diff --git a/Makefile.common b/Makefile.common index 8c2488aede..443a4b7518 100644 --- a/Makefile.common +++ b/Makefile.common @@ -141,7 +141,7 @@ FRODO_BUNDLE=-bundle 'Hacl.Frodo.KEM=Hacl.Impl.Frodo.*,Hacl.Impl.Matrix,Hacl.Fro # Each of these module should be extracted to a different file. Therefore, this variable # should remain empty, and overriden only when we do not want extraction of variants HPKE_BUNDLE=-bundle Hacl.HPKE.Interface.*,Hacl.Impl.HPKE,Hacl.Meta.HPKE -STREAMING_BUNDLE=-bundle Hacl.Streaming.Interface,Hacl.Streaming.Lemmas +STREAMING_BUNDLE=-bundle Hacl.Streaming.Interface,Hacl.Streaming.Lemmas -bundle Hacl.Streaming.SHA2=Hacl.SHA2.Scalar32 INTTYPES_BUNDLE=-bundle Hacl.IntTypes.Intrinsics= -static-header Hacl.IntTypes.Intrinsics INTTYPES_128_BUNDLE=-bundle Hacl.IntTypes.Intrinsics_128= -static-header Hacl.IntTypes.Intrinsics_128 RSAPSS_BUNDLE=-bundle Hacl.RSAPSS=Hacl.Impl.RSAPSS.*,Hacl.Impl.RSAPSS[rename=Hacl_RSAPSS] diff --git a/code/sha2-mb/Hacl.Impl.SHA2.Core.fst b/code/sha2-mb/Hacl.Impl.SHA2.Core.fst index 9ff013608b..e2da4c07b1 100644 --- a/code/sha2-mb/Hacl.Impl.SHA2.Core.fst +++ b/code/sha2-mb/Hacl.Impl.SHA2.Core.fst @@ -351,7 +351,7 @@ let load_ws #a #m b ws = inline_for_extraction noextract -let padded_blocks (a:sha2_alg) (len:size_t{v len < block_length a}) : +let padded_blocks (a:sha2_alg) (len:size_t{v len <= block_length a}) : n:size_t{v n == SpecVec.padded_blocks a (v len)} = if (len +! len_len a +! 1ul <=. HD.block_len a) then 1ul else 2ul @@ -360,7 +360,7 @@ let padded_blocks (a:sha2_alg) (len:size_t{v len < block_length a}) : inline_for_extraction noextract val load_last_blocks: #a:sha2_alg -> totlen_buf:lbuffer uint8 (len_len a) - -> len:size_t{v len < block_length a} + -> len:size_t{v len <= block_length a} -> b:lbuffer uint8 len -> fin:size_t{v fin == block_length a \/ v fin == 2 * block_length a} -> last:lbuffer uint8 (2ul *! HD.block_len a) -> @@ -395,7 +395,7 @@ let preserves_sub_disjoint_multi #lanes #len #len' (b:lbuffer uint8 len) (r:mult inline_for_extraction noextract let load_last_t (a:sha2_alg) (m:m_spec{is_supported a m}) = totlen_buf:lbuffer uint8 (len_len a) - -> len:size_t{v len < block_length a} + -> len:size_t{v len <= block_length a} -> b:multibuf (lanes a m) len -> fin:size_t{v fin == block_length a \/ v fin == 2 * block_length a} -> last:lbuffer uint8 (size (lanes a m) *! 2ul *! HD.block_len a) -> @@ -780,6 +780,14 @@ noextract let preserves_disjoint_multi #lanes #len #len' (b:multibuf lanes len) (r:multibuf lanes len') = (forall a l (x:lbuffer a l). disjoint_multi b x ==> disjoint_multi r x) +val lemma_len_lt_max_a_fits_size_t: a:sha2_alg -> len:size_t -> + Lemma (v len `less_than_max_input_length` a) + +let lemma_len_lt_max_a_fits_size_t a len = + match a with + | SHA2_224 | SHA2_256 -> Math.Lemmas.pow2_lt_compat 61 32 + | SHA2_384 | SHA2_512 -> Math.Lemmas.pow2_lt_compat 125 32 + inline_for_extraction noextract let get_multiblock_t (a:sha2_alg) (m:m_spec) = @@ -789,12 +797,14 @@ let get_multiblock_t (a:sha2_alg) (m:m_spec) = Stack (multibuf (lanes a m) (HD.block_len a)) (requires fun h -> live_multi h b) (ensures fun h0 r h1 -> h0 == h1 /\ live_multi h1 r /\ preserves_disjoint_multi b r /\ - as_seq_multi h1 r == SpecVec.get_multiblock_spec (v len) (as_seq_multi h0 b) (v i)) + (lemma_len_lt_max_a_fits_size_t a len; + as_seq_multi h1 r == SpecVec.get_multiblock_spec (v len) (as_seq_multi h0 b) (v i))) inline_for_extraction noextract val get_multiblock: #a:sha2_alg -> #m:m_spec{is_supported a m} -> get_multiblock_t a m let get_multiblock #a #m len b i = + lemma_len_lt_max_a_fits_size_t a len; let h0 = ST.get() in match lanes a m with | 1 -> @@ -837,12 +847,14 @@ let get_multilast_t (a:sha2_alg) (m:m_spec) = Stack (multibuf (lanes a m) (len %. HD.block_len a)) (requires fun h -> live_multi h b) (ensures fun h0 r h1 -> h0 == h1 /\ live_multi h1 r /\ preserves_disjoint_multi b r /\ - as_seq_multi h1 r == SpecVec.get_multilast_spec #a #m (v len) (as_seq_multi h0 b)) + (lemma_len_lt_max_a_fits_size_t a len; + as_seq_multi h1 r == SpecVec.get_multilast_spec #a #m (v len) (as_seq_multi h0 b))) inline_for_extraction noextract val get_multilast: #a:sha2_alg -> #m:m_spec{is_supported a m} -> get_multilast_t a m #push-options "--z3rlimit 300" let get_multilast #a #m len b = + lemma_len_lt_max_a_fits_size_t a len; let h0 = ST.get() in let rem = len %. HD.block_len a in assert (v (len -! rem) == v len - v rem); diff --git a/code/sha2-mb/Hacl.Impl.SHA2.Generic.fst b/code/sha2-mb/Hacl.Impl.SHA2.Generic.fst index a068ebf22c..60bcc00067 100644 --- a/code/sha2-mb/Hacl.Impl.SHA2.Generic.fst +++ b/code/sha2-mb/Hacl.Impl.SHA2.Generic.fst @@ -233,10 +233,9 @@ let update #a #m b hash = inline_for_extraction noextract -let update_last_vec_t (a:sha2_alg) (m:m_spec{is_supported a m}) = - upd:update_vec_t a m - -> totlen:len_t a - -> len:size_t{v len < block_length a} +let update_last_vec_t' (a:sha2_alg) (m:m_spec{is_supported a m}) = + totlen:len_t a + -> len:size_t{v len <= block_length a} -> b:multibuf (lanes a m) len -> hash:state_t a m -> Stack unit @@ -244,6 +243,9 @@ let update_last_vec_t (a:sha2_alg) (m:m_spec{is_supported a m}) = (ensures fun h0 _ h1 -> modifies (loc hash) h0 h1 /\ as_seq h1 hash == SpecVec.update_last totlen (v len) (as_seq_multi h0 b) (as_seq h0 hash)) +inline_for_extraction noextract +let update_last_vec_t (a:sha2_alg) (m:m_spec{is_supported a m}) = + upd:update_vec_t a m -> update_last_vec_t' a m #push-options "--z3rlimit 350" inline_for_extraction noextract @@ -290,23 +292,33 @@ let update_last #a #m upd totlen len b hash = pop_frame()) #pop-options - +// The type of update_nblocks_vec_t applied to a specific update function inline_for_extraction noextract -let update_nblocks_vec_t (a:sha2_alg) (m:m_spec{is_supported a m}) = - upd:update_vec_t a m - -> len:size_t +let update_nblocks_vec_t' (a:sha2_alg) (m:Hacl.Spec.SHA2.Vec.(m:m_spec{is_supported a m})) = + let open Lib.IntTypes in + let open Lib.MultiBuffer in + let open Lib.Buffer in + let open Hacl.Spec.SHA2.Vec in + let open Hacl.Impl.SHA2.Core in + len:size_t -> b:multibuf (lanes a m) len -> st:state_t a m -> Stack unit (requires fun h0 -> live_multi h0 b /\ live h0 st /\ disjoint_multi b st) (ensures fun h0 _ h1 -> modifies (loc st) h0 h1 /\ - as_seq h1 st == SpecVec.update_nblocks #a #m (v len) (as_seq_multi h0 b) (as_seq h0 st)) + (lemma_len_lt_max_a_fits_size_t a len; + as_seq h1 st == update_nblocks #a #m (v len) (as_seq_multi h0 b) (as_seq h0 st))) +inline_for_extraction noextract +let update_nblocks_vec_t (a:sha2_alg) (m:m_spec{is_supported a m}) = + upd:update_vec_t a m -> update_nblocks_vec_t' a m + #push-options "--z3rlimit 200" inline_for_extraction noextract val update_nblocks: #a:sha2_alg -> #m:m_spec{is_supported a m} -> update_nblocks_vec_t a m let update_nblocks #a #m upd len b st = + lemma_len_lt_max_a_fits_size_t a len; let blocks = len /. HD.block_len a in let h0 = ST.get() in loop1 h0 blocks st @@ -355,35 +367,54 @@ let finish #a #m st h = #pop-options +inline_for_extraction noextract +let mk_len_t_from_size_t (a:sha2_alg) (len:size_t) : + Pure (len_t a) + (requires True) + (ensures fun x -> + (lemma_len_lt_max_a_fits_size_t a len; + len_v a x = len_v a (Hacl.Spec.SHA2.mk_len_t a (v len)))) = + + match a with + | SHA2_224 | SHA2_256 -> + (Math.Lemmas.pow2_lt_compat 64 32; Lib.IntTypes.cast #U32 #PUB U64 PUB len) + | SHA2_384 | SHA2_512 -> + (Math.Lemmas.pow2_lt_compat 128 32; Lib.IntTypes.cast #U32 #PUB U128 PUB len) + inline_for_extraction noextract let hash_vec_t (a:sha2_alg) (m:m_spec{is_supported a m}) = - upd:update_vec_t a m + init:init_vec_t a m + -> update_nblocks:update_nblocks_vec_t' a m + -> update_last:update_last_vec_t' a m + -> finish:finish_vec_t a m -> h:multibuf (lanes a m) (HD.hash_len a) -> len:size_t -> b:multibuf (lanes a m) len -> Stack unit (requires fun h0 -> live_multi h0 b /\ live_multi h0 h /\ internally_disjoint h) (ensures fun h0 _ h1 -> modifies_multi h h0 h1 /\ - as_seq_multi h1 h == SpecVec.hash #a #m (v len) (as_seq_multi h0 b)) + (lemma_len_lt_max_a_fits_size_t a len; + as_seq_multi h1 h == SpecVec.hash #a #m (v len) (as_seq_multi h0 b))) #push-options "--z3rlimit 500" inline_for_extraction noextract val hash: #a:sha2_alg -> #m:m_spec{is_supported a m} -> hash_vec_t a m -let hash #a #m upd h len b = +let hash #a #m init update_nblocks update_last finish h len b = + lemma_len_lt_max_a_fits_size_t a len; let init_h0 = ST.get() in push_frame(); let h0 = ST.get() in NTup.eq_intro (as_seq_multi h0 b) (as_seq_multi init_h0 b); let st = alloc a m in - init #a #m st; + init st; let h1 = ST.get() in assert (modifies (loc st) h0 h1); assert (as_seq h1 st == SpecVec.init a m); NTup.eq_intro (as_seq_multi h1 b) (as_seq_multi h0 b); let rem = len %. HD.block_len a in - let len' : len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB len in - update_nblocks #a #m upd len b st; + let len' : len_t a = mk_len_t_from_size_t a len in + update_nblocks len b st; let h2 = ST.get() in assert (modifies (loc st) h0 h2); assert (as_seq h2 st == SpecVec.update_nblocks (v len) (as_seq_multi h0 b) (as_seq h1 st)); @@ -394,11 +425,11 @@ let hash #a #m upd h len b = assert (as_seq_multi h3 lb == SpecVec.get_multilast_spec #a #m (v len) (as_seq_multi h2 b)); assert (preserves_disjoint_multi b lb); assert (disjoint_multi lb st); - update_last #a #m upd len' rem lb st; + update_last len' rem lb st; let h4 = ST.get() in assert (modifies (loc st) h0 h4); assert (as_seq h4 st == SpecVec.update_last len' (v rem) (as_seq_multi h3 lb) (as_seq h3 st)); - finish #a #m st h; + finish st h; let h5 = ST.get() in assert (modifies (loc_multi h |+| loc st) h0 h5); assert (as_seq_multi h5 h == SpecVec.finish #a #m (as_seq h4 st)); diff --git a/code/sha2-mb/Hacl.SHA2.Scalar32.fst b/code/sha2-mb/Hacl.SHA2.Scalar32.fst index 2b59b3caee..659ec77617 100644 --- a/code/sha2-mb/Hacl.SHA2.Scalar32.fst +++ b/code/sha2-mb/Hacl.SHA2.Scalar32.fst @@ -1,8 +1,8 @@ module Hacl.SHA2.Scalar32 -open FStar.HyperStack -open FStar.HyperStack.All -open FStar.Mul +open FStar.HyperStack.ST + +module ST = FStar.HyperStack.ST open Lib.IntTypes open Lib.NTuple @@ -10,106 +10,75 @@ open Lib.Buffer open Lib.MultiBuffer open Spec.Hash.Definitions +open Spec.Agile.Hash open Hacl.Spec.SHA2.Vec open Hacl.Impl.SHA2.Generic -module ST = FStar.HyperStack.ST -module Spec = Spec.Agile.Hash -module SpecVec = Hacl.Spec.SHA2.Vec - -#set-options "--z3rlimit 50 --fuel 0 --ifuel 0" - -[@CInline] -private -val sha224_update1: update_vec_t SHA2_224 M32 -let sha224_update1 block hash = update #SHA2_224 #M32 block hash - - -val sha224: dst:lbuffer uint8 28ul -> input_len:size_t -> input:lbuffer uint8 input_len -> - Stack unit - (requires fun h0 -> v input_len `less_than_max_input_length` SHA2_224 /\ - live h0 input /\ live h0 dst /\ disjoint dst input) - (ensures fun h0 _ h1 -> modifies (loc dst) h0 h1 /\ - as_seq h1 dst == Spec.hash SHA2_224 (as_seq h0 input)) - -let sha224 dst input_len input = - let ib = ntup1 input in - let rb = ntup1 dst in - let h0 = ST.get() in - loc_multi1 rb; - hash #SHA2_224 #M32 (sha224_update1 <: update_vec_t SHA2_224 M32) rb input_len ib; - let h1 = ST.get() in - Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_224 #M32 (v input_len) (as_seq_multi h0 ib); - assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) - - -[@CInline] -private -val sha256_update1: update_vec_t SHA2_256 M32 -let sha256_update1 block hash = update #SHA2_256 #M32 block hash - - -val sha256: dst:lbuffer uint8 32ul -> input_len:size_t -> input:lbuffer uint8 input_len -> - Stack unit - (requires fun h0 -> v input_len `less_than_max_input_length` SHA2_256 /\ - live h0 input /\ live h0 dst /\ disjoint dst input) - (ensures fun h0 _ h1 -> modifies (loc dst) h0 h1 /\ - as_seq h1 dst == Spec.hash SHA2_256 (as_seq h0 input)) - -let sha256 dst input_len input = - let ib = ntup1 input in - let rb = ntup1 dst in - let h0 = ST.get() in - loc_multi1 rb; - hash #SHA2_256 #M32 (sha256_update1 <: update_vec_t SHA2_256 M32) rb input_len ib; - let h1 = ST.get() in - Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_256 #M32 (v input_len) (as_seq_multi h0 ib); - assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) - - -[@CInline] -private -val sha384_update1: update_vec_t SHA2_384 M32 -let sha384_update1 block hash = update #SHA2_384 #M32 block hash - - -val sha384: dst:lbuffer uint8 48ul -> input_len:size_t -> input:lbuffer uint8 input_len -> - Stack unit - (requires fun h0 -> v input_len `less_than_max_input_length` SHA2_384 /\ - live h0 input /\ live h0 dst /\ disjoint dst input) - (ensures fun h0 _ h1 -> modifies (loc dst) h0 h1 /\ - as_seq h1 dst == Spec.hash SHA2_384 (as_seq h0 input)) - -let sha384 dst input_len input = - let ib = ntup1 input in - let rb = ntup1 dst in - let h0 = ST.get() in - loc_multi1 rb; - hash #SHA2_384 #M32 (sha384_update1 <: update_vec_t SHA2_384 M32) rb input_len ib; - let h1 = ST.get() in - Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_384 #M32 (v input_len) (as_seq_multi h0 ib); - assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) - - -[@CInline] -private -val sha512_update1: update_vec_t SHA2_512 M32 -let sha512_update1 block hash = update #SHA2_512 #M32 block hash - - -val sha512: dst:lbuffer uint8 64ul -> input_len:size_t -> input:lbuffer uint8 input_len -> - Stack unit - (requires fun h0 -> v input_len `less_than_max_input_length` SHA2_512 /\ - live h0 input /\ live h0 dst /\ disjoint dst input) - (ensures fun h0 _ h1 -> modifies (loc dst) h0 h1 /\ - as_seq h1 dst == Spec.hash SHA2_512 (as_seq h0 input)) +// This module only contains internal helpers that are in support of either the +// full hash function, or the streaming functor. The top-level API is now +// exposed in Hacl.Streaming.SHA2.fst + +[@CInline] let sha224_init = init #SHA2_224 #M32 +[@CInline] let sha224_update = update #SHA2_224 #M32 +[@CInline] let sha224_update_nblocks = update_nblocks #SHA2_224 #M32 sha224_update +[@CInline] let sha224_update_last = update_last #SHA2_224 #M32 sha224_update +[@CInline] let sha224_finish = finish #SHA2_224 #M32 + +[@CInline] let sha256_init = init #SHA2_256 #M32 +[@CInline] let sha256_update = update #SHA2_256 #M32 +[@CInline] let sha256_update_nblocks = update_nblocks #SHA2_256 #M32 sha256_update +[@CInline] let sha256_update_last = update_last #SHA2_256 #M32 sha256_update +[@CInline] let sha256_finish = finish #SHA2_256 #M32 + +[@CInline] let sha384_init = init #SHA2_384 #M32 +[@CInline] let sha384_update = update #SHA2_384 #M32 +[@CInline] let sha384_update_nblocks = update_nblocks #SHA2_384 #M32 sha384_update +[@CInline] let sha384_update_last = update_last #SHA2_384 #M32 sha384_update +[@CInline] let sha384_finish = finish #SHA2_384 #M32 + +[@CInline] let sha512_init = init #SHA2_512 #M32 +[@CInline] let sha512_update = update #SHA2_512 #M32 +[@CInline] let sha512_update_nblocks = update_nblocks #SHA2_512 #M32 sha512_update +[@CInline] let sha512_update_last = update_last #SHA2_512 #M32 sha512_update +[@CInline] let sha512_finish = finish #SHA2_512 #M32 + +// Big up for Aymeric who dug this one to help me make the coercion work. +unfold let coerce (#b #a:Type) (x:a{a == b}) : b = x + +// Agility patterns for the streaming functor +inline_for_extraction noextract +val init: #a:sha2_alg -> init_vec_t a Hacl.Spec.SHA2.Vec.M32 +let init #a = + match a with + | SHA2_224 -> coerce sha224_init + | SHA2_256 -> coerce sha256_init + | SHA2_384 -> coerce sha384_init + | SHA2_512 -> coerce sha512_init + +inline_for_extraction noextract +val update_nblocks: #a:sha2_alg -> update_nblocks_vec_t' a Hacl.Spec.SHA2.Vec.M32 +let update_nblocks #a = + match a with + | SHA2_224 -> coerce sha224_update_nblocks + | SHA2_256 -> coerce sha256_update_nblocks + | SHA2_384 -> coerce sha384_update_nblocks + | SHA2_512 -> coerce sha512_update_nblocks + +inline_for_extraction noextract +val update_last: #a:sha2_alg -> update_last_vec_t' a Hacl.Spec.SHA2.Vec.M32 +let update_last #a = + match a with + | SHA2_224 -> coerce sha224_update_last + | SHA2_256 -> coerce sha256_update_last + | SHA2_384 -> coerce sha384_update_last + | SHA2_512 -> coerce sha512_update_last + +inline_for_extraction noextract +val finish: #a:sha2_alg -> finish_vec_t a Hacl.Spec.SHA2.Vec.M32 +let finish #a = + match a with + | SHA2_224 -> coerce sha224_finish + | SHA2_256 -> coerce sha256_finish + | SHA2_384 -> coerce sha384_finish + | SHA2_512 -> coerce sha512_finish -let sha512 dst input_len input = - let ib = ntup1 input in - let rb = ntup1 dst in - let h0 = ST.get() in - loc_multi1 rb; - hash #SHA2_512 #M32 (sha512_update1 <: update_vec_t SHA2_512 M32) rb input_len ib; - let h1 = ST.get() in - Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_512 #M32 (v input_len) (as_seq_multi h0 ib); - assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) diff --git a/code/sha2-mb/Hacl.SHA2.Vec128.fst b/code/sha2-mb/Hacl.SHA2.Vec128.fst index 531a125d83..ed06793449 100644 --- a/code/sha2-mb/Hacl.SHA2.Vec128.fst +++ b/code/sha2-mb/Hacl.SHA2.Vec128.fst @@ -20,10 +20,11 @@ module SpecVec = Hacl.Spec.SHA2.Vec #set-options "--z3rlimit 50 --fuel 0 --ifuel 0" -[@CInline] -private -val sha224_update4: update_vec_t SHA2_224 M128 -let sha224_update4 block hash = update #SHA2_224 #M128 block hash +[@CInline] private let sha224_init4 = init #SHA2_224 #M128 +[@CInline] private let sha224_update4 = update #SHA2_224 #M128 +[@CInline] private let sha224_update_nblocks4 = update_nblocks #SHA2_224 #M128 sha224_update4 +[@CInline] private let sha224_update_last4 = update_last #SHA2_224 #M128 sha224_update4 +[@CInline] private let sha224_finish4 = finish #SHA2_224 #M128 val sha224_4 (dst0 dst1 dst2 dst3: lbuffer uint8 28ul) (input_len:size_t) (input0 input1 input2 input3: lbuffer uint8 input_len) : @@ -46,7 +47,7 @@ let sha224_4 dst0 dst1 dst2 dst3 input_len input0 input1 input2 input3 = assert (live_multi h0 rb); assert (internally_disjoint rb); loc_multi4 rb; - hash #SHA2_224 #M128 sha224_update4 rb input_len ib; + hash #SHA2_224 #M128 sha224_init4 sha224_update_nblocks4 sha224_update_last4 sha224_finish4 rb input_len ib; let h1 = ST.get() in Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_224 #M128 (v input_len) (as_seq_multi h0 ib); assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst0); @@ -55,11 +56,11 @@ let sha224_4 dst0 dst1 dst2 dst3 input_len input0 input1 input2 input3 = assert ((as_seq_multi h1 rb).(|3|) == as_seq h1 dst3) -[@CInline] -private -val sha256_update4: update_vec_t SHA2_256 M128 -let sha256_update4 block hash = update #SHA2_256 #M128 block hash - +[@CInline] private let sha256_init4 = init #SHA2_256 #M128 +[@CInline] private let sha256_update4 = update #SHA2_256 #M128 +[@CInline] private let sha256_update_nblocks4 = update_nblocks #SHA2_256 #M128 sha256_update4 +[@CInline] private let sha256_update_last4 = update_last #SHA2_256 #M128 sha256_update4 +[@CInline] private let sha256_finish4 = finish #SHA2_256 #M128 val sha256_4 (dst0 dst1 dst2 dst3: lbuffer uint8 32ul) (input_len:size_t) (input0 input1 input2 input3: lbuffer uint8 input_len) : Stack unit @@ -81,7 +82,7 @@ let sha256_4 dst0 dst1 dst2 dst3 input_len input0 input1 input2 input3 = assert (live_multi h0 rb); assert (internally_disjoint rb); loc_multi4 rb; - hash #SHA2_256 #M128 sha256_update4 rb input_len ib; + hash #SHA2_256 #M128 sha256_init4 sha256_update_nblocks4 sha256_update_last4 sha256_finish4 rb input_len ib; let h1 = ST.get() in Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_256 #M128 (v input_len) (as_seq_multi h0 ib); assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst0); diff --git a/code/sha2-mb/Hacl.SHA2.Vec256.fst b/code/sha2-mb/Hacl.SHA2.Vec256.fst index 9c95c06c5e..97ae4db5b4 100644 --- a/code/sha2-mb/Hacl.SHA2.Vec256.fst +++ b/code/sha2-mb/Hacl.SHA2.Vec256.fst @@ -19,10 +19,11 @@ module SpecVec = Hacl.Spec.SHA2.Vec #set-options "--z3rlimit 50 --fuel 0 --ifuel 0" -[@CInline] -private -val sha224_update8: update_vec_t SHA2_224 M256 -let sha224_update8 block hash = update #SHA2_224 #M256 block hash +[@CInline] private let sha224_init8 = init #SHA2_224 #M256 +[@CInline] private let sha224_update8 = update #SHA2_224 #M256 +[@CInline] private let sha224_update_nblocks8 = update_nblocks #SHA2_224 #M256 sha224_update8 +[@CInline] private let sha224_update_last8 = update_last #SHA2_224 #M256 sha224_update8 +[@CInline] private let sha224_finish8 = finish #SHA2_224 #M256 val sha224_8 @@ -52,7 +53,7 @@ let sha224_8 dst0 dst1 dst2 dst3 dst4 dst5 dst6 dst7 input_len input0 input1 inp assert (live_multi h0 rb); assert (internally_disjoint rb); loc_multi8 rb; - hash #SHA2_224 #M256 sha224_update8 rb input_len ib; + hash #SHA2_224 #M256 sha224_init8 sha224_update_nblocks8 sha224_update_last8 sha224_finish8 rb input_len ib; let h1 = ST.get() in Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_224 #M256 (v input_len) (as_seq_multi h0 ib); assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst0); @@ -66,10 +67,11 @@ let sha224_8 dst0 dst1 dst2 dst3 dst4 dst5 dst6 dst7 input_len input0 input1 inp -[@CInline] -private -val sha256_update8: update_vec_t SHA2_256 M256 -let sha256_update8 block hash = update #SHA2_256 #M256 block hash +[@CInline] private let sha256_init8 = init #SHA2_256 #M256 +[@CInline] private let sha256_update8 = update #SHA2_256 #M256 +[@CInline] private let sha256_update_nblocks8 = update_nblocks #SHA2_256 #M256 sha256_update8 +[@CInline] private let sha256_update_last8 = update_last #SHA2_256 #M256 sha256_update8 +[@CInline] private let sha256_finish8 = finish #SHA2_256 #M256 val sha256_8 @@ -99,7 +101,7 @@ let sha256_8 dst0 dst1 dst2 dst3 dst4 dst5 dst6 dst7 input_len input0 input1 inp assert (live_multi h0 rb); assert (internally_disjoint rb); loc_multi8 rb; - hash #SHA2_256 #M256 sha256_update8 rb input_len ib; + hash #SHA2_256 #M256 sha256_init8 sha256_update_nblocks8 sha256_update_last8 sha256_finish8 rb input_len ib; let h1 = ST.get() in Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_256 #M256 (v input_len) (as_seq_multi h0 ib); assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst0); @@ -112,11 +114,11 @@ let sha256_8 dst0 dst1 dst2 dst3 dst4 dst5 dst6 dst7 input_len input0 input1 inp assert ((as_seq_multi h1 rb).(|7|) == as_seq h1 dst7) -[@CInline] -private -val sha384_update4: update_vec_t SHA2_384 M256 -let sha384_update4 block hash = update #SHA2_384 #M256 block hash - +[@CInline] private let sha384_init4 = init #SHA2_384 #M256 +[@CInline] private let sha384_update4 = update #SHA2_384 #M256 +[@CInline] private let sha384_update_nblocks4 = update_nblocks #SHA2_384 #M256 sha384_update4 +[@CInline] private let sha384_update_last4 = update_last #SHA2_384 #M256 sha384_update4 +[@CInline] private let sha384_finish4 = finish #SHA2_384 #M256 val sha384_4 (dst0 dst1 dst2 dst3: lbuffer uint8 48ul) (input_len:size_t) (input0 input1 input2 input3: lbuffer uint8 input_len) : Stack unit @@ -138,7 +140,7 @@ let sha384_4 dst0 dst1 dst2 dst3 input_len input0 input1 input2 input3 = assert (live_multi h0 rb); assert (internally_disjoint rb); loc_multi4 rb; - hash #SHA2_384 #M256 sha384_update4 rb input_len ib; + hash #SHA2_384 #M256 sha384_init4 sha384_update_nblocks4 sha384_update_last4 sha384_finish4 rb input_len ib; let h1 = ST.get() in Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_384 #M256 (v input_len) (as_seq_multi h0 ib); assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst0); @@ -148,10 +150,11 @@ let sha384_4 dst0 dst1 dst2 dst3 input_len input0 input1 input2 input3 = -[@CInline] -private -val sha512_update4: update_vec_t SHA2_512 M256 -let sha512_update4 block hash = update #SHA2_512 #M256 block hash +[@CInline] private let sha512_init4 = init #SHA2_512 #M256 +[@CInline] private let sha512_update4 = update #SHA2_512 #M256 +[@CInline] private let sha512_update_nblocks4 = update_nblocks #SHA2_512 #M256 sha512_update4 +[@CInline] private let sha512_update_last4 = update_last #SHA2_512 #M256 sha512_update4 +[@CInline] private let sha512_finish4 = finish #SHA2_512 #M256 val sha512_4 (dst0 dst1 dst2 dst3: lbuffer uint8 64ul) (input_len:size_t) (input0 input1 input2 input3: lbuffer uint8 input_len) : @@ -174,7 +177,7 @@ let sha512_4 dst0 dst1 dst2 dst3 input_len input0 input1 input2 input3 = assert (live_multi h0 rb); assert (internally_disjoint rb); loc_multi4 rb; - hash #SHA2_512 #M256 sha512_update4 rb input_len ib; + hash #SHA2_512 #M256 sha512_init4 sha512_update_nblocks4 sha512_update_last4 sha512_finish4 rb input_len ib; let h1 = ST.get() in Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_512 #M256 (v input_len) (as_seq_multi h0 ib); assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst0); diff --git a/code/sha2-mb/Hacl.Spec.SHA2.Equiv.fst b/code/sha2-mb/Hacl.Spec.SHA2.Equiv.fst index a464c2082d..6df52eaf59 100644 --- a/code/sha2-mb/Hacl.Spec.SHA2.Equiv.fst +++ b/code/sha2-mb/Hacl.Spec.SHA2.Equiv.fst @@ -131,7 +131,7 @@ let shuffle_core_spec_lemma_l #a #m k_t ws_t st l = val ws_next_inner_lemma_l: #a:sha2_alg -> #m:m_spec - -> i:size_nat{i < 16} + -> i:nat{i < 16} -> ws:ws_spec a m -> l:nat{l < lanes a m} -> Lemma ((ws_spec_v (ws_next_inner i ws)).[l] == Spec.ws_next_inner a i (ws_spec_v ws).[l]) @@ -187,8 +187,8 @@ val shuffle_inner_lemma_l: #a:sha2_alg -> #m:m_spec -> ws:ws_spec a m - -> i:size_nat{i < Spec.num_rounds16 a} - -> j:size_nat{j < 16} + -> i:nat{i < Spec.num_rounds16 a} + -> j:nat{j < 16} -> st:state_spec a m -> l:nat{l < lanes a m} -> Lemma @@ -204,7 +204,7 @@ let shuffle_inner_lemma_l #a #m ws i j st l = val shuffle_inner_loop_lemma: #a:sha2_alg -> #m:m_spec - -> i:size_nat{i < Spec.num_rounds16 a} + -> i:nat{i < Spec.num_rounds16 a} -> ws0:ws_spec a m -> st0:state_spec a m -> l:nat{l < lanes a m} @@ -235,7 +235,7 @@ let rec shuffle_inner_loop_lemma #a #m i ws0 st0 l n = val shuffle_inner_loop_lemma_l: #a:sha2_alg -> #m:m_spec - -> i:size_nat{i < Spec.num_rounds16 a} + -> i:nat{i < Spec.num_rounds16 a} -> ws_st:tuple2 (ws_spec a m) (state_spec a m) -> l:nat{l < lanes a m} -> Lemma @@ -307,8 +307,10 @@ val load_blocks_lemma_ij: -> j:nat{j < lanes a m} -> i:nat{i < 16} -> Lemma (let l = lanes a m in + let ind = (i / l * l + j) * word_length a in (vec_v (load_blocks b).[i]).[j] == - BSeq.uint_from_bytes_be (sub b.(|i % l|) ((i / l * l + j) * word_length a) (word_length a))) + BSeq.uint_from_bytes_be + (Seq.slice b.(|i % l|) ind (ind + word_length a))) let load_blocks_lemma_ij #a #m b j i = let l = lanes a m in @@ -317,13 +319,13 @@ let load_blocks_lemma_ij #a #m b j i = let blocksize = word_length a in let blocksize_l = l * blocksize in - let b_j = sub b.(|idx_i|) (idx_j * blocksize_l) blocksize_l in + let b_j = Seq.slice b.(|idx_i|) (idx_j * blocksize_l) (idx_j * blocksize_l + blocksize_l) in //assert ((load_blocks b).[i] == vec_from_bytes_be (word_t a) l b_j); assert (vec_v ((load_blocks b).[i]) == BSeq.uints_from_bytes_be b_j); BSeq.index_uints_from_bytes_be #(word_t a) #SEC #(lanes a m) b_j j; assert ((vec_v ((load_blocks b).[i])).[j] == - BSeq.uint_from_bytes_be (sub b_j (j * blocksize) blocksize)); + BSeq.uint_from_bytes_be (Seq.slice b_j (j * blocksize) (j * blocksize + blocksize))); calc (==) { idx_j * blocksize_l + j * blocksize; @@ -337,7 +339,9 @@ let load_blocks_lemma_ij #a #m b j i = (j * blocksize) (j * blocksize + blocksize); assert ((vec_v ((load_blocks b).[i])).[j] == - BSeq.uint_from_bytes_be (sub b.(|idx_i|) ((idx_j * l + j) * blocksize) blocksize)) + BSeq.uint_from_bytes_be + (Seq.slice b.(|idx_i|) ((idx_j * l + j) * blocksize) + ((idx_j * l + j) * blocksize + blocksize))) val load_blocks_lemma_ij_subst: @@ -348,7 +352,8 @@ val load_blocks_lemma_ij_subst: -> i:nat{i < 16} -> Lemma (let l = lanes a m in (vec_v (load_blocks b).[i / l * l + j]).[i % l] == - BSeq.uint_from_bytes_be (sub b.(|j|) (i * word_length a) (word_length a))) + BSeq.uint_from_bytes_be + (Seq.slice b.(|j|) (i * word_length a) (i * word_length a + word_length a))) let load_blocks_lemma_ij_subst #a #m b j i = let l = lanes a m in @@ -399,7 +404,8 @@ let load_ws_lemma_l #a #m b j = let aux (i:nat{i < 16}) : Lemma (Seq.index lp i == Seq.index rp i) = let l = lanes a m in BSeq.index_uints_from_bytes_be #(word_t a) #SEC #16 b.(|j|) i; - assert (Seq.index rp i == BSeq.uint_from_bytes_be (sub b.(|j|) (i * word_length a) (word_length a))); + assert (Seq.index rp i == BSeq.uint_from_bytes_be + (Seq.slice b.(|j|) (i * word_length a) (i * word_length a + word_length a))); assert (Seq.index lp i == Seq.index (Seq.index (ws_spec_v (transpose_ws (load_blocks b))) j) i); Lemmas.transpose_ws_lemma_ij (load_blocks b) j i; @@ -451,7 +457,7 @@ val load_last_lemma_l: -> #m:m_spec{is_supported a m} -> totlen_seq:lseq uint8 (len_length a) -> fin:nat{fin == block_length a \/ fin == 2 * block_length a} - -> len:size_nat{len < block_length a} + -> len:nat{len < block_length a} -> b:multiseq (lanes a m) len -> l:nat{l < lanes a m} -> Lemma @@ -469,7 +475,7 @@ val update_last_lemma_l: #a:sha2_alg -> #m:m_spec{is_supported a m} -> totlen:len_t a - -> len:size_nat{len < block_length a} + -> len:nat{len < block_length a} -> b:multiseq (lanes a m) len -> st:state_spec a m -> l:nat{l < lanes a m} -> @@ -478,7 +484,7 @@ val update_last_lemma_l: let update_last_lemma_l #a #m totlen len b st0 l = let blocks = padded_blocks a len in - let fin : size_nat = blocks * block_length a in + let fin : nat = blocks * block_length a in let total_len_bits = secret (shift_left #(len_int_type a) totlen 3ul) in let totlen_seq = Lib.ByteSequence.uint_to_bytes_be #(len_int_type a) total_len_bits in let (b0,b1) = load_last #a #m totlen_seq fin len b in @@ -588,7 +594,7 @@ let finish_lemma_l #a #m st l = val update_block_lemma_l: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> i:nat{i < len / block_length a} -> st:state_spec a m @@ -605,7 +611,7 @@ let update_block_lemma_l #a #m len b i st l = val update_nblocks_loop_lemma: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> st:state_spec a m -> l:nat{l < lanes a m} @@ -635,7 +641,7 @@ let rec update_nblocks_loop_lemma #a #m len b st l n = val update_nblocks_lemma_l: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> st:state_spec a m -> l:nat{l < lanes a m} -> @@ -651,13 +657,13 @@ let update_nblocks_lemma_l #a #m len b st l = val hash_lemma_l: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> l:nat{l < lanes a m} -> Lemma ((hash #a #m len b).(|l|) == Spec.hash len b.(|l|)) let hash_lemma_l #a #m len b l = - let len' : len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + let len' : len_t a = Spec.mk_len_t a len in let st0 = init a m in init_lemma_l a m l; let st1 = update_nblocks #a #m len b st0 in @@ -672,7 +678,7 @@ let hash_lemma_l #a #m len b l = val hash_lemma: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> Lemma (forall (l:nat{l < lanes a m}). (hash #a #m len b).(|l|) == Spec.hash len b.(|l|)) @@ -684,7 +690,7 @@ let hash_lemma #a #m len b = val hash_agile_lemma_l: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat{len `less_than_max_input_length` a} + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> l:nat{l < lanes a m} -> Lemma ((hash #a #m len b).(|l|) == Spec.Agile.Hash.hash a b.(|l|)) @@ -697,7 +703,7 @@ let hash_agile_lemma_l #a #m len b l = val hash_agile_lemma: #a:sha2_alg -> #m:m_spec{is_supported a m} - -> len:size_nat{len `less_than_max_input_length` a} + -> len:Spec.len_lt_max_a_t a -> b:multiseq (lanes a m) len -> Lemma (forall (l:nat{l < lanes a m}). (hash #a #m len b).(|l|) == Spec.Agile.Hash.hash a b.(|l|)) diff --git a/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fst b/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fst index 55404d1448..91cf66e63d 100644 --- a/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fst +++ b/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fst @@ -642,8 +642,8 @@ let repeat_blocks_multi_extensionality #a #b blocksize inp f g init = val update_multi_is_repeat_blocks_multi: a:sha2_alg - -> len:size_nat - -> b:lseq uint8 len + -> len:len_lt_max_a_t a + -> b:seq uint8{length b = len} -> st0:words_state a -> pad_s:lseq uint8 (pad_length a len) -> Lemma @@ -674,18 +674,19 @@ let update_multi_is_repeat_blocks_multi a len b st0 pad_s = repeat_blocks_multi_extensionality (block_length a) blocks repeat_f (update a) st0 -val hash_is_repeat_blocks: - a:sha2_alg - -> len:size_nat - -> b:lseq uint8 len - -> st0:words_state a -> - Lemma - (let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in - let st = update_nblocks a len b st0 in - let rem = len % block_length a in - let mb = sub b (len - rem) rem in - update_last a len' rem mb st == - LSeq.repeat_blocks (block_length a) b (update a) (update_last a len') st0) +let update_nblocks_is_repeat_blocks_multi a len b st0 = + let bs = block_length a in + let nb = len / bs in + let acc = Loops.repeati nb (repeat_blocks_f bs b (update a) nb) st0 in + + let aux (i:nat{i < nb}) (acc:words_state a) : + Lemma (repeat_blocks_f bs b (update a) nb i acc == update_block a len b i acc) = () in + Classical.forall_intro_2 aux; + LSeqLemmas.repeati_extensionality nb (repeat_blocks_f bs b (update a) nb) (update_block a len b) st0; + assert (acc == update_nblocks a len b st0); + + LSeq.lemma_repeat_blocks_multi bs b (update a) st0 + let hash_is_repeat_blocks a len b st0 = let bs = block_length a in @@ -699,13 +700,13 @@ let hash_is_repeat_blocks a len b st0 = LSeqLemmas.repeati_extensionality nb (repeat_blocks_f bs b (update a) nb) (update_block a len b) st0; assert (acc == update_nblocks a len b st0); - let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + let len' : len_t a = mk_len_t a len in LSeq.lemma_repeat_blocks bs b (update a) (update_last a len') st0; let last = Seq.slice b (nb * bs) len in assert (LSeq.repeat_blocks bs b (update a) (update_last a len') st0 == update_last a len' rem last acc) -val append_pad_last_length_lemma: a:sha2_alg -> len:size_nat -> +val append_pad_last_length_lemma: a:sha2_alg -> len:len_lt_max_a_t a -> Lemma (let blocksize = block_length a in let b_len = (blocksize - (len + len_length a + 1)) % blocksize + 1 + len_length a + len % blocksize in @@ -721,7 +722,7 @@ let append_pad_last_length_lemma a len = val load_last_lemma: a:sha2_alg - -> totlen:size_nat{totlen `less_than_max_input_length` a} + -> totlen:len_lt_max_a_t a -> totlen_seq:lseq uint8 (len_length a) -> b:bytes{length b = totlen % block_length a} -> Lemma @@ -775,14 +776,25 @@ let load_last_lemma a totlen totlen_seq b = Seq.lemma_eq_intro (Seq.slice last3 0 fin) (Seq.append b pad) +val lemma_len_lt_max_a_mul_by_8: a:sha2_alg -> len:len_lt_max_a_t a -> + Lemma (let len' : len_t a = mk_len_t a len in + let total_len_bits = secret (shift_left #(len_int_type a) len' 3ul) in + v total_len_bits == len * 8) + +let lemma_len_lt_max_a_mul_by_8 a len = + match a with + | SHA2_224 | SHA2_256 -> Math.Lemmas.pow2_plus 61 3 + | SHA2_384 | SHA2_512 -> Math.Lemmas.pow2_plus 125 3 + + val load_last_pad_lemma: a:sha2_alg - -> len:size_nat{len `less_than_max_input_length` a} - -> fin:size_nat{fin == block_length a \/ fin == 2 * block_length a} - -> rem:size_nat{rem < block_length a} + -> len:len_lt_max_a_t a + -> fin:nat{fin == block_length a \/ fin == 2 * block_length a} + -> rem:nat{rem < block_length a} -> b:bytes{length b = rem} -> Lemma - (let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + (let len' : len_t a = mk_len_t a len in let total_len_bits = secret (shift_left #(len_int_type a) len' 3ul) in let totlen_seq = BSeq.uint_to_bytes_be #(len_int_type a) total_len_bits in @@ -792,8 +804,9 @@ val load_last_pad_lemma: PadFinish.pad a len == pad) let load_last_pad_lemma a len fin rem b = - let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + let len' : len_t a = mk_len_t a len in let total_len_bits = secret (shift_left #(len_int_type a) len' 3ul) in + lemma_len_lt_max_a_mul_by_8 a len; assert (v total_len_bits == len * 8); let totlen_seq = BSeq.uint_to_bytes_be #(len_int_type a) total_len_bits in @@ -805,10 +818,10 @@ let load_last_pad_lemma a len fin rem b = val update_last_lemma: a:sha2_alg - -> len:size_nat{len `less_than_max_input_length` a} + -> len:len_lt_max_a_t a -> b:lseq uint8 (len % block_length a) -> Lemma - (let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + (let len' : len_t a = mk_len_t a len in let total_len_bits = secret (shift_left #(len_int_type a) len' 3ul) in let totlen_seq = BSeq.uint_to_bytes_be #(len_int_type a) total_len_bits in let blocksize = block_length a in @@ -823,7 +836,7 @@ val update_last_lemma: Seq.equal (Seq.slice last 0 fin) (Seq.append b (PadFinish.pad a len))) let update_last_lemma a len b = - let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + let len' : len_t a = mk_len_t a len in let total_len_bits = secret (shift_left #(len_int_type a) len' 3ul) in let totlen_seq = BSeq.uint_to_bytes_be #(len_int_type a) total_len_bits in let blocksize = block_length a in @@ -837,7 +850,7 @@ let update_last_lemma a len b = val update_last_is_repeat_blocks_multi: a:sha2_alg - -> len:size_nat{len `less_than_max_input_length` a} + -> len:len_lt_max_a_t a -> last:lseq uint8 (len % block_length a) -> st1:words_state a -> Lemma @@ -845,7 +858,7 @@ val update_last_is_repeat_blocks_multi: (let blocksize = block_length a in (pad_length a len + len % blocksize) % blocksize = 0)) (ensures - (let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + (let len' : len_t a = mk_len_t a len in let pad_s = PadFinish.pad a len in let blocksize = block_length a in let rem = len % blocksize in @@ -858,8 +871,11 @@ let update_last_is_repeat_blocks_multi a len last st1 = let blocksize = block_length a in let rem = len % blocksize in let blocks1 = Seq.append last pad_s in + let blocks = padded_blocks a rem in + let fin = blocks * block_length a in append_pad_last_length_lemma a len; - //assert (length blocks1 = blocksize \/ length blocks1 = 2 * blocksize); + load_last_pad_lemma a len fin rem last; + assert (length blocks1 = blocksize \/ length blocks1 = 2 * blocksize); assert (length blocks1 == padded_blocks a rem * blocksize); let nb = padded_blocks a rem in Math.Lemmas.cancel_mul_mod nb blocksize; @@ -867,11 +883,9 @@ let update_last_is_repeat_blocks_multi a len last st1 = LSeq.lemma_repeat_blocks_multi blocksize blocks1 (update a) st1; assert (res == Loops.repeati nb (repeat_blocks_f blocksize blocks1 (update a) nb) st1); - let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + let len' : len_t a = mk_len_t a len in let total_len_bits = secret (shift_left #(len_int_type a) len' 3ul) in let totlen_seq = BSeq.uint_to_bytes_be #(len_int_type a) total_len_bits in - let blocks = padded_blocks a rem in - let fin = blocks * block_length a in let (b0, b1) = load_last a totlen_seq fin rem last in let st2 = update a b0 st1 in Loops.unfold_repeati nb (repeat_blocks_f blocksize blocks1 (update a) nb) st1 0; @@ -888,11 +902,11 @@ let update_last_is_repeat_blocks_multi a len last st1 = #push-options "--z3rlimit 150" val hash_is_repeat_blocks_multi: a:sha2_alg - -> len:size_nat{len `less_than_max_input_length` a} - -> b:lseq uint8 len + -> len:len_lt_max_a_t a + -> b:seq uint8{length b = len} -> st0:words_state a -> Lemma - (let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + (let len' : len_t a = mk_len_t a len in let pad_s = PadFinish.pad a len in repeat_blocks (block_length a) b (update a) (update_last a len') st0 == repeat_blocks_multi (block_length a) (Seq.append b pad_s) (update a) st0) @@ -914,7 +928,7 @@ let hash_is_repeat_blocks_multi a len b st0 = LSeqLemmas.repeat_blocks_multi_split blocksize len0 blocks (update a) st0; //assert (res == repeat_blocks_multi blocksize blocks1 (update a) st1); - let len':len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in + let len' : len_t a = mk_len_t a len in LSeqLemmas.lemma_repeat_blocks_via_multi blocksize b (update a) (update_last a len') st0; Seq.lemma_eq_intro (Seq.slice b 0 len0) blocks0; let last = Seq.slice b len0 len in @@ -928,6 +942,15 @@ let hash_agile_lemma #a len b = let st0 = Spec.Agile.Hash.init a in let pad_s = PadFinish.pad a len in let st_s = Spec.Agile.Hash.update_multi a st0 (Seq.append b pad_s) in + + let blocksize = block_length a in + let rem = len % blocksize in + let blocks = padded_blocks a rem in + let fin = blocks * block_length a in + let last = Seq.slice b (len - rem) len in + append_pad_last_length_lemma a len; + load_last_pad_lemma a len fin rem last; + hash_is_repeat_blocks a len b st0; update_multi_is_repeat_blocks_multi a len b st0 pad_s; hash_is_repeat_blocks_multi a len b st0; diff --git a/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fsti b/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fsti index ee3b9eb375..05c6632e4a 100644 --- a/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fsti +++ b/code/sha2-mb/Hacl.Spec.SHA2.EquivScalar.fsti @@ -9,5 +9,27 @@ open Hacl.Spec.SHA2 #set-options "--z3rlimit 50 --fuel 0 --ifuel 0" -val hash_agile_lemma: #a:sha2_alg -> len:size_nat{len `less_than_max_input_length` a} -> b:lseq uint8 len -> +val update_nblocks_is_repeat_blocks_multi: + a:sha2_alg + -> len:len_lt_max_a_t a{len % block_length a = 0} + -> b:seq uint8{length b = len} + -> st0:words_state a -> + Lemma (update_nblocks a len b st0 == + Lib.Sequence.repeat_blocks_multi (block_length a) b (update a) st0) + + +val hash_is_repeat_blocks: + a:sha2_alg + -> len:len_lt_max_a_t a + -> b:seq uint8{length b = len} + -> st0:words_state a -> + Lemma + (let len' : len_t a = mk_len_t a len in + let st = update_nblocks a len b st0 in + let rem = len % block_length a in + let mb = Seq.slice b (len - rem) len in + update_last a len' rem mb st == + Lib.Sequence.repeat_blocks (block_length a) b (update a) (update_last a len') st0) + +val hash_agile_lemma: #a:sha2_alg -> len:len_lt_max_a_t a -> b:seq uint8{length b = len} -> Lemma (hash #a len b == Spec.Agile.Hash.hash a b) diff --git a/code/sha2-mb/Hacl.Spec.SHA2.Vec.fst b/code/sha2-mb/Hacl.Spec.SHA2.Vec.fst index ce49a55966..50e0c9032c 100644 --- a/code/sha2-mb/Hacl.Spec.SHA2.Vec.fst +++ b/code/sha2-mb/Hacl.Spec.SHA2.Vec.fst @@ -125,9 +125,6 @@ let _sigma1 #a #m x = Spec.