hash_Blake2b_256.c +++ b/src/Hacl_Hash_Blake2b_256.c @@ -268,6 +268,7 @@ Hacl_Blake2b_256_blake2b_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { FStar_UInt128_uint128 diff --git a/src/Hacl_Hash_Blake2s_128.c b/src/Hacl_Hash_Blake2s_128.c index 5bf06711..86c4f030 100644 --- a/src/Hacl_Hash_Blake2s_128.c +++ b/src/Hacl_Hash_Blake2s_128.c @@ -268,6 +268,7 @@ Hacl_Blake2s_128_blake2s_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U); diff --git a/src/Hacl_Hash_MD5.c b/src/Hacl_Hash_MD5.c index 1b376960..222ac824 100644 --- a/src/Hacl_Hash_MD5.c +++ b/src/Hacl_Hash_MD5.c @@ -1218,7 +1218,6 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Hash_Core_MD5_legacy_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/Hacl_Hash_SHA1.c b/src/Hacl_Hash_SHA1.c index 80edc004..5ecb3c0b 100644 --- a/src/Hacl_Hash_SHA1.c +++ b/src/Hacl_Hash_SHA1.c @@ -254,7 +254,6 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Hash_Core_SHA1_legacy_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/Hacl_Hash_SHA2.c b/src/Hacl_Hash_SHA2.c index 46fde83f..c93c3616 100644 --- a/src/Hacl_Hash_SHA2.c +++ b/src/Hacl_Hash_SHA2.c @@ -537,7 +537,6 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha256_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -836,7 +835,6 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha224_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -962,7 +960,6 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s) Hacl_Streaming_MD_state_64 scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha512_init(block_state); Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -1262,7 +1259,6 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s) Hacl_Streaming_MD_state_64 scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha384_init(block_state); Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/Hacl_Hash_SHA3.c b/src/Hacl_Hash_SHA3.c index 5f4707f4..19d13b1b 100644 --- a/src/Hacl_Hash_SHA3.c +++ b/src/Hacl_Hash_SHA3.c @@ -125,10 +125,9 @@ Hacl_Hash_SHA3_update_last_sha3( if (input_len == len) { Hacl_Impl_SHA3_absorb_inner(len, input, s); - uint8_t *uu____0 = input + input_len; uint8_t lastBlock_[200U] = { 0U }; uint8_t *lastBlock = lastBlock_; - memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t)); + memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t)); lastBlock[0U] = suffix; Hacl_Impl_SHA3_loadState(len, lastBlock, s); if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U) @@ -167,8 +166,7 @@ hash_buf2; Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s) { - Hacl_Streaming_Keccak_state scrut = *s; - Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state; + Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state; return block_state.fst; } @@ -809,6 +807,7 @@ Hacl_Impl_SHA3_keccak( uint8_t *output ) { + KRML_HOST_IGNORE(capacity); uint32_t rateInBytes = rate / (uint32_t)8U; uint64_t s[25U] = { 0U }; absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix); diff --git a/src/Hacl_K256_ECDSA.c b/src/Hacl_K256_ECDSA.c index fb53f3fd..2ffc1060 100644 --- a/src/Hacl_K256_ECDSA.c +++ b/src/Hacl_K256_ECDSA.c @@ -498,7 +498,7 @@ mul_pow2_256_minus_q_add( uint64_t r = c; tmp[len + i0] = r;); memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t)); - uint64_t uu____0 = bn_add(resLen, res, len + (uint32_t)2U, tmp, res); + KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res)); uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res); return c; } @@ -514,15 +514,23 @@ static inline void modq(uint64_t *out, uint64_t *a) uint64_t *t01 = tmp; uint64_t m[7U] = { 0U }; uint64_t p[5U] = { 0U }; - uint64_t - c0 = mul_pow2_256_minus_q_add((uint32_t)4U, (uint32_t)7U, t01, a + (uint32_t)4U, a, m); - uint64_t - c10 = mul_pow2_256_minus_q_add((uint32_t)3U, (uint32_t)5U, t01, m + (uint32_t)4U, m, p); + KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U, + (uint32_t)7U, + t01, + a + (uint32_t)4U, + a, + m)); + KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U, + (uint32_t)5U, + t01, + m + (uint32_t)4U, + m, + p)); uint64_t c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r); - uint64_t c00 = c2; + uint64_t c0 = c2; uint64_t c1 = add4(r, tmp, out); - uint64_t mask = (uint64_t)0U - (c00 + c1); + uint64_t mask = (uint64_t)0U - (c0 + c1); KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, @@ -612,7 +620,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b) uint64_t *res_i = res1 + i; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i);); uint64_t c1 = c; - uint64_t uu____0 = c1; + KRML_HOST_IGNORE(c1); uint64_t flag = l[5U] >> (uint32_t)63U; uint64_t mask = (uint64_t)0U - flag; KRML_MAYBE_FOR4(i, @@ -1223,6 +1231,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar) (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U, (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U }; + KRML_HOST_IGNORE(q2); uint64_t q3[15U] = { @@ -1232,6 +1241,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar) (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U, (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U }; + KRML_HOST_IGNORE(q3); uint64_t q4[15U] = { @@ -1241,6 +1251,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar) (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U, (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U }; + KRML_HOST_IGNORE(q4); uint64_t *r1 = scalar; uint64_t *r2 = scalar + (uint32_t)1U; uint64_t *r3 = scalar + (uint32_t)2U; @@ -1605,6 +1616,7 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg( ) { uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U }; + KRML_HOST_IGNORE(oneq); uint64_t rsdk_q[16U] = { 0U }; uint64_t *r_q = rsdk_q; uint64_t *s_q = rsdk_q + (uint32_t)4U; diff --git a/src/Hacl_RSAPSS.c b/src/Hacl_RSAPSS.c index 19d4e5b4..ceb9a6f0 100644 --- a/src/Hacl_RSAPSS.c +++ b/src/Hacl_RSAPSS.c @@ -404,9 +404,9 @@ load_skey( Sign a message `msg` and write the signature to `sgnt`. @param a Hash algorithm to use. Allowed values for `a` are ... - * Spec_Hash_Definitions_SHA2_256, - * Spec_Hash_Definitions_SHA2_384, and - * Spec_Hash_Definitions_SHA2_512. + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. @@ -518,7 +518,10 @@ Hacl_RSAPSS_rsapss_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`. @@ -637,10 +640,10 @@ Load a public key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@return Returns an allocated public key. Note: caller must take care to `free()` the created key. +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb) @@ -707,11 +710,11 @@ Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. -@return Returns an allocated secret key. Note: caller must take care to `free()` the created key. +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_skey( @@ -804,13 +807,16 @@ uint64_t /** Sign a message `msg` and write the signature to `sgnt`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param salt Pointer to `saltLen` bytes where the salt is read from. @param msgLen Length of message. @@ -873,11 +879,14 @@ Hacl_RSAPSS_rsapss_skey_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param sgntLen Length of signature. @param sgnt Pointer to `sgntLen` bytes where the signature is read from. diff --git a/src/Hacl_Salsa20.c b/src/Hacl_Salsa20.c index e157d5ef..2758f8a4 100644 --- a/src/Hacl_Salsa20.c +++ b/src/Hacl_Salsa20.c @@ -181,6 +181,7 @@ salsa20_encrypt( memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t)); ctx[15U] = (uint32_t)0x6b206574U; uint32_t k[16U] = { 0U }; + KRML_HOST_IGNORE(k); uint32_t rem = len % (uint32_t)64U; uint32_t nb = len / (uint32_t)64U; uint32_t rem1 = len % (uint32_t)64U; @@ -217,9 +218,8 @@ salsa20_encrypt( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = text + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k1[16U] = { 0U }; salsa20_core(k1, ctx, nb); uint32_t bl[16U] = { 0U }; @@ -294,6 +294,7 @@ salsa20_decrypt( memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t)); ctx[15U] = (uint32_t)0x6b206574U; uint32_t k[16U] = { 0U }; + KRML_HOST_IGNORE(k); uint32_t rem = len % (uint32_t)64U; uint32_t nb = len / (uint32_t)64U; uint32_t rem1 = len % (uint32_t)64U; @@ -330,9 +331,8 @@ salsa20_decrypt( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = cipher + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k1[16U] = { 0U }; salsa20_core(k1, ctx, nb); uint32_t bl[16U] = { 0U }; diff --git a/src/Hacl_Streaming_Blake2.c b/src/Hacl_Streaming_Blake2.c index 4faa859e..948d56c2 100644 --- a/src/Hacl_Streaming_Blake2.c +++ b/src/Hacl_Streaming_Blake2.c @@ -54,7 +54,6 @@ void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_ Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U); Hacl_Streaming_Blake2_blake2s_32_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -354,7 +353,6 @@ void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_ Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U); Hacl_Streaming_Blake2_blake2b_32_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/Hacl_Streaming_Blake2b_256.c b/src/Hacl_Streaming_Blake2b_256.c index d2df234a..bdb5433f 100644 --- a/src/Hacl_Streaming_Blake2b_256.c +++ b/src/Hacl_Streaming_Blake2b_256.c @@ -66,7 +66,6 @@ Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init( Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U); Hacl_Streaming_Blake2b_256_blake2b_256_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/Hacl_Streaming_Blake2s_128.c b/src/Hacl_Streaming_Blake2s_128.c index eaace7ce..f97bf5d0 100644 --- a/src/Hacl_Streaming_Blake2s_128.c +++ b/src/Hacl_Streaming_Blake2s_128.c @@ -66,7 +66,6 @@ Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init( Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U); Hacl_Streaming_Blake2s_128_blake2s_128_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/Hacl_Streaming_Poly1305_128.c b/src/Hacl_Streaming_Poly1305_128.c index c752cfb0..c3f7c19a 100644 --- a/src/Hacl_Streaming_Poly1305_128.c +++ b/src/Hacl_Streaming_Poly1305_128.c @@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly130 uint8_t *k_ = scrut.p_key; uint8_t *buf = scrut.buf; Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Poly1305_128_poly1305_init(block_state, k); memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t)); uint8_t *k_1 = k_; @@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_128_finish( { ite1 = r % (uint32_t)16U; } - uint64_t prev_len_last = total_len - (uint64_t)ite1; + KRML_HOST_IGNORE(total_len - (uint64_t)ite1); uint32_t ite2; if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U) { diff --git a/src/Hacl_Streaming_Poly1305_256.c b/src/Hacl_Streaming_Poly1305_256.c index c1915ed9..e56275a4 100644 --- a/src/Hacl_Streaming_Poly1305_256.c +++ b/src/Hacl_Streaming_Poly1305_256.c @@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly130 uint8_t *k_ = scrut.p_key; uint8_t *buf = scrut.buf; Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Poly1305_256_poly1305_init(block_state, k); memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t)); uint8_t *k_1 = k_; @@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_256_finish( { ite1 = r % (uint32_t)16U; } - uint64_t prev_len_last = total_len - (uint64_t)ite1; + KRML_HOST_IGNORE(total_len - (uint64_t)ite1); uint32_t ite2; if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U) { diff --git a/src/Hacl_Streaming_Poly1305_32.c b/src/Hacl_Streaming_Poly1305_32.c index 89852727..249a622f 100644 --- a/src/Hacl_Streaming_Poly1305_32.c +++ b/src/Hacl_Streaming_Poly1305_32.c @@ -53,7 +53,6 @@ Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_ uint8_t *k_ = scrut.p_key; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Poly1305_32_poly1305_init(block_state, k); memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t)); uint8_t *k_1 = k_; diff --git a/src/msvc/EverCrypt_AEAD.c b/src/msvc/EverCrypt_AEAD.c index 564dbc2e..21039bd4 100644 --- a/src/msvc/EverCrypt_AEAD.c +++ b/src/msvc/EverCrypt_AEAD.c @@ -46,6 +46,8 @@ The state may be reused as many times as desired. */ bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee) { + KRML_HOST_IGNORE(a); + KRML_HOST_IGNORE(projectee); return true; } @@ -58,8 +60,7 @@ Return the algorithm used in the AEAD state. */ Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s) { - EverCrypt_AEAD_state_s scrut = *s; - Spec_Cipher_Expansion_impl impl = scrut.impl; + Spec_Cipher_Expansion_impl impl = (*s).impl; switch (impl) { case Spec_Cipher_Expansion_Hacl_CHACHA20: @@ -108,8 +109,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t)); uint8_t *keys_b = ek; uint8_t *hkeys_b = ek + (uint32_t)176U; - uint64_t scrut = aes128_key_expansion(k, keys_b); - uint64_t scrut0 = aes128_keyhash_init(keys_b, hkeys_b); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b)); EverCrypt_AEAD_state_s *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s)); p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }); @@ -136,8 +137,8 @@ create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t)); uint8_t *keys_b = ek; uint8_t *hkeys_b = ek + (uint32_t)240U; - uint64_t scrut = aes256_key_expansion(k, keys_b); - uint64_t scrut0 = aes256_keyhash_init(keys_b, hkeys_b); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b)); EverCrypt_AEAD_state_s *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s)); p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }); @@ -212,8 +213,7 @@ encrypt_aes128_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)304U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -223,8 +223,12 @@ encrypt_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -250,9 +254,7 @@ encrypt_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut0 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -268,7 +270,7 @@ encrypt_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -281,9 +283,7 @@ encrypt_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut0 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -299,7 +299,7 @@ encrypt_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, @@ -336,8 +336,7 @@ encrypt_aes256_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)368U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -347,8 +346,12 @@ encrypt_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -374,9 +377,7 @@ encrypt_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut0 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -392,7 +393,7 @@ encrypt_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -405,9 +406,7 @@ encrypt_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut0 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -423,7 +422,7 @@ encrypt_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, @@ -529,23 +528,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut0 = aes128_key_expansion(k, keys_b0); - uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -555,8 +552,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -582,9 +583,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -600,7 +599,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -613,9 +612,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -631,12 +628,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; #else @@ -673,23 +670,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut0 = aes256_key_expansion(k, keys_b0); - uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -699,8 +694,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -726,9 +725,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -744,7 +741,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -757,9 +754,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -775,12 +770,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; #else @@ -816,23 +811,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut0 = aes128_key_expansion(k, keys_b0); - uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -842,8 +835,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -869,9 +866,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -887,7 +882,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -900,9 +895,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm128_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -918,12 +911,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; } @@ -957,23 +950,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut0 = aes256_key_expansion(k, keys_b0); - uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; - EverCrypt_Error_error_code r; if (s == NULL) { - r = EverCrypt_Error_InvalidKey; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey); } else if (iv_len == (uint32_t)0U) { - r = EverCrypt_Error_InvalidIVLength; + KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength); } else { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -983,8 +974,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1010,9 +1005,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -1028,7 +1021,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } else { @@ -1041,9 +1034,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; - uint64_t - scrut2 = - gcm256_encrypt_opt(auth_b_, + KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, keys_b, @@ -1059,12 +1050,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( inout_b, (uint64_t)plain_len, scratch_b1, - tag); + tag)); } memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U, inout_b, (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t)); - r = EverCrypt_Error_Success; + KRML_HOST_IGNORE(EverCrypt_Error_Success); } return EverCrypt_Error_Success; } @@ -1087,12 +1078,12 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305( uint8_t *tag ) { + KRML_HOST_IGNORE(iv_len); uint8_t ek[32U] = { 0U }; EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek }; memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t)); EverCrypt_AEAD_state_s *s = &p; - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek0 = scrut.ek; + uint8_t *ek0 = (*s).ek; EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag); return EverCrypt_Error_Success; } @@ -1182,8 +1173,7 @@ decrypt_aes128_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)304U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -1193,8 +1183,12 @@ decrypt_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1222,7 +1216,7 @@ decrypt_aes128_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut0 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1240,7 +1234,6 @@ decrypt_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } else @@ -1255,7 +1248,7 @@ decrypt_aes128_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut0 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1273,7 +1266,6 @@ decrypt_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1316,8 +1308,7 @@ decrypt_aes256_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint8_t *scratch_b = ek + (uint32_t)368U; uint8_t *ek1 = ek; uint8_t *keys_b = ek1; @@ -1327,8 +1318,12 @@ decrypt_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1356,7 +1351,7 @@ decrypt_aes256_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut0 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1374,7 +1369,6 @@ decrypt_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } else @@ -1389,7 +1383,7 @@ decrypt_aes256_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut0 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1407,7 +1401,6 @@ decrypt_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut0; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1449,8 +1442,7 @@ decrypt_chacha20_poly1305( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; uint32_t r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag); if (r == (uint32_t)0U) @@ -1508,8 +1500,7 @@ EverCrypt_AEAD_decrypt( { return EverCrypt_Error_InvalidKey; } - EverCrypt_AEAD_state_s scrut = *s; - Spec_Cipher_Expansion_impl i = scrut.impl; + Spec_Cipher_Expansion_impl i = (*s).impl; switch (i) { case Spec_Cipher_Expansion_Vale_AES128: @@ -1557,8 +1548,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut = aes128_key_expansion(k, keys_b0); - uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -1569,8 +1560,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -1580,8 +1570,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1609,7 +1603,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1627,7 +1621,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -1642,7 +1635,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1660,7 +1653,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1706,8 +1698,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut = aes256_key_expansion(k, keys_b0); - uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -1718,8 +1710,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -1729,8 +1720,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1758,7 +1753,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1776,7 +1771,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -1791,7 +1785,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1809,7 +1803,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -1854,8 +1847,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)176U; - uint64_t scrut = aes128_key_expansion(k, keys_b0); - uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -1866,8 +1859,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)304U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -1877,8 +1869,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -1906,7 +1902,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1924,7 +1920,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -1939,7 +1934,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm128_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -1957,7 +1952,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -2000,8 +1994,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; uint8_t *hkeys_b0 = ek + (uint32_t)240U; - uint64_t scrut = aes256_key_expansion(k, keys_b0); - uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0); + KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0)); + KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0)); EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek }; EverCrypt_AEAD_state_s *s = &p; if (s == NULL) @@ -2012,8 +2006,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( { return EverCrypt_Error_InvalidIVLength; } - EverCrypt_AEAD_state_s scrut1 = *s; - uint8_t *ek0 = scrut1.ek; + uint8_t *ek0 = (*s).ek; uint8_t *scratch_b = ek0 + (uint32_t)368U; uint8_t *ek1 = ek0; uint8_t *keys_b = ek1; @@ -2023,8 +2016,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint32_t bytes_len = len * (uint32_t)16U; uint8_t *iv_b = iv; memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t)); - uint64_t - uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b); + KRML_HOST_IGNORE(compute_iv_stdcall(iv_b, + (uint64_t)iv_len, + (uint64_t)len, + tmp_iv, + tmp_iv, + hkeys_b)); uint8_t *inout_b = scratch_b; uint8_t *abytes_b = scratch_b + (uint32_t)16U; uint8_t *scratch_b1 = scratch_b + (uint32_t)32U; @@ -2052,7 +2049,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint64_t len128x6_ = len128x6 / (uint64_t)16U; uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -2070,7 +2067,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } else @@ -2085,7 +2081,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint64_t len128_num_ = len128_num / (uint64_t)16U; uint64_t len128x6_ = (uint64_t)0U; uint64_t - scrut2 = + c0 = gcm256_decrypt_opt(auth_b_, (uint64_t)ad_len, auth_num, @@ -2103,7 +2099,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( (uint64_t)cipher_len, scratch_b1, tag); - uint64_t c0 = scrut2; c = c0; } memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U, @@ -2214,8 +2209,7 @@ Cleanup and free the AEAD state. */ void EverCrypt_AEAD_free(EverCrypt_AEAD_state_s *s) { - EverCrypt_AEAD_state_s scrut = *s; - uint8_t *ek = scrut.ek; + uint8_t *ek = (*s).ek; KRML_HOST_FREE(ek); KRML_HOST_FREE(s); } diff --git a/src/msvc/EverCrypt_AutoConfig2.c b/src/msvc/EverCrypt_AutoConfig2.c index fe93ef8a..b549d020 100644 --- a/src/msvc/EverCrypt_AutoConfig2.c +++ b/src/msvc/EverCrypt_AutoConfig2.c @@ -113,75 +113,59 @@ void EverCrypt_AutoConfig2_recall(void) void EverCrypt_AutoConfig2_init(void) { #if HACL_CAN_COMPILE_VALE - uint64_t scrut = check_aesni(); - if (scrut != (uint64_t)0U) + if (check_aesni() != (uint64_t)0U) { cpu_has_aesni[0U] = true; cpu_has_pclmulqdq[0U] = true; } - uint64_t scrut0 = check_sha(); - if (scrut0 != (uint64_t)0U) + if (check_sha() != (uint64_t)0U) { cpu_has_shaext[0U] = true; } - uint64_t scrut1 = check_adx_bmi2(); - if (scrut1 != (uint64_t)0U) + if (check_adx_bmi2() != (uint64_t)0U) { cpu_has_bmi2[0U] = true; cpu_has_adx[0U] = true; } - uint64_t scrut2 = check_avx(); - if (scrut2 != (uint64_t)0U) + if (check_avx() != (uint64_t)0U) { - uint64_t scrut3 = check_osxsave(); - if (scrut3 != (uint64_t)0U) + if (check_osxsave() != (uint64_t)0U) { - uint64_t scrut4 = check_avx_xcr0(); - if (scrut4 != (uint64_t)0U) + if (check_avx_xcr0() != (uint64_t)0U) { cpu_has_avx[0U] = true; } } } - uint64_t scrut3 = check_avx2(); - if (scrut3 != (uint64_t)0U) + if (check_avx2() != (uint64_t)0U) { - uint64_t scrut4 = check_osxsave(); - if (scrut4 != (uint64_t)0U) + if (check_osxsave() != (uint64_t)0U) { - uint64_t scrut5 = check_avx_xcr0(); - if (scrut5 != (uint64_t)0U) + if (check_avx_xcr0() != (uint64_t)0U) { cpu_has_avx2[0U] = true; } } } - uint64_t scrut4 = check_sse(); - if (scrut4 != (uint64_t)0U) + if (check_sse() != (uint64_t)0U) { cpu_has_sse[0U] = true; } - uint64_t scrut5 = check_movbe(); - if (scrut5 != (uint64_t)0U) + if (check_movbe() != (uint64_t)0U) { cpu_has_movbe[0U] = true; } - uint64_t scrut6 = check_rdrand(); - if (scrut6 != (uint64_t)0U) + if (check_rdrand() != (uint64_t)0U) { cpu_has_rdrand[0U] = true; } - uint64_t scrut7 = check_avx512(); - if (scrut7 != (uint64_t)0U) + if (check_avx512() != (uint64_t)0U) { - uint64_t scrut8 = check_osxsave(); - if (scrut8 != (uint64_t)0U) + if (check_osxsave() != (uint64_t)0U) { - uint64_t scrut9 = check_avx_xcr0(); - if (scrut9 != (uint64_t)0U) + if (check_avx_xcr0() != (uint64_t)0U) { - uint64_t scrut10 = check_avx512_xcr0(); - if (scrut10 != (uint64_t)0U) + if (check_avx512_xcr0() != (uint64_t)0U) { cpu_has_avx512[0U] = true; return; diff --git a/src/msvc/EverCrypt_DRBG.c b/src/msvc/EverCrypt_DRBG.c index 243d8eb4..9591823c 100644 --- a/src/msvc/EverCrypt_DRBG.c +++ b/src/msvc/EverCrypt_DRBG.c @@ -92,6 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA1_s) { return true; @@ -105,6 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA2_256_s) { return true; @@ -118,6 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA2_384_s) { return true; @@ -131,6 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s( EverCrypt_DRBG_state_s projectee ) { + KRML_HOST_IGNORE(uu___); if (projectee.tag == SHA2_512_s) { return true; diff --git a/src/msvc/EverCrypt_Hash.c b/src/msvc/EverCrypt_Hash.c index 914a105f..b88df9e2 100644 --- a/src/msvc/EverCrypt_Hash.c +++ b/src/msvc/EverCrypt_Hash.c @@ -399,7 +399,7 @@ void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n) if (has_shaext && has_sse) { uint64_t n1 = (uint64_t)n; - uint64_t scrut = sha256_update(s, blocks, n1, k224_256); + KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256)); return; } Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s); @@ -2156,8 +2156,7 @@ Perform a run-time test to determine which algorithm was chosen for the given pi Spec_Hash_Definitions_hash_alg EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s) { - EverCrypt_Hash_Incremental_hash_state scrut = *s; - EverCrypt_Hash_state_s *block_state = scrut.block_state; + EverCrypt_Hash_state_s *block_state = (*s).block_state; return alg_of_state(block_state); } diff --git a/src/msvc/EverCrypt_Poly1305.c b/src/msvc/EverCrypt_Poly1305.c index 717b9527..82ca9b99 100644 --- a/src/msvc/EverCrypt_Poly1305.c +++ b/src/msvc/EverCrypt_Poly1305.c @@ -38,19 +38,16 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key uint8_t tmp[16U] = { 0U }; if (n_extra == (uint32_t)0U) { - uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U); - KRML_HOST_IGNORE((void *)(uint8_t)0U); + KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U)); } else { uint32_t len16 = n_blocks * (uint32_t)16U; uint8_t *src16 = src; memcpy(tmp, src + len16, n_extra * sizeof (uint8_t)); - uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U); - KRML_HOST_IGNORE((void *)(uint8_t)0U); + KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U)); memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t)); - uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U); - KRML_HOST_IGNORE((void *)(uint8_t)0U); + KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U)); } memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t)); #endif diff --git a/src/msvc/Hacl_Chacha20_Vec128.c b/src/msvc/Hacl_Chacha20_Vec128.c index ed112654..1e0c4ec1 100644 --- a/src/msvc/Hacl_Chacha20_Vec128.c +++ b/src/msvc/Hacl_Chacha20_Vec128.c @@ -370,9 +370,8 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)256U; - uint8_t *uu____3 = text + nb * (uint32_t)256U; uint8_t plain[256U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U }; chacha20_core_128(k, ctx, nb); Lib_IntVector_Intrinsics_vec128 st0 = k[0U]; @@ -676,9 +675,8 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)256U; - uint8_t *uu____3 = cipher + nb * (uint32_t)256U; uint8_t plain[256U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U }; chacha20_core_128(k, ctx, nb); Lib_IntVector_Intrinsics_vec128 st0 = k[0U]; diff --git a/src/msvc/Hacl_Chacha20_Vec256.c b/src/msvc/Hacl_Chacha20_Vec256.c index 2df300b6..620f5040 100644 --- a/src/msvc/Hacl_Chacha20_Vec256.c +++ b/src/msvc/Hacl_Chacha20_Vec256.c @@ -470,9 +470,8 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)512U; - uint8_t *uu____3 = text + nb * (uint32_t)512U; uint8_t plain[512U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U }; chacha20_core_256(k, ctx, nb); Lib_IntVector_Intrinsics_vec256 st0 = k[0U]; @@ -968,9 +967,8 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)512U; - uint8_t *uu____3 = cipher + nb * (uint32_t)512U; uint8_t plain[512U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t)); KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U }; chacha20_core_256(k, ctx, nb); Lib_IntVector_Intrinsics_vec256 st0 = k[0U]; diff --git a/src/msvc/Hacl_Chacha20_Vec32.c b/src/msvc/Hacl_Chacha20_Vec32.c index 6f137f39..2bf4764c 100644 --- a/src/msvc/Hacl_Chacha20_Vec32.c +++ b/src/msvc/Hacl_Chacha20_Vec32.c @@ -229,9 +229,8 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = text + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k[16U] = { 0U }; chacha20_core_32(k, ctx, nb); KRML_MAYBE_FOR16(i, @@ -279,9 +278,8 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = cipher + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k[16U] = { 0U }; chacha20_core_32(k, ctx, nb); KRML_MAYBE_FOR16(i, diff --git a/src/msvc/Hacl_Curve25519_64.c b/src/msvc/Hacl_Curve25519_64.c index 526fbd22..fb0974fe 100644 --- a/src/msvc/Hacl_Curve25519_64.c +++ b/src/msvc/Hacl_Curve25519_64.c @@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2) #if HACL_CAN_COMPILE_INLINE_ASM add_scalar(out, f1, f2); #else - uint64_t uu____0 = add_scalar_e(out, f1, f2); + KRML_HOST_IGNORE(add_scalar_e(out, f1, f2)); #endif } @@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2) #if HACL_CAN_COMPILE_INLINE_ASM fadd(out, f1, f2); #else - uint64_t uu____0 = fadd_e(out, f1, f2); + KRML_HOST_IGNORE(fadd_e(out, f1, f2)); #endif } @@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2) #if HACL_CAN_COMPILE_INLINE_ASM fsub(out, f1, f2); #else - uint64_t uu____0 = fsub_e(out, f1, f2); + KRML_HOST_IGNORE(fsub_e(out, f1, f2)); #endif } @@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm #if HACL_CAN_COMPILE_INLINE_ASM fmul(out, f1, f2, tmp); #else - uint64_t uu____0 = fmul_e(tmp, f1, out, f2); + KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2)); #endif } @@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t #if HACL_CAN_COMPILE_INLINE_ASM fmul2(out, f1, f2, tmp); #else - uint64_t uu____0 = fmul2_e(tmp, f1, out, f2); + KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2)); #endif } @@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2) #if HACL_CAN_COMPILE_INLINE_ASM fmul_scalar(out, f1, f2); #else - uint64_t uu____0 = fmul_scalar_e(out, f1, f2); + KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2)); #endif } @@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp) #if HACL_CAN_COMPILE_INLINE_ASM fsqr(out, f1, tmp); #else - uint64_t uu____0 = fsqr_e(tmp, f1, out); + KRML_HOST_IGNORE(fsqr_e(tmp, f1, out)); #endif } @@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp) #if HACL_CAN_COMPILE_INLINE_ASM fsqr2(out, f, tmp); #else - uint64_t uu____0 = fsqr2_e(tmp, f, out); + KRML_HOST_IGNORE(fsqr2_e(tmp, f, out)); #endif } @@ -107,7 +107,7 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2) #if HACL_CAN_COMPILE_INLINE_ASM cswap2(bit, p1, p2); #else - uint64_t uu____0 = cswap2_e(bit, p1, p2); + KRML_HOST_IGNORE(cswap2_e(bit, p1, p2)); #endif } diff --git a/src/msvc/Hacl_Ed25519.c b/src/msvc/Hacl_Ed25519.c index 9d7c3bd4..36113197 100644 --- a/src/msvc/Hacl_Ed25519.c +++ b/src/msvc/Hacl_Ed25519.c @@ -711,65 +711,59 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) FStar_UInt128_uint128 c00 = carry0; FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U); - uint64_t - t100 = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00)) - & (uint64_t)0xffffffffffffffU; + KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00)) + & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c10 = carry1; FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U); - uint64_t - t101 = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10)) - & (uint64_t)0xffffffffffffffU; + KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10)) + & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c20 = carry2; FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U); - uint64_t - t102 = - FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20)) - & (uint64_t)0xffffffffffffffU; + KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20)) + & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c30 = carry3; FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U); uint64_t - t103 = + t100 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c40 = carry4; - uint64_t t410 = t103; + uint64_t t410 = t100; FStar_UInt128_uint128 carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U); uint64_t - t104 = + t101 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c5 = carry5; - uint64_t t51 = t104; + uint64_t t51 = t101; FStar_UInt128_uint128 carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U); uint64_t - t105 = + t102 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c6 = carry6; - uint64_t t61 = t105; + uint64_t t61 = t102; FStar_UInt128_uint128 carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U); uint64_t - t106 = + t103 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c7 = carry7; - uint64_t t71 = t106; + uint64_t t71 = t103; FStar_UInt128_uint128 carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U); uint64_t - t107 = + t104 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c8 = carry8; - uint64_t t81 = t107; + uint64_t t81 = t104; uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8); uint64_t qmu4_ = t410; uint64_t qmu5_ = t51; @@ -818,19 +812,19 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1); FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0); FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U); - uint64_t t108 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU; + uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c0 = carry9; - uint64_t t010 = t108; + uint64_t t010 = t105; FStar_UInt128_uint128 carry10 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0), (uint32_t)56U); uint64_t - t109 = + t106 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c11 = carry10; - uint64_t t110 = t109; + uint64_t t110 = t106; FStar_UInt128_uint128 carry11 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02, @@ -839,14 +833,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) c11), (uint32_t)56U); uint64_t - t1010 = + t107 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02, xy11), xy20), c11)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c21 = carry11; - uint64_t t210 = t1010; + uint64_t t210 = t107; FStar_UInt128_uint128 carry = FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03, @@ -856,7 +850,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) c21), (uint32_t)56U); uint64_t - t1011 = + t108 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03, xy12), xy21), @@ -864,7 +858,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) c21)) & (uint64_t)0xffffffffffffffU; FStar_UInt128_uint128 c31 = carry; - uint64_t t310 = t1011; + uint64_t t310 = t108; uint64_t t411 = FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy04, @@ -880,24 +874,24 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) uint64_t qmul3 = t310; uint64_t qmul4 = t411; uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U; - uint64_t t1012 = (b5 << (uint32_t)56U) + r0 - qmul0; + uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0; uint64_t c1 = b5; - uint64_t t011 = t1012; + uint64_t t011 = t109; uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U; - uint64_t t1013 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1); + uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1); uint64_t c2 = b6; - uint64_t t111 = t1013; + uint64_t t111 = t1010; uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U; - uint64_t t1014 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2); + uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2); uint64_t c3 = b7; - uint64_t t211 = t1014; + uint64_t t211 = t1011; uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U; - uint64_t t1015 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3); + uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3); uint64_t c4 = b8; - uint64_t t311 = t1015; + uint64_t t311 = t1012; uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U; - uint64_t t1016 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4); - uint64_t t412 = t1016; + uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4); + uint64_t t412 = t1013; uint64_t s0 = t011; uint64_t s1 = t111; uint64_t s2 = t211; @@ -914,21 +908,21 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) uint64_t y3 = m31; uint64_t y4 = m41; uint64_t b10 = (s0 - y0) >> (uint32_t)63U; - uint64_t t1017 = (b10 << (uint32_t)56U) + s0 - y0; + uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0; uint64_t b0 = b10; - uint64_t t01 = t1017; + uint64_t t01 = t1014; uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U; - uint64_t t1018 = (b11 << (uint32_t)56U) + s1 - (y1 + b0); + uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0); uint64_t b1 = b11; - uint64_t t11 = t1018; + uint64_t t11 = t1015; uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U; - uint64_t t1019 = (b12 << (uint32_t)56U) + s2 - (y2 + b1); + uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1); uint64_t b2 = b12; - uint64_t t21 = t1019; + uint64_t t21 = t1016; uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U; - uint64_t t1020 = (b13 << (uint32_t)56U) + s3 - (y3 + b2); + uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2); uint64_t b3 = b13; - uint64_t t31 = t1020; + uint64_t t31 = t1017; uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U; uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3); uint64_t b4 = b; diff --git a/src/msvc/Hacl_FFDHE.c b/src/msvc/Hacl_FFDHE.c index 53b87f73..bc77dbdc 100644 --- a/src/msvc/Hacl_FFDHE.c +++ b/src/msvc/Hacl_FFDHE.c @@ -127,7 +127,6 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui memset(p_n1, 0U, nLen * sizeof (uint64_t)); uint64_t c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1); - uint64_t c1; if ((uint32_t)1U < nLen) { uint64_t *a1 = p_n + (uint32_t)1U; @@ -159,12 +158,12 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui uint64_t *res_i = res1 + i; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i); } - uint64_t c10 = c; - c1 = c10; + uint64_t c1 = c; + KRML_HOST_IGNORE(c1); } else { - c1 = c0; + KRML_HOST_IGNORE(c0); } KRML_CHECK_SIZE(sizeof (uint64_t), nLen); uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t)); diff --git a/src/msvc/Hacl_Frodo_KEM.c b/src/msvc/Hacl_Frodo_KEM.c index 13db363a..4265ac0e 100644 --- a/src/msvc/Hacl_Frodo_KEM.c +++ b/src/msvc/Hacl_Frodo_KEM.c @@ -30,6 +30,6 @@ void randombytes_(uint32_t len, uint8_t *res) { - bool b = Lib_RandomBuffer_System_randombytes(res, len); + KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len)); } diff --git a/src/msvc/Hacl_HMAC_DRBG.c b/src/msvc/Hacl_HMAC_DRBG.c index 93e47dc9..b3acf354 100644 --- a/src/msvc/Hacl_HMAC_DRBG.c +++ b/src/msvc/Hacl_HMAC_DRBG.c @@ -71,6 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a) bool Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee) { + KRML_HOST_IGNORE(a); + KRML_HOST_IGNORE(projectee); return