((x >>>| (op0 a).e3) ^| (x >>>| (op0 a).e4) ^| (x >>| noextract let state_spec (a:sha2_alg) (m:m_spec) = lseq (element_t a m) 8 -noextract -let block_spec (a:sha2_alg) = lseq uint8 (block_length a) - noextract let ws_spec (a:sha2_alg) (m:m_spec) = lseq (element_t a m) 16 @@ -184,8 +181,8 @@ let num_rounds16 (a:sha2_alg) : n:size_t{v n > 0 /\ 16 * v n == Spec.size_k_w a} | SHA2_384 | SHA2_512 -> 5ul noextract -let multiseq (lanes:lanes_t) (len:size_nat) = - ntuple (lseq uint8 len) lanes +let multiseq (lanes:lanes_t) (len:nat) = + ntuple (Seq.lseq uint8 len) lanes unfold let multiblock_spec (a:sha2_alg) (m:m_spec) = multiseq (lanes a m) (block_length a) @@ -238,7 +235,7 @@ let load_ws (#a:sha2_alg) (#m:m_spec{is_supported a m}) (b:multiblock_spec a m) noextract let ws_next_inner (#a:sha2_alg) (#m:m_spec) - (i:size_nat{i < 16}) + (i:nat{i < 16}) (ws:ws_spec a m) : ws_spec a m = let t16 = ws.[i] in let t15 = ws.[(i+1) % 16] in @@ -254,13 +251,13 @@ let ws_next (#a:sha2_alg) (#m:m_spec) repeati 16 (ws_next_inner #a #m) ws noextract -let shuffle_inner (#a:sha2_alg) (#m:m_spec) (ws:ws_spec a m) (i:size_nat{i < v (num_rounds16 a)}) (j:size_nat{j < 16}) (st:state_spec a m) : state_spec a m = +let shuffle_inner (#a:sha2_alg) (#m:m_spec) (ws:ws_spec a m) (i:nat{i < v (num_rounds16 a)}) (j:nat{j < 16}) (st:state_spec a m) : state_spec a m = let k_t = Seq.index (Spec.k0 a) (16 * i + j) in let ws_t = ws.[j] in shuffle_core_spec k_t ws_t st noextract -let shuffle_inner_loop (#a:sha2_alg) (#m:m_spec) (i:size_nat{i < v (num_rounds16 a)}) +let shuffle_inner_loop (#a:sha2_alg) (#m:m_spec) (i:nat{i < v (num_rounds16 a)}) (ws_st:ws_spec a m & state_spec a m) : ws_spec a m & state_spec a m = let (ws,st) = ws_st in let st' = repeati 16 (shuffle_inner ws i) st in @@ -285,14 +282,14 @@ let update (#a:sha2_alg) (#m:m_spec{is_supported a m}) (b:multiblock_spec a m) ( map2 (+|) st_new st_old noextract -let padded_blocks (a:sha2_alg) (len:size_nat{len < block_length a}) : n:nat{n <= 2} = +let padded_blocks (a:sha2_alg) (len:nat{len <= block_length a}) : n:nat{n <= 2} = if (len + len_length a + 1 <= block_length a) then 1 else 2 noextract let load_last_blocks (#a:sha2_alg) (totlen_seq:lseq uint8 (len_length a)) - (fin:size_nat{fin == block_length a \/ fin == 2 * block_length a}) - (len:size_nat{len < block_length a}) + (fin:nat{fin == block_length a \/ fin == 2 * block_length a}) + (len:nat{len <= block_length a}) (b:lseq uint8 len) : lseq uint8 (block_length a) & lseq uint8 (block_length a) = let last = create (2 * block_length a) (u8 0) in @@ -306,8 +303,8 @@ let load_last_blocks (#a:sha2_alg) noextract let load_last1 (#a:sha2_alg) (#m:m_spec{lanes a m == 1}) (totlen_seq:lseq uint8 (len_length a)) - (fin:size_nat{fin == block_length a \/ fin == 2 * block_length a}) - (len:size_nat{len < block_length a}) (b:multiseq (lanes a m) len) : + (fin:nat{fin == block_length a \/ fin == 2 * block_length a}) + (len:nat{len <= block_length a}) (b:multiseq (lanes a m) len) : multiseq (lanes a m) (block_length a) & multiseq (lanes a m) (block_length a) = let b = b.(|0|) in let (l0,l1) = load_last_blocks #a totlen_seq fin len b in @@ -319,8 +316,8 @@ let load_last1 (#a:sha2_alg) (#m:m_spec{lanes a m == 1}) noextract let load_last4 (#a:sha2_alg) (#m:m_spec{lanes a m == 4}) (totlen_seq:lseq uint8 (len_length a)) - (fin:size_nat{fin == block_length a \/ fin == 2 * block_length a}) - (len:size_nat{len < block_length a}) (b:multiseq (lanes a m) len) : + (fin:nat{fin == block_length a \/ fin == 2 * block_length a}) + (len:nat{len <= block_length a}) (b:multiseq (lanes a m) len) : multiseq (lanes a m) (block_length a) & multiseq (lanes a m) (block_length a) = let b0 = b.(|0|) in let b1 = b.(|1|) in @@ -337,8 +334,8 @@ let load_last4 (#a:sha2_alg) (#m:m_spec{lanes a m == 4}) noextract let load_last8 (#a:sha2_alg) (#m:m_spec{lanes a m == 8}) (totlen_seq:lseq uint8 (len_length a)) - (fin:size_nat{fin == block_length a \/ fin == 2 * block_length a}) - (len:size_nat{len < block_length a}) (b:multiseq (lanes a m) len) : + (fin:nat{fin == block_length a \/ fin == 2 * block_length a}) + (len:nat{len <= block_length a}) (b:multiseq (lanes a m) len) : multiseq (lanes a m) (block_length a) & multiseq (lanes a m) (block_length a) = let b0 = b.(|0|) in let b1 = b.(|1|) in @@ -365,7 +362,7 @@ let load_last8 (#a:sha2_alg) (#m:m_spec{lanes a m == 8}) noextract let load_last (#a:sha2_alg) (#m:m_spec{is_supported a m}) (totlen_seq:lseq uint8 (len_length a)) (fin:nat{fin == block_length a \/ fin == 2 * block_length a}) - (len:size_nat{len < block_length a}) (b:multiseq (lanes a m) len) : + (len:nat{len <= block_length a}) (b:multiseq (lanes a m) len) : multiseq (lanes a m) (block_length a) & multiseq (lanes a m) (block_length a) = match lanes a m with | 1 -> load_last1 #a #m totlen_seq fin len b @@ -374,10 +371,10 @@ let load_last (#a:sha2_alg) (#m:m_spec{is_supported a m}) (totlen_seq:lseq uint8 noextract let update_last (#a:sha2_alg) (#m:m_spec{is_supported a m}) (totlen:len_t a) - (len:size_nat{len < block_length a}) + (len:nat{len <= block_length a}) (b:multiseq (lanes a m) len) (st:state_spec a m): state_spec a m = let blocks = padded_blocks a len in - let fin : size_nat = blocks * block_length a in + let fin : nat = blocks * block_length a in let total_len_bits = secret (shift_left #(len_int_type a) totlen 3ul) in let totlen_seq = Lib.ByteSequence.uint_to_bytes_be #(len_int_type a) total_len_bits in let (b0,b1) = load_last #a #m totlen_seq fin len b in @@ -432,34 +429,34 @@ noextract let emit (#a:sha2_alg) (#m:m_spec) (hseq:lseq uint8 (lanes a m * 8 * word_length a)): multiseq (lanes a m) (hash_length a) = - Lib.NTuple.createi (lanes a m) + Lib.NTuple.createi #(Seq.lseq uint8 (hash_length a)) (lanes a m) (fun i -> sub hseq (i * 8 * word_length a) (hash_length a)) noextract let get_multiblock_spec (#a:sha2_alg) (#m:m_spec) - (len:size_nat) (b:multiseq (lanes a m) len) - (i:size_nat{i < len / block_length a}) + (len:Spec.len_lt_max_a_t a) (b:multiseq (lanes a m) len) + (i:nat{i < len / block_length a}) : multiseq (lanes a m) (block_length a) = - Lib.NTuple.createi #(lseq uint8 (block_length a)) (lanes a m) - (fun j -> sub b.(|j|) (i * block_length a) (block_length a)) + Lib.NTuple.createi #(Seq.lseq uint8 (block_length a)) (lanes a m) + (fun j -> Seq.slice b.(|j|) (i * block_length a) (i * block_length a + block_length a)) noextract let get_multilast_spec (#a:sha2_alg) (#m:m_spec) - (len:size_nat) (b:multiseq (lanes a m) len) + (len:Spec.len_lt_max_a_t a) (b:multiseq (lanes a m) len) : multiseq (lanes a m) (len % block_length a) = let rem = len % block_length a in - Lib.NTuple.createi #(lseq uint8 rem) (lanes a m) - (fun j -> sub b.(|j|) (len - rem) rem) + Lib.NTuple.createi #(Seq.lseq uint8 rem) (lanes a m) + (fun j -> Seq.slice b.(|j|) (len - rem) len) noextract -let update_block (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:size_nat) (b:multiseq (lanes a m) len) +let update_block (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:Spec.len_lt_max_a_t a) (b:multiseq (lanes a m) len) (i:nat{i < len / block_length a}) (st:state_spec a m) : state_spec a m = let mb = get_multiblock_spec len b i in update mb st noextract -let update_nblocks (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:size_nat) (b:multiseq (lanes a m) len) (st:state_spec a m) : state_spec a m = +let update_nblocks (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:Spec.len_lt_max_a_t a) (b:multiseq (lanes a m) len) (st:state_spec a m) : state_spec a m = let blocks = len / block_length a in let st = repeati blocks (update_block #a #m len b) st in st @@ -471,8 +468,8 @@ let finish (#a:sha2_alg) (#m:m_spec{is_supported a m}) (st:state_spec a m) : emit hseq noextract -let hash (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:size_nat) (b:multiseq (lanes a m) len) = - let len' : len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in +let hash (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:Spec.len_lt_max_a_t a) (b:multiseq (lanes a m) len) = + let len' : len_t a = Spec.mk_len_t a len in let st = init a m in let st = update_nblocks #a #m len b st in let rem = len % block_length a in @@ -481,17 +478,17 @@ let hash (#a:sha2_alg) (#m:m_spec{is_supported a m}) (len:size_nat) (b:multiseq finish st noextract -let sha256 (len:size_nat) (b:lseq uint8 len) = +let sha256 (len:Spec.len_lt_max_a_t SHA2_256) (b:seq uint8{length b = len}) = hash #SHA2_256 #M32 len b noextract -let sha256_4 (len:size_nat) (b:multiseq 4 len) = +let sha256_4 (len:Spec.len_lt_max_a_t SHA2_256) (b:multiseq 4 len) = hash #SHA2_256 #M128 len b noextract -let sha512 (len:size_nat) (b:lseq uint8 len) = +let sha512 (len:Spec.len_lt_max_a_t SHA2_512) (b:seq uint8{length b = len}) = hash #SHA2_512 #M32 len b noextract -let sha512_4 (len:size_nat) (b:multiseq 4 len) = +let sha512_4 (len:Spec.len_lt_max_a_t SHA2_512) (b:multiseq 4 len) = hash #SHA2_512 #M256 len b diff --git a/code/sha2-mb/Hacl.Spec.SHA2.fst b/code/sha2-mb/Hacl.Spec.SHA2.fst index 6bd9967c0f..460982824f 100644 --- a/code/sha2-mb/Hacl.Spec.SHA2.fst +++ b/code/sha2-mb/Hacl.Spec.SHA2.fst @@ -10,6 +10,15 @@ open Spec.Hash.Definitions #set-options "--z3rlimit 20 --fuel 0 --ifuel 0" +let len_lt_max_a_t (a:sha2_alg) = len:nat{len `less_than_max_input_length` a} + +let mk_len_t (a:sha2_alg) (len:len_lt_max_a_t a) : len_t a = + match a with + | SHA2_224 | SHA2_256 -> + (Math.Lemmas.pow2_lt_compat 64 61; uint #U64 #PUB len) + | SHA2_384 | SHA2_512 -> + (Math.Lemmas.pow2_lt_compat 128 125; uint #U128 #PUB len) + (* The core compression, padding and extraction functions for all SHA2 * algorithms. *) @@ -30,10 +39,6 @@ let to_word (a:sha2_alg) (n:nat{n < pow2 (word_n a)}) : word a = | SHA2_224 | SHA2_256 -> u32 n | SHA2_384 | SHA2_512 -> u64 n -let v' (#a: sha2_alg) (x:word a) = match a with - | SHA2_224 | SHA2_256 -> uint_v #U32 #SEC x - | SHA2_384 | SHA2_512 -> uint_v #U64 #SEC x - inline_for_extraction let num_rounds16 (a:sha2_alg) : n:pos{16 * n == size_k_w a} = match a with @@ -42,7 +47,6 @@ let num_rounds16 (a:sha2_alg) : n:pos{16 * n == size_k_w a} = let k_w (a: sha2_alg) = lseq (word a) (block_word_length a) let block_t (a: sha2_alg) = lseq uint8 (block_length a) -let counter = nat inline_for_extraction noextract type ops = { @@ -230,13 +234,13 @@ let update (a:sha2_alg) (block:block_t a) (hash:words_state a): Tot (words_state map2 #_ #_ #_ #8 ( +. ) hash_1 hash, () -let padded_blocks (a:sha2_alg) (len:size_nat{len < block_length a}) : n:nat{n <= 2} = +let padded_blocks (a:sha2_alg) (len:nat{len < block_length a}) : n:nat{n <= 2} = if (len + len_length a + 1 <= block_length a) then 1 else 2 let load_last (a:sha2_alg) (totlen_seq:lseq uint8 (len_length a)) - (fin:size_nat{fin == block_length a \/ fin == 2 * block_length a}) - (len:size_nat{len < block_length a}) (b:bytes{S.length b = len}) : + (fin:nat{fin == block_length a \/ fin == 2 * block_length a}) + (len:nat{len < block_length a}) (b:bytes{S.length b = len}) : (block_t a & block_t a) = let last = create (2 * block_length a) (u8 0) in @@ -249,7 +253,7 @@ let load_last (a:sha2_alg) (totlen_seq:lseq uint8 (len_length a)) let update_last (a:sha2_alg) (totlen:len_t a) - (len:size_nat{len < block_length a}) + (len:nat{len < block_length a}) (b:bytes{S.length b = len}) (hash:words_state a) : Tot (words_state a) = let blocks = padded_blocks a len in let fin = blocks * block_length a in @@ -274,35 +278,35 @@ let finish (a:sha2_alg) (st:words_state a) : Tot (lseq uint8 (hash_length a)) = emit a hseq -let update_block (a:sha2_alg) (len:size_nat) (b:lseq uint8 len) +let update_block (a:sha2_alg) (len:len_lt_max_a_t a) (b:seq uint8{length b = len}) (i:nat{i < len / block_length a}) (st:words_state a) : words_state a = - let mb = sub b (i * block_length a) (block_length a) in + let mb = Seq.slice b (i * block_length a) (i * block_length a + block_length a) in update a mb st -let update_nblocks (a:sha2_alg) (len:size_nat) (b:lseq uint8 len) (st:words_state a) : words_state a = +let update_nblocks (a:sha2_alg) (len:len_lt_max_a_t a) (b:seq uint8{length b = len}) (st:words_state a) : words_state a = let blocks = len / block_length a in Lib.LoopCombinators.repeati blocks (update_block a len b) st -let hash (#a:sha2_alg) (len:size_nat) (b:lseq uint8 len) = - let len' : len_t a = Lib.IntTypes.cast #U32 #PUB (len_int_type a) PUB (size len) in +let hash (#a:sha2_alg) (len:len_lt_max_a_t a) (b:seq uint8{length b = len}) = + let len' : len_t a = mk_len_t a len in let st = init a in let st = update_nblocks a len b st in let rem = len % block_length a in - let mb = sub b (len - rem) rem in + let mb = Seq.slice b (len - rem) len in let st = update_last a len' rem mb st in finish a st -let sha224 (len:size_nat) (b:lseq uint8 len) = +let sha224 (len:len_lt_max_a_t SHA2_224) (b:seq uint8{length b = len}) = hash #SHA2_224 len b -let sha256 (len:size_nat) (b:lseq uint8 len) = +let sha256 (len:len_lt_max_a_t SHA2_256) (b:seq uint8{length b = len}) = hash #SHA2_256 len b -let sha384 (len:size_nat) (b:lseq uint8 len) = +let sha384 (len:len_lt_max_a_t SHA2_384) (b:seq uint8{length b = len}) = hash #SHA2_384 len b -let sha512 (len:size_nat) (b:lseq uint8 len) = +let sha512 (len:len_lt_max_a_t SHA2_512) (b:seq uint8{length b = len}) = hash #SHA2_512 len b diff --git a/code/streaming/Hacl.Streaming.MD.fst b/code/streaming/Hacl.Streaming.MD.fst index 6e3547a8b1..3bdb5cb331 100644 --- a/code/streaming/Hacl.Streaming.MD.fst +++ b/code/streaming/Hacl.Streaming.MD.fst @@ -77,17 +77,141 @@ let alg = a:hash_alg{not (is_blake a)} let _: squash (inversion hash_alg) = allow_inversion hash_alg +inline_for_extraction noextract +let word (a: alg) = if is_sha2 a then Hacl.Spec.SHA2.Vec.(element_t a M32) else word a + +// Big up for Aymeric who dug this one to help me make the coercion work. +unfold let coerce (#b #a:Type) (x:a{a == b}) : b = x + inline_for_extraction noextract let init_elem (a : alg) : word a = - match a with - | MD5 | SHA1 - | SHA2_224 | SHA2_256 -> Lib.IntTypes.u32 0 - | SHA2_384 | SHA2_512 -> Lib.IntTypes.u64 0 + if is_sha2 a then + Hacl.Spec.SHA2.Vec.(zero_element a M32) + else match a with + | MD5 | SHA1 -> Lib.IntTypes.u32 0 | SHA3_256 -> Lib.IntTypes.u64 0 +inline_for_extraction noextract +let sha2_mb_state = Lib.Buffer.lbuffer (Lib.IntVector.vec_t Lib.IntTypes.U32 1) 8ul + +let _ = assert_norm ( + let open Hacl.Impl.SHA2.Core in + let open Hacl.Spec.SHA2.Vec in + state_t SHA2_256 M32 == sha2_mb_state) + +let multiseq_is_seq a l: Lemma + (requires is_sha2 a) + (ensures ( + let open Hacl.Impl.SHA2.Core in + let open Hacl.Spec.SHA2.Vec in + multiseq (lanes a M32) l == s:S.seq uint8 { S.length s = l })) += + let open Hacl.Impl.SHA2.Core in + let open Hacl.Spec.SHA2.Vec in + let open Lib.NTuple in + let open Lib.Sequence in + assert (lanes a M32 == 1); + calc (==) { + m:S.seq uint8 { S.length m = l }; + (==) { } + m:S.seq uint8 { (S.length m <: nat) == (l <: nat) }; + (==) { _ by (FStar.Tactics.trefl ()) } + S.lseq uint8 l; + } + +let multiseq_hash_is_hash a: Lemma + (requires is_sha2 a) + (ensures ( + let open Hacl.Impl.SHA2.Core in + let open Hacl.Spec.SHA2.Vec in + multiseq (lanes a M32) (hash_length a) == Spec.Agile.Hash.bytes_hash a)) += + let open Hacl.Impl.SHA2.Core in + let open Hacl.Spec.SHA2.Vec in + let open Lib.NTuple in + let open Lib.Sequence in + assert (lanes a M32 == 1); + calc (==) { + Spec.Hash.Definitions.bytes_hash a; + (==) { _ by (FStar.Tactics.trefl ()) } + m:S.seq uint8 { S.length m = Spec.Agile.Hash.hash_length a }; + (==) { multiseq_is_seq a (Spec.Agile.Hash.hash_length a) } + S.lseq uint8 (hash_length a); + } + +let multibuf_is_buf (len: Lib.IntTypes.size_t): Lemma + (ensures Lib.MultiBuffer.multibuf 1 len == x:B.buffer uint8 { B.length x == Lib.IntTypes.v len }) += + let open Lib.Buffer in + calc (==) { + Lib.MultiBuffer.multibuf 1 len; + (==) { } + Lib.Buffer.lbuffer uint8 len; + (==) { _ by FStar.Tactics.(norm [ iota; zeta; delta_only [ `%lbuffer; `%lbuffer_t; `%buffer_t ]]; trefl ()) } + x:B.buffer uint8 { B.length x == Lib.IntTypes.v len }; + } + +inline_for_extraction noextract +let lib_of_agile (#a: alg { is_sha2 a }) (x: Spec.Agile.Hash.bytes_hash a): + y:Hacl.Spec.SHA2.Vec.(multiseq (lanes a M32) (Spec.Agile.Hash.hash_length a)) { x === y } += + multiseq_hash_is_hash a; + coerce #Hacl.Spec.SHA2.Vec.(multiseq (lanes a M32) (Spec.Agile.Hash.hash_length a)) x + +inline_for_extraction noextract +let agile_of_lib (#a: alg { is_sha2 a }) (y:Hacl.Spec.SHA2.Vec.(multiseq (lanes a M32) (Spec.Agile.Hash.hash_length a))): + x: Spec.Agile.Hash.bytes_hash a { x === y } += + multiseq_hash_is_hash a; + coerce #(Spec.Agile.Hash.bytes_hash a) y + +inline_for_extraction noextract +let lib_of_buffer #len (x: B.buffer uint8): + Pure (Lib.MultiBuffer.multibuf 1 len) (requires B.length x == Lib.IntTypes.v len) (ensures fun _ -> True) += + multibuf_is_buf len; + coerce #(Lib.MultiBuffer.multibuf 1 len) #(x:B.buffer uint8 { B.length x == Lib.IntTypes.v len }) x + +inline_for_extraction noextract +let buffer_of_lib #len (x: Lib.MultiBuffer.multibuf 1 len): + Pure (B.buffer uint8) (requires True) (ensures fun x -> B.length x == Lib.IntTypes.v len) += + multibuf_is_buf len; + coerce #(x:B.buffer uint8 { B.length x == Lib.IntTypes.v len }) #(Lib.MultiBuffer.multibuf 1 len) x + inline_for_extraction noextract let state_t (a : alg) = stateful_buffer (word a) (D.impl_state_len (|a, ()|)) (init_elem a) +let eq_word_element (a:alg { is_sha2 a }) : Lemma (word a == Hacl.Spec.SHA2.Vec.(element_t a M32)) + = () + +let eq_length_lib_state (a:alg { is_sha2 a }) (b:B.buffer Hacl.Spec.SHA2.Vec.(element_t a M32)) + : Lemma ( (B.len b == D.impl_state_len (| a, () |)) == (B.length b == Lib.IntTypes.v 8ul)) + = FStar.PropositionalExtensionality.apply + (B.len b == D.impl_state_len (| a, () |)) + (B.length b == Lib.IntTypes.v 8ul) + +let lib_of_state (a: alg { is_sha2 a }) (s: (state_t a).s ()): Lemma + (ensures (state_t a).s () == Lib.Buffer.lbuffer Hacl.Spec.SHA2.Vec.(element_t a M32) 8ul) += + let open Lib.Buffer in + assert (D.impl_state_len (| a, () |) == 8ul); + calc (==) { + (state_t a).s (); + (==) { _ by FStar.Tactics.(trefl ()) } + b:B.buffer (word a) { B.len b == D.impl_state_len (| a, () |) }; + // Somehow, having eq_word_element as a local definition leads to a tactic failure, + // where the lemma application cannot be typechecked in the current context because + // eq_word_element is not found in the context + (==) { _ by FStar.Tactics.(l_to_r [`eq_word_element]) } + // Same issue for eq_length_lib_state + b:B.buffer Hacl.Spec.SHA2.Vec.(element_t a M32) { B.len b == D.impl_state_len (| a, () |) }; + (==) { _ by FStar.Tactics.(l_to_r [`eq_length_lib_state]) } + b:B.buffer Hacl.Spec.SHA2.Vec.(element_t a M32) { B.length b == Lib.IntTypes.v 8ul }; + (==) { _ by FStar.Tactics.(norm [ zeta; iota; delta_only [ `%lbuffer; `%lbuffer_t; `%buffer_t ] ]; trefl ()) } + Lib.Buffer.lbuffer Hacl.Spec.SHA2.Vec.(element_t a M32) 8ul; + } + inline_for_extraction noextract let update_multi_s (a : alg) () acc (prevlen : nat) input = fst Agile.(update_multi a (acc, ()) input) @@ -96,6 +220,12 @@ noextract let update_multi_zero (a : alg) () acc (prevlen : nat) : Lemma(update_multi_s a () acc prevlen S.empty == acc) = () +noextract +let multiseq_empty (a: alg { is_sha2 a }): Hacl.Spec.SHA2.Vec.(multiseq (lanes a M32) 0) = + let open Hacl.Spec.SHA2.Vec in + multiseq_is_seq a 0; + coerce #(multiseq (lanes a M32) 0) #(s:S.seq uint8 { S.length s == 0 }) (S.empty #uint8) + #push-options "--ifuel 1" // TODO: this is the third copy of this lemma!! why?! @@ -114,8 +244,566 @@ let update_multi_associative (a : alg) () acc (prevlen1 prevlen2 : nat) Spec.Hash.Lemmas.update_multi_associative a (acc, ()) input1 input2 #pop-options +val update_nblocks_vec_m32_is_repeat_blocks_multi: + a:sha2_alg + -> len:Hacl.Spec.SHA2.len_lt_max_a_t a{len % block_length a = 0} + -> b:Seq.lseq uint8 len + -> st0:Hacl.Spec.SHA2.Vec.(state_spec a M32) -> + Lemma + (let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let b = b <: multiseq 1 len in + let st = update_nblocks #a #M32 len b st0 in + + let st0_m32 = (state_spec_v st0).[0] <: words_state' a in + let st0_m32 = (st0_m32, ()) <: words_state a in + let st_m32 = (state_spec_v st).[0] <: words_state' a in + let st_m32 = (st_m32, ()) <: words_state a in + st_m32 == repeat_blocks_multi (block_length a) b (Hacl.Spec.SHA2.update a) st0_m32) + +let update_nblocks_vec_m32_is_repeat_blocks_multi a len b st0 = + let open Lib.NTuple in + let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let b = b <: multiseq 1 len in + let st1 = update_nblocks #a #M32 len b st0 in + + let st0_m32 = (state_spec_v st0).[0] <: words_state' a in + let st0_m32_t = (st0_m32, ()) <: words_state a in + let st1_m32 = (state_spec_v st1).[0] <: words_state' a in + let st1_m32_t = (st1_m32, ()) <: words_state a in + let st1_spec_m32 = Hacl.Spec.SHA2.update_nblocks a len b st0_m32_t in + + Hacl.Spec.SHA2.EquivScalar.update_nblocks_is_repeat_blocks_multi a len b st0_m32_t; + assert (st1_spec_m32 == + repeat_blocks_multi (block_length a) b (Hacl.Spec.SHA2.update a) st0_m32_t); + + Hacl.Spec.SHA2.Equiv.update_nblocks_lemma_l #a #M32 len b st0 0; + tup1_lemma b; + assert (b.(|0|) == b); + assert (st1_m32 == Pervasives.fst st1_spec_m32); + assert (Pervasives.snd st1_spec_m32 = ()); + assert (st1_m32_t == st1_spec_m32) + + +let state_spec_v_extensionality (a : alg { is_sha2 a }) + (acc1: Hacl.Spec.SHA2.Vec.(state_spec a M32)) + (acc2: Hacl.Spec.SHA2.Vec.(state_spec a M32)) : + Lemma + (requires (let open Hacl.Spec.SHA2.Vec in + Lib.Sequence.index (state_spec_v acc1) 0 == + Lib.Sequence.index (state_spec_v acc2) 0)) + (ensures acc1 == acc2) = + + let open Lib.Sequence in + let open Lib.IntVector in + let open Hacl.Spec.SHA2.Vec in + allow_inversion alg; + let acc1_s = (state_spec_v acc1).[0] <: lseq (word a) 8 in + let acc2_s = (state_spec_v acc2).[0] <: lseq (word a) 8 in + + let aux (i:nat{i < 8}) : Lemma (acc1.[i] == acc2.[i]) = + assert (index (vec_v acc1.[i]) 0 == index #(word a) #8 acc1_s i); + assert (index (vec_v acc2.[i]) 0 == index #(word a) #8 acc2_s i); + assert (index (vec_v acc1.[i]) 0 == index (vec_v acc2.[i]) 0); + eq_intro (vec_v acc1.[i]) (vec_v acc2.[i]); + vecv_extensionality acc1.[i] acc2.[i] in + + Classical.forall_intro aux; + eq_intro acc1 acc2 + +let repeati_associative (a : alg { is_sha2 a }) + (acc: Hacl.Spec.SHA2.Vec.(state_spec a M32)) + (input1 input2 : S.seq uint8) : + Lemma + (requires ( + S.length input1 + S.length input2 <= Some?.v (Spec.Agile.Hash.max_input_length a) /\ + S.length input1 % U32.v (D.block_len a) = 0 /\ + S.length input2 % U32.v (D.block_len a) = 0)) + (ensures ( + let open Hacl.Spec.SHA2.Vec in + let input = S.append input1 input2 in + S.length input % U32.v (D.block_len a) = 0 /\ + update_nblocks #a #M32 (S.length input) (input <: multiseq 1 (S.length input)) acc == + update_nblocks #a #M32 (S.length input2) (input2 <: multiseq 1 (S.length input2)) + (update_nblocks #a #M32 (S.length input1) (input1 <: multiseq 1 (S.length input1)) acc))) += + let open Lib.NTuple in + let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let input = S.append input1 input2 in + let len = S.length input in + let len1 = S.length input1 in + let len2 = S.length input2 in + let input = input <: multiseq 1 len in + let input1 = input1 <: multiseq 1 len1 in + let input2 = input2 <: multiseq 1 len2 in + + let acc_m32 = (state_spec_v acc).[0] <: words_state' a in + let acc_m32 = (acc_m32, ()) <: words_state a in + let bl = block_length a in + Lib.Sequence.Lemmas.repeat_blocks_multi_split bl + len1 input (Hacl.Spec.SHA2.update a) acc_m32; + + Seq.lemma_eq_intro (Seq.slice input 0 len1) input1; + Seq.lemma_eq_intro (Seq.slice input len1 len) input2; + assert (Seq.slice input 0 len1 == input1); + assert (Seq.slice input len1 len == input2); + assert (repeat_blocks_multi bl input (Hacl.Spec.SHA2.update a) acc_m32 == + repeat_blocks_multi bl input2 (Hacl.Spec.SHA2.update a) + (repeat_blocks_multi bl input1 (Hacl.Spec.SHA2.update a) acc_m32)); + + let acc1 = update_nblocks #a #M32 len1 input1 acc in + let acc2 = update_nblocks #a #M32 len2 input2 acc1 in + let acc3 = update_nblocks #a #M32 len input acc in + // let acc1_m32 = (state_spec_v acc1).[0] <: words_state' a in + // let acc1_m32_t = (acc1_m32, ()) <: words_state a in + // let acc2_m32 = (state_spec_v acc2).[0] <: words_state' a in + // let acc2_m32_t = (acc2_m32, ()) <: words_state a in + // let acc3_m32 = (state_spec_v acc3).[0] <: words_state' a in + // let acc3_m32_t = (acc3_m32, ()) <: words_state a in + + update_nblocks_vec_m32_is_repeat_blocks_multi a len input acc; + update_nblocks_vec_m32_is_repeat_blocks_multi a len1 input1 acc; + update_nblocks_vec_m32_is_repeat_blocks_multi a len2 input2 acc1; + // assert (acc1_m32_t == repeat_blocks_multi bl input1 (Hacl.Spec.SHA2.update a) acc_m32); + // assert (acc2_m32_t == repeat_blocks_multi bl input2 (Hacl.Spec.SHA2.update a) acc1_m32_t); + // assert (acc3_m32_t == repeat_blocks_multi bl input (Hacl.Spec.SHA2.update a) acc_m32); + // assert (acc3_m32_t == acc2_m32_t); + state_spec_v_extensionality a acc2 acc3 + +val hash_vec_m32_is_repeat_blocks: + a:sha2_alg + -> len:Hacl.Spec.SHA2.len_lt_max_a_t a + -> b:Seq.lseq uint8 len + -> st0:Hacl.Spec.SHA2.Vec.(state_spec a M32) -> + Lemma + (let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let totlen : len_t a = Hacl.Spec.SHA2.mk_len_t a len in + let b = b <: multiseq 1 len in + let st = update_nblocks #a #M32 len b st0 in + let rem = len % block_length a in + let mb = Seq.slice b (len - rem) len in + let mb = mb <: multiseq 1 rem in + let st_last = update_last #a #M32 totlen rem mb st in + + let st0_m32 = (state_spec_v st0).[0] <: words_state' a in + let st0_m32 = (st0_m32, ()) <: words_state a in + let st_last_m32 = (state_spec_v st_last).[0] <: words_state' a in + let st_last_m32 = (st_last_m32, ()) <: words_state a in + + st_last_m32 == repeat_blocks (block_length a) b + (Hacl.Spec.SHA2.update a) (Hacl.Spec.SHA2.update_last a totlen) st0_m32) + +let hash_vec_m32_is_repeat_blocks a len b st0 = + let open Lib.NTuple in + let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let totlen : len_t a = Hacl.Spec.SHA2.mk_len_t a len in + let rem = len % block_length a in + let mb = Seq.slice b (len - rem) len in + let b = b <: multiseq 1 len in + let mb = mb <: multiseq 1 rem in + let st1 = update_nblocks #a #M32 len b st0 in + let st2 = update_last #a #M32 totlen rem mb st1 in + + let st0_m32 = (state_spec_v st0).[0] <: words_state' a in + let st0_m32_t = (st0_m32, ()) <: words_state a in + let st1_m32 = (state_spec_v st1).[0] <: words_state' a in + let st1_m32_t = (st1_m32, ()) <: words_state a in + let st2_m32 = (state_spec_v st2).[0] <: words_state' a in + let st2_m32_t = (st2_m32, ()) <: words_state a in + + let st1_spec_m32 = Hacl.Spec.SHA2.update_nblocks a len b st0_m32_t in + let st2_spec_m32 = Hacl.Spec.SHA2.update_last a totlen rem mb st1_spec_m32 in + Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks a len b st0_m32_t; + assert (st2_spec_m32 == + Lib.Sequence.repeat_blocks (block_length a) b + (Hacl.Spec.SHA2.update a) (Hacl.Spec.SHA2.update_last a totlen) st0_m32_t); + + Hacl.Spec.SHA2.Equiv.update_nblocks_lemma_l #a #M32 len b st0 0; + // assert ((state_spec_v (update_nblocks len b st0)).[0] == + // Pervasives.fst (Hacl.Spec.SHA2.update_nblocks a len b.(|0|) ((state_spec_v st0).[0], ()))); + // assert ((state_spec_v st1).[0] == + // Pervasives.fst (Hacl.Spec.SHA2.update_nblocks a len b.(|0|) st0_m32_t)); + tup1_lemma b; + assert (b.(|0|) == b); + assert (st1_m32 == Pervasives.fst st1_spec_m32); + + Hacl.Spec.SHA2.Equiv.update_last_lemma_l totlen rem mb st1 0; + tup1_lemma mb; + assert (mb.(|0|) == mb); + assert (st2_m32 == Pervasives.fst st2_spec_m32) + +val update_nblocks_with_last_sliced: + a:alg { is_sha2 a } + -> len:Hacl.Spec.SHA2.len_lt_max_a_t a + -> b:Seq.lseq uint8 len + -> st0:Hacl.Spec.SHA2.Vec.(state_spec a M32) -> + Lemma + (let open Hacl.Spec.SHA2.Vec in + let b = b <: multiseq 1 len in + let st = update_nblocks #a #M32 len b st0 in + + let rem = len % block_length a in + let blocks = Seq.slice b 0 (len - rem) in + let blocks = blocks <: multiseq 1 (len - rem) in + let st_sliced = update_nblocks #a #M32 (len - rem) blocks st0 in + + let totlen : len_t a = Hacl.Spec.SHA2.mk_len_t a len in + let mb = Seq.slice b (len - rem) len in + let mb = mb <: multiseq 1 rem in + + update_last #a #M32 totlen rem mb st == + update_last #a #M32 totlen rem mb st_sliced) + +let update_nblocks_with_last_sliced a len b st0 = + let open Lib.NTuple in + let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let totlen : len_t a = Hacl.Spec.SHA2.mk_len_t a len in + let b = b <: multiseq 1 len in + let st = update_nblocks #a #M32 len b st0 in + let rem = len % block_length a in + let mb = Seq.slice b (len - rem) len in + let mb = mb <: multiseq 1 rem in + let st_last = update_last #a #M32 totlen rem mb st in + + let st0_m32 = (state_spec_v st0).[0] <: words_state' a in + let st0_m32_t = (st0_m32, ()) <: words_state a in + //let st_m32 = (state_spec_v st).[0] <: words_state' a in + //let st_m32_t = (st_m32, ()) <: words_state a in + let st_last_m32 = (state_spec_v st_last).[0] <: words_state' a in + let st_last_m32_t = (st_last_m32, ()) <: words_state a in + + hash_vec_m32_is_repeat_blocks a len b st0; + assert (st_last_m32_t == repeat_blocks (block_length a) b + (Hacl.Spec.SHA2.update a) (Hacl.Spec.SHA2.update_last a totlen) st0_m32_t); + Lib.Sequence.Lemmas.lemma_repeat_blocks_via_multi (block_length a) b + (Hacl.Spec.SHA2.update a) (Hacl.Spec.SHA2.update_last a totlen) st0_m32_t; + + let blocks = Seq.slice b 0 (len - rem) in + let blocks = blocks <: multiseq 1 (len - rem) in + assert (st_last_m32_t == + Hacl.Spec.SHA2.update_last a totlen rem mb + (repeat_blocks_multi (block_length a) blocks + (Hacl.Spec.SHA2.update a) st0_m32_t)); + + let st_sliced = update_nblocks #a #M32 (len - rem) blocks st0 in + let st_sliced_last = update_last #a #M32 totlen rem mb st_sliced in + + let st_sliced_m32 = (state_spec_v st_sliced).[0] <: words_state' a in + let st_sliced_m32_t = (st_sliced_m32, ()) <: words_state a in + let st_slicedl_m32 = (state_spec_v st_sliced_last).[0] <: words_state' a in + let st_slicedl_m32_t = (st_slicedl_m32, ()) <: words_state a in + + update_nblocks_vec_m32_is_repeat_blocks_multi a (len - rem) blocks st0; + assert (st_sliced_m32_t == + repeat_blocks_multi (block_length a) blocks + (Hacl.Spec.SHA2.update a) st0_m32_t); + + Hacl.Spec.SHA2.Equiv.update_last_lemma_l totlen rem mb st_sliced 0; + tup1_lemma mb; + assert (mb.(|0|) == mb); + assert (st_slicedl_m32 == st_last_m32); + state_spec_v_extensionality a st_last st_sliced_last + +let lemma_split_at_last_lazy (l:pos) (b: S.seq uint8) : + Lemma + (requires S.length b % l <> 0 \/ S.length b == 0) + (ensures (let blocks, last = Lib.UpdateMulti.split_at_last_lazy l b in + let len = Seq.length b in + let rem = len % l in + let blocks_s = Seq.slice b 0 (len - rem) in + let last_s = Seq.slice b (len - rem) len in + blocks == blocks_s /\ last == last_s)) = + + let blocks, last = Lib.UpdateMulti.split_at_last_lazy l b in + let len = Seq.length b in + let rem_s = len % l in + let blocks_s = Seq.slice b 0 (len - rem_s) in + let last_s = Seq.slice b (len - rem_s) len in + + let n, rem = Lib.UpdateMulti.split_at_last_lazy_nb_rem l len in + assert (rem % l == len % l) + +val update_last_one_block (a: alg { is_sha2 a }) + (totlen:len_t a) + (b : Hacl.Spec.SHA2.Vec.multiseq Hacl.Spec.SHA2.Vec.(lanes a M32) (block_length a)) + (s : Hacl.Spec.SHA2.Vec.multiseq Hacl.Spec.SHA2.Vec.(lanes a M32) 0) + (st : Hacl.Spec.SHA2.Vec.state_spec a Hacl.Spec.SHA2.Vec.M32) + : Lemma + // Why is that not automatically derived + (requires block_length a `less_than_max_input_length` a) + (ensures Hacl.Spec.SHA2.Vec.( + update_last totlen (block_length a) b st == + update_last totlen 0 s (update_block #a #M32 (block_length a) b 0 st))) + +let sub_update_sub (#a:Type) (len:Lib.IntTypes.size_nat) + (sub_st:Lib.IntTypes.size_nat{sub_st <= len}) + (sub_len:Lib.IntTypes.size_nat{sub_st + sub_len <= len}) + (i:Lib.Sequence.lseq a len) + (start:Lib.IntTypes.size_nat) + (n:Lib.IntTypes.size_nat{start + n <= sub_len}) + (x:Lib.Sequence.lseq a n) + : Lemma (Lib.Sequence.(update_sub (sub i sub_st sub_len) start n x == + sub (update_sub i (sub_st + start) n x) sub_st sub_len)) + = let open Lib.Sequence in + let s1:lseq a sub_len = update_sub (sub i sub_st sub_len) start n x in + let s2:lseq a sub_len = sub (update_sub i (sub_st + start) n x) sub_st sub_len in + let aux (k:nat{k < sub_len}) : Lemma (index s1 k == index s2 k) = + if k < start || k >= start + n then () + else + calc (==) { + index s2 k; + (eq2 #a) { } // Unrolling sub. Need to expand == to help with typing + index (update_sub i (sub_st + start) n x) (sub_st + k); + (==) { } + index (sub (update_sub i (sub_st + start) n x) (sub_st + start) n) (k - start); + (==) { } // By postcondition of update_sub + index x (k - start); + (==) { () } + index s1 k; + } + in Classical.forall_intro aux; + assert (s1 `equal` s2) + +let update_last_one_block a totlen b s st = + let open Lib.NTuple in + let open Lib.IntTypes in + let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let len1 = 0 in + let len2 = block_length a in + + let blocks1 = padded_blocks a len1 in + assert (blocks1 == 1); + let blocks2 = padded_blocks a len2 in + assert (blocks2 == 2); + + let total_len_bits = secret (shift_left #(len_int_type a) totlen 3ul) in + let totlen_seq = Lib.ByteSequence.uint_to_bytes_be #(len_int_type a) total_len_bits in + + let (b01, b11) = load_last #a #M32 totlen_seq (1 * block_length a) len1 s in + let (b02, b12) = load_last #a #M32 totlen_seq (2 * block_length a) len2 b in + + assert (update_last totlen len2 b st == update b12 (update b02 st)); + + let l01, _ = load_last_blocks #a totlen_seq (block_length a) 0 s.(|0|) in + let l02, l12 = load_last_blocks #a totlen_seq (2 * block_length a) len2 b.(|0|) in + + let last = create (2 * block_length a) (u8 0) in + let last1 = update_sub last 0 len2 b.(|0|) in + let last2 = last1.[len2] <- u8 0x80 in + let start = 2 * block_length a - len_length a in + let last3 = update_sub last2 start (len_length a) totlen_seq in + + assert (l02 `Lib.Sequence.equal` b.(|0|)); + + let open FStar.Tactics in + assert (load_last #a #M32 totlen_seq (2 * block_length a) len2 b == + load_last1 #a totlen_seq (2 * block_length a) len2 b) by (norm [delta_only [`%load_last]]); + + tup1_lemma b02; + tup1_lemma b; + assert (b02 == b); + + let last1' = update_sub last 0 len1 s.(|0|) in + assert (last `Lib.Sequence.equal` last1'); + + let last2' = last.[len1] <- u8 0x80 in + let last3' = update_sub last2' (block_length a - len_length a) (len_length a) totlen_seq in + assert (l01 == sub last3' 0 (block_length a)); + assert (l12 == sub last3 (block_length a) (block_length a)); + + // To trigger the right patterns, we need to alternate between + // Seq.equal and Lib.Sequence.equal... + let lastone = create len2 (u8 0) in + assert (lastone `S.equal` S.create len2 (u8 0)); + assert (sub last1 len2 len2 `Lib.Sequence.equal` S.create len2 (u8 0)); + let last2one = lastone.[0] <- u8 0x80 in + assert (last2one `Lib.Sequence.equal` (sub last2 len2 len2)); + assert (last2one `S.equal` (sub last2' 0 len2)); + + let last3one = update_sub last2one (len2 - len_length a) (len_length a) totlen_seq in + + assert (last3one == update_sub (sub last2 len2 len2) (len2 - len_length a) (len_length a) totlen_seq); + + sub_update_sub (2 * block_length a) len2 len2 last2 (len2 - len_length a) (len_length a) totlen_seq; + + assert (last3one == sub last3 len2 len2); + + sub_update_sub (2 * block_length a) 0 len2 last2' (len2 - len_length a) (len_length a) totlen_seq; + assert (last3one == sub last3' 0 len2); + assert (l01 == l12); + + assert (load_last #a #M32 totlen_seq (block_length a) 0 s == + load_last1 #a totlen_seq (block_length a) 0 s) by (norm [delta_only [`%load_last]]); + + tup1_lemma b12; + tup1_lemma b01; + + assert (b12 == b01); + + Lib.NTuple.eq_intro (get_multiblock_spec #a #M32 len2 b 0) b; + assert (get_multiblock_spec len2 b 0 == b); + assert (update_block #a #M32 len2 b 0 st == update b st); + + assert (update_last totlen 0 s (update b st) == update b01 (update b st)) + + +let sha2_mb_is_incremental (a: alg { is_sha2 a }) (input: S.seq uint8): + Lemma (requires S.length input <= Some?.v (Spec.Agile.Hash.max_input_length a)) + (ensures ( + let blocks, last = Lib.UpdateMulti.split_at_last_lazy (U32.v (block_len a)) input in + (**) Math.Lemmas.modulo_lemma 0 (U32.v (block_len a)); + let open Hacl.Spec.SHA2.Vec in + let hash0 = init a M32 in + let hash1 = update_nblocks #a #M32 (S.length blocks) (blocks <: multiseq 1 (S.length blocks)) hash0 in + let totlen: len_t a = Hacl.Spec.SHA2.mk_len_t a (S.length input) in + let hash2 = update_last #a #M32 totlen (S.length last) (last <: multiseq 1 (S.length last)) hash1 in + let hash3 = finish hash2 in + agile_of_lib hash3 `S.equal` Spec.Agile.Hash.hash a input)) += + let open Lib.NTuple in + let open Lib.Sequence in + let open Hacl.Spec.SHA2.Vec in + let blocks, last = Lib.UpdateMulti.split_at_last_lazy (U32.v (block_len a)) input in + (**) Math.Lemmas.modulo_lemma 0 (U32.v (block_len a)); + + let hash0 = init a M32 in + + let len = S.length input in + let totlen: len_t a = Hacl.Spec.SHA2.mk_len_t a len in + let input = input <: multiseq 1 len in + + let rem = len % block_length a in + let input_blocks = Seq.slice input 0 (len - rem) in + let input_blocks = input_blocks <: multiseq 1 (len - rem) in + let mb = Seq.slice input (len - rem) len in + let mb = mb <: multiseq 1 rem in + + + let blocks = blocks <: multiseq 1 (S.length blocks) in + let last = last <: multiseq 1 (S.length last) in + + let st = update_nblocks #a #M32 len input hash0 in + let st_last = update_last #a #M32 totlen rem mb st in + let st_finish = finish st_last in + + + if rem = 0 && len <> 0 then ( + assert (mb == S.empty); + assert (input_blocks `Seq.equal` (blocks `S.append` last)); + + let hash1 = update_nblocks #a #M32 (len - block_length a) blocks hash0 in + let hash2 = update_last #a #M32 totlen (block_length a) last hash1 in + let hash3 = finish hash2 in + + repeati_associative a hash0 blocks last; + assert (st == update_nblocks #a #M32 (block_length a) last hash1); + Lib.LoopCombinators.unfold_repeati 1 (update_block #a #M32 (block_length a) last) hash1 0; + Lib.LoopCombinators.eq_repeati0 1 (update_block #a #M32 (block_length a) last) hash1; + assert (st == update_block #a #M32 (block_length a) last 0 hash1); + + update_last_one_block a totlen last mb hash1; + assert (hash2 == st_last); + + assert ((get_multilast_spec #a #M32 len input).(|0|) == + Seq.slice input.(|0|) (len - rem) len); + tup1_lemma input; + assert (input.(|0|) == input); + tup1_lemma mb; + assert (mb.(|0|) == mb); + assert ((get_multilast_spec #a #M32 len input).(|0|) == mb.(|0|)); + Lib.NTuple.eq_intro (get_multilast_spec #a #M32 len input) mb; + assert (get_multilast_spec #a #M32 len input == mb); + assert (hash3 == hash len input); + Hacl.Spec.SHA2.Equiv.hash_agile_lemma #a #M32 len input; + assert ((hash #a #M32 len input).(|0|) == Spec.Agile.Hash.hash a input.(|0|)); + assert (hash3.(|0|) == Spec.Agile.Hash.hash a input.(|0|)); + assert (hash3.(|0|) == Spec.Agile.Hash.hash a input); + //let hash3 = hash3.(|0|) <: lseq uint8 (hash_length a) in + //assert (hash3 == Spec.Agile.Hash.hash a input); + //let hash3_s = hash3 <: multiseq 1 (hash_length a) in + //assert (agile_of_lib #a hash3_s == hash3); + ntup1_lemma #_ #1 hash3; + assert (agile_of_lib #a hash3 == hash3.(|0|)); + assert (agile_of_lib #a hash3 == Spec.Agile.Hash.hash a input) + + ) else ( + lemma_split_at_last_lazy (block_length a) input; + assert (mb == last /\ input_blocks == blocks); + + let hash1 = update_nblocks #a #M32 (len - rem) blocks hash0 in + let hash2 = update_last #a #M32 totlen rem last hash1 in + let hash3 = finish hash2 in + + update_nblocks_with_last_sliced a len input hash0; + assert (hash2 == st_last); + assert (hash3 == st_finish); + + assert ((get_multilast_spec #a #M32 len input).(|0|) == + Seq.slice input.(|0|) (len - rem) len); + tup1_lemma input; + assert (input.(|0|) == input); + tup1_lemma mb; + assert (mb.(|0|) == mb); + assert ((get_multilast_spec #a #M32 len input).(|0|) == mb.(|0|)); + Lib.NTuple.eq_intro (get_multilast_spec #a #M32 len input) mb; + assert (get_multilast_spec #a #M32 len input == mb); + assert (hash3 == hash len input); + Hacl.Spec.SHA2.Equiv.hash_agile_lemma #a #M32 len input; + assert ((hash #a #M32 len input).(|0|) == Spec.Agile.Hash.hash a input.(|0|)); + assert (hash3.(|0|) == Spec.Agile.Hash.hash a input.(|0|)); + assert (hash3.(|0|) == Spec.Agile.Hash.hash a input); + //let hash3 = hash3.(|0|) <: lseq uint8 (hash_length a) in + //assert (hash3 == Spec.Agile.Hash.hash a input); + //let hash3_s = hash3 <: multiseq 1 (hash_length a) in + //assert (agile_of_lib #a hash3_s == hash3); + ntup1_lemma #_ #1 hash3; + assert (agile_of_lib #a hash3 == hash3.(|0|)); + assert (agile_of_lib #a hash3 == Spec.Agile.Hash.hash a input) + ) + +// Extraction loops otherwise. Using every flavor of noextract known to man. +noextract [@@ noextract_to "krml" ] +let live_multi_of_live #len (h:HS.mem) (b:Lib.MultiBuffer.multibuf 1 len): Lemma + (requires ( + B.live h (buffer_of_lib #len b))) + (ensures Lib.MultiBuffer.live_multi h b) += + let open Lib.Buffer in + let open Lib.NTuple in + let foo (i: nat): Lemma (requires (i < 1)) (ensures live h b.(|i|)) [ SMTPat (live h b.(|i|)) ]= + assert (Lib.MultiBuffer.multibuf 1 len == Lib.Buffer.lbuffer uint8 len); + assert (live h (b <: Lib.Buffer.lbuffer uint8 len)); + Lib.NTuple.ntup1_lemma #(Lib.Buffer.lbuffer uint8 len) #1 b; + assert (b.(|i|) == b) + in + () + +noextract [@@ noextract_to "krml" ] +let disjoint_multi_of_disjoint #a #len #len' (b:Lib.MultiBuffer.multibuf 1 len) + (b': Lib.Buffer.lbuffer a len'): Lemma + (requires ( + B.disjoint (buffer_of_lib #len b) (b' <: B.buffer a))) + (ensures Lib.MultiBuffer.disjoint_multi b b') += + let open Lib.Buffer in + let open Lib.NTuple in + let foo (i: nat): Lemma (requires (i < 1)) (ensures disjoint b.(|i|) b') [ SMTPat (disjoint b.(|i|) b') ]= + assert (Lib.MultiBuffer.multibuf 1 len == Lib.Buffer.lbuffer uint8 len); + assert (disjoint (b <: Lib.Buffer.lbuffer uint8 len) b'); + Lib.NTuple.ntup1_lemma #(Lib.Buffer.lbuffer uint8 len) #1 b; + assert (b.(|i|) == b) + in + () + + /// This proof usually succeeds fast but we increase the rlimit for safety -#push-options "--z3rlimit 400 --ifuel 1" +#push-options "--z3rlimit 500 --ifuel 1" inline_for_extraction noextract let hacl_md (a:alg)// : block unit = = @@ -130,16 +818,49 @@ let hacl_md (a:alg)// : block unit = (fun () -> Hacl.Hash.Definitions.block_len a) (fun () -> Hacl.Hash.Definitions.block_len a) - (fun () _ -> fst (Spec.Agile.Hash.init a)) - (fun () acc prevlen blocks -> update_multi_s a () acc prevlen blocks) - (fun () acc prevlen input -> fst Spec.Hash.Incremental.(update_last a (acc, ()) prevlen input)) - (fun () _ acc -> Spec.Hash.PadFinish.(finish a (acc, ()))) + (fun () _ -> + if is_sha2 a then + Hacl.Spec.SHA2.Vec.(init a M32) + else + fst (Spec.Agile.Hash.init a)) + (fun () acc prevlen blocks -> + if is_sha2 a then + let open Hacl.Spec.SHA2.Vec in + update_nblocks #a #M32 (S.length blocks) (blocks <: multiseq 1 (S.length blocks)) acc + else + update_multi_s a () acc prevlen blocks) + (fun () acc prevlen input -> + if is_sha2 a then + let open Hacl.Spec.SHA2 in + let totlen: len_t a = mk_len_t a (prevlen + S.length input) in + Hacl.Spec.SHA2.Vec.(update_last #a #M32 totlen (S.length input) (input <: multiseq 1 (S.length input)) acc) + else + fst Spec.Hash.Incremental.(update_last a (acc, ()) prevlen input)) + (fun () _ acc -> + if is_sha2 a then + let _ = multiseq_hash_is_hash a in + agile_of_lib Hacl.Spec.SHA2.Vec.(finish #a #M32 acc) + else + Spec.Hash.PadFinish.(finish a (acc, ()))) (fun () _ s -> Spec.Agile.Hash.(hash a s)) - (fun i h prevlen -> update_multi_zero a i h prevlen) (* update_multi_zero *) + (fun i h prevlen -> + if is_sha2 a then + let open Hacl.Spec.SHA2.Vec in + Lib.LoopCombinators.eq_repeati0 (0 / block_length a) (update_block #a #M32 0 (multiseq_empty a)) h + else + update_multi_zero a i h prevlen) (* update_multi_zero *) (fun i acc prevlen1 prevlen2 input1 input2 -> - update_multi_associative a i acc prevlen1 prevlen2 input1 input2) (* update_multi_associative *) - (fun _ _ input -> Spec.Hash.Incremental.hash_is_hash_incremental a input) + if is_sha2 a then + repeati_associative a acc input1 input2 + else + update_multi_associative a i acc prevlen1 prevlen2 input1 input2) (* update_multi_associative *) + (fun _ _ input -> + if is_sha2 a then + let open Hacl.Spec.SHA2 in + sha2_mb_is_incremental a input + else + Spec.Hash.Incremental.hash_is_hash_incremental a input) (fun _ _ -> ()) @@ -147,59 +868,88 @@ let hacl_md (a:alg)// : block unit = match a with | MD5 -> Hacl.Hash.MD5.legacy_init s | SHA1 -> Hacl.Hash.SHA1.legacy_init s - | SHA2_224 -> Hacl.Hash.SHA2.init_224 s - | SHA2_256 -> Hacl.Hash.SHA2.init_256 s - | SHA2_384 -> Hacl.Hash.SHA2.init_384 s - | SHA2_512 -> Hacl.Hash.SHA2.init_512 s + | SHA2_224 | SHA2_256 | SHA2_384 | SHA2_512 -> Hacl.SHA2.Scalar32.init #a s | SHA3_256 -> Hacl.Hash.SHA3.init_256 s) (fun _ s prevlen blocks len -> - [@inline_let] - let update_multi : update_multi_st (|a,()|) = - match a with - | MD5 -> Hacl.Hash.MD5.legacy_update_multi - | SHA1 -> Hacl.Hash.SHA1.legacy_update_multi - | SHA2_224 -> Hacl.Hash.SHA2.update_multi_224 - | SHA2_256 -> Hacl.Hash.SHA2.update_multi_256 - | SHA2_384 -> Hacl.Hash.SHA2.update_multi_384 - | SHA2_512 -> Hacl.Hash.SHA2.update_multi_512 - | SHA3_256 -> Hacl.Hash.SHA3.update_multi_256 - in - update_multi s () blocks (len `U32.div` Hacl.Hash.Definitions.(block_len a))) + if is_sha2 a then + let open Hacl.Spec.SHA2.Vec in + [@inline_let] let blocks_lib = lib_of_buffer #len blocks in + lib_of_state a s; + [@inline_let] let state_lib = coerce #(Lib.Buffer.lbuffer Hacl.Spec.SHA2.Vec.(element_t a M32) 8ul) s in + let h0 = ST.get () in + live_multi_of_live h0 blocks_lib; + disjoint_multi_of_disjoint blocks_lib state_lib; + Hacl.Impl.SHA2.Core.lemma_len_lt_max_a_fits_size_t a len; + Hacl.SHA2.Scalar32.update_nblocks #a len blocks_lib s; + Lib.MultiBuffer.loc_multi1 blocks_lib; + Lib.NTuple.ntup1_lemma #(Lib.Buffer.lbuffer uint8 len) #1 blocks; + Lib.MultiBuffer.as_seq_multi_lemma h0 blocks_lib 0; + Lib.NTuple.ntup1_lemma #(multiseq (lanes a M32) (Lib.IntTypes.v len)) #1 (Lib.MultiBuffer.as_seq_multi h0 blocks_lib) + else + [@inline_let] + let update_multi : update_multi_st (|a,()|) = + match a with + | MD5 -> Hacl.Hash.MD5.legacy_update_multi + | SHA1 -> Hacl.Hash.SHA1.legacy_update_multi + | SHA3_256 -> Hacl.Hash.SHA3.update_multi_256 + in + update_multi s () blocks (len `U32.div` Hacl.Hash.Definitions.(block_len a))) (fun _ s prevlen last last_len -> - [@inline_let] - let update_last : update_last_st (|a,()|) = - match a with - | MD5 -> Hacl.Hash.MD5.legacy_update_last - | SHA1 -> Hacl.Hash.SHA1.legacy_update_last - | SHA2_224 -> Hacl.Hash.SHA2.update_last_224 - | SHA2_256 -> Hacl.Hash.SHA2.update_last_256 - | SHA2_384 -> Hacl.Hash.SHA2.update_last_384 - | SHA2_512 -> Hacl.Hash.SHA2.update_last_512 - | SHA3_256 -> Hacl.Hash.SHA3.update_last_256 - in - [@inline_let] - let prevlen = - match a with - | MD5 | SHA1 - | SHA2_224 | SHA2_256 -> prevlen - | SHA2_384 | SHA2_512 -> FStar.Int.Cast.Full.uint64_to_uint128 prevlen - | SHA3_256 -> () - in - update_last s () prevlen last last_len) + if is_sha2 a then + let open Hacl.Spec.SHA2.Vec in + let open Hacl.Impl.SHA2.Generic in + [@inline_let] let last_lib = lib_of_buffer #last_len last in + lib_of_state a s; + [@inline_let] let state_lib = coerce #(Lib.Buffer.lbuffer Hacl.Spec.SHA2.Vec.(element_t a M32) 8ul) s in + let h0 = ST.get () in + live_multi_of_live h0 last_lib; + disjoint_multi_of_disjoint last_lib state_lib; + Hacl.SHA2.Scalar32.update_last #a (Hacl.Hash.MD.len_add32 a (if a = SHA2_384 || a = SHA2_512 then FStar.Int.Cast.Full.uint64_to_uint128 prevlen else prevlen) last_len) last_len last_lib s; + Lib.MultiBuffer.loc_multi1 last_lib; + Lib.NTuple.ntup1_lemma #(Lib.Buffer.lbuffer uint8 last_len) #1 last; + Lib.MultiBuffer.as_seq_multi_lemma h0 last_lib 0; + Lib.NTuple.ntup1_lemma #(multiseq (lanes a M32) (Lib.IntTypes.v last_len)) #1 (Lib.MultiBuffer.as_seq_multi h0 last_lib) + else + [@inline_let] + let update_last : update_last_st (|a,()|) = + match a with + | MD5 -> Hacl.Hash.MD5.legacy_update_last + | SHA1 -> Hacl.Hash.SHA1.legacy_update_last + | SHA3_256 -> Hacl.Hash.SHA3.update_last_256 + in + [@inline_let] + let prevlen = + match a with + | MD5 | SHA1 -> prevlen + | SHA3_256 -> () + in + update_last s () prevlen last last_len) (fun _ _ s dst -> - [@inline_let] - let finish : finish_st (|a,()|) = - match a with - | MD5 -> Hacl.Hash.MD5.legacy_finish - | SHA1 -> Hacl.Hash.SHA1.legacy_finish - | SHA2_224 -> Hacl.Hash.SHA2.finish_224 - | SHA2_256 -> Hacl.Hash.SHA2.finish_256 - | SHA2_384 -> Hacl.Hash.SHA2.finish_384 - | SHA2_512 -> Hacl.Hash.SHA2.finish_512 - | SHA3_256 -> Hacl.Hash.SHA3.finish_256 - in - finish s () dst) + if is_sha2 a then + let open Hacl.Spec.SHA2.Vec in + let open Hacl.Impl.SHA2.Generic in + [@inline_let] let dst_lib = lib_of_buffer #(Hacl.Hash.Definitions.hash_len a) dst in + lib_of_state a s; + [@inline_let] let state_lib = coerce #(Lib.Buffer.lbuffer Hacl.Spec.SHA2.Vec.(element_t a M32) 8ul) s in + let h0 = ST.get () in + live_multi_of_live h0 dst_lib; + disjoint_multi_of_disjoint dst_lib state_lib; + Hacl.SHA2.Scalar32.finish #a s dst_lib; + Lib.MultiBuffer.loc_multi1 dst_lib; + Lib.NTuple.ntup1_lemma #(Lib.Buffer.lbuffer uint8 (Hacl.Hash.Definitions.hash_len a)) #1 dst; + let h1 = ST.get () in + Lib.MultiBuffer.as_seq_multi_lemma h1 dst_lib 0; + Lib.NTuple.ntup1_lemma #(multiseq (lanes a M32) (hash_length a)) #1 (Lib.MultiBuffer.as_seq_multi h1 dst_lib) + else + [@inline_let] + let finish : finish_st (|a,()|) = + match a with + | MD5 -> Hacl.Hash.MD5.legacy_finish + | SHA1 -> Hacl.Hash.SHA1.legacy_finish + | SHA3_256 -> Hacl.Hash.SHA3.finish_256 + in + finish s () dst) #pop-options diff --git a/code/streaming/Hacl.Streaming.SHA2.fst b/code/streaming/Hacl.Streaming.SHA2.fst index 2cca247c6e..3eb15d72b6 100644 --- a/code/streaming/Hacl.Streaming.SHA2.fst +++ b/code/streaming/Hacl.Streaming.SHA2.fst @@ -1,5 +1,10 @@ module Hacl.Streaming.SHA2 +// NOTE: if you get errors trying to load this file in interactive mode because +// a tactic fails in Hacl.Streaming.MD (even though Hacl.Streaming.MD works +// totally fine in interactive mode!!), run: +// NODEPEND=1 make -j obj/Hacl.Streaming.MD.fst.checked + open FStar.HyperStack.ST /// A streaming version of MD-based hashes @@ -44,6 +49,19 @@ let state_sha2_256 = F.state_s hacl_sha2_256 () (state_t_256.s ()) (G.erased uni let state_sha2_384 = F.state_s hacl_sha2_384 () (state_t_384.s ()) (G.erased unit) let state_sha2_512 = F.state_s hacl_sha2_512 () (state_t_512.s ()) (G.erased unit) +open Lib.Buffer +open Lib.IntTypes + +// Slightly rewritten spec to remove any mention of multibuffer-isms +inline_for_extraction noextract +let hash_t (a: sha2_alg) = + dst:lbuffer uint8 (Hacl.Hash.Definitions.hash_len a) -> input_len:size_t -> input:lbuffer uint8 input_len -> + Stack unit + (requires fun h0 -> v input_len `less_than_max_input_length` a /\ + live h0 input /\ live h0 dst /\ disjoint dst input) + (ensures fun h0 _ h1 -> modifies (loc dst) h0 h1 /\ + as_seq h1 dst == Spec.Agile.Hash.hash a (as_seq h0 input)) + inline_for_extraction noextract let alloca_224 = F.alloca hacl_sha2_224 () (state_t_224.s ()) (G.erased unit) let create_in_224 = F.create_in hacl_sha2_224 () (state_t_224.s ()) (G.erased unit) @@ -53,6 +71,24 @@ let update_224 = F.update hacl_sha2_224 (G.hide ()) (state_t_224.s ()) (G.erased let finish_224 = F.mk_finish hacl_sha2_224 () (state_t_224.s ()) (G.erased unit) let free_224 = F.free hacl_sha2_224 (G.hide ()) (state_t_224.s ()) (G.erased unit) +open Lib.NTuple +open Lib.MultiBuffer +open Hacl.Spec.SHA2.Vec +open Hacl.SHA2.Scalar32 +open Hacl.Impl.SHA2.Generic +module ST = FStar.HyperStack.ST + +val sha224: hash_t SHA2_224 +let sha224 dst input_len input = + let ib = ntup1 input in + let rb = ntup1 dst in + let h0 = ST.get() in + loc_multi1 rb; + hash #SHA2_224 #M32 sha224_init sha224_update_nblocks sha224_update_last sha224_finish rb input_len ib; + let h1 = ST.get() in + Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_224 #M32 (v input_len) (as_seq_multi h0 ib); + assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) + inline_for_extraction noextract let alloca_256 = F.alloca hacl_sha2_256 () (state_t_256.s ()) (G.erased unit) let create_in_256 = F.create_in hacl_sha2_256 () (state_t_256.s ()) (G.erased unit) @@ -62,6 +98,17 @@ let update_256 = F.update hacl_sha2_256 (G.hide ()) (state_t_256.s ()) (G.erased let finish_256 = F.mk_finish hacl_sha2_256 () (state_t_256.s ()) (G.erased unit) let free_256 = F.free hacl_sha2_256 (G.hide ()) (state_t_256.s ()) (G.erased unit) +val sha256: hash_t SHA2_256 +let sha256 dst input_len input = + let ib = ntup1 input in + let rb = ntup1 dst in + let h0 = ST.get() in + loc_multi1 rb; + hash #SHA2_256 #M32 sha256_init sha256_update_nblocks sha256_update_last sha256_finish rb input_len ib; + let h1 = ST.get() in + Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_256 #M32 (v input_len) (as_seq_multi h0 ib); + assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) + inline_for_extraction noextract let alloca_384 = F.alloca hacl_sha2_384 () (state_t_384.s ()) (G.erased unit) let create_in_384 = F.create_in hacl_sha2_384 () (state_t_384.s ()) (G.erased unit) @@ -71,6 +118,17 @@ let update_384 = F.update hacl_sha2_384 (G.hide ()) (state_t_384.s ()) (G.erased let finish_384 = F.mk_finish hacl_sha2_384 () (state_t_384.s ()) (G.erased unit) let free_384 = F.free hacl_sha2_384 (G.hide ()) (state_t_384.s ()) (G.erased unit) +val sha384: hash_t SHA2_384 +let sha384 dst input_len input = + let ib = ntup1 input in + let rb = ntup1 dst in + let h0 = ST.get() in + loc_multi1 rb; + hash #SHA2_384 #M32 sha384_init sha384_update_nblocks sha384_update_last sha384_finish rb input_len ib; + let h1 = ST.get() in + Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_384 #M32 (v input_len) (as_seq_multi h0 ib); + assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) + inline_for_extraction noextract let alloca_512 = F.alloca hacl_sha2_512 () (state_t_512.s ()) (G.erased unit) let create_in_512 = F.create_in hacl_sha2_512 () (state_t_512.s ()) (G.erased unit) @@ -79,3 +137,14 @@ let init_512 = F.init hacl_sha2_512 (G.hide ()) (state_t_512.s ()) (G.erased uni let update_512 = F.update hacl_sha2_512 (G.hide ()) (state_t_512.s ()) (G.erased unit) let finish_512 = F.mk_finish hacl_sha2_512 () (state_t_512.s ()) (G.erased unit) let free_512 = F.free hacl_sha2_512 (G.hide ()) (state_t_512.s ()) (G.erased unit) + +val sha512: hash_t SHA2_512 +let sha512 dst input_len input = + let ib = ntup1 input in + let rb = ntup1 dst in + let h0 = ST.get() in + loc_multi1 rb; + hash #SHA2_512 #M32 sha512_init sha512_update_nblocks sha512_update_last sha512_finish rb input_len ib; + let h1 = ST.get() in + Hacl.Spec.SHA2.Equiv.hash_agile_lemma #SHA2_512 #M32 (v input_len) (as_seq_multi h0 ib); + assert ((as_seq_multi h1 rb).(|0|) == as_seq h1 dst) diff --git a/dist/gcc-compatible/Hacl_Ed25519.c b/dist/gcc-compatible/Hacl_Ed25519.c index 9454bc9d37..b7c5d425c3 100644 --- a/dist/gcc-compatible/Hacl_Ed25519.c +++ b/dist/gcc-compatible/Hacl_Ed25519.c @@ -24,8 +24,8 @@ #include "internal/Hacl_Ed25519.h" +#include "internal/Hacl_Streaming_SHA2.h" #include "internal/Hacl_Krmllib.h" -#include "internal/Hacl_Hash_SHA2.h" #include "internal/Hacl_Curve25519_51.h" static inline void fsum(uint64_t *out, uint64_t *a, uint64_t *b) @@ -1738,7 +1738,7 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len, Hacl_Streaming_SHA2_state_sha2_384 s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U }; Hacl_Streaming_SHA2_state_sha2_384 p = s; - Hacl_Hash_Core_SHA2_init_512(block_state); + Hacl_SHA2_Scalar32_sha512_init(block_state); Hacl_Streaming_SHA2_state_sha2_384 *st = &p; uint32_t uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U); uint32_t uu____1 = Hacl_Streaming_SHA2_update_512(st, input, len); @@ -1759,7 +1759,7 @@ sha512_pre_pre2_msg( Hacl_Streaming_SHA2_state_sha2_384 s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)0U }; Hacl_Streaming_SHA2_state_sha2_384 p = s; - Hacl_Hash_Core_SHA2_init_512(block_state); + Hacl_SHA2_Scalar32_sha512_init(block_state); Hacl_Streaming_SHA2_state_sha2_384 *st = &p; uint32_t uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U); uint32_t uu____1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U); diff --git a/dist/gcc-compatible/Hacl_SHA2_Vec128.c b/dist/gcc-compatible/Hacl_SHA2_Vec128.c index 04d66f72d5..831a8c52de 100644 --- a/dist/gcc-compatible/Hacl_SHA2_Vec128.c +++ b/dist/gcc-compatible/Hacl_SHA2_Vec128.c @@ -26,16 +26,28 @@ #include "internal/Hacl_SHA2_Types.h" #include "libintvector.h" +static inline void sha224_init4(Lib_IntVector_Intrinsics_vec128 *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + Lib_IntVector_Intrinsics_vec128 *os = hash; + uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i]; + Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi); + os[i] = x;); +} + static inline void -sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec128 *hash) +sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash) { KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 hash_old[8U] KRML_POST_ALIGN(16) = { 0U }; KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ws[16U] KRML_POST_ALIGN(16) = { 0U }; memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec128)); - uint8_t *b3 = block.snd.snd.snd; - uint8_t *b2 = block.snd.snd.fst; - uint8_t *b10 = block.snd.fst; - uint8_t *b00 = block.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b10 = b.snd.fst; + uint8_t *b00 = b.fst; ws[0U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00); ws[1U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10); ws[2U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2); @@ -277,41 +289,20 @@ sha224_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec os[i] = x;); } -void -Hacl_SHA2_Vec128_sha224_4( - uint8_t *dst0, - uint8_t *dst1, - uint8_t *dst2, - uint8_t *dst3, - uint32_t input_len, - uint8_t *input0, - uint8_t *input1, - uint8_t *input2, - uint8_t *input3 +static inline void +sha224_update_nblocks4( + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec128 *st ) { - Hacl_Impl_SHA2_Types_uint8_4p - ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; - Hacl_Impl_SHA2_Types_uint8_4p - rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; - KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U }; - KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - Lib_IntVector_Intrinsics_vec128 *os = st; - uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i]; - Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi); - os[i] = x;); - uint32_t rem = input_len % (uint32_t)64U; - uint64_t len_ = (uint64_t)input_len; - uint32_t blocks0 = input_len / (uint32_t)64U; - for (uint32_t i = (uint32_t)0U; i < blocks0; i++) + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b2 = ib.snd.snd.fst; - uint8_t *b1 = ib.snd.fst; - uint8_t *b0 = ib.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *bl0 = b0 + i * (uint32_t)64U; uint8_t *bl1 = b1 + i * (uint32_t)64U; uint8_t *bl2 = b2 + i * (uint32_t)64U; @@ -320,19 +311,18 @@ Hacl_SHA2_Vec128_sha224_4( mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; sha224_update4(mb, st); } - uint32_t rem1 = input_len % (uint32_t)64U; - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b20 = ib.snd.snd.fst; - uint8_t *b10 = ib.snd.fst; - uint8_t *b00 = ib.fst; - uint8_t *bl0 = b00 + input_len - rem1; - uint8_t *bl1 = b10 + input_len - rem1; - uint8_t *bl2 = b20 + input_len - rem1; - uint8_t *bl3 = b3 + input_len - rem1; - Hacl_Impl_SHA2_Types_uint8_4p - lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; +} + +static inline void +sha224_update_last4( + uint64_t totlen, + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec128 *hash +) +{ uint32_t blocks; - if (rem + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) { blocks = (uint32_t)1U; } @@ -343,42 +333,42 @@ Hacl_SHA2_Vec128_sha224_4( uint32_t fin = blocks * (uint32_t)64U; uint8_t last[512U] = { 0U }; uint8_t totlen_buf[8U] = { 0U }; - uint64_t total_len_bits = len_ << (uint32_t)3U; + uint64_t total_len_bits = totlen << (uint32_t)3U; store64_be(totlen_buf, total_len_bits); - uint8_t *b30 = lb.snd.snd.snd; - uint8_t *b21 = lb.snd.snd.fst; - uint8_t *b11 = lb.snd.fst; - uint8_t *b01 = lb.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *last00 = last; uint8_t *last10 = last + (uint32_t)128U; uint8_t *last2 = last + (uint32_t)256U; uint8_t *last3 = last + (uint32_t)384U; - memcpy(last00, b01, rem * sizeof (uint8_t)); - last00[rem] = (uint8_t)0x80U; + memcpy(last00, b0, len * sizeof (uint8_t)); + last00[len] = (uint8_t)0x80U; memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last010 = last00; uint8_t *last110 = last00 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last010, .snd = last110 }; uint8_t *l00 = scrut.fst; uint8_t *l01 = scrut.snd; - memcpy(last10, b11, rem * sizeof (uint8_t)); - last10[rem] = (uint8_t)0x80U; + memcpy(last10, b1, len * sizeof (uint8_t)); + last10[len] = (uint8_t)0x80U; memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last011 = last10; uint8_t *last111 = last10 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = last011, .snd = last111 }; uint8_t *l10 = scrut0.fst; uint8_t *l11 = scrut0.snd; - memcpy(last2, b21, rem * sizeof (uint8_t)); - last2[rem] = (uint8_t)0x80U; + memcpy(last2, b2, len * sizeof (uint8_t)); + last2[len] = (uint8_t)0x80U; memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last012 = last2; uint8_t *last112 = last2 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut1 = { .fst = last012, .snd = last112 }; uint8_t *l20 = scrut1.fst; uint8_t *l21 = scrut1.snd; - memcpy(last3, b30, rem * sizeof (uint8_t)); - last3[rem] = (uint8_t)0x80U; + memcpy(last3, b3, len * sizeof (uint8_t)); + last3[len] = (uint8_t)0x80U; memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last01 = last3; uint8_t *last11 = last3 + (uint32_t)64U; @@ -392,11 +382,17 @@ Hacl_SHA2_Vec128_sha224_4( Hacl_Impl_SHA2_Types_uint8_2x4p scrut3 = { .fst = mb0, .snd = mb1 }; Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut3.fst; Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut3.snd; - sha224_update4(last0, st); + sha224_update4(last0, hash); if (blocks > (uint32_t)1U) { - sha224_update4(last1, st); + sha224_update4(last1, hash); + return; } +} + +static inline void +sha224_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4p h) +{ uint8_t hbuf[128U] = { 0U }; Lib_IntVector_Intrinsics_vec128 v00 = st[0U]; Lib_IntVector_Intrinsics_vec128 v10 = st[1U]; @@ -467,26 +463,75 @@ Hacl_SHA2_Vec128_sha224_4( (uint32_t)8U, (uint32_t)1U, Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * (uint32_t)16U, st[i]);); - uint8_t *b31 = rb.snd.snd.snd; - uint8_t *b2 = rb.snd.snd.fst; - uint8_t *b1 = rb.snd.fst; - uint8_t *b0 = rb.fst; + uint8_t *b3 = h.snd.snd.snd; + uint8_t *b2 = h.snd.snd.fst; + uint8_t *b1 = h.snd.fst; + uint8_t *b0 = h.fst; memcpy(b0, hbuf, (uint32_t)28U * sizeof (uint8_t)); memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)28U * sizeof (uint8_t)); memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)28U * sizeof (uint8_t)); - memcpy(b31, hbuf + (uint32_t)96U, (uint32_t)28U * sizeof (uint8_t)); + memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)28U * sizeof (uint8_t)); +} + +void +Hacl_SHA2_Vec128_sha224_4( + uint8_t *dst0, + uint8_t *dst1, + uint8_t *dst2, + uint8_t *dst3, + uint32_t input_len, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3 +) +{ + Hacl_Impl_SHA2_Types_uint8_4p + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + Hacl_Impl_SHA2_Types_uint8_4p + rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; + KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U }; + sha224_init4(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha224_update_nblocks4(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b3 = ib.snd.snd.snd; + uint8_t *b2 = ib.snd.snd.fst; + uint8_t *b1 = ib.snd.fst; + uint8_t *b0 = ib.fst; + uint8_t *bl0 = b0 + input_len - rem1; + uint8_t *bl1 = b1 + input_len - rem1; + uint8_t *bl2 = b2 + input_len - rem1; + uint8_t *bl3 = b3 + input_len - rem1; + Hacl_Impl_SHA2_Types_uint8_4p + lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; + sha224_update_last4(len_, rem, lb, st); + sha224_finish4(st, rb); +} + +static inline void sha256_init4(Lib_IntVector_Intrinsics_vec128 *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + Lib_IntVector_Intrinsics_vec128 *os = hash; + uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i]; + Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi); + os[i] = x;); } static inline void -sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec128 *hash) +sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec128 *hash) { KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 hash_old[8U] KRML_POST_ALIGN(16) = { 0U }; KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 ws[16U] KRML_POST_ALIGN(16) = { 0U }; memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec128)); - uint8_t *b3 = block.snd.snd.snd; - uint8_t *b2 = block.snd.snd.fst; - uint8_t *b10 = block.snd.fst; - uint8_t *b00 = block.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b10 = b.snd.fst; + uint8_t *b00 = b.fst; ws[0U] = Lib_IntVector_Intrinsics_vec128_load32_be(b00); ws[1U] = Lib_IntVector_Intrinsics_vec128_load32_be(b10); ws[2U] = Lib_IntVector_Intrinsics_vec128_load32_be(b2); @@ -728,41 +773,20 @@ sha256_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec os[i] = x;); } -void -Hacl_SHA2_Vec128_sha256_4( - uint8_t *dst0, - uint8_t *dst1, - uint8_t *dst2, - uint8_t *dst3, - uint32_t input_len, - uint8_t *input0, - uint8_t *input1, - uint8_t *input2, - uint8_t *input3 +static inline void +sha256_update_nblocks4( + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec128 *st ) { - Hacl_Impl_SHA2_Types_uint8_4p - ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; - Hacl_Impl_SHA2_Types_uint8_4p - rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; - KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U }; - KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - Lib_IntVector_Intrinsics_vec128 *os = st; - uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i]; - Lib_IntVector_Intrinsics_vec128 x = Lib_IntVector_Intrinsics_vec128_load32(hi); - os[i] = x;); - uint32_t rem = input_len % (uint32_t)64U; - uint64_t len_ = (uint64_t)input_len; - uint32_t blocks0 = input_len / (uint32_t)64U; - for (uint32_t i = (uint32_t)0U; i < blocks0; i++) + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b2 = ib.snd.snd.fst; - uint8_t *b1 = ib.snd.fst; - uint8_t *b0 = ib.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *bl0 = b0 + i * (uint32_t)64U; uint8_t *bl1 = b1 + i * (uint32_t)64U; uint8_t *bl2 = b2 + i * (uint32_t)64U; @@ -771,19 +795,18 @@ Hacl_SHA2_Vec128_sha256_4( mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; sha256_update4(mb, st); } - uint32_t rem1 = input_len % (uint32_t)64U; - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b20 = ib.snd.snd.fst; - uint8_t *b10 = ib.snd.fst; - uint8_t *b00 = ib.fst; - uint8_t *bl0 = b00 + input_len - rem1; - uint8_t *bl1 = b10 + input_len - rem1; - uint8_t *bl2 = b20 + input_len - rem1; - uint8_t *bl3 = b3 + input_len - rem1; - Hacl_Impl_SHA2_Types_uint8_4p - lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; +} + +static inline void +sha256_update_last4( + uint64_t totlen, + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec128 *hash +) +{ uint32_t blocks; - if (rem + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) { blocks = (uint32_t)1U; } @@ -794,42 +817,42 @@ Hacl_SHA2_Vec128_sha256_4( uint32_t fin = blocks * (uint32_t)64U; uint8_t last[512U] = { 0U }; uint8_t totlen_buf[8U] = { 0U }; - uint64_t total_len_bits = len_ << (uint32_t)3U; + uint64_t total_len_bits = totlen << (uint32_t)3U; store64_be(totlen_buf, total_len_bits); - uint8_t *b30 = lb.snd.snd.snd; - uint8_t *b21 = lb.snd.snd.fst; - uint8_t *b11 = lb.snd.fst; - uint8_t *b01 = lb.