true; } @@ -1104,6 +1106,7 @@ Hacl_HMAC_DRBG_generate( void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s) { + KRML_HOST_IGNORE(uu___); uint8_t *k = s.k; uint8_t *v = s.v; uint32_t *ctr = s.reseed_counter; diff --git a/src/msvc/Hacl_Hash_Blake2.c b/src/msvc/Hacl_Hash_Blake2.c index 194e7157..aecc6165 100644 --- a/src/msvc/Hacl_Hash_Blake2.c +++ b/src/msvc/Hacl_Hash_Blake2.c @@ -545,6 +545,7 @@ Hacl_Blake2b_32_blake2b_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { FStar_UInt128_uint128 @@ -1192,6 +1193,7 @@ Hacl_Blake2s_32_blake2s_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U); diff --git a/src/msvc/Hacl_Hash_Blake2b_256.c b/src/msvc/Hacl_Hash_Blake2b_256.c index d0df7cd8..b37ffc5f 100644 --- a/src/msvc/Hacl_Hash_Blake2b_256.c +++ b/src/msvc/Hacl_Hash_Blake2b_256.c @@ -268,6 +268,7 @@ Hacl_Blake2b_256_blake2b_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { FStar_UInt128_uint128 diff --git a/src/msvc/Hacl_Hash_Blake2s_128.c b/src/msvc/Hacl_Hash_Blake2s_128.c index 5bf06711..86c4f030 100644 --- a/src/msvc/Hacl_Hash_Blake2s_128.c +++ b/src/msvc/Hacl_Hash_Blake2s_128.c @@ -268,6 +268,7 @@ Hacl_Blake2s_128_blake2s_update_multi( uint32_t nb ) { + KRML_HOST_IGNORE(len); for (uint32_t i = (uint32_t)0U; i < nb; i++) { uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U); diff --git a/src/msvc/Hacl_Hash_MD5.c b/src/msvc/Hacl_Hash_MD5.c index 1b376960..222ac824 100644 --- a/src/msvc/Hacl_Hash_MD5.c +++ b/src/msvc/Hacl_Hash_MD5.c @@ -1218,7 +1218,6 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Hash_Core_MD5_legacy_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/msvc/Hacl_Hash_SHA1.c b/src/msvc/Hacl_Hash_SHA1.c index 80edc004..5ecb3c0b 100644 --- a/src/msvc/Hacl_Hash_SHA1.c +++ b/src/msvc/Hacl_Hash_SHA1.c @@ -254,7 +254,6 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Hash_Core_SHA1_legacy_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/msvc/Hacl_Hash_SHA2.c b/src/msvc/Hacl_Hash_SHA2.c index 46fde83f..c93c3616 100644 --- a/src/msvc/Hacl_Hash_SHA2.c +++ b/src/msvc/Hacl_Hash_SHA2.c @@ -537,7 +537,6 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha256_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -836,7 +835,6 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s) Hacl_Streaming_MD_state_32 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha224_init(block_state); Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -962,7 +960,6 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s) Hacl_Streaming_MD_state_64 scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha512_init(block_state); Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -1262,7 +1259,6 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s) Hacl_Streaming_MD_state_64 scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_SHA2_Scalar32_sha384_init(block_state); Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/msvc/Hacl_Hash_SHA3.c b/src/msvc/Hacl_Hash_SHA3.c index 5f4707f4..19d13b1b 100644 --- a/src/msvc/Hacl_Hash_SHA3.c +++ b/src/msvc/Hacl_Hash_SHA3.c @@ -125,10 +125,9 @@ Hacl_Hash_SHA3_update_last_sha3( if (input_len == len) { Hacl_Impl_SHA3_absorb_inner(len, input, s); - uint8_t *uu____0 = input + input_len; uint8_t lastBlock_[200U] = { 0U }; uint8_t *lastBlock = lastBlock_; - memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t)); + memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t)); lastBlock[0U] = suffix; Hacl_Impl_SHA3_loadState(len, lastBlock, s); if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U) @@ -167,8 +166,7 @@ hash_buf2; Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s) { - Hacl_Streaming_Keccak_state scrut = *s; - Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state; + Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state; return block_state.fst; } @@ -809,6 +807,7 @@ Hacl_Impl_SHA3_keccak( uint8_t *output ) { + KRML_HOST_IGNORE(capacity); uint32_t rateInBytes = rate / (uint32_t)8U; uint64_t s[25U] = { 0U }; absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix); diff --git a/src/msvc/Hacl_K256_ECDSA.c b/src/msvc/Hacl_K256_ECDSA.c index 19395653..c5dda43f 100644 --- a/src/msvc/Hacl_K256_ECDSA.c +++ b/src/msvc/Hacl_K256_ECDSA.c @@ -498,7 +498,7 @@ mul_pow2_256_minus_q_add( uint64_t r = c; tmp[len + i0] = r;); memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t)); - uint64_t uu____0 = bn_add(resLen, res, len + (uint32_t)2U, tmp, res); + KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res)); uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res); return c; } @@ -514,15 +514,23 @@ static inline void modq(uint64_t *out, uint64_t *a) uint64_t *t01 = tmp; uint64_t m[7U] = { 0U }; uint64_t p[5U] = { 0U }; - uint64_t - c0 = mul_pow2_256_minus_q_add((uint32_t)4U, (uint32_t)7U, t01, a + (uint32_t)4U, a, m); - uint64_t - c10 = mul_pow2_256_minus_q_add((uint32_t)3U, (uint32_t)5U, t01, m + (uint32_t)4U, m, p); + KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U, + (uint32_t)7U, + t01, + a + (uint32_t)4U, + a, + m)); + KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U, + (uint32_t)5U, + t01, + m + (uint32_t)4U, + m, + p)); uint64_t c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r); - uint64_t c00 = c2; + uint64_t c0 = c2; uint64_t c1 = add4(r, tmp, out); - uint64_t mask = (uint64_t)0U - (c00 + c1); + uint64_t mask = (uint64_t)0U - (c0 + c1); KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, @@ -612,7 +620,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b) uint64_t *res_i = res1 + i; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i);); uint64_t c1 = c; - uint64_t uu____0 = c1; + KRML_HOST_IGNORE(c1); uint64_t flag = l[5U] >> (uint32_t)63U; uint64_t mask = (uint64_t)0U - flag; KRML_MAYBE_FOR4(i, @@ -1223,6 +1231,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar) (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U, (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U }; + KRML_HOST_IGNORE(q2); uint64_t q3[15U] = { @@ -1232,6 +1241,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar) (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U, (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U }; + KRML_HOST_IGNORE(q3); uint64_t q4[15U] = { @@ -1241,6 +1251,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar) (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U, (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U }; + KRML_HOST_IGNORE(q4); uint64_t *r1 = scalar; uint64_t *r2 = scalar + (uint32_t)1U; uint64_t *r3 = scalar + (uint32_t)2U; @@ -1605,6 +1616,7 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg( ) { uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U }; + KRML_HOST_IGNORE(oneq); uint64_t rsdk_q[16U] = { 0U }; uint64_t *r_q = rsdk_q; uint64_t *s_q = rsdk_q + (uint32_t)4U; diff --git a/src/msvc/Hacl_RSAPSS.c b/src/msvc/Hacl_RSAPSS.c index ce2fb517..084f10b3 100644 --- a/src/msvc/Hacl_RSAPSS.c +++ b/src/msvc/Hacl_RSAPSS.c @@ -404,9 +404,9 @@ load_skey( Sign a message `msg` and write the signature to `sgnt`. @param a Hash algorithm to use. Allowed values for `a` are ... - * Spec_Hash_Definitions_SHA2_256, - * Spec_Hash_Definitions_SHA2_384, and - * Spec_Hash_Definitions_SHA2_512. + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. @@ -518,7 +518,10 @@ Hacl_RSAPSS_rsapss_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`. @@ -637,10 +640,10 @@ Load a public key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@return Returns an allocated public key. Note: caller must take care to `free()` the created key. +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb) @@ -707,11 +710,11 @@ Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. -@return Returns an allocated secret key. Note: caller must take care to `free()` the created key. +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. */ uint64_t *Hacl_RSAPSS_new_rsapss_load_skey( @@ -804,13 +807,16 @@ uint64_t /** Sign a message `msg` and write the signature to `sgnt`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. @param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param salt Pointer to `saltLen` bytes where the salt is read from. @param msgLen Length of message. @@ -875,11 +881,14 @@ Hacl_RSAPSS_rsapss_skey_sign( /** Verify the signature `sgnt` of a message `msg`. -@param a Hash algorithm to use. +@param a Hash algorithm to use. Allowed values for `a` are ... + - Spec_Hash_Definitions_SHA2_256, + - Spec_Hash_Definitions_SHA2_384, and + - Spec_Hash_Definitions_SHA2_512. @param modBits Count of bits in the modulus (`n`). @param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. @param saltLen Length of salt. @param sgntLen Length of signature. @param sgnt Pointer to `sgntLen` bytes where the signature is read from. diff --git a/src/msvc/Hacl_Salsa20.c b/src/msvc/Hacl_Salsa20.c index e157d5ef..2758f8a4 100644 --- a/src/msvc/Hacl_Salsa20.c +++ b/src/msvc/Hacl_Salsa20.c @@ -181,6 +181,7 @@ salsa20_encrypt( memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t)); ctx[15U] = (uint32_t)0x6b206574U; uint32_t k[16U] = { 0U }; + KRML_HOST_IGNORE(k); uint32_t rem = len % (uint32_t)64U; uint32_t nb = len / (uint32_t)64U; uint32_t rem1 = len % (uint32_t)64U; @@ -217,9 +218,8 @@ salsa20_encrypt( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = text + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k1[16U] = { 0U }; salsa20_core(k1, ctx, nb); uint32_t bl[16U] = { 0U }; @@ -294,6 +294,7 @@ salsa20_decrypt( memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t)); ctx[15U] = (uint32_t)0x6b206574U; uint32_t k[16U] = { 0U }; + KRML_HOST_IGNORE(k); uint32_t rem = len % (uint32_t)64U; uint32_t nb = len / (uint32_t)64U; uint32_t rem1 = len % (uint32_t)64U; @@ -330,9 +331,8 @@ salsa20_decrypt( if (rem1 > (uint32_t)0U) { uint8_t *uu____2 = out + nb * (uint32_t)64U; - uint8_t *uu____3 = cipher + nb * (uint32_t)64U; uint8_t plain[64U] = { 0U }; - memcpy(plain, uu____3, rem * sizeof (uint8_t)); + memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t)); uint32_t k1[16U] = { 0U }; salsa20_core(k1, ctx, nb); uint32_t bl[16U] = { 0U }; diff --git a/src/msvc/Hacl_Streaming_Blake2.c b/src/msvc/Hacl_Streaming_Blake2.c index 4faa859e..948d56c2 100644 --- a/src/msvc/Hacl_Streaming_Blake2.c +++ b/src/msvc/Hacl_Streaming_Blake2.c @@ -54,7 +54,6 @@ void Hacl_Streaming_Blake2_blake2s_32_no_key_init(Hacl_Streaming_Blake2_blake2s_ Hacl_Streaming_Blake2_blake2s_32_state scrut = *s1; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2_blake2s_32_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U); Hacl_Streaming_Blake2_blake2s_32_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -354,7 +353,6 @@ void Hacl_Streaming_Blake2_blake2b_32_no_key_init(Hacl_Streaming_Blake2_blake2b_ Hacl_Streaming_Blake2_blake2b_32_state scrut = *s1; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2_blake2b_32_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U); Hacl_Streaming_Blake2_blake2b_32_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/msvc/Hacl_Streaming_Blake2b_256.c b/src/msvc/Hacl_Streaming_Blake2b_256.c index d2df234a..bdb5433f 100644 --- a/src/msvc/Hacl_Streaming_Blake2b_256.c +++ b/src/msvc/Hacl_Streaming_Blake2b_256.c @@ -66,7 +66,6 @@ Hacl_Streaming_Blake2b_256_blake2b_256_no_key_init( Hacl_Streaming_Blake2b_256_blake2b_256_state scrut = *s; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2b_256_blake2b_256_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2b_256_blake2b_init(block_state.snd, (uint32_t)0U, (uint32_t)64U); Hacl_Streaming_Blake2b_256_blake2b_256_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/msvc/Hacl_Streaming_Blake2s_128.c b/src/msvc/Hacl_Streaming_Blake2s_128.c index eaace7ce..f97bf5d0 100644 --- a/src/msvc/Hacl_Streaming_Blake2s_128.c +++ b/src/msvc/Hacl_Streaming_Blake2s_128.c @@ -66,7 +66,6 @@ Hacl_Streaming_Blake2s_128_blake2s_128_no_key_init( Hacl_Streaming_Blake2s_128_blake2s_128_state scrut = *s; uint8_t *buf = scrut.buf; Hacl_Streaming_Blake2s_128_blake2s_128_block_state block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Blake2s_128_blake2s_init(block_state.snd, (uint32_t)0U, (uint32_t)32U); Hacl_Streaming_Blake2s_128_blake2s_128_state tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; diff --git a/src/msvc/Hacl_Streaming_Poly1305_128.c b/src/msvc/Hacl_Streaming_Poly1305_128.c index c752cfb0..c3f7c19a 100644 --- a/src/msvc/Hacl_Streaming_Poly1305_128.c +++ b/src/msvc/Hacl_Streaming_Poly1305_128.c @@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_128_init(uint8_t *k, Hacl_Streaming_Poly1305_128_poly130 uint8_t *k_ = scrut.p_key; uint8_t *buf = scrut.buf; Lib_IntVector_Intrinsics_vec128 *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Poly1305_128_poly1305_init(block_state, k); memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t)); uint8_t *k_1 = k_; @@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_128_finish( { ite1 = r % (uint32_t)16U; } - uint64_t prev_len_last = total_len - (uint64_t)ite1; + KRML_HOST_IGNORE(total_len - (uint64_t)ite1); uint32_t ite2; if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U) { diff --git a/src/msvc/Hacl_Streaming_Poly1305_256.c b/src/msvc/Hacl_Streaming_Poly1305_256.c index c1915ed9..e56275a4 100644 --- a/src/msvc/Hacl_Streaming_Poly1305_256.c +++ b/src/msvc/Hacl_Streaming_Poly1305_256.c @@ -58,7 +58,6 @@ Hacl_Streaming_Poly1305_256_init(uint8_t *k, Hacl_Streaming_Poly1305_256_poly130 uint8_t *k_ = scrut.p_key; uint8_t *buf = scrut.buf; Lib_IntVector_Intrinsics_vec256 *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Poly1305_256_poly1305_init(block_state, k); memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t)); uint8_t *k_1 = k_; @@ -312,7 +311,7 @@ Hacl_Streaming_Poly1305_256_finish( { ite1 = r % (uint32_t)16U; } - uint64_t prev_len_last = total_len - (uint64_t)ite1; + KRML_HOST_IGNORE(total_len - (uint64_t)ite1); uint32_t ite2; if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U) { diff --git a/src/msvc/Hacl_Streaming_Poly1305_32.c b/src/msvc/Hacl_Streaming_Poly1305_32.c index 89852727..249a622f 100644 --- a/src/msvc/Hacl_Streaming_Poly1305_32.c +++ b/src/msvc/Hacl_Streaming_Poly1305_32.c @@ -53,7 +53,6 @@ Hacl_Streaming_Poly1305_32_init(uint8_t *k, Hacl_Streaming_Poly1305_32_poly1305_ uint8_t *k_ = scrut.p_key; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - KRML_HOST_IGNORE((void *)(uint8_t)0U); Hacl_Poly1305_32_poly1305_init(block_state, k); memcpy(k_, k, (uint32_t)32U * sizeof (uint8_t)); uint8_t *k_1 = k_; diff --git a/src/wasm/EverCrypt_Hash.wasm b/src/wasm/EverCrypt_Hash.wasm index 6b1a6c3fcd7de9879f50ecfa716db8f695b4acdf..c9c14e5487aaf5b8a9301bd0b2a7777fe039569b 100644 GIT binary patch delta 2330 zcma)7T}%{L6rMY~GqXE0%MKta3(MZ=;w}rwF3T%MtsmM#i2{`!sk*6 zoWb8T;-953G>Hl{xCHRH!m!V!kpLWa#R!Frs~Rr5ih#KD$qP{64wE3fAw-3?zJ9J4 z-gK9d6>#32AR+k0T~5Lv$PrQkQMn8%WG{5e0oW;*3dzbiR|b#efDn%-xN;jMtGShk zf-o&pD}|)~a~x?yk0d?eX1Q6+BiZNCK{?g>XkbLTX{F zC&bqUpvhApb*4HGa%*&k;fhD%>+xcq0&iQ_-qxNyt-S}^4z_b!?C>;(x7xe*9B6On znk+1KwDopy&9EiwU&nTN%G}^RhD6GSltqYgJ z4u3YHy?$noha+&?pM&V0{~NL#hD*xLAB%Db_H#0D1N%8ft4IMnE{MQ?Gz;fN)>jcf z5=YE^`nNnOLiUKcy%=EtkBBI>hMU&n@eYmRVO7}Sz5WP%5|$B-TlPJ)g_09QH-}3~ z2{wH)P;TCjbcxvc=2!y%zpINtCZ-_jSrhR@Y1FvM;ms(~g64zR2ibWceU#8qvXbNU z_lT{Q7B)X#f0N`C>;1H!1>TzRuP_g77;6ChmdHi&1laK2dM$QyBvPo zpE3izuRJp!qCG>fxi1BQ{YhNA;d*bexw-EQnc=WPy@}b7mHJ02^sEvr%FKXGnHjJt zGXry!RtPC)Lb#@2F_hYIi_%P|V>~J`G4vcIzCS*v#G$uS<`*Xyp~U2{UH0U#UH0Vg zT-jC#%bp40y126IM{LUa5u37pWRB7bA>~X6*Tqqu{m@oId*4#RIQ1MQnm?LTLO7i= z8^)faMDoHAbe^-z?mTCejrK{LVlVZwDc0tu*zsu)n*kRum0LR+KTF^`yCVgCm*>?R#?-Tys(zf2|Y<0HcyN*TJz$ihooa}+MnJ}MT66wxZ_%Lls!qCRYkGDOR8*x7ge_n zHmEKeG^&yf)~lioHmQOQHmXh=7^=et>r~zb4Jxt0T9s3tY`~p#+U&pb4#Bs7;OejD z{Vz|E?4*w_%h3GHVVX~U)TUmV+;N3rae>`s7vxtK|B*j!+O%q=i^V`hDxe6hxT~$C ziLtdk)R@|)Y8z{{D0C`Kt1&(_X_F>Cwn!Ga3Gjk79sadw zY!ac+ZVeC_PFTyyG8{c{$LbYz*x0zK zskx=KZ8J=WBcvKi90hz$9+Wz=E#1A{`?y+J!?vWRb@<_qZ1~FI;5RYHE{q!J;+oi& zUHzS%T(geNT`^p5gW{CG44duuRmHjAD$FJD%nbY?OPq&KGpmXzM+p_ZMk!5pME`g& z_2-C*^3j`I4=!_3y70&h_^cfyLycu!Hjr|-O?^avm_ZHDt0{eOr;FRI*(7NiP~um<*7lEF`c$L z~^zN2Qm8Z%WsXblL6wgtjCo(M#6{JX}d{t@U+%~0eq zLdQrk$I0&zCXrOA_BVV_mgLJrbVzdyC)W$qrZranAe?a(%8-km>>bcejc2c39 z*;;KtGyP(#1&zP6QJWp;N*GBM+&tii=XdwQjgc_gJ@C?N%k}y3;ezZ6H?>p8_=xPG zOR0xuQ-`$DjgUx{aBKJoT;GfPUX7sD_o>(SengU#x(g|jE?Hx$-?*O)6 zaI5#v+IYMUiHm-Hm-|u}?fkA@X#V`6%N?O5G(yYRY{GylyYI~mp`bJUz{SO9Dbbq z1@f<6iYu~%IyCK5=6e$=mO`EVvP30g99ubdas&2sF3L$|rbp*t;jsn$IxoR}`oBQR zmu=LhvD@cQRu-@w3H`E2MU0}*Iwiz|rYLBeBIrW{WtEx1S%k1hMu->1H{{ReZoZcG3G diff --git a/src/wasm/Hacl_Bignum256.wasm b/src/wasm/Hacl_Bignum256.wasm index b3b0455710a1c98525a21975f2bf9210436ce45f..d4e0461ed53f0638bb85eabb05bfbb8ada64d747 100644 GIT binary patch delta 2113 zcmZ9N`A<|=6vyA08Ac6FYKk$9hU9zNq^U9K4=#W!yyuD=;0A&UZm0t;1Bx5Nqt1Is zv07!+ao5_qi=x$H-FK<>PpDOY?ypUM?z#6qN7CfMJ?Gr>&OP7HeRJ=>d!v8vjdu4$ z>1^_LwC8q|##HAVIMUi`<%U}NyWy6wJE$e<4(N&0Qf@dp93vb`q=&DiVFN~DB#*)< z9-WSVMxS@~%XagS=UDlcg*?u;EiMQbp}>w5M~ZCgYl)J0{p(}HEQ`m$`sj?s7>xCK zoa17g?@%+3$2g4lcmgKag*NsBZxqMeM+?;Yn~X$>+&xNbnR)QQlNc z##E1|NpPCa(=lBaEtb`arL500kdH#-OIt~a75bRrxXPO0J66(5dP-1%O))M=zpJG| zIVzK9;wwoR?I$ra$+I#9W@EM?Fq`KHff6B5(uaU0UO=D}rHhKDtQSOV~Nj8)sWz7R4cCrOHt$TG6^p8c{!GAX)92LN}pGX^p#rrDy+mR zk84q@=U1EgH8Q_O&#%QAto1lnjF?WS!wO*|)2r16CQ+w6*(-;VT#rSlQhnF+I#@Q@ zRIlXldMx_rY{+cbMr_17mA;YV0<%G2G}u<=lU;8|(4Y$_)s5I-{GjG0#8r4R8ifQl zC%6esyakQC6*oFvhe zB(2*cvEY%%KEWrgy^YXf#P1}dzDcI;2#L`sMtP&g!f6O`}OR8iFFb>P0uM+ zM~e7-K&d-m)Ey+Ta8TYkL^wpYtA6Y0OzL5kdf22MA+c~oQjZdjnxe-DDWzPp(gBHM znnVW~6vqi7Yqy3F$ML=}LKzq*GB84JhQ>*up`376!h%Y@4&^-3nS zOQm+1)T<;Gu1e-L!ZnlGO}G%ixDvqV)-X;5Fs>6s)#(7n^}aB|0SwpT8yOlB3_kK- z0vI<5H#Cf!0^=6p7V)nt#61KtdPLCez)J9M1bI~K4ne|qq}#iC_O8V45$>73@2fge z#ODX(io^#-;zJS(59OstghwXzaVGVNg7L&;J|(g6R5G6to|(+&g!=)E#{rDz8ph24 z#tVX|x)s29p~nV0A_rgh-x5OnPL|;Js=v3?=hS{j%BMPgbidd2wJ$II?~c${gq1x+Uk&IN%=UCN xP<2jD@3*b3RyZU#ezZkj+8otKWvZq$JKgP3B>iO@Er|BVr}E27?`)%g{sXnDAFTiY delta 2109 zcmYjSS#VTE6n%GQGC`u4GFV!aDbM{uDa*1-HlrWr&6kucVb8`6flLBqgRsrKfteSA zU<5+d$SRAn2LcF*vhN@fW#2LI>%ZULUKmpKruyE~r*GeL-ka`!Tf+afgxfp9)Sm1N zcXWoSU`pQRjfsSlABgwzg7Ki&Hy-wScZ4b^KiK>82*r3HKEc5BN0l_-jX@a1gE5$g zq-)=y_gmL~+9%!p73F-$1;IiTxS?U8Lf84&aX^yws*VnD9R3ncdRie3?9&5t1>0Fj z(QKhnlnc_`71THH3q>D}{t*vD{3M1ad4%3)eRhsF5+ftdP^mnUN4X9c$$mvW_H!h& z`;Ervh~x7ZsWQfo&@vv2F&LZTaTw=*-PX+GFs zdt`AKSqKktoHr>yi*j<@bB18$;5U%EFgX5A*)k+S}N9pUNCiA*#QHyzsUdwf2WxbeD z?>d>!W4;?gy)K|sH=xGkw&nuVDR?0o#0e~naU&Xe5gK?g7Gbf^OVkkKrC6%6Wmtk` zDUJyk^Er;VXz`laLn9h|PLSwHkk-4LB*Jn^@e0BU(wdWGcqzq88J)8 z5tlmu6Y?f>xY*504^`jNKMGIX`M(I|9G`)t5)~$N9QUe*O+cHuG({I&_ z@=sRlcEUETb-QTYLD)gOQ$f6oAi*x_@@E^x_!oja3foN(c(-)BN6+pNY%gK2>3g55 zBSn1PuN3Y#3J;J(I3R1hgM@>I+LoanQq)6+dYB}_VWGAY+70svVV^al&6;sUo3Y)R zag-pcc33lx_B11yG2@sr!_yzUfc6{z)tYgfa7>$VT+BE@I6>T@Anqhc&?$m`vr&wH zC&;6)lLUcJO1G!<>?y%c6Hc4H&!{?5#OJe0;aO4W$w7FIB*Zycbe?eDP%mVt7ZvrQ zG2;?RgiFG_Ot@^AR|sdU85gV>SF{<&tr=GdqUwY-xhzVbt)X{AIsGuAqp^;v@^ZSC rClXFDAoqQCI-a7>(jPR@_}sVU-_N<|1^LM_oJ_}k`X+t3iFW@F3U)Q6 diff --git a/src/wasm/Hacl_Bignum256_32.wasm b/src/wasm/Hacl_Bignum256_32.wasm index 3e0b1f72cdc53751cff986719649b8c477deb9ce..31bd866e0dfe5a127efe86d53e7ca1685b4fc6e3 100644 GIT binary patch delta 1236 zcmYk6$#2t85XNmcO;=H*R;VfmzTr@TI3Ts9`}Vr;>7I1owUhKFzSn)T0^P6wRsLhDl1Po$hTAhBbMxXSsS|~KQMAZs*JX z*SgVd_uoxD+`o_e_a*hOuyXqEMXyi{>SIb@yybrMp+7{8pZP7^Y!#3A4pxigfbBZ+$;4ED0cBd+|$>pRM?X(wTS_0ak1U0Zx}4 z+J|I^9SG0}a~h8s)@L)C$kX7d}Wow5yj~N+Wz+6lk!2+9E#G-3v3G-Nt zo0-9qEaKqQU}D(jvWpBRoUYi^AeL=vkf|YrTxu9A2szYn5><1ls|hHF9II&#~22G@*=A7vS>F83WSo%>uExxsLI|>RJLO#tz=YXsfOZfd7?_Llw>kD uU+ub}mw$6IKA-Skk)|DITR-1Cv|7&wv(u5or;yGoqFYyQi>#}&7ykhymoX;* delta 1080 zcmYk5%WD%+6vpRH9&J-?3N2FVqTh8<6j%0zb=A8OihWGmv`P9-)8{08Ow*>%WF{4* zf*>**anofN5)iU*Clx^uSN;QnYr(Bs&z)Dh7`W%mxxeqb=broPO8s-Ce*7JY|Erx@ z%Dwk5EK9kimSgrkFXeH|?NjWILGU|yDI_!2cHOJ1^q1-Gyu!pJ%Rsk)3s zH};q-Sd!^gELWuwtdf~EtOaJ)v4S%Y$qJJ(%QS&oH}%G|kRA-TBS$%sJ_o>}qzq;;{U+TY32V$?)H= zOH1NdAlJM5?|f0P=o+poIpxZWSHo4Pq8qqD)$UH|DYx>{5vK+mGh8md)-BEcvk z5G|po66Kr?AfiI)6fda`azD6A|*yB_rDihJ=8{Pom&ZN!XDOzXtlo$}H$?ERdkKC~;R zIpjc49C3H~?B%Ki62>O3S#g$$E79urBEb>&0tu$;63t7x#O?(3L+UaIFpyV){Gt;1 zMHp)icuQl zXOh*D5NxSJ(}iIfRv{$!a9ZUVMojFTFpe>up1`xbw!;J)PGYiPn8G+FwITDTFou*_ zrX6@(neuz_yns&m{?mp&gXe}m!}M9q7U&kHG3(JYOt%c(_Thm7{Dlwalva26c3v9# z99|gu9MiMN7U=VMiL6I|#q@bYf9=zQ1^OGG&MEI=77Tn5Zw!2q;W^}d_yuyXfSgBP zl8ko@epw=^=PJo_b;6;y+*Q*Nz9(9d+@lqf+V2o&{7ZZ%F``4y;yr_Pe^w>lNh7i< z*MWWSx=BY$n4+w-Ho>hG6A zLF^CYCpP~z?hfv~pk$JoaR$xq*74I-Eoh-uw9-ZQd);C8PeZlShBhTyg+Lp%D?#C4 z55f=wp&ligI2%A%g;EJ#QU~OA(1{Lo+SH{SblFNK=n}ecDMQ`pR*lQlgC1R2?L2>Z z=lLtROue{5cl*$bKAZaWD@j*zRY%v*k82qk;N*Z!