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *last00 = last; uint8_t *last10 = last + (uint32_t)128U; uint8_t *last2 = last + (uint32_t)256U; uint8_t *last3 = last + (uint32_t)384U; - memcpy(last00, b01, rem * sizeof (uint8_t)); - last00[rem] = (uint8_t)0x80U; + memcpy(last00, b0, len * sizeof (uint8_t)); + last00[len] = (uint8_t)0x80U; memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last010 = last00; uint8_t *last110 = last00 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last010, .snd = last110 }; uint8_t *l00 = scrut.fst; uint8_t *l01 = scrut.snd; - memcpy(last10, b11, rem * sizeof (uint8_t)); - last10[rem] = (uint8_t)0x80U; + memcpy(last10, b1, len * sizeof (uint8_t)); + last10[len] = (uint8_t)0x80U; memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last011 = last10; uint8_t *last111 = last10 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = last011, .snd = last111 }; uint8_t *l10 = scrut0.fst; uint8_t *l11 = scrut0.snd; - memcpy(last2, b21, rem * sizeof (uint8_t)); - last2[rem] = (uint8_t)0x80U; + memcpy(last2, b2, len * sizeof (uint8_t)); + last2[len] = (uint8_t)0x80U; memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last012 = last2; uint8_t *last112 = last2 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut1 = { .fst = last012, .snd = last112 }; uint8_t *l20 = scrut1.fst; uint8_t *l21 = scrut1.snd; - memcpy(last3, b30, rem * sizeof (uint8_t)); - last3[rem] = (uint8_t)0x80U; + memcpy(last3, b3, len * sizeof (uint8_t)); + last3[len] = (uint8_t)0x80U; memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last01 = last3; uint8_t *last11 = last3 + (uint32_t)64U; @@ -843,11 +866,17 @@ Hacl_SHA2_Vec128_sha256_4( Hacl_Impl_SHA2_Types_uint8_2x4p scrut3 = { .fst = mb0, .snd = mb1 }; Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut3.fst; Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut3.snd; - sha256_update4(last0, st); + sha256_update4(last0, hash); if (blocks > (uint32_t)1U) { - sha256_update4(last1, st); + sha256_update4(last1, hash); + return; } +} + +static inline void +sha256_finish4(Lib_IntVector_Intrinsics_vec128 *st, Hacl_Impl_SHA2_Types_uint8_4p h) +{ uint8_t hbuf[128U] = { 0U }; Lib_IntVector_Intrinsics_vec128 v00 = st[0U]; Lib_IntVector_Intrinsics_vec128 v10 = st[1U]; @@ -918,13 +947,50 @@ Hacl_SHA2_Vec128_sha256_4( (uint32_t)8U, (uint32_t)1U, Lib_IntVector_Intrinsics_vec128_store32_be(hbuf + i * (uint32_t)16U, st[i]);); - uint8_t *b31 = rb.snd.snd.snd; - uint8_t *b2 = rb.snd.snd.fst; - uint8_t *b1 = rb.snd.fst; - uint8_t *b0 = rb.fst; + uint8_t *b3 = h.snd.snd.snd; + uint8_t *b2 = h.snd.snd.fst; + uint8_t *b1 = h.snd.fst; + uint8_t *b0 = h.fst; memcpy(b0, hbuf, (uint32_t)32U * sizeof (uint8_t)); memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)32U * sizeof (uint8_t)); memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)32U * sizeof (uint8_t)); - memcpy(b31, hbuf + (uint32_t)96U, (uint32_t)32U * sizeof (uint8_t)); + memcpy(b3, hbuf + (uint32_t)96U, (uint32_t)32U * sizeof (uint8_t)); +} + +void +Hacl_SHA2_Vec128_sha256_4( + uint8_t *dst0, + uint8_t *dst1, + uint8_t *dst2, + uint8_t *dst3, + uint32_t input_len, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3 +) +{ + Hacl_Impl_SHA2_Types_uint8_4p + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + Hacl_Impl_SHA2_Types_uint8_4p + rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; + KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 st[8U] KRML_POST_ALIGN(16) = { 0U }; + sha256_init4(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha256_update_nblocks4(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b3 = ib.snd.snd.snd; + uint8_t *b2 = ib.snd.snd.fst; + uint8_t *b1 = ib.snd.fst; + uint8_t *b0 = ib.fst; + uint8_t *bl0 = b0 + input_len - rem1; + uint8_t *bl1 = b1 + input_len - rem1; + uint8_t *bl2 = b2 + input_len - rem1; + uint8_t *bl3 = b3 + input_len - rem1; + Hacl_Impl_SHA2_Types_uint8_4p + lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; + sha256_update_last4(len_, rem, lb, st); + sha256_finish4(st, rb); } diff --git a/dist/gcc-compatible/Hacl_SHA2_Vec256.c b/dist/gcc-compatible/Hacl_SHA2_Vec256.c index 7511d12bd9..1bb1f9287b 100644 --- a/dist/gcc-compatible/Hacl_SHA2_Vec256.c +++ b/dist/gcc-compatible/Hacl_SHA2_Vec256.c @@ -26,20 +26,32 @@ #include "internal/Hacl_SHA2_Types.h" #include "libintvector.h" +static inline void sha224_init8(Lib_IntVector_Intrinsics_vec256 *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + Lib_IntVector_Intrinsics_vec256 *os = hash; + uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i]; + Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi); + os[i] = x;); +} + static inline void -sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p block, Lib_IntVector_Intrinsics_vec256 *hash) +sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash) { KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U }; KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U }; memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256)); - uint8_t *b7 = block.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b6 = block.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b5 = block.snd.snd.snd.snd.snd.fst; - uint8_t *b4 = block.snd.snd.snd.snd.fst; - uint8_t *b3 = block.snd.snd.snd.fst; - uint8_t *b2 = block.snd.snd.fst; - uint8_t *b10 = block.snd.fst; - uint8_t *b00 = block.fst; + uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = b.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = b.snd.snd.snd.snd.fst; + uint8_t *b3 = b.snd.snd.snd.fst; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b10 = b.snd.fst; + uint8_t *b00 = b.fst; ws[0U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00); ws[1U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10); ws[2U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2); @@ -361,82 +373,24 @@ sha224_update8(Hacl_Impl_SHA2_Types_uint8_8p block, Lib_IntVector_Intrinsics_vec os[i] = x;); } -void -Hacl_SHA2_Vec256_sha224_8( - uint8_t *dst0, - uint8_t *dst1, - uint8_t *dst2, - uint8_t *dst3, - uint8_t *dst4, - uint8_t *dst5, - uint8_t *dst6, - uint8_t *dst7, - uint32_t input_len, - uint8_t *input0, - uint8_t *input1, - uint8_t *input2, - uint8_t *input3, - uint8_t *input4, - uint8_t *input5, - uint8_t *input6, - uint8_t *input7 +static inline void +sha224_update_nblocks8( + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_8p b, + Lib_IntVector_Intrinsics_vec256 *st ) { - Hacl_Impl_SHA2_Types_uint8_8p - ib = - { - .fst = input0, - .snd = { - .fst = input1, - .snd = { - .fst = input2, - .snd = { - .fst = input3, - .snd = { - .fst = input4, - .snd = { .fst = input5, .snd = { .fst = input6, .snd = input7 } } - } - } - } - } - }; - Hacl_Impl_SHA2_Types_uint8_8p - rb = - { - .fst = dst0, - .snd = { - .fst = dst1, - .snd = { - .fst = dst2, - .snd = { - .fst = dst3, - .snd = { .fst = dst4, .snd = { .fst = dst5, .snd = { .fst = dst6, .snd = dst7 } } } - } - } - } - }; - KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; - KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - Lib_IntVector_Intrinsics_vec256 *os = st; - uint32_t hi = Hacl_Impl_SHA2_Generic_h224[i]; - Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi); - os[i] = x;); - uint32_t rem = input_len % (uint32_t)64U; - uint64_t len_ = (uint64_t)input_len; - uint32_t blocks0 = input_len / (uint32_t)64U; - for (uint32_t i = (uint32_t)0U; i < blocks0; i++) + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { - uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst; - uint8_t *b4 = ib.snd.snd.snd.snd.fst; - uint8_t *b3 = ib.snd.snd.snd.fst; - uint8_t *b2 = ib.snd.snd.fst; - uint8_t *b1 = ib.snd.fst; - uint8_t *b0 = ib.fst; + uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = b.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = b.snd.snd.snd.snd.fst; + uint8_t *b3 = b.snd.snd.snd.fst; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *bl0 = b0 + i * (uint32_t)64U; uint8_t *bl1 = b1 + i * (uint32_t)64U; uint8_t *bl2 = b2 + i * (uint32_t)64U; @@ -462,40 +416,18 @@ Hacl_SHA2_Vec256_sha224_8( }; sha224_update8(mb, st); } - uint32_t rem1 = input_len % (uint32_t)64U; - uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b60 = ib.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b50 = ib.snd.snd.snd.snd.snd.fst; - uint8_t *b40 = ib.snd.snd.snd.snd.fst; - uint8_t *b30 = ib.snd.snd.snd.fst; - uint8_t *b20 = ib.snd.snd.fst; - uint8_t *b10 = ib.snd.fst; - uint8_t *b00 = ib.fst; - uint8_t *bl0 = b00 + input_len - rem1; - uint8_t *bl1 = b10 + input_len - rem1; - uint8_t *bl2 = b20 + input_len - rem1; - uint8_t *bl3 = b30 + input_len - rem1; - uint8_t *bl4 = b40 + input_len - rem1; - uint8_t *bl5 = b50 + input_len - rem1; - uint8_t *bl6 = b60 + input_len - rem1; - uint8_t *bl7 = b7 + input_len - rem1; - Hacl_Impl_SHA2_Types_uint8_8p - lb = - { - .fst = bl0, - .snd = { - .fst = bl1, - .snd = { - .fst = bl2, - .snd = { - .fst = bl3, - .snd = { .fst = bl4, .snd = { .fst = bl5, .snd = { .fst = bl6, .snd = bl7 } } } - } - } - } - }; +} + +static inline void +sha224_update_last8( + uint64_t totlen, + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_8p b, + Lib_IntVector_Intrinsics_vec256 *hash +) +{ uint32_t blocks; - if (rem + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) { blocks = (uint32_t)1U; } @@ -506,16 +438,16 @@ Hacl_SHA2_Vec256_sha224_8( uint32_t fin = blocks * (uint32_t)64U; uint8_t last[1024U] = { 0U }; uint8_t totlen_buf[8U] = { 0U }; - uint64_t total_len_bits = len_ << (uint32_t)3U; + uint64_t total_len_bits = totlen << (uint32_t)3U; store64_be(totlen_buf, total_len_bits); - uint8_t *b70 = lb.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b61 = lb.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b51 = lb.snd.snd.snd.snd.snd.fst; - uint8_t *b41 = lb.snd.snd.snd.snd.fst; - uint8_t *b31 = lb.snd.snd.snd.fst; - uint8_t *b21 = lb.snd.snd.fst; - uint8_t *b11 = lb.snd.fst; - uint8_t *b01 = lb.fst; + uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = b.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = b.snd.snd.snd.snd.fst; + uint8_t *b3 = b.snd.snd.snd.fst; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *last00 = last; uint8_t *last10 = last + (uint32_t)128U; uint8_t *last2 = last + (uint32_t)256U; @@ -524,64 +456,64 @@ Hacl_SHA2_Vec256_sha224_8( uint8_t *last5 = last + (uint32_t)640U; uint8_t *last6 = last + (uint32_t)768U; uint8_t *last7 = last + (uint32_t)896U; - memcpy(last00, b01, rem * sizeof (uint8_t)); - last00[rem] = (uint8_t)0x80U; + memcpy(last00, b0, len * sizeof (uint8_t)); + last00[len] = (uint8_t)0x80U; memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last010 = last00; uint8_t *last110 = last00 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last010, .snd = last110 }; uint8_t *l00 = scrut.fst; uint8_t *l01 = scrut.snd; - memcpy(last10, b11, rem * sizeof (uint8_t)); - last10[rem] = (uint8_t)0x80U; + memcpy(last10, b1, len * sizeof (uint8_t)); + last10[len] = (uint8_t)0x80U; memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last011 = last10; uint8_t *last111 = last10 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = last011, .snd = last111 }; uint8_t *l10 = scrut0.fst; uint8_t *l11 = scrut0.snd; - memcpy(last2, b21, rem * sizeof (uint8_t)); - last2[rem] = (uint8_t)0x80U; + memcpy(last2, b2, len * sizeof (uint8_t)); + last2[len] = (uint8_t)0x80U; memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last012 = last2; uint8_t *last112 = last2 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut1 = { .fst = last012, .snd = last112 }; uint8_t *l20 = scrut1.fst; uint8_t *l21 = scrut1.snd; - memcpy(last3, b31, rem * sizeof (uint8_t)); - last3[rem] = (uint8_t)0x80U; + memcpy(last3, b3, len * sizeof (uint8_t)); + last3[len] = (uint8_t)0x80U; memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last013 = last3; uint8_t *last113 = last3 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut2 = { .fst = last013, .snd = last113 }; uint8_t *l30 = scrut2.fst; uint8_t *l31 = scrut2.snd; - memcpy(last4, b41, rem * sizeof (uint8_t)); - last4[rem] = (uint8_t)0x80U; + memcpy(last4, b4, len * sizeof (uint8_t)); + last4[len] = (uint8_t)0x80U; memcpy(last4 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last014 = last4; uint8_t *last114 = last4 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut3 = { .fst = last014, .snd = last114 }; uint8_t *l40 = scrut3.fst; uint8_t *l41 = scrut3.snd; - memcpy(last5, b51, rem * sizeof (uint8_t)); - last5[rem] = (uint8_t)0x80U; + memcpy(last5, b5, len * sizeof (uint8_t)); + last5[len] = (uint8_t)0x80U; memcpy(last5 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last015 = last5; uint8_t *last115 = last5 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut4 = { .fst = last015, .snd = last115 }; uint8_t *l50 = scrut4.fst; uint8_t *l51 = scrut4.snd; - memcpy(last6, b61, rem * sizeof (uint8_t)); - last6[rem] = (uint8_t)0x80U; + memcpy(last6, b6, len * sizeof (uint8_t)); + last6[len] = (uint8_t)0x80U; memcpy(last6 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last016 = last6; uint8_t *last116 = last6 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut5 = { .fst = last016, .snd = last116 }; uint8_t *l60 = scrut5.fst; uint8_t *l61 = scrut5.snd; - memcpy(last7, b70, rem * sizeof (uint8_t)); - last7[rem] = (uint8_t)0x80U; + memcpy(last7, b7, len * sizeof (uint8_t)); + last7[len] = (uint8_t)0x80U; memcpy(last7 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last01 = last7; uint8_t *last11 = last7 + (uint32_t)64U; @@ -621,11 +553,17 @@ Hacl_SHA2_Vec256_sha224_8( Hacl_Impl_SHA2_Types_uint8_2x8p scrut7 = { .fst = mb0, .snd = mb1 }; Hacl_Impl_SHA2_Types_uint8_8p last0 = scrut7.fst; Hacl_Impl_SHA2_Types_uint8_8p last1 = scrut7.snd; - sha224_update8(last0, st); + sha224_update8(last0, hash); if (blocks > (uint32_t)1U) { - sha224_update8(last1, st); + sha224_update8(last1, hash); + return; } +} + +static inline void +sha224_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8p h) +{ uint8_t hbuf[256U] = { 0U }; Lib_IntVector_Intrinsics_vec256 v0 = st[0U]; Lib_IntVector_Intrinsics_vec256 v1 = st[1U]; @@ -732,14 +670,14 @@ Hacl_SHA2_Vec256_sha224_8( (uint32_t)8U, (uint32_t)1U, Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * (uint32_t)32U, st[i]);); - uint8_t *b71 = rb.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b6 = rb.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b5 = rb.snd.snd.snd.snd.snd.fst; - uint8_t *b4 = rb.snd.snd.snd.snd.fst; - uint8_t *b3 = rb.snd.snd.snd.fst; - uint8_t *b2 = rb.snd.snd.fst; - uint8_t *b1 = rb.snd.fst; - uint8_t *b0 = rb.fst; + uint8_t *b7 = h.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = h.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = h.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = h.snd.snd.snd.snd.fst; + uint8_t *b3 = h.snd.snd.snd.fst; + uint8_t *b2 = h.snd.snd.fst; + uint8_t *b1 = h.snd.fst; + uint8_t *b0 = h.fst; memcpy(b0, hbuf, (uint32_t)28U * sizeof (uint8_t)); memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)28U * sizeof (uint8_t)); memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)28U * sizeof (uint8_t)); @@ -747,23 +685,130 @@ Hacl_SHA2_Vec256_sha224_8( memcpy(b4, hbuf + (uint32_t)128U, (uint32_t)28U * sizeof (uint8_t)); memcpy(b5, hbuf + (uint32_t)160U, (uint32_t)28U * sizeof (uint8_t)); memcpy(b6, hbuf + (uint32_t)192U, (uint32_t)28U * sizeof (uint8_t)); - memcpy(b71, hbuf + (uint32_t)224U, (uint32_t)28U * sizeof (uint8_t)); + memcpy(b7, hbuf + (uint32_t)224U, (uint32_t)28U * sizeof (uint8_t)); +} + +void +Hacl_SHA2_Vec256_sha224_8( + uint8_t *dst0, + uint8_t *dst1, + uint8_t *dst2, + uint8_t *dst3, + uint8_t *dst4, + uint8_t *dst5, + uint8_t *dst6, + uint8_t *dst7, + uint32_t input_len, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *input4, + uint8_t *input5, + uint8_t *input6, + uint8_t *input7 +) +{ + Hacl_Impl_SHA2_Types_uint8_8p + ib = + { + .fst = input0, + .snd = { + .fst = input1, + .snd = { + .fst = input2, + .snd = { + .fst = input3, + .snd = { + .fst = input4, + .snd = { .fst = input5, .snd = { .fst = input6, .snd = input7 } } + } + } + } + } + }; + Hacl_Impl_SHA2_Types_uint8_8p + rb = + { + .fst = dst0, + .snd = { + .fst = dst1, + .snd = { + .fst = dst2, + .snd = { + .fst = dst3, + .snd = { .fst = dst4, .snd = { .fst = dst5, .snd = { .fst = dst6, .snd = dst7 } } } + } + } + } + }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; + sha224_init8(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha224_update_nblocks8(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = ib.snd.snd.snd.snd.fst; + uint8_t *b3 = ib.snd.snd.snd.fst; + uint8_t *b2 = ib.snd.snd.fst; + uint8_t *b1 = ib.snd.fst; + uint8_t *b0 = ib.fst; + uint8_t *bl0 = b0 + input_len - rem1; + uint8_t *bl1 = b1 + input_len - rem1; + uint8_t *bl2 = b2 + input_len - rem1; + uint8_t *bl3 = b3 + input_len - rem1; + uint8_t *bl4 = b4 + input_len - rem1; + uint8_t *bl5 = b5 + input_len - rem1; + uint8_t *bl6 = b6 + input_len - rem1; + uint8_t *bl7 = b7 + input_len - rem1; + Hacl_Impl_SHA2_Types_uint8_8p + lb = + { + .fst = bl0, + .snd = { + .fst = bl1, + .snd = { + .fst = bl2, + .snd = { + .fst = bl3, + .snd = { .fst = bl4, .snd = { .fst = bl5, .snd = { .fst = bl6, .snd = bl7 } } } + } + } + } + }; + sha224_update_last8(len_, rem, lb, st); + sha224_finish8(st, rb); +} + +static inline void sha256_init8(Lib_IntVector_Intrinsics_vec256 *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + Lib_IntVector_Intrinsics_vec256 *os = hash; + uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i]; + Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi); + os[i] = x;); } static inline void -sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p block, Lib_IntVector_Intrinsics_vec256 *hash) +sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p b, Lib_IntVector_Intrinsics_vec256 *hash) { KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U }; KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U }; memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256)); - uint8_t *b7 = block.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b6 = block.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b5 = block.snd.snd.snd.snd.snd.fst; - uint8_t *b4 = block.snd.snd.snd.snd.fst; - uint8_t *b3 = block.snd.snd.snd.fst; - uint8_t *b2 = block.snd.snd.fst; - uint8_t *b10 = block.snd.fst; - uint8_t *b00 = block.fst; + uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = b.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = b.snd.snd.snd.snd.fst; + uint8_t *b3 = b.snd.snd.snd.fst; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b10 = b.snd.fst; + uint8_t *b00 = b.fst; ws[0U] = Lib_IntVector_Intrinsics_vec256_load32_be(b00); ws[1U] = Lib_IntVector_Intrinsics_vec256_load32_be(b10); ws[2U] = Lib_IntVector_Intrinsics_vec256_load32_be(b2); @@ -1085,82 +1130,24 @@ sha256_update8(Hacl_Impl_SHA2_Types_uint8_8p block, Lib_IntVector_Intrinsics_vec os[i] = x;); } -void -Hacl_SHA2_Vec256_sha256_8( - uint8_t *dst0, - uint8_t *dst1, - uint8_t *dst2, - uint8_t *dst3, - uint8_t *dst4, - uint8_t *dst5, - uint8_t *dst6, - uint8_t *dst7, - uint32_t input_len, - uint8_t *input0, - uint8_t *input1, - uint8_t *input2, - uint8_t *input3, - uint8_t *input4, - uint8_t *input5, - uint8_t *input6, - uint8_t *input7 +static inline void +sha256_update_nblocks8( + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_8p b, + Lib_IntVector_Intrinsics_vec256 *st ) { - Hacl_Impl_SHA2_Types_uint8_8p - ib = - { - .fst = input0, - .snd = { - .fst = input1, - .snd = { - .fst = input2, - .snd = { - .fst = input3, - .snd = { - .fst = input4, - .snd = { .fst = input5, .snd = { .fst = input6, .snd = input7 } } - } - } - } - } - }; - Hacl_Impl_SHA2_Types_uint8_8p - rb = - { - .fst = dst0, - .snd = { - .fst = dst1, - .snd = { - .fst = dst2, - .snd = { - .fst = dst3, - .snd = { .fst = dst4, .snd = { .fst = dst5, .snd = { .fst = dst6, .snd = dst7 } } } - } - } - } - }; - KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; - KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - Lib_IntVector_Intrinsics_vec256 *os = st; - uint32_t hi = Hacl_Impl_SHA2_Generic_h256[i]; - Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load32(hi); - os[i] = x;); - uint32_t rem = input_len % (uint32_t)64U; - uint64_t len_ = (uint64_t)input_len; - uint32_t blocks0 = input_len / (uint32_t)64U; - for (uint32_t i = (uint32_t)0U; i < blocks0; i++) + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { - uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst; - uint8_t *b4 = ib.snd.snd.snd.snd.fst; - uint8_t *b3 = ib.snd.snd.snd.fst; - uint8_t *b2 = ib.snd.snd.fst; - uint8_t *b1 = ib.snd.fst; - uint8_t *b0 = ib.fst; + uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = b.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = b.snd.snd.snd.snd.fst; + uint8_t *b3 = b.snd.snd.snd.fst; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *bl0 = b0 + i * (uint32_t)64U; uint8_t *bl1 = b1 + i * (uint32_t)64U; uint8_t *bl2 = b2 + i * (uint32_t)64U; @@ -1174,52 +1161,30 @@ Hacl_SHA2_Vec256_sha256_8( { .fst = bl0, .snd = { - .fst = bl1, - .snd = { - .fst = bl2, - .snd = { - .fst = bl3, - .snd = { .fst = bl4, .snd = { .fst = bl5, .snd = { .fst = bl6, .snd = bl7 } } } - } - } - } - }; - sha256_update8(mb, st); - } - uint32_t rem1 = input_len % (uint32_t)64U; - uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b60 = ib.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b50 = ib.snd.snd.snd.snd.snd.fst; - uint8_t *b40 = ib.snd.snd.snd.snd.fst; - uint8_t *b30 = ib.snd.snd.snd.fst; - uint8_t *b20 = ib.snd.snd.fst; - uint8_t *b10 = ib.snd.fst; - uint8_t *b00 = ib.fst; - uint8_t *bl0 = b00 + input_len - rem1; - uint8_t *bl1 = b10 + input_len - rem1; - uint8_t *bl2 = b20 + input_len - rem1; - uint8_t *bl3 = b30 + input_len - rem1; - uint8_t *bl4 = b40 + input_len - rem1; - uint8_t *bl5 = b50 + input_len - rem1; - uint8_t *bl6 = b60 + input_len - rem1; - uint8_t *bl7 = b7 + input_len - rem1; - Hacl_Impl_SHA2_Types_uint8_8p - lb = - { - .fst = bl0, - .snd = { - .fst = bl1, - .snd = { - .fst = bl2, + .fst = bl1, .snd = { - .fst = bl3, - .snd = { .fst = bl4, .snd = { .fst = bl5, .snd = { .fst = bl6, .snd = bl7 } } } + .fst = bl2, + .snd = { + .fst = bl3, + .snd = { .fst = bl4, .snd = { .fst = bl5, .snd = { .fst = bl6, .snd = bl7 } } } + } } } - } - }; + }; + sha256_update8(mb, st); + } +} + +static inline void +sha256_update_last8( + uint64_t totlen, + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_8p b, + Lib_IntVector_Intrinsics_vec256 *hash +) +{ uint32_t blocks; - if (rem + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) { blocks = (uint32_t)1U; } @@ -1230,16 +1195,16 @@ Hacl_SHA2_Vec256_sha256_8( uint32_t fin = blocks * (uint32_t)64U; uint8_t last[1024U] = { 0U }; uint8_t totlen_buf[8U] = { 0U }; - uint64_t total_len_bits = len_ << (uint32_t)3U; + uint64_t total_len_bits = totlen << (uint32_t)3U; store64_be(totlen_buf, total_len_bits); - uint8_t *b70 = lb.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b61 = lb.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b51 = lb.snd.snd.snd.snd.snd.fst; - uint8_t *b41 = lb.snd.snd.snd.snd.fst; - uint8_t *b31 = lb.snd.snd.snd.fst; - uint8_t *b21 = lb.snd.snd.fst; - uint8_t *b11 = lb.snd.fst; - uint8_t *b01 = lb.fst; + uint8_t *b7 = b.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = b.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = b.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = b.snd.snd.snd.snd.fst; + uint8_t *b3 = b.snd.snd.snd.fst; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *last00 = last; uint8_t *last10 = last + (uint32_t)128U; uint8_t *last2 = last + (uint32_t)256U; @@ -1248,64 +1213,64 @@ Hacl_SHA2_Vec256_sha256_8( uint8_t *last5 = last + (uint32_t)640U; uint8_t *last6 = last + (uint32_t)768U; uint8_t *last7 = last + (uint32_t)896U; - memcpy(last00, b01, rem * sizeof (uint8_t)); - last00[rem] = (uint8_t)0x80U; + memcpy(last00, b0, len * sizeof (uint8_t)); + last00[len] = (uint8_t)0x80U; memcpy(last00 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last010 = last00; uint8_t *last110 = last00 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last010, .snd = last110 }; uint8_t *l00 = scrut.fst; uint8_t *l01 = scrut.snd; - memcpy(last10, b11, rem * sizeof (uint8_t)); - last10[rem] = (uint8_t)0x80U; + memcpy(last10, b1, len * sizeof (uint8_t)); + last10[len] = (uint8_t)0x80U; memcpy(last10 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last011 = last10; uint8_t *last111 = last10 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = last011, .snd = last111 }; uint8_t *l10 = scrut0.fst; uint8_t *l11 = scrut0.snd; - memcpy(last2, b21, rem * sizeof (uint8_t)); - last2[rem] = (uint8_t)0x80U; + memcpy(last2, b2, len * sizeof (uint8_t)); + last2[len] = (uint8_t)0x80U; memcpy(last2 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last012 = last2; uint8_t *last112 = last2 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut1 = { .fst = last012, .snd = last112 }; uint8_t *l20 = scrut1.fst; uint8_t *l21 = scrut1.snd; - memcpy(last3, b31, rem * sizeof (uint8_t)); - last3[rem] = (uint8_t)0x80U; + memcpy(last3, b3, len * sizeof (uint8_t)); + last3[len] = (uint8_t)0x80U; memcpy(last3 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last013 = last3; uint8_t *last113 = last3 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut2 = { .fst = last013, .snd = last113 }; uint8_t *l30 = scrut2.fst; uint8_t *l31 = scrut2.snd; - memcpy(last4, b41, rem * sizeof (uint8_t)); - last4[rem] = (uint8_t)0x80U; + memcpy(last4, b4, len * sizeof (uint8_t)); + last4[len] = (uint8_t)0x80U; memcpy(last4 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last014 = last4; uint8_t *last114 = last4 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut3 = { .fst = last014, .snd = last114 }; uint8_t *l40 = scrut3.fst; uint8_t *l41 = scrut3.snd; - memcpy(last5, b51, rem * sizeof (uint8_t)); - last5[rem] = (uint8_t)0x80U; + memcpy(last5, b5, len * sizeof (uint8_t)); + last5[len] = (uint8_t)0x80U; memcpy(last5 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last015 = last5; uint8_t *last115 = last5 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut4 = { .fst = last015, .snd = last115 }; uint8_t *l50 = scrut4.fst; uint8_t *l51 = scrut4.snd; - memcpy(last6, b61, rem * sizeof (uint8_t)); - last6[rem] = (uint8_t)0x80U; + memcpy(last6, b6, len * sizeof (uint8_t)); + last6[len] = (uint8_t)0x80U; memcpy(last6 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last016 = last6; uint8_t *last116 = last6 + (uint32_t)64U; Hacl_Impl_SHA2_Types_uint8_2p scrut5 = { .fst = last016, .snd = last116 }; uint8_t *l60 = scrut5.fst; uint8_t *l61 = scrut5.snd; - memcpy(last7, b70, rem * sizeof (uint8_t)); - last7[rem] = (uint8_t)0x80U; + memcpy(last7, b7, len * sizeof (uint8_t)); + last7[len] = (uint8_t)0x80U; memcpy(last7 + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); uint8_t *last01 = last7; uint8_t *last11 = last7 + (uint32_t)64U; @@ -1345,11 +1310,17 @@ Hacl_SHA2_Vec256_sha256_8( Hacl_Impl_SHA2_Types_uint8_2x8p scrut7 = { .fst = mb0, .snd = mb1 }; Hacl_Impl_SHA2_Types_uint8_8p last0 = scrut7.fst; Hacl_Impl_SHA2_Types_uint8_8p last1 = scrut7.snd; - sha256_update8(last0, st); + sha256_update8(last0, hash); if (blocks > (uint32_t)1U) { - sha256_update8(last1, st); + sha256_update8(last1, hash); + return; } +} + +static inline void +sha256_finish8(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_8p h) +{ uint8_t hbuf[256U] = { 0U }; Lib_IntVector_Intrinsics_vec256 v0 = st[0U]; Lib_IntVector_Intrinsics_vec256 v1 = st[1U]; @@ -1456,14 +1427,14 @@ Hacl_SHA2_Vec256_sha256_8( (uint32_t)8U, (uint32_t)1U, Lib_IntVector_Intrinsics_vec256_store32_be(hbuf + i * (uint32_t)32U, st[i]);); - uint8_t *b71 = rb.snd.snd.snd.snd.snd.snd.snd; - uint8_t *b6 = rb.snd.snd.snd.snd.snd.snd.fst; - uint8_t *b5 = rb.snd.snd.snd.snd.snd.fst; - uint8_t *b4 = rb.snd.snd.snd.snd.fst; - uint8_t *b3 = rb.snd.snd.snd.fst; - uint8_t *b2 = rb.snd.snd.fst; - uint8_t *b1 = rb.snd.fst; - uint8_t *b0 = rb.fst; + uint8_t *b7 = h.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = h.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = h.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = h.snd.snd.snd.snd.fst; + uint8_t *b3 = h.snd.snd.snd.fst; + uint8_t *b2 = h.snd.snd.fst; + uint8_t *b1 = h.snd.fst; + uint8_t *b0 = h.fst; memcpy(b0, hbuf, (uint32_t)32U * sizeof (uint8_t)); memcpy(b1, hbuf + (uint32_t)32U, (uint32_t)32U * sizeof (uint8_t)); memcpy(b2, hbuf + (uint32_t)64U, (uint32_t)32U * sizeof (uint8_t)); @@ -1471,19 +1442,126 @@ Hacl_SHA2_Vec256_sha256_8( memcpy(b4, hbuf + (uint32_t)128U, (uint32_t)32U * sizeof (uint8_t)); memcpy(b5, hbuf + (uint32_t)160U, (uint32_t)32U * sizeof (uint8_t)); memcpy(b6, hbuf + (uint32_t)192U, (uint32_t)32U * sizeof (uint8_t)); - memcpy(b71, hbuf + (uint32_t)224U, (uint32_t)32U * sizeof (uint8_t)); + memcpy(b7, hbuf + (uint32_t)224U, (uint32_t)32U * sizeof (uint8_t)); +} + +void +Hacl_SHA2_Vec256_sha256_8( + uint8_t *dst0, + uint8_t *dst1, + uint8_t *dst2, + uint8_t *dst3, + uint8_t *dst4, + uint8_t *dst5, + uint8_t *dst6, + uint8_t *dst7, + uint32_t input_len, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3, + uint8_t *input4, + uint8_t *input5, + uint8_t *input6, + uint8_t *input7 +) +{ + Hacl_Impl_SHA2_Types_uint8_8p + ib = + { + .fst = input0, + .snd = { + .fst = input1, + .snd = { + .fst = input2, + .snd = { + .fst = input3, + .snd = { + .fst = input4, + .snd = { .fst = input5, .snd = { .fst = input6, .snd = input7 } } + } + } + } + } + }; + Hacl_Impl_SHA2_Types_uint8_8p + rb = + { + .fst = dst0, + .snd = { + .fst = dst1, + .snd = { + .fst = dst2, + .snd = { + .fst = dst3, + .snd = { .fst = dst4, .snd = { .fst = dst5, .snd = { .fst = dst6, .snd = dst7 } } } + } + } + } + }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; + sha256_init8(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha256_update_nblocks8(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b7 = ib.snd.snd.snd.snd.snd.snd.snd; + uint8_t *b6 = ib.snd.snd.snd.snd.snd.snd.fst; + uint8_t *b5 = ib.snd.snd.snd.snd.snd.fst; + uint8_t *b4 = ib.snd.snd.snd.snd.fst; + uint8_t *b3 = ib.snd.snd.snd.fst; + uint8_t *b2 = ib.snd.snd.fst; + uint8_t *b1 = ib.snd.fst; + uint8_t *b0 = ib.fst; + uint8_t *bl0 = b0 + input_len - rem1; + uint8_t *bl1 = b1 + input_len - rem1; + uint8_t *bl2 = b2 + input_len - rem1; + uint8_t *bl3 = b3 + input_len - rem1; + uint8_t *bl4 = b4 + input_len - rem1; + uint8_t *bl5 = b5 + input_len - rem1; + uint8_t *bl6 = b6 + input_len - rem1; + uint8_t *bl7 = b7 + input_len - rem1; + Hacl_Impl_SHA2_Types_uint8_8p + lb = + { + .fst = bl0, + .snd = { + .fst = bl1, + .snd = { + .fst = bl2, + .snd = { + .fst = bl3, + .snd = { .fst = bl4, .snd = { .fst = bl5, .snd = { .fst = bl6, .snd = bl7 } } } + } + } + } + }; + sha256_update_last8(len_, rem, lb, st); + sha256_finish8(st, rb); +} + +static inline void sha384_init4(Lib_IntVector_Intrinsics_vec256 *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + Lib_IntVector_Intrinsics_vec256 *os = hash; + uint64_t hi = Hacl_Impl_SHA2_Generic_h384[i]; + Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi); + os[i] = x;); } static inline void -sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec256 *hash) +sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash) { KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U }; KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U }; memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256)); - uint8_t *b3 = block.snd.snd.snd; - uint8_t *b2 = block.snd.snd.fst; - uint8_t *b10 = block.snd.fst; - uint8_t *b00 = block.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b10 = b.snd.fst; + uint8_t *b00 = b.fst; ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00); ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10); ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2); @@ -1709,41 +1787,20 @@ sha384_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec os[i] = x;); } -void -Hacl_SHA2_Vec256_sha384_4( - uint8_t *dst0, - uint8_t *dst1, - uint8_t *dst2, - uint8_t *dst3, - uint32_t input_len, - uint8_t *input0, - uint8_t *input1, - uint8_t *input2, - uint8_t *input3 +static inline void +sha384_update_nblocks4( + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec256 *st ) { - Hacl_Impl_SHA2_Types_uint8_4p - ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; - Hacl_Impl_SHA2_Types_uint8_4p - rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; - KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; - KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - Lib_IntVector_Intrinsics_vec256 *os = st; - uint64_t hi = Hacl_Impl_SHA2_Generic_h384[i]; - Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi); - os[i] = x;); - uint32_t rem = input_len % (uint32_t)128U; - FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len); - uint32_t blocks0 = input_len / (uint32_t)128U; - for (uint32_t i = (uint32_t)0U; i < blocks0; i++) + uint32_t blocks = len / (uint32_t)128U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b2 = ib.snd.snd.fst; - uint8_t *b1 = ib.snd.fst; - uint8_t *b0 = ib.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *bl0 = b0 + i * (uint32_t)128U; uint8_t *bl1 = b1 + i * (uint32_t)128U; uint8_t *bl2 = b2 + i * (uint32_t)128U; @@ -1752,19 +1809,18 @@ Hacl_SHA2_Vec256_sha384_4( mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; sha384_update4(mb, st); } - uint32_t rem1 = input_len % (uint32_t)128U; - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b20 = ib.snd.snd.fst; - uint8_t *b10 = ib.snd.fst; - uint8_t *b00 = ib.fst; - uint8_t *bl0 = b00 + input_len - rem1; - uint8_t *bl1 = b10 + input_len - rem1; - uint8_t *bl2 = b20 + input_len - rem1; - uint8_t *bl3 = b3 + input_len - rem1; - Hacl_Impl_SHA2_Types_uint8_4p - lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; +} + +static inline void +sha384_update_last4( + FStar_UInt128_uint128 totlen, + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec256 *hash +) +{ uint32_t blocks; - if (rem + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) + if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) { blocks = (uint32_t)1U; } @@ -1775,42 +1831,42 @@ Hacl_SHA2_Vec256_sha384_4( uint32_t fin = blocks * (uint32_t)128U; uint8_t last[1024U] = { 0U }; uint8_t totlen_buf[16U] = { 0U }; - FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(len_, (uint32_t)3U); + FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U); store128_be(totlen_buf, total_len_bits); - uint8_t *b30 = lb.snd.snd.snd; - uint8_t *b21 = lb.snd.snd.fst; - uint8_t *b11 = lb.snd.fst; - uint8_t *b01 = lb.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *last00 = last; uint8_t *last10 = last + (uint32_t)256U; uint8_t *last2 = last + (uint32_t)512U; uint8_t *last3 = last + (uint32_t)768U; - memcpy(last00, b01, rem * sizeof (uint8_t)); - last00[rem] = (uint8_t)0x80U; + memcpy(last00, b0, len * sizeof (uint8_t)); + last00[len] = (uint8_t)0x80U; memcpy(last00 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last010 = last00; uint8_t *last110 = last00 + (uint32_t)128U; Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last010, .snd = last110 }; uint8_t *l00 = scrut.fst; uint8_t *l01 = scrut.snd; - memcpy(last10, b11, rem * sizeof (uint8_t)); - last10[rem] = (uint8_t)0x80U; + memcpy(last10, b1, len * sizeof (uint8_t)); + last10[len] = (uint8_t)0x80U; memcpy(last10 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last011 = last10; uint8_t *last111 = last10 + (uint32_t)128U; Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = last011, .snd = last111 }; uint8_t *l10 = scrut0.fst; uint8_t *l11 = scrut0.snd; - memcpy(last2, b21, rem * sizeof (uint8_t)); - last2[rem] = (uint8_t)0x80U; + memcpy(last2, b2, len * sizeof (uint8_t)); + last2[len] = (uint8_t)0x80U; memcpy(last2 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last012 = last2; uint8_t *last112 = last2 + (uint32_t)128U; Hacl_Impl_SHA2_Types_uint8_2p scrut1 = { .fst = last012, .snd = last112 }; uint8_t *l20 = scrut1.fst; uint8_t *l21 = scrut1.snd; - memcpy(last3, b30, rem * sizeof (uint8_t)); - last3[rem] = (uint8_t)0x80U; + memcpy(last3, b3, len * sizeof (uint8_t)); + last3[len] = (uint8_t)0x80U; memcpy(last3 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last01 = last3; uint8_t *last11 = last3 + (uint32_t)128U; @@ -1824,11 +1880,17 @@ Hacl_SHA2_Vec256_sha384_4( Hacl_Impl_SHA2_Types_uint8_2x4p scrut3 = { .fst = mb0, .snd = mb1 }; Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut3.fst; Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut3.snd; - sha384_update4(last0, st); + sha384_update4(last0, hash); if (blocks > (uint32_t)1U) { - sha384_update4(last1, st); + sha384_update4(last1, hash); + return; } +} + +static inline void +sha384_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4p h) +{ uint8_t hbuf[256U] = { 0U }; Lib_IntVector_Intrinsics_vec256 v00 = st[0U]; Lib_IntVector_Intrinsics_vec256 v10 = st[1U]; @@ -1891,26 +1953,75 @@ Hacl_SHA2_Vec256_sha384_4( (uint32_t)8U, (uint32_t)1U, Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * (uint32_t)32U, st[i]);); - uint8_t *b31 = rb.snd.snd.snd; - uint8_t *b2 = rb.snd.snd.fst; - uint8_t *b1 = rb.snd.fst; - uint8_t *b0 = rb.fst; + uint8_t *b3 = h.snd.snd.snd; + uint8_t *b2 = h.snd.snd.fst; + uint8_t *b1 = h.snd.fst; + uint8_t *b0 = h.fst; memcpy(b0, hbuf, (uint32_t)48U * sizeof (uint8_t)); memcpy(b1, hbuf + (uint32_t)64U, (uint32_t)48U * sizeof (uint8_t)); memcpy(b2, hbuf + (uint32_t)128U, (uint32_t)48U * sizeof (uint8_t)); - memcpy(b31, hbuf + (uint32_t)192U, (uint32_t)48U * sizeof (uint8_t)); + memcpy(b3, hbuf + (uint32_t)192U, (uint32_t)48U * sizeof (uint8_t)); +} + +void +Hacl_SHA2_Vec256_sha384_4( + uint8_t *dst0, + uint8_t *dst1, + uint8_t *dst2, + uint8_t *dst3, + uint32_t input_len, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3 +) +{ + Hacl_Impl_SHA2_Types_uint8_4p + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + Hacl_Impl_SHA2_Types_uint8_4p + rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; + sha384_init4(st); + uint32_t rem = input_len % (uint32_t)128U; + FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len); + sha384_update_nblocks4(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)128U; + uint8_t *b3 = ib.snd.snd.snd; + uint8_t *b2 = ib.snd.snd.fst; + uint8_t *b1 = ib.snd.fst; + uint8_t *b0 = ib.fst; + uint8_t *bl0 = b0 + input_len - rem1; + uint8_t *bl1 = b1 + input_len - rem1; + uint8_t *bl2 = b2 + input_len - rem1; + uint8_t *bl3 = b3 + input_len - rem1; + Hacl_Impl_SHA2_Types_uint8_4p + lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; + sha384_update_last4(len_, rem, lb, st); + sha384_finish4(st, rb); +} + +static inline void sha512_init4(Lib_IntVector_Intrinsics_vec256 *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + Lib_IntVector_Intrinsics_vec256 *os = hash; + uint64_t hi = Hacl_Impl_SHA2_Generic_h512[i]; + Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi); + os[i] = x;); } static inline void -sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec256 *hash) +sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p b, Lib_IntVector_Intrinsics_vec256 *hash) { KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 hash_old[8U] KRML_POST_ALIGN(32) = { 0U }; KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 ws[16U] KRML_POST_ALIGN(32) = { 0U }; memcpy(hash_old, hash, (uint32_t)8U * sizeof (Lib_IntVector_Intrinsics_vec256)); - uint8_t *b3 = block.snd.snd.snd; - uint8_t *b2 = block.snd.snd.fst; - uint8_t *b10 = block.snd.fst; - uint8_t *b00 = block.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b10 = b.snd.fst; + uint8_t *b00 = b.fst; ws[0U] = Lib_IntVector_Intrinsics_vec256_load64_be(b00); ws[1U] = Lib_IntVector_Intrinsics_vec256_load64_be(b10); ws[2U] = Lib_IntVector_Intrinsics_vec256_load64_be(b2); @@ -2136,41 +2247,20 @@ sha512_update4(Hacl_Impl_SHA2_Types_uint8_4p block, Lib_IntVector_Intrinsics_vec os[i] = x;); } -void -Hacl_SHA2_Vec256_sha512_4( - uint8_t *dst0, - uint8_t *dst1, - uint8_t *dst2, - uint8_t *dst3, - uint32_t input_len, - uint8_t *input0, - uint8_t *input1, - uint8_t *input2, - uint8_t *input3 +static inline void +sha512_update_nblocks4( + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec256 *st ) { - Hacl_Impl_SHA2_Types_uint8_4p - ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; - Hacl_Impl_SHA2_Types_uint8_4p - rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; - KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; - KRML_MAYBE_FOR8(i, - (uint32_t)0U, - (uint32_t)8U, - (uint32_t)1U, - Lib_IntVector_Intrinsics_vec256 *os = st; - uint64_t hi = Hacl_Impl_SHA2_Generic_h512[i]; - Lib_IntVector_Intrinsics_vec256 x = Lib_IntVector_Intrinsics_vec256_load64(hi); - os[i] = x;); - uint32_t rem = input_len % (uint32_t)128U; - FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len); - uint32_t blocks0 = input_len / (uint32_t)128U; - for (uint32_t i = (uint32_t)0U; i < blocks0; i++) + uint32_t blocks = len / (uint32_t)128U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b2 = ib.snd.snd.fst; - uint8_t *b1 = ib.snd.fst; - uint8_t *b0 = ib.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *bl0 = b0 + i * (uint32_t)128U; uint8_t *bl1 = b1 + i * (uint32_t)128U; uint8_t *bl2 = b2 + i * (uint32_t)128U; @@ -2179,19 +2269,18 @@ Hacl_SHA2_Vec256_sha512_4( mb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; sha512_update4(mb, st); } - uint32_t rem1 = input_len % (uint32_t)128U; - uint8_t *b3 = ib.snd.snd.snd; - uint8_t *b20 = ib.snd.snd.fst; - uint8_t *b10 = ib.snd.fst; - uint8_t *b00 = ib.fst; - uint8_t *bl0 = b00 + input_len - rem1; - uint8_t *bl1 = b10 + input_len - rem1; - uint8_t *bl2 = b20 + input_len - rem1; - uint8_t *bl3 = b3 + input_len - rem1; - Hacl_Impl_SHA2_Types_uint8_4p - lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; +} + +static inline void +sha512_update_last4( + FStar_UInt128_uint128 totlen, + uint32_t len, + Hacl_Impl_SHA2_Types_uint8_4p b, + Lib_IntVector_Intrinsics_vec256 *hash +) +{ uint32_t blocks; - if (rem + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) + if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) { blocks = (uint32_t)1U; } @@ -2202,42 +2291,42 @@ Hacl_SHA2_Vec256_sha512_4( uint32_t fin = blocks * (uint32_t)128U; uint8_t last[1024U] = { 0U }; uint8_t totlen_buf[16U] = { 0U }; - FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(len_, (uint32_t)3U); + FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U); store128_be(totlen_buf, total_len_bits); - uint8_t *b30 = lb.snd.snd.snd; - uint8_t *b21 = lb.snd.snd.fst; - uint8_t *b11 = lb.snd.fst; - uint8_t *b01 = lb.fst; + uint8_t *b3 = b.snd.snd.snd; + uint8_t *b2 = b.snd.snd.fst; + uint8_t *b1 = b.snd.fst; + uint8_t *b0 = b.fst; uint8_t *last00 = last; uint8_t *last10 = last + (uint32_t)256U; uint8_t *last2 = last + (uint32_t)512U; uint8_t *last3 = last + (uint32_t)768U; - memcpy(last00, b01, rem * sizeof (uint8_t)); - last00[rem] = (uint8_t)0x80U; + memcpy(last00, b0, len * sizeof (uint8_t)); + last00[len] = (uint8_t)0x80U; memcpy(last00 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last010 = last00; uint8_t *last110 = last00 + (uint32_t)128U; Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last010, .snd = last110 }; uint8_t *l00 = scrut.fst; uint8_t *l01 = scrut.snd; - memcpy(last10, b11, rem * sizeof (uint8_t)); - last10[rem] = (uint8_t)0x80U; + memcpy(last10, b1, len * sizeof (uint8_t)); + last10[len] = (uint8_t)0x80U; memcpy(last10 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last011 = last10; uint8_t *last111 = last10 + (uint32_t)128U; Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = last011, .snd = last111 }; uint8_t *l10 = scrut0.fst; uint8_t *l11 = scrut0.snd; - memcpy(last2, b21, rem * sizeof (uint8_t)); - last2[rem] = (uint8_t)0x80U; + memcpy(last2, b2, len * sizeof (uint8_t)); + last2[len] = (uint8_t)0x80U; memcpy(last2 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last012 = last2; uint8_t *last112 = last2 + (uint32_t)128U; Hacl_Impl_SHA2_Types_uint8_2p scrut1 = { .fst = last012, .snd = last112 }; uint8_t *l20 = scrut1.fst; uint8_t *l21 = scrut1.snd; - memcpy(last3, b30, rem * sizeof (uint8_t)); - last3[rem] = (uint8_t)0x80U; + memcpy(last3, b3, len * sizeof (uint8_t)); + last3[len] = (uint8_t)0x80U; memcpy(last3 + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); uint8_t *last01 = last3; uint8_t *last11 = last3 + (uint32_t)128U; @@ -2251,11 +2340,17 @@ Hacl_SHA2_Vec256_sha512_4( Hacl_Impl_SHA2_Types_uint8_2x4p scrut3 = { .fst = mb0, .snd = mb1 }; Hacl_Impl_SHA2_Types_uint8_4p last0 = scrut3.fst; Hacl_Impl_SHA2_Types_uint8_4p last1 = scrut3.snd; - sha512_update4(last0, st); + sha512_update4(last0, hash); if (blocks > (uint32_t)1U) { - sha512_update4(last1, st); + sha512_update4(last1, hash); + return; } +} + +static inline void +sha512_finish4(Lib_IntVector_Intrinsics_vec256 *st, Hacl_Impl_SHA2_Types_uint8_4p h) +{ uint8_t hbuf[256U] = { 0U }; Lib_IntVector_Intrinsics_vec256 v00 = st[0U]; Lib_IntVector_Intrinsics_vec256 v10 = st[1U]; @@ -2318,13 +2413,50 @@ Hacl_SHA2_Vec256_sha512_4( (uint32_t)8U, (uint32_t)1U, Lib_IntVector_Intrinsics_vec256_store64_be(hbuf + i * (uint32_t)32U, st[i]);); - uint8_t *b31 = rb.snd.snd.snd; - uint8_t *b2 = rb.snd.snd.fst; - uint8_t *b1 = rb.snd.fst; - uint8_t *b0 = rb.fst; + uint8_t *b3 = h.snd.snd.snd; + uint8_t *b2 = h.snd.snd.fst; + uint8_t *b1 = h.snd.fst; + uint8_t *b0 = h.fst; memcpy(b0, hbuf, (uint32_t)64U * sizeof (uint8_t)); memcpy(b1, hbuf + (uint32_t)64U, (uint32_t)64U * sizeof (uint8_t)); memcpy(b2, hbuf + (uint32_t)128U, (uint32_t)64U * sizeof (uint8_t)); - memcpy(b31, hbuf + (uint32_t)192U, (uint32_t)64U * sizeof (uint8_t)); + memcpy(b3, hbuf + (uint32_t)192U, (uint32_t)64U * sizeof (uint8_t)); +} + +void +Hacl_SHA2_Vec256_sha512_4( + uint8_t *dst0, + uint8_t *dst1, + uint8_t *dst2, + uint8_t *dst3, + uint32_t input_len, + uint8_t *input0, + uint8_t *input1, + uint8_t *input2, + uint8_t *input3 +) +{ + Hacl_Impl_SHA2_Types_uint8_4p + ib = { .fst = input0, .snd = { .fst = input1, .snd = { .fst = input2, .snd = input3 } } }; + Hacl_Impl_SHA2_Types_uint8_4p + rb = { .fst = dst0, .snd = { .fst = dst1, .snd = { .fst = dst2, .snd = dst3 } } }; + KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 st[8U] KRML_POST_ALIGN(32) = { 0U }; + sha512_init4(st); + uint32_t rem = input_len % (uint32_t)128U; + FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len); + sha512_update_nblocks4(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)128U; + uint8_t *b3 = ib.snd.snd.snd; + uint8_t *b2 = ib.snd.snd.fst; + uint8_t *b1 = ib.snd.fst; + uint8_t *b0 = ib.fst; + uint8_t *bl0 = b0 + input_len - rem1; + uint8_t *bl1 = b1 + input_len - rem1; + uint8_t *bl2 = b2 + input_len - rem1; + uint8_t *bl3 = b3 + input_len - rem1; + Hacl_Impl_SHA2_Types_uint8_4p + lb = { .fst = bl0, .snd = { .fst = bl1, .snd = { .fst = bl2, .snd = bl3 } } }; + sha512_update_last4(len_, rem, lb, st); + sha512_finish4(st, rb); } diff --git a/dist/gcc-compatible/Hacl_Streaming_MD5.c b/dist/gcc-compatible/Hacl_Streaming_MD5.c index aecee8b490..ef0fe920bf 100644 --- a/dist/gcc-compatible/Hacl_Streaming_MD5.c +++ b/dist/gcc-compatible/Hacl_Streaming_MD5.c @@ -24,6 +24,7 @@ #include "Hacl_Streaming_MD5.h" +#include "internal/Hacl_Streaming_SHA2.h" #include "internal/Hacl_Hash_MD5.h" Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_MD5_legacy_create_in_md5() diff --git a/dist/gcc-compatible/Hacl_Streaming_SHA1.c b/dist/gcc-compatible/Hacl_Streaming_SHA1.c index 4fc2fb546b..f8049f1f2e 100644 --- a/dist/gcc-compatible/Hacl_Streaming_SHA1.c +++ b/dist/gcc-compatible/Hacl_Streaming_SHA1.c @@ -24,6 +24,7 @@ #include "Hacl_Streaming_SHA1.h" +#include "internal/Hacl_Streaming_SHA2.h" #include "internal/Hacl_Hash_SHA1.h" Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA1_legacy_create_in_sha1() diff --git a/dist/gcc-compatible/Hacl_Streaming_SHA2.c b/dist/gcc-compatible/Hacl_Streaming_SHA2.c index f6cea5c1b2..577ab5ffdb 100644 --- a/dist/gcc-compatible/Hacl_Streaming_SHA2.c +++ b/dist/gcc-compatible/Hacl_Streaming_SHA2.c @@ -22,9 +22,777 @@ */ -#include "Hacl_Streaming_SHA2.h" +#include "internal/Hacl_Streaming_SHA2.h" -#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_SHA2_Types.h" + +static inline void sha224_init(uint32_t *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = Hacl_Impl_SHA2_Generic_h224[i]; + os[i] = x;); +} + +static inline void sha224_update(uint8_t *b, uint32_t *hash) +{ + uint32_t hash_old[8U] = { 0U }; + uint32_t ws[16U] = { 0U }; + memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint32_t)); + uint8_t *b10 = b; + uint32_t u = load32_be(b10); + ws[0U] = u; + uint32_t u0 = load32_be(b10 + (uint32_t)4U); + ws[1U] = u0; + uint32_t u1 = load32_be(b10 + (uint32_t)8U); + ws[2U] = u1; + uint32_t u2 = load32_be(b10 + (uint32_t)12U); + ws[3U] = u2; + uint32_t u3 = load32_be(b10 + (uint32_t)16U); + ws[4U] = u3; + uint32_t u4 = load32_be(b10 + (uint32_t)20U); + ws[5U] = u4; + uint32_t u5 = load32_be(b10 + (uint32_t)24U); + ws[6U] = u5; + uint32_t u6 = load32_be(b10 + (uint32_t)28U); + ws[7U] = u6; + uint32_t u7 = load32_be(b10 + (uint32_t)32U); + ws[8U] = u7; + uint32_t u8 = load32_be(b10 + (uint32_t)36U); + ws[9U] = u8; + uint32_t u9 = load32_be(b10 + (uint32_t)40U); + ws[10U] = u9; + uint32_t u10 = load32_be(b10 + (uint32_t)44U); + ws[11U] = u10; + uint32_t u11 = load32_be(b10 + (uint32_t)48U); + ws[12U] = u11; + uint32_t u12 = load32_be(b10 + (uint32_t)52U); + ws[13U] = u12; + uint32_t u13 = load32_be(b10 + (uint32_t)56U); + ws[14U] = u13; + uint32_t u14 = load32_be(b10 + (uint32_t)60U); + ws[15U] = u14; + KRML_MAYBE_FOR4(i0, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i]; + uint32_t ws_t = ws[i]; + uint32_t a0 = hash[0U]; + uint32_t b0 = hash[1U]; + uint32_t c0 = hash[2U]; + uint32_t d0 = hash[3U]; + uint32_t e0 = hash[4U]; + uint32_t f0 = hash[5U]; + uint32_t g0 = hash[6U]; + uint32_t h02 = hash[7U]; + uint32_t k_e_t = k_t; + uint32_t + t1 = + h02 + + + ((e0 << (uint32_t)26U | e0 >> (uint32_t)6U) + ^ + ((e0 << (uint32_t)21U | e0 >> (uint32_t)11U) + ^ (e0 << (uint32_t)7U | e0 >> (uint32_t)25U))) + + ((e0 & f0) ^ (~e0 & g0)) + + k_e_t + + ws_t; + uint32_t + t2 = + ((a0 << (uint32_t)30U | a0 >> (uint32_t)2U) + ^ + ((a0 << (uint32_t)19U | a0 >> (uint32_t)13U) + ^ (a0 << (uint32_t)10U | a0 >> (uint32_t)22U))) + + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + uint32_t a1 = t1 + t2; + uint32_t b1 = a0; + uint32_t c1 = b0; + uint32_t d1 = c0; + uint32_t e1 = d0 + t1; + uint32_t f1 = e0; + uint32_t g1 = f0; + uint32_t h12 = g0; + hash[0U] = a1; + hash[1U] = b1; + hash[2U] = c1; + hash[3U] = d1; + hash[4U] = e1; + hash[5U] = f1; + hash[6U] = g1; + hash[7U] = h12;); + if (i0 < (uint32_t)3U) + { + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint32_t t16 = ws[i]; + uint32_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U]; + uint32_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U]; + uint32_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U]; + uint32_t + s1 = + (t2 << (uint32_t)15U | t2 >> (uint32_t)17U) + ^ ((t2 << (uint32_t)13U | t2 >> (uint32_t)19U) ^ t2 >> (uint32_t)10U); + uint32_t + s0 = + (t15 << (uint32_t)25U | t15 >> (uint32_t)7U) + ^ ((t15 << (uint32_t)14U | t15 >> (uint32_t)18U) ^ t15 >> (uint32_t)3U); + ws[i] = s1 + t7 + s0 + t16;); + }); + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = hash[i] + hash_old[i]; + os[i] = x;); +} + +static inline void sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) +{ + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) + { + uint8_t *b0 = b; + uint8_t *mb = b0 + i * (uint32_t)64U; + sha224_update(mb, st); + } +} + +static inline void +sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash) +{ + uint32_t blocks; + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) + { + blocks = (uint32_t)1U; + } + else + { + blocks = (uint32_t)2U; + } + uint32_t fin = blocks * (uint32_t)64U; + uint8_t last[128U] = { 0U }; + uint8_t totlen_buf[8U] = { 0U }; + uint64_t total_len_bits = totlen << (uint32_t)3U; + store64_be(totlen_buf, total_len_bits); + uint8_t *b0 = b; + memcpy(last, b0, len * sizeof (uint8_t)); + last[len] = (uint8_t)0x80U; + memcpy(last + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); + uint8_t *last00 = last; + uint8_t *last10 = last + (uint32_t)64U; + Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last00, .snd = last10 }; + uint8_t *l0 = scrut.fst; + uint8_t *l1 = scrut.snd; + uint8_t *lb0 = l0; + uint8_t *lb1 = l1; + Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = lb0, .snd = lb1 }; + uint8_t *last0 = scrut0.fst; + uint8_t *last1 = scrut0.snd; + sha224_update(last0, hash); + if (blocks > (uint32_t)1U) + { + sha224_update(last1, hash); + return; + } +} + +static inline void sha224_finish(uint32_t *st, uint8_t *h) +{ + uint8_t hbuf[32U] = { 0U }; + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + store32_be(hbuf + i * (uint32_t)4U, st[i]);); + memcpy(h, hbuf, (uint32_t)28U * sizeof (uint8_t)); +} + +static inline void sha256_init(uint32_t *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = Hacl_Impl_SHA2_Generic_h256[i]; + os[i] = x;); +} + +static inline void sha256_update0(uint8_t *b, uint32_t *hash) +{ + uint32_t hash_old[8U] = { 0U }; + uint32_t ws[16U] = { 0U }; + memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint32_t)); + uint8_t *b10 = b; + uint32_t u = load32_be(b10); + ws[0U] = u; + uint32_t u0 = load32_be(b10 + (uint32_t)4U); + ws[1U] = u0; + uint32_t u1 = load32_be(b10 + (uint32_t)8U); + ws[2U] = u1; + uint32_t u2 = load32_be(b10 + (uint32_t)12U); + ws[3U] = u2; + uint32_t u3 = load32_be(b10 + (uint32_t)16U); + ws[4U] = u3; + uint32_t u4 = load32_be(b10 + (uint32_t)20U); + ws[5U] = u4; + uint32_t u5 = load32_be(b10 + (uint32_t)24U); + ws[6U] = u5; + uint32_t u6 = load32_be(b10 + (uint32_t)28U); + ws[7U] = u6; + uint32_t u7 = load32_be(b10 + (uint32_t)32U); + ws[8U] = u7; + uint32_t u8 = load32_be(b10 + (uint32_t)36U); + ws[9U] = u8; + uint32_t u9 = load32_be(b10 + (uint32_t)40U); + ws[10U] = u9; + uint32_t u10 = load32_be(b10 + (uint32_t)44U); + ws[11U] = u10; + uint32_t u11 = load32_be(b10 + (uint32_t)48U); + ws[12U] = u11; + uint32_t u12 = load32_be(b10 + (uint32_t)52U); + ws[13U] = u12; + uint32_t u13 = load32_be(b10 + (uint32_t)56U); + ws[14U] = u13; + uint32_t u14 = load32_be(b10 + (uint32_t)60U); + ws[15U] = u14; + KRML_MAYBE_FOR4(i0, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256[(uint32_t)16U * i0 + i]; + uint32_t ws_t = ws[i]; + uint32_t a0 = hash[0U]; + uint32_t b0 = hash[1U]; + uint32_t c0 = hash[2U]; + uint32_t d0 = hash[3U]; + uint32_t e0 = hash[4U]; + uint32_t f0 = hash[5U]; + uint32_t g0 = hash[6U]; + uint32_t h02 = hash[7U]; + uint32_t k_e_t = k_t; + uint32_t + t1 = + h02 + + + ((e0 << (uint32_t)26U | e0 >> (uint32_t)6U) + ^ + ((e0 << (uint32_t)21U | e0 >> (uint32_t)11U) + ^ (e0 << (uint32_t)7U | e0 >> (uint32_t)25U))) + + ((e0 & f0) ^ (~e0 & g0)) + + k_e_t + + ws_t; + uint32_t + t2 = + ((a0 << (uint32_t)30U | a0 >> (uint32_t)2U) + ^ + ((a0 << (uint32_t)19U | a0 >> (uint32_t)13U) + ^ (a0 << (uint32_t)10U | a0 >> (uint32_t)22U))) + + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + uint32_t a1 = t1 + t2; + uint32_t b1 = a0; + uint32_t c1 = b0; + uint32_t d1 = c0; + uint32_t e1 = d0 + t1; + uint32_t f1 = e0; + uint32_t g1 = f0; + uint32_t h12 = g0; + hash[0U] = a1; + hash[1U] = b1; + hash[2U] = c1; + hash[3U] = d1; + hash[4U] = e1; + hash[5U] = f1; + hash[6U] = g1; + hash[7U] = h12;); + if (i0 < (uint32_t)3U) + { + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint32_t t16 = ws[i]; + uint32_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U]; + uint32_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U]; + uint32_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U]; + uint32_t + s1 = + (t2 << (uint32_t)15U | t2 >> (uint32_t)17U) + ^ ((t2 << (uint32_t)13U | t2 >> (uint32_t)19U) ^ t2 >> (uint32_t)10U); + uint32_t + s0 = + (t15 << (uint32_t)25U | t15 >> (uint32_t)7U) + ^ ((t15 << (uint32_t)14U | t15 >> (uint32_t)18U) ^ t15 >> (uint32_t)3U); + ws[i] = s1 + t7 + s0 + t16;); + }); + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = hash[i] + hash_old[i]; + os[i] = x;); +} + +static inline void sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) +{ + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) + { + uint8_t *b0 = b; + uint8_t *mb = b0 + i * (uint32_t)64U; + sha256_update0(mb, st); + } +} + +static inline void +sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *hash) +{ + uint32_t blocks; + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) + { + blocks = (uint32_t)1U; + } + else + { + blocks = (uint32_t)2U; + } + uint32_t fin = blocks * (uint32_t)64U; + uint8_t last[128U] = { 0U }; + uint8_t totlen_buf[8U] = { 0U }; + uint64_t total_len_bits = totlen << (uint32_t)3U; + store64_be(totlen_buf, total_len_bits); + uint8_t *b0 = b; + memcpy(last, b0, len * sizeof (uint8_t)); + last[len] = (uint8_t)0x80U; + memcpy(last + fin - (uint32_t)8U, totlen_buf, (uint32_t)8U * sizeof (uint8_t)); + uint8_t *last00 = last; + uint8_t *last10 = last + (uint32_t)64U; + Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last00, .snd = last10 }; + uint8_t *l0 = scrut.fst; + uint8_t *l1 = scrut.snd; + uint8_t *lb0 = l0; + uint8_t *lb1 = l1; + Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = lb0, .snd = lb1 }; + uint8_t *last0 = scrut0.fst; + uint8_t *last1 = scrut0.snd; + sha256_update0(last0, hash); + if (blocks > (uint32_t)1U) + { + sha256_update0(last1, hash); + return; + } +} + +static inline void sha256_finish(uint32_t *st, uint8_t *h) +{ + uint8_t hbuf[32U] = { 0U }; + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + store32_be(hbuf + i * (uint32_t)4U, st[i]);); + memcpy(h, hbuf, (uint32_t)32U * sizeof (uint8_t)); +} + +static inline void sha384_init(uint64_t *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = Hacl_Impl_SHA2_Generic_h384[i]; + os[i] = x;); +} + +static inline void sha384_update(uint8_t *b, uint64_t *hash) +{ + uint64_t hash_old[8U] = { 0U }; + uint64_t ws[16U] = { 0U }; + memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint64_t)); + uint8_t *b10 = b; + uint64_t u = load64_be(b10); + ws[0U] = u; + uint64_t u0 = load64_be(b10 + (uint32_t)8U); + ws[1U] = u0; + uint64_t u1 = load64_be(b10 + (uint32_t)16U); + ws[2U] = u1; + uint64_t u2 = load64_be(b10 + (uint32_t)24U); + ws[3U] = u2; + uint64_t u3 = load64_be(b10 + (uint32_t)32U); + ws[4U] = u3; + uint64_t u4 = load64_be(b10 + (uint32_t)40U); + ws[5U] = u4; + uint64_t u5 = load64_be(b10 + (uint32_t)48U); + ws[6U] = u5; + uint64_t u6 = load64_be(b10 + (uint32_t)56U); + ws[7U] = u6; + uint64_t u7 = load64_be(b10 + (uint32_t)64U); + ws[8U] = u7; + uint64_t u8 = load64_be(b10 + (uint32_t)72U); + ws[9U] = u8; + uint64_t u9 = load64_be(b10 + (uint32_t)80U); + ws[10U] = u9; + uint64_t u10 = load64_be(b10 + (uint32_t)88U); + ws[11U] = u10; + uint64_t u11 = load64_be(b10 + (uint32_t)96U); + ws[12U] = u11; + uint64_t u12 = load64_be(b10 + (uint32_t)104U); + ws[13U] = u12; + uint64_t u13 = load64_be(b10 + (uint32_t)112U); + ws[14U] = u13; + uint64_t u14 = load64_be(b10 + (uint32_t)120U); + ws[15U] = u14; + KRML_MAYBE_FOR5(i0, + (uint32_t)0U, + (uint32_t)5U, + (uint32_t)1U, + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i]; + uint64_t ws_t = ws[i]; + uint64_t a0 = hash[0U]; + uint64_t b0 = hash[1U]; + uint64_t c0 = hash[2U]; + uint64_t d0 = hash[3U]; + uint64_t e0 = hash[4U]; + uint64_t f0 = hash[5U]; + uint64_t g0 = hash[6U]; + uint64_t h02 = hash[7U]; + uint64_t k_e_t = k_t; + uint64_t + t1 = + h02 + + + ((e0 << (uint32_t)50U | e0 >> (uint32_t)14U) + ^ + ((e0 << (uint32_t)46U | e0 >> (uint32_t)18U) + ^ (e0 << (uint32_t)23U | e0 >> (uint32_t)41U))) + + ((e0 & f0) ^ (~e0 & g0)) + + k_e_t + + ws_t; + uint64_t + t2 = + ((a0 << (uint32_t)36U | a0 >> (uint32_t)28U) + ^ + ((a0 << (uint32_t)30U | a0 >> (uint32_t)34U) + ^ (a0 << (uint32_t)25U | a0 >> (uint32_t)39U))) + + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + uint64_t a1 = t1 + t2; + uint64_t b1 = a0; + uint64_t c1 = b0; + uint64_t d1 = c0; + uint64_t e1 = d0 + t1; + uint64_t f1 = e0; + uint64_t g1 = f0; + uint64_t h12 = g0; + hash[0U] = a1; + hash[1U] = b1; + hash[2U] = c1; + hash[3U] = d1; + hash[4U] = e1; + hash[5U] = f1; + hash[6U] = g1; + hash[7U] = h12;); + if (i0 < (uint32_t)4U) + { + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint64_t t16 = ws[i]; + uint64_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U]; + uint64_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U]; + uint64_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U]; + uint64_t + s1 = + (t2 << (uint32_t)45U | t2 >> (uint32_t)19U) + ^ ((t2 << (uint32_t)3U | t2 >> (uint32_t)61U) ^ t2 >> (uint32_t)6U); + uint64_t + s0 = + (t15 << (uint32_t)63U | t15 >> (uint32_t)1U) + ^ ((t15 << (uint32_t)56U | t15 >> (uint32_t)8U) ^ t15 >> (uint32_t)7U); + ws[i] = s1 + t7 + s0 + t16;); + }); + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = hash[i] + hash_old[i]; + os[i] = x;); +} + +static inline void sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st) +{ + uint32_t blocks = len / (uint32_t)128U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) + { + uint8_t *b0 = b; + uint8_t *mb = b0 + i * (uint32_t)128U; + sha384_update(mb, st); + } +} + +static inline void +sha384_update_last(FStar_UInt128_uint128 totlen, uint32_t len, uint8_t *b, uint64_t *hash) +{ + uint32_t blocks; + if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) + { + blocks = (uint32_t)1U; + } + else + { + blocks = (uint32_t)2U; + } + uint32_t fin = blocks * (uint32_t)128U; + uint8_t last[256U] = { 0U }; + uint8_t totlen_buf[16U] = { 0U }; + FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U); + store128_be(totlen_buf, total_len_bits); + uint8_t *b0 = b; + memcpy(last, b0, len * sizeof (uint8_t)); + last[len] = (uint8_t)0x80U; + memcpy(last + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); + uint8_t *last00 = last; + uint8_t *last10 = last + (uint32_t)128U; + Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last00, .snd = last10 }; + uint8_t *l0 = scrut.fst; + uint8_t *l1 = scrut.snd; + uint8_t *lb0 = l0; + uint8_t *lb1 = l1; + Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = lb0, .snd = lb1 }; + uint8_t *last0 = scrut0.fst; + uint8_t *last1 = scrut0.snd; + sha384_update(last0, hash); + if (blocks > (uint32_t)1U) + { + sha384_update(last1, hash); + return; + } +} + +static inline void sha384_finish(uint64_t *st, uint8_t *h) +{ + uint8_t hbuf[64U] = { 0U }; + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + store64_be(hbuf + i * (uint32_t)8U, st[i]);); + memcpy(h, hbuf, (uint32_t)48U * sizeof (uint8_t)); +} + +inline void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash) +{ + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = Hacl_Impl_SHA2_Generic_h512[i]; + os[i] = x;); +} + +static inline void sha512_update(uint8_t *b, uint64_t *hash) +{ + uint64_t hash_old[8U] = { 0U }; + uint64_t ws[16U] = { 0U }; + memcpy(hash_old, hash, (uint32_t)8U * sizeof (uint64_t)); + uint8_t *b10 = b; + uint64_t u = load64_be(b10); + ws[0U] = u; + uint64_t u0 = load64_be(b10 + (uint32_t)8U); + ws[1U] = u0; + uint64_t u1 = load64_be(b10 + (uint32_t)16U); + ws[2U] = u1; + uint64_t u2 = load64_be(b10 + (uint32_t)24U); + ws[3U] = u2; + uint64_t u3 = load64_be(b10 + (uint32_t)32U); + ws[4U] = u3; + uint64_t u4 = load64_be(b10 + (uint32_t)40U); + ws[5U] = u4; + uint64_t u5 = load64_be(b10 + (uint32_t)48U); + ws[6U] = u5; + uint64_t u6 = load64_be(b10 + (uint32_t)56U); + ws[7U] = u6; + uint64_t u7 = load64_be(b10 + (uint32_t)64U); + ws[8U] = u7; + uint64_t u8 = load64_be(b10 + (uint32_t)72U); + ws[9U] = u8; + uint64_t u9 = load64_be(b10 + (uint32_t)80U); + ws[10U] = u9; + uint64_t u10 = load64_be(b10 + (uint32_t)88U); + ws[11U] = u10; + uint64_t u11 = load64_be(b10 + (uint32_t)96U); + ws[12U] = u11; + uint64_t u12 = load64_be(b10 + (uint32_t)104U); + ws[13U] = u12; + uint64_t u13 = load64_be(b10 + (uint32_t)112U); + ws[14U] = u13; + uint64_t u14 = load64_be(b10 + (uint32_t)120U); + ws[15U] = u14; + KRML_MAYBE_FOR5(i0, + (uint32_t)0U, + (uint32_t)5U, + (uint32_t)1U, + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512[(uint32_t)16U * i0 + i]; + uint64_t ws_t = ws[i]; + uint64_t a0 = hash[0U]; + uint64_t b0 = hash[1U]; + uint64_t c0 = hash[2U]; + uint64_t d0 = hash[3U]; + uint64_t e0 = hash[4U]; + uint64_t f0 = hash[5U]; + uint64_t g0 = hash[6U]; + uint64_t h02 = hash[7U]; + uint64_t k_e_t = k_t; + uint64_t + t1 = + h02 + + + ((e0 << (uint32_t)50U | e0 >> (uint32_t)14U) + ^ + ((e0 << (uint32_t)46U | e0 >> (uint32_t)18U) + ^ (e0 << (uint32_t)23U | e0 >> (uint32_t)41U))) + + ((e0 & f0) ^ (~e0 & g0)) + + k_e_t + + ws_t; + uint64_t + t2 = + ((a0 << (uint32_t)36U | a0 >> (uint32_t)28U) + ^ + ((a0 << (uint32_t)30U | a0 >> (uint32_t)34U) + ^ (a0 << (uint32_t)25U | a0 >> (uint32_t)39U))) + + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + uint64_t a1 = t1 + t2; + uint64_t b1 = a0; + uint64_t c1 = b0; + uint64_t d1 = c0; + uint64_t e1 = d0 + t1; + uint64_t f1 = e0; + uint64_t g1 = f0; + uint64_t h12 = g0; + hash[0U] = a1; + hash[1U] = b1; + hash[2U] = c1; + hash[3U] = d1; + hash[4U] = e1; + hash[5U] = f1; + hash[6U] = g1; + hash[7U] = h12;); + if (i0 < (uint32_t)4U) + { + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + uint64_t t16 = ws[i]; + uint64_t t15 = ws[(i + (uint32_t)1U) % (uint32_t)16U]; + uint64_t t7 = ws[(i + (uint32_t)9U) % (uint32_t)16U]; + uint64_t t2 = ws[(i + (uint32_t)14U) % (uint32_t)16U]; + uint64_t + s1 = + (t2 << (uint32_t)45U | t2 >> (uint32_t)19U) + ^ ((t2 << (uint32_t)3U | t2 >> (uint32_t)61U) ^ t2 >> (uint32_t)6U); + uint64_t + s0 = + (t15 << (uint32_t)63U | t15 >> (uint32_t)1U) + ^ ((t15 << (uint32_t)56U | t15 >> (uint32_t)8U) ^ t15 >> (uint32_t)7U); + ws[i] = s1 + t7 + s0 + t16;); + }); + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = hash[i] + hash_old[i]; + os[i] = x;); +} + +static inline void sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st) +{ + uint32_t blocks = len / (uint32_t)128U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) + { + uint8_t *b0 = b; + uint8_t *mb = b0 + i * (uint32_t)128U; + sha512_update(mb, st); + } +} + +static inline void +sha512_update_last(FStar_UInt128_uint128 totlen, uint32_t len, uint8_t *b, uint64_t *hash) +{ + uint32_t blocks; + if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) + { + blocks = (uint32_t)1U; + } + else + { + blocks = (uint32_t)2U; + } + uint32_t fin = blocks * (uint32_t)128U; + uint8_t last[256U] = { 0U }; + uint8_t totlen_buf[16U] = { 0U }; + FStar_UInt128_uint128 total_len_bits = FStar_UInt128_shift_left(totlen, (uint32_t)3U); + store128_be(totlen_buf, total_len_bits); + uint8_t *b0 = b; + memcpy(last, b0, len * sizeof (uint8_t)); + last[len] = (uint8_t)0x80U; + memcpy(last + fin - (uint32_t)16U, totlen_buf, (uint32_t)16U * sizeof (uint8_t)); + uint8_t *last00 = last; + uint8_t *last10 = last + (uint32_t)128U; + Hacl_Impl_SHA2_Types_uint8_2p scrut = { .fst = last00, .snd = last10 }; + uint8_t *l0 = scrut.fst; + uint8_t *l1 = scrut.snd; + uint8_t *lb0 = l0; + uint8_t *lb1 = l1; + Hacl_Impl_SHA2_Types_uint8_2p scrut0 = { .fst = lb0, .snd = lb1 }; + uint8_t *last0 = scrut0.fst; + uint8_t *last1 = scrut0.snd; + sha512_update(last0, hash); + if (blocks > (uint32_t)1U) + { + sha512_update(last1, hash); + return; + } +} + +static inline void sha512_finish(uint64_t *st, uint8_t *h) +{ + uint8_t hbuf[64U] = { 0U }; + KRML_MAYBE_FOR8(i, + (uint32_t)0U, + (uint32_t)8U, + (uint32_t)1U, + store64_be(hbuf + i * (uint32_t)8U, st[i]);); + memcpy(h, hbuf, (uint32_t)64U * sizeof (uint8_t)); +} Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_224() { @@ -39,7 +807,7 @@ Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_224() Hacl_Streaming_SHA2_state_sha2_224 )); p[0U] = s; - Hacl_Hash_Core_SHA2_init_224(block_state); + sha224_init(block_state); return p; } @@ -48,7 +816,7 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_SHA2_state_sha2_224 *s) Hacl_Streaming_SHA2_state_sha2_224 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - Hacl_Hash_Core_SHA2_init_224(block_state); + sha224_init(block_state); s[0U] = ( (Hacl_Streaming_SHA2_state_sha2_224){ @@ -129,7 +897,7 @@ Hacl_Streaming_SHA2_update_224( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_224(block_state1, buf, (uint32_t)1U); + sha224_update_nblocks((uint32_t)64U, buf, block_state1); } uint32_t ite; if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U) @@ -145,7 +913,7 @@ Hacl_Streaming_SHA2_update_224( uint32_t data2_len = len - data1_len; uint8_t *data1 = data; uint8_t *data2 = data + data1_len; - Hacl_Hash_SHA2_update_multi_224(block_state1, data1, data1_len / (uint32_t)64U); + sha224_update_nblocks(data1_len, data1, block_state1); uint8_t *dst = buf; memcpy(dst, data2, data2_len * sizeof (uint8_t)); *p @@ -203,7 +971,7 @@ Hacl_Streaming_SHA2_update_224( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_224(block_state1, buf, (uint32_t)1U); + sha224_update_nblocks((uint32_t)64U, buf, block_state1); } uint32_t ite; if @@ -225,7 +993,7 @@ Hacl_Streaming_SHA2_update_224( uint32_t data2_len = len - diff - data1_len; uint8_t *data11 = data2; uint8_t *data21 = data2 + data1_len; - Hacl_Hash_SHA2_update_multi_224(block_state1, data11, data1_len / (uint32_t)64U); + sha224_update_nblocks(data1_len, data11, block_state1); uint8_t *dst = buf; memcpy(dst, data21, data2_len * sizeof (uint8_t)); *p @@ -270,10 +1038,10 @@ void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8 } uint8_t *buf_last = buf_1 + r - ite; uint8_t *buf_multi = buf_1; - Hacl_Hash_SHA2_update_multi_224(tmp_block_state, buf_multi, (uint32_t)0U); + sha224_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state); uint64_t prev_len_last = total_len - (uint64_t)r; - Hacl_Hash_SHA2_update_last_224(tmp_block_state, prev_len_last, buf_last, r); - Hacl_Hash_Core_SHA2_finish_224(tmp_block_state, dst); + sha224_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state); + sha224_finish(tmp_block_state, dst); } void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_SHA2_state_sha2_224 *s) @@ -286,6 +1054,22 @@ void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_SHA2_state_sha2_224 *s) KRML_HOST_FREE(s); } +void Hacl_Streaming_SHA2_sha224(uint8_t *dst, uint32_t input_len, uint8_t *input) +{ + uint8_t *ib = input; + uint8_t *rb = dst; + uint32_t st[8U] = { 0U }; + sha224_init(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha224_update_nblocks(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b0 = ib; + uint8_t *lb = b0 + input_len - rem1; + sha224_update_last(len_, rem, lb, st); + sha224_finish(st, rb); +} + Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_256() { uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)64U, sizeof (uint8_t)); @@ -299,7 +1083,7 @@ Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_256() Hacl_Streaming_SHA2_state_sha2_224 )); p[0U] = s; - Hacl_Hash_Core_SHA2_init_256(block_state); + sha256_init(block_state); return p; } @@ -308,7 +1092,7 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_SHA2_state_sha2_224 *s) Hacl_Streaming_SHA2_state_sha2_224 scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; - Hacl_Hash_Core_SHA2_init_256(block_state); + sha256_init(block_state); s[0U] = ( (Hacl_Streaming_SHA2_state_sha2_224){ @@ -389,7 +1173,7 @@ Hacl_Streaming_SHA2_update_256( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_256(block_state1, buf, (uint32_t)1U); + sha256_update_nblocks((uint32_t)64U, buf, block_state1); } uint32_t ite; if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U) @@ -405,7 +1189,7 @@ Hacl_Streaming_SHA2_update_256( uint32_t data2_len = len - data1_len; uint8_t *data1 = data; uint8_t *data2 = data + data1_len; - Hacl_Hash_SHA2_update_multi_256(block_state1, data1, data1_len / (uint32_t)64U); + sha256_update_nblocks(data1_len, data1, block_state1); uint8_t *dst = buf; memcpy(dst, data2, data2_len * sizeof (uint8_t)); *p @@ -463,7 +1247,7 @@ Hacl_Streaming_SHA2_update_256( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_256(block_state1, buf, (uint32_t)1U); + sha256_update_nblocks((uint32_t)64U, buf, block_state1); } uint32_t ite; if @@ -485,7 +1269,7 @@ Hacl_Streaming_SHA2_update_256( uint32_t data2_len = len - diff - data1_len; uint8_t *data11 = data2; uint8_t *data21 = data2 + data1_len; - Hacl_Hash_SHA2_update_multi_256(block_state1, data11, data1_len / (uint32_t)64U); + sha256_update_nblocks(data1_len, data11, block_state1); uint8_t *dst = buf; memcpy(dst, data21, data2_len * sizeof (uint8_t)); *p @@ -530,10 +1314,10 @@ void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8 } uint8_t *buf_last = buf_1 + r - ite; uint8_t *buf_multi = buf_1; - Hacl_Hash_SHA2_update_multi_256(tmp_block_state, buf_multi, (uint32_t)0U); + sha256_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state); uint64_t prev_len_last = total_len - (uint64_t)r; - Hacl_Hash_SHA2_update_last_256(tmp_block_state, prev_len_last, buf_last, r); - Hacl_Hash_Core_SHA2_finish_256(tmp_block_state, dst); + sha256_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state); + sha256_finish(tmp_block_state, dst); } void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_SHA2_state_sha2_224 *s) @@ -546,6 +1330,22 @@ void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_SHA2_state_sha2_224 *s) KRML_HOST_FREE(s); } +void Hacl_Streaming_SHA2_sha256(uint8_t *dst, uint32_t input_len, uint8_t *input) +{ + uint8_t *ib = input; + uint8_t *rb = dst; + uint32_t st[8U] = { 0U }; + sha256_init(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha256_update_nblocks(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b0 = ib; + uint8_t *lb = b0 + input_len - rem1; + sha256_update_last(len_, rem, lb, st); + sha256_finish(st, rb); +} + Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_384() { uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t)); @@ -559,7 +1359,7 @@ Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_384() Hacl_Streaming_SHA2_state_sha2_384 )); p[0U] = s; - Hacl_Hash_Core_SHA2_init_384(block_state); + sha384_init(block_state); return p; } @@ -568,7 +1368,7 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_SHA2_state_sha2_384 *s) Hacl_Streaming_SHA2_state_sha2_384 scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - Hacl_Hash_Core_SHA2_init_384(block_state); + sha384_init(block_state); s[0U] = ( (Hacl_Streaming_SHA2_state_sha2_384){ @@ -649,7 +1449,7 @@ Hacl_Streaming_SHA2_update_384( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_384(block_state1, buf, (uint32_t)1U); + sha384_update_nblocks((uint32_t)128U, buf, block_state1); } uint32_t ite; if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U) @@ -665,7 +1465,7 @@ Hacl_Streaming_SHA2_update_384( uint32_t data2_len = len - data1_len; uint8_t *data1 = data; uint8_t *data2 = data + data1_len; - Hacl_Hash_SHA2_update_multi_384(block_state1, data1, data1_len / (uint32_t)128U); + sha384_update_nblocks(data1_len, data1, block_state1); uint8_t *dst = buf; memcpy(dst, data2, data2_len * sizeof (uint8_t)); *p @@ -723,7 +1523,7 @@ Hacl_Streaming_SHA2_update_384( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_384(block_state1, buf, (uint32_t)1U); + sha384_update_nblocks((uint32_t)128U, buf, block_state1); } uint32_t ite; if @@ -745,7 +1545,7 @@ Hacl_Streaming_SHA2_update_384( uint32_t data2_len = len - diff - data1_len; uint8_t *data11 = data2; uint8_t *data21 = data2 + data1_len; - Hacl_Hash_SHA2_update_multi_384(block_state1, data11, data1_len / (uint32_t)128U); + sha384_update_nblocks(data1_len, data11, block_state1); uint8_t *dst = buf; memcpy(dst, data21, data2_len * sizeof (uint8_t)); *p @@ -790,13 +1590,14 @@ void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8 } uint8_t *buf_last = buf_1 + r - ite; uint8_t *buf_multi = buf_1; - Hacl_Hash_SHA2_update_multi_384(tmp_block_state, buf_multi, (uint32_t)0U); + sha384_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state); uint64_t prev_len_last = total_len - (uint64_t)r; - Hacl_Hash_SHA2_update_last_384(tmp_block_state, - FStar_UInt128_uint64_to_uint128(prev_len_last), + sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last), + FStar_UInt128_uint64_to_uint128((uint64_t)r)), + r, buf_last, - r); - Hacl_Hash_Core_SHA2_finish_384(tmp_block_state, dst); + tmp_block_state); + sha384_finish(tmp_block_state, dst); } void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_SHA2_state_sha2_384 *s) @@ -809,6 +1610,22 @@ void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_SHA2_state_sha2_384 *s) KRML_HOST_FREE(s); } +void Hacl_Streaming_SHA2_sha384(uint8_t *dst, uint32_t input_len, uint8_t *input) +{ + uint8_t *ib = input; + uint8_t *rb = dst; + uint64_t st[8U] = { 0U }; + sha384_init(st); + uint32_t rem = input_len % (uint32_t)128U; + FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len); + sha384_update_nblocks(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)128U; + uint8_t *b0 = ib; + uint8_t *lb = b0 + input_len - rem1; + sha384_update_last(len_, rem, lb, st); + sha384_finish(st, rb); +} + Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_512() { uint8_t *buf = (uint8_t *)KRML_HOST_CALLOC((uint32_t)128U, sizeof (uint8_t)); @@ -822,7 +1639,7 @@ Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_512() Hacl_Streaming_SHA2_state_sha2_384 )); p[0U] = s; - Hacl_Hash_Core_SHA2_init_512(block_state); + Hacl_SHA2_Scalar32_sha512_init(block_state); return p; } @@ -831,7 +1648,7 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_SHA2_state_sha2_384 *s) Hacl_Streaming_SHA2_state_sha2_384 scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; - Hacl_Hash_Core_SHA2_init_512(block_state); + Hacl_SHA2_Scalar32_sha512_init(block_state); s[0U] = ( (Hacl_Streaming_SHA2_state_sha2_384){ @@ -912,7 +1729,7 @@ Hacl_Streaming_SHA2_update_512( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_512(block_state1, buf, (uint32_t)1U); + sha512_update_nblocks((uint32_t)128U, buf, block_state1); } uint32_t ite; if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && (uint64_t)len > (uint64_t)0U) @@ -928,7 +1745,7 @@ Hacl_Streaming_SHA2_update_512( uint32_t data2_len = len - data1_len; uint8_t *data1 = data; uint8_t *data2 = data + data1_len; - Hacl_Hash_SHA2_update_multi_512(block_state1, data1, data1_len / (uint32_t)128U); + sha512_update_nblocks(data1_len, data1, block_state1); uint8_t *dst = buf; memcpy(dst, data2, data2_len * sizeof (uint8_t)); *p @@ -986,7 +1803,7 @@ Hacl_Streaming_SHA2_update_512( } if (!