*Ku7l2f5ZDQ*9bTI~3Ykl*Kt^ zV@NrAHDoJcWvq<06V{@_u7$cblB9Skd{ zKjc7A6j68W=*i|7Vn$9>!=kJvs>Gn*j2K7U48$0(J(^8rk1?8r)IO&$RZ@XcP6>D6 z(2=IQG_9mIdi`OwPdbcy8c%hC6V4_z5aV2g9f0ir5=iROF`hSJ9GPM8z diff --git a/src/wasm/Hacl_Bignum4096.wasm b/src/wasm/Hacl_Bignum4096.wasm index a3db37774c90287d829923c700de1e0df1b8a2eb..9a09191cb9b63e254e61057cc02a56ae4218effd 100644 GIT binary patch delta 2068 zcmY*aX;Tze6zw}Bqn4>MDXfadEaxVvREXcA0xAmK;)05R8wf7A>wpWOD9X^7nO36F zsO^SJBqpe+xFMRj?`uA!k`Jj$#jVO;U{xylnET#qM^e@B?mh4HefOO1xqabP_{6L5 znZDgA-qEjn-LI)F&5e!L2cd=@Znz=r_GyT?Jv&{})^i{R@*oW2 z!T$QTPuz5*J648eA)Pa9i!;MH$h2=*dEIhs>vMrg(jJx3G|S>4u-+s?F$6JG;G!M__~;$k|;B-uj4As8=sJP~UL0lBZ#U;}&&u1>#~9 z`}WoM{p_c`29==1^jU0E1s6-3#kMv6^)o7wOu9sgoT`Kyk`nHg@N`&8d?`wuP|UGn zT!u29fl{7{8JOwuEVaaVHfF1=9J5fK;5h=$@pvxgYHjmShEk8`i}v|i`vT0zf&?$b zLcPDp>@Sx6#d?1U7Gp_*qj`vGLIviDIkLS-J-s+8R3;C~p*UA!I?7brmAn*|O*U03 zHM|Vd-z3ZR<640gSgNQixJsO?79XnZ-pO}$ncWT5`evoL2Fpzz)LV%v1+PMlxPVnL zu0<`cMh&mQYOL|NPAxHBi?u3ShdQiFaJ_)_9>)+99o?I_0kx>{>D`ZASv`)EXo{28 zoFIvipagpakF@R$ga#x0D>BMAs1>V>^o@j-s8xchu#wanNTBHJ*RF|@GNP}Y`I=DW zDlMA`O{COpk~eQNVKebJ3gRsU3AT{OTZ1UZ-xB0f*fxT|+oaR&dUv~EI|w^W&%UZ7 zMLgcA)a^9tc9BHbCHL$m>?Ye)Kk_|E>Rv_NYpBg65t@a%kFd`a-B0k9a$)TWoY=3O z*hI#P0|b$^S({LW16|DsCCxaPG$Z6D-S|%2P-Yw=9MonU5;Ix|EyUj|hz}DaI4pvG z2%;GONRUfmtptHvrQ0KV_lRIe2}e!e$5b6D;&Gc&*k%+SC%A2d<8spp!U;n?nWVNW zYP+GHB8hNHn5PM+4f71)SYXDG86j6;DLX9=RJB{1V`S2Mza8Lq|Wl5PkXyyP8$ z8RrS-v>E5cj7~x)@dX9(MS=tuMbJ+{6yu)>aw+T*LEuZ$?Pa}tS+FaFE2i(Os*V)# z_!_w)@tTo%og~6_x#t0%($z~I3JjC zk07c#12gXFwc1`N)3o~k)6@*pEWS@N7w${-H-kZ?!5n`euBkLI>|tQoBf{JRyEcmhA_=W248Fd-p&q?J}p{Mu@U0>(?OzQWe2^|Ao)~BXET;JGe gg+uaDk2L6yGe=}9_Vs`JXF;R~ddsiNxBvb7KLQ^hssI20 delta 2074 zcmYjSX>V0k6urBTQlN??5L1nswId-AzZeTejEUU$jmS{umX>*bEn^F1=<9vuy$eMU zh06yS1rbVHN(+^WGL;!*o@WH&FCbC*rhA`rc{I5%XYX~^*=MiyPR?m~8EJhPY0k-_ zbuI5@Exq2oc2gqZe3((y$%|A)ydG5@y)G@g@AZsy`7BCt&c!Fl4X!=x)44DDazFIr zyr8=7l1YOo zlp?x|C8=hwkjKGM-9;#hX2hdToQqM+<59#DFdh?po~T2dCt;FilQ9vKQ#?h$DLzld zR3mE|ic#eAbP+S%$ew}en33X{m}%x`+4Qd{;366fVoOtzzfC1GV!6zeJ6b+=D8hE zW)`dBa?H1RSZ@&)D!drw;sO@OxdIiu1m(OGOR&`EWje%pIhJcyiDjrvaa_Q-&sC@r z9bOH4s6e^T2@)*{GFq!iB2-g~R}fZ^(VHa8ODQj9c|J)5UwA7CD=lvo!L!CB$vU%2 zM=ZA1)DRY-LIp2G4fXdV2sKjd^^sgnX`Qjx)_p@(>l(spQnhR3P_8AcCH__+UPq8% z9r^rS7{&Q}f_#dtCkVV=I^AGqHwYFGg12qc8?_Kt2RS*tJPl-alj_`Lb#5k!uvu1b zA#AZrwh}g~Fk$@=3f*dit|6;*8$p_0OIGVPGlo(#(o(mlr3z;LRWHUrhFW(Jwi~TG zMC(q%PU4>w;#~v@c1f2%hf$n&6Xa8D4?*BP(rvAotrcu9VXy7GPU}b!pX*g&y;ayi z5}`rXc>4(ZEVVIB-LKUBmfA!Tp-HICgl5Y;K&T7NXbjCbV9eMNnsJaIs&u1asznn?orC5>}>Z-zCdyje1}^KK9Xzaf%tn(3PY z-Xh$x;%;jpsp9h;wc(Dn;VwypyRzmU;htsQPct7V^MPePB#H1)n2!jLEb}qpc4*jr z`qW+;kBwuOLdTvEMAqfdu_tC!#WAr)AB7@w4?ZP4CH|8z7V?<73CJ~^(e0!6T_;mt zpJ#*&elC{q3-$9EwR>-#ljc-n9-SAazR6`#@Lxj?4Qc85S7rC?E7ggF6UmTQJ}YSW S*ALqM$%=GBw;=D;-~R(>Q92C( diff --git a/src/wasm/Hacl_Bignum4096_32.wasm b/src/wasm/Hacl_Bignum4096_32.wasm index d937d02cadb5b167e7fbcbd852dd8f020dc3d18c..d9692ee2fcbdf0ece96fa71da58067427ba90b80 100644 GIT binary patch delta 1224 zcmYk6NlzO=5QV!9SXht*i5wDy#4AOL5^;#czC*L`X1CeFn9VlJc-X;=xkR}|(cE+8 zWQBwukXwF6l>CI8gOpTz#)A)*=asv^_o}f@zi%c zcfS*TQsA#fjgoQO+I}0TMJ?5#j_U2N+pnw!G$_#^1RAJO32G|nLX%3%p~5aD-f&s6 zEKJ1sk(wbMMGKnIVp6NJ&}u3fqc*gnElKTYS5+s}fe!Yg&iwsd`TG^Rs2ggPdeDs? zlX~@6ochqGRX=*spQHgU4wy8ELCqXuuOX(IG>k@cqLD)xTlQQiB&7{;95$7q~;4|4Cp{N4pixAzH5C}GkhBPO%$ zPGJ&LNt(vAjy8iC-R>;L!5=r*tcjqLC8)CmIZOEqh3xMMn!~8F`U@>Kq!2>(@9Ih$ zjU{zqgq=_!O$>3SkP;)g>j<;rNC>ls?$TMLyBrGBJoJ^(0v0mLmq{s+Nzoz}6*3=g zl{9Dx^H{vq+m>hS&i2#kwwUVk4tNV3UJvVap4$jVQLVLDsRYO}Dr)ySh3c+_N$$|aX-I@BX1 z9qJKNk8$ilPhjHMg`Q|=L{CVB54wo_D1zVqyBmnA2SKNN@TcmZcszNQ?ogg#m4$10 z?pR*n%(1*+%S&8(mRC5(rE7VmEqP~*PW9+aXKyQo6kTHu{LZU1cvO64l@&@9=>fIi zqqO9BH|f2EM+`9ls8gywIoXqyI+Zt3XI delta 1071 zcmYk6OG_J36vyu!lUTKCph7_e{}-XOxbsylEqFHtsgL+h)MzwnbY^@^qVbhvCelTB zrObzLQ39oYfG!K&b=6&|bk|isfY6>hGZ|eB%sHI%`~UB`XXf)Q|8mPeIWhk6x*GeL zZhHU0aafyHS-jraY;9=nliU#f=taMKk$cuSfB`XxL3et%A7Z3o6eH5%W06tGo-zhb zVZ_wwRlERmf4}T&yO)xb>Up)>NJU&1BQAzJ9u2G7aXgVWh6)zOEivJK&-d7qn3QaY zkdtCcGLayq#C;`3VW2dPX~_y=h7dCaMV`eBX7geWbF#ZA<}t61uz)GhLvj`sE) znBM>D^D2C7z9HAIM zPn6ZHTA1wJ!nl8o*32ml{Z#&AcT=Y@*v~U$Cc*>lOc!R!gZ{26?4Pe$xE)# sUQA8yFQX&MS~@Xt{lnz(rf*gH187>M)x9abZEjb~9mfO2U8DT1i$6vyZEl|oZBD3}S}Zdy#Ysb&-%7JAq;WIb;&fjo(qVN<%(Sg{rJ8_ryIwHR*s{1e z=xNdd&C$Z;48Ma6*H6>9B{I-5%B|4KZe2BtTcfqylQW-fU_aZy51ZS-Kaks^4cfZg zP7NV$kM=6-fOhB*<&IM9=yE4?@|t#*yLFbfE@z<`GSN)76_Hw|i!8sRqAb^MMWT_Y zGL&vpfYW1VQyVr=LhgchMA6iZpi6|i#sOp_TLZ}EZUP`j0OULafRIxQpgX$zEth*p zmmZ$yp6G#|QSOCa-u8N|Y8E>cNAy4lx*QU{&D;vzUt*qK7lqZ=yA>_#om2E9j zww*lg2U6Dak?&6k`K=Hapn&@$p9|3+g)R?JLx=}rpvnee00u>QuoMToJOo2LTSHNR ze3yrb?O~qn;TVSDQ67O2-uy^CKT76DdGi5`LLkbcdttOE2x6#kk?E1@*+mdknLH*x zMR*MQp+IeW3>Vp?xR-%!`3WjhJQn?)CgTL%`1o_1fC(s)l~Vi|6L_MG#e$|7mQb=2 zi{h{FSUVBLUOR=N1mkpW?l1`xRe3T>1P>;MxD=&41tmNcQ!v%#X=(^@2qBe~VH(P! z>|lxm$K@~~OrFPbLMcjIo=)O(I(Zx-BoQJM7~)tp5HsV|aUFZQMvOK}NdiQfNG)kwOyyi7S= zrkyS)iLhMOtRSq=%9U~DDy3Ydm8(f2tQO@O!WykyOIT`{tRzQ6S?fWWPnya)g4kMM zNPMBNtTV}%aV!aOEbHS~q-NfSuMCzAg!LYl4T7bDP(l2)Dsd%2f=WlMZPcL%z9Gm} zDYZ=mDQ}XES9!BlQrk?}tSxL&jiigqTb0?Z+Uz!x2-{@McEWb8td1*pDCG{V+({B) zrzo9Wgk4&?o3O=jsaB)BE4w``8w{2`1hG|NNPMfX>@mrAaV)+#mc4N-QZrb-H(2%& z_Ig;HePX+YP(%EKs_}k;1pCF>k0uK7PXxJC?Epc_2V~<1z1f3OJ48679UNADq>0N% zl-VQN>`{^kM`g`1!ZEEpUaNHYgp!`n(vu_+PKxvt;gpu1CLA_cjvFkeJuLeSmNNvg zRbxn;RanlL>9COUri9tR`a`2p!(@RdCr^k*|YXAPu3sIFC zn7d#YUMqW2=_#JpKxC*9}sRBmUlEu2M;`$ z7YxjY1hI9|@cUiCd}xwC$nzc$PS3~rr{+-yMJfE3U_@UK5^VV>T0!|f`0BsX$hPXh z;ztA@KNe*Cq@7~^NE*gJgpWz(a`vmQ;S+Uloy)4{-ZrHXx>i?reDl?mqvheSb%p6vyXfLqdpUp`cb_LH%D@9#rWU4WtNHX1T)6awjC*1Xz|!B!R$YHtY_k zB5{@bRt%uw3a4TKxo=buHlv!Gr3kx52|U~ytI^a zo692B>+xr4jjA@KrM};we0d~dy_r;6*YTD5oQ9<-PQ9wbE#LFi`@m0O&cM6Ki2vKB zX<9Qhx;fL@Sav#$Xz0+o6*0kxTc+#`ikk%H9bmh}QPu0!eR_Cd>AP!ZyR z=;3z)$qp>eMQ*&l{Z>XE^7IaKZ5qe9vcX*2>RR)3@+6a|gFLyRvY|!FvXjSyK+1ML z^8HC+zZK>J6!2i=^AHTi5SNFlAe z8ig1g<1rZH&5zadL75MF^WzZ2xEP1}BIF6iW0Y`_>9Oj$MKNAw@`(Ht@FEG?*Ud5|r=^6!T2Xz)Y9JY6x>FN>%0{3@64Bf-?gVa=DC9 zMxMi2gc20H93^oXC67XkBtnd0>=In9n{9M+lx~jJ%_WI2S9J3T^R#Y0VHRm-v(+fj z=Bp9YJ!%dwAWTDvCh##~Di)AVJ|P&-6s$S73n}3{SOfM`S){x#A}l23evzEqazZ)r zXR5?;f&_7~`MHV0`~^X-I5{paCP;m;?0Shey+njd2}||2mFK1xbVz zvSuY=rB<#=C|4`xYOP#D5@C%f*AmuhY{j)oL8M+sOGg|Cx`eV$&2QqEcajLdi}E4ip;kU3+&1Ly%b2O&K94+fmkqkd1hI9+ z(E3B6du)``%eyT4GFU1Q7|MMT>rh8TZ diff --git a/src/wasm/Hacl_Chacha20Poly1305_32.wasm b/src/wasm/Hacl_Chacha20Poly1305_32.wasm index 57b13d122acc1359ed36e6b0bacc393afd4bd45a..eb45d058f670de2e077ee014b939dcfe4bf2427d 100644 GIT binary patch delta 68 zcmV-K0K5O~JLx;H#{vP7v&aJX7zvq#fPer30)7^=$Q!2t3Kbw6K>=$){{eB6eH|?W a9UvW(tsNN)9zg&FK>-UPA0Qu-(H$H|@f4o` delta 92 zcmaE9{nmQJaVEy8n@=!(m*AY+($K)b#8fA~`GoXxMm`xw#%#y`jD?D_3Ze?KlPhI) t)#ViAfFf=nQI>iI76n!XHU$O+Mn^^gE=74q23AK#ZbbzJg~?}SWdL#=7_a~U diff --git a/src/wasm/Hacl_Curve25519_51.wasm b/src/wasm/Hacl_Curve25519_51.wasm index 0ddac4a401efa55adb1289142bf33887f2593393..12a0dd5c375c47fdf0842e4043e0be5386fc7b75 100644 GIT binary patch delta 65 zcmZp&_-DSspM~k~y3K(se?&PyHZ?RbFfr8$ZVr^N_5%Rr&J?Bq delta 69 zcmexo-ej@CpM|M${pLWHKcbvpn;IGzn3(E>Hit=xF!BjIGG;seXDn0{QQ%P!nOq{R V%P*=R3KVezi;5|TP2M2w2LKQr6qx`3 diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm index 000976b0d7efa99286a8a02cc418b3c1e56f1721..48ad5d97c3492949fa30acb4c09c5c634bf722db 100644 GIT binary patch literal 21294 zcmbVU2bdK_*6lFBzz~L<<(4QSh>}$dzpZOp)>Ri>-Cg$|M;KR!AviPW>bfxGU{0uD z#w;i*pn^zHP(cM1K}AtS5JdsSh=Ko{>Zl*0ZMCxUNI~s9@Q6gxI7`|I*6RA!QZekg_3xS6p-kRxn`1@ZrNMtDB|TCFhh? z534Ba+uQSg!=zVF&;JdR9(}zaZPGMNgg7oKs~qNqX^WgtN-NI)*U%D#Qjj)jk~2wZ zMa8gzUaho2+q8jQPRa1nfrHBid9~A)#c9jx%F^Lpo%C?~^zgv*$_5TDIcLPV=ayBL zRGoiGnOE54gwlZ(CC7}Yys)fipFTYfE$P#v<1f2Ps>%jdmQ|Nj4=Wiy;+%@}2YPig z9NT9(4lJ!GtsF9 zT3K@J&_U;y4jo!nRaLL5dRS#ykG{CFUj1a6*6C@6mku42%+jD$9L#y812J*;Q-)Ps z+@n|bJ|(?+?)z&4C8cGhgG$PV4y?R*c(vE?|2x4TY!xSHWV5y2pwjBnk}9mIIvnMN z$mANYpty09rnM)q>5uXvuc*#k7GbT<@rq9Ae{6hB`t&F{=9FGNO9q?}VQ+95sz(ez zy0ofnfLHu`P5ul^M?_7fsg4Ma&7?7-YK&%cM21%vSyK)nvZirluxODOC+mx&!)Qxss#@W-HDYNa zZ4gV_-w{hYX=h_;FKrkLm$nyT!K;g<9fuH0I~Plb#5f}sk#Aw zU8*9#T%)eiMY>k%<^gg*ROdq7>?WP08&*pooiN)4Y{k?Ea@KOSAJ{XNc91q#-K9G` zj-wYcz^{cuQ$3`I>M1?rq*&~!UeXI!p?AFU#a_Op_mMvKGW3;RybQfSe=ru0S9clu za0r*7kGl+qB*q!B9x8oQKk?LI(oY>8i8=!F9g&*va3Jgfr##Fx-P}j&E(M3IefS^g zXX~z99VJJpNJ4eAMCuq2{Q*ROND& zG2YR;M^H<2X%DWgMp>j?)nbUR@jmID|L`xH$fr7-z(Bh73?=%9-kK^0#Ou&n?XP zceIzG?W6qI8?GYaDn%hf;SpEjKTMN?w)5=?b=yqG%q7E>yv(Pl$;4%!NV{7s1wst6ou(dx&=9Y7<|3LqCRh*$a_?DC~j6`3tASN}yO zjYPO3Q{ny>$W+RuuIWM_rMnayvMQyw{!0f_IxT#wRvB z@NmE}jWeBa&L$i0%kgRg$(mZSi9Skn63Hf|$tL>5h72AKII_v66VBOWQ+zo^kfBl~ zgNuvQWiZ37K57s%XQ#*IzFh7{yKo(N39ry-D-bEJ)QIWJ%XpPWOwJJKYK@rYOxtTT z`Vfd$^IDCV-b~%=G$KPCpzEDqAp&rnU&Js@|>L!i8#2B7a)XhX{ z8iSnfN9#Rxi!ZnM>Q-NF^-&kM#VbcwzNO#p%k40XSAGXwvHh3>litb8!&v~qtEBrhvbA)-Mz)$B z(8$))gBqENdPoCXQ!_O(RW-{;Sv{;d>sro7d{owKu5@;KrH}Z;CK2J{fLr#XrW4NC ztBhqo=F2o+J+A2*TDm!Y)IiN8-P|)k z$d8tIYOybinV3t^&yrk{_c3RwFH2zpI#vDgtE=>}1S&mc2 z6Txc-nI6_;Ig!XcdQ$}d7 zkV38Uqk3w!FRK~at0uI1@zu>f$zJp2H5c0J^kiuG>!~#ijV%`%j5&_bUQ0rIBgZKt zw6&yA>wH<~t2cdlGpX3OG_n=@wnnyM*K1@e_8odh1@TJC)w{mD>!RMEfyAfpd)lzJ zHGJQf_nqNJ4e%y_tNTD37FxqizHD-aA8HWBhMQ@<1%H@=d_%{7nGX#g`SOvkA4+&v z*s2jva8B^CMtm^gUEvdr?4!&!jXuU0?+Tx4WbX=}IZNIZwrj*Y4ets&G~%6xcZHoA zk&kzU&z&Xj3SSVZT}<3Befg5v@s(Lo-o*Xdm#<+L*VH%kWOm@Mr@m!&u;sD?#vDg> ze4S*+cR5ZO*|D1x>U*6XKXBq7{ivP#$(Nsewa1q|jI{=PhTTV3zU?0!$Y>bG!Hx;w z%3$%=Q)2@J%a#ik#vDhmqXTz{jmvS$2zERv)Pz7L1ZrX+69aeinWT|T<;fb^RGy-d zP36lpGB=;gHLy3ID>O1UpDP0v%vIz{9_y|SP~g{aHP>LNZZ%g2#O8d4ivw8+Ahv6{)GDo0_J(As{w%aB;xV-Do=DoK1IAAV2u(W=+@5 z(oLiBbka>v(@hJA4INw@aCEnrPB>@N-5Ll|jQNG_L>}Qm?>3mSq|Kc@yQFUqNmb`Miv%7?kTY`NTlF~?B}Gm}bqB*!Tu zU1pO)J<2H`3!*ksP_7;iVI1ibbY-OY>!~Lh zDO)a57;_wv&PyVFD#s}!()pxN3j$dXsHX#YI;q)(8rhnCMk8CZi!`z|yI3Prvr9Cv zHM>+JQ?t+NnthI3NzE=}%`WF^mZw*4bAO-OGX0Qm<$>eq_fhp;iS_pjMM@b(#&`z=jPj z4mh?~O(&eQ*9Y+!xB#TGq-shO;gm&RSd- z7Y9mTO9?Z_jbc zNc|n8P&)(J8K}<#`8=uWFEp}My-Ooo)n964tNJUAOjUoafvxIqG%{8Ft*+|t$dy#} zZdUd8T+R3C)$B%Ax=Rli2i&Fq!F0kI`;oD<9|PGEsGl^QtLi;LR9n@ApsNW}o3|$* zHkk$&2OQn#Fz$qNHr<$zcjB=jSJ%=e_Ba}kC*Alo-MEn0(80w4M>oNA!a196VkoQd zRxlFqA&pSglVHhI$Hc#WqnI4Z=-L;`y3&S{rucIqgjX5ys_1qPU!80CJ-ag*)~?6tT#l$%5MpgBz=o8Hqkvgv(`MmD`~)ySmxZ5r70zFi}e-gkt2 z(7aQVx{o>T3X$G3xYQZxrQQ`1n*@N118&`Sn@%`mvoh9wPbgP}>RwIfKHj@8j6!uk z>F!U{-4_xYI=DFC=pHbgaL%TCFvLAWJ*4Sc*e#tI^7DmRt&EO!>z`c`VeQWqWXWTqAqB&(Y{R zlk#(k)I84ogiiSK-P!|6@<(KF_m-0(PS(>E$vl`iye@-Kt^2;=`DZgAJlk(4N zU{n4DjZDhFs8fE0CUq&lk}3ZZm-+NWxlHs zD}nKB(8#{idQT(1L*ui|`x@~*8Q*DbbYuMR6B_{P5&MBDI;*ZwaFf zcoGWbqfl)PWh?9H<9I#j%D13TLiq%SaXoFLD|Q)kVA4-{71(n11Y?e)o<2$H>9ZWC zjJ(=T3biAY9U;D!NqBU?|qG_v*drAD@%zS77(A!%Ui=^Ksg z6Oyi{?=-2ar`@cl@43|P(@WhQ5}SmBivup-}p4& zxB_Cs2OkF<-vrYM=WM=-1v$5ng1DY=nUQeyQBRX{#|zcu0-0QJw0AIS%u`be@IiVl z{D<$d3IzZ70bsI;MGKeLXvNE9t9Yp!iK-{{@+e;Fs6weDg?&Ab(iol7m=)Pv539%Y zZnKNnjeRbP7i)~bpUhwsFGbYOShY(7JP+zm{)HMCR2alBJTQLwAxAQgDwbkfU5%w7 zqiG1DCWr{HE}~)%A);cp{Y?|&WHzUCX(q+0Ip%30zG{h$X(g=?PwU?i4|Fj$p0?78 z@lY|-4)NgC#nXmEh^LKhEf>@L&#IpDAh^3=+w6W|Xim@onu`go5 ztBa*0hY(9g7fYwaI3t$*q$7ke9iY5v3FXcHn6XP7i;rpej~6Z0NG0B?t8|5uB|ZiZ zkglp5{0>AU2d0!a9e@xC;!p=cY~w(8IY_$4%9|cg-t?%l%A20jLwd%_8z^C{@}{?R zlipY@l{3-}v!#?beK>2mIuPthaPG4A)#mD8IT*gV%9}&v5Ot^=>XbMAq#v%rVe!fr zd-;}rxEyXT!x50Q;4<_B{gGHaUfpFloI|(_hr7!_{fjZqi1jErT%j~lkG$0K!40OtuQ&f|g18Fid%I{p)N7gRBsd-X@@pdf%zf5N;c z$w}CZKmU%DJXub*dvS`K#O0lYIZj1fcy)VmGKa7iC%ahwk{D;~#Q-^3orW)DPnXjX z$6w<(YUR5oXUG{gjx*(S#&J60_#5KDtBd0d4k3;+TpWK-j5Ff+hnxX1%vo9k!&@m2 zVv1mRBlXcPLEDOE&X%*HFb=U?l}f1%=NvR8HXn$o2E~i1lW#F)Qs&+hpNsZJL-#M! z&&Q?n(6-++osTx(C-cTrjOL#`!WtLDzCoqMw;S{mev?O-z$P#R6=|;NgHHn`AoSoJ|JJOMf+mWbWw* zvKCR7lMKR@WM!9Wfruf42L@x{$gVJ*aLy*X(wEZ&$toAgFnpSG70h_=Zjdiipo6(O z(a%5!17!6x*J{K}X7)k{gE9NTC3G-Ad`xEsLk9z7zbT!n5i^}xe4|G8YZd5Vj2|EN zp@RXk`k84OS^dm(XG#4G1TwI+`WXmiuJ*M|M&0gHKXZpKci@u~U+(0$ly}7|M_0b3 z&+ugi4C5mLT8KNjLulrQ85t0%<$FyzTA(Cp7XW< zG8ps)aeU?KL0=wBzKwrKBU@Gw!eGo6)+~)|X+5lwDK02qU}(#0wnnDFAbB}UJ*GL` zyMo7AVsp6CIq8)`!vbs)5iSn6M4W3n;f%e?SoS<$Zu8X>nvM^B+&2hZq6X?I(m~sj zY%DY^z=jSk4mi5`rW4NDbPIgkTcK*fhPJhAP_!)eAY}m^#VqbRF4W={LkAxW{;bRv znNB!o(=GO;xttaW_?TgQU%dpTxYxz{nWeG(CDzY8>+{XYbG|&s#9RhDmgJJW4=WJ2 zEQev7n9tJ{F=7sc^8y#dmRk^vIgZ3!o+RdrIZhc@Xay(80jZ-W8yO0kU_6FEq0HnOz$3PQ$wbgfWJX9|3*kEcy2NYa;ax6ZczRzGZfN zXI7Lqad-Q&8+LI`L4feB&JO(b)DO%Kwp@0=nB&Nf-AQ)*nB$aemV4&{rOa-vltFgX zaBrZ2X{R86852PEB4hcj-8l4P_tBLvl_72!55qWEs3gY1dNAg|oD=yy7h5h^7;_xK zj!(X|g9s+&lo2d+G2;UTJEZXV1TTC z<{pi#eg--ij9L8*bTB|HTR!MP2LojFGY@FQvgLywgfSSi4|)$dOO`aGEi(c&D~JTT z7kQYa@Q8^zZ`nfJG8=YrB|wDmFgFZSV9Lk1yKK2ifHB8W3A2+*cs$1`qY@yKnH^}6 zjDi5BjfCY2@|Pz9$X?`02KrPSD7y01EW|DIU8ImnJgFnaUk_RrM9P+n6viA!r1O(V z7v?x+L<(KZ{6IkuvnWu|!7NT{7D5;xTeA?t0NI*-RwG-pkhfsW)a)`1Y|Sp$$kZ$p zFQ{3_S{9{h_C?n03a(~FdNt6n0Gq6aivzBRR+>&YV?Q#M2F1&)Kta|5I#;u=P(QPZ zbgR;I5U~IoI=DFC=vJFfIA_znO05iJEnsUCU(|9+T0*skY-`eN=ms`yaB;w~LB*mw z;hfC|&C6UK5|IZ&q!CJX9TYz9cJwAoT0z!=F5Y&S7|^#wqSiB<_33b+VF5Pbz{LR< z&O4?P&e`F-%W%{NO{Xl~d!&1xbnmC>plbm(bZ~LN(Lvp!JK>y7_W}BOI+-V#?9*ve zAe$2X40JF+n^E?>KX2B^>SwlSWZ#B<#5W%FJGE#pRDHQZD zUj_;~n6Hwmh7bnGRyBk$K(?yC)yP&g+^rP{uSfIv)q;pk0HiUj=TnM^xVQTZBVF5Oo z1{Vh$-FVXp=WMzO_)ZCGU`^-rGm~gMnRHOCB-d(^R;m~}xL_~_j&6$SgmX6CWuZW( z-#ij54{3y|z8scJbcV|ic%?>GKXa8vJCSePQ3z$A&$x#4kie|NM=+sW z7ee+T*YnHI8)7ze<)eeRWhxBg42JmOdRPy}9GLVb?h0EjgJH~ZWboAF%TK6YQcf8e z3?aqDE9hWuO}_lRO(UD$5W-;0ruQ8h+4P3I1!E??@6y1g z_Y93pdPDJo^oFbjr0!#md--kTeO&5&>80Kq5}O2oivunJ?l+xq#%5)#8;X}}LiM1g zb06WFb5`G!i{3f zr96x|j+9@Nr2Ntxr;JPgEGZNOFwgxw5(dbo z{0fas%0u{qA)E3qX=G9!iWj6jWGx_dDZh#-znV*hv?W>Us*u>^1Y8_&Iq|CLgfliP zW8F}^%nuc0Eud>^b8rn){tePW+LF*g!UAmQ;NpOzTWdPuoJ|M83sN4c7SOqrhlpi~ zr`{&t+iAYHv~tAo!3TpeaD1_r1-U@KtmQ%8l1_OK2Ru?9ml+Ailz$g~%=Ww=L_r6$ zA<@sgr_n}aqYqB#U@&I&Gtj{Ru@V^12O8OTTAMVo`Wfh8U}^O;o81`oGg~yW`WXmh z%$)r21VWh&p_a)gNMJU23i6k2A!IM|DeLL8cs=OKS5MnR*$%_Fo_5d`8;dzG|4v>7 zwp=~InB%CY?MXdB^^$VR$SVk8wufq0D7${HpMeYpeXgFMgZV0{r>`}#^#mad#%w)( ztC6iI$XhUGpO7@L_4K_)_6bSX6J#wQb@lWU>uC>{3TaESRA^X$O~S#&0he$!1#u@O zF_{Sm#mmQ`f~*B}uAasgfNmW1EReP&bdazB8#=f+;ONGiPB>@NO(V~nzBo2q8sEmKjpVmG2}6{mzT%8Ig;Rqo(RuZrl`qJ(ls8snParCDFE052{2dWCpt z-PfxR{Y_i^+)rEa#E0@FEG}01cWvS?TH0gp_maJEs6nK|Gdl0)i-Owp)G0q6_An1Pht2QX?3hlUGu~Dn_!0bIS zd(Wu8`yHO{K$snK<7aNt>nc#arFSyeNA`_@^pZYWC4`#=d&*T$Oq&r$-<;_@_!mem zsSR;kUHq@MiLSUIgg|NDLIn{J_Y*pxqeq>pf0PF;|5DZOXLg4Peh=qh`#H_G5yt)GIz#%NIL%cXx?41}Vv$->* zBQ#z6P{5cvL-v(@ne(0CydOgBES(V|PJ!PHv5VlOi9_rvof%?h%y9rh#H$Oj3x^P5 z7Z+l;#5g0w1EmYZfd?gLNGE%SbjR#HFnf>G8FCO1X2;z4*{t-s3i#7m$zX5UCkE0} zdb=|OzU7KXQ$`$pa;Ed(ug{REcrb1gb@0F1Xo8#c#f?;7=^Kmj(m@nbX~@mRx#A9# tLwKMZnlpPL4w!y&Xndd?#sdYCLVcj550(Zwfff}_&_B@Ub@Yn7{{!l*TBZO1 literal 21304 zcmbVU2bdK_*6r|sfgubz%PlbwL^4*8>kMdJ}-lRC$j4KEv1UKtK59~5{c#ec;LP8l(D=#b&n%~I{sbIPlS zRF?PI-}8RMq*qVR{|%EKeY_xT(lkwkI4&+9KEw;t7I~qRRi6K^!KDZ#mo{mVH%VD# z<&geft+YYgw1Hht>Cm$N1Iq_^wbPa*Y0K*2WkbC>>EZV2;r{29_a9h#&WLl*EgxQ5 zb^gWWUQv@{%KBH99x-D01?4?^_wI2}Y408#ckU{!D(^qMyt=e{Na@fK=Tx5G->aM9 z*gng#e_3VO@IfOgtG#-4_4qNzA9-{e*D5W)5JC5^F0DGRtY>M@-hI5{CMOK}_bJt7 z!%L4EJmCDY!Gp`Is_Io$4;fzGqYtjES3jAib$XhiWrGJKvovTG2XkIoe@xuH-;m0S zdi3hvyR=u&J$E%wT2@{*ptO8&|KS%6t@axJeOfYY_`@LP*z=5T7?x=hoig@ znOx)LN*Xt5T6+SU{wOcWJXjOd2z)#%MN2WO#LvHRTW@YZ^xeix!D-vc5PvjJA}fsuf;aBbGMO z2C=mL9kH~Nb~cvw(uT2cX}cj7yt-K0aR{-rbFp+tj5A^pX{VI5l0d?edTMvf*fEa9 z=VjW}mD)r0h_?H(vSfksuD$NmK$lODE}E1@~d9OEgNl zR7HM;MqQlkb#q_YOYk3N97Y_|@5h-d)ZU07V|m@Rx#}T3 z;Bhp)kOh7%6r1WPJykF16(`1gPwg-J<4W|7S3ln?wERBO$6ks9WPe_Y{Xu^qHUO{g zQuN^vE=3=ADGo}EGh#hh`lv(1Q-{hS>aa-E;h696)O?2lVJA4{p|0uX{)6sPaLC$+ zKguDt_9_%ws;`9V23)-G-jPA*}uc7t3D~-B z630=i(1kr!PPK8ICMPqFlM%=1hy$-Kj#D{=I8JqO{53Joh~o@7Rh=nks=vwKqNO~$ zFz4UVUWB%f_CL^Gj&^|dS#o9+#vxXyf66~?IHhPxY<@PTDvK9Wr_f@~k#nL?4PAe< z*BH71rk`}>Xn%CwL{$24o{3Twzf)!sA{QJBVk1QZGjHdvtTD|3SM)ywd+-m;Wc#k=f!3 zH4>RL3gO}|;=&yXWGdxJM-2*P>r`K+`q8(z5WI$$Y4kY|DK6KD`OE8gg+|QI5a>#cnCHyf zt29~*#LIcLM$B*K?ll^bp$^cs&aVjQI*mTTSY4oL8j+zM(Dlv|k0a^^jkaJ64=d_M zB6SmkyxEW5^VBWA+~TWSeYw>~VcZt499@N$KHZn;FpO7zJ6*B;m;;mE!OO#z%LN#7 z95piCcUR=jJg1CYn?VY7moInWqDR}ehr>#OL-bDHt@{F-6!-XYkMBz9UX5%q-KUW) zr~5Us1@(YNrlcO!z!ud^jZ9fR;KQ$prlua5xsiJmzNmZ%OC zp}k59wZf0;sg=I0WN5FM(CWokSMT9YZ)0Bf<#iX@8}wvo`0J@R85&zIG#GOnp}n4j z_Ew%#Mrf-@q2Bi8ZC}0P%R5QMzN?X~*!MKD6}ws^Te0ucJIci?sZbyI@_~!`Lk%Q8 zeLvEMwXNYAU)DIok2SzM0j};7ZCGRt*ZQ*78Gfok7#psm^=J6Q6y&=){v+6FFF*I? zb6-D|@UHNMMm)he!Iv8G$%J=>^%~h{nGG6!fid0{zS79v6~1oWp=RT zvIE8(M|S*>WXDf=P8r#;jTGuYAceXlkV^tJF_4LYyZKDg$fojS zjch7U(a5Iqr5c%=&r}WU&F3D62r5S#NEE)KY* zU2QtyjQz-1+BJb}@zu4Oj-L>4Z`5@`RIH|vZd#h|x`5cw!NmbbcfIL^b2i-#f&AjD z8#P@!OLr5EZzkQ%X}X&NVnYWP2OQlkrW4NDbhieA6k~p2JCR3t(7O$$ENOFR&o1fd zflLn~mZpb^Z`bH+ASUV^8m$8&>75#F1PXy>Xv6|%N#CUr%a#v%cWcD5Wl7(ok$up+ z*IBZp?;}$82a%`;0(pR?@SushVA;+LWG3w5pdX?qb`Miv%7?kTY`IE+F~?B}Gm}bq zB+n@$U1pI&J<2H`3!*lXt5A;z@_3+T2Qr(1K7k?D?Bkr9|1yuvIf2Z9VI1j`bY-OY z>#3(0DO)a57;_wv&PgJDI?pL1(z&Ei^8%R{sAmFsCaKwHHL^APoJO{0=WAqZc7aBw zW}nx<*6c!!OwGQaYjzR2lA2x2nq9)xEJ?3saX@Uc8ZHjFtbWmS!WsLKv9y;0xj#@Z zYdTl6OM|GcT1L8MX}YBWv7v*D1CDOF>4bAO-7A6AQm<+@es0Grp;iQvQ!B}~GR=l= zV8aF%2OQgLrW4NDY_A9MC=ZFq!)_vtP_l0Xf`>1YEpM`<)mysD+!rd;D%Q%|4Cn21 zIID17TsUxXz=iXU>4bB3IPWqX^`53vcJ-@C_de;~Pt&aqh|TKZ;((+3z;wbno9;vO z^K>##GTGJhQ6L`$?rrEAjXuTp@O1iEBfd!_!zUWqx1npDB~PbMHR78@o=)qC)Ms@1 zJcwGVF9P`@P+tb}C98UU92UCbEy#{*Lm(Sq7+3XIbj4<14$S#AH;XM-)iCBbs(M3G z)f@AiGE#pNDbzQCd=se6fox8y`df``Rd3PAR`qup*{c3tBU9BsXke@QM~zHXZ`D=( z6S_4INw@aCDcLPB>@N zO$=oP-U>znKBN(X>-fH;T!jOb*>Agi|#7(WLsN8f`MEK9xvaM*7RcXcaz! z3FV4VT^Y)iAu{-?m3y39Hod27 zWYYWgkPn)7Xj1nv$DJY4dj^*}BfZo+Lt>KvaB;w``!3T7XKYr+y6+C6+R# z-Wx`tx{q}CrRnYsi47fG9B_2^n@%`q(>)O4o}nJpbS*61%#fciJVd^S(tI;RV#5a? z2OQtSrW4NDe2;|UM_yD?$!piitB-6)uH!Nz;rOA)Ec!i)KfjsskA?DBs6Wj1;PSXe z_H>`E(N>f4PY|g&ocT$e@=t~GRH&W~w_S|6HC^#-*Q63bi1V1v{qv^SaNa{K8NcCMo}dMmFUaX=GD= zu|_uKmuO^C{zVOJ%D<$MN%@y`$}iQVF6Eao<(G4*%hO9;780ABfQthzCtfj~aK>h3 ztozka=7eg6rgJI3k}3Zh>0V3Itqh3`9b6o6bg!FEIA_znp;P`%P3KbnEuHeK$hRuZ z_f|-3_~7G!<9pk5D*9zD@16XV_u`btWk$j=<==%Lv%TO4QSXKFUKo9B@^7_9Yk+)k zzONDABk`8`fkvzZ#`B>@_MO&88u1+(pJmo)#P?);r}eQL3aG}le&7^#(MghOZ_>$)NLWLNjSJT;1cc^(+Ov6R>r!24P{-Z zwre_9Pc=Evjn08?G@feR&er6J4INw@aCBpg1)Q_##^!hn8JFWWw~sG*g&LpZEo1`u zCZzes=ZFm-d>n9mmzYjCXY)-wgOR-yQ$S-SFAeZKs6Y7^3Sm%TP{8oO*!e?_WFA!_CAPX6 z3%)NIs2YN(2_nL)i>QP{h^WMEf78S`na#;vnn{Ujj(J*$uUcYbT1hL!)B1PB196Ov zr>(SNJe19}Lp*qO@wDL(;%VdJX`dKp#Iu{UQ5`UkAQmMGvF!dkV(BOyZ7h2T-mMN) z3UlmBu3(($U4TS7MwI%ihuv>X;4^NK43XI%CEzaV$Qj;Xhuq__-qSR$Zkl zq%83gy=#o^Gk;8Gj{`afU;@aitbVI0DxILuuNjvM2QSR*-1^_9N1 zLMqe|a)dfkj$}n?wad|Rw2l^O{3j@9jzRhy3(jLxoW}r}bLvm7>G+S+U696P?$zZ5%&+EzJJCTB%q9Abr{_Qlv!`XaIU08CXLFJ@=uOhOMO%(?D; z@xRbsW9ZH^{d{CPA8q?>Qw7?5ugsgzK(wuLrV{P-=;x!-AURhJ#_JF$XNJm9HB5$K zYlrJ-WN4wSt&%FcmTDQstsRDWMqq34>bACuL)h9Xx3w1}#>v`TY5rTPpoqB;N|=k> z8{v!5w$CvCLEApT{1&ZT-0UnVqJc^VepW;Swak^i*2<{qT10cZ zFSq046JPG&*Q$5MD@RwMDw*NS3>d~|1OyRxaK|wR*zV@#VapW@j5&^SnUQ?23h7JA zDcMz5GWU`~K?QRkE_&X3188B;7sT;Zs0Vy`Ao)uEL5*x(&D6+N7UVFnw6*oHMy9$T zf5DKguUQ(I3WM(DEcKY?bZ-qFXNk?`N@u563Ly)yNkq6f;1cl((+OwnRmQUC_;Q=C zpl!ht8`>p4MG?)@q=UdE*;oi!fDIj79B_1VO(&eQ>E`*;S3%kWwzifHvX=QC^emvG zqQzauXSKq`(7^|TJCxac(+THnx&^*8m(wBvA2W<^uAhe~Zg#PVW?`&>iA6LoXc5gK zUluVj7sHMvxuD?F3KT9&U>GOni*!Yd(9a;8m$)Fd+=5`taU|xFBr#vkbIQ0vOG%-Y z@hDpE%W}r{iixe@^Zu*8yy`;3N65={X!z?vu7c3ma-qSP;|T55B(&G^oH9atofPT~ zifG>SsCe_EjeC(qBL<5N*J=SW& z+SU+qm`|PIIt`47<}+>RL^PjMW@57^*1s4L&6ntg>LpIW;&|fhy@VKMLn5O2N+X`& zoB(1NjPW6bcZH1_*~c1)VK8PzG!Vl8*}DS7FhKUM@U2ExM6*RB-f4JOfI0@2dRJU$4_QO1rrwvmu;|%YYHlatvWmK*HgbRJJ@pB0b`CMJGLd+ z@oSz_Ms`3hvrWrokR24uCTaq=HkF}$n=|Tawj4$O3H6XSg`v zZU@s$Cv`EIcOS@Je)JWzEud>0Z!^BXp@`-t(ox^yHt)uO*wDen0Y`VU>4bAO9b_+~ z0|jjh=$wd#x)wE^bkoyxw`paGp@Rzscewk+>K0sW`eof)A$X}FW8{Gld4vbOI{|oC zF?aUtl7<*&Mk1nt7zW6SXztd?ifAB)!I%}%Knw%KvgLyw#4tcsM03AJEL%S4K^=oJ z`=Ixrvt&s_-!dam4+W7x{2~vt6do~A7c5&STxP*8t^_C%9_EH&3QYMJcb6@9F=5Pc zRKl#J5+2WU%BTcrWo89hDWjl*X(M5Uf(GWv0NNLMih({I2a2vjH4BByTo);{5>M$! z@z;ak1(CAlB84%>5$W6{(r5FWG9raIW^SM$ikTlMh+!5aH48NikgZv$VSsGSLJk9D zYZe+8AXBr8HLx|iL?ctPkiDR0p>3I;s@a!WvrD;}rRmi`$O3G#8ZHjFB3foT;f(#r zSQ=z64+RR^7SOqxeU&1b6{K5{rh}3N*wDen0Y|sebiz5C?llT#plt!06VbeZ|3jO4 zlWcFM+0YGa*x=%TV}q1McfvWF4Z@cvOv&QnJ;{=N8!{hvJ9>vDt)Oi|7jHXE42WDJ zQL7ow>U1~|vH+WK;NpM_=Y7)&=j?DkU^wbSO{Xl~N2FUrx;1IKj{;&t2Nwq%9V9Ng z6VBOmpP-+olX;TKKAj+jS(}JxAcg_@6lKr*^E!>Jh~_hm?Ay@Koh47FFEp|u8pvhV z23jnmHc&(Z4a`>ov@h~Ct9oM`7P{gs$c_sNmrXE?&!2DTip{_rAluB%V#`%Ej5&^~ z-jq}|lrSl$jMU#k3I$QjcY%T!=KG|op@spnRSh)^kge*i8riCb#sy=hs-b=XuvPuD zMy9GEds*$PU&)nx)UusbT@zw8HDPKs+mV%_z4UN#z+L*$VcZF4>_^7Z#^9^5K#dJa z=c;-fMKt3{H$F`VAq%j{G`Kk6=q8v>IA_yA_JTVxv@M`>BAQ7wo=iGOSCVTrNy}9X z9b7ON14lQ-biz5C?$S`8)o&gN_>e}Z>Z!0~s$;HQzfZZ0(hK)t;pG}x5zQ4EZ9={= z!=RRdNaHHfU#%4d(7;?1Li-}u@*B|WVm5RYqJzR^8VutMh63VRSP#S;nDhqj3R^CN zVa#!4@U-L`P)J`=P8pXOYM5!Ef(qv5Fv|aw16mmL1#x^83SyXBlW#z8)5xYb)G!#c z>3zFKHoc*7!I(+!J2kNBJwqdt-jKZ@z31r)dQN&eZ2P|6$LX%H#1EK9Sg9bgNp->?jh3&=WIHtUY7al5l!b5 z1+%oG;8F5Dn&z7o5*t4FIN4av!tq0o*^KiE{Q1q4 zpF`<|6VW`Wkv-j^lEIi2(LgN&kp{IgYMxGcXkeZRp?#5OnexxYZ0IVK@=&7f7L?f?2d<$}iS^F6AMHS(2nY)G$Cc z<)MZFvMCQa43JIvr5c%(hx!FWHszOVWKtfo7oM}$+Eyx?~xB;m4xqIEgvy_@WEgV9A7MGK`ziQYkAPPq*LC*0gsf&Wk$j= z_F$~ZeWTOwxH5&0f5)XKYVKBx@U_75_WZ!A6)yRryAcldZ z716A7V-(SRrjZrVKqX`5 z<9gaeS8Oci!2I9vDzN413C0{pJ#9?t3DTF8Q$}7v4YM&+TSD2gqlgAt81%V%f*9ue zq@I4z$kr3oFc`D-v{fTpPtdqv%swG$VC(5;jqDSWt|w?)KRJ~#*+^EmV^#E7GOgM7Y7{O1k*`f zOeWnWIo1=TEud>}%Xg9%(M%@av@h9w5Wb}ADHqohE;AC2 zBATiB<3;MSoLrW(BAUxFYc2b!`V~3BKjw6@jl~Nl*3@{lgOP1V`6C;T3PxHrO~Xj| z6D|eRH2lSv`qF@E8mnQ!Pre|n8(|xud~x|)!fs@<(XJRHgpte;f87JkO5>=$Y9dV> zZT+39DsfWwmtv#|X(^e(@5?yartAi-`Gpu`lttTAHH!}={noK4{pom$t+_PU+bYdf z3v5nHs7H4F3p*)4NN;rIOG`%C5>d8HMcInoh_Y3j62>Si%2rmsgD<@*qg_P_`HnQk zHNi`>K3)zlE&6yxcxm0os}B)QTm0}(Tk*sf{`yRb(!X#Mf6>w&d%v6PhC>ZX9iGtz zH(x~Tfu>|PE^RkNy*rkNS9cMFLs*`;jPIBjC!6HH?%P8IKW>Ac=5fm7BDI(7)fq{) zH>U4|5Iaj}glHr?1w*7{$DFzQNN0xF8FO?)hZv-gbZyIPu_GM{Bu%EYD3{x7yq;0dXzL&2jm$RQ5nSjgczvrsFP6del4{8|Ehy`u!A~C z4n6>RfSrhjLuiTRzWCWbaP%A#$en(pcpNwGDPX7MS~4Ej8QKCeZAQzYew<0g)>1*2?% zC|jg9rzH?Kr=^K9Hp+^!CFOj)6g!_HDYn+qT1t3|w3enkMOsU9o+7QK6;F}Y`~@v{ zhBU^Rg2ax`kapPl_R<~&ic=u_3`x;+5S%peLy-vXrUO-b#H_G5yt*sjfkRkahj?+Y z*gY{$W^-pqM~J%ipo%edhU_VOGUxY#^WF%tlXOCeI0b$)#4du9CJwQybYh5|FvmU! z5w9-9E*wILU0jIW661^z_mwVC2=14hA$!>~q&sHsf!TYc&XE0pFgxbP4``*=mE(_T zC4>9R9x;%fvcEe+;9H@1G-brmJ8wD<{`w4wN(SOKQ3wC4jV8EBU(!hF-{8W9&hsk5 z0doL17w3vQP!8mQa?lQTkRHlG@qq%-U@?Al>rj25qz@J-Xj6d}7f;YX)#r8eioO2> Dg^5>E diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm index 09384397f7e7afcef3fc29b26a851df6f9b33048..eb594dd6facc8e778f23f12f4fb6bbab92b1da93 100644 GIT binary patch literal 21422 zcmbVU2bdK_*6lFBzz_z89ORZLB8ZYz48N^wTGmw;UEN*xA4eEhhaorvy1FjRkTFNh z5woDEV8FnLf(j_8hyfEKh@yaEKv4P5sjjN-C(YCE{}$)fsk*n$t?GNL`@MJed1ckZ zeb4j!*|jw_UhC8SvHsZ8{c--d_)j=)oNLFuV}o&KOk*I}8nb$^);R91uOY|XK+;th z4{GytJF#$1jjX9QZs?FdF1TtkqHft>P+3*k@bb!Vc=_ER(~l@A$Kdd8SD z&n&Mhtv>sLa<8z(F=az4OOF^+b#8f|{{4F&SlYjLmz}#xtILN}m5(kRJ+gGvm@_KR z9^y63aO{-jIHatytZMj}%F$k zQ0zM=Xl_%#(a^HdWu?{Fp3&hrFPv0^x+rK-(y~>3R7j2IkMkn0sKHzodA)A&_M9;2 z$oK;H?_GMt34QyN4n8Krs&Gw5j~R7%S#|kfuf^{*{fk%9^|xj%tK_6!%ik~@IjVew zHf+@}UK8>$^c#J9OD$HkeIXVQ1Y;)_jElT(o~If`qKc%bxUjv(kwkta|8cOQxFGUW zp=v0F(r^Hb8%yKJ8|Zmb6#2tcQFs^{-k^fRw6!#5cV&e%?&+nBa%O1k*Yk^tq_Juu zo@y#hB`9tPV%1EVMcz@2NfjfY=F+^lP__6S5tT@ZjtGt|r8%Q&j%F)FhF2F^35O6_ zNgNq0S|`TI`r_y?+D1xLTfDYIEbXN|V(IWZV(BOyZ7iLnJ!9e0c0(+9b+L5h5Mt@* zV(FY1XT&1XQ7LIFfrQ14)b5zEOB{>O%e1R2wTJ8x?eKA_V85sAp}OLAFGR9eB*)t8 z)fNbmAP&_{R08&vZnAeZ+|NLJ~wN0n~wBl|=R&ehGH(p7q5wFJ@? zvz^0MOua8>tx$V`J!5J6X>-*}dcor;dLaY+dMGs2TY9TL(kD)eI#2bLzPJkg;+5BV z`Ig>a`rFGeK>G4B^acI?SUg_cW$4c#T!#McG8~W?XT*A-^j8DLQwPaFb#Nr=5X^T- zYQBSkum_y-AlGzrAF8_)9J2P|e`KJoy9#xf9Ht@()!`DUBS7>A5d9%VbOewgI@~oK z(UH1K!6A$2C~2#X#?UdC_gFa=JNn0XNAp(wAQ@yg^iOgu$knl!<2b~HSGS>qIE2*? zaqK8su9{nUqCq4c!@NuQqf;Oh4&{qWuy2L$u4$-i$U+p#jD%e5gfwS zj&NIhPGX#~wN)}gRZF!REu*8C5hJ&D4BE@l=GLBzHn*H>Jr8YeIoJAcw0p)&Js-{Q z(aoh^fOhYArT@V$Untd)+2RWIUu4o)ggZ7B?tg(yrCjKmF7$D_OTi(lQfhoTTh;oY zXdLfbg&OZi4b%i5Boh$4+m!J>vEhM-1CD8;>4bAO*(6_%R+C9qV#%iXDAB1To0=w@ z;u9M(csSt5rkPGSXOmsz%L#%Em1-GQT%<0B8E*AalbAU>JudO(5%dERsYdI8 zNO74)OkZBc%Qa$hhCo+n#58BxUa8TiK)jk)X~gtq>Rzo885#gxq;>#^Q>f+XT<><<{^xJ&7 z4TkZ`Z>KA^A9G;RJ9v56a=8Fwj-y0w^W7D>Gsh{TOlFWm-Q~+&xaiT29pO2}!9jYb z@78^RO^SPbxyN^vbgxFXmhRKYR@40&*?M|FBU4ciYG7+>rbec!X897MbWiJTA# zE-EujikqlsVTv1E5&u)q`SKia{LDMwk7|8Y=Sv+E^Lg~MBx{*U{FixTFYsjn4CBOn zfvyM`b0C}-xgfS&V#1i?NX!LEVlK>a%D6&{NTFWRoAk0TFEhATOmKC1pTQRUve*T; zgsuz@e?7I7!Lj9ngE7Yu+~Op-S96>)f_se=YMCE3QpVyvq7WJF~>L~T*;%|6#+{8 zO0MQgEY+>%ih$Uh(Qt9VE$u4P31{p_#?r11WQ(t^(RBQPfP15^4Wc47opjUFbk_#N zh7K+cIJ)ahC!DkCt`FoVU)`YTI$F9LX?zpuZc5YL7!VsexH#bGZZ@58&ZfI15TqFM z3)_i2DsHN7g(-{L+}*Q_`nEuB3nCV$hly|3Xd@7l>JE+80g?1hjWz*=Kr=LAiL&q_fdIAepb0yF;m!4sT=u}2%)jSfJ(vGKZ1Q#Sp9Z zG0x3@naAeifjkbwIMOHR%1H6oQ%^Edwp^qz<~SmKJc;zF9H)#(=aE7^9mvyxdM1!( zlB#`HBU`o4X=JN*zDBlc>ohV|`@9CWY8Pl^s`dq4wJ(w@soI6C+C^N=qV#GO2E-<> z;o^YH>z7O?oUtDnOM5wx`vdigrgK%hIEWgmC8S%Drdu2k8#=f+;OLf`PB>@Ny&6b8 z^_phm2Y0*@YFQu!YB|}Kr`gaAY}nx9fMa{zbiz5C?TtVl;V}_;*iEDniuTPw@CatI zWd(~`y`{U%ouNXl)YbAf<9RzB&q`bv7Y}?KaPhojIu-r0Hv3)1qu$ee&zncS3bjfT zzE8sU(}b%6VzU8oa=;OOU^*53vIsv!KaVK$K%>D6f zcZ+2BL?iotbd9s*5%sA?e7DFWYAumkN2kw%sEt}5$ofEi9?0h`>@VW5&=u!Ec3c|* z*#N`1u)m}$HUo2D&ab#xY`MaQF~?EZ8hXk-g} zi$=DvztzYV_IDbY!v0k8z1s^JR#)j z+StmTNaIPQo0O)T7!n&gxH#bGCYw$;XVXmyWf|TRMgl&h5ej=MESc(gH2i(H%GM#Y7Ze=X|?ocib)jgWdeb9Gr7=`LS(%qM)yEh~@bZ~LN(cN!4;hatP zK#2Q>dQj7~wp%(gjPOarEb`4t^UVy24Ig|QaC{G$PB>@tJsgT3c~P;xMRxNVBi(U* zag~{JbzX5ZHJhG~;LmSn{iC5g8tTurJ-9rkkv-t&X!N7W`ng2vanAgN&iW@qc`{T_ zh4K`$eqPLmu6$YlbSO{5FwXjC=!&ht9GLW3ZWUWD>tW1sWc|}g)<2iylyULrlS0*n zQWr+KAM!n~`&`m52xUQ%^e<>+lm11GY|<~($R_SP^*>rE}q+g-wT++X#lYS-nR;Kyh3W*ILd>n9mZ<|gq=vH5S7RqO#S|7@K7S!kQ zdeD_`L0^RO1q|bY+CW!qGv>ggU-B}r$;GS>ZbC~HIYi>51yuR(>{LAsg((AD6{*6r*LJOkk) zM1J*GA#icP(bX2jop8>k8(+Y?$bDuwE>d6$3fCDK*BAvgHP@g}O)HRT1&4e4qsTmUQ2{O#ji-aOWjxf+bVNLOb@8<4 z5aMa?;^~waXT-Ccv{#)mk02H$3bE||J7Vb~U2H6Sh+-@XbL@#&@akge!Xd=c#l_M! zG0uo(FX;lAOlRnD+CYc1H)iY}$KvO^PCcXtbS?2YxR3NuJ>j=6BH1^k!|4o!NDznG z57HY4ddYs$E7sxkh7PB9wbkMDk>1iL*5N=GV|6(Fq^I=5YN?}PzTC^PKPs42I49l6tBF_%eVA{Mp~<9KvNd*j)yyVT^G`tcS_L3Z-GIqXIga!_^UT1glBQUXGL_b+ky~qadL<8mV&( zIFCtj9t~s;siR!e@gJ+ZppnVkt3OI-1v!lR6Xrcmj>BgB`FEt`@p8P~ixcEHF7G(Z zaU$ZvtJ{m?IfT79-o^5l#5iLw2Fvm4Bz!%4vYd=K{u;+oFW)seMNYACoGK?Xj*}6` z-w+30T^y%y2yvX^;`n=FoDs)A&b96K^GG8=RQf1dtEu*-#qcG2CY%N~h)>d%{ zTU+I}c1&WNv9;$)6{IoeK@#(C_eS`9wCw}T1!&vHm;az`A6_m*+dR7b7ft)%G8S#~ z*fI{gT;t1m$tOFt{HlMvkBA|4NkXpmiA}x0!vVL138s@0narY@=*w^gmCJdFnr1T9 zG*d`6B~1oR3$P)BhXamms_BGtHW?H!gVaSNbB{+5xrn-iWRS5WE4x_BMGP4{FczGo4v{oksQx7N}y3AD{N2iUG1}nj1B;YMPszCDk;L%fQmA zX&{@q!dDc{sM~z1X>RxBc6@r`%N_i_^3HhW=*qYB8NSSbVSGeD8F2@99CKjOyLoxo za>{Z6HANK|C)t=CFeCXr8LGBVYQBRQ$N|$6~p=bd%bZ~LN(akfRaL%TC+Q+>W z8W(J62g?S1OPvQ{3+O0qao6!#Ep;(;@WJ4(%51*rgmX4soiDBAq)5QW45OOnd6?o} z7prL&#A29OP4j|Q)4b@*i%iUguwzNqGL`s`Xs73CNL?1eFiy;u=!zI2q(L|@b3tsm z1;Lo(NX$h^V!o2&lyQX?lR_=go3zxIr3~&>6I@;1C#lzbdCdif50RJZ;PBUjZUw=y z<${AT#}V9XNpP>{IAsL)1}W5=RMV{RWd&n<%f!YvHM`ummADkP`)5E zwp?g1<~TxInS=&OOv))EwD(A%R{65ZS5U>gpVTZwF+jFvp^5>rH49k`kgeH|=^Z&W z&1zp(yQn|WK;mbQHQLa8`Bb4k_2pA%xK;xrl3Aw>otow|tv)gNvt9#Z_&N9D3;bac z?yROs7ObF(+2A`h4OB5eJi|G`R~qpth4+Px8rkQXO&VD>4OB7kv-bt4Vu0*@;Tw&t znr4eeyw~u)0F{j4wvpi_6NFI$-&Kbj@wPu*?4Y=dE3SCAuY)%k(H zp8ART!IsMp7;_x?u`S7upL3j&?Q(Bgp_|#Jbu-A18tzVQ05uK7FyjM=U}OTnzMF`C z>_58lB{QThlVBJJ3(dp?SP#P-m~#rh@M6ma3uBHW*h$IPcaX%SoHBxiN@h}^ppLmH zP*BBOoP2$EiAFY=A&bG7O=jp~fNU~fu93L`K?Z{%djq;sBXa|S{smhCk;_G?ukWtm z*LT-)H4wTatAU~g*qqUDalqXYrkhR*WHRqS(7*iPD~Mb`=f1wXfohr?Nq1wK?uLNa z(80w4M|YFygmX3>^e;7mg2)AQPEA9Bi@J?;kgz1HyH!g}3>{oB_^UfmEOWutreD_m z70MS#vzT8XL>}S$yE_3`)aLG(2WA>mLf_A=bjfChYu$3#rR&7{;{# zNy07(3Vwp=a1nB%C0*-0%tmgAIB3lPoB4zy%OK@QVi!U_d3%o71bF!CfL zeJYL=UHPgOQkQuyQivv=)RE$^2jvSQWy?hhV~!)zc}b+t<~U_U3YE;fKtUZdKTuG` z)Fo95SqzY^TF7F6Y}LM?k*!*YT`*>G7rddY1WobG{T7V55TpVz8%S|Vo zv*})^at0z7u(gjbY6S%@p;|$<6=^nf0~nA`yl*<;oE^^xj7NQ_`JOkA zd==^=P53bhKTZ=uDh5X z>aq!j@e#C{uGkFB0kW^TS!}t&hB3!c*qf5Vh9oBCl#%^gNTHyP`8H5c#eA0(He@kC zwy+_K0kVa?RU=#25W8T^6gFfq0JgBVYh(%=`j=I{`k7qGXD+|6uy=4ZJJPH91&Qe{ zJzN}cm%b*9JK>yt>1*-*SfIv-q;rKmA%vP{VhFm4VQTZBXaP2v1{Vh$-6Ycq=WM#k z_;v{bVNK`MG*f9jjdakkB-d)H)~y&ixL_~_j_xAU3FmCOi$j5Szf~ky9?}SfeF-d? z>X>WSZ&xm*1jBu3c$r34O>?*0_@N5X4-E=crJw4k3b(Yxp(jwJ{sI z^3g%+G989-215vO4XlS@4orGIcZDsN!7%1HGI)COH7F!7DW{AKhAL)ysGx?qX(u%e zL^0?zC03!Jin%5E9`sg?Y<@!)gE5=mw`*kc8)6rXnf$&}1DoG7G&1=O{R{FNA{UUl z4?OPS7nApLt@ozadQV7fG5{_PxD2?@bix_Cm9cQ>U#<+*1Dei#(DxvP1v5!EGff9U z3$USsivx~smg$6ZHXYm)RhIuB02u7Y|);|}sp(|h3L+UaghH=(I3Gpnq0&`%}=ebpExvYmV$C35(ldNBm z9GH=S_CW@W4!`j>g3g2)AQ zB{mCJFzMeS9fU3k9Rw}Fh7K+cIJ%Xl6VBOmkiQ`5p>YA7OL{0;ko517@4YnNyIMwK z_~3)V7&yLI*n(W3U)J)Vbx9|^hcli@kL!$#qnhReI5OSyekKJ~%!i4Z<|B<(BOQH^ zLKTBCtEPb}28gA=fIiX4zU5k@kyX<`6$4AFrdjL8sHRz`kyX<`E@S58=O~cPd>Crc zjDjErpU^@Kvmt~CM!sZ0eHE_V1b1+_6L zC}?0(P8o>>SzZ3$(|uhldV#h}j>6jU+aB?a}pMz)|Ji@}&JsI3~=f`ZruWA-UY z16xqrHL_1hx}YF(0jVpfUszB(xKs#TlBGh?0&Fr4E)KYit0{;(DUiv`IOtzK4;4f% zpmPN^p#XFfscwPLC82|$1=!HR#Q{e*$#lXwn{ILe3u=m{>tyS9s#eoXBj2<%ACxY@ zh7UdtI6kOdbSE@0*?bVdqzkIR6cnyAGLCAROL7eg)ujb;X@OPKT!v}u+0WQ7FA)4= zQYZOS^upAd8n1pZw!=7oZ1Zu!SSzb(8VP^YC6BCzzX8)&nhfyplP^Zhf**lFUN^%& zKmy|ux|rQaXCq=UMhGLB!N_Wg@#8OzRSRk1XdCZTR*93cza1kjNK5TZixh1MyFqJy zGsYNY(Uz!|@u{TWLKddKVMwvHl2&?KrIl*UH<)dpBe6faQ@8WS|0z$XaCGrY8^+lN zakfdt*_Pdivu&Ie#waV!wpPi5FTpCKUBw9{k2J?s!Ar{lUIAWO5AX`{(r$p)7Ojz7P>0iBxzj*0{-QP`i!?_004v*=)+b<&aOjEKOm$n!4A*n>j|v4;zB-^4g0#QmTH;&0xdwkx&cUd2Ye)*G|;!R&pa#_m^o zdI4c}%#9zxNw2Fw^^<TFlKbhkdsYB!to+j#0 zIg~QBR7^!He|3)3!%smWgB1S%60s@{@-k+W#8GJwe~Cve9ez=Y=ZO9lDXzLHFI7`) zWLgZ@jNQ0Q%}k-hMhGLB!JH$_@FP@>;~$|iv^!@>;=}_duFvMAZ4TPzsqAQBetW8g zp^c5QXj`a~c#%7wBPq6)(lS0rT0*KE6z65_VHrue2%2p+DSVp<~h<%N_dX6lU6)O+DTiUBklORTJ97n!Ks22i%*e` z*!xb>2_=eiAo~?2yUsvR42r&usFQB679?(EUt6BI9TkS7$>v2Q=|)2 zUVBi|m^wxFls%dCUE#bJLhL5p5F*Zj-wd(4;H-&5>>=G4VmHjO4?@JN3$Z(g5Mp;1 zV$Z}lBgB2BJLH19}s58-1u3o^tuZ8(^|=3KiMM&(ntEa zQv|*hiicB19Q|{q^Wd*fk*IhWZWImhzxrr`oAkxa)c_d~%k$Df6jFQ0&Be*$j+6s< rq#T$tdm)aPfpTDcq#VQ}1tLRzq@<6QCOLr?6;0MZ;OBMmioE{=J>iNt literal 21432 zcmbVU2bdK_*6r|sff;aM$b#GwMLL4mApkTs)0Ry6-pkhE&{&T9Us{2VZ`u*SHygF6)*11)6Z+E}<&OWca zdZ_Ptp8r5yZLQb#G=Gdg<}`n-KQ{gojvedTaqpO5tQpf72)4$o5v(by1+9)KA6!*-$mmh$RP^cBuXMk%ex+Tv?JBFT7(A+?rmSXo*@)4n zSDiiBYntKMIm>Zyc~$wSp`)v6yk<@H_z_1RdU!|IDyujbK@YAet3Io|Pg$RS{k_6g z1Bd_n_?q%jWrqzrA1CV-CDU|BPcx!?*cr(z%@eEbk@YL> zMB$UQvEVS;eryqs|*q;}!pZ zCpZK9&IwxD)Ngi1c};m)HMXZF9P5P>YEc)tRwb?5G)9Hgdj421@(P>GWsx`P9&gW} zqYsM@xL;}6A%pt%DLej%2&=-G){Gu8puD=`c(2v(H9gKN>GoT*mRE67uk~*j4j)l5 zOdGao8m|fY82ZhAxuFg#s(lU%2!b&aa$_T}yXUE9k*Go`EH3D%aU_vn#eW>EEY3xq zDo{9C`GEd zc&df8kf69Jh}90VL*yOKm{c(WYAG#?3skG$5mAYh=!oFhT3RxymT0y?WO#Lvm2e1= zmBf+3qHSWFtS^oZqwSXXC6KVVnc5jMc8z24c}&|osa<53XseH-g8iBymi?7iX?iyCH&%<@MI)s#HqhaX7t@1%4wGo9ZKdRA1>ECq})e_LjYI68+-U z*Lw{uzrXaiN3oCW&7;^G^!s81@am4DKZkG>{oPUQml$Wny1(>S2Z*N*lmpa3k*I?) z-@&Q*4g$hXaLNN+)6M+{-KF4=wGV%k18nV8Dzwx93DqGoKphIA!$5Rcis(=vLv)C1 zI-jj^pDv8Z~sVC&&pljuYiL#&I0tI0JiVB?{vZE7d>cpEjH_ zG$l4a4O5lJi)qr(VosOSqfZRoV6;~ox-(2a=_=5EAN?WPXQI6kZC;iCh4$BIqf*pa zXs<)NG1_O#>8cX1L!!Q_N~+XQ8H%kPrlS#kz1ZF*W4H{rYZ)O!xwS(v&q!=7UftFX z=Mc7bxZB!MiE+l(R?BczBQWB8!a194qAy3N3rSXD$tL-z(a9v6 zoF<#(6B{ykIN->pm`*rnlTG#ISSgP@sgbJULUj?$aKDe5Hka-U8B(^jNxHLT}z~{W02ST(L0{H!Iv9+b)zpg`Y4Q>;+3PTp{39C zWhM;cmETNPY(M6}q_^;R*mAi5V~(RnX8P_#Zq0Mb$hBFdP`CMV8xB3%x-}eG92}r` z`gYwH*rd3_mpgn{N_T2xi|HOLQJb-(6pYB?Y9 zQCf4j(mCmsKHw9ZM1+e2ZrKl-PB>$)GM4?2FW33%VNKV<(#`dw=IRmBJ(8xI>k}I~ zxH#bG=9x}7XVX3EG0#C#h4EXg{i68~jBkT3FO5e(zR ze1@(F7;_+;XSpD@Tw=nQ<4DX!Nn$>i=ag|mi%FrL*PHZ$FE22-7fo>W4L*b|@nwk% zZYfkbXfWnDLVGm{?TtLAjL=q+LcQtBo4$I>m$#CdeOn`2v+rnRYj%}J zwr1a@ca)1)QmNkadFMOeq zy)S&}EO}qppb_siyf19ji1!-a7rxSne7rAw?JRj;_=ZSr(y9BcFW)jfzB5Z|ICa1G z<$D;$b@c;XnIHJ;sm;s}wp@O|nB&Ng@00xaG0!O@KemuU{iO5bXHNW!A9Ye&ec9@( z+CXXp1Y3t)!~UbIp#!)ekPBcK2Rn|g3>JSqH9kPFY`I`z%y9&JLEtWA6Y`ugf}KbT zbzvYE25M3ulLB`Gnyisc<|!K4WS**#P3DU4bAO-8F&y?5k@vT_;O-9gVLi-Sug@>jGj!2Nwq%-3_J_&e?P~27(l0 zeqlS2N5w7FO)zCqo4b29h)o24y2sBG0mN<+0 zHjP-geAv5PBNi@;`VNik!`_|Fl0|(Nk-9tJjrpEH?qMz5Yr<~0aAyZH8-{V%_t6#m zhdD6m{oG%+TrI$u0H$=38JQIDe0D`>6QeGku zyw0LlZ|E*_XQ)&wb+x?7c-~CMvl0j6;(?C?E}pkcr=nlhX1~pN)H|AQp?T!1RI4=M zyCi%!O}Hu`HX8sZ2OQyhrc==`i|~E)^AcqqXf)X7!{`qJ`5+6;`mwX*CF&E6_->Jxs5M0DQ#!2;qIT-DKt2o9=Yf3A!d@4Lg|0XUvg2AG z$a)yYh5ZFxu^E^HbAHLqV#^gaj5&_NUY`{9hCHW??B7TV^;IBW1?uZSzD^4J8;xvX zZ_>yX_O}|@!v0PpQ`p~YU<>;PjZ9&0)`k5exst-(!ovQEtNAItnk`67cl2;^z#aY1 zrW4NCkBp`L63C~4+N$YXVb_LHV^tS|t}aY%UTsKhG7T;cIJygr1)QTyx^W?I$Kyk; zuAQyy2{fKax`}DJ2_dnegNp->?n2WE=WM!3p)ALH!bre}G(urdh9y%S6L0@sF(s5K zq5G(CszyJURKG~0jV9Hn5vhwwe@Ph4z;je6mxk)HP%aCR!P8?lbTveGc_^2|FwWpB z=!#Wi4orF_cZDsN!7%1HGWhb)ZNyc1P8r8MgB0rOP_7Pflh6CS;~L$`qTsCR+EA_y z-Q(tU8rl55UL%{|H)v$@`$mmSe&3{l&F`5Snf$&vQ8M~FS@Y_SVI8=9Nx)Qs_JHseccaiR{G~Jycv7v*D1CH))(+THn zx_d(0H`KkFuC1k;9rBZg`^a}+ns0VUZ1~{gfaAO0biz5C?}1SK$cu`rcy`^rBBVRc z7pKgWtM`g`P;=<{ApZPj);|==L!tg)+k?x)8rci{T#YuHtbc?^&Ew3E>a2e(l*dB# zcqorE>*vR8=!$nhb8mA$SrEzs7{*!u1YNNem;;kO$*p3`Wj%~Jj;vphWc^clP8o+^ zPYSg#l!alG{~_Pgy3Zy3qEHqkN&k#SHtC<$$R_=B8rh^@tdU9j=QXfN|AIy)>0i`I zzeJO|q+iOUU&f^_OD}b4NNlnKE)KY?c*%6a8Jm@{?w3QE7pmo&&L#Z{CjBdYY&D38N2904X6J!jBfPR+ECVp>a$Qj zV?li$uLoTX71X*=*1<3?sP%NkHe(J<`UQ`HEmu%5<~Ry!T~bhA<~d~~)&^3jjiGD| z@f}V2Q}eHMpDU=ZL-{%>sBbi~1+_^dTTtI>WDDv$jqFpB2DYGn(8xX|>4N%Ele&W1 z!h-sVOZ_Rm)GZ;g$vC(;;4r!231v;FwrV<8P_;SG)#X4}hbLRNv$Z*5 zLkAZJ9Nh)R0?yfV<8r)H9|s)Yg{BkE*?g07 zd3TYVDJYyXGOh>(H96m)KuyWXl-vMs9~7CVrsnXmdL#UYZ?zySpy=NCaOT1NC8DKP|N6~#;i!^W>`L^ce`E4Ze(#`yjo)f{$vItf+?h& z#tLAX@@gsg_GE}^0isrj2(K=pVh$mqVz>V# ziE%QU6Th^UV$}xov=v{q!^X6i_K2s$?}!Id85_@z(w^~9MAHfJ;MK*`kwb{5ql>3= zVw@4rPSR0z!90Rklqkfq^Y4hIt8}%o>>`S>D9o`dV!^A6r7MRJOIH_5x5PLjmffT) zv@%^JkaiH`^uUZg<5+x5!+$)q_{k#iR=dmY5VpkE!98Sm)eC-mB9c8*Vw^5Ohy-z{ zy`aBwpttNLy<;&>Da1IX)mDttM@pqnEXJWo#)xsCk-=Iiqfz~&m*79lm=fdk=ggIA zPehOe=#G9LZLao}eKAA67-v7(Pwg-JJ2B1yasW=^z{I|_~)<774$Ya|D$0W!c=NToVN4pE27p{yvaeK}kX*U=)4 z{{$V)5lEjS!Fgng^9Uewq56|+I{u?{7lbmIdv&yQQ3EmbXUuzy9D~jH%kN0bK{Ckh z#j$b>mv;>2I1X{))$PR~4q-0_xmb=*j5GG)1R11Gj2fwv@ap0?nL~)o&s)!fUq@l%}DQCJj$NxfmwV^x9^z)hNY_#n+PnBr% z4KwdPL(sN5nkux{p`Xu6L*-0046nnXqZuJ1)JPeLtsSMKkr53=Q!UkYEj2QdTRRf- zjK9Toaf#QpO3bEi1`oN_7Ud4Xxj&v|DkOj zU&f$mA6~|yZ5~}}eQa}`FXtv7?_9v|`^WhR8G4r_W(Zq=O~Js!0k?+nrW4LsbH*|t zgBhkEbvZYY)LckO%_NdR?~;&R=o1?nR`Zp(nZuXl0nOo zkX@uTBZdqf7>t1=Iv26lANMD`K$IVHR5?htp9LO~OA7Y;q|%>k4#=nLZb zD%Cx{+>?Agf3HTiu4ZdwD+}TnSlZgUUn5gp5W`@|*4G@3Ooc%ObEnqh8K59^0o#t24I-C%59$`sQQzXu@kyXu;$|01Y8J(cm{?NtjF!|q>&vrD%;#XolB{DY@n7b{+G1Z8!!SP=ea%Q6P{k_oQ9!AGf=eREQ6!gLnnOvE_n;F~p}j4(AaXJ!I-E8W8O__7RnePTeFbH z0NI-TKqFhTtLYu#{V7*csXp}OLl^Z&8c6)`0ci{j8(Tw&V?J?)Ycw!QnNPK$lhmxG z=)~qvtcEd$pQ9TZm^cXwtWq%yE1A3qBE&ROzZ^!G&S2c5c`ec8 z;naoRWeW`Bx`HNQv(69v_0-SI54K!>z?kF6k1a`l{F3LCkslDxY|-Kw zYFr@W0w`f*Jio)6fPP#A(ACfZK<_dUhH4bAO9Yip7fr8QnbWT!3m5Z85x|wOZo3zfv z(7^?Rzq$j(S{Ix){j%<_kiXQDG4eo&Ji?cFw*v6aV(#wQMGa}ptVB`+X$+8+)ZDI- zmDE5QgE1?qfiwn)h0BLMNMnGkq~>moSh#%HgH#4%_F?Z{XUU?5)@4?p?$h7d-yg{R ztc3?m*bNsh^e%H?7}o-H3HNi$pr*m34{?9la>of{j-wXlB(?Bxo>N9GKshrf(7G8l zkCK|OQb7^(XaFUQJjO^Lk0V7_LsbjC%X}9ploOBXNb%Q$`~{J+g>)xJzg&2rK$ zPt!ry0&M8u;(()DVLIWQP4^1rGf=vK%}Hur!~e-my-v2*(`@JlHf(Tlz_CHsqC4T7 z%?1_BBc^C^c#pDZ--PJL-H_g5Q7Z^t(8U`M69bADKE|$MJgd_2K-2sM1M~?hpEv0>8d*urryAM!qidZdFHxUqWF<8a&wLzc>5N)WNevV+Uj$IX z$d@ea4RKiLYN)WGci9NT_!9ILU9lOM17u%wv)FQl4P%a@us0@!4P8viDI@zgkwQTt z^KGCYjrlGqY-nSEY+*wi17r((vqrYCp?JZVDQswA0Bm9Zq>(9Xh+tOv>KAe)pSf&h zVb_LOO>LN3%~m94XpbH)4!EPQ3*$~WV?Q#Mb^*R53)Hxfbgr<+Q&Ka5bQ98akhK7t zOoNL9j&7pqgmX3>L@>A=L+JuKC#jiC<0+(rkR>^*$y&T(=-`6E7&yAArW4NDbQgsJ z0e_oFz=t$KVNZi4Qyp_{|Lw}f)M2hiz@*o3SJ-kH3}cQXgJ&e)g+d3Da>_Vn zNMmM%3X+)Xw~^F98H3Is4zN-|8gpavW#~;B+5Cn!24gnAZ`R1>Hxw@zGx>e11~$KE zX=L&nA{gZN?V8km;Bg1P484$?G8PUI%=A#*qv_lS zefLsbFq?F<({xa^02?~EIN<2+Go5hGrh^7%sjnW;bWU9`N2?1SB;SK+zBwVW;e(F@ zjt?pq-KjM(S<8d)#f#FC8oW2J_i&(0IW4J~%Sa!=pWn>-c@$zeNzJ1g*$X^0GZ?dy z8fa%A*`RVpEznsHMa&Z+lrZunv;L`=4P6aoJ@hX1FpRT)AziT*m;;kO&8=d~Wj%~J zj;yawvVKvXQ^w&e-DXkwlXqx=u~p3{9U=^>3-oFqN8F+euyp^X8uNe^)hkWKm} z8kwYr76wB$>6d9_k{%)$Bt4Wa2*f4*awh!>E_FqEsmnuRlNE4rz-7fNrW4NCtc-O- z1T#NWP`ZGw#1{7JO!_xS2enJGvrx4F8#=f+;OJJGPB>@NK?8%NhtLIdF6kj_sq@u4 zrp-4WuzZR#LOZjZsqbsYX^( z1I>(?lb@qNJM(_1l{0FcmefEIvp$3pM!sM{eHpI@T@5X0Lns?y7#Gw=x?*QB2j>5Z z$H0~=C>V1b1+^h5C>ZOn#HZ3<=6uO&55#-Ps?6r?fVB?a}pMz)}!jlq~L zsLdMLf`Z}&WA-UY16xo(X=I<0bU{Js0#a8{TUk)GIV=@wmt?7swE&xpgNp+$j@eP~$17nLs+IT@pH|T7V55TpVz86HO;oGMRK2=2%b=x`3{; zt>4Kx7St5-O-b`X?gDK1;NyVfgXBeb!a17{DwuRZx_ z)LepT8`;m;FU<-5F{zV%EL=3Hw$^JLjM;IlKc?l_V2st)w1|X1@6v#_hQ9_=B+aR< zv5FS_91QY$2kZlMFfO5s*^P8IN)}^;Fp?SKFMpt5X&Du%R?^DR7Hv~jiIcLwA|tIx zO92gjd&be0up6}I*JF%P7Hx@Y9bc97TgZa+Hw-DZHqu6KtF%#V`3AEc#3c6Tcj~wO z_&?wz@e4byi=h&`kS zLNpSd21BHT$6R*zkRA-N2j=L75b^3l+?_)Rad#Kuo{4crhEI)wWLdn#2QOq&r$|Geou z_~)dNG=}1>DgI}_11T<6`{WrGP$|Uygg9ux*ke)gej~K}|Em3eWe2s8?7t8406(6? zpZ0+yh*uMJupCUSS}LZ(H-2>;X=F5d%_Ad?gT{;*CD;r8BZw7O6x89jrFb3DzbD02 z;|oxz;;@lmamTa+yKziAm_mt-5JobCxsL3BpQ9>@e~!w~Zkr{E6E8S%ed294eu)aS z>0hC0WqyUKm7$G|vS?eWlI>kbQf#fIb$lIZ4ZU7H1$%89x{jngam9(_Y|A*?BF?s{ z?P&+Z?P+J?jE%D5Y)63~4`bWwNQ$k4bdX|RM>EDo>k?7MIXi|Z0E4i-Bn z#>s5%D$*4)uU)8XOkG8Gm0g+j-Qc_%LhLTx5hAVwzZqgr!L=q1ad+v?5W8cJJrE*Z zU5Gt7gb;hW5PK!Y86oZ|J)s%gE4hkvvsaPcn7tIUm!_^FdjVl~%#9z|O0O%&AKOX> z_m*8^Abn(ScNKwerQ*dYBaVJ~(|PdMSCOcA2yPTj@V~}rf}8ZkEtUR_E*x~8R{<_D z`*3q{WpS63eR)aQ?^kvZBg%g9B?U6VLi{M#f%=k?zO+D7n+mkBaH9SxKd-A-==~q^ CfQDrN diff --git a/src/wasm/Hacl_Hash_SHA3.wasm b/src/wasm/Hacl_Hash_SHA3.wasm index e318aff08a7d65bf76da26645fd115f889cc1e55..272eaf6c3adc8c541c5bd9f379632cbfc7900b7a 100644 GIT binary patch delta 444 zcma*ju}Z{15C-7c&Cc$|$Z_GC6G3LRu@L15+MO^>5X8=R5JGx8FIT1$w)G)|RQdvz za!+Ape`w>zEZBH(Of$vs?f>sbE8bi2T%ufmbywJ?N3TuOfRqnv!Eg-Vkbr@cnr&S% zR8Eub)}x!l$Ps5G z!ig|G-<#iBvV?(4oT7wO&wa;$TXS;pHw>L+on<# delta 359 zcmX@#$@sjJaf2Hx(}drfJy<(AIrlX*G%zqR)v-<%5RzqN-~5HoS4n(9BSet1-jP9r zfkBZ?fkBa7fqn8>LFvf?Mtq_y^^T0JO!Wxp$e_SES<6^QmrH?DfkA;$flEM8k=v1h zTaibBM}f_eL6Jp~Re?o;)r^6G`y*5pWg|Hq85}us92s-6KsIqHa5?h00SR8W zB1Z-{utf??5Ec`w0vFhDCaB>M)7gQhvjUySs=x*^eG1g=>>v;E10|76=a_tvRhW@u zvZAo93@6Z~tU#^IiYyAu3M?S4|Dg`UuC>X~P6|WIX{Z)9kZqHb4W%|OHP#XY0G}d6 AjsO4v diff --git a/src/wasm/Hacl_K256_ECDSA.wasm b/src/wasm/Hacl_K256_ECDSA.wasm index 3f9a5db6e56bf1031581ea79b097df0764720c8e..65006f8833992c3a80a4befa6ff203820c74b744 100644 GIT binary patch delta 4400 zcmZWsTX0lW7VX`6*dag~jY)_+)=olR5b`7t@}gULi6AeZC^9oX5F#RoASB&{?yIQa ztA&OE5d;)RQ8Z{6Ux;7xGgJCy%~bg@A2a35{Q5IfH9BkGdy~G_RCU!kd*6N6S$pl> z_ndR$=Yo-+3N95ChhP6;pc5X(nC3Zi9tC=C84#6lX; zB1BNs844AD?d;zlDhMZ{$^6XWy{VD^zIjZN!gnU&hFE?~24azcEw}+i(V1F`QoRvH zn21ocT+8Ai+=#NlAuT6lMcyJ*#PXNtFN%fgLm`B8D#{U}kMB2xLaBHXb@qzS&4B!}cLIP4cBNFo^^k#LyWxFfB@0!FzG42$td8joZ~r`|BK|NWmc z-TyvIiOR!?Daml6Fjc`d(ePZH25`Z zbqmdwRkPnRi_qc_^@a-c zE89e4%rh3uQ{ym?pX<%I8GYnF=D^KP%F$a8_dK}8n8b`p%w6R*gS^g7(0GuC4r);oF!3wnp!RCnSI+?m$9aF^RucVi9iW}{$@ zb%^1wwH(&Et4}tk-h+GeUfio2Tp~U9;XW^y`}BSi*+?QAe?es97?B6CjE{U)oA3ZO zW&TnzEr|!MjUU34+{1^1k&obE-Hb={QEbMej&8AGNVj6ESp(RDfwVqG=VOj;!!|dI z$C=*aZo6;C{dfrXTQc-L?c>TT;JH3A2 zX}Lydx&7`A71*gyGV@)`d{;1YeF{&~<0rfuyRm~wjybT~`h5?c@;umMV(&60yF4a4 z^l2={(<$8>E6{z|m(eSJ+Ye&UlYF1G&pxiZFVH@Nw5)vwnTcU~K`v&|pbo{L2_&-m zYpLx>@@p7c$e4ryB?!b%+xY({X>I}~n?ivg7ieNq_e-qAKCi=)9S)1ftoMN6fOy=7 z#W073pq%DV8A96#9uS|QADWp`bK~>_qA3A?Q=*-f7~(A2P|5#&T9B6Ue^9R@aQubR z?m}r>h|}Cc454icIb#d?p|()c5q(B5WaWO=9V2?s9i#f3J67oP?g)KBz>tFy>$vz# zS`WF?i5CyzIf>Pq=djqcf}ZCkHqAUQicM?ic|l@P^SmTDB>J-8u;?p-7Y9UN6}%*x z5s*j5{hD&}Dkl;1yuwM;CNFbhpP$z(!`HZZkMF|V*=R=wY#+BmG1#?jM~=F+r^$wT z%@Qt|%$+bg-LyO+I1oG=2M<_Ivv9+ALF@%!8lH3CadioVWpJ!LPR z3W^^xGpGGzZUm=fYm7f;GhP73umGnFEBmL_Qe5=LKhy{ooELpdypzz|g15!nw%!)KV6@*cxOalIC!6VM zsJ|1uB?0?g0bTEkqwf(1?}@vIT@=o6QPTRp;C*qofDZ&01Rsd)WfzPVH?yLUK{45P zjMy~St(OFsL_ZXKDEg5#@rYm~Ai!n8WnX|1SAY>?%xO*lhR`+vE{_S|hq?k>7X8>4 z;1j_oz5t(yj+y{h4DL!$fD$u(0e&y|SOWH^0=hn>0H2uvpLqg&E}Y?W3h;&C3r~PA z1*3v5T>(aO0uY)4T*(fvlkz&sqE`i1MZXe!C3;P;m#7~RHHmBDq*D5|;Oo)n*UQ@J zB|kpPlk#=pM6q`=9{tx7vO8Q@ikql$cHl`Ke5YZWPRDeek@=>iBKz`ADNfGBOm9D! zsbIFsWHs;!i_r2@twM3ms74j49jzgc8n?!?P=i@%J65~ptwWui8tM@MXb1u{qJhWh z#!WhQjJDJC5YNza?NHs!qjYmxTj*?Yc!X|sLEE@mn|o|%2T%`K+t63xR}@Z6^7Z>+mmCTg zmScwLm)Jx7D3)?%qF&m=i$fKvJngEqnou>=t|p*eF)d%aS^Of78?~5)T1V?hr_R-` z9(AZsYXchGG#k-q+Rdh1&=r0s^$iE7GP?Q1vNL8qr(XF$6e)2=4-*K4Iw3)K01TOG_#=>j`&Rb*D*Q@pJU zUEZOq%T$Qaat~eZP=PL8NKLw_Nq0~aUT_xDMe+k$;5D>8|1)-U+>0@@h!5I`Xay@Sa4==UmT2;<(YkHf+cYmGPL|WJR0H>+Sf% z=3rzCnpvS1mZueM4$H$~$jW2ZJhWq8nx$z)r=#;R->umKs=mOjSr=+q&RV}_a~*2! z_IuZO%?d+YSGHtc`Kc^wak`K%*Em?1(r&M0%yL@~uai8kggCe*bBCyBRiHc+~xNa76s;ZP9&y$o;kN9*GXFO#RTX2oWc`1*1@w7^?@P z5R^HkDD}icQSevkL^P%qh@oO$BohC@?eCA2MN^4%dG64z%;4V#4okY!89^7~lsdB2 ziEZ6NH;Ke#t#L}6GA<;F3ki(j!c`7!xiF@ltw4iy-QNMfAUCLb&hP& zy8MMoxhi-5iNs*zsk71Oj|X#Ko@p$vPDRs_%FQ^ne=vP^W!a|6mPoVHbMAodCJbWe zBZd?)q<)4WjXq*X6(SNspUcdK6!7mG96f zNfQftgLzzG@K@x%svldj3ag5^S7Wu0dzIl{MZc>;xK~p$7pnu@zLAH!WVNpGn`$lA z8mN;XuPao^U*eC@=--tCu;U?UOn_Rt_1-;p8stvdq8?t%}ZteKrnlpEy~78#5gYy7HtHts*i2xXe+F!G z0oa{b&ZPk5UAPl>xq3H&-R%Lp2Y2J1tlo=zJz)3YJ_B|?s*8Ib2s?NX59k&=nCouw zy8RKa+qYp8?#Cv}gO2ZavCZ%HZJ}=8Y{_l*yWK4HS2VrD#ji5D-S74t*x`5k4$CY? z$?JA+sKpL_lzHxCo;$;N>SK76njpQ$@i?{VlVT?3(>L;b##5ShV4uc*$$!04 zrgZNS>=7r@NxObAZ~a1doEH7j#FprBk4%q*O>@uYk%?L7*KQUf>klk59 zR(zNl&vV8+b6WIF6Uv4)D*@QR)I3khin;>+suT0-_%U}S(ZZ8R_X+mN@Sjrme!>1A z&^|BFJ`2QYF%V5CTcG`gK!K?RO79mvz|+Di|D-p@^eJyl=+oX>mII-{0%a-BGJj{nr<-KBZY^&V_tW-4iWIK-&UK>zk zZ@p{@SB=JANlY>>^MZVc%fo`h0hf7?%e+P6w8$k*C>xiD3tR@KUOOBXeTBgEh~P-b z@lnCi!0{2!@ey;(Y0)uFD4XM>1;>G@Iqp0v`l{d+fguN{)rqNfsKRL8dDJFcs!CjK zGcHz9$4);cI2LsJalvthvra$eAvk6TI4vTei7gSq@j|BuriNhYanWDXTu<1>6Jhov zCKkyb%_HH2Jmm1lbcQQH8&=?i`O2r(NWAhjA;bZ}KmhTi;A8-Cz=JqokvJ_vq=_vN z;>iNUz|`C>J1P3QK|Ey}PlX}ACMFj#RuSW=|HnuhVmw7>H8EE4wBU5HiutN_Qa<17 zrqdq2(-wx)BEB=W!7JjKLJUqI=@lK8lf(v42$8QC13cUZTSQhVOV*qCS zmcg6&reW4W!Jz27f_FvVvtGU^xL9PNdq^-8^zucIhKq)q(;^Ktp=`Z8RG=X+^=KFp zeLtY#lHgK6!zIznM#B|zcO^_im5BijzZ1MKA^8IVRUeRs4~>QoeHuOz&hQaw_*n3< zPs1mIPdplaFSso5{vW1+0Z79YgV%D|qv2D*r=p(;J`??1u$#``qw_RA7dMm9F9cr< z&A3t4O{)6$eqN$SL{oA9(meF+BeFAEIl&m8$m{6D{K)OR6HmeFk{ykvSUUwaWP(NdJ4)LwU=K1l*AqNz~ z+=cIJb4>iHw?)kt^E1l}A1K8jKRx`j8$VWE|6*qR$X zVItp$7GNe{z{88P!j|or#R|2vJhL&!WqCOCS$RyFhYrlkvNW?X-_-?J;MHs)SzqYY ztP@jN&Z$AoX1ZkAdoXqm*DMxcToTpH*L6+8EOimLH@R4pA$u3TZ+N(y&rIH4A{@Me zc|*dNYSFEWnRgHK?g{5j#url)??k5F>NZ$LRjm9-{$2!$JC46&tW187#tUkPN(e)%qeY3T+Uok4r`K3sQ@C7Dcc~7SE39V`av^-w zH=+jW%L*FHMNTvwP)!@&oo9_s$B{y2V$kxXnT*;Bvr zj*?hK(*IiVZc<1w(+OB@pagBgq%=(REtKr@>rw_$Wz7K~6fU&^#FBzR1Oe(%78>QC zf#z*_1+rmV%e3W>66?MfGujRuB^pBTkOFK@LN=G%(KZ8duCUZIIV%EGf zYxb|>Yn@#<>_$46XJi6qN$2i+!G6W_elRY(Cwk3S4Gb z&mv^P@_ur*Dk@V3)#)M!0qjyaFuXd1q#ES^73y&52sLVO&?Zl6E(C2bngu-y%P{Ei jgra8Pn>;}lb>xu-l(bAbRebz`K`pfWH!C|%na}zk=AmGM diff --git a/src/wasm/Hacl_P256.wasm b/src/wasm/Hacl_P256.wasm index 113d780fc88014d7bf47007aee3d6843061bec5e..650f87dd9d791f5b2b45ca6ad8763e8b005061d9 100644 GIT binary patch delta 905 zcmYk4%}*0i5WwHtZkN^-sIm|(6lO$7DOl?hsj7{ss_da)1s+*@v0?D)D(6{iI= zYzd}dadXs?+`WBGjAp=~BFH2dtKDEsWjGC4l~*xqs{>t`f`5WVDB=vv;4I8)mVqTG z;T+7VY+STd76eY!8n59z%xm1hGH@t^l8QueLFKY6V+AVi`rG%|eejgt5fsb-y+N|V zrpn@sVGvkk#J=;m-+uK?w$1M!BpJ?nEcv5Edk1u&0t$A5q*>7EZXJEpx({B`J#B*7 z=JSZ=pd}Gkz>HYZ?)n8TMw5{8xROn-2~a&Q)%iTYyW(m82s4nuEM##KCJD@^Aq7*a zh&jkbLYQ~(BJUs7LDyJAj{!NAKfs)4Dv+drWyPeA0XjvYhgHz2X(PE{4 zClE#=10<3DMXq9rzR%gHoO6B*aXIP9vl?Y(m?v`#E7YK(is_REGZaw+x*ivywHYkI zA}rZ|dScN9xa(mrG_mhd8evy_?BVe^`SF&GK#!B`GhdVdP2r!3NB%Ipgh`qN!yQeL%34!is>Cksy7eTlA^sMAlWUaNVVzW?hA HA5#7T-aXJ_ delta 932 zcmYk4%TE(g6vpqJPHFA%sJ2A|0^c#gP+g$WXf#HcG4g1EGRUhyc`Hzi{{T9JVtv4h z%)+%RHkx2&!G^86Ga=E93o!AoaAQ1o3aN`bnRD+s_dDnJ-O^_G{bqQ#6xFu=_^+eI z9pl%l^>q=_oTMA`{yuU2wcSlEcHWZDs0k@Fd4``hn$b)xXdwW8hd-ew4&QQ7wdS01 zHAi!$bIXnRANDN$tgQ-%kO8l>5F0mzFabusMo8F2ZKra`NzTvXX6JdbXm6tMOJQ$ba!` zG|uU%_MwELG+GNSw~nqu`j9utdvPW-SfXyWW49Qjf(Ph_9LK-j3S)j!88BS&2psZX3KPsle~lP$q?Ikg79`=CL=^YJ1Hm^ zcvQhxQ}#&V8$@3vurcU;IcQB{fQ=bA#-rRTQch_Ed+OaEKl)3|xwpihd}$+i@OwY6 H$jixpyZG3? diff --git a/src/wasm/INFO.txt b/src/wasm/INFO.txt index 7ed8e74a..a388bccf 100644 --- a/src/wasm/INFO.txt +++ b/src/wasm/INFO.txt @@ -1,4 +1,4 @@ This code was generated with the following toolchain. -F* version: 155853a14336aa0713dba7db5408f4c8ab512a06 -KaRaMeL version: db63c1de17565be0ec4989f58532717a04e3ff40 +F* version: bc622701c668f6b4092760879372968265d4a4e1 +Karamel version: aef72b2b5a44b338b856a177819d1bfa0d7cc5b6 Vale version: 0.3.19 From 31cac37a6e6cc9f3f7993debc50a9e8f3069c173 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 5 Oct 2023 08:58:40 +0200 Subject: [PATCH 2/5] no gcc-compat --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index be96526a..7f99a60b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -93,7 +93,7 @@ if(NOT MSVC) -pedantic -Wconversion -Wsign-conversion - -Werror=gcc-compat + # -Werror=gcc-compat $<$:-g> $<$:-Og> $<$:-O3> From 90f97e7afdda13885fac71cb463d804329b2d27f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 5 Oct 2023 09:58:03 +0200 Subject: [PATCH 3/5] disable warnings for benchmarks --- CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7f99a60b..fca85d4f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -91,9 +91,8 @@ if(NOT MSVC) -Wall -Wextra -pedantic - -Wconversion - -Wsign-conversion - # -Werror=gcc-compat + # -Wconversion + # -Wsign-conversion $<$:-g> $<$:-Og> $<$:-O3> @@ -335,6 +334,9 @@ configure_file(config/Config.h.in config.h) # Now combine everything into the hacl library # # Dynamic library add_library(hacl SHARED ${SOURCES_std} ${VALE_OBJECTS}) +if(NOT MSVC) + target_compile_options(hacl PRIVATE -Wsign-conversion -Wconversion) +endif() if(TOOLCHAIN_CAN_COMPILE_VEC128 AND HACL_VEC128_O) add_dependencies(hacl hacl_vec128) From 079be4531940c63e8e33d47b34f94806c072d6e4 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 5 Oct 2023 10:56:01 +0200 Subject: [PATCH 4/5] only warnings for hacl --- CMakeLists.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fca85d4f..dcdd2f68 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -88,9 +88,9 @@ include(build/config.cmake) # TODO: Set flags for MSVC if(NOT MSVC) add_compile_options( - -Wall - -Wextra - -pedantic + # -Wall + # -Wextra + # -pedantic # -Wconversion # -Wsign-conversion $<$:-g> @@ -335,7 +335,7 @@ configure_file(config/Config.h.in config.h) # # Dynamic library add_library(hacl SHARED ${SOURCES_std} ${VALE_OBJECTS}) if(NOT MSVC) - target_compile_options(hacl PRIVATE -Wsign-conversion -Wconversion) + target_compile_options(hacl PRIVATE -Wsign-conversion -Wconversion -Wall -Wextra -pedantic) endif() if(TOOLCHAIN_CAN_COMPILE_VEC128 AND HACL_VEC128_O) From 70b49704580f8233265cde0ba5cd400554adbc88 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 11 Oct 2023 13:18:43 +0200 Subject: [PATCH 5/5] update --- info.txt | 4 +- karamel/include/krml/internal/target.h | 8 ++ karamel/krmllib/dist/minimal/Makefile.basic | 56 --------- karamel/krmllib/dist/minimal/Makefile.include | 5 - karamel/krmllib/dist/minimal/libkrmllib.def | 11 -- src/EverCrypt_AEAD.c | 112 ++++++++++++++++++ src/EverCrypt_Poly1305.c | 7 +- src/Hacl_Ed25519.c | 6 - src/msvc/EverCrypt_AEAD.c | 112 ++++++++++++++++++ src/msvc/EverCrypt_Poly1305.c | 7 +- src/msvc/Hacl_Ed25519.c | 6 - src/wasm/EverCrypt_Hash.wasm | Bin 49325 -> 49373 bytes src/wasm/Hacl_Bignum.wasm | Bin 78522 -> 78554 bytes src/wasm/Hacl_Bignum256.wasm | Bin 100203 -> 100226 bytes src/wasm/Hacl_Bignum256_32.wasm | Bin 41054 -> 41067 bytes src/wasm/Hacl_Bignum32.wasm | Bin 15238 -> 15248 bytes src/wasm/Hacl_Bignum4096.wasm | Bin 63787 -> 63810 bytes src/wasm/Hacl_Bignum4096_32.wasm | Bin 32306 -> 32319 bytes src/wasm/Hacl_Bignum64.wasm | Bin 24411 -> 24432 bytes src/wasm/Hacl_Chacha20_Vec32.wasm | Bin 5552 -> 5544 bytes src/wasm/Hacl_GenericField32.wasm | Bin 10727 -> 10731 bytes src/wasm/Hacl_GenericField64.wasm | Bin 11708 -> 11718 bytes src/wasm/Hacl_HMAC.wasm | Bin 29842 -> 29855 bytes src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm | Bin 21294 -> 21306 bytes src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm | Bin 21422 -> 21434 bytes src/wasm/Hacl_Hash_MD5.wasm | Bin 15550 -> 15558 bytes src/wasm/Hacl_Hash_SHA1.wasm | Bin 13140 -> 13148 bytes src/wasm/Hacl_Hash_SHA3.wasm | Bin 17615 -> 17611 bytes src/wasm/Hacl_K256_ECDSA.wasm | Bin 98099 -> 98193 bytes src/wasm/Hacl_P256.wasm | Bin 83205 -> 83213 bytes src/wasm/Hacl_Salsa20.wasm | Bin 10032 -> 10024 bytes src/wasm/INFO.txt | 2 +- 32 files changed, 247 insertions(+), 89 deletions(-) delete mode 100644 karamel/krmllib/dist/minimal/Makefile.basic delete mode 100644 karamel/krmllib/dist/minimal/Makefile.include delete mode 100644 karamel/krmllib/dist/minimal/libkrmllib.def diff --git a/info.txt b/info.txt index 7dc2a1a0..af3dbf98 100644 --- a/info.txt +++ b/info.txt @@ -1,5 +1,5 @@ The code was generated with the following toolchain. F* version: bc622701c668f6b4092760879372968265d4a4e1 -KaRaMeL version: aef72b2b5a44b338b856a177819d1bfa0d7cc5b6 -HACL* version: 1a20576fc736d51e1ab3c317b46ba81560b75786 +KaRaMeL version: 7cffd27cfefbd220e986e561e8d350f043609f76 +HACL* version: 1b30697fc2b0d8d5e2f541eccfd3fb52b45b905c Vale version: 0.3.19 diff --git a/karamel/include/krml/internal/target.h b/karamel/include/krml/internal/target.h index 634c20fc..4903d224 100644 --- a/karamel/include/krml/internal/target.h +++ b/karamel/include/krml/internal/target.h @@ -57,6 +57,14 @@ # define KRML_HOST_IGNORE(x) (void)(x) #endif +#ifndef KRML_MAYBE_UNUSED +# if defined(__GNUC__) +# define KRML_MAYBE_UNUSED __attribute__((unused)) +# else +# define KRML_MAYBE_UNUSED +# endif +#endif + #ifndef KRML_NOINLINE # if defined(_MSC_VER) # define KRML_NOINLINE __declspec(noinline) diff --git a/karamel/krmllib/dist/minimal/Makefile.basic b/karamel/krmllib/dist/minimal/Makefile.basic deleted file mode 100644 index d7a1fdfd..00000000 --- a/karamel/krmllib/dist/minimal/Makefile.basic +++ /dev/null @@ -1,56 +0,0 @@ -# A basic Makefile that KaRaMeL copies in the output directory; this is not -# guaranteed to work and will only work well for very simple projects. This -# Makefile uses: -# - the custom C files passed to your krml invocation -# - the custom C flags passed to your krml invocation -# - the -o option passed to your krml invocation - -include Makefile.include - -ifeq (,$(KRML_HOME)) - $(error please define KRML_HOME to point to the root of your KaRaMeL git checkout) -endif - -CFLAGS += -I. -I $(KRML_HOME)/include -I $(KRML_HOME)/krmllib/dist/minimal -CFLAGS += -Wall -Wextra -Werror -std=c11 -Wno-unused-variable \ - -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-function \ - -Wno-unused-parameter -Wno-infinite-recursion \ - -g -fwrapv -D_BSD_SOURCE -D_DEFAULT_SOURCE -ifeq ($(OS),Windows_NT) -CFLAGS += -D__USE_MINGW_ANSI_STDIO -else -CFLAGS += -fPIC -endif -CFLAGS += $(USER_CFLAGS) - -SOURCES += $(ALL_C_FILES) $(USER_C_FILES) -ifneq (,$(BLACKLIST)) - SOURCES := $(filter-out $(BLACKLIST),$(SOURCES)) -endif -OBJS += $(patsubst %.c,%.o,$(SOURCES)) - -all: $(USER_TARGET) - -$(USER_TARGET): $(OBJS) - -AR ?= ar - -%.a: - $(AR) cr $@ $^ - -%.exe: - $(CC) $(CFLAGS) -o $@ $^ $(KRML_HOME)/krmllib/dist/generic/libkrmllib.a - -%.so: - $(CC) $(CFLAGS) -shared -o $@ $^ - -%.d: %.c - @set -e; rm -f $@; \ - $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \ - sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \ - rm -f $@.$$$$ - -include $(patsubst %.c,%.d,$(SOURCES)) - -clean: - rm -rf *.o *.d $(USER_TARGET) diff --git a/karamel/krmllib/dist/minimal/Makefile.include b/karamel/krmllib/dist/minimal/Makefile.include deleted file mode 100644 index ad532171..00000000 --- a/karamel/krmllib/dist/minimal/Makefile.include +++ /dev/null @@ -1,5 +0,0 @@ -USER_TARGET=libkrmllib.a -USER_CFLAGS= -USER_C_FILES=fstar_uint128.c -ALL_C_FILES= -ALL_H_FILES=FStar_UInt128.h FStar_UInt_8_16_32_64.h LowStar_Endianness.h diff --git a/karamel/krmllib/dist/minimal/libkrmllib.def b/karamel/krmllib/dist/minimal/libkrmllib.def deleted file mode 100644 index c4ab8e38..00000000 --- a/karamel/krmllib/dist/minimal/libkrmllib.def +++ /dev/null @@ -1,11 +0,0 @@ -LIBRARY libkrmllib - -EXPORTS - FStar_UInt64_eq_mask - FStar_UInt64_gte_mask - FStar_UInt32_eq_mask - FStar_UInt32_gte_mask - FStar_UInt16_eq_mask - FStar_UInt16_gte_mask - FStar_UInt8_eq_mask - FStar_UInt8_gte_mask diff --git a/src/EverCrypt_AEAD.c b/src/EverCrypt_AEAD.c index 21039bd4..d3a4ffbe 100644 --- a/src/EverCrypt_AEAD.c +++ b/src/EverCrypt_AEAD.c @@ -98,6 +98,8 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k) static EverCrypt_Error_error_code create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) { + KRML_HOST_IGNORE(dst); + KRML_HOST_IGNORE(k); #if HACL_CAN_COMPILE_VALE bool has_aesni = EverCrypt_AutoConfig2_has_aesni(); bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); @@ -126,6 +128,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) static EverCrypt_Error_error_code create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) { + KRML_HOST_IGNORE(dst); + KRML_HOST_IGNORE(k); #if HACL_CAN_COMPILE_VALE bool has_aesni = EverCrypt_AutoConfig2_has_aesni(); bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); @@ -204,6 +208,15 @@ encrypt_aes128_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -327,6 +340,15 @@ encrypt_aes256_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -524,6 +546,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; @@ -666,6 +697,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; @@ -800,6 +840,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); @@ -939,6 +988,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); @@ -1164,6 +1222,15 @@ decrypt_aes128_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -1299,6 +1366,15 @@ decrypt_aes256_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -1544,6 +1620,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; @@ -1694,6 +1779,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; @@ -1836,6 +1930,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); @@ -1983,6 +2086,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); diff --git a/src/EverCrypt_Poly1305.c b/src/EverCrypt_Poly1305.c index 82ca9b99..454c0fce 100644 --- a/src/EverCrypt_Poly1305.c +++ b/src/EverCrypt_Poly1305.c @@ -28,8 +28,13 @@ #include "internal/Vale.h" #include "config.h" -static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key) +KRML_MAYBE_UNUSED static void +poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key) { + KRML_HOST_IGNORE(dst); + KRML_HOST_IGNORE(src); + KRML_HOST_IGNORE(len); + KRML_HOST_IGNORE(key); #if HACL_CAN_COMPILE_VALE uint8_t ctx[192U] = { 0U }; memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t)); diff --git a/src/Hacl_Ed25519.c b/src/Hacl_Ed25519.c index 36113197..f9881e91 100644 --- a/src/Hacl_Ed25519.c +++ b/src/Hacl_Ed25519.c @@ -711,18 +711,12 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) FStar_UInt128_uint128 c00 = carry0; FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U); - KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00)) - & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c10 = carry1; FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U); - KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10)) - & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c20 = carry2; FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U); - KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20)) - & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c30 = carry3; FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U); diff --git a/src/msvc/EverCrypt_AEAD.c b/src/msvc/EverCrypt_AEAD.c index 21039bd4..d3a4ffbe 100644 --- a/src/msvc/EverCrypt_AEAD.c +++ b/src/msvc/EverCrypt_AEAD.c @@ -98,6 +98,8 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k) static EverCrypt_Error_error_code create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) { + KRML_HOST_IGNORE(dst); + KRML_HOST_IGNORE(k); #if HACL_CAN_COMPILE_VALE bool has_aesni = EverCrypt_AutoConfig2_has_aesni(); bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); @@ -126,6 +128,8 @@ create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) static EverCrypt_Error_error_code create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k) { + KRML_HOST_IGNORE(dst); + KRML_HOST_IGNORE(k); #if HACL_CAN_COMPILE_VALE bool has_aesni = EverCrypt_AutoConfig2_has_aesni(); bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); @@ -204,6 +208,15 @@ encrypt_aes128_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -327,6 +340,15 @@ encrypt_aes256_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -524,6 +546,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; @@ -666,6 +697,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; @@ -800,6 +840,15 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); @@ -939,6 +988,15 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm( uint8_t *tag ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(plain); + KRML_HOST_IGNORE(plain_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(tag); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); @@ -1164,6 +1222,15 @@ decrypt_aes128_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -1299,6 +1366,15 @@ decrypt_aes256_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(s); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE if (s == NULL) { @@ -1544,6 +1620,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE uint8_t ek[480U] = { 0U }; uint8_t *keys_b0 = ek; @@ -1694,6 +1779,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE uint8_t ek[544U] = { 0U }; uint8_t *keys_b0 = ek; @@ -1836,6 +1930,15 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); @@ -1983,6 +2086,15 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm( uint8_t *dst ) { + KRML_HOST_IGNORE(k); + KRML_HOST_IGNORE(iv); + KRML_HOST_IGNORE(iv_len); + KRML_HOST_IGNORE(ad); + KRML_HOST_IGNORE(ad_len); + KRML_HOST_IGNORE(cipher); + KRML_HOST_IGNORE(cipher_len); + KRML_HOST_IGNORE(tag); + KRML_HOST_IGNORE(dst); #if HACL_CAN_COMPILE_VALE bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq(); bool has_avx = EverCrypt_AutoConfig2_has_avx(); diff --git a/src/msvc/EverCrypt_Poly1305.c b/src/msvc/EverCrypt_Poly1305.c index 82ca9b99..454c0fce 100644 --- a/src/msvc/EverCrypt_Poly1305.c +++ b/src/msvc/EverCrypt_Poly1305.c @@ -28,8 +28,13 @@ #include "internal/Vale.h" #include "config.h" -static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key) +KRML_MAYBE_UNUSED static void +poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key) { + KRML_HOST_IGNORE(dst); + KRML_HOST_IGNORE(src); + KRML_HOST_IGNORE(len); + KRML_HOST_IGNORE(key); #if HACL_CAN_COMPILE_VALE uint8_t ctx[192U] = { 0U }; memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t)); diff --git a/src/msvc/Hacl_Ed25519.c b/src/msvc/Hacl_Ed25519.c index 36113197..f9881e91 100644 --- a/src/msvc/Hacl_Ed25519.c +++ b/src/msvc/Hacl_Ed25519.c @@ -711,18 +711,12 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t) FStar_UInt128_uint128 c00 = carry0; FStar_UInt128_uint128 carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U); - KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00)) - & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c10 = carry1; FStar_UInt128_uint128 carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U); - KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10)) - & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c20 = carry2; FStar_UInt128_uint128 carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U); - KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20)) - & (uint64_t)0xffffffffffffffU); FStar_UInt128_uint128 c30 = carry3; FStar_UInt128_uint128 carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U); diff --git a/src/wasm/EverCrypt_Hash.wasm b/src/wasm/EverCrypt_Hash.wasm index c9c14e5487aaf5b8a9301bd0b2a7777fe039569b..8fdc7b27e028cff8b53492b41b29a176bc2bb191 100644 GIT binary patch delta 3804 zcma)9X>3&26@GUX&-TV1yfB{ejD4;LGmFQb@ho1(3w~zvZj%Z_Od2{Qj@UvlB*wHj zcA^GFLZP&WlBhIlNUMlINbJ6psttzVqGt<~`qd!Tg68%oR%hL z``1Mp&FNv&oVms_l|MS;K6x;o%C_%+?)a1WXJ?cueBIi`s`0nhHXJAmW1_4I&y-c* zb!#n-+g*-h2aZ1T#F3MV7Z=LfSS`L+*1>#q4Wh;7XMSw3C0QL#+EVy4TLiD!D)62y zjCX7v4BG{p3m>&t3J?f3~qu`A%AXgJWzHsXU& z6juV(%!@1I)%d$WnD)^dj$u5wfug=(H(eLQQT$=BlA@czpEI96Ti?fMduQvb@QtVs zR~uf#tFQrIf)ESf+t9&+RHlQ~Q;DcPz&|jt2K_C%YaN=}qSC30mxN7bPRkIFR`ZXn@DB$95;a<`^xU0+q9!<&Nujc{|QOVPy5V|ninB|pJs#3ETOKl*uE~(r= z>t!lMnM%x`sm^ZTRls<)7T`5RQKKm%Yig?ru_H!HRmD(LR20m=8NfR^4{ne9Y#T|W z7rbjCGqq4lBB>cKrE@Q_dP`Vq#V~2Fl}v?2LQ1Zd`^YpuCHPA^@ex|@WTS!BJMoK7 z{31Q!<8{Q7A)Enq6r*leKn9%7=0m`LxA@@DEGE~K;&M@vc3IH5ul&Bd@FK+ItNT8+_9 zZ_cN-LaTOxX#rrKO?0}VY6244%S;1fU|%w-CLyWaRkWlra3L9Ww?UiskwTS?k$?6? zZ7B_S8q&qnn1PHmB~9gcn)Ibh^koPMQ!)ija*^n2I>WP& z5u;YZI6z1^G*ECzE)r5|2l!Ul%D2JRb%(Y?Ki`3gbk4q09EU*|G*0Fa49OCMqQoGT z7%V9 zldD^{oTAy6_%jXO?CSUmyHy;01 z(TzLbc?dV=FUdOdmt>v!OGW9%6iF{k(f#41uU?jvtCuC^>g6J(F-4SxDY}0-rTW&3 z*ndS*_Fpk53BOFw0ewh`=fJb}9N=SD{rX?8I81aLmafH(EdTWk-Pf{?;n+JRhdT?c zkcG57+^ynp>*`y5rpoYtQ%Cg2u7-$KU%FQ6|NqH9|IQZklf$aZ1>y}hq&j7=Lv_et zyK0xgHq|DBt!kMJ234yJcB&Q`45(%qXsSsD{VJ2e7QJoxM{Gm8AG|lfcjFAuR~1xv z>T&x0U+F79evPqq{LRYmvFRt*7sK?G>K0Cwul!5P>83{ZE*TgUi!!PCSY;1KN2wSC|&`tfj`;3}x%-Gmc2U5jm2jo$jjDk)<9 zJQhxo1~M%vypmx;xFy3@;g<|sgk$u9Piy1CGZ{7u*JL;@e3RjXaLxoCu{b8olfzN{ JPd9(z_z!>$oe%&3 delta 3758 zcma)9YitzP6`s2f?`zh(eyqJ-d%fqf_CEYv@566c4*}cQ#x}&JEvn*}7Rtj=3dBHa z7ZWuILE45KLMxRNL8@S-7&#e~N~xOiBUK}%mD>KOkgBF2RaJgOZPbSq!@>>aGqz+)v9EI?5Y&Xo9Yxg^S}@s}lC_-;u(az}{O zV80{9LU`Db#yN)%Z#xorjeZ|e{5wY+$4WeyciPeGjN>7vpG9!NnPPw|&Q84LtViam zVH>d46=zZWn!VjVJAX=Pz>}_K)`%~=vMh%8TrDh)c6X8`u-)B^ZEhbPa7S>ryUCvG zNGr|wu{&Z%~!T%+eRZF>kHoz>xzdlzuK^T=hCE8%dbA);Bx%m6@;Z zn>l`B_QYOgM5Z57dQ?{JJGOVPGG@dj`)7~uS0-?z^k3FV_kDef?HP z=#76a+QFjTRpx+!;;-<00%23|30jSpAgR9|eAdcx=;Fz;3|Oh)2+u+WERgl*P~%Db zeqALk*J|BHR)r77D=`ueV0E~h7A+rd!l`f>Mf<{i^!H{wiSHVj_rh-x>Vez$xB-mr5EpZ*7ZRt_fZdi8tB)Y#U6Zw z)_YYAwBCbX^x(%!3zhvoUIvVpYjwPWC@M^Il@nrzjOogXp_rGN6B%A%h-LR23nU96f%N_ zjA~v(GD6fxEm72(W(yH2$fzlX1sNj4YYiEWo*HKzZC4(KFka8ZZ3-k%u6<2c!E4=hXcMEybfm5jD-T zfl#4)UJMJ}iwut%-5*`C;afccXM<4C2#tn<7{sK4MlrCFm>W&ZF+xH?41d-}3SvC2 zDLg@g5+((4fr<(m479EwArvHpf^3{8NkNmCzL_|hO%pW{Do98cLm>h4z1!R^+Vf1S z1LlvSzb~n_LaTP3X<*#Am`bW`(5AhwXer~y-Bi-s4(-}I3Qc6(Np4I!QnczF(6P4r zvS~<5-5o-A2es2-Y9~!d=uQ`0l!Jtb-D#eIjCfpWbU=(#&U29BosiOO;)ZSRAnziV zx{0z|vlS0pR-mFwody!SR2=ti;ZZj&QXs>7sIJFUmlLR1*JYr!x*k#2Biiz2crWzw zKJvF;18nOL){6f7U}M47f)D}uMp3~scrD%T*%W2AGvrMk@@wA22Y?<@;soc#=sY!) zH+dtF;2yxmG!G7N4K%(Pv~@ckgH3!3&SZL>Tg6fj!l2k`*&!H`tb>AekXQ#ztV4tZ z>rkOlImmE)h!4Xs-v+}pQ^D~O*vdy?t90B+j*pS!+lg|!$+>NW*7xP8fyBNP=W4rf zZo71Roa)9+bt8n<>&6VURyQu{#zkA&FrR=4K1q)65HfcX%TAM^9fS%yda@W6#EA^w zDOha7REyWsl?b|$BHZ2T&-WJ5SR8r6S0@sXQ#>c8IIXQhk!#Ds$`U)(z)(9QizHr9h5o@~MMhmPQ1 z7PE9cjL(0)!N5N~9jomOfg8Lli}d)cf-uyA*WVSQkomju;pu1agQHaUbdIh@o&Lem zYpg(Nq=>SRGKM}1<>b7ioSc`Glk&>Z>hA)yR*sbX}`Df{V9I zn>z<>kfX0zV{^BO&8_#pvdK~&`)}&F{@ikuX!X@s&Hn$N`nPW7tzX`zdORRrXv3;o z23u8^47R9F89b&sWUyH+k-?B^m%*TFlYypMWiX&xWRO>x3^wVrt3PD)W&ZS?-|G)v z{~jyLg`j!`YE~AY214NT*XbAT%(F8w@i{7NDqVYwkhoIt9pirR8;>vgz_o%!Q#8e& zw$tOxgfpK1xk1v5_mJ^Fguj8iz$Mt-Ym2}=^yKgy<0`1)ZG~sv@SI86HTnW5&eB1w zpTxo@>VX_<7e>jjO;{zvR$-P5TZCN}0?gkm43lA#uuO*Ag=sPz7q(fzF9s)tbMkgV Kule!YuKxhGiH`*U diff --git a/src/wasm/Hacl_Bignum.wasm b/src/wasm/Hacl_Bignum.wasm index 579c0d56f1da11845ae83f0630d77869216c5fb2..b9c99c898a2c73ae248089b38ce824515f17262c 100644 GIT binary patch delta 4324 zcmcgvX>3&26`u2+!A>ltQko{Hvcz{<60;;YEHR52+cO4(+0Bv_$kMW8AS7gISv))& z&m(5B!G3@-O8^rBNo19jgi5I@^-q5ES3^nCHX(&15Yi^>yTQZjCx*7V-F(J@L{B@r3nLMnarkVoE5G~Q=Nz1HVico!v8;IsKJUaL ze8CAChjt78xHz}_MF;YC){%E4a7kHwS%bG7+%+0RU zxcSy#MOJAnBD*gIkziPgjf$?aEzy>c=q48%h3KYmS2nxYY7AENOUe7u((C|z?%7w+=ML8!!bKPwk5plB6%WHOj$$YmBZ^|5OVlID zr6^Ta3?+!AI4;h(&t)i!m9*9Ia16sxpGU+!jPT=B#pM`*@)VE6NF5&~f#GpV`WPj@ z@knhdPPJTtA`BZOn^@uS=-~and3TP%5OWN3`s12+^rLP~1-agMjK^r1EY1lS z&lBZYDV3>|g6XOa2#c03%^3MiE9b>zsa|qSCSk0xr8a8y$(X3zQ!oirsw8usimCiC zCh;S97?1e;sCp#%F+8TM$2~lX$5Z@-c%Sfj8m8&Irei85`8-3?o1yc55;O2*il4$$ zI{vf-rt7?)mS0RUc|U{6m}*k_1t#JdGyEkiVL95C^UO5ogr~kK#e0_FJsUGITl1cS zIs7bUastmH;qzSeNb)?)Q`U2si|0~2U!3!Oejd+jS}$M@X8OE9*e%esU&I2unBtf4 zl8(PDffqFGmlf^VLfeyiy@FYoW61tWc)wzXzYcjzJFvVLhP+LOP_!2r+KaIei#6>f zSi)6U$VpTo>GM+cNU{e{S=EH4sHPOxkoarJXKxu{8EJO4ge6$$bBcs!igW@#$q2r@ zv7E5n%zIVEYf0xJV@YJO+5bAiA}lfNSCC{QRk_@p?UTPtU`Ts&eyhEVwuw=p>U73%N{Ayexf_&nHu2r}3u8NM;t z4wJl_Ab-lahwuhrk7W9$j=m|rw+L^UoZnUpVS7+E?cS(l|F+5gH#+-PoBdvbkl1Mx zen(}$*BZYi%{0N=g45mZDv~y`&(Q6H(YgFC;a%eQ2=5W^C+sKw9sP%PdMG$BU@qnC ziw?YWN5O~0e<2(oqdNXfa;qOC93*qkengPyLDH(@BjS&P>1Ex2@(JNX*|YGn_$vvQ zzXgqDJ-ojY8sQ zQv{iIGDJJA!A@DQGXmy?8berwIs=TN?)cHwKZ;8jIa*|yZz zLV_KHt3t3NBzT>0-4eV(kZIRLg4K?y^bJd}#<@)|m*92^Y6`UgS*B*l_tQnb&|I!{ zQ0s8YLCRrY)T6`8o$$oubV^DD$X5;3)sdeE@08zllK?qf{sDRSaZltc0dj8@_d+l3 zjePEd-st1={pykA2k?Nh`r>}{O>u!Z3w(YM59&LiA9^9*=l;?V`s)i}0QzGh6w$kT7U#agL1nSiCh^Zv&B0M zMI4o9v6QAbSXuE?Z?K%P;Q;^P4PI4io~dbj zviGJ7DBiOS@BgDl^0Y|0RU<_+8p-m`=!%8mc4t(@B18Ls(MX;aNk5!MigwmW#j0Z! z-*mQvhQhAuzbH{d5u?WuUQJ3$tX4ft^vF%IbPF3Sp|G5ysD>!h9vl%u`s9e1lE@k( zB}81UB_*utNr@^MG>Jk8JUdJ(RV9DQDXJ<^!YaiZbaaFGnw5~!M@l4>tW__*7A2%w zjF#M_?W96@L5PV4`oWE^DVW((>(9kN^rI7$78s8z2y9AV3@u)RxJYh@iF%=5a&v zE;9+?GJ`;<76emmqyA`r^+$iSe@dOIU>S;FOQ}pn2oUH#!+kH4X&Cb0rLa(4N|T#m%14=CylnO6Pone z+?GdZD_krSv=tHBN*60F+A0?^Y-NPDT7#{!U~2@-k0#7bqcwIylU|F~6rrtk(I{wZ zBeZ50%@%E)3mMiNp@kZ4okd&k%367pkcE}JvpEOZ$SDXb_vQFvZ*c#2p=Gjpqbs{$ zejjVymUR&Bf;K%CzgTU31=MIlt=aa0#Ii zp3D7KcOkmN2JIqyHqJX;>~wjTi(M|axM*>CcX+IK?j4^r*VV;(gg1J3rMuhEr>E-| zmd0u^xR!@vC>NoSi&2E)fQPA9l1osctl=1j;VJf{(+jv1rCv$vavp)9C=7UHsgIFC zDb?~QjKruEm!VAiM~h=bDJ27pmfzA?L#mV-cnpSM=pZ>JW4PR-@K1g7?iq_A<{;+C zK^!N^{CLyv`%`YX){o~_paSJGTzbc&f+xtkQl`E#?B6fXA1kM-vc{9oddcRWh;hc2 zc~+4oVS?(OjER_BD`|2Ss`wF1%|4ifJi+8c%yAzD&Y1;(1CZ`HcKxvPtq;OhT1m{S!>Uv!?k|Si*8( zE$8WJ&U!~H+A|F8nV625n)WQr;@Oza&tW#63pk-(Nv=kgy~ z`I@#bb8pVQ;=RD|UWoZvsCh5KB7Oz)xfZXWHsGXsC3!IxE6Ya`ev0czdh00QC4?oU zsnrt}VSd03Bpe$^vrmz#5a z)zMcq>Q#zr)PU$NQYC5!$vN5aHD9_yjTKik1v_O5lxfe+E}MM|K|C!c``v`y#J^Bo z{2Dc3afReZQ0eRU^9bz(;kclkh|o?FPFl1t z2r}$sg!T`O_Ju|JXD76bvN+W#uZ*(z*LNbc(}Yukc3Pu_2fF4>mNd@jz+c+HXFCPX zh=_BY0%t_T`6%uM!a0e1!Ni^OgS>ks?pHeQMH}}L$pWbJcPN}!_PrlozG=CQ5>%(J zT`gLBcy`qHXUm$m%OV+tc100Twq35P5%e{}6@k7MO<)J1!%pCJf(+}3Ch&&lbKUZ( z69uXHv@1SUOB}QOU1TT4x!ys&!wn7^98QUxb2xCK?Vcm4-ND(o1KG0W;-5Cw)y3FZ zoZ~x-9r?S{cjcY6nEbojj+PxJzo$|PJ!&~0`P>UVxi@;DcfftrE6Mlceq}v?K6oI- zeWkN+!2Qrqm-GjbkDdYdm-F0T*Yk(a9}lH?00wCPKyf^%>-a$Vjg-Q}xDWYKxbZL- zh*I#%^X?gh`!Y&lup}_VD1~u@;(j3tQDEx4=n^gxZ?UXFadaFJ6~}Z9936lS}J_NrvAo${YVS^v$iw zo1%=ov9vQfVR}T{@zcC#7~Z#_Z~mY1##h?&CVf+s(KnWNMik7CcxN=h0z>(LUm7G|E7*bc;puHQUZzEx& zx$ifrKoTY3&FbdgY?Q$kk`}heH=>EQnvvU-f0I!L(w6hoXqAD8BO%!oDFcy4Mc8hY mfoLI>ipV=vDZA}7$#g+MoOdZf!7WPduvI#3-yHwP&;JW_30IN; diff --git a/src/wasm/Hacl_Bignum256.wasm b/src/wasm/Hacl_Bignum256.wasm index d4e0461ed53f0638bb85eabb05bfbb8ada64d747..24cf040619ff738d3363a3ea5d31270ff81a4ad1 100644 GIT binary patch delta 2805 zcmYjTX?GM=5S=2BAP~Y4R6c;*VhO7(elQ?QG6O2R>`Mr%WFP}*NPqxIPbZ{X6A0^Y zP6R;#m3>DD2+ATV3NC;Gg0g+oKVj8-ok`B=Gq0B0Z|dIeu2=tUN?o@(^<-TtU8+2v zT6aE`2F>mA*^ct^P^TvG=59(n#cdZ)bzd-Riklj5>QbECwsmcybhw#2lV>3}(!_~` z9L_@?&qglK!EDU&d9E%F&%-?R=3_4Ad%Qq`3w(YL?}f9ERq;aPA=l^ph>LtbLS-C9 zKB68k!XlGjZ1V+@FEIHS3J~*n36_|AWGNO#$dUA7S^P>YRWDTOMW~XOVHWbTLLn^U z_Yn$Hn3jf{FOBgBnAzYI)-HdM+HXs1=`P1|ysz-(Toev*aY_z~!=X`4bHbq>68#|D z6vbwPo}m!0K%w=6Jy)Vg!>h1Dl)x&7OHjhAv4YoNHP-mNRu_j$QL0`U)}qW~M}m&e zam0m;Tg5I)u)^nZ5*THHqj*NRg~ zR-KP@#VRXL6=5YxlyDKMD9df&NHNt(`BYPqXRKbn^<=qjAXJmG-9Qf45Ne1wYKS)x z#MneWZw@Snw-Dsg*j9psw@RhkOm>^Z5`;v$Eqc3dgzChJS2A5SB)da-?yx*}l33U& zcYi|o#NM)tuw97>>f?auE<onipPz!8`s{AjVn386(D75#t=;9C4k7_&h<3^FruCU^)CXK`xD5 zBuMz8RC~!}FG=hh!Z)_=Z*?Ep#OKS(@Uk#;r5{`&F>yt1x=Ofeq1Teo?-cr-72`UI zh3kU+p76az{y_LP5aU`P#t%k}vw;{t5`@*cK#U*FS{$Yr%a_l!*9xhvdxNAA+@Nqu zLnlx-_&|OVq0|i|`Z$hkqx?rLo%t3EvhD zcTDyU`7Ylj+_iN6(2ZmlpZ`?ie_G=ANG#lwo9+|tTjYZz@-IdHWswg_EIbtCBf=w# z{G0GcAkl+BqQ8wqH?2e+`5%JNx)o^jk6D#*jBilw(zP+L8N%z0BQ z=S|1jeI>NBZA)&A^x(|NKnAx#dZI9`Kcy%3rgdnF3~{5a`n9V+27uPc&`%%CwNF-4 z`_`S&vf%*ek~{#qqAOT|UAdb){!A%6v(W+2SsH$3@&M?LF4hm8d=GTfhS?L{wI%j+ zxEFeHZ*=EA=#4%;zov`BebHCFes~T2Jnk>S{yq=D0BP)LRs1@7p?hNRs~ufgea@0c zmt~HDfylx@j|X9pIRW0p>$cy$Vf*@<+SYs8W;Yl;&`Vi#!(d&4vKxB(kYwe_FMFsh zei(*m@xvT;vysg?7{X!XAnbEQ7l(&qxOyWH!3dAvlHglDzm2y|QSTrdLwp`7MUON^ zkHScd@^~~xoBSA?A1nE>CO-~iG0x-h7;p0L;vGwBOoUuL%imR2!z`-_7>aDmYCb#ZtGW~et4(=pTITnXm-ePyhf zWva@<6ioDawp2aaRBfgkPo|r>CO=Q}iOVfIEJB_wf1WH-{X(sNvaLQJlQ6|rpWmqZ zhJG8ZufCz%F0$1xMpUa`>~H}JIEHBA0{T-l@h>{bZwt;z?}oLyXQqCUnfe92?3T)_ zTiU2&brvsZSY_xUPVmw?_CMk%)BlLebB8PA2g(fv5U;Jiv`6BDySg%!~%9;-Vm8lV^>tH(U{n~ z(O~RdqxlIj>X&@UTKNU}kaO=HAFTD(J9X}yy=U&8yLDguKYQbEHpJ7p+I#U0_u^@I zLAOK4YHF<1m`DpZHWKS5N8;U<+Qz!^kvKQGA$d7nZsz8NVw{lWa6a;RA@X<;7Gjal zi00k;4#9|bByhM^qd|ryB_Lyrscp37M=W|iWMUfw(YA!|*ialPA<+@&C>ZMXI z)%6u9#R`wZ2eOEX=F1 zpfOleU*48F9c`%!QqYA$eXZ^H)9hv`@BUNhbvL3qAF}bmB-bRtoGS~BVd~E;0QKiUER?R z-CeOh*OK6>C5_u7@!*liKEWpqej6d8;JVmK2K_c=vBALKPFRnP3Q#$=ld=H>3M(4a zxH~8cBm9M(?+N9uD()ogAcbZpIlPOoi+Hz6@g9OWd&uX#f#>i(g8Wo&KS9#_Wzqw> zdO&gq2?x#0b!r`1#OFf_-64bSFo}o5a?KIK5wczNZq!FxkE+(Aru7(!hhx%uoN(MM zdV)}=kV{v6z{Cm7#7;6)oFoXWU7Cb)oNP))Oq7gMQ8HrOC>uWr8;Xq6gj1S~(?Z4> z!WrTpRf^9N#5pT~ehNH?e5d_tlfQ(yB z$%qZea4o(aWkZs|Oa4nh#vQ_KO~xG|<1XPY@vkby4Fqu-1kk;}bNDxc{8a8fLDKhS z+6TJ&KynWW56#?<)Hs1#CnO%8$VE>HPfhEyXzO!D#&gs8g2clM>3m6e zX*ypK9tC7P3&?n-$+#1c@tPp0?gnJM*0#cqqcB(0CzVpW8KMMlNTlEm*|CjUpu%7e zy%nNV7;yA^z|lLxTg}ls;pjc#J@Frss(aF99KEfJOUaP`0Vz3&<@i(IRILz}TdBJy z=jnIu1K|VlUxc}^Kz2=x=vho+Y8TsTX2@QmNiBwE0)r|P8 z*VnOJq)|0gS5V7lt&Z)fsj-rjyeHQm+C&X*LZIZW(VE*JffLaNi9RPO<8WKFRZ%-6 zp`FLcl1%owJ=$wA>VVcr@VTQrkB(ZgI-w&vdE6PDb-jzJr${|T*SjJGT|G`ks;+;H z4xuS}3wJSE_O;s3fs%JaE3{S$){TJ{wqtU-J`1B13dtBX%Frx z&oWJ@N^7F(EGnKBRrOxzZsOo!_C`;&`P0!$>0r9U8OY#1=*4}}2Yr3+r;Nk>(O*Ra z&<_JV9w^CyJ`chm0Vb+G7#ZkQH!UI673=d5VPJ@6U?_%QsK>)FOfxVXgN=rLYX}%F z2I)q?MxZw`6pEf0p-eD#qmqw|P9EK@qs;K5F;Wdb+F>^nnLGv~ISXTu<+H7f!y$xJ zG!{0-dOS{&<9r^E@p`BU$izsWC(6(h_0W?r5tBTgjLEt_#niKH|Gpp&D&a&A=#R8dNiyplX!loG+*(6+Due2GuO&C{(i?&P6WIMh?%x zY|Qa_t}+hK!#owum%TIJ;{}pj;JciMJUvxDa*^ZnLYaD@o?0JSJUOx~*7X8YFO+(r zt}j6$mUvB%Ee2JA7y-3RftqDN6=5cF4XC0fphQK#2^6FF3#vwCU2ag7pje?Qakvzv zyaL5_@7oNb;=2FZbd&$CiCGCfu|+MKroPmU5E1T#OOBCF!3f(0L$g4KD zaZsgh<2Z8Sh_H()u90sJYD9a#GmgVsNlq0yRZEa;t>~(!ik@^eJ%hv{f~xv|7g5?G zaeO%`2y45HB+D^DzV^H2QaLm1F_J8Y1AR=9uAPA-@70p*82;oKQH_WpaG#bg89&UG WS{T35`%#V<`-u-U{O!=mmj46l>b(L0 diff --git a/src/wasm/Hacl_Bignum256_32.wasm b/src/wasm/Hacl_Bignum256_32.wasm index 31bd866e0dfe5a127efe86d53e7ca1685b4fc6e3..d949c8788df393d3026b6be17fa1b991bb1434cb 100644 GIT binary patch delta 1321 zcmZXSxo;Ce7{zxtc1Y|HJF(*=&h;kueNa$m=nx2n1{88S&be_8=e}%jA`wv_A+$&c zT8b3N5|RtrQ1d?^Q9}(a-+0Eemgx44c7E^e+xO$v`gLo4`RNb+EnGQ9=f{_hW7JsL zfcrEUDO6N`cB(Jm(owCIeO~x_{lWiWn$6%vo?H10H}V-ai&>8Rs~c{n*&Jptdvo6~ zFvsR$aFd%U?n~Kh0n?sXbXiN2>pTwT5=dZPyq;i7++fLyNhG=X&^O7AemY&?J|v3( zQfwKEQY+>Pmc;QYmh&PARw>LH)^wP4tYEDeW(n)UMBz+ZL=snX8yabslG>8Gi495J zBx(vNP2GZxl%j5xQ7ui~EJ4h?)UKzDQQ};_$I#SdF zNj=2Aq#hFW2uB)vi~}4g=&^uOw>C>s(SBA5KPuhtQ-Oq!olxy3{Ek;UDb>&^7D*_- zGwFAZQ|Wh3eiyjVei@wMLiuHcAKkRsi97K+`n>q7vdFR=p22|09ShU2!tppa{Je@e zCM_oJrU7+jUtLV;U8rU6g5UkV`Y1-r+vos zUK&u5HAL6K#MR@xU#*rYNQ@Po20g*RZ`oD+JO#D z1=`S|s3@a)du1i4x7SVy?E;g~E`oNW+uLgoI?=7DJ!MpHue~Lzx7R*N?MJVq_7img z13Ky;`Y@oNg91w3+AQ|pUWcgmp|ZW!lTv#fMudbad_?+`ZxN_;4&U7Gmbxywdeczlp_wRF42-Z*7~JG$o_q2(8^h39G48UasO$9mixZf@sE|*v3^!P|rVm+eKJ@f)BTn5h z?m@N!po&dmT-J&?g^XxVW3nWIV4A|rU`B_T#S~^LVKSH%CJJZTB9b^-oYP3Vnsi=L zZOlokP1GE6nwrNva*CQiN3}F{p$eszin=JFOIVQ5C4w$vxu~ftSj4iTuAHORXzFT} zN-afQlhk#rO6odMH?X0hn^?n!f^G^Z&DLgF8nl+dy5$!?tMbTl~V=*r`$z z+Qv8)%5O*d?P6Q{?ULUf_O#zVcCe@X_JtpvwAq&1{WAQd@>B&B*Z~G%z~qiayJ9uO zV%+fZi>wHXIVMFrG$~Dy8;`0>;FwgJIgtp5rof7l72U4`(K25B_W1rD$=&q1k>hgv z<+IfcAfUt5!;e5ETs>=W{~SlXLHN1p_V+NciU`ryAm||$rWg@Q5jnStLHBJ>N8*aS zc$6;Qh(^th;VK#{>@Z@25p+*`Qi&$1zE0|9G;4JWuAy0}Tcr9yZz=()ZY6aa+O)bI z3~fr?F4Z4;Q|TL0eUsF2#I-ts4#br@A=GpSn?-0=;gE+V=~Bsa4;^%W-bMPBMBOG- i8flH{L<(tz>J+G?KqbX%)`i92(}gb9UB3S&<@*ni9ug4% diff --git a/src/wasm/Hacl_Bignum32.wasm b/src/wasm/Hacl_Bignum32.wasm index b901cbe15ed5ca2607c5c3827a088b1e73f817e6..fa107b622cacbea76c88e7bad3eaafe849ef3f52 100644 GIT binary patch delta 1436 zcmZ9~Nl#Nz7zW@TXbl7z3l_@I_b^%JGSA9g664y4j3Nat2o!~a0vDCh0Wdc)@fWaa zg6YPUf5N>k-O4Y}@ASLp))*FWPT~1pzVjZ%FXC5iS>k&#lJzx^{rltoz9%nZ??Li9 z^x1cROpfDG!pKPM8lJ?ioWO*E#L1;0VsaAWn7HimcrYoa3<1xm*MczUYuWHFn{pas z>BEfSk&o>!#ijO-V2(A5SxnJi(&ZD($~pQT%^X1#9z!e{-jz}Bh~Wv7JZ*RpO>uOR z^O)hYGhqR9>Ut6L36&0ul+c9fCS1Y-OqG!QWz1oTe|&0bSC}fPGFDvL)cIFgU&9LP zYox~zbMzS^;qjkD+7PHIv9(EYtBiw?e@mjerunWuKUkUQ}1rK;F5H*A;qjn5_ix&5WUY1{l zb|nu4z0(0-rC*6|^db)hX4KJ1azwV;@3Fw4;4sI6(wqpK2%Sfs3eYc}2q(~673h=# z<*S!_CsLkCvsI=7x_Zy54^uhvgZ(gE-g_pHDbEFccA*lU(NFhuiOz*Ot70vixKRHm zpXFH!OnwV@`?7x?bMJ53*P(#zZ@miV$^zu4t6zvhH*XONP^iM9Nc!zxt)Ze~uId&&w@EK$g*mL5dhe_J3tBrg8_}vX`TT&(0<*P^K1HiE>_JC2g?^ zRc@vbDp2Jt5GX^4N7B1HZo2H%F6}m^hV@!hvtCPj9qL@Y9yO?Q^xLG@vmVxXy6g=a z|EKJYtT&;7^(NAr(d_CiXhgH4x02q%dYjhMWshh*UG{dyI}l;KgYZstY8cZ`KG5U1H`%yv%=UE1L`XKsw`XEgo!jPUW rhcSR5XZRf&KFq`KD#4U}R0f~C0sB*LUalNTSw8r4q>(&s|C9X}jxb4b delta 1415 zcmYk)$x;(h6b9hFkXTRwWC(#U{+B_+OhB1cdYN+X0+~d@(98-1WoQ%x8~~|a`2?;~ z6^f0o;4}CJZY-Wa&&}!EZLuKtLca6Yx&PPHNh;HoCw|^^=l!V2|9y3MXcXlfJiEEA z{}xOsYxh-_xt|i_o6rk)Ss^ z;w%4!=teK`SYTQm-4q`PR=YhBI2Ih_L{O4bfm5Ng$TI=@$5Y{^`KZ#I2^FWnke@`> zv*eMJiA9R!XC{M~49PFfRIIx1Tp(9o2zud574MurJ=N{G5bCTNwQS*1nS7S#H znE&gPdmeIb>nogSXQt_{U-e=Xdl^emh+-8GC9>4H?W`{?L!n>pFikJdmb+sxWJeG| zDX+5v5m`xpj8d{F@_Cis>dL6hQLo%p2=m$9UNtJ!@@i1UtE-{S)uPtRREKKRx=X7^ zCF*!2Y`CspZt2lpLmF6bgk-&u^d>ZUdNUf(E{tUp9lRXgge z#Upl~ehpRZetMq%?1ld}=+~_tK$s5hs|@n+Aq?>FAsRl6VLe=qU=YLZ>_;?vgl9ii ef+hQ@3qg4YK_?Y2DtMB$f+!8i(VMII-~4}FC`F3^ diff --git a/src/wasm/Hacl_Bignum4096.wasm b/src/wasm/Hacl_Bignum4096.wasm index 9a09191cb9b63e254e61057cc02a56ae4218effd..c1ced14d7f5db133e6216d1f7adca5a9616d2979 100644 GIT binary patch delta 2833 zcmZuzS#uOs6z)R^ON9`t;2}OB-yx7dK!`jLgg`QbOId;#S!78d0TRd%7YKXO(~0TU zAOXdpN?8RLFoZ2caA8vv6u|{tP*KF?L7%MR59m4fc4lIgRb6w>^7WnbecgTTX}_Iz z{&w22?B2Aa^UmJuzshOf-q`32?h)_frNz^{f$?5mU$drpz2ZGRijy~>v*Y@SbZ;)t z$Gm6{H|n@thB7Y4JYIluEC_g^E-qJ~LcK~XM5WJ*B)BNx#aJ9EKHS1fP=%Zyu1hOHT_o$Fo+S}yxI~|d z^hBMxd4%KeDm-odaKF`9so^zPB`RQz%WJWg*I^Z}$2zPJc!Mr3*P~v&25dls&#naB zfa8b@5wC?kti`H;8%ek{lHuA!VxftAeunT28N$tEalYbwiwj6B1cG~(@T|o>NARpL z&198%PFJk4(zFm(W33Wii54pKQXDC!8Y!QRl;j!flJ0r3TsILmlCs@IF1Hd|i8pJA zw-ChGLIJ-JS}wmxkV|7*2@>8amA+)MFG(yxNMzcgx9LXMn8?n~_0*8;cICO<^4vjU zVTatkld#j?vWu`yi3#eJkmxQ$bQ4*oy9rWsD_O3)%^E(=9!aWul2j#To~jq)S3|CQ z3409Jy~1@LVIT2p8sgUpV!SR@z7bk3ze$iwWBUmb-Y?Z2FxdkVdyDXvt-DS4kxc?V zs0m<2XTB z?F+>?-d&8eq!^tlhG$-Q35M_Z+o2dI2%ScZ6C%b*!b#$HG{o-`#CTT-y%$<8zfX`$ zW2XobJ|)$jHrdk>J3}~Q>prXd$R+`wQ-M-$W0#-KD5yDN$5uk{m6>( zF^Pqb1$lvR!6Gjb&W2)~55>4>#5fU(@d-g#oeahJ#H@7@igBHE056?;AsxNOIZi)H zr;Ln95r0b37Cx2TQ++|*@N>B&vZ)&i_E{*{Wx^#R*kuvy3gHUz=NjTK2x5F8q`wR; zm%k#&r7`a+LE=}1(lwL5Cc&=>Ut4nD=ti-ux>}Rto$Qh8EJQMPe zWBu^)563X=p(Bu|U2=rW`N-#y$m3BMiBSRHt&7W}FGi!^ zcr5afmpE|OAWznS3+4G0nv-EX3Nha2dvUKh6eeJ-ZGq$LQ=1?QM%ey05yO$MEQVpC zE@9cJHeZyiJo&Ltvc*qEkrqGMdpYNC8{Q*CK z2TV~9q8LSqm-`R$WDR(#6hGAzKMhkc&F4q(h`~+AgSPmGZSm8!_{p~TM==S-w)jW8 z6`yL{rCr5$_3aoxW{aPJQZ0Ul%ic`P3^P$0aJdv+Zi+TDjW09JLX)qs`AW%Gn*1VEVv*l{uCb&lqEx1H$r5EX!?LQv zW0+}KRdr*P>cG`qtWy1Vsb#ec)yis_%QdLs7^)L_TtL-{IXqZ?*KvtA3>$RMT>UC@ zBM$#hAFG!)xxQN$8zNrV#2SzzPWTSH_CMoj(Ep5!lJI0eK?661lS!bHiA0*Dw>1;w z@|vV4`8ux1OyaYQCXx;$_TSM24FR`kKWef4NM;QgNjAzIa#%la`;p8Tp5j^+*J^Px zTgYIrS#UCFY_T|*D9mgls7*A|zC{e4GZG0X za8W=&5M>F7q5+Y8aRI>x%NJi$bE5Qns1Y9b?(vV-q%kGr3ExZcFC#!=8PoAXL#K;Squ})0PX%1r4%vD&5;t7s} zDt-lyODCSimNaYf;Oav5{ZLX1pG9of?npQLkPD>d+8yqXZj6_TUMS zt}Pr#EjA{o-w% zZKO7WK$S{?w%bBU7?ls0d6Q7>YjQiGg%r(p^0<}IO1wiuypte{ofPt0(aPhu336#{ z7eT_iq|@CdyIW#=2zzYL3Ef9F33;!g+iTIiL$bmO8C&@_hlWe>%Y$zE= z2!{jr-V;!VXTGR_$?jzna9 zMi5j-BQiegOh#%%hVSs_Nj4-Hz2xl?8RrR~8#2xd85al_h`-PfUnI!lq5%3bT6uhl zAeY826C`|Dy1inuS0r|oaMkvGP4|&aLcUJEK)h}t-XK}whTL?MaMPCFN|xSMGH%<- zuSiz-N-Do5d~GYgAzX{dxD}D{jUnTFM8>xSL3JS_<6C2E+%&4>nncOpedpXEk%2q1 zS%(g&8=arKLXx@>Ki@_C+#}pI{M-|M?i214e=niL$gHV!H?ck|Pks+%6=qc9XY)Ya zp_1=VqNFXe*t~AP5Pl*4mGA-_klO^2v6PHK16`+!d(+|H2r2x#Jc9qw{(d9Znf*Yg zekb*5o%V=7%>Krgn*>p2`^Z0gb?I?%XH%2YTXkJE{F0v@$#+lm=q$i3Bg z{0JUVuMc{oPr#WH%nbQaJZe;^FM1+9QC=U}U&k>GtI!QT;bmt_cd^m5*rDywMLmn^a#~bt$Fdh>Eei~03^v~c4 zD_l=m@Xv@ru2rpPF#>stVi=xP6SdtT-xHIaCy(eP+x%oq)aEC9?B^q&r(hx%U)6_KNV`9kDrRnLW=^2=g83E74Op~8w^Rp#C+vMk9 zHs%C87jsR19;R7Pvts1y7kQqdnrud@iB2dE?z{Ur-5s)Z<2R0};` zghjj83fV5;-bMe!aZW^_@hC#fu))fFa^U z#5LMScxcc^c%F;=yi;xDI45aG+LkIkZkhiJy zZnM%WbA(JAEpo@3`lU5=%J>k6)U|3|tF4oj^&+`Smt%y*iD6C46FJe)k^8QY+0?%Lpi+3}Yg$!SUC75822s<`k#=I}G zSmD>=@;QyVU5sqS%i`EmPzq7WR=#ub*#$q2G%Mv1U4wh zCN@owEv#eH3$ltWX`*q=mT}~2Y1<&}T1s0{^Vn9@JW(AuhPneAj;8Jes3Ak$twCv| zqwXo_K6Vv!pP&U4N``uXJrp$cAV94%)WaH;Mw)u0sK+=|)MKKa;KV>rafA~MJ(bX$ zU^dUup(8ws2%_cR`KIg{9sNxFv;3=*)CW38mV~yuPFn&GIr8 zZka@TnwHAH^6~1u^Cw*Y_nj(eL;1e&?PVixMw8#q7POd{F*Kvaiy7mscqA+lbLbPP z5MjTbZD{mGyVun?;%JrLah{-P9D0UZ@1RrHRG`y4quqrU1Q)+J_!R?IUU$X+s5ik=9fMsD4*@4eEEbUqJ`J6?A~0 zgBYAM)FJd^P*aBjRKKgkHLBm$$BH_FVWO6oB6HZAJ+O+woY+{4=4%3+CPpc0{Gxh%g_cAH@ delta 1298 zcmZvaOHWfl7>3W3wy_XPp)GgHJ6y{h7wXP1OLb{Nf?Qk5?X*B!DEHFChPXA|yE0+b z#Mrp@e`sR-6~+aLe$$!GISZEG?dHCTcPmJ|M*&DXK)4jWaG=&9mm zTV)fQSd*V`@|3W6x@8e*G4$HMD6Ax%t_wfX4FFAi3ma7R=^p zT6BO15kRn-Erv4U!QyAM_%rd(ayL(-UeY->XwZ=tD)JKND)N#duW)4|uW^AZ9eFJy z>88!ks;Oe^UE{UNDDxXE!2%NwNEcsZpifu<;V@o-k2{R&-7@M^5!TzL2o9r>Wo0GY zGRc)AuMjs{|B?Ia5B<4Qeuk<)3*X*6b@dD*Y}&P>4dF(+b{@eKVTnkN{)}AkyLNV< z%^f<8s!>D{k;zdWql$5A826~!L2Aa0s$J+*vtC;_V$!!Bbg8xV(As*@Yl`)u8@-KU zG4#n0jq|A5Z;{fatB)C3ZSI)nivGBbyYZ-~WbQn<3VSY=)-jy0*Ss^f|}fiXp$AZijxQ*{#KNNVV$gvO;e@kdmhqQy^nRqdcrt2&KN z8uZR*ROBqCRpcy1&SB0(&SM61I&xk{(oLIBNmW}LueE>${;c{tKU05RY7PAdd2%x9 diff --git a/src/wasm/Hacl_Bignum64.wasm b/src/wasm/Hacl_Bignum64.wasm index 4b7729efb73200f1310e35169f849d9f12e63ba7..edc590b15151087ece0332fefb9eb32fc02f45b4 100644 GIT binary patch delta 3158 zcmZ8j340V(7VS#{W8^~&U_jP$4G0Och)Pscs0K8M0m0}Dgs8Y6HUYwt1(NCtqzV(m zFkp!wf`T&+%M6OfeF^T08#;pn%DCdjj3WQQx%a)-o$s5E{&;se^{UQE)qUr92c7Pq z1Fd=8KHImZDKQ{Eo!7s8Z{F|56>i?v)RY+BC4EMalg#HQ_#Ep z@Prq;26K5HDw19NWWwi4RPxQJ;9GDrZi)C-U3{L8`I_B^TX9>+w@dN%i0{B1-o*Va zd?zYV5%Gd#fCW*K8u>0Pz+E9P#6r`*+xAn^PnrHAq_8ODDpZ+%*<#$8BwyNh%MvwX zv1WL$$Xc5-3AIRgw8+a{GA(zKmlz?tR(rXqHCq)W5?qI6Hg~(%qejcCP$$x0mCviO znj28Zjc7n)#J(;*r;*kyfR7;LCPL7FCW?3sVGS9IYYD4S7jZKQ%Vshvgd`C{3OOP~ z7Prpf?or%57S}=&p+#`5gjS2Ym#~(sX6tkn(eBk1tBh&^w-M^G+A6S~P=hwI$sZ}h znNq5t^4maJ-l>eRf0B!|w~?@cl>J8Xc@tq1@qJq2m>@wcH1Btj&zlMIiz$fs0fN*Y zkf+{a+FJy;m9W)5|AV@b>=N-dWxCBWeTXE&Lvqb_!ghkGkY9Sy{SdWqB+si`3j3@mD9yZo*?m zmfa%D9>N~ty;|aZguN7CpHTaoh7$SwcY^%1wx1y7{qo?Co9^RMdxG$UrEowul3gNx zQprAP$v#CA;VHSMozQNPPiK+ODDoMLe3m4_vm|ffbA;zC^m)Por_0k$mgkKuyPYgA z5QNqqr^JgY%L^`fDJx4(R+g8uvPjLz@`{tCgYdG*68Pv4+6M^-iC@(kzebSYHKF#p zi+p~AAV00WNs#iJLh&ureM@R@6W+EA-qC$zlZf9{vhP~5he#qEl55^0yl0W`TjWB4 zexT3~Ec8Q?2p`(dYJHzljVIU%V8r+hm+-Fg3vnXl=wtt`Pe1@Ak=!4;@Ws{ zX+iK$%8V5+w~CLD44Nah)H!CPlKI*`75y}I(*4Uxca-p{d83Ysa>oeAh(FU3e@>9# zbD?zHMLz$VAU~~rAupTMzYuO;n)a7c{EG0EW%;#kB)dfXjq34@)#F=|2;a&zCkQ7j z^1CeZdqsY4kw1_`_(70A5`MJEp9o(&<-U`(M5oVBM!KU;x|0NN;Oa4oS zdy0?5gG&4M_}Q}WilyE8m)I*EIQ|qNhkq3%__Qi{ioC@1%(VWMG?xi3gA1p1N1OAh z_PBI@*Pd@|Xp$4KOZrTEy2Zbh9S?f&+34vGw|wMtFZATz=!M=9_tC}Yb8wDk1?Yo< zko!upZ^Zr3&rI%fk&m7c_ZLa}o3T9r{V^cqff#7|gKU4W^aq>%5DdnUkO7$f2*$Z~ zP!FimT z)?(487ABB-R)JOR|8l!m(M)FvU!Ptl|)Wzp< z7^m4qxDXeGd@;rZxH#fVaET!`9-}cb;u0ZUVn|<#5?mVcWw^}rFSq>((w|`ZS6~9J z2>D7}Y5G@Tyw&7#tI1WeV3Zxw6LA4XTb`3pgo!rv0ytis$5t{+Ejx!MTXs{BRCZH* zo{Fh_HIjS{uEsSHm+Ip4G)&X%T9o42kf%#=dc@b^I`eR4n2Kb?GvwiCn1`Q<8JH;} z^?F=y0JAJ$wg6@uzzvv<8$vEex#{1CGRtn3Wp|^pn_}7Bgvpp{Dg9p9-DJZ*WXN?M zK65hU+}Sfg%+6fPt^#wEU4<{UZ5~%*PQ29{OLO8w-Vpi!q$hu?3VXN3n2UM#7E9!A zi*2|xbGOc!UY)sH=SW{>Z?+uOdb8y|i>DGZRn0Y6iJFLOb@9bA)oE5Q-l{$nr?e8Q zqCkC;k)lC-SarmWB2}Z2%10yoP#u%$2e#j&6Gt4Anny8BP3oIMUaKa@z?umSR?@&q zDn3dyU2a*1I#5?wZV?I3{Ll@Xb%bJ_)5Y5IXzS=nK|7` z7^bQFaKv(%FQ-jSm`c(nb9y~tJ+XMIR#F!wfqEJ-87A`8JsATPiFGQo<|9=9B<=eI zC>|=d48<$SUaeBwtXgcgT8N1fKjlo+7K;=UrO3Eo%K4M;R~ZDpRacq9+l?%3ZVHQa pl80XJv=F~kgdHvs|D?=P+!7xw@7rUi<<=F2-Fa90iSqh0{|7v5L@WRR delta 3165 zcmZ8jX?Rps673=ZjrlNfU66&(i#M-+$)GY%PN#C_jj92ECuMp1wJ%c^^CcfQXr@5`-Qb>7WAC*4)&mrgp> zNryIP^*H|chUVD7av6e7SExZC{s3?xbu!5^S zLaZb+0rKRh$~(KNl50@bwOQ%KcvX_m?U$TdoE@yjYE;Xcl3at;Tq|o`##GcH=FxI5 zv$`a6su#bVgOXpFc?7oUCj zx=Wx5iI4*{1PCH-CNz_G<-u0oKv<9Zh&NI^z($JV)Wj_$5n3qZkPup2;93c-7PpzOf#T!~D$+G-!Dd~t&g#|{5Y}S7<-dhci#D>GyC}t&Dpf;ex0TYY zD^t?mEiY+p8(}Lc_if~JJE5KU9!>Fff&|+s;-rgw-a(K@bHnc?Nd8{A^-fdXDal=g zUH1O>=|R|Hgh+cC7ai9y6@>3G4lY{ltIK6dxc+a6s<+xQl%L zD?uL3JwcH46LRl^rg~6vPZFNA44%?+XQXv`KK)^k zoRj4rPL^YY=Z!4KM3zoMC-FZu#V-&fctNQB%SAr_n;?(oUL;8RMY;EJQ#~%Zmk2Kz z1_8gU2gxZBzoKMcv1DH*iSVkt^cvwcOZN3N@(o44VUcf=M0it>ZxPJrFBh-0R$#uykQ+fx|Io_AnW7~$8S;ZfaG?EW& zs;iAiCiQ*#P$bl?Q|}|E-U-5oM!gfF-bunq;{RxhKPE`R)OxQ&gLJJ zr85Q+1 zO=li}{umJQKnyhXLAE|v>Vr-FLJY=*A?G2_)Pa8SVWt-kvaJ}}ncW0q^hB;wU>=g( zHYcywQ1tAYS;It};bvyFXJ-c^FakpaE6Iy6g7al95OE5S^}CrhRAy8`dS(@3nBBY2 z+eqYV=N^SZ?c1Y#EE zh{p@*@rHCU#-ljo%W=7>Pq6igQlDt*lQ0pJLY|DtrhWx3QxyVCu$o*U3r5*aJq06C zWO-hRd`z+7)BuiG*JSe2)Y82uZrM$Pr|hQrJRQ^dDtLS~uENz3U!#l9GcZGUCAbD9 zAzv%WYa=d2skz)tOotcoEVQHq?KKY=)!>n*!7EK+u5K9{3hT+$+5 zj0!A{_y%2kz7aR-?k3!Tn?hb9$t4lrjGN8nZb3N~MZ8olztmj*RxHJ>A>W4EO#OCS zUnccsrhW&O;SRAam8dj;<+#PNyWO%|uI$PzyDD6da!YB2u&c6Rb&6fr9H~jM>lz~~ zExA>wQF5z%7Lz9KtcGi`2DQ@Z>U8zRgw@NI*NR(P8;bW@gLRP_FLSvDF?KZ(H_GiB z&F!1eh^COmf|+{4)&r>rrrt~l#D|4y!Zz6cwvo_a873@4@nz%}VwL46&TJ)CTV^2% z%NEz#B0_-uk!6_EMQ)>ubqz%*T*ss<9K#qVFrgbyRJ6Lq0)EM$@BwlgRG9n1nL-QaIHi6i f*_Vw#Q$lq=yBX_#p23p(_1#1N`2Q#V$WO%I(9oMc delta 810 zcmeHE!AiqG5Z$DqP--=xf{4P*rBR9}lifDENi%IO;>j=Yo)$cK*Iv986t*AXvCtpz zOFa7-&PrR;FYqGlVcyKV_hx3_d&}O^`rdrC@V}a^*ZFKFeE%t1y|g|XC*VUwA7Vt&#y%(V}ekIG7 lwZX=W*87dN;rd9ff+Y(a+J}Sl|KH%7?wtA0e&hN0@*D9Un}h%W diff --git a/src/wasm/Hacl_GenericField32.wasm b/src/wasm/Hacl_GenericField32.wasm index b8e4b468986347e138e2a445c00ea9e029735889..52efafdf1d60e8bcb44b3c33f4fd7f2a6e19ba25 100644 GIT binary patch delta 697 zcmZwE%TB^T6vpumQW8_5h=^1~z5^7wc>@I%FU-=NiEmMji4TCd(}i)senS% zw1PYeK@FO0B~(Ja%DSWURgK3Yyryv; z1?eMRNL}d-)Rf*}y@_U|w@^nj)Yn*VDSch*Q<1)*bsmL_*;M!zHWa?acpGhvkEnx9 zv_pNH^^VeaU`yeW&HFMb0TT(HCxt02i$`7kJiIjO@q6_qgTKc@Pp@+q89szHd#Yw1 qyQ*gYlymy%>l`}39{OR;A=ezJnxlYlsrP@)@kBL|wrJqB>Tkca1B@2{ delta 662 zcmYMx%TB^j5C-5DS`(CjfJnK?f4CMDuxg@lWn38_ z#)S{y)+wi_uG*Qj-#?l8nSM`So^kk9b#H@vc}B zNe=IR&ecn{ia3&UOHr`OQto53l1?MeRj$ssHnUlVD{RgEY}TACvPjW))L2KB<>+Zd zPhlX&)pM?0oN1?AG091D4aVYcs#qQwQ3qfFIlo;*-t%Wck>)9(6wXsd0VRJP@;8t} zS-e&p>8iFrm~SAYZ8 z=xx$F=!AL~COUz>NqSf4TT+jPdQa-q3Kr8B_y9eD4+tM(C~>e6`WOcKHt8dw@4(=y z%?$U}Tz7WmHE2i7qVrgb#{X?#$?feSLq!n2FT%&z6X9bDpI{=x*#Y)339=6<`#@wL d`GU%JHIi|L%^eUo?tlv_DlQ2!?xNx_5y4%!Ty*YH0@0x3 zj!Pbr$5f>%ugPovh5R|D&*>RbHC283`+83G@0)w)ujD_;KYlHuxj%m^8b!(H=TlRW z>VnB70Zmd+p5^Gj!7?sEaiYLaM0_qqDKAGcmti@|442#D^9ro6-Aa^WWylpGRv2D| zRooqSpB_pfW+e*lVPi z3}CxRCQML<86_xfi$uU&mz`fZ8r5ixMr5o@$i6oyvKcB@JoHcyT7N5`KyzMUF94>@>QN)XeFX56~ z?lO|-H#{iI54z>AU=UYAzKW~Pzo!0>_(RUWjv-tRIY=Sp28MB2>8>f=u%#PNx-?EB zsYpKvU0RPf@^p(9=tlB%BIO>;n+i9I5eql!^BBhX7Do6sZsE2G_>QeU-^E>N`5x}z zUdZ=Fyl?mc9=PQmVhkgO$7TC*xBUdhF%hy4-}#g32jU0LpCSa9qL3dE9+8`QOn9h- zlS=rQq&8qw88d{N7*n#4gfc_g7((2m6vwl3jTONY%D z6Y6c73*$$**goPjglV#Q%#hEsgjwRBti;aH AWdHyG delta 1569 zcmY+E*;5o(6vq4DjDdoH3(A0~-;n?_0^$aU>vZFWqT&_=+)>eCg5WOF(yRB}y}Y{2Cp{*9-GgQ%-eJ zrX;A$e3fl&sLJkc_&X@~ihR%UxdIiu1m(OGOR!Y&G97$gj^(X{RbtwB%)VU6Sll`|i zmYr`X4eC)3mQ$qJfO>9}7+;h`93?J|xRKHBNYZuU@+<4y2;%0rgyV1mb+*p^!g@67 zb`ug}6`Fi*Ml-h{!5h$m4T@WJ@OdLP>S_~Ou_@%uXbG@c@fK_`xLeVTgyJ^gZ8LVX zqYdpLcc8=Q+pOLxdZ*F1qZ8Xh-hmxP--)f-p8(seTRSD7$-1=*>(OjEccT%zY`Q1N zb5Tk=r5Tb1v{c?d*V1`NYC6y7E_Cr;BzYh9VxQvuI{1752Xu81`*ASjZfSNaK7>PN zxx?r}QgM&0*JGAHf*u?RLOzP4X5g3|=#_z9GjJTeI3Dr|oG|)H9JX}FEZs>>=UKW_ zaM5LvP7B>Bn|_;zD=NVC<>92I|GGe)jx(07AAOpx-{%1g@F4p5ECz8_@i`rQK9BRd zx`1=I5b{N7UQ~Pum&|gPF@QeBL$dskS^f%!a3$ocxN7ukRv#99*yz_WjO!r>H*muY zq;T2NU9)s4P1kSfMsNlL7AY-sBR2gmPq(N*H=3uDR_?*PY2n5&s^P|b9>+M}!YJRy zE!MQBJCcL)DZ}d5Gh~g}XF%ZB5+JaQ^1V=4=t&TF%8jkF!s&UsmX>--w_KCEs*eyA3 zciv9UId4a!uLr7^JcSS6fAOUbV*K)?IXVdNJaJn?eXZxCfX~z^`-t~ZLeaU;iScV! zFl4TX`a+GepLjo|?#D&i zNFT1LhYL4C^>)V71_Wo!8%SL77&PqJ^;E8(jjt&(B}=AnV$%~P)3-3aZIMCAc7hne0K<8Lve~So=Jl56 zTbfcb6z9{@2|v&V%O;8r9J1L|O3sv0y1~CYR}%?M zP=g!X$ZvoCTdBwJ{F6_AI8Ho5F43&-=USTh3}yHfo^d><(d${1%xA560S0@F^GR}B zn)O}L(p2juVHt%d4LJrG=v4?E)-k<|F-_>0Cf1AzpA!bOU)(I{2$;}yskaG!XOr^f zoXMn2noP_0CIk5ak^wqG8C^GF0DDx|@&N8tT?<1%sJa%1prfh>MwpCrX@MW1z$qW$8nL5{r5ezV#*JJ9evlw-5#QC(L8@4?t5}$ZJrcOaSDy-?q zKK#vSunW;(7o)*0MT5O%nGqOK=Qe2;qYgqAjXDdU&Qe630;mH(kvc^LJ4pC}HW;X5 z4jha+cSL9`6)F~9HbC>w0Q3r3O&K*$Z7M{C!Zll+GD4FkB^8#dXHy4aLc$cWN z2#;>(5@evYBD4@wXIaOzyk<=JC@_?$104a&N}Z2wg7mXWkW%WD@_6CR_OsaVG^EpT(-K nXvHg-OH3seSta(=R@zdA#m@S-Jg^brh(1=d@#zmXzxv+)5M=Lq delta 2020 zcmZ8hO-x-?5WYk2BRB9OSH+r0qcd7;6HSa85{)K3i7_ROF>&RBg)0{iVuVLX%HN~a z)?%qG+#*G7DbOEKE3{Ccv|38}=?`ipCc090rYjdlcSgUNckg>b^6vd+=FFTk^WF2k zq5IT#pC(@nDpr5q*X5OtjdgW-B_*9}QRD0VQ@;d{mQ_5-d!66lNPiiYD0ujpnpWpY z+m>D2=2Er(F6Zs^JQjFrA zI=RDnd$`kiuQvKQI8-mW==t4GRd*5Nm(vZp2+28aZ>X>Fd>p<{mt;Tj{^+^g)w%bG z@$1k`U}rw(eGSS1;saDJ2Z;}o^ITwKpe^}eQ^c1;#0a)GNH=k-e25o!Q#`mFMz!=1 zhVDTunc88TBlHSy<0FKHgeLijSoDyihQ1s#45ZgEEq#WeMC9&ya-8@$MZZ<-2>OZp zaZpV(T_p2tfQPF{XS?C zcVQsveW6k(8q$e|HcVv1oi>7e88!@L#4s(RhM}CXolzJMbCz_MN@W5iBh={B$nq#P zW>anl7Hc)(rCPmX`3!bItRvgfvZ?$6oNTtdT+S7?bc26(|CmbY20L+r8~*9{zf0AP zEM8#jIm!na6B+K@Kh_{9$sBH|x8krK!dX5E;Qr z8aN6J^(d4MDNWCUrg5cdd;?ARoCsiiTo>>P8wKMicqGbIrQZJBi1OtN!$7_?Ov?qs zP`&~(l8#bF%Y~76Ol|EB$-Qc8UnuBPTYE!Mq;_Z`$ViX&_ZIq_(EcV=Kgq>ZWlR!7 zMR-pXm2uI|_vDhHFH?qrOdF=pSQR`(^kA&&%N&bP5 z0$;D%oT;Xms;uPZNUo@e=e2Nt1DEhjL}(6XQAAgXuf`&}Mtlt-x?&kc5q(W@s3@Xu zl2B1Z*AaTdDvKgoAVx8gvAB?kXj8;QbR*eMC%a+y2uXqD7r(al=F=qMI?t zOEJgGF~=)0$E&t83S$x7BHhJAgpy?w(GoK{12;*=Z^pY diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA256.wasm index 48ad5d97c3492949fa30acb4c09c5c634bf722db..7f40d696b3c8016523a7564df64dc38b9bb78558 100644 GIT binary patch delta 5246 zcmZ8k-E&vf6}`W^FEJr?8iol!DKI?;X0#9Lj58hUq|>RlP9I8jc<=>$tDR|Qs4w&n zXc8n~0))r~QR_#k6s0OPq=;aMAR@Mrg7OheARiD&Am4!mFwu1Feb3qV2Sbv%YoD{% zz5DES&ROib|DMCoO4}C3#-0o5adQq6e;Yj>2R{h{(-tz${fXxoq$qeOaBSbWpgotw z<@x39p=k_lhmc!OexAuMF!_Z-^7A2MM~)N)O5W*$_5zcabRipG6&EF|qJ@>+q3I6e z>+U;x1YHKop~j1XE&(CMUJ^78L_obdGXlCS=my4S0bOBa`#7mTjPv$tXs(9#T4=6? zWyN+NeLq5|EZLi%|Kwn31`$jbc8I5;9?VDnFxSgZx|o>E<5Cp^AX(yD4B2LtNi2L61}fMF6)$ z)0VT}^1I@D(q8>~rJV}n*>;*ge!B4Er$WZAS;$eKm3-%dcA6_$@qK9eLOUbubG#C& zC@!+q1oCQpsjf^FF?QrgQK00j-3%lrzbl=$;(0RDIlG4V+w-2ihO1x8>}w0zYlyL9 zM~VVvU+02IX7&XykU5bv_r?bF=yqADtpy=Vk63z7*O95Cn8g<0jq3&70^-hW5Ht$J zo!Q99*7JvLqPQ)v4P+X~zDVXpf}%F3v^g=N1zP7nToB2k zhn-~V$-XV@b3OYz6qDV>?7Irt-yz119VrTw{huy~WM+TnUBY2$-xKzEp8b7_4+nNP z)9)^%f1emTdgLfj`hU3~l9N^We6rn?--i}8phac(+D4GsJ@}L9t%*z%#RE=v$zpHy#{ z%;V5obEdaXvLw;lA!f9P$sE30Z=Xs`^>&2JkxXx&3G#Y7D#+{Yb3tBj#{@aOeIdZ> z?LW{PIGx`9D|%~{x2oR0WW62d(vBCF_9ZcPEklX|ZQ1`^5Xqvq6J++0Jt^#}x35@l zUo-pHh3sDuW5{+tWiHlbhq z4VhdV#AUMc`IH(?N1fhPRWCFmQ;3->7e+clgD{MJwV8{7X{T*XS=iSwz?Jl;!X6+qfJiFrL7v0H#^1mW@dEOb3LBGo9Ks&Rggu-kC1VTnl}u-vTuuj>gxUe}X?{G~0x>-rYZv#RUcqU&$vt*YxO z*7Y=3HeFcR6mChbT#7@A0+q&hE{J5&_4j11kev~B)pb<__UZ`i)##|MTUEr^u_Hx+ zvafbCkSw}>KH_t9O~k9X$e*J%5uc-LnSN~{eNDvJ(IZEJ(ywztBs2XVUx@C|b(HEF zP3uR~aI)6kIbLk*B2yRrD)?D?jYp;>Hw(X|c0*+FGaG6twk4+6lsp;)rAIzbO?6$< z(g$vqFMwMXubgTOHh3my;eK0laW1L((XyoGvAN6PU-yQ#OQP1-+s$schYeN__KvP5 z>@2V=7byy~T$ox3+McBPv3$uTWb+kKl#D&NuoAAeH*>>qwLrXgc(cOQ0(m#wC&;_u zex1pi6@C{py&Hz_?G45CTDaW2g~1&PVQkGXyWx@a{RpA5WTImJlQ6HN2&O9n=QPaq zU_OY)xn6$KdNG;DvFk=NHw=^OlDNc5xZKf@-R(rku68nW!?3kLeq+Jb0{M*vUkl_n z7Q8Bu+gNb10Dfal3v%}b>}yBP!nIDQ8!lQ2{~FIurWQVt?09(Y{M9%FLJRAODQaog zz|tlw7s-qjFp^cFg?+>fwWYO$1*qfA3DcM@K&==>*Knj@Fa_H1^)86yWc$PO7HlAM zDrd@L19~hwZ0SZ2rZxc@c)FfVklNBsg1jwl5HyPBa68~XVV5@Zhrw{R1r}y=3&CWX zt$dokl+q%^+Ik8mavLIPUtv_X@|R*VvR~n{_(}VU$vlp}Zp%(nxJ#eJl~lrCZX*j{ z`P$t!0qznp76x-z*vmJvT&uuj?<+5$7$DL1~-#^S7zvu_#UqMWT}xE&%n>M=IjSDL$B*bxvux{`s^uO zpGIQr+KwCr+IF}-3Bm*>jTQN%=ZW(BuvA;p%Xu%z?1%W1^?e_k5w(XO3G#a%{tsi` z9>NF0wy+Dd&C++6zJp|2$h2_ZKS^m3lD@;t9YQ4SJM2LVe>Wy0`%|uqpS16o%;V_$ zp{(z4c|J+{4xe|3Ed1TkyZa88hnV&qHt$&0clbOY-*@;tAm4ZRJRslqRza@suyq*n zeLs%A1G>J$(4p_Jad@lt{UrDO_~NwhFl8T;g%!gL?fV(-`!ANHeTT0?-{Gb(L;Kz? zeedA)fqTlpOBVc-MAM9Trx&L$>>3cr5()vcRUDVw;A=JD4h=lal9tx}>s; zOjl;pV7GvJ(6k)d1iJ;~Z5r$r5Gw;8#&!$H+q7Om-lkm^&D$S4Q>lD)fep6WTvm1g1o-qw=m}Q1-}L4^#v0J zGT53zO+~m+peZcaU}}*z-Z@@u>myUI Y7HJb+J}b_Z@~>@(OheP3mo^vwADDL)iU0rr delta 5194 zcmZ9O?Q<8^7036tXTe}(jLn2Jj85;FVW_-drhP-FbUJ0VK(#t{#y8kk)pn*M<&FP< z2@*8{LL`f*rL+{*p)1KU+~LFMpJ9jZE^aC^S2>KYV5b^4VN z)HkX|F*gaSOB8oYP)`__b8l#RL%tH4D`80yU&XkT(Tf_EBs$0&ALKE4__4x= zzk@bQar*p-@xoVf*ADWSR8sM6Xu3nbr`aD#voGfHFrJ*8{n?Yr?}|$+UL$ii$ID3W zU+z{^qk?4NJY7-xCYj?oGc`6?f?Y2u=9=VtaYeFWQt|V(WNImvh6ku+xvE=GvO6nO z4MEB7tQ5s{vNfwHZV9-aOg-^iWZoilbu}iWtM!z;5jbi)9`yZ6Lo9Z)ZWti^bC_*Gfiyhs-+^n|OSjUMUHGqEG#Xvn2fAXKTd|emgF!O$NnJAY zBQoeMmfc9ha>alqxQ+XSnk+*vnd`#wJiu-K4cBpcPz$dD1TNmsU#k(YY zx4K{tnLWgxlKE6zuon~Jf<37V_L13#k<_rrv9Va@;evgc3-)J0 z>VgB3kv}8z+5Ij!sAJv*hsYetT=2On=YlU(ITsvO$?m36_FDx3?xf(ww-y5L{x zg0J+4x9~KqPVK?D0wUMcfo(O)FeqtiCKQ{?~#k?Xi z_axf|HKf(_Xk3nw=rHX?AwmfklSfC3|~eb^sH!&5jT+e0E@y4kB2x z=Pm=ZDiSlRxDwFRnZXvI2}*n~FB+f;%E4B*DhFFVexB&v5LM3L zr~VM!WCjGb@_2N4UHb9JOOo%*s(2P`G>F0UjR6o0NHJKC#KTgoT=}iUVwuMqGnl~^ z7|I1neU+f7!BFUFG!$yOp3xSt3Cg_`z$Pg7Qh=MF+)Du#g0e3KC<(&76l1FFI{`d8 zpJPzbsHd$3i@`^DDaPgLfkxTW1Dl|2s}SRbZ&ekgg9w&V7A?igA2N^%={;^Oqj)k` z%PS{X<@W~21#Pn<#0#JObvww_$?(t17rjBIDrC?Yl6z9CK}xQb*w@2IQ^8=Y7WWb%GNf@K&jEfLE_-2wsrxgX91ntL1rs zZU8)BTSCA!vqlcyw=p43N+@}F)}zk=$JSybwGqH#jXWS0Bl=ybMy~u;VX@4^Mr*T! z7o28;q<~6*+FIguWY*pPWe28VOl&AA7@W2~J9hzUP|jiiH7IAX4XT{QKwp@%7Tc)8 zS!@%TmoR5N1|oyUz+t$nKX)7D+}$jdfyJ`Q8cDS66GFW3efozTPy3dIte}l6`w&_H88E zW=D({K0B~b2SJL+J`-FROn}Oh0+r}klJdkS$j&>}b-RRLJW%ddN?=x0gR-s1IaW?0a%RagHoVedDmgF%)@mDGS?mQ zLFzhy;Q?X*;TQM24p@jW@46#oj%2O_7(zMM0Suv>>i~vO&UIg_vaSOMV#>Mh7+eQw zT?Yb$>;9v6^{zWEt~()>0sgYej+1EHI)r%PTlZf($S2fw|0A=P7|e*0N}VxIiR(^F za&Tjo983vqlOx0npZts+Iw*7#!M1;7`*p79PNj#ln55h4W};Y zDraGkC+3`mZ>e$?27zMEeVbJ{3y;CVm~$UzwJ^XEcl8#&Cl(%;%Ek*T19(DPA0WgF z?}Mr+9prI!+0w{dAqJl!xwr7L2+6A>BnP8r+XjAxw#gCVg-`yv9YnBv_<#LIBqt}( z7TF(jFG!7WFYp!VYYWqZaG`B_#CYM;FSmmTRs>v;{NU-bAEQToDI>3pCLEuE0#a5k4*iJSD$Vw`ah_X8cYBH diff --git a/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm b/src/wasm/Hacl_HPKE_Curve51_CP32_SHA512.wasm index eb594dd6facc8e778f23f12f4fb6bbab92b1da93..1abe96898d71c8c29bc422d6796b65e44679dbec 100644 GIT binary patch delta 5176 zcmZXX-E$Y!8OL|`Sui2C#$iZ?QfAImGr|oQb*6TpH*9s<8Kp0@H-L9-FFMqV_8%|_ z0+IkBuwc|$u$306iaVKq8P}`hA`~=lp)q5t!fiob!Bl z&w0MP`*GKf@X(HM_s;mSimjCuL0tKHMMV%rFRiLS5PvY^_uL$r<|qjk1VIw;*~pBC zd@eG_!vz1mh(F7@B}y6tJ|EFSa~><7j~6Dv+#oP5k?8ObvdEyui+O>yyI==VoE|MI zdEsJY_C(yO_D2Kfe@Xq@#J?@y|57B{`lHAT?|<12a+~^x?djrKW#v~Qb0tb{*?Z_v zbsZ|i2Cu5R28Ao}HB}=}1l8$R#!%N)-NxJ$s2ifVONzRqq?CIi(-ZN{$lQ#I3%D2K zaw0vr-51m5c;?UgBGZS#>{R<@88(9Ts2`Ax$}fMASS<56#lFbzZ7^3PXIDNXjyxQh z;fO~fGZH0VSo>S5PD05JZ>ws8l8cS1ItC>>98)!KK_DCaTE!TqWP^89eSbkP72`7v6n^UBQ*<+gz1aJUesK)S_Qklc}aeau(oPYgOHWlAf$n zH3TI+Sucuf09KxM3_t^%mKX z{PL%T#WIg1rR4YUsxOi~l-G$NzeeUY!gHNWPST%>qaW#AzpjH4Me*P_$h<*5W`9=Y zV)mvg7qh>paxvSg%EoM)3Kz4t=(pl&bM{w~oc&F&TIjC&HX&x)Woz5>xAr!Pw!K1$ z7k;0Aw}ZT0gYXYBHN-pAe7ZA#hZ5qQV!kuq{2dZ)%~9foH~*&{y8>Py!!`skavmu+}&itBuI+24ReD>5jwOA4MQmKqxdo2 z1ApG@vR6;0o|0Z0k`Gn6H{L!~cWw4Q62<$a`haHdAen>2hsYd~?0t+0$=<;%dxyy! z#z>aEBeDj&z+zN4$S&oV&mI=bJhFE`>!436B@m*$m}ORspdX`6&`@%~9foH$P(s`Lsr_S)+GW&3*LF zY4lpey(QoM9JcA*QR9VoKW_)QMcl&+o61Ux(4d285OQ`g<+8H!Rx+)WT(v>Cq^bid zOag9GC0|>4w_R2x*~49MyQ+35`QThpH2@_aoDNlkQ1ZpO>gOJTx~59L(gjeRPpcHu zLdff)_=fm*QL;7UZZh4(J!E<$!Z$G?5$>jRc-HLa$@F3%OK_hokp$!4fcxdJzGgQ2$_*wf^VsE3BIk$C3sYoOYoQ~_l;KJ z5_|^!gx?(MlMmbd3>v0t5UzbY1O z?NQ@}w|~VBqFC(1HR<9xC5zFcZuAHtu8JRcofdF)Y^viQ2S3a{)v;*^r{Hf9uZs=- zOhY&dxX=`s!l#3v=#&NK>iPq7?$4M7mQ@VSA_c;o3>jS81YA!0zw^uV?ELA=z@_^l zZr9Nq=U!3H?GS+Kz_a4d54;L(H;5uH{02d-I>;UAsrjYhHDK<{^pEq3%7Lt%In)KR zLdkO?4{A3ng>X;NgeveM? zbadhLnJe(bM+~gQ5>KluL96MRY{e2lVnxJYL#*(~Sw%R2YIzcYg}DQ$QWUh!MhPY} z;hVkI4svxmys&ioIx=TMGb1r@$EgE3*W0HIBC zKOjl)CMa?54_cw?r|nylBLyiLUK>I(nbdk-J(^uuh$Qjl6x$h&og z|N8FHukT(tpS}6#vxh|6W~0Un-)xYZ4ua)ySaX4H_`iod@H?a6htu0^!EYb@`6Erh zexVFceFs#zhaXsnIY)iKJMf6W9Us;NfaQ)5H;`$N1bl)CNx%_J02r+i16cw<0u8bQ ztVQvsvP1dh6M)4sj|4R45&(F!MVbK6TO%>3?byT62X@1l4*=lpcrE~-Hz*eX&>NHs z0O$?M1)xcl4FF&bQ!W4}$UFgQ0{~1z06=HBst>?P3Bdd(vH*a!J|+fYVTBLCSqZ?- zY{gRW5(02RSNH&2)Bv=~@c@)^$8%B1#RdR1n0)AI&tM7%+$v`kwxvJ+X-N^z>PW_4 zm%(4zs~#-Xo?|eu6jTSg6rwL+DJaKaU@0g`0&YcE3d%89rz*!_Kq<^Q2D{04^+n>eE00nFcYC1qxr~ev&}p-++hZ z#N?L`6c)=o0yUTm6j;g@X`ld8gT#QS+Yd7sPzqx{P++OCT%f*IG4HRGrS1n9mdh!=(=TrD%#O5Y3AP1v9L@NPL>AfePkrm58 zEC|sWT`}9e|Ed&#ss(_m^8pC>0&PQt8ZZ1?WUUyH=J9mZ$oJK*Aafoz1X(RfavDQ`?;($Iva4O1Eu+Y(KD)%Hc>Ru}}W1ue8t#R`ZZa#=0{TET*qi|opBS(XKsy|D`d3v8d~JLjDFVZ$ZA=bZC> zX3qIOGxOQJDt>=ey!M^+-l3%p^-(&!r@lT)l0VO0zbRdF-_uz%HHxyx9!kt`Y!4^q z(>TMQ=ka%@J(6TQB6~EEY368>MZZd?Wzpm)GDi~X_&F{zs0rfX$k~1E22q^vtR8>Q zvBa!PY^&PujPfHteInmoT@$zGtAAFzaCCLuiNu^pvO!mUQdK8Zj9WXUssjr5U{9;M z1SL=%VPy(+M%57JMnQE_*|RL_O0o&|Tw=~8_IzT_Cu6JZ1&nhq=dh9I^FwLvjPAsA zW3V`ni(G~+Vm<16cm(_vjsS}}kNtNiVb{H75qDkJM@QSAnEu2LBxWGVK6Cb$R2_uk z4hL23gW|=8RPBM{4lk>EcxuEAUQuxcQ{3RUsvemdjfS|26OZjRUMsr;H-^8D&a~H) z>`pt(yC1H+`|Id7cc&XbO%P!#H{2kKxs}?Ri8-6tTWUY9u%Bs1l5BMT__XQy_aCaM zeL>8P*v=B(zy!ZyHnxzr6f0_87IPprcV`AmaPDL8v5ooMU$FmAHi>DHj2(}#mpQ7g zLh*E7QPmH{)0s?c&Nb{Q z{*UY;k!jRrPqCQu=;=ZU2k}}c%I!lF>K4<`E)lat@N8rwBl4%Q$xrmIU)Mo~f*$q_ zF>gp{_+M1{hQF!GH~g=ve8ZQjat&Xm!Z-Xad4`^@<8KQ){x`kq7=P8}f`+f))>c$* zZMjgphNC2iu+P7{LA!$cto?_Wd16FBx{KC zWyO+sO+L%3@ABg!tvToO%^{V_s|DmdDuIU@7>_%39q)p!> zW|P>D#eB@BZ^i_hzNu*X7BO2eQZ#)l*RbjMKeF3+GW-=DWGv=9n!crMdP^wMrf;XA z-63X&WahS>@6@r-^Ic+gl|BDNmGAj(RletYRQaCoRpomAsS4lo&%`_pPuKH*YtKK| ztA?KMW6$?0{b#TVj9Reex=Bc2L#cR-z1#ji*eRL2yRG#vwZhRSx* z|Ey%oV%sIAOYAu@=a{eanBZ2rihNxVa{(hozPh=F`NIE^y~r-`SI8F@a~}D+Q0A*A z6luPCX=wYz^htKtZTafgv5>C;F#~13E~)bQ8dT-;HKfYt>#{2U5mDju^)2!RPyZFs zd|lJ4hJ0OTzJ|H8;mVy|7i#|zsSqJwH{75d<~HxXDW+5GEj6#n|M=MBWPtl$NckR_ zm2&eB`uE7}l<$!|6h;SI+xIx>Nce31yx`N{!;N4)j0d<;{t5?)#hl0U(pQ2N zaLE^OZ*>5szJ#DOln{_EmtX}#g7VJ<2notR6F?*=|4aaTpxiS7AcFAE#IP#&NPvXe zVhjEmssyWB1gjC=Js_yOdjJx&YZGdM2yLpDVi3jL%5NI*>?aoR1p5G1vm_gBXY+|8 zK!vjbTtPc`lmrpnUvz^gR`-|0)F&3;1@{1DjqtQhbO&>l?v2V>&K)I~EJSdh;|5Vo z_ZpDdSFyP-Gq6X$0d#ZmZJ+eyJimai*N-%?|G+k2#sc0DI1MxhM#}|k zW)|_q`x+*grCjo-COdckE-K4x#J@-cf`m5&)<3oBjBmaFhFTOrSK&gBdM zhMa-BaMkeYUCCGPD((&JRqk!2P`g&4B#6+ef4V^wYY^TMvq0>->K?xBtMP5O@6jFH zR=R`fpq)EPf(Y*aa)T(Q`)}VDyd>=!bsz6f46xS_+jX>GS82aisGU7(f(Z5iLmfmh z?I!~bqY9?D3#lVhpl!JW%MWn@yFtUZkrWfC@*`FLjR$PRoTp0QBY21KXt!wiz=~VN zZWFVO;cLMJ!?(2vA0Ti$MvCwOXSQ(_Y`_V$X|TV@Y@2<5W}K7{hw10O>9?0v4vWe+%rDWARlVxEC?+51AX2mZrV zL-r0Zdk48SFkrd0148ZEhms&d`@VF8DAw%#SIlOyU`M#u_;eg%_72k>{8+k!Euoz| zN`eUPN8BKaHG4-jd%#Y(hwL5G?6uM!lv&yzQ|xp0sKI0*f_*`v=xnRnPXvorW-oHt zL)W$zJbRox`@Q`4KdP<+o3@us3pRy1g~Y^}vMH2jTCgb;V~M*Xn?iY}?NH^J7HEn& z&$OLkj!b)2m1o+nDJp47rUksVi=wLqt%7Mms@(!YH5Zxg9$c8|?k>{ZE2bACMY{XA z1_y)1FzV+i@>fVV7IPly?k&>|HuXiCZqRA3*g-La--TMRDaJy&0jHPCbYD^B(+xVs zoKN>vRX*LIRLuDgxC)={VWb;#{tK?@27ThHA>Fr_?h$Tnq;hMZQ)m|ulmrn1QlA!s zDAsg0q~^R>P%PX-x@VPqfqa=vn{-PU1v8MZ_ly6o5Fx(&X&rT!h z7>o=1rb>HYFtoErO%TC;jvGWV?VkV)SEf64=|Zgm{ULoTmGrz$C0770I(f|Me delta 93 zcmX?Bxvz4=W@g6co3}96t8*@IYG`0!VyY9IY@>aLpGiT~ktN5G5rnc7I5%tSh;a$t kX$C4`W2$4TXRPA}V#duuW}S@uj0)mNYWX+6Grz$C0FNLW>Hq)$ diff --git a/src/wasm/Hacl_Hash_SHA1.wasm b/src/wasm/Hacl_Hash_SHA1.wasm index 40ffd059753b1b103d46df0369d56d6cb98b7161..b345c0a6f97ec37aa1ff1b4c5e11524688ef9084 100644 GIT binary patch delta 102 zcmcbTb|-B^D>LKz&27x(9Go9I8X6dwnCeV7v+>BY2y-f0DljQnII`q8GJ;T+g5_ot tflMjESzSPNY)o}*^^A3TK+Lpxoz_7XVSYtx1x5ucB=y#t>-4WN0{|a^9J>Gj delta 94 zcmcbUb|q~?D>LKr&27x(9Gq`D8X6dwnCeV6v+>BY@G~h`II`q8GJ;T+0_SE6flMjE lXD diff --git a/src/wasm/Hacl_Hash_SHA3.wasm b/src/wasm/Hacl_Hash_SHA3.wasm index 272eaf6c3adc8c541c5bd9f379632cbfc7900b7a..3243ec79e02b4b850f6427f46581ab175a85b6db 100644 GIT binary patch delta 1333 zcmZ8fO>z=J6rKSwBtr-=B!MuH_mU7GKm3H@FEC^pC^cny2$vEUp1{h+DzmW4s$O^n zms;6*0;^nj1}|W_@BqFy(@b^TO!wFQ-ur&0f8Lot?#wSw66W9gr-`h&{^#TEt+5_^ zYs;69Kdg!GCR$+0H=ZLaYnGdWlrSz011w?QpcVINV?2N43!_elDL#I^gw(mA70FIA z|00E(u!(7iL7Yms3b!DQ8DU_Srew7#8A9ewFlZ~AqS)RC=hIJCc0&|dC39Q** zhXQk4nWND;ZM02@1={lS8g^~WlZ0)^;|^@#F4gX8wL65AjO}PEivq4mbAgHrqIkV> zo+p%KTRgsD7+8cN?tvK`FIOvFz}~w7eG9@|VnO~&&f_I0t<<{?IHCFyt1l5rNmJwy zV)c#+BP`-D3J#W`j1{QBh7v7qO^Qdp@(%gO$xq%uy2-2$h)}@;S`Nwc5iuNT42Oi2 z=Ywdg*!TvI-T$KqHKz&b)Qvt7}3VggA-0hG%e!=McvxH8-{9b3)4HS+rGy z_y(Ii$UY68>N0v}EoiOO)!NVw)wQ_3MFcI4piPL?wdH#Y{Wf+;$OUw;OOd-&>uR-K zLQ2dV2NX3QbL7Fwkq?5%dmMR>o?K1-PC4-*3|DU4 z5sX4NLna&&(NI%3BE)V+N>y0I5$%ug5-xEJ1Xxmfe)lgY4!o#|34^$DCcT Ta(0U#yBTLUV@3Dh(%b!i9ntGY delta 1222 zcmY*X%T60X5Zv|hTH{BYT>}OiSMxB~82kWiZ17`aAVT?y9C9&yLj;E$I7EsxKafud zBF89FZjo{bH>7+=4mqZKcCiM@@=W)1Racev*RB2g*8XxnZU4J}J)N=Lzn`wJEjRYw zS8r!N`iQ{^>?{6_X+HRAQvwNf=WeO*FWc(tY$lVW6jGGNJiS1gGJ&Puc`a3+%Oulq zyOt#w51wESeE5OIJ$QkANuD$0i}hw|7+Blf^rd|@hQDhWL+WnUANrJK@&#mR5ph~# z;F1Acs9{^4eGdh0s`D*5!Fo-q2UzN{kgEP2rFbxdmFqDiu*wH%ZR{ zpy>z{(n09JbTH_ME1{!^E*#Q15v`#}>sX@=&S{f@n+9-$t0<@S$u%O87uwW0l^9ks za$4i+Sx#HnqHWGc+LDt#C8uqjQ%Q0v>6{+o^G+FMZK{GwXsRr$%Dkj(Xsd7~rYe!1 za7akn723fLRS~0IRA~5l1U+iCCW!@sWY^LE>hLb=@RE)puFI9U>PCXXAt7$FF4?C6PH2b$1&FIZs7~V*Q>f1= r?S8~eBg6fGt7q;{aY|?GTH4}XpW^;ZyB~@Bk#_$OpSk~*O1J(4F{0l+ diff --git a/src/wasm/Hacl_K256_ECDSA.wasm b/src/wasm/Hacl_K256_ECDSA.wasm index 65006f8833992c3a80a4befa6ff203820c74b744..d1f56f3a9f5d59e69b496ed0a8abcbafe74f34f6 100644 GIT binary patch delta 4965 zcmZWsYjjoB5k3ogB@ye(wZ8W*tW;zI)j{4*zJVf=4{ye_Z+Djl)3M*&Q5D&N=JH#Iw+Lc z|LF^zlx@jy&T_3bm)azovtgsl>OPGgqc74X|V)Pn1bKA^OEODjUobc|zoJabCy`@l==E!#o{NF7-fGa0yS;#6?`8!p}qv z+98cPBc7}wR=`Xz-z=WNvrN9(JX>z!88U}&;yGctSw*|d<+-X=^37b?ElxJ9PFP%a zow+A_WggGw8PNuN*vh27%-UpMpSvgs(B$-8(@og zku2tgavLw^+ro0YigsDTOH`}j+qtG&mWE(m8kRfw4g+i%FXDw^S&nus59I6@L=-W_Z+F7fP6g$`$59H9Q(a_w*VhNKd8Z?9ZM)M?2uwS zOnlhK*hk#wV?1my9@bP?CNRQ9w}7!PhS7J`u($S+Jg*p!=)oh&7!Q%^35=P*c;v?z z;X@744{9hU%^565iH}m`+rBZ;&iNFWbBy>Hx#o>JYVaM^G*~9^!3Da0myZ!%Fuiu) zRq>@BBYA4gfk{nmmCp6rNWYpKI>d&m-5Whf4`b)$xy+mO-i8y?c z%-}plSn(<9mea(i$&8LO#K(!xkPe>X3ahKay3W#2xQ`PGEYFzbEb&>Amx*5{=?4xu zM|>`+0q2R&`wci}8gNb#W0`0GT%cn|~tmzw89Q~xC0w=ikVp)&8#6z@xc(b> zlGcAii`w=lnL0WYrV5@?s zVLZw-EN7r+knu4*9h$ahI!g1LXGY$?mOB-$vv|6IrgDZo0aW#Rq@8UG2x}&%o7K(m znd@XqC08P;6FobWf{{Zr1C`*bvCQ+hQZs{-%g>M*GM?FmrkUM%=39JcWe0k{x3Vkq zc|KBSa=@M`3t(I5q)HW6Az^j2vz7`f!B=C+7IT#*tAg8YNCp{Cwg{RgTNF=ryYH;Y zl;$h}@2%na&MS-_Gqw z(2;2VJn-09^E-*#HBCF5A0p(zBAzFtd&m=tw|`H}T@$UwnJ$oI=_cpv?_asvE@A!T z^k|r#c@#{&8u91);e3Sn5keuqApPYpew6r8 z@52d)$8=B2z|)e)6@aedg}@oQw(L>=6AHH{5{I-Jy~ST@P}!?Np41>uCReeSBtpDV zjqzIKDdMLzq;1JQ;(a7f6F*H7C5Er@Y~ZN=TY!+iG8UBgq$y8-kk1hB#qpp#>n&`s zOk+t?rm0(&fJ8n^?ltdkXcs6Wbg<}Ne$F?K>jIYs=RZg=fl&8?b(#ZK7g#km4jCSr zhm8ZeF{lgdx+l=BOc4~;KG_?cxDNktgX@70HS+U5U=XTCJ_02TP>-u}6p9Vygeu3N z=zk92OpPE?6&6DQhuY1x7%AXPjra$4w>?Y1piZHunBv^16@f=VrU_USq^%?gG8j^x zgav~sfh4$=|G{`Uu{=xe^L_h<`JY~2^WDJ4_Vj*xdf@QiEPp@A;`^K?_g`0!{m^&n zA49xPZ@?pDK-TJp{O>X<(dz>5YIVQ=&*LAw^ZBzwy&ixpwYq=#?5nG|44AYN18Rz0 zj@J(mqnK%~*OUvUE=xeJOyS^Jrf|?IEnL8`AWK;ZR;zXh^a?Uf*%PF#{0TCs3<{E? z->j#}L*RUc+M;7OP~PTuNZ!L9zw3klgDSs;qF496D!+rGfIm>>_fYieK2+sBD0+2& iRK?s_s$&IG9SX=t#2-O?O#Cs#C&Zr&9N0il=l>6F8iOA93=%3Tp#5PVw!YTt>RPS;+SU4_*0t*DYP-~a``nwEaXCNkKKq<~ z_Wt%h_wMt}k#Ca6zfL}zoJ!A+Uz7T2Ptw2M8~GdUwHdHx{hh1Ews=W%{W3b??m7h++KpZddGh^OBg4EbqLirC`JTFc@h zVNUZoG}~Q@PAI zsIn|6=VDj)d{%I&PFHd{SN0)Osp2Y`%jGhU=kmO;%vaGb3wVKQ)jXf8LvkG^uM5jU zUWhb;L$ZjgxI8S2kU>pNsKRyG*Cn-%YB7w;Bs;Z_&#mIS<0VsN)k!o`&LHr(#Q-Nsva zn}K@=-y!Y1HIkdYkhVrvr`M;I@;&OU%%OmkMGlQ+2PJ?vF5pawzj4sKBkbT}D4zFD z*LxRtaF_AEi+9Pr+#&bzy?kF-x>fW`5BI3n%iY`?lKU}ve^_?&Zc~gsyo)=+vKJ}u zHO1Ih&wF`aNFLw^jKO}a>@mgIuf^zci*bNEd6!#^11f+iAc2VFX5DSx|31F9%BnOD z@Evl0zYO403L>$fGc}f&B?pNI*utcn-ynhwggGrf5t2j1urd~Wh%{JGg9XPAjV()? z{?TEymur#+QX^L`y$~JPL;He=Y)QHTND*6wEg33&XgLs!u9METvvl-u2+hZKW{eJT zhEu6(HU>VZnNGf{IT(~eo#oi7&gLw1q-?aK9JHd@lE*VSPXW#3Iki>_L~gBR-w5fe zwS34oANl4d<_j&QQ;&~2129u90JOHHUhQHj zqR^oZDTLEP$7-GIM@7)!hKt}x-MB^(I+qpHhL@_<5EUs>tiqNO6+S6d!BWP87uQrn zo0(Rl#H~gJ23n0$w;GigXf?{*YM@1-u~ne4Ridj^p`|e|Pyo#HwHnO+c_;_uT(=t4 zQyRHCp&A9y;?-cI#j8=Rhg==~qLZ>CXAjupnU}+Z^q=U{ews%)6TkG+qO@ra%X7rf zMQI&XEI&$olpL!b2%bZW@4ylQVi+$KOmqpwI!X(yMAJw{Y4)n4B+tWKj_Jl@lmOLI zHI8*ATK+NWK#*@8AZ&p7nEJ}H&>Y=!mKO*(j}sqvah@PP;o&@Pa30ri7{+nJM3;c` z#3WA7RDCy}AQ@JiBf4=U5$6k}dK_pvfR20@C~N?91kSRi;XOM^d@{-#P{UKir^tQR zP8w_{H3WunY%qbYFWf2e-Z;-xu_d1(d6A+EZ>EyqOT;gcKd7(7OC+Zi@fme@CK2&W zRo$;Zeop)%CFm~`W9nrJ%Pa81uaId_ql6KUQb@*#$H?@USBXy(ze?JnPAjazT5Gzc zu8`*$1(s)~eo=u{nQ6I9e3|45@fDJ*#M;^r1F- zclyO=&{MOL2GXM&Hqt+{fISn?GZVgt8Bx2Bnu9z;n@f(06m&-j8x0b|r#;edt>@Wz zbhFPqbM=YFX*T7#oATXF1@0y^Jb$olD*Age7x)L_qfMBzk~!ah>B{hbKRY_{hd0#h zPPI#%^UU)6S0DW2q4z(G{{3>WEmeO~#B&_0iHo|?5tHJdrXaUswlZJJH<-AxPJP1Rf-E5L$S0Wk71oB!@lGG2n7CrdD_Mb#i?|Lycf@y=SbPW}(z^jnsoDrr8ysmopK(-WHI|be>^G%dz7oCmjs40iheC-KAvM zcq0yLGQ6J~G<*Y0S0FrOEW86v!#lC?D?MWk&!D1?G;tFGr*o=ZC#&G2*-4fbZb7)! z(W_lvIPl5IaBH|l!?nQl7KDS0g=>YT;aX$iZuN{^2Dg@5K|Y(DYxNF*At>lNUT@C; z2VJL!zd=Qcw5hOVqY5ARCj`r8a8JBAZRVBPXr7zQbF)6(51~o6BzoTph_^c|+jtwY zxg+}dI`T#Bc1mq*=XP@?!r)Hcrs-_M@OwxHGL}xeE+L(E_fmw#_dR1x$CmBfE_b0? zJ9r2D{~%tioxF3hT0i6+>V5|{{|N3OWA1lC(`xOERqJlg*mZvo@00-CcW?*XcgEd! zao41KuvB&50r&U9J!H&1_^)x_6?1=|XY9J~<}T@h`(Eya`}^bW!GR~;@8Mo`-wXG9 z;T|&Pem68lzdPoBpJ%M@vp|%0%YN)TfCK2`K7{CxAAo;=L43hUU=ZX!jnRkUK|&A= zVnGIU4M7HCCvb>7bB(e^9t2UAL2^F->cW@(64DDLtWLs-7s_3##&7=_=wjjT-2T{k znADI05{?`k%gL69)ZLI?hYu4!Oi1C!WIp~ij}SlNUW%~zi7sjicv|wPhSyOn2^d4y zT0P=jk1%^Iwn<~%BR^G-^0<09q8^SUCh$1P&xr5R$ygc^A&#g&+ma`UpCEaX_(_td zh+%6i1N@Z!F@VdcnL%bpG+I!eCVm`yee#Suu;p2IkfO{{mn;D*e1`nrxW8$G;DFFU zh==%DZ@Op@v>1N?juEE7jfX%Z%?4`_1Q`q9T_BeESU9Q+QwBklF+Clu51iB<9f~x3 zm=ios0`>&<29^`xVGlBBQh-OGqyRryOaS}}ycxd9YLlDxDli+XM<+oQ}%-i2LHkR@3*`=<6L}rmi!~b zPhRU?znj^WS%^3Or@#TwO50Cxr8u$85H8d+ofYvj4H6ar{ zFi@%<|5yKh?1T3{eRi5#1Mr|8|DXQ+*_SvGOlc)Rr+Q*1U67VLI zI4G1!9E=IlCv{*?CUJ159<30V6J&}KBS>4R5u{Ja5hN=kg0Hu!FS>F&%};ulqNx>> zzoUoW^T59kL;e*MJ-Xki@@psx`1h*(28tft2dexQiXPpEs+bc?cC6H7hf?Ju;*TIc SCjJ=W6XH)M{K39fU*x diff --git a/src/wasm/Hacl_P256.wasm b/src/wasm/Hacl_P256.wasm index 650f87dd9d791f5b2b45ca6ad8763e8b005061d9..83a71ab29e05334d2a59c1cdd3a5fc530097d357 100644 GIT binary patch delta 1001 zcmZY7%WD%+6bImY)6~``kvwLKQo(Z&q_$RVUK1y2GI#n;+NLh-W9PaR1lO9hv=Iro zC>O~}x)7ljgi4iyTftQq7P=Du2zPEhC(||qg}lz4bI*Lg$!#>d-!{7s8ol!0;p^Vx z{j0~@8yg}JsKs^k)29A&*dGAVx|fx=_4{(D^>I{M+SrT9YpuV7(i{pyRP{bnl3#1k zr-Be&S8|=!*6s=s6_yaxA=fafV|#}F{x#GSQ-E=Zx4w+X0iHRWfP@k@HO6Tt#=9K) zAu2&fi9uRS@G{L#j0j=tr~5Y*B+yU-O=>h%aQ3`0MpcIrB8qv5Vlu_lJ0DE#oJJ3K zzcpXn__0HQBY|4D-c{?SccA?pto0wcgYsRl4+M@9ISEN7-$|z+<#ChDO_Cz%0Y_nP#{so|tBP3#P9$oSZ!RCU;4VrMR~GtAELkk;;q4E1EmV}a#)a**>p7JDoj zZ}~hqs@Rh|^LR}>s+hw^UbjLu`hXS^0a>4m*y1}#60Bn=D~n|5DBFV zP;lG-d7dqK8lCr93RKa-fC3#2J{VpTTe=E3rqQ_0L!K9*=+^mq5laMgXo}+lhN<$7 z7b+O*6fP)m8#wOPVZ7nWmpB3AFtLr3FsVwP-{2IKV9J%RphUOd;`t6gR)_Cz@ET6T zG|s>b&Qhu}lrK_MpyH(}bE-0V%Dz+;syJ2UES1;PPF2CV^Hlac%zLTkae-1*X-d_X zDniv+szsRV6pvw1|2($u_Wyn)5O(8 zX6eG6iHS)OmTXiGRTKA9(IevD3I|`rbM7p6BW9+t!fP8v1Mn`JeXd;J1$> zUz;Z5(XG=NKBgrh>4_$!XoC0?KG7s4iI9{CB<>B_ogcA$5}%N;MlWc6 z!kP~*L~vRkoK7X0;5F1_iOK|Ye;k}6uoR^Jf$5-oU?~ZfqCF`em`+K8>0K~y$OY5! zDS@Twg|rWBj#BR?6aq{C2bPv#X}fdx#-IU)BOdW7Edv>oNoqr47}RR`Ffx?rE+Ip= z*&C7=gBhH6I+<0OW(h1u6*(VRh?4hrz&yohsISJ_@C-&jzga!X|9MriE4Vsk%N}P=&1~ zZo{_gvjY{_kv^3xpLOza@IIeF_Y8Mo7x!Qf_u(OxtXTB1Z#5ct00$SpAM@$hUxm5V AO8@`> diff --git a/src/wasm/Hacl_Salsa20.wasm b/src/wasm/Hacl_Salsa20.wasm index 0df1cd7668501856c53e7f3dc0ecc229350021dc..c712bb36a95d3f9441da82d29d4899cfec4ae3b3 100644 GIT binary patch delta 1169 zcmeH_Jx{`55XYZZ&=@soLLo+t-Ysfkl*AAQCY}UZprxg}l@}RYfw;IEzJOCFH%2EV z;S2a}j0qpYJHT33XSVy_%kS=a$QWQqkrM)nQW;@!D^G^7VtFYp$!V~AJOtxfM3RDOQm-0lf(mJ3jVXn*ummQS z;RY*2sYEDcQp#uvDuw2n$PugrQ(cd1Xn_@IiSsKPY$>wT-{Po6I7|KxWs{20P&Q4N z4W7?V5@2H$s&D{lZSP2G=zznVj0^6H<1oh|juYXyq?qF}hnlUDcsbj}niS|!fhV={ z&ui4M4kmeG;l>SUP%$>4i7jYh8|usO5ZVm%q%uU0c1z`bLivAC9jK9q`tv(iL-P^4 z&{-+yGQ?+y&yd?5L3$C0Nh+L$aI6@|Wj!wI(K4xA9}0L!XBklWAhQ1*sr6a#8f&Tr0<_j#uzX8*D@;d+k delta 1173 zcmeH_IZne+5Qd*kh=f>VK?o6|m}yuFRs{+~ktY$`NxWrWoJ68^($S;b!8JV8dMfGSA#)@HVQVHsA(@}nl zsC#PLMh6_&gmZ0upLi~~GoA X@G^6;93VlHvK*j)576WbPgcJH4@C5$ diff --git a/src/wasm/INFO.txt b/src/wasm/INFO.txt index a388bccf..60cb7b00 100644 --- a/src/wasm/INFO.txt +++ b/src/wasm/INFO.txt @@ -1,4 +1,4 @@ This code was generated with the following toolchain. F* version: bc622701c668f6b4092760879372968265d4a4e1 -Karamel version: aef72b2b5a44b338b856a177819d1bfa0d7cc5b6 +Karamel version: 7cffd27cfefbd220e986e561e8d350f043609f76 Vale version: 0.3.19