(sz1 == (uint32_t)0U)) { - Hacl_Hash_SHA2_update_multi_512(block_state1, buf, (uint32_t)1U); + sha512_update_nblocks((uint32_t)128U, buf, block_state1); } uint32_t ite; if @@ -1008,7 +1825,7 @@ Hacl_Streaming_SHA2_update_512( uint32_t data2_len = len - diff - data1_len; uint8_t *data11 = data2; uint8_t *data21 = data2 + data1_len; - Hacl_Hash_SHA2_update_multi_512(block_state1, data11, data1_len / (uint32_t)128U); + sha512_update_nblocks(data1_len, data11, block_state1); uint8_t *dst = buf; memcpy(dst, data21, data2_len * sizeof (uint8_t)); *p @@ -1053,13 +1870,14 @@ void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8 } uint8_t *buf_last = buf_1 + r - ite; uint8_t *buf_multi = buf_1; - Hacl_Hash_SHA2_update_multi_512(tmp_block_state, buf_multi, (uint32_t)0U); + sha512_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state); uint64_t prev_len_last = total_len - (uint64_t)r; - Hacl_Hash_SHA2_update_last_512(tmp_block_state, - FStar_UInt128_uint64_to_uint128(prev_len_last), + sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last), + FStar_UInt128_uint64_to_uint128((uint64_t)r)), + r, buf_last, - r); - Hacl_Hash_Core_SHA2_finish_512(tmp_block_state, dst); + tmp_block_state); + sha512_finish(tmp_block_state, dst); } void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_SHA2_state_sha2_384 *s) @@ -1072,3 +1890,19 @@ void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_SHA2_state_sha2_384 *s) KRML_HOST_FREE(s); } +void Hacl_Streaming_SHA2_sha512(uint8_t *dst, uint32_t input_len, uint8_t *input) +{ + uint8_t *ib = input; + uint8_t *rb = dst; + uint64_t st[8U] = { 0U }; + Hacl_SHA2_Scalar32_sha512_init(st); + uint32_t rem = input_len % (uint32_t)128U; + FStar_UInt128_uint128 len_ = FStar_UInt128_uint64_to_uint128((uint64_t)input_len); + sha512_update_nblocks(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)128U; + uint8_t *b0 = ib; + uint8_t *lb = b0 + input_len - rem1; + sha512_update_last(len_, rem, lb, st); + sha512_finish(st, rb); +} + diff --git a/dist/gcc-compatible/Hacl_Streaming_SHA2.h b/dist/gcc-compatible/Hacl_Streaming_SHA2.h index 407f0f7395..846d3e552f 100644 --- a/dist/gcc-compatible/Hacl_Streaming_SHA2.h +++ b/dist/gcc-compatible/Hacl_Streaming_SHA2.h @@ -35,8 +35,8 @@ extern "C" { #include "krml/internal/target.h" +#include "Hacl_SHA2_Generic.h" #include "Hacl_Krmllib.h" -#include "Hacl_Hash_SHA2.h" typedef struct Hacl_Streaming_SHA2_state_sha2_224_s { @@ -76,6 +76,8 @@ void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8 void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_SHA2_state_sha2_224 *s); +void Hacl_Streaming_SHA2_sha224(uint8_t *dst, uint32_t input_len, uint8_t *input); + Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_256(); void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_SHA2_state_sha2_224 *s); @@ -94,6 +96,8 @@ void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8 void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_SHA2_state_sha2_224 *s); +void Hacl_Streaming_SHA2_sha256(uint8_t *dst, uint32_t input_len, uint8_t *input); + Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_384(); void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_SHA2_state_sha2_384 *s); @@ -112,6 +116,8 @@ void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8 void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_SHA2_state_sha2_384 *s); +void Hacl_Streaming_SHA2_sha384(uint8_t *dst, uint32_t input_len, uint8_t *input); + Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_512(); void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_SHA2_state_sha2_384 *s); @@ -130,6 +136,8 @@ void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8 void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_SHA2_state_sha2_384 *s); +void Hacl_Streaming_SHA2_sha512(uint8_t *dst, uint32_t input_len, uint8_t *input); + #if defined(__cplusplus) } #endif diff --git a/dist/gcc-compatible/Hacl_Streaming_SHA3.c b/dist/gcc-compatible/Hacl_Streaming_SHA3.c index 2812e2c170..c20f681eda 100644 --- a/dist/gcc-compatible/Hacl_Streaming_SHA3.c +++ b/dist/gcc-compatible/Hacl_Streaming_SHA3.c @@ -24,7 +24,7 @@ #include "Hacl_Streaming_SHA3.h" - +#include "internal/Hacl_Streaming_SHA2.h" Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA3_create_in_256() { diff --git a/dist/gcc-compatible/INFO.txt b/dist/gcc-compatible/INFO.txt index 97cea71f53..9b97963576 100644 --- a/dist/gcc-compatible/INFO.txt +++ b/dist/gcc-compatible/INFO.txt @@ -1,4 +1,4 @@ This code was generated with the following toolchain. -F* version: 9dfeeb93f6e74fb5f930d35414f187a3806f0bbf -Karamel version: 6dd219f468907553b65cda0cdb094eae849cf773 +F* version: 20e3eede1fc3aeb4b5828c3661d4991161d2b03d +KaRaMeL version: 6dd219f468907553b65cda0cdb094eae849cf773 Vale version: 0.3.19 diff --git a/dist/gcc-compatible/Makefile.include b/dist/gcc-compatible/Makefile.include index 3892eb3530..f0c6aa8882 100644 --- a/dist/gcc-compatible/Makefile.include +++ b/dist/gcc-compatible/Makefile.include @@ -1,5 +1,5 @@ USER_TARGET=libevercrypt.a USER_CFLAGS=-Wno-unused USER_C_FILES=Lib_Memzero0.c Lib_PrintBuffer.c Lib_RandomBuffer_System.c -ALL_C_FILES=EverCrypt_AEAD.c EverCrypt_AutoConfig2.c EverCrypt_Chacha20Poly1305.c EverCrypt_Cipher.c EverCrypt_Curve25519.c EverCrypt_DRBG.c EverCrypt_Ed25519.c EverCrypt_HKDF.c EverCrypt_HMAC.c EverCrypt_Hash.c EverCrypt_Poly1305.c Hacl_Bignum.c Hacl_Bignum256.c Hacl_Bignum256_32.c Hacl_Bignum32.c Hacl_Bignum4096.c Hacl_Bignum4096_32.c Hacl_Bignum64.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_128.c Hacl_Chacha20Poly1305_256.c Hacl_Chacha20Poly1305_32.c Hacl_Chacha20_Vec128.c Hacl_Chacha20_Vec256.c Hacl_Chacha20_Vec32.c Hacl_Curve25519_51.c Hacl_Curve25519_64.c Hacl_Curve25519_64_Slow.c Hacl_EC_Ed25519.c Hacl_EC_K256.c Hacl_Ed25519.c Hacl_FFDHE.c Hacl_Frodo1344.c Hacl_Frodo64.c Hacl_Frodo640.c Hacl_Frodo976.c Hacl_Frodo_KEM.c Hacl_GenericField32.c Hacl_GenericField64.c Hacl_HKDF.c Hacl_HKDF_Blake2b_256.c Hacl_HKDF_Blake2s_128.c Hacl_HMAC.c Hacl_HMAC_Blake2b_256.c Hacl_HMAC_Blake2s_128.c Hacl_HMAC_DRBG.c Hacl_HPKE_Curve51_CP128_SHA256.c Hacl_HPKE_Curve51_CP128_SHA512.c Hacl_HPKE_Curve51_CP256_SHA256.c Hacl_HPKE_Curve51_CP256_SHA512.c Hacl_HPKE_Curve51_CP32_SHA256.c Hacl_HPKE_Curve51_CP32_SHA512.c Hacl_HPKE_Curve64_CP128_SHA256.c Hacl_HPKE_Curve64_CP128_SHA512.c Hacl_HPKE_Curve64_CP256_SHA256.c Hacl_HPKE_Curve64_CP256_SHA512.c Hacl_HPKE_Curve64_CP32_SHA256.c Hacl_HPKE_Curve64_CP32_SHA512.c Hacl_HPKE_P256_CP128_SHA256.c Hacl_HPKE_P256_CP256_SHA256.c Hacl_HPKE_P256_CP32_SHA256.c Hacl_Hash_Base.c Hacl_Hash_Blake2.c Hacl_Hash_Blake2b_256.c Hacl_Hash_Blake2s_128.c Hacl_Hash_MD5.c Hacl_Hash_SHA1.c Hacl_Hash_SHA2.c Hacl_K256_ECDSA.c Hacl_Krmllib.c Hacl_NaCl.c Hacl_P256.c Hacl_Poly1305_128.c Hacl_Poly1305_256.c Hacl_Poly1305_32.c Hacl_RSAPSS.c Hacl_SHA2_Scalar32.c Hacl_SHA2_Vec128.c Hacl_SHA2_Vec256.c Hacl_SHA3.c Hacl_Salsa20.c Hacl_Streaming_Blake2.c Hacl_Streaming_Blake2b_256.c Hacl_Streaming_Blake2s_128.c Hacl_Streaming_MD5.c Hacl_Streaming_Poly1305_128.c Hacl_Streaming_Poly1305_256.c Hacl_Streaming_Poly1305_32.c Hacl_Streaming_SHA1.c Hacl_Streaming_SHA2.c Hacl_Streaming_SHA3.c MerkleTree.c Vale.c -ALL_H_FILES=EverCrypt_AEAD.h EverCrypt_AutoConfig2.h EverCrypt_Chacha20Poly1305.h EverCrypt_Cipher.h EverCrypt_Curve25519.h EverCrypt_DRBG.h EverCrypt_Ed25519.h EverCrypt_Error.h EverCrypt_HKDF.h EverCrypt_HMAC.h EverCrypt_Hash.h EverCrypt_Poly1305.h Hacl_AES128.h Hacl_Bignum.h Hacl_Bignum25519_51.h Hacl_Bignum256.h Hacl_Bignum256_32.h Hacl_Bignum32.h Hacl_Bignum4096.h Hacl_Bignum4096_32.h Hacl_Bignum64.h Hacl_Bignum_Base.h Hacl_Bignum_K256.h Hacl_Chacha20.h Hacl_Chacha20Poly1305_128.h Hacl_Chacha20Poly1305_256.h Hacl_Chacha20Poly1305_32.h Hacl_Chacha20_Vec128.h Hacl_Chacha20_Vec256.h Hacl_Chacha20_Vec32.h Hacl_Curve25519_51.h Hacl_Curve25519_64.h Hacl_Curve25519_64_Slow.h Hacl_EC_Ed25519.h Hacl_EC_K256.h Hacl_Ed25519.h Hacl_Ed25519_PrecompTable.h Hacl_FFDHE.h Hacl_Frodo1344.h Hacl_Frodo64.h Hacl_Frodo640.h Hacl_Frodo976.h Hacl_Frodo_KEM.h Hacl_GenericField32.h Hacl_GenericField64.h Hacl_HKDF.h Hacl_HKDF_Blake2b_256.h Hacl_HKDF_Blake2s_128.h Hacl_HMAC.h Hacl_HMAC_Blake2b_256.h Hacl_HMAC_Blake2s_128.h Hacl_HMAC_DRBG.h Hacl_HPKE_Curve51_CP128_SHA256.h Hacl_HPKE_Curve51_CP128_SHA512.h Hacl_HPKE_Curve51_CP256_SHA256.h Hacl_HPKE_Curve51_CP256_SHA512.h Hacl_HPKE_Curve51_CP32_SHA256.h Hacl_HPKE_Curve51_CP32_SHA512.h Hacl_HPKE_Curve64_CP128_SHA256.h Hacl_HPKE_Curve64_CP128_SHA512.h Hacl_HPKE_Curve64_CP256_SHA256.h Hacl_HPKE_Curve64_CP256_SHA512.h Hacl_HPKE_Curve64_CP32_SHA256.h Hacl_HPKE_Curve64_CP32_SHA512.h Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h Hacl_HPKE_P256_CP128_SHA256.h Hacl_HPKE_P256_CP256_SHA256.h Hacl_HPKE_P256_CP32_SHA256.h Hacl_Hash_Base.h Hacl_Hash_Blake2.h Hacl_Hash_Blake2b_256.h Hacl_Hash_Blake2s_128.h Hacl_Hash_MD5.h Hacl_Hash_SHA1.h Hacl_Hash_SHA2.h Hacl_Impl_Blake2_Constants.h Hacl_Impl_FFDHE_Constants.h Hacl_IntTypes_Intrinsics.h Hacl_IntTypes_Intrinsics_128.h Hacl_K256_ECDSA.h Hacl_K256_PrecompTable.h Hacl_Krmllib.h Hacl_NaCl.h Hacl_P256.h Hacl_Poly1305_128.h Hacl_Poly1305_256.h Hacl_Poly1305_32.h Hacl_RSAPSS.h Hacl_SHA2_Generic.h Hacl_SHA2_Scalar32.h Hacl_SHA2_Types.h Hacl_SHA2_Vec128.h Hacl_SHA2_Vec256.h Hacl_SHA3.h Hacl_Salsa20.h Hacl_Spec.h Hacl_Streaming_Blake2.h Hacl_Streaming_Blake2b_256.h Hacl_Streaming_Blake2s_128.h Hacl_Streaming_MD5.h Hacl_Streaming_Poly1305_128.h Hacl_Streaming_Poly1305_256.h Hacl_Streaming_Poly1305_32.h Hacl_Streaming_SHA1.h Hacl_Streaming_SHA2.h Hacl_Streaming_SHA3.h Lib_Memzero0.h Lib_PrintBuffer.h Lib_RandomBuffer_System.h MerkleTree.h TestLib.h internal/Hacl_Bignum.h internal/Hacl_Chacha20.h internal/Hacl_Curve25519_51.h internal/Hacl_Ed25519.h internal/Hacl_Frodo_KEM.h internal/Hacl_HMAC.h internal/Hacl_Hash_Blake2.h internal/Hacl_Hash_Blake2b_256.h internal/Hacl_Hash_Blake2s_128.h internal/Hacl_Hash_MD5.h internal/Hacl_Hash_SHA1.h internal/Hacl_Hash_SHA2.h internal/Hacl_K256_ECDSA.h internal/Hacl_Krmllib.h internal/Hacl_P256.h internal/Hacl_Poly1305_128.h internal/Hacl_Poly1305_256.h internal/Hacl_SHA2_Types.h internal/Hacl_Spec.h internal/Vale.h +ALL_C_FILES=EverCrypt_AEAD.c EverCrypt_AutoConfig2.c EverCrypt_Chacha20Poly1305.c EverCrypt_Cipher.c EverCrypt_Curve25519.c EverCrypt_DRBG.c EverCrypt_Ed25519.c EverCrypt_HKDF.c EverCrypt_HMAC.c EverCrypt_Hash.c EverCrypt_Poly1305.c Hacl_Bignum.c Hacl_Bignum256.c Hacl_Bignum256_32.c Hacl_Bignum32.c Hacl_Bignum4096.c Hacl_Bignum4096_32.c Hacl_Bignum64.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_128.c Hacl_Chacha20Poly1305_256.c Hacl_Chacha20Poly1305_32.c Hacl_Chacha20_Vec128.c Hacl_Chacha20_Vec256.c Hacl_Chacha20_Vec32.c Hacl_Curve25519_51.c Hacl_Curve25519_64.c Hacl_Curve25519_64_Slow.c Hacl_EC_Ed25519.c Hacl_EC_K256.c Hacl_Ed25519.c Hacl_FFDHE.c Hacl_Frodo1344.c Hacl_Frodo64.c Hacl_Frodo640.c Hacl_Frodo976.c Hacl_Frodo_KEM.c Hacl_GenericField32.c Hacl_GenericField64.c Hacl_HKDF.c Hacl_HKDF_Blake2b_256.c Hacl_HKDF_Blake2s_128.c Hacl_HMAC.c Hacl_HMAC_Blake2b_256.c Hacl_HMAC_Blake2s_128.c Hacl_HMAC_DRBG.c Hacl_HPKE_Curve51_CP128_SHA256.c Hacl_HPKE_Curve51_CP128_SHA512.c Hacl_HPKE_Curve51_CP256_SHA256.c Hacl_HPKE_Curve51_CP256_SHA512.c Hacl_HPKE_Curve51_CP32_SHA256.c Hacl_HPKE_Curve51_CP32_SHA512.c Hacl_HPKE_Curve64_CP128_SHA256.c Hacl_HPKE_Curve64_CP128_SHA512.c Hacl_HPKE_Curve64_CP256_SHA256.c Hacl_HPKE_Curve64_CP256_SHA512.c Hacl_HPKE_Curve64_CP32_SHA256.c Hacl_HPKE_Curve64_CP32_SHA512.c Hacl_HPKE_P256_CP128_SHA256.c Hacl_HPKE_P256_CP256_SHA256.c Hacl_HPKE_P256_CP32_SHA256.c Hacl_Hash_Base.c Hacl_Hash_Blake2.c Hacl_Hash_Blake2b_256.c Hacl_Hash_Blake2s_128.c Hacl_Hash_MD5.c Hacl_Hash_SHA1.c Hacl_Hash_SHA2.c Hacl_K256_ECDSA.c Hacl_Krmllib.c Hacl_NaCl.c Hacl_P256.c Hacl_Poly1305_128.c Hacl_Poly1305_256.c Hacl_Poly1305_32.c Hacl_RSAPSS.c Hacl_SHA2_Vec128.c Hacl_SHA2_Vec256.c Hacl_SHA3.c Hacl_Salsa20.c Hacl_Streaming_Blake2.c Hacl_Streaming_Blake2b_256.c Hacl_Streaming_Blake2s_128.c Hacl_Streaming_MD5.c Hacl_Streaming_Poly1305_128.c Hacl_Streaming_Poly1305_256.c Hacl_Streaming_Poly1305_32.c Hacl_Streaming_SHA1.c Hacl_Streaming_SHA2.c Hacl_Streaming_SHA3.c MerkleTree.c Vale.c +ALL_H_FILES=EverCrypt_AEAD.h EverCrypt_AutoConfig2.h EverCrypt_Chacha20Poly1305.h EverCrypt_Cipher.h EverCrypt_Curve25519.h EverCrypt_DRBG.h EverCrypt_Ed25519.h EverCrypt_Error.h EverCrypt_HKDF.h EverCrypt_HMAC.h EverCrypt_Hash.h EverCrypt_Poly1305.h Hacl_AES128.h Hacl_Bignum.h Hacl_Bignum25519_51.h Hacl_Bignum256.h Hacl_Bignum256_32.h Hacl_Bignum32.h Hacl_Bignum4096.h Hacl_Bignum4096_32.h Hacl_Bignum64.h Hacl_Bignum_Base.h Hacl_Bignum_K256.h Hacl_Chacha20.h Hacl_Chacha20Poly1305_128.h Hacl_Chacha20Poly1305_256.h Hacl_Chacha20Poly1305_32.h Hacl_Chacha20_Vec128.h Hacl_Chacha20_Vec256.h Hacl_Chacha20_Vec32.h Hacl_Curve25519_51.h Hacl_Curve25519_64.h Hacl_Curve25519_64_Slow.h Hacl_EC_Ed25519.h Hacl_EC_K256.h Hacl_Ed25519.h Hacl_Ed25519_PrecompTable.h Hacl_FFDHE.h Hacl_Frodo1344.h Hacl_Frodo64.h Hacl_Frodo640.h Hacl_Frodo976.h Hacl_Frodo_KEM.h Hacl_GenericField32.h Hacl_GenericField64.h Hacl_HKDF.h Hacl_HKDF_Blake2b_256.h Hacl_HKDF_Blake2s_128.h Hacl_HMAC.h Hacl_HMAC_Blake2b_256.h Hacl_HMAC_Blake2s_128.h Hacl_HMAC_DRBG.h Hacl_HPKE_Curve51_CP128_SHA256.h Hacl_HPKE_Curve51_CP128_SHA512.h Hacl_HPKE_Curve51_CP256_SHA256.h Hacl_HPKE_Curve51_CP256_SHA512.h Hacl_HPKE_Curve51_CP32_SHA256.h Hacl_HPKE_Curve51_CP32_SHA512.h Hacl_HPKE_Curve64_CP128_SHA256.h Hacl_HPKE_Curve64_CP128_SHA512.h Hacl_HPKE_Curve64_CP256_SHA256.h Hacl_HPKE_Curve64_CP256_SHA512.h Hacl_HPKE_Curve64_CP32_SHA256.h Hacl_HPKE_Curve64_CP32_SHA512.h Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE.h Hacl_HPKE_P256_CP128_SHA256.h Hacl_HPKE_P256_CP256_SHA256.h Hacl_HPKE_P256_CP32_SHA256.h Hacl_Hash_Base.h Hacl_Hash_Blake2.h Hacl_Hash_Blake2b_256.h Hacl_Hash_Blake2s_128.h Hacl_Hash_MD5.h Hacl_Hash_SHA1.h Hacl_Hash_SHA2.h Hacl_Impl_Blake2_Constants.h Hacl_Impl_FFDHE_Constants.h Hacl_IntTypes_Intrinsics.h Hacl_IntTypes_Intrinsics_128.h Hacl_K256_ECDSA.h Hacl_K256_PrecompTable.h Hacl_Krmllib.h Hacl_NaCl.h Hacl_P256.h Hacl_Poly1305_128.h Hacl_Poly1305_256.h Hacl_Poly1305_32.h Hacl_RSAPSS.h Hacl_SHA2_Generic.h Hacl_SHA2_Types.h Hacl_SHA2_Vec128.h Hacl_SHA2_Vec256.h Hacl_SHA3.h Hacl_Salsa20.h Hacl_Spec.h Hacl_Streaming_Blake2.h Hacl_Streaming_Blake2b_256.h Hacl_Streaming_Blake2s_128.h Hacl_Streaming_MD5.h Hacl_Streaming_Poly1305_128.h Hacl_Streaming_Poly1305_256.h Hacl_Streaming_Poly1305_32.h Hacl_Streaming_SHA1.h Hacl_Streaming_SHA2.h Hacl_Streaming_SHA3.h Lib_Memzero0.h Lib_PrintBuffer.h Lib_RandomBuffer_System.h MerkleTree.h TestLib.h internal/Hacl_Bignum.h internal/Hacl_Chacha20.h internal/Hacl_Curve25519_51.h internal/Hacl_Ed25519.h internal/Hacl_Frodo_KEM.h internal/Hacl_HMAC.h internal/Hacl_Hash_Blake2.h internal/Hacl_Hash_Blake2b_256.h internal/Hacl_Hash_Blake2s_128.h internal/Hacl_Hash_MD5.h internal/Hacl_Hash_SHA1.h internal/Hacl_Hash_SHA2.h internal/Hacl_K256_ECDSA.h internal/Hacl_Krmllib.h internal/Hacl_P256.h internal/Hacl_Poly1305_128.h internal/Hacl_Poly1305_256.h internal/Hacl_SHA2_Types.h internal/Hacl_Spec.h internal/Hacl_Streaming_SHA2.h internal/Vale.h diff --git a/dist/gcc-compatible/ctypes.depend b/dist/gcc-compatible/ctypes.depend index a69d4145cd..faad356b73 100644 --- a/dist/gcc-compatible/ctypes.depend +++ b/dist/gcc-compatible/ctypes.depend @@ -1,4 +1,4 @@ -CTYPES_DEPS=lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_SHA3_stubs.cmx lib/Hacl_SHA3_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_Slow_stubs.cmx lib/Hacl_Curve25519_64_Slow_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Streaming_SHA2_stubs.cmx lib/Hacl_Streaming_SHA2_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_Streaming_SHA3_stubs.cmx lib/Hacl_Streaming_SHA3_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_SHA2_Scalar32_stubs.cmx lib/Hacl_SHA2_Scalar32_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_Streaming_SHA1_stubs.cmx lib/Hacl_Streaming_SHA1_bindings.cmx lib/Hacl_Streaming_MD5_stubs.cmx lib/Hacl_Streaming_MD5_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx +CTYPES_DEPS=lib/Hacl_Spec_stubs.cmx lib/Hacl_Spec_bindings.cmx lib/Hacl_Hash_Base_stubs.cmx lib/Hacl_Hash_Base_bindings.cmx lib/Hacl_Hash_Blake2_stubs.cmx lib/Hacl_Hash_Blake2_bindings.cmx lib/Hacl_Hash_Blake2b_256_stubs.cmx lib/Hacl_Hash_Blake2b_256_bindings.cmx lib/Hacl_Hash_Blake2s_128_stubs.cmx lib/Hacl_Hash_Blake2s_128_bindings.cmx lib/Hacl_SHA3_stubs.cmx lib/Hacl_SHA3_bindings.cmx lib/Hacl_Hash_MD5_stubs.cmx lib/Hacl_Hash_MD5_bindings.cmx lib/Hacl_Hash_SHA1_stubs.cmx lib/Hacl_Hash_SHA1_bindings.cmx lib/Hacl_Hash_SHA2_stubs.cmx lib/Hacl_Hash_SHA2_bindings.cmx lib/EverCrypt_Error_stubs.cmx lib/EverCrypt_Error_bindings.cmx lib/EverCrypt_AutoConfig2_stubs.cmx lib/EverCrypt_AutoConfig2_bindings.cmx lib/EverCrypt_Hash_stubs.cmx lib/EverCrypt_Hash_bindings.cmx lib/Hacl_SHA2_Types_stubs.cmx lib/Hacl_SHA2_Types_bindings.cmx lib/Hacl_Chacha20_stubs.cmx lib/Hacl_Chacha20_bindings.cmx lib/Hacl_Salsa20_stubs.cmx lib/Hacl_Salsa20_bindings.cmx lib/Hacl_Bignum_Base_stubs.cmx lib/Hacl_Bignum_Base_bindings.cmx lib/Hacl_Bignum_stubs.cmx lib/Hacl_Bignum_bindings.cmx lib/Hacl_Curve25519_64_Slow_stubs.cmx lib/Hacl_Curve25519_64_Slow_bindings.cmx lib/Hacl_Curve25519_64_stubs.cmx lib/Hacl_Curve25519_64_bindings.cmx lib/Hacl_Bignum25519_51_stubs.cmx lib/Hacl_Bignum25519_51_bindings.cmx lib/Hacl_Curve25519_51_stubs.cmx lib/Hacl_Curve25519_51_bindings.cmx lib/Hacl_Streaming_SHA2_stubs.cmx lib/Hacl_Streaming_SHA2_bindings.cmx lib/Hacl_Ed25519_stubs.cmx lib/Hacl_Ed25519_bindings.cmx lib/Hacl_Poly1305_32_stubs.cmx lib/Hacl_Poly1305_32_bindings.cmx lib/Hacl_Poly1305_128_stubs.cmx lib/Hacl_Poly1305_128_bindings.cmx lib/Hacl_Poly1305_256_stubs.cmx lib/Hacl_Poly1305_256_bindings.cmx lib/Hacl_NaCl_stubs.cmx lib/Hacl_NaCl_bindings.cmx lib/Hacl_P256_stubs.cmx lib/Hacl_P256_bindings.cmx lib/Hacl_Bignum_K256_stubs.cmx lib/Hacl_Bignum_K256_bindings.cmx lib/Hacl_K256_ECDSA_stubs.cmx lib/Hacl_K256_ECDSA_bindings.cmx lib/Hacl_Frodo_KEM_stubs.cmx lib/Hacl_Frodo_KEM_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_IntTypes_Intrinsics_stubs.cmx lib/Hacl_IntTypes_Intrinsics_bindings.cmx lib/Hacl_IntTypes_Intrinsics_128_stubs.cmx lib/Hacl_IntTypes_Intrinsics_128_bindings.cmx lib/Hacl_RSAPSS_stubs.cmx lib/Hacl_RSAPSS_bindings.cmx lib/Hacl_FFDHE_stubs.cmx lib/Hacl_FFDHE_bindings.cmx lib/Hacl_Streaming_Blake2_stubs.cmx lib/Hacl_Streaming_Blake2_bindings.cmx lib/Hacl_Streaming_SHA3_stubs.cmx lib/Hacl_Streaming_SHA3_bindings.cmx lib/Hacl_Frodo640_stubs.cmx lib/Hacl_Frodo640_bindings.cmx lib/Hacl_Chacha20_Vec128_stubs.cmx lib/Hacl_Chacha20_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_128_stubs.cmx lib/Hacl_Chacha20Poly1305_128_bindings.cmx lib/Hacl_HMAC_stubs.cmx lib/Hacl_HMAC_bindings.cmx lib/Hacl_HKDF_stubs.cmx lib/Hacl_HKDF_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA512_bindings.cmx lib/EverCrypt_Cipher_stubs.cmx lib/EverCrypt_Cipher_bindings.cmx lib/Hacl_GenericField32_stubs.cmx lib/Hacl_GenericField32_bindings.cmx lib/Hacl_Bignum256_stubs.cmx lib/Hacl_Bignum256_bindings.cmx lib/Hacl_SHA2_Vec256_stubs.cmx lib/Hacl_SHA2_Vec256_bindings.cmx lib/Hacl_EC_K256_stubs.cmx lib/Hacl_EC_K256_bindings.cmx lib/Hacl_Bignum4096_stubs.cmx lib/Hacl_Bignum4096_bindings.cmx lib/Hacl_Chacha20_Vec32_stubs.cmx lib/Hacl_Chacha20_Vec32_bindings.cmx lib/EverCrypt_Ed25519_stubs.cmx lib/EverCrypt_Ed25519_bindings.cmx lib/Hacl_Bignum4096_32_stubs.cmx lib/Hacl_Bignum4096_32_bindings.cmx lib/EverCrypt_HMAC_stubs.cmx lib/EverCrypt_HMAC_bindings.cmx lib/Hacl_HMAC_DRBG_stubs.cmx lib/Hacl_HMAC_DRBG_bindings.cmx lib/EverCrypt_DRBG_stubs.cmx lib/EverCrypt_DRBG_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP128_SHA256_bindings.cmx lib/EverCrypt_Curve25519_stubs.cmx lib/EverCrypt_Curve25519_bindings.cmx lib/Hacl_Chacha20_Vec256_stubs.cmx lib/Hacl_Chacha20_Vec256_bindings.cmx lib/Hacl_Chacha20Poly1305_256_stubs.cmx lib/Hacl_Chacha20Poly1305_256_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib/Hacl_Frodo976_stubs.cmx lib/Hacl_Frodo976_bindings.cmx lib/Hacl_HMAC_Blake2s_128_stubs.cmx lib/Hacl_HMAC_Blake2s_128_bindings.cmx lib/Hacl_HKDF_Blake2s_128_stubs.cmx lib/Hacl_HKDF_Blake2s_128_bindings.cmx lib/Hacl_GenericField64_stubs.cmx lib/Hacl_GenericField64_bindings.cmx lib/Hacl_Frodo1344_stubs.cmx lib/Hacl_Frodo1344_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA512_bindings.cmx lib/Hacl_Bignum32_stubs.cmx lib/Hacl_Bignum32_bindings.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP128_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP128_SHA256_bindings.cmx lib/Hacl_Bignum256_32_stubs.cmx lib/Hacl_Bignum256_32_bindings.cmx lib/Hacl_SHA2_Vec128_stubs.cmx lib/Hacl_SHA2_Vec128_bindings.cmx lib/Hacl_Chacha20Poly1305_32_stubs.cmx lib/Hacl_Chacha20Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib/EverCrypt_Poly1305_stubs.cmx lib/EverCrypt_Poly1305_bindings.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib/Hacl_Streaming_Poly1305_32_stubs.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve51_CP32_SHA512_bindings.cmx lib/Hacl_HPKE_P256_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP256_SHA256_bindings.cmx lib/Hacl_HPKE_P256_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_P256_CP32_SHA256_bindings.cmx lib/Hacl_Bignum64_stubs.cmx lib/Hacl_Bignum64_bindings.cmx lib/Hacl_Frodo64_stubs.cmx lib/Hacl_Frodo64_bindings.cmx lib/Hacl_Streaming_SHA1_stubs.cmx lib/Hacl_Streaming_SHA1_bindings.cmx lib/Hacl_Streaming_MD5_stubs.cmx lib/Hacl_Streaming_MD5_bindings.cmx lib/Hacl_HMAC_Blake2b_256_stubs.cmx lib/Hacl_HMAC_Blake2b_256_bindings.cmx lib/Hacl_HKDF_Blake2b_256_stubs.cmx lib/Hacl_HKDF_Blake2b_256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA256_bindings.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_stubs.cmx lib/Hacl_HPKE_Curve64_CP32_SHA512_bindings.cmx lib/EverCrypt_HKDF_stubs.cmx lib/EverCrypt_HKDF_bindings.cmx lib/Hacl_EC_Ed25519_stubs.cmx lib/Hacl_EC_Ed25519_bindings.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_stubs.cmx lib/Hacl_HPKE_Curve51_CP256_SHA256_bindings.cmx lib/EverCrypt_Chacha20Poly1305_stubs.cmx lib/EverCrypt_Chacha20Poly1305_bindings.cmx lib/EverCrypt_AEAD_stubs.cmx lib/EverCrypt_AEAD_bindings.cmx lib/Hacl_Spec_bindings.cmx: lib_gen/Hacl_Spec_gen.cmx: lib/Hacl_Spec_bindings.cmx lib_gen/Hacl_Spec_gen.exe: lib/Hacl_Spec_bindings.cmx lib_gen/Hacl_Spec_gen.cmx @@ -185,9 +185,6 @@ lib_gen/Hacl_Chacha20Poly1305_256_gen.exe: lib/Hacl_Chacha20Poly1305_256_binding lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib_gen/Hacl_HPKE_Curve51_CP256_SHA512_gen.cmx: lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP256_SHA512_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve51_CP256_SHA512_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP256_SHA512_gen.cmx -lib/Hacl_SHA2_Scalar32_bindings.cmx: -lib_gen/Hacl_SHA2_Scalar32_gen.cmx: lib/Hacl_SHA2_Scalar32_bindings.cmx -lib_gen/Hacl_SHA2_Scalar32_gen.exe: lib/Hacl_SHA2_Scalar32_bindings.cmx lib_gen/Hacl_SHA2_Scalar32_gen.cmx lib/Hacl_Frodo976_bindings.cmx: lib_gen/Hacl_Frodo976_gen.cmx: lib/Hacl_Frodo976_bindings.cmx lib_gen/Hacl_Frodo976_gen.exe: lib/Hacl_Frodo976_bindings.cmx lib_gen/Hacl_Frodo976_gen.cmx @@ -227,12 +224,12 @@ lib_gen/Hacl_Chacha20Poly1305_32_gen.exe: lib/Hacl_Chacha20Poly1305_32_bindings. lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx: lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve51_CP32_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve51_CP32_SHA256_gen.cmx -lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx -lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx -lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx lib/EverCrypt_Poly1305_bindings.cmx: lib_gen/EverCrypt_Poly1305_gen.cmx: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.exe: lib/EverCrypt_Poly1305_bindings.cmx lib_gen/EverCrypt_Poly1305_gen.cmx +lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx +lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx: lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx +lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.exe: lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_bindings.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_stubs.cmx lib/Hacl_HPKE_Interface_Hacl_Impl_HPKE_Hacl_Meta_HPKE_c_stubs.o lib/Hacl_HPKE_Curve64_CP256_SHA256_bindings.cmx lib_gen/Hacl_HPKE_Curve64_CP256_SHA256_gen.cmx lib/Hacl_Streaming_Poly1305_32_bindings.cmx: lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx: lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib_gen/Hacl_Streaming_Poly1305_32_gen.exe: lib/Hacl_Streaming_Poly1305_32_bindings.cmx lib_gen/Hacl_Streaming_Poly1305_32_gen.cmx diff --git a/dist/gcc-compatible/internal/Hacl_Ed25519.h b/dist/gcc-compatible/internal/Hacl_Ed25519.h index cb2adab7e3..e6cb92fdb5 100644 --- a/dist/gcc-compatible/internal/Hacl_Ed25519.h +++ b/dist/gcc-compatible/internal/Hacl_Ed25519.h @@ -35,8 +35,8 @@ extern "C" { #include "krml/internal/target.h" +#include "internal/Hacl_Streaming_SHA2.h" #include "internal/Hacl_Krmllib.h" -#include "internal/Hacl_Hash_SHA2.h" #include "internal/Hacl_Curve25519_51.h" #include "../Hacl_Ed25519.h" diff --git a/dist/gcc-compatible/internal/Hacl_Streaming_SHA2.h b/dist/gcc-compatible/internal/Hacl_Streaming_SHA2.h new file mode 100644 index 0000000000..5a6d583b68 --- /dev/null +++ b/dist/gcc-compatible/internal/Hacl_Streaming_SHA2.h @@ -0,0 +1,48 @@ +/* MIT License + * + * Copyright (c) 2016-2020 INRIA, CMU and Microsoft Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_Streaming_SHA2_H +#define __internal_Hacl_Streaming_SHA2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + +#include "internal/Hacl_SHA2_Types.h" +#include "../Hacl_Streaming_SHA2.h" + +void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash); + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_Streaming_SHA2_H_DEFINED +#endif diff --git a/dist/gcc-compatible/lib/Hacl_Streaming_SHA2_bindings.ml b/dist/gcc-compatible/lib/Hacl_Streaming_SHA2_bindings.ml index 9eb78986a5..fa0aeac658 100644 --- a/dist/gcc-compatible/lib/Hacl_Streaming_SHA2_bindings.ml +++ b/dist/gcc-compatible/lib/Hacl_Streaming_SHA2_bindings.ml @@ -2,6 +2,9 @@ open Ctypes module Bindings(F:Cstubs.FOREIGN) = struct open F + let hacl_SHA2_Scalar32_sha512_init = + foreign "Hacl_SHA2_Scalar32_sha512_init" + ((ptr uint64_t) @-> (returning void)) type hacl_Streaming_SHA2_state_sha2_224 = [ `hacl_Streaming_SHA2_state_sha2_224 ] structure let (hacl_Streaming_SHA2_state_sha2_224 : @@ -53,6 +56,9 @@ module Bindings(F:Cstubs.FOREIGN) = let hacl_Streaming_SHA2_free_224 = foreign "Hacl_Streaming_SHA2_free_224" ((ptr hacl_Streaming_SHA2_state_sha2_224) @-> (returning void)) + let hacl_Streaming_SHA2_sha224 = + foreign "Hacl_Streaming_SHA2_sha224" + (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))) let hacl_Streaming_SHA2_create_in_256 = foreign "Hacl_Streaming_SHA2_create_in_256" (void @-> (returning (ptr hacl_Streaming_SHA2_state_sha2_224))) @@ -70,6 +76,9 @@ module Bindings(F:Cstubs.FOREIGN) = let hacl_Streaming_SHA2_free_256 = foreign "Hacl_Streaming_SHA2_free_256" ((ptr hacl_Streaming_SHA2_state_sha2_224) @-> (returning void)) + let hacl_Streaming_SHA2_sha256 = + foreign "Hacl_Streaming_SHA2_sha256" + (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))) let hacl_Streaming_SHA2_create_in_384 = foreign "Hacl_Streaming_SHA2_create_in_384" (void @-> (returning (ptr hacl_Streaming_SHA2_state_sha2_384))) @@ -87,6 +96,9 @@ module Bindings(F:Cstubs.FOREIGN) = let hacl_Streaming_SHA2_free_384 = foreign "Hacl_Streaming_SHA2_free_384" ((ptr hacl_Streaming_SHA2_state_sha2_384) @-> (returning void)) + let hacl_Streaming_SHA2_sha384 = + foreign "Hacl_Streaming_SHA2_sha384" + (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))) let hacl_Streaming_SHA2_create_in_512 = foreign "Hacl_Streaming_SHA2_create_in_512" (void @-> (returning (ptr hacl_Streaming_SHA2_state_sha2_384))) @@ -104,4 +116,7 @@ module Bindings(F:Cstubs.FOREIGN) = let hacl_Streaming_SHA2_free_512 = foreign "Hacl_Streaming_SHA2_free_512" ((ptr hacl_Streaming_SHA2_state_sha2_384) @-> (returning void)) + let hacl_Streaming_SHA2_sha512 = + foreign "Hacl_Streaming_SHA2_sha512" + (ocaml_bytes @-> (uint32_t @-> (ocaml_bytes @-> (returning void)))) end \ No newline at end of file diff --git a/dist/gcc-compatible/lib_gen/Hacl_Streaming_SHA2_gen.ml b/dist/gcc-compatible/lib_gen/Hacl_Streaming_SHA2_gen.ml index de38ea91be..1c188f0914 100644 --- a/dist/gcc-compatible/lib_gen/Hacl_Streaming_SHA2_gen.ml +++ b/dist/gcc-compatible/lib_gen/Hacl_Streaming_SHA2_gen.ml @@ -5,6 +5,7 @@ let _ = (module Hacl_Streaming_SHA2_bindings.Bindings)); Format.set_formatter_out_channel (open_out_bin "lib/Hacl_Streaming_SHA2_c_stubs.c")); - Format.printf "#include \"Hacl_Streaming_SHA2.h\"\n"); + Format.printf + "#include \"Hacl_Streaming_SHA2.h\"\n#include \"internal/Hacl_Streaming_SHA2.h\"\n"); Cstubs.write_c Format.std_formatter ~prefix:"" (module Hacl_Streaming_SHA2_bindings.Bindings) \ No newline at end of file diff --git a/dist/gcc-compatible/libevercrypt.def b/dist/gcc-compatible/libevercrypt.def index 8067377805..7337b2aeb8 100644 --- a/dist/gcc-compatible/libevercrypt.def +++ b/dist/gcc-compatible/libevercrypt.def @@ -255,6 +255,7 @@ EXPORTS Hacl_Curve25519_51_scalarmult Hacl_Curve25519_51_secret_to_public Hacl_Curve25519_51_ecdh + Hacl_SHA2_Scalar32_sha512_init Hacl_Streaming_SHA2_create_in_224 LowStar_BufferOps_op_Bang_Star__Hacl_Streaming_Functor_state_s__uint32_t____ Hacl_Streaming_SHA2_init_224 @@ -262,11 +263,13 @@ EXPORTS Hacl_Streaming_SHA2_update_224 Hacl_Streaming_SHA2_finish_224 Hacl_Streaming_SHA2_free_224 + Hacl_Streaming_SHA2_sha224 Hacl_Streaming_SHA2_create_in_256 Hacl_Streaming_SHA2_init_256 Hacl_Streaming_SHA2_update_256 Hacl_Streaming_SHA2_finish_256 Hacl_Streaming_SHA2_free_256 + Hacl_Streaming_SHA2_sha256 Hacl_Streaming_SHA2_create_in_384 LowStar_BufferOps_op_Bang_Star__Hacl_Streaming_Functor_state_s__uint64_t____ Hacl_Streaming_SHA2_init_384 @@ -274,11 +277,13 @@ EXPORTS Hacl_Streaming_SHA2_update_384 Hacl_Streaming_SHA2_finish_384 Hacl_Streaming_SHA2_free_384 + Hacl_Streaming_SHA2_sha384 Hacl_Streaming_SHA2_create_in_512 Hacl_Streaming_SHA2_init_512 Hacl_Streaming_SHA2_update_512 Hacl_Streaming_SHA2_finish_512 Hacl_Streaming_SHA2_free_512 + Hacl_Streaming_SHA2_sha512 Hacl_Bignum25519_reduce_513 Hacl_Bignum25519_inverse Hacl_Bignum25519_load_51 @@ -717,10 +722,6 @@ EXPORTS Hacl_HPKE_Curve51_CP256_SHA512_setupBaseR Hacl_HPKE_Curve51_CP256_SHA512_sealBase Hacl_HPKE_Curve51_CP256_SHA512_openBase - Hacl_SHA2_Scalar32_sha224 - Hacl_SHA2_Scalar32_sha256 - Hacl_SHA2_Scalar32_sha384 - Hacl_SHA2_Scalar32_sha512 Hacl_Frodo976_crypto_kem_keypair Hacl_Frodo976_crypto_kem_enc Hacl_Frodo976_crypto_kem_dec @@ -818,11 +819,11 @@ EXPORTS Hacl_HPKE_Curve51_CP32_SHA256_setupBaseR Hacl_HPKE_Curve51_CP32_SHA256_sealBase Hacl_HPKE_Curve51_CP32_SHA256_openBase + EverCrypt_Poly1305_poly1305 Hacl_HPKE_Curve64_CP256_SHA256_setupBaseS Hacl_HPKE_Curve64_CP256_SHA256_setupBaseR Hacl_HPKE_Curve64_CP256_SHA256_sealBase Hacl_HPKE_Curve64_CP256_SHA256_openBase - EverCrypt_Poly1305_poly1305 Hacl_Streaming_Poly1305_32_create_in Hacl_Streaming_Poly1305_32_init Hacl_Streaming_Poly1305_32_update diff --git a/dist/mozilla/Hacl_SHA2_Generic.h b/dist/mozilla/Hacl_SHA2_Generic.h new file mode 100644 index 0000000000..3a6a754837 --- /dev/null +++ b/dist/mozilla/Hacl_SHA2_Generic.h @@ -0,0 +1,134 @@ +/* MIT License + * + * Copyright (c) 2016-2020 INRIA, CMU and Microsoft Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_SHA2_Generic_H +#define __Hacl_SHA2_Generic_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + + + +static const +uint32_t +Hacl_Impl_SHA2_Generic_h224[8U] = + { + (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U, + (uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U + }; + +static const +uint32_t +Hacl_Impl_SHA2_Generic_h256[8U] = + { + (uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU, + (uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U + }; + +static const +uint64_t +Hacl_Impl_SHA2_Generic_h384[8U] = + { + (uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U, + (uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U, + (uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U + }; + +static const +uint64_t +Hacl_Impl_SHA2_Generic_h512[8U] = + { + (uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU, + (uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU, + (uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U + }; + +static const +uint32_t +Hacl_Impl_SHA2_Generic_k224_256[64U] = + { + (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U, + (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U, + (uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U, + (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U, + (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU, + (uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU, + (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U, + (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U, + (uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U, + (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U, + (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U, + (uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U, + (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U, + (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U, + (uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U, + (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U + }; + +static const +uint64_t +Hacl_Impl_SHA2_Generic_k384_512[80U] = + { + (uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU, + (uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U, + (uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U, + (uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U, + (uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U, + (uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U, + (uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U, + (uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U, + (uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU, + (uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U, + (uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU, + (uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU, + (uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U, + (uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U, + (uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U, + (uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U, + (uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U, + (uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU, + (uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU, + (uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU, + (uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U, + (uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U, + (uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU, + (uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU, + (uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU, + (uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU, + (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U + }; + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_SHA2_Generic_H_DEFINED +#endif diff --git a/dist/mozilla/Hacl_SHA2_Types.h b/dist/mozilla/Hacl_SHA2_Types.h new file mode 100644 index 0000000000..ef78be8f07 --- /dev/null +++ b/dist/mozilla/Hacl_SHA2_Types.h @@ -0,0 +1,47 @@ +/* MIT License + * + * Copyright (c) 2016-2020 INRIA, CMU and Microsoft Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_SHA2_Types_H +#define __Hacl_SHA2_Types_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + + + +typedef uint8_t *Hacl_Impl_SHA2_Types_uint8_1p; + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_SHA2_Types_H_DEFINED +#endif diff --git a/dist/mozilla/Hacl_Streaming_SHA1.c b/dist/mozilla/Hacl_Streaming_SHA1.c index 4fc2fb546b..f8049f1f2e 100644 --- a/dist/mozilla/Hacl_Streaming_SHA1.c +++ b/dist/mozilla/Hacl_Streaming_SHA1.c @@ -24,6 +24,7 @@ #include "Hacl_Streaming_SHA1.h" +#include "internal/Hacl_Streaming_SHA2.h" #include "internal/Hacl_Hash_SHA1.h" Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA1_legacy_create_in_sha1() diff --git a/dist/mozilla/Hacl_Streaming_SHA2.h b/dist/mozilla/Hacl_Streaming_SHA2.h index 407f0f7395..846d3e552f 100644 --- a/dist/mozilla/Hacl_Streaming_SHA2.h +++ b/dist/mozilla/Hacl_Streaming_SHA2.h @@ -35,8 +35,8 @@ extern "C" { #include "krml/internal/target.h" +#include "Hacl_SHA2_Generic.h" #include "Hacl_Krmllib.h" -#include "Hacl_Hash_SHA2.h" typedef struct Hacl_Streaming_SHA2_state_sha2_224_s { @@ -76,6 +76,8 @@ void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8 void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_SHA2_state_sha2_224 *s); +void Hacl_Streaming_SHA2_sha224(uint8_t *dst, uint32_t input_len, uint8_t *input); + Hacl_Streaming_SHA2_state_sha2_224 *Hacl_Streaming_SHA2_create_in_256(); void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_SHA2_state_sha2_224 *s); @@ -94,6 +96,8 @@ void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_SHA2_state_sha2_224 *p, uint8 void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_SHA2_state_sha2_224 *s); +void Hacl_Streaming_SHA2_sha256(uint8_t *dst, uint32_t input_len, uint8_t *input); + Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_384(); void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_SHA2_state_sha2_384 *s); @@ -112,6 +116,8 @@ void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8 void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_SHA2_state_sha2_384 *s); +void Hacl_Streaming_SHA2_sha384(uint8_t *dst, uint32_t input_len, uint8_t *input); + Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA2_create_in_512(); void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_SHA2_state_sha2_384 *s); @@ -130,6 +136,8 @@ void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_SHA2_state_sha2_384 *p, uint8 void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_SHA2_state_sha2_384 *s); +void Hacl_Streaming_SHA2_sha512(uint8_t *dst, uint32_t input_len, uint8_t *input); + #if defined(__cplusplus) } #endif diff --git a/dist/mozilla/Hacl_Streaming_SHA3.c b/dist/mozilla/Hacl_Streaming_SHA3.c index 2812e2c170..c20f681eda 100644 --- a/dist/mozilla/Hacl_Streaming_SHA3.c +++ b/dist/mozilla/Hacl_Streaming_SHA3.c @@ -24,7 +24,7 @@ #include "Hacl_Streaming_SHA3.h" - +#include "internal/Hacl_Streaming_SHA2.h" Hacl_Streaming_SHA2_state_sha2_384 *Hacl_Streaming_SHA3_create_in_256() { diff --git a/dist/mozilla/INFO.txt b/dist/mozilla/INFO.txt deleted file mode 100644 index 97cea71f53..0000000000 --- a/dist/mozilla/INFO.txt +++ /dev/null @@ -1,4 +0,0 @@ -This code was generated with the following toolchain. -F* version: 9dfeeb93f6e74fb5f930d35414f187a3806f0bbf -Karamel version: 6dd219f468907553b65cda0cdb094eae849cf773 -Vale version: 0.3.19 diff --git a/dist/mozilla/Makefile.include b/dist/mozilla/Makefile.include index ee839adc39..114374a585 100644 --- a/dist/mozilla/Makefile.include +++ b/dist/mozilla/Makefile.include @@ -2,4 +2,4 @@ USER_TARGET=libevercrypt.a USER_CFLAGS=-Wno-unused USER_C_FILES=Lib_Memzero0.c ALL_C_FILES=Hacl_Bignum.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_128.c Hacl_Chacha20Poly1305_256.c Hacl_Chacha20Poly1305_32.c Hacl_Chacha20_Vec128.c Hacl_Chacha20_Vec256.c Hacl_Curve25519_51.c Hacl_Curve25519_64.c Hacl_Hash_SHA1.c Hacl_Hash_SHA2.c Hacl_Poly1305_128.c Hacl_Poly1305_256.c Hacl_Poly1305_32.c Hacl_RSAPSS.c Hacl_SHA3.c Hacl_Streaming_SHA1.c Hacl_Streaming_SHA3.c Lib_Memzero0.c Vale.c -ALL_H_FILES=Hacl_Bignum.h Hacl_Bignum25519_51.h Hacl_Bignum_Base.h Hacl_Chacha20.h Hacl_Chacha20Poly1305_128.h Hacl_Chacha20Poly1305_256.h Hacl_Chacha20Poly1305_32.h Hacl_Chacha20_Vec128.h Hacl_Chacha20_Vec256.h Hacl_Curve25519_51.h Hacl_Curve25519_64.h Hacl_Hash_SHA1.h Hacl_Hash_SHA2.h Hacl_IntTypes_Intrinsics.h Hacl_IntTypes_Intrinsics_128.h Hacl_Krmllib.h Hacl_Poly1305_128.h Hacl_Poly1305_256.h Hacl_Poly1305_32.h Hacl_RSAPSS.h Hacl_SHA3.h Hacl_Spec.h Hacl_Streaming_SHA1.h Hacl_Streaming_SHA2.h Hacl_Streaming_SHA3.h Lib_Memzero0.h TestLib.h curve25519-inline.h lib_intrinsics.h libintvector.h +ALL_H_FILES=Hacl_Bignum.h Hacl_Bignum25519_51.h Hacl_Bignum_Base.h Hacl_Chacha20.h Hacl_Chacha20Poly1305_128.h Hacl_Chacha20Poly1305_256.h Hacl_Chacha20Poly1305_32.h Hacl_Chacha20_Vec128.h Hacl_Chacha20_Vec256.h Hacl_Curve25519_51.h Hacl_Curve25519_64.h Hacl_Hash_SHA1.h Hacl_Hash_SHA2.h Hacl_IntTypes_Intrinsics.h Hacl_IntTypes_Intrinsics_128.h Hacl_Krmllib.h Hacl_Poly1305_128.h Hacl_Poly1305_256.h Hacl_Poly1305_32.h Hacl_RSAPSS.h Hacl_SHA2_Generic.h Hacl_SHA2_Types.h Hacl_SHA3.h Hacl_Spec.h Hacl_Streaming_SHA1.h Hacl_Streaming_SHA2.h Hacl_Streaming_SHA3.h Lib_Memzero0.h TestLib.h curve25519-inline.h lib_intrinsics.h libintvector.h diff --git a/dist/mozilla/configure b/dist/mozilla/configure index e0a4d7694b..4219b92d9a 100755 --- a/dist/mozilla/configure +++ b/dist/mozilla/configure @@ -1,4 +1,4 @@ -#!/nix/store/p7bpdnxqd3i5hwm92mrscf7mvxk66404-bash-5.1-p16/bin/bash +#!/usr/bin/env bash set -o pipefail set -e diff --git a/dist/mozilla/internal/Hacl_SHA2_Types.h b/dist/mozilla/internal/Hacl_SHA2_Types.h new file mode 100644 index 0000000000..3e62e3fd30 --- /dev/null +++ b/dist/mozilla/internal/Hacl_SHA2_Types.h @@ -0,0 +1,108 @@ +/* MIT License + * + * Copyright (c) 2016-2020 INRIA, CMU and Microsoft Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_SHA2_Types_H +#define __internal_Hacl_SHA2_Types_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + +#include "../Hacl_SHA2_Types.h" + +typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s +{ + uint8_t *fst; + uint8_t *snd; +} +Hacl_Impl_SHA2_Types_uint8_2p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s +{ + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_2p snd; +} +Hacl_Impl_SHA2_Types_uint8_3p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s +{ + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_3p snd; +} +Hacl_Impl_SHA2_Types_uint8_4p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s +{ + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_4p snd; +} +Hacl_Impl_SHA2_Types_uint8_5p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s +{ + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_5p snd; +} +Hacl_Impl_SHA2_Types_uint8_6p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s +{ + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_6p snd; +} +Hacl_Impl_SHA2_Types_uint8_7p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s +{ + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_7p snd; +} +Hacl_Impl_SHA2_Types_uint8_8p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s +{ + Hacl_Impl_SHA2_Types_uint8_4p fst; + Hacl_Impl_SHA2_Types_uint8_4p snd; +} +Hacl_Impl_SHA2_Types_uint8_2x4p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s +{ + Hacl_Impl_SHA2_Types_uint8_8p fst; + Hacl_Impl_SHA2_Types_uint8_8p snd; +} +Hacl_Impl_SHA2_Types_uint8_2x8p; + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_SHA2_Types_H_DEFINED +#endif diff --git a/dist/mozilla/internal/Hacl_Streaming_SHA2.h b/dist/mozilla/internal/Hacl_Streaming_SHA2.h new file mode 100644 index 0000000000..5a6d583b68 --- /dev/null +++ b/dist/mozilla/internal/Hacl_Streaming_SHA2.h @@ -0,0 +1,48 @@ +/* MIT License + * + * Copyright (c) 2016-2020 INRIA, CMU and Microsoft Corporation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_Streaming_SHA2_H +#define __internal_Hacl_Streaming_SHA2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + +#include "internal/Hacl_SHA2_Types.h" +#include "../Hacl_Streaming_SHA2.h" + +void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash); + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_Streaming_SHA2_H_DEFINED +#endif diff --git a/dist/mozilla/libintvector.h b/dist/mozilla/libintvector.h index fe2ba5eb8a..99d1133694 100644 --- a/dist/mozilla/libintvector.h +++ b/dist/mozilla/libintvector.h @@ -226,7 +226,6 @@ typedef __m128i Lib_IntVector_Intrinsics_vec128; #if defined(HACL_CAN_COMPILE_VEC256) #include -#include typedef __m256i Lib_IntVector_Intrinsics_vec256; diff --git a/dist/package-mozilla.sh b/dist/package-mozilla.sh index d26b5b26f4..cafba11ff5 100755 --- a/dist/package-mozilla.sh +++ b/dist/package-mozilla.sh @@ -26,6 +26,7 @@ FILES=" \ Hacl_Poly1305_256 \ Hacl_Poly1305_32 \ Hacl_RSAPSS \ + Hacl_SHA2_Types \ Hacl_SHA3 \ Hacl_Spec \ Hacl_Streaming_SHA1 \ @@ -49,8 +50,10 @@ mkdir -p mozilla/internal # For these, we want just the header cp gcc-compatible/Hacl_Krmllib.h mozilla/ cp gcc-compatible/internal/Hacl_Krmllib.h mozilla/internal/ +cp gcc-compatible/internal/Hacl_Streaming_SHA2.h mozilla/internal/ cp gcc-compatible/Hacl_Streaming_SHA2.h mozilla/ cp gcc-compatible/Hacl_Hash_SHA2.h mozilla/ +cp gcc-compatible/Hacl_SHA2_Generic.h mozilla/ for f in $FILES; do for ext in h c asm S; do diff --git a/hints/EverCrypt.Hash.Incremental.fst.hints b/hints/EverCrypt.Hash.Incremental.fst.hints index 0e64ee6edc..f8b01ca3f7 100644 --- a/hints/EverCrypt.Hash.Incremental.fst.hints +++ b/hints/EverCrypt.Hash.Incremental.fst.hints @@ -51,7 +51,7 @@ "typing_LowStar.Monotonic.Buffer.loc_buffer" ], 0, - "b89dc6f8462a3c73a579aee2a8260ace" + "f0f838b2559dbd5db86dd378f1657023" ], [ "EverCrypt.Hash.Incremental.mk_words_state", @@ -90,7 +90,7 @@ "unit_typing" ], 0, - "c43bc62617344592ba373b41c6530d05" + "108ffc0f63996dd40677d533ab738f66" ], [ "EverCrypt.Hash.Incremental.evercrypt_hash", @@ -138,7 +138,7 @@ "data_elim_FStar.Pervasives.Native.Mktuple2", "data_elim_FStar.Pervasives.Native.Some", "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.SEC", "disc_equation_Lib.IntTypes.U128", + "disc_equation_Lib.IntTypes.SEC", "disc_equation_Lib.IntTypes.U1", "equality_tok_FStar.Integers.W128@tok", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", @@ -156,12 +156,7 @@ "equality_tok_Spec.Blake2.Blake2S@tok", "equality_tok_Spec.Hash.Definitions.Blake2B@tok", "equality_tok_Spec.Hash.Definitions.Blake2S@tok", - "equality_tok_Spec.Hash.Definitions.MD5@tok", - "equality_tok_Spec.Hash.Definitions.SHA1@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", "equality_tok_Spec.Hash.Definitions.SHA3_256@tok", "equation_EverCrypt.Hash.Incremental.agile_state", "equation_EverCrypt.Hash.Incremental.block_len", @@ -232,14 +227,15 @@ "equation_Spec.Hash.Incremental.Definitions.hash_incremental_body", "equation_Spec.Hash.Incremental.Definitions.split_blocks", "equation_Spec.Hash.Incremental.Definitions.update_last", - "equation_Spec.Hash.Incremental.Definitions.update_last_blake", "equation_Spec.Hash.PadFinish.finish", "equation_Spec.Hash.PadFinish.finish_blake", "equation_Spec.Hash.PadFinish.finish_md", "equation_Spec.Hash.PadFinish.finish_sha3", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Spec.Blake2.alg", "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.Hash.Definitions.words_state_", "function_token_typing_Spec.Hash.Incremental.Definitions.sha3_state_is_hash_state", "int_inversion", "int_typing", "interpretation_Tm_abs_7db19245573865e2013f96b9787edb72", @@ -248,9 +244,11 @@ "interpretation_Tm_abs_ee58c7759db0726bd389b637e7e7044d", "interpretation_Tm_abs_f006d723251ddaabe831b91f6d482a4e", "kinding_Spec.Hash.Definitions.hash_alg@tok", - "lemma_FStar.Seq.Base.lemma_eq_elim", "lemma_FStar.UInt.pow2_values", - "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.vu_inv", - "lemma_Lib.IntTypes.v_injective", "lemma_Lib.IntTypes.v_mk_int", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt64.vu_inv", "lemma_Lib.IntTypes.v_injective", + "lemma_Lib.IntTypes.v_mk_int", "lemma_LowStar.Monotonic.Buffer.length_null_1", "lemma_LowStar.Monotonic.Buffer.length_null_2", "lemma_Spec.Hash.Definitions.blake_alg_is_maxed", @@ -263,6 +261,7 @@ "proj_equation_Hacl.Streaming.Interface.Stateful_freeable", "proj_equation_Hacl.Streaming.Interface.Stateful_invariant", "proj_equation_Hacl.Streaming.Interface.Stateful_s", + "proj_equation_Hacl.Streaming.Interface.Stateful_t", "proj_equation_Hacl.Streaming.Interface.Stateful_v", "proj_equation_Spec.GaloisField.GF_t", "projection_inverse_BoxBool_proj_0", @@ -278,6 +277,7 @@ "projection_inverse_Hacl.Streaming.Interface.Stateful_freeable", "projection_inverse_Hacl.Streaming.Interface.Stateful_invariant", "projection_inverse_Hacl.Streaming.Interface.Stateful_s", + "projection_inverse_Hacl.Streaming.Interface.Stateful_t", "projection_inverse_Hacl.Streaming.Interface.Stateful_v", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_04f8d70b3f5c8790cd9838aeeee91b78", @@ -324,7 +324,9 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__freeable", "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__invariant", "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__s", + "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t", "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__v", + "token_correspondence_Spec.Hash.Definitions.words_state_", "true_interp", "typing_EverCrypt.Hash.Incremental.block_len", "typing_EverCrypt.Hash.Incremental.hash_len", "typing_EverCrypt.Hash.state_s", "typing_FStar.Ghost.reveal", @@ -336,9 +338,9 @@ "typing_Lib.IntTypes.op_At_Percent_Dot", "typing_Lib.IntTypes.unsigned", "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.length", "typing_Spec.AES.gf8", - "typing_Spec.Agile.Hash.init", "typing_Spec.Agile.Hash.update_multi", - "typing_Spec.Blake2.wt", + "typing_LowStar.Monotonic.Buffer.length", "typing_Prims.pow2", + "typing_Spec.AES.gf8", "typing_Spec.Agile.Hash.init", + "typing_Spec.Agile.Hash.update_multi", "typing_Spec.Blake2.wt", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.extra_state_int_type", @@ -348,25 +350,18 @@ "typing_Spec.Hash.Definitions.max_input_length", "typing_Spec.Hash.Incremental.Definitions.hash", "typing_Spec.Hash.Incremental.Definitions.hash_incremental", - "typing_Spec.Hash.Incremental.Definitions.hash_incremental_body", "typing_Spec.Hash.Incremental.Definitions.split_blocks", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U128@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Spec.Blake2.Blake2B@tok", "typing_tok_Spec.Blake2.Blake2S@tok", "typing_tok_Spec.Hash.Definitions.Blake2B@tok", - "typing_tok_Spec.Hash.Definitions.Blake2S@tok", - "typing_tok_Spec.Hash.Definitions.MD5@tok", - "typing_tok_Spec.Hash.Definitions.SHA1@tok", "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok", "typing_tok_Spec.Hash.Definitions.SHA3_256@tok", "unit_inversion" ], 0, - "29176c3694eaf91336f3f33e1014b606" + "1cf36cb8a641fd4e205c707bd16b9c33" ], [ "EverCrypt.Hash.Incremental.create_in", @@ -397,7 +392,7 @@ "unit_typing" ], 0, - "e7c8dbf97524f9c6a8dc54b2b89bc29e" + "86968c68c739a25830580c9adb80bd26" ], [ "EverCrypt.Hash.Incremental.init", @@ -428,7 +423,7 @@ "unit_typing" ], 0, - "6a67d4625d358db78377011a9fdfd5b7" + "869c8b13da202baa3029b3c7cb832869" ], [ "EverCrypt.Hash.Incremental.update", @@ -458,7 +453,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "aebc3cb3872a1fa194131d48b0071c87" + "9a54408d1fa18628145b8cee16c38f37" ], [ "EverCrypt.Hash.Incremental.update", @@ -533,7 +528,7 @@ "typing_tok_EverCrypt.Error.Success@tok" ], 0, - "9baa630f409289c22dc81c23396c4e82" + "7a7d5bfd4f5d38c2248bd9d8ffbf8379" ], [ "EverCrypt.Hash.Incremental.finish_st", @@ -563,7 +558,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "d4d0d2570063d3d6b75c6bf0c6d9a2ca" + "0a7000bd2907d028a530327eb54d0e02" ], [ "EverCrypt.Hash.Incremental.finish_md5", @@ -594,7 +589,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "84d176f65eec0aa88c3565a2a394e9b7" + "f1b9a5e05477eb73d29389946d1d581a" ], [ "EverCrypt.Hash.Incremental.finish_sha1", @@ -625,7 +620,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "33d1ab5603884c61b551a01b41458705" + "c262afa8f9aa678ff68b28d39c3e8927" ], [ "EverCrypt.Hash.Incremental.finish_sha224", @@ -656,7 +651,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "7f13f90a9b15e24c60f8840a1c39aa48" + "9f67b9611b1239a59fa5fcd6ca11ccd7" ], [ "EverCrypt.Hash.Incremental.finish_sha256", @@ -687,7 +682,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "0959ca63f6142b753eb09231ede37aea" + "eb777818e52763a321e3b9e81c84235d" ], [ "EverCrypt.Hash.Incremental.finish_sha3_256", @@ -718,7 +713,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "19fe1b7602189f1c8209787063a477b8" + "52b287794c841ed7069156f21a4cee9a" ], [ "EverCrypt.Hash.Incremental.finish_sha384", @@ -749,7 +744,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "f4ec72929d88569336914a6007ca532c" + "3620ee760d73fda79cf3d630fee6c2ae" ], [ "EverCrypt.Hash.Incremental.finish_sha512", @@ -780,7 +775,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "bdaeccaa93c5820740fff92b34d0879f" + "a28b1cf47065290cc9f1ebeff0e410b8" ], [ "EverCrypt.Hash.Incremental.finish_blake2s", @@ -811,7 +806,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "360b55d6cf7fdbdb5e72b5237866644b" + "7a104d06fa779f08b2ea9c9f29b4e4d2" ], [ "EverCrypt.Hash.Incremental.finish_blake2b", @@ -842,7 +837,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "78f5af2bf063e5c72c193afe6e60036b" + "543c6ae9380d0582970bf048d57f3050" ], [ "EverCrypt.Hash.Incremental.alg_of_state", @@ -872,7 +867,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "2d094aef4f3b1252aace1a7c06dcca64" + "199e005f760ff5f4ad23c61b84e1bdd7" ], [ "EverCrypt.Hash.Incremental.finish", @@ -902,7 +897,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "44a214405b9d792bac57411164d6d196" + "bab9b7e24e6035e4021a945e872e4e37" ], [ "EverCrypt.Hash.Incremental.finish", @@ -938,7 +933,7 @@ "refinement_interpretation_Tm_refine_feec09ab983c546c6618f0b99f633bbb" ], 0, - "6e39c3727451fa6a0aa8ac82d208a752" + "793698272f65b15f591fda606f1ef24f" ], [ "EverCrypt.Hash.Incremental.free", @@ -968,7 +963,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "0663f6b87ad27fe3190630674165c449" + "618cfee1f3a5c1746bbcb9f59f3b1ca6" ], [ "EverCrypt.Hash.Incremental.state", @@ -998,7 +993,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "ccdf00686d077c2bc1c897821c03d320" + "9c1706b82717849c27f1ffd005b24bcf" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Ed25519.fst.hints b/hints/Hacl.Ed25519.fst.hints index 002cdb339c..630a2900fd 100644 --- a/hints/Hacl.Ed25519.fst.hints +++ b/hints/Hacl.Ed25519.fst.hints @@ -76,7 +76,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "91319df158394e42a8cbb54dcc63425e" + "c513e4ba39d16df11ae206fd1905494d" ], [ "Hacl.Ed25519.secret_expand", @@ -206,7 +206,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" ], 0, - "b166c6291f0e692ad742f86fbfe5723d" + "d64d851e7424f47dddeb7971321e84f9" ], [ "Hacl.Ed25519.secret_to_public", @@ -258,7 +258,7 @@ "typing_Lib.Buffer.length", "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "de3d93b1217a0b2eb6e082a09820704c" + "31ba3b2f1a0ae0b9c880c5259d4a9bb4" ], [ "Hacl.Ed25519.secret_to_public", @@ -268,17 +268,18 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", - "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", @@ -287,21 +288,19 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", - "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", "equation_FStar.HyperStack.ST.equal_domains", "equation_FStar.HyperStack.ST.inline_stack_inv", "equation_FStar.Monotonic.Heap.equal_dom", @@ -322,18 +321,18 @@ "equation_Lib.Buffer.length", "equation_Lib.Buffer.live", "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.stack_allocated", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_LowStar.Buffer.buffer", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Ed25519.secret_to_public", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.word_t", + "equation_Spec.Hash.Definitions.is_sha2", "function_token_typing_FStar.Monotonic.Heap.heap", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", @@ -395,6 +394,7 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", @@ -404,7 +404,6 @@ "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", - "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", @@ -425,8 +424,7 @@ "typing_FStar.Set.complement", "typing_FStar.Set.mem", "typing_FStar.Set.singleton", "typing_FStar.Set.union", "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", - "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.minint", + "typing_Lib.Buffer.loc", "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", "typing_LowStar.Monotonic.Buffer.as_addr", @@ -436,17 +434,15 @@ "typing_LowStar.Monotonic.Buffer.loc_none", "typing_LowStar.Monotonic.Buffer.loc_not_unused_in", "typing_LowStar.Monotonic.Buffer.loc_regions", - "typing_LowStar.Monotonic.Buffer.loc_union", - "typing_LowStar.Monotonic.Buffer.mgsub", "typing_Spec.AES.gf8", + "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", "typing_Spec.AES.irred", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.word_t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.SEC@tok", - "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "449aa94c6e5abbbc0f0f5548d115f68b" + "c975f4ff511b78bc6c89a319d121d626" ], [ "Hacl.Ed25519.expand_keys", @@ -510,7 +506,7 @@ "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "4d869b8e5ccba313fd6c63d6acc30df7" + "01b89b771182a218465320531f8e219d" ], [ "Hacl.Ed25519.expand_keys", @@ -624,7 +620,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" ], 0, - "ebea39605a6cebaa044286fbfed0c855" + "7f5bdba25544f0bf543d6ca25c4ce548" ], [ "Hacl.Ed25519.sign_expanded", @@ -693,7 +689,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d9e82b2845a67eaf8d5bdd4e23bcb621" + "ae2c0f998d8e75631ebee58eacfbf4b9" ], [ "Hacl.Ed25519.sign", @@ -723,7 +719,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "0ae339d3a5805f5ccc26c74a16bbfeec" + "b8d84a51c05121d684b0ff899001e270" ], [ "Hacl.Ed25519.sign", @@ -891,7 +887,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "adb410dc2f9dd1d7c92ac9c3bf5c8663" + "b853300af76242f2c56757729f8db863" ], [ "Hacl.Ed25519.verify", @@ -922,7 +918,7 @@ "typing_LowStar.Monotonic.Buffer.len" ], 0, - "c9b17e8d1b9b7f12bc380a60430c1486" + "d21e2188aa73e1e0758e3ae9eb2ded26" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Impl.Ed25519.Sign.fst.hints b/hints/Hacl.Impl.Ed25519.Sign.fst.hints index 204259dc66..3f5dfc39a7 100644 --- a/hints/Hacl.Impl.Ed25519.Sign.fst.hints +++ b/hints/Hacl.Impl.Ed25519.Sign.fst.hints @@ -33,7 +33,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "31f218f450040cf79f50bcee8fee873e" + "a375effdb95725ee3eb4fa2b2b73159a" ], [ "Hacl.Impl.Ed25519.Sign.point_mul_g_compress", @@ -43,6 +43,7 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", @@ -50,6 +51,8 @@ "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -61,7 +64,9 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_FStar.Integers.W16@tok", @@ -69,6 +74,7 @@ "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", @@ -76,7 +82,6 @@ "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", "equation_FStar.HyperStack.ST.equal_domains", "equation_FStar.HyperStack.ST.inline_stack_inv", "equation_FStar.Monotonic.Heap.equal_dom", @@ -92,6 +97,7 @@ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.get_alg", "equation_Hacl.Impl.Ed25519.Field51.point_eval", "equation_Lib.Buffer.as_seq", "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.disjoint", "equation_Lib.Buffer.lbuffer_t", @@ -100,8 +106,9 @@ "equation_Lib.Buffer.stack_allocated", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_LowStar.Buffer.buffer", + "equation_Lib.IntTypes.uint64", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.squash", @@ -111,9 +118,9 @@ "equation_Spec.Ed25519.PointOps.point_compress", "equation_Spec.Ed25519.PointOps.to_aff_point", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.word", - "equation_Spec.Hash.Definitions.word_t", + "equation_Spec.Hash.Definitions.is_sha2", "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", "function_token_typing_Spec.Ed25519.uu___2", @@ -174,6 +181,7 @@ "projection_inverse_FStar.Integers.Unsigned__0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Prims.Mkdtuple2__1", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_156c49afb7e1e070fbb2e47dc0e3d4b2", @@ -214,12 +222,12 @@ "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", "typing_Spec.AES.irred", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.word", "typing_tok_Lib.Buffer.MUT@tok", - "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.SEC@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "f6995ae5abc5f39083156202c1bf3049" + "fc8872a76abab81d2f28cd99ae7bbec8" ], [ "Hacl.Impl.Ed25519.Sign.sign_compute_s", @@ -293,7 +301,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "581a90e58b3dfc3bc1e1e5df63c53667" + "3d9a60754d8ed87038dada820830388f" ], [ "Hacl.Impl.Ed25519.Sign.sign_compute_s", @@ -315,12 +323,13 @@ "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_FStar.Integers.W16@tok", @@ -351,6 +360,7 @@ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.get_alg", "equation_Hacl.Impl.BignumQ.Mul.as_nat", "equation_Hacl.Impl.BignumQ.Mul.qelem_fits", "equation_Hacl.Impl.BignumQ.Mul.scalar_inv_full_t", @@ -381,6 +391,7 @@ "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Ed25519.q", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.word_t", "function_token_typing_FStar.Monotonic.Heap.heap", "function_token_typing_Lib.IntTypes.uint64", @@ -450,6 +461,7 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple5__3", "projection_inverse_FStar.Pervasives.Native.Mktuple5__4", "projection_inverse_FStar.Pervasives.Native.Mktuple5__5", + "projection_inverse_Prims.Mkdtuple2__1", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_0758080fd5bd46f495d1401adce4ca22", @@ -585,7 +597,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "ca258b0556c046b90a521e4e67c57655" + "fe248e8297b9242e014247a3e25eec88" ], [ "Hacl.Impl.Ed25519.Sign.sign_expanded", @@ -595,6 +607,7 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", @@ -602,6 +615,8 @@ "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -613,7 +628,9 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_FStar.Integers.W16@tok", @@ -621,6 +638,7 @@ "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", @@ -629,7 +647,7 @@ "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", "equation_FStar.HyperStack.ST.equal_domains", "equation_FStar.HyperStack.ST.inline_stack_inv", "equation_FStar.Monotonic.Heap.equal_dom", @@ -646,6 +664,7 @@ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.get_alg", "equation_Hacl.Impl.BignumQ.Mul.as_nat", "equation_Hacl.Impl.BignumQ.Mul.qelem_fits", "equation_Hacl.Impl.BignumQ.Mul.scalar_inv_full_t", @@ -659,20 +678,24 @@ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", - "equation_Lib.Sequence.seq", "equation_Lib.Sequence.to_seq", - "equation_LowStar.Buffer.buffer", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint64", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.Sequence.length", + "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Lib.Sequence.to_seq", "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Ed25519.sign_expanded", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", "equation_Spec.Hash.Definitions.word_t", "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", "function_token_typing_Spec.Ed25519.uu___2", @@ -741,13 +764,15 @@ "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Prims.Mkdtuple2__1", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_0758080fd5bd46f495d1401adce4ca22", @@ -815,13 +840,14 @@ "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", "typing_Spec.AES.irred", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.word", + "typing_Spec.Hash.Definitions.hash_length", "typing_Spec.Hash.Definitions.word_t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" ], 0, "b4701b27150f05a2e0cd6f26196630c8" diff --git a/hints/Hacl.Impl.Ed25519.Verify.fst.hints b/hints/Hacl.Impl.Ed25519.Verify.fst.hints index c874d85038..db0a8905ae 100644 --- a/hints/Hacl.Impl.Ed25519.Verify.fst.hints +++ b/hints/Hacl.Impl.Ed25519.Verify.fst.hints @@ -47,7 +47,7 @@ "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.squash", "equation_Spec.Ed25519.uu___2", - "equation_Spec.Hash.Definitions.word_t", + "equation_Spec.Hash.Definitions.is_sha2", "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Spec.Ed25519.uu___2", "int_typing", @@ -77,7 +77,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "23ae3755c2673df61a9b28f22dacdc84" + "a94a701d2f02f66c963a415d894eed07" ], [ "Hacl.Impl.Ed25519.Verify.verify_all_valid_hb", @@ -286,7 +286,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "0a5a616d38c73fed2c1b4443c2b2a090" + "8bef7e674627dffa0ba277de2ea312b3" ], [ "Hacl.Impl.Ed25519.Verify.verify_sb", @@ -296,6 +296,7 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", @@ -303,6 +304,8 @@ "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -314,7 +317,9 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_FStar.Integers.W16@tok", @@ -322,6 +327,7 @@ "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", @@ -329,7 +335,6 @@ "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", "equation_FStar.HyperStack.ST.equal_domains", "equation_FStar.HyperStack.ST.inline_stack_inv", "equation_FStar.Monotonic.Heap.equal_dom", @@ -344,26 +349,27 @@ "equation_FStar.Monotonic.HyperStack.remove_elt", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.Buffer.as_seq", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.Buffer.live", - "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", - "equation_Lib.Buffer.modifies0", + "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.get_alg", + "equation_Lib.Buffer.as_seq", "equation_Lib.Buffer.buffer_t", + "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", + "equation_Lib.Buffer.live", "equation_Lib.Buffer.loc", + "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.modifies0", "equation_Lib.Buffer.stack_allocated", "equation_Lib.ByteSequence.nat_from_bytes_le", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_LowStar.Buffer.buffer", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint64", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.word", - "equation_Spec.Hash.Definitions.word_t", + "equation_Spec.Hash.Definitions.is_sha2", "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Spec.Ed25519.uu___2", "int_inversion", "int_typing", @@ -412,6 +418,8 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Prims.Mkdtuple2__1", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_0758080fd5bd46f495d1401adce4ca22", @@ -447,12 +455,12 @@ "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", "typing_Spec.AES.irred", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.word", "typing_tok_Lib.Buffer.MUT@tok", - "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.SEC@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "ec2f4b8d1d8174645e6b6fe02414cba9" + "d2bf66107cadfa723eb5b0da5c4c454b" ], [ "Hacl.Impl.Ed25519.Verify.verify_valid_pk_rs", @@ -529,7 +537,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "5e4f4c39ef3fa0dd349aa97b4b21894b" + "15ad2557b81380dd0b7acf9a7f8cdf9a" ], [ "Hacl.Impl.Ed25519.Verify.verify_valid_pk_rs", @@ -544,7 +552,7 @@ "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", "constructor_distinct_FStar.Integers.W8", - "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_FStar.Pervasives.Native.None", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -555,7 +563,6 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "disc_equation_FStar.Pervasives.Native.Some", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", @@ -603,18 +610,18 @@ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint64", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", - "equation_Lib.Sequence.slice", "equation_Lib.Sequence.to_seq", - "equation_LowStar.Buffer.buffer", + "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", + "equation_Lib.Sequence.seq", "equation_Lib.Sequence.slice", + "equation_Lib.Sequence.to_seq", "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", - "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Prims.nat", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Curve25519.elem", "equation_Spec.Curve25519.zero", "equation_Spec.Ed25519.PointOps.ext_point", - "equation_Spec.Ed25519.q", "equation_Spec.Ed25519.sha512_modq", - "equation_Spec.Ed25519.verify", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.word_t", + "equation_Spec.Ed25519.PointOps.point_decompress", + "equation_Spec.Ed25519.q", "equation_Spec.Ed25519.verify", + "equation_Spec.GaloisField.gf", "function_token_typing_FStar.Monotonic.Heap.heap", "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", @@ -698,6 +705,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_585d9f5b8159d65856c745987ade8db6", "refinement_interpretation_Tm_refine_5a6705cdcdbd32a1f3bef9d127c44326", + "refinement_interpretation_Tm_refine_72530680bea79807d75cb9d6e7632258", "refinement_interpretation_Tm_refine_7e86f8eacba37cea734281899965ca92", "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", @@ -709,6 +717,7 @@ "refinement_interpretation_Tm_refine_ca98cbc8d505339a77df3b722315d22c", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e5df7b46d8b4d6787f7fc44dbc0015e5", "refinement_interpretation_Tm_refine_e9c32a5fb00a4e8c339597118c871180", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "refinement_interpretation_Tm_refine_fb77d4109290540100357b20e0a78486", @@ -730,7 +739,8 @@ "typing_FStar.UInt32.v", "typing_Lib.Buffer.as_seq", "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", "typing_Lib.IntTypes.v", "typing_Lib.Sequence.concat", - "typing_Lib.Sequence.sub", "typing_LowStar.Buffer.trivial_preorder", + "typing_Lib.Sequence.slice", "typing_Lib.Sequence.sub", + "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", "typing_LowStar.Monotonic.Buffer.as_addr", "typing_LowStar.Monotonic.Buffer.as_seq", @@ -780,7 +790,7 @@ "typing_LowStar.Monotonic.Buffer.len" ], 0, - "f22b471353a9c53ba63cc10dced6d2b9" + "b348d3369720b0ebbc02e75a9414d8f9" ], [ "Hacl.Impl.Ed25519.Verify.verify_valid_pk", @@ -999,7 +1009,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "ad9bd4d539acb5e0231398d2d7be7690" + "888ec9682e1a1e5ba61eaea36509205b" ], [ "Hacl.Impl.Ed25519.Verify.verify", @@ -1062,7 +1072,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "c19df70e8e985d15c6010673a36cee4d" + "fde38289d4513e313030b0e8b09d052a" ], [ "Hacl.Impl.Ed25519.Verify.verify", @@ -1072,6 +1082,7 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", @@ -1080,6 +1091,8 @@ "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -1091,7 +1104,9 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "disc_equation_FStar.Pervasives.Native.None", @@ -1101,6 +1116,7 @@ "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", @@ -1108,7 +1124,6 @@ "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", "equation_FStar.HyperStack.ST.equal_domains", "equation_FStar.HyperStack.ST.inline_stack_inv", "equation_FStar.Monotonic.Heap.equal_dom", @@ -1124,6 +1139,7 @@ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.get_alg", "equation_Hacl.Impl.Curve25519.Field51.as_nat", "equation_Hacl.Impl.Curve25519.Field51.fevalh", "equation_Hacl.Impl.Curve25519.Fields.Core.f51_as_felem", @@ -1141,8 +1157,8 @@ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.to_seq", + "equation_Lib.IntTypes.uint64", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", @@ -1152,9 +1168,9 @@ "equation_Spec.Ed25519.PointOps.point_decompress", "equation_Spec.Ed25519.uu___2", "equation_Spec.Ed25519.verify", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.word", - "equation_Spec.Hash.Definitions.word_t", + "equation_Spec.Hash.Definitions.is_sha2", "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", "function_token_typing_Spec.Ed25519.PointOps.ext_point", @@ -1180,7 +1196,6 @@ "lemma_FStar.UInt32.vu_inv", "lemma_Lib.Buffer.as_seq_gsub", "lemma_Lib.IntTypes.Compatibility.pow2_values", "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", - "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", "lemma_LowStar.Monotonic.Buffer.fresh_frame_modifies", "lemma_LowStar.Monotonic.Buffer.length_null_1", "lemma_LowStar.Monotonic.Buffer.length_null_2", @@ -1215,12 +1230,13 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_FStar.Pervasives.Native.None_a", + "projection_inverse_Prims.Mkdtuple2__1", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_0fd16c8e256746b697cdecb983dfeafe", - "refinement_interpretation_Tm_refine_11888fecf812f197898447624c24e106", "refinement_interpretation_Tm_refine_156c49afb7e1e070fbb2e47dc0e3d4b2", "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", "refinement_interpretation_Tm_refine_30dbec2c3cc39f8467366c6ee48d17df", @@ -1230,8 +1246,6 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", - "refinement_interpretation_Tm_refine_b9bf9d0f857340a8d758087374a41c06", - "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "refinement_interpretation_Tm_refine_e54f147411758d9b5bd9b030c74e081c", "refinement_interpretation_Tm_refine_e9c32a5fb00a4e8c339597118c871180", @@ -1250,10 +1264,9 @@ "typing_FStar.Set.complement", "typing_FStar.Set.mem", "typing_FStar.Set.singleton", "typing_FStar.Set.union", "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", - "typing_Lib.Buffer.as_seq", "typing_Lib.Buffer.gsub", - "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", - "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", - "typing_Lib.Sequence.sub", "typing_LowStar.Buffer.trivial_preorder", + "typing_FStar.UInt32.v", "typing_Lib.Buffer.length", + "typing_Lib.Buffer.loc", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", "typing_LowStar.Monotonic.Buffer.as_addr", "typing_LowStar.Monotonic.Buffer.frameOf", @@ -1266,9 +1279,10 @@ "typing_Spec.AES.irred", "typing_Spec.Ed25519.PointOps.point_decompress", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.word", "typing_tok_Lib.Buffer.MUT@tok", - "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, "ad2e1ddc9b0460533772cb7852b08650" diff --git a/hints/Hacl.Impl.SHA2.Generic.fst.hints b/hints/Hacl.Impl.SHA2.Generic.fst.hints index f46d43abd9..31c84902f8 100644 --- a/hints/Hacl.Impl.SHA2.Generic.fst.hints +++ b/hints/Hacl.Impl.SHA2.Generic.fst.hints @@ -1,5 +1,5 @@ [ - "Û­%ð\\0¦]ŽA§ã\u0013-", + "\"˜TtÿSáÖúï‹\u001bÛA=", [ [ "Hacl.Impl.SHA2.Generic.h224", @@ -88,7 +88,7 @@ "typing_tok_LowStar.ConstBuffer.IMMUTABLE@tok" ], 0, - "4eb993f75a562ec665a0e607d654f2ff" + "a3e9ffc5f5d117232887f81cec7b8325" ], [ "Hacl.Impl.SHA2.Generic.h256", @@ -177,7 +177,7 @@ "typing_tok_LowStar.ConstBuffer.IMMUTABLE@tok" ], 0, - "b3870a94eed74e00feb43a529e13c4fe" + "46ee0795e143dc3c29fc072b020b7720" ], [ "Hacl.Impl.SHA2.Generic.h384", @@ -266,7 +266,7 @@ "typing_tok_LowStar.ConstBuffer.IMMUTABLE@tok" ], 0, - "017374595ec4a7e1fe861657e69551a3" + "6b548beecda8057a27532b84ed33ee4c" ], [ "Hacl.Impl.SHA2.Generic.h512", @@ -355,7 +355,7 @@ "typing_tok_LowStar.ConstBuffer.IMMUTABLE@tok" ], 0, - "9b20af87267a3aabf1f246259afcc906" + "5de49bcf7bf5e000c8dc9ce95fc3c9a9" ], [ "Hacl.Impl.SHA2.Generic.index_h0", @@ -481,7 +481,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "af3d3c0fd6819642abd4bc18be6885a0" + "9d2514b1ae0c3890b2f35d25a0d8249a" ], [ "Hacl.Impl.SHA2.Generic.k224_256", @@ -570,7 +570,7 @@ "typing_tok_LowStar.ConstBuffer.IMMUTABLE@tok" ], 0, - "eaf00889b38bfe8a8f6eac7c1a49cd61" + "6c35eab83e95370e0d3033a35f002732" ], [ "Hacl.Impl.SHA2.Generic.k384_512", @@ -659,7 +659,7 @@ "typing_tok_LowStar.ConstBuffer.IMMUTABLE@tok" ], 0, - "78cc3a2d61a070bedc7147dddd6ee70d" + "064fcb66c6e8cbc0855c1fc9790a293a" ], [ "Hacl.Impl.SHA2.Generic.index_k0", @@ -759,7 +759,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "4b5e986a887c709a01c305ff23b40cf8" + "e41f772dcf39ba35a07294b886188429" ], [ "Hacl.Impl.SHA2.Generic.shuffle_core", @@ -813,7 +813,7 @@ "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "152bba90292e1d7ab9afaff4ffd0b65c" + "f1ef60d05a20f075c567b195277e38ba" ], [ "Hacl.Impl.SHA2.Generic.shuffle_core", @@ -876,7 +876,7 @@ "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "f17a747a6dd5360d5d04a9be439dbcc6" + "fdc13354165efbdee47ce1a64fd1615e" ], [ "Hacl.Impl.SHA2.Generic.ws_next", @@ -914,7 +914,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "184adef1a00a26d2ee4cb8a97f6f236d" + "a70811abca2266e19d427ceca01476d9" ], [ "Hacl.Impl.SHA2.Generic.ws_next", @@ -1022,7 +1022,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "92cf413e07e3cb17143ceff64d695284" + "d411c432b7e1d541e6c586d69a7a97e4" ], [ "Hacl.Impl.SHA2.Generic.shuffle", @@ -1084,7 +1084,7 @@ "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "962c89250558eb0818856fad93234774" + "485478cf2f30d528381ef9ea7b477a4d" ], [ "Hacl.Impl.SHA2.Generic.shuffle", @@ -1206,7 +1206,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "90b6a3faf91da5bf6e0456e2e37b48e2" + "618b1e2eb9b57e5b20ed360f1a5ee6af" ], [ "Hacl.Impl.SHA2.Generic.alloc", @@ -1263,7 +1263,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "22698045bf5aebadacf2d8fdf9fba648" + "1ecced721a7bb1000b0880f80da07970" ], [ "Hacl.Impl.SHA2.Generic.alloc", @@ -1320,7 +1320,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "975f3f297b6b8aa76c90bc3c07d302a7" + "518bf0fa65e0ce1cadb9f4362c7f630d" ], [ "Hacl.Impl.SHA2.Generic.init_vec_t", @@ -1352,7 +1352,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "4ad894f0bc515a3dd111a66c905e9669" + "0f3ffc066c7d19f1f1c6c3873cf9a42e" ], [ "Hacl.Impl.SHA2.Generic.init", @@ -1455,7 +1455,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "6d4f112c97c73259f9605f55ece650dd" + "ee7af1732da8958a94cf1e659862ae61" ], [ "Hacl.Impl.SHA2.Generic.update_vec_t", @@ -1504,7 +1504,7 @@ "typing_tok_Lib.Buffer.MUT@tok" ], 0, - "5e324ef476b7a7721966f38d3d035aee" + "39a73fe07e106e8cc4f7a8620eb1fea6" ], [ "Hacl.Impl.SHA2.Generic.update", @@ -1536,7 +1536,7 @@ "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "f520e0b386eb3bca3f0eee1a30331e15" + "95448c83d3113ebbecae4bc9e6686a8c" ], [ "Hacl.Impl.SHA2.Generic.update", @@ -1733,18 +1733,16 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "c47cebd84e62e3b639741acc321f6f95" + "8935e18389e90f03afb3469ecc7f45ae" ], [ - "Hacl.Impl.SHA2.Generic.update_last_vec_t", + "Hacl.Impl.SHA2.Generic.update_last_vec_t'", 1, 0, 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U32", @@ -1753,49 +1751,37 @@ "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Hacl.Spec.SHA2.Vec.element_t", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Hacl.Spec.SHA2.Vec.lanes_t", "equation_Lib.Buffer.lbuffer_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Prims.nat", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", - "equation_Spec.Hash.Definitions.sha2_alg", "int_inversion", - "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_34c44c71737d0e4947427f3a57159cd0", "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7b1987bfdaca4c06b036688e7a91fb97", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", - "refinement_interpretation_Tm_refine_d54ecb14fd500f1ccd4ef858fd659097", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.UInt.fits", "typing_FStar.UInt32.v", "typing_Hacl.Spec.SHA2.Vec.element_t", "typing_Hacl.Spec.SHA2.Vec.lanes", "typing_Lib.Buffer.length", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.is_sha2", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "145301d71817b77fe31730a40903a533" + "117e28aec48ecf42a676e13e1e551f83" ], [ "Hacl.Impl.SHA2.Generic.update_last", @@ -1828,7 +1814,7 @@ "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "a492166e01aefeabcd0cd6721a136f52" + "4f87352fb0fcf9e065c954023a77c395" ], [ "Hacl.Impl.SHA2.Generic.update_last", @@ -1849,7 +1835,6 @@ "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.SEC", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", @@ -1857,6 +1842,7 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Tm_unit", "disc_equation_FStar.Pervasives.Native.Some", "disc_equation_Lib.IntTypes.S128", "disc_equation_Lib.IntTypes.U128", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", @@ -1882,9 +1868,9 @@ "equation_FStar.Monotonic.HyperStack.poppable", "equation_FStar.Monotonic.HyperStack.popped", "equation_FStar.Monotonic.HyperStack.remove_elt", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", "equation_Hacl.Hash.Definitions.block_len", "equation_Hacl.Impl.SHA2.Core.padded_blocks", "equation_Hacl.Impl.SHA2.Core.preserves_sub_disjoint_multi", @@ -1952,9 +1938,9 @@ "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", "lemma_FStar.Set.mem_union", "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.IntTypes.gt_lemma", "lemma_Lib.IntTypes.mul_lemma", - "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", - "lemma_Lib.IntTypes.v_injective", + "lemma_Lib.IntTypes.add_lemma", "lemma_Lib.IntTypes.gt_lemma", + "lemma_Lib.IntTypes.mul_lemma", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.v_injective", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", "lemma_Lib.NTuple.eq_elim", "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", @@ -1988,8 +1974,9 @@ "lemma_LowStar.Monotonic.Buffer.unused_in_loc_unused_in", "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", - "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", @@ -2013,12 +2000,13 @@ "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5bb2243d6cb7b3b1a9ee548f172476a6", "refinement_interpretation_Tm_refine_5c5309162cc5e8d475230af8a2f1ebc3", + "refinement_interpretation_Tm_refine_60490cbbf9fe23e8a5ead0e152a97b26", "refinement_interpretation_Tm_refine_609674d96c81c962549b0076055bf213", "refinement_interpretation_Tm_refine_743b349ff46139754cb6bbefce96e583", "refinement_interpretation_Tm_refine_75508baa5c274dc64fa2a3a9e0463699", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7b1987bfdaca4c06b036688e7a91fb97", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_85905bf1ace2270414f0d851e169d941", "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", @@ -2029,13 +2017,12 @@ "refinement_interpretation_Tm_refine_b550ca9347e0645a53715102a08d8fa1", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c271a402ec9bf4a5b1a5c4cde073abd5", - "refinement_interpretation_Tm_refine_d54ecb14fd500f1ccd4ef858fd659097", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_feb9bb9f35b4e580b5c2b388310d192a", "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_kinding_Tm_refine_d8d83307254a8900dd20598654272e42", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Map.contains", "typing_FStar.Map.domain", "typing_FStar.Map.restrict", "typing_FStar.Map.sel", @@ -2048,10 +2035,11 @@ "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.Monotonic.HyperStack.is_stack_region", "typing_FStar.Monotonic.HyperStack.remove_elt", - "typing_FStar.Set.complement", "typing_FStar.Set.mem", - "typing_FStar.Set.singleton", "typing_FStar.Set.union", - "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", - "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.block_len", + "typing_FStar.Seq.Properties.lseq", "typing_FStar.Set.complement", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.Set.union", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_Hacl.Hash.Definitions.block_len", "typing_Hacl.Spec.SHA2.Vec.element_t", "typing_Hacl.Spec.SHA2.Vec.lanes", "typing_Hacl.Spec.SHA2.Vec.padded_blocks", @@ -2059,11 +2047,11 @@ "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", "typing_Lib.Buffer.op_Bar_Plus_Bar", "typing_Lib.ByteSequence.uint_to_bytes_be", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.gt", - "typing_Lib.IntTypes.mk_int", "typing_Lib.IntTypes.mul", - "typing_Lib.IntTypes.v", "typing_Lib.MultiBuffer.multibuf", - "typing_Lib.NTuple.index", "typing_Lib.Sequence.lseq", - "typing_LowStar.Buffer.trivial_preorder", + "typing_Lib.IntTypes.add", "typing_Lib.IntTypes.gt", + "typing_Lib.IntTypes.mk_int", "typing_Lib.IntTypes.v", + "typing_Lib.MultiBuffer.as_seq_multi", + "typing_Lib.MultiBuffer.multibuf", "typing_Lib.MultiBuffer.multiseq", + "typing_Lib.NTuple.index", "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", "typing_LowStar.Monotonic.Buffer.as_addr", "typing_LowStar.Monotonic.Buffer.frameOf", @@ -2076,6 +2064,7 @@ "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", "typing_Spec.AES.irred", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.is_sha2", "typing_Spec.Hash.Definitions.len_len", "typing_Spec.Hash.Definitions.len_length", @@ -2089,10 +2078,10 @@ "unit_typing" ], 0, - "980306419b0cd86c34b80e2a86bb1acc" + "ae55aeb84a19281d1cca3db47c6614cc" ], [ - "Hacl.Impl.SHA2.Generic.update_nblocks_vec_t", + "Hacl.Impl.SHA2.Generic.update_nblocks_vec_t'", 1, 0, 0, @@ -2104,6 +2093,7 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -2114,25 +2104,28 @@ "equation_Lib.Buffer.lbuffer_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Prims.nat", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", - "primitive_Prims.op_Subtraction", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", "projection_inverse_BoxInt_proj_0", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_34c44c71737d0e4947427f3a57159cd0", "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Hacl.Spec.SHA2.Vec.element_t", "typing_Hacl.Spec.SHA2.Vec.lanes", "typing_Lib.Buffer.length", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Lib.Buffer.MUT@tok" + "typing_Lib.IntTypes.v", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "152b236f8404f4a0abd4f005b0e8239c" + "2261f6c87ccd19c88c17251f49343451" ], [ "Hacl.Impl.SHA2.Generic.update_nblocks", @@ -2164,7 +2157,7 @@ "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "5884269295cd87dfd8527ed2eee49038" + "1f49d186441102348dee2613887100ee" ], [ "Hacl.Impl.SHA2.Generic.update_nblocks", @@ -2301,7 +2294,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "39ca7621d7bc1e07550be11de226b96e" + "37e36c15b92cd0ab0da9ee641b4ae6f8" ], [ "Hacl.Impl.SHA2.Generic.finish_vec_t", @@ -2374,7 +2367,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "f0d6e0a33439c2859873da8e3c6814ca" + "2bdf2695bf135e85525bd365de71fbad" ], [ "Hacl.Impl.SHA2.Generic.finish", @@ -2406,7 +2399,7 @@ "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "381cd4876da0ca7edd0778bfd4e7ed1b" + "4c9b3320ec9ed454f2fb1c41c20626dd" ], [ "Hacl.Impl.SHA2.Generic.finish", @@ -2643,7 +2636,95 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a38144a9bcb0a44257fdd9db953d19b3" + "462dee5fa886c8c4a942b9a95744221f" + ], + [ + "Hacl.Impl.SHA2.Generic.mk_len_t_from_size_t", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "disc_equation_Lib.IntTypes.PUB", + "disc_equation_Spec.Hash.Definitions.SHA2_224", + "disc_equation_Spec.Hash.Definitions.SHA2_256", + "disc_equation_Spec.Hash.Definitions.SHA2_384", + "disc_equation_Spec.Hash.Definitions.SHA2_512", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U128@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_FStar.UInt.fits", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.mk_len_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.op_At_Percent_Dot", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.len_v", + "equation_Spec.Hash.Definitions.sha2_alg", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_71042ce475a96c7fa134177a01959d0b", + "interpretation_Tm_abs_c5cfacc785df376403b58f49cdaf22b6", + "lemma_FStar.UInt.pow2_values", "lemma_Lib.IntTypes.v_injective", + "lemma_Lib.IntTypes.v_mk_int", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_633f16db18ab9ae00b0772c1a706339d", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_c42fa5bb7946db15a1128b1416dcbb59", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.op_At_Percent_Dot", + "typing_Lib.IntTypes.pub_int_v", "typing_Lib.IntTypes.v", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.uu___is_SHA2_512", + "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.U128@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "63af3284c2cafd16233ac199f0db9f27" ], [ "Hacl.Impl.SHA2.Generic.hash_vec_t", @@ -2690,7 +2771,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "e5aab70e5a317baf9c5f17e5ce08f510" + "187cbe9bb760a51427424e8bbd921664" ], [ "Hacl.Impl.SHA2.Generic.hash", @@ -2722,7 +2803,7 @@ "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "a87e23392832b063bbf72101c68d2c26" + "07092cf4cf2c655d36396002f4fb3c43" ], [ "Hacl.Impl.SHA2.Generic.hash", @@ -2750,9 +2831,7 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Tm_unit", "disc_equation_Lib.IntTypes.PUB", "disc_equation_Lib.IntTypes.S128", "disc_equation_Lib.IntTypes.U128", "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", @@ -2775,12 +2854,14 @@ "equation_FStar.Monotonic.HyperStack.poppable", "equation_FStar.Monotonic.HyperStack.popped", "equation_FStar.Monotonic.HyperStack.remove_elt", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt128.n", "equation_Hacl.Hash.Definitions.block_len", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Impl.SHA2.Core.preserves_disjoint_multi", + "equation_Hacl.Impl.SHA2.Generic.mk_len_t_from_size_t", "equation_Hacl.Spec.SHA2.Vec.element_t", "equation_Hacl.Spec.SHA2.Vec.hash", "equation_Hacl.Spec.SHA2.Vec.is_supported", @@ -2788,11 +2869,12 @@ "equation_Hacl.Spec.SHA2.Vec.lanes_t", "equation_Hacl.Spec.SHA2.Vec.multiseq", "equation_Hacl.Spec.SHA2.Vec.state_spec", - "equation_Lib.Buffer.as_seq", "equation_Lib.Buffer.buffer_t", - "equation_Lib.Buffer.disjoint", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.Buffer.live", - "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", - "equation_Lib.Buffer.modifies1", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Hacl.Spec.SHA2.mk_len_t", "equation_Lib.Buffer.as_seq", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.disjoint", + "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", + "equation_Lib.Buffer.live", "equation_Lib.Buffer.loc", + "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.modifies1", "equation_Lib.Buffer.op_Bar_Plus_Bar", "equation_Lib.Buffer.stack_allocated", "equation_Lib.Buffer.union", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", @@ -2812,11 +2894,13 @@ "equation_Prims.nat", "equation_Spec.AES.elem", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.hash_length", "equation_Spec.Hash.Definitions.hash_word_length", "equation_Spec.Hash.Definitions.is_sha2", - "equation_Spec.Hash.Definitions.len_int_type", - "equation_Spec.Hash.Definitions.len_length", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.len_v", + "equation_Spec.Hash.Definitions.less_than_max_input_length", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", "equation_Spec.Hash.Definitions.word_t", @@ -2827,7 +2911,10 @@ "function_token_typing_Prims.int", "function_token_typing_Spec.AES.elem", "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", - "int_typing", "lemma_FStar.HyperStack.ST.lemma_equal_domains_trans", + "int_typing", + "interpretation_Tm_abs_71042ce475a96c7fa134177a01959d0b", + "interpretation_Tm_abs_c5cfacc785df376403b58f49cdaf22b6", + "lemma_FStar.HyperStack.ST.lemma_equal_domains_trans", "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_intro", "lemma_FStar.HyperStack.ST.lemma_same_refs_in_non_tip_regions_elim", @@ -2845,6 +2932,7 @@ "lemma_FStar.Set.mem_union", "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.mod_lemma", "lemma_Lib.IntTypes.v_injective", + "lemma_Lib.IntTypes.v_mk_int", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", "lemma_Lib.NTuple.eq_elim", "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", @@ -2872,18 +2960,16 @@ "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", - "lemma_LowStar.Monotonic.Buffer.modifies_loc_unused_in", "lemma_LowStar.Monotonic.Buffer.modifies_remove_fresh_frame", "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", "lemma_LowStar.Monotonic.Buffer.popped_modifies", "lemma_LowStar.Monotonic.Buffer.unused_in_loc_unused_in", "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", - "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", @@ -2899,18 +2985,18 @@ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_628b2d49e8d921b3c4f48b073cedb724", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", "refinement_interpretation_Tm_refine_9b6e1320dc46a23036569c70669d8b06", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_ae94dda8ce2436621861041423bcd260", "refinement_interpretation_Tm_refine_b550ca9347e0645a53715102a08d8fa1", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", - "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e450d0eda8ec6ce5c9eff42d01f0e81a", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "refinement_interpretation_Tm_refine_f63e058f9631c11993f3ef0430296051", @@ -2926,21 +3012,23 @@ "typing_FStar.Monotonic.HyperStack.get_rid_ctr", "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.Monotonic.HyperStack.remove_elt", - "typing_FStar.Set.complement", "typing_FStar.Set.mem", - "typing_FStar.Set.singleton", "typing_FStar.Set.union", - "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", - "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.block_len", + "typing_FStar.Seq.Properties.lseq", "typing_FStar.Set.complement", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.Set.union", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_Hacl.Hash.Definitions.block_len", "typing_Hacl.Hash.Definitions.hash_len", "typing_Hacl.Spec.SHA2.Vec.element_t", "typing_Hacl.Spec.SHA2.Vec.finish", "typing_Hacl.Spec.SHA2.Vec.get_multilast_spec", "typing_Hacl.Spec.SHA2.Vec.init", "typing_Hacl.Spec.SHA2.Vec.lanes", - "typing_Lib.Buffer.as_seq", "typing_Lib.Buffer.lbuffer_t", - "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.minint", + "typing_Hacl.Spec.SHA2.Vec.multiseq", + "typing_Hacl.Spec.SHA2.mk_len_t", "typing_Lib.Buffer.as_seq", + "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", + "typing_Lib.Buffer.loc", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.maxint", "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.mod", "typing_Lib.IntTypes.v", - "typing_Lib.MultiBuffer.as_seq_multi", - "typing_Lib.MultiBuffer.multiseq", "typing_Lib.NTuple.index", + "typing_Lib.MultiBuffer.as_seq_multi", "typing_Lib.NTuple.index", "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", "typing_LowStar.Monotonic.Buffer.as_addr", @@ -2953,17 +3041,21 @@ "typing_LowStar.Monotonic.Buffer.loc_regions", "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.hash_word_length", "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.less_than_max_input_length", "typing_Spec.Hash.Definitions.word_length", "typing_Spec.Hash.Definitions.word_t", "typing_tok_Hacl.Spec.SHA2.Vec.M128@tok", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.U128@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "081a86d6c676c7bb1cf06867ef2708b0" + "56ca0ea3d9d2cfe662a386e885aacee4" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Impl.SHA512.ModQ.fst.hints b/hints/Hacl.Impl.SHA512.ModQ.fst.hints index d40964450e..e09d48b990 100644 --- a/hints/Hacl.Impl.SHA512.ModQ.fst.hints +++ b/hints/Hacl.Impl.SHA512.ModQ.fst.hints @@ -77,7 +77,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" ], 0, - "9d4f8eebc089e44aa130c518c8cd031f" + "5127a40d23acf46ce59febf986f24490" ], [ "Hacl.Impl.SHA512.ModQ.sha512_pre_msg", @@ -87,15 +87,16 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "Hacl.Streaming.MD_interpretation_Tm_arrow_2e498b299f7e70d4a07264a574999abb", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", - "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", - "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Hacl.Streaming.Interface.Erased", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", @@ -110,19 +111,19 @@ "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "disc_equation_FStar.Pervasives.Native.Some", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", - "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Hacl.Streaming.Interface.Erased@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", @@ -156,6 +157,7 @@ "equation_Hacl.Streaming.MD.hacl_md", "equation_Hacl.Streaming.MD.max_input_len64", "equation_Hacl.Streaming.MD.state_t", + "equation_Hacl.Streaming.MD.word", "equation_Hacl.Streaming.SHA2.hacl_sha2_512", "equation_Hacl.Streaming.SHA2.state_sha2_512", "equation_Hacl.Streaming.SHA2.state_t_512", @@ -177,10 +179,10 @@ "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Ed25519.max_input_length_sha512", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.less_than_max_input_length", "equation_Spec.Hash.Definitions.max_input_length", "equation_Spec.Hash.Definitions.state_word_length", - "equation_Spec.Hash.Definitions.word", "equation_Spec.Hash.Definitions.word_t", "function_token_typing_FStar.Monotonic.Heap.heap", "function_token_typing_FStar.Pervasives.pattern", @@ -246,6 +248,7 @@ "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", "lemma_LowStar.Monotonic.Buffer.popped_modifies", "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", @@ -266,8 +269,7 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", - "projection_inverse_FStar.Pervasives.Native.Some_a", - "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Hacl.Streaming.Interface.Block_key", "projection_inverse_Hacl.Streaming.Interface.Block_km", "projection_inverse_Hacl.Streaming.Interface.Block_max_input_len", @@ -320,7 +322,8 @@ "typing_FStar.Seq.Base.empty", "typing_FStar.Set.complement", "typing_FStar.Set.mem", "typing_FStar.Set.singleton", "typing_FStar.Set.union", "typing_FStar.UInt.fits", - "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.hash_len", + "typing_FStar.UInt.max_int", "typing_FStar.UInt32.v", + "typing_Hacl.Hash.Definitions.hash_len", "typing_Hacl.Streaming.Functor.footprint", "typing_Hacl.Streaming.Functor.seen", "typing_Hacl.Streaming.SHA2.hacl_sha2_512", @@ -340,13 +343,14 @@ "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.word_t", "typing_Tm_abs_ac76e3b122b7fbcbe17b74373fd5c71b", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", "typing_tok_Spec.Hash.Definitions.SHA2_512@tok", "unit_typing" ], 0, - "42159789c0db844519b8815752f512ac" + "a79415775e228b40580b668d97b8fe5e" ], [ "Hacl.Impl.SHA512.ModQ.sha512_pre_pre2_msg", @@ -429,7 +433,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" ], 0, - "c75bb541edec0c88ba8aeb4d16fd6963" + "93b1cd1303021738556903e7472ec26a" ], [ "Hacl.Impl.SHA512.ModQ.sha512_pre_pre2_msg", @@ -439,15 +443,17 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "Hacl.Streaming.MD_interpretation_Tm_arrow_2e498b299f7e70d4a07264a574999abb", + "Hacl.Streaming.MD_interpretation_Tm_arrow_9e6ebea10abe6ef6dc68fe1819b24f28", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", - "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", - "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Hacl.Streaming.Interface.Erased", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", @@ -462,19 +468,18 @@ "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", - "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Hacl.Streaming.Interface.Erased@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", @@ -505,9 +510,11 @@ "equation_Hacl.Streaming.Interface.optional_key", "equation_Hacl.Streaming.Interface.stateful_buffer", "equation_Hacl.Streaming.Interface.stateful_unused", + "equation_Hacl.Streaming.Interface.uint8", "equation_Hacl.Streaming.MD.hacl_md", "equation_Hacl.Streaming.MD.max_input_len64", "equation_Hacl.Streaming.MD.state_t", + "equation_Hacl.Streaming.MD.word", "equation_Hacl.Streaming.SHA2.hacl_sha2_512", "equation_Hacl.Streaming.SHA2.state_sha2_512", "equation_Hacl.Streaming.SHA2.state_t_512", @@ -520,23 +527,15 @@ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Lib.Sequence.lseq", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.fresh_loc", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", - "equation_Prims.nat", "equation_Prims.pos", "equation_Prims.squash", + "equation_Prims.nat", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.Ed25519.max_input_length_sha512", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.bytes", - "equation_Spec.Hash.Definitions.hash_length", - "equation_Spec.Hash.Definitions.hash_word_length", - "equation_Spec.Hash.Definitions.less_than_max_input_length", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.state_word_length", - "equation_Spec.Hash.Definitions.word", - "equation_Spec.Hash.Definitions.word_length", "equation_Spec.Hash.Definitions.word_t", "function_token_typing_FStar.Monotonic.Heap.heap", "function_token_typing_FStar.Pervasives.pattern", @@ -544,8 +543,7 @@ "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", "function_token_typing_Spec.Ed25519.uu___2", - "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", - "int_typing", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_typing", "interpretation_Tm_abs_112eeda5af4692880e2022f7dd9b35de", "interpretation_Tm_abs_29817b827a116837b1bd91e5acca081f", "interpretation_Tm_abs_6d2b7f1c8cab555170220adfa4fff827", @@ -562,8 +560,8 @@ "lemma_FStar.Map.lemma_InDomUpd2", "lemma_FStar.Map.lemma_SelRestrict", "lemma_FStar.Map.lemma_SelUpd1", "lemma_FStar.Map.lemma_SelUpd2", "lemma_FStar.Map.lemma_UpdDomain", - "lemma_FStar.Map.lemma_equal_elim", "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperStack.lemma_mk_mem__projectors", "lemma_FStar.Seq.Base.lemma_eq_elim", "lemma_FStar.Seq.Base.lemma_len_append", "lemma_FStar.Set.lemma_equal_elim", @@ -604,9 +602,8 @@ "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", - "proj_equation_FStar.Pervasives.Native.Some_v", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", "proj_equation_Hacl.Streaming.Interface.Block_key", "proj_equation_Hacl.Streaming.Interface.Block_km", "proj_equation_Hacl.Streaming.Interface.Block_max_input_len", @@ -622,8 +619,7 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", - "projection_inverse_FStar.Pervasives.Native.Some_a", - "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Hacl.Streaming.Interface.Block_key", "projection_inverse_Hacl.Streaming.Interface.Block_km", "projection_inverse_Hacl.Streaming.Interface.Block_max_input_len", @@ -639,6 +635,7 @@ "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_0e20fcb7a6d401ac0c90ba7b240b51b3", "refinement_interpretation_Tm_refine_156c49afb7e1e070fbb2e47dc0e3d4b2", + "refinement_interpretation_Tm_refine_2065983b7394855e8cae0a101ff57c0d", "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", @@ -652,11 +649,10 @@ "refinement_interpretation_Tm_refine_a01e2a488c0e993995a09cb4eb2936ff", "refinement_interpretation_Tm_refine_a6227b5c5f7904bf5b11759abcdcfa8d", "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", - "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", - "refinement_interpretation_Tm_refine_d58134fb55bef01eae6b023f162e2553", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f2ecb8dfc24f11b18b42b8e1bd44941a", "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "token_correspondence_Hacl.Streaming.Interface.__proj__Block__item__max_input_len", "token_correspondence_Hacl.Streaming.Interface.__proj__Block__item__output_len", @@ -672,12 +668,13 @@ "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_rid_ctr", "typing_FStar.Monotonic.HyperStack.get_tip", - "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.empty", - "typing_FStar.Set.complement", "typing_FStar.Set.intersect", + "typing_FStar.Monotonic.HyperStack.remove_elt", + "typing_FStar.Seq.Base.empty", "typing_FStar.Set.complement", "typing_FStar.Set.mem", "typing_FStar.Set.singleton", - "typing_FStar.Set.union", "typing_FStar.UInt32.v", - "typing_Hacl.Hash.Definitions.hash_len", + "typing_FStar.Set.union", "typing_FStar.UInt.fits", + "typing_FStar.UInt.max_int", "typing_FStar.UInt32.v", "typing_Hacl.Streaming.Functor.footprint", "typing_Hacl.Streaming.Functor.seen", "typing_Hacl.Streaming.SHA2.hacl_sha2_512", @@ -694,14 +691,14 @@ "typing_LowStar.Monotonic.Buffer.loc_not_unused_in", "typing_LowStar.Monotonic.Buffer.loc_regions", "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", - "typing_Spec.Agile.Hash.hash", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.word_t", "typing_Tm_abs_ac76e3b122b7fbcbe17b74373fd5c71b", + "typing_Tm_abs_f24fca85a71b4400b717d05327a72d13", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok", "unit_typing" + "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", "unit_typing" ], 0, "0253b46924c7110eceb22d76d296930b" @@ -799,7 +796,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b15c845779979aa58d96e8684d91cc5e" + "bdad9fbc8dfc629181c61ed398d99980" ], [ "Hacl.Impl.SHA512.ModQ.sha512_modq_pre", @@ -1009,7 +1006,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" ], 0, - "d669eadad2fa3608e8537d8840611f36" + "e1db6a47c3bc27a4fe18513709d079cb" ], [ "Hacl.Impl.SHA512.ModQ.sha512_modq_pre_pre2", @@ -1106,7 +1103,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" ], 0, - "6c88ad7af05d4b6cfa494ae5cbea30a8" + "6b645f910396859959d2a0a60ec66560" ], [ "Hacl.Impl.SHA512.ModQ.sha512_modq_pre_pre2", @@ -1316,7 +1313,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" ], 0, - "ef6ab15ec29ef4e445ec83a53f512ad6" + "ad00e35cf491f35dbe21aa3e507e212a" ], [ "Hacl.Impl.SHA512.ModQ.store_sha512_modq_pre", @@ -1421,7 +1418,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "ae8e5e885416084b6cb218e8e7e9ab1b" + "506ffdf1ab2fe64e7910d30540e76d32" ], [ "Hacl.Impl.SHA512.ModQ.store_sha512_modq_pre", @@ -1578,7 +1575,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", "unit_typing" ], 0, - "a777bb8c6e1c07d1c99d4a9cbdfac52b" + "7ebb9c87cc9475d810df6fba64692545" ], [ "Hacl.Impl.SHA512.ModQ.store_sha512_modq_pre_pre2", @@ -1675,7 +1672,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" ], 0, - "c146099249bfb33a9bb6ad82e9b0bed6" + "bf980ad1493153bbeb96dd155d2ea1d2" ], [ "Hacl.Impl.SHA512.ModQ.store_sha512_modq_pre_pre2", @@ -1685,6 +1682,7 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "Prims_interpretation_Tm_arrow_2eaa01e78f73e9bab5d0955fc1a662da", "Spec.Hash.Definitions_interpretation_Tm_arrow_3ac874e39b1c409ba69a2358a6f73691", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", @@ -1694,6 +1692,8 @@ "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -1707,6 +1707,7 @@ "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "data_typing_intro_Prims.Mkdtuple2@tok", @@ -1715,6 +1716,7 @@ "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", @@ -1745,7 +1747,6 @@ "equation_Hacl.Hash.Definitions.impl_state_length", "equation_Hacl.Hash.Definitions.m_spec", "equation_Hacl.Impl.BignumQ.Mul.as_nat", - "equation_Hacl.Impl.BignumQ.Mul.qelemB", "equation_Hacl.Impl.BignumQ.Mul.qelem_fits", "equation_Hacl.Impl.BignumQ.Mul.scalar_inv_full_t", "equation_Hacl.Spec.BignumQ.Definitions.as_nat5", @@ -1756,27 +1757,32 @@ "equation_Hacl.Spec.BignumQ.Definitions.pow56", "equation_Hacl.Spec.BignumQ.Definitions.qelem_fits1", "equation_Hacl.Spec.BignumQ.Definitions.qelem_fits5", - "equation_Lib.Buffer.as_seq", "equation_Lib.Buffer.buffer_t", - "equation_Lib.Buffer.disjoint", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.Buffer.live", - "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.lanes_t", "equation_Lib.Buffer.as_seq", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.disjoint", + "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", + "equation_Lib.Buffer.live", "equation_Lib.Buffer.loc", + "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.stack_allocated", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.length", - "equation_Lib.Sequence.to_seq", "equation_LowStar.Buffer.buffer", + "equation_Lib.IntTypes.uint64", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Lib.IntVector.width", "equation_Lib.Sequence.to_seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.Ed25519.q", "equation_Spec.Ed25519.uu___2", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.state_word_length", - "equation_Spec.Hash.Definitions.word", "equation_Spec.Hash.Definitions.word_t", "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", "function_token_typing_Spec.Ed25519.uu___2", @@ -1805,7 +1811,6 @@ "lemma_LowStar.Monotonic.Buffer.fresh_frame_loc_not_unused_in_disjoint", "lemma_LowStar.Monotonic.Buffer.fresh_frame_modifies", "lemma_LowStar.Monotonic.Buffer.lemma_live_equal_mem_domains", - "lemma_LowStar.Monotonic.Buffer.length_as_seq", "lemma_LowStar.Monotonic.Buffer.length_null_1", "lemma_LowStar.Monotonic.Buffer.length_null_2", "lemma_LowStar.Monotonic.Buffer.live_loc_not_unused_in", @@ -1840,6 +1845,7 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_FStar.Pervasives.Native.Mktuple5__1", "projection_inverse_FStar.Pervasives.Native.Mktuple5__2", "projection_inverse_FStar.Pervasives.Native.Mktuple5__3", @@ -1852,16 +1858,18 @@ "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_156c49afb7e1e070fbb2e47dc0e3d4b2", "refinement_interpretation_Tm_refine_207bd418030414c32f7ebbc47cc48626", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", "refinement_interpretation_Tm_refine_2ea6dd5f494ea9efbc8f3ae09c46904d", + "refinement_interpretation_Tm_refine_335e5bfc9edee38d58c934e23a4de7eb", "refinement_interpretation_Tm_refine_339b7a66f80446c2629e3a2df26840ea", "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_49d93a0cb246c536781f6c5dba1a6214", + "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_5d7fc65a01f63f2bc577298c179f855a", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f16c7b57ef8bef37e694fdc293f58a5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", "refinement_interpretation_Tm_refine_a9f5cdfa1f230ec5e1837c405b313503", @@ -1870,7 +1878,6 @@ "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "refinement_interpretation_Tm_refine_dee0f34b44c44e6d512c6db0858b92ef", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_interpretation_Tm_refine_f1f3a6a6d3da045b35e7ba130c8b362a", "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "typing_FStar.Map.contains", "typing_FStar.Map.domain", "typing_FStar.Map.restrict", "typing_FStar.Monotonic.Heap.emp", @@ -1886,10 +1893,9 @@ "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.impl_state_len", - "typing_Hacl.Impl.BignumQ.Mul.as_nat", "typing_Hacl.Spec.BignumQ.Definitions.pow56", - "typing_Lib.Buffer.as_seq", "typing_Lib.Buffer.length", - "typing_Lib.Buffer.loc", "typing_Lib.ByteSequence.nat_to_bytes_le", + "typing_Hacl.Spec.SHA2.Vec.lanes", "typing_Lib.Buffer.as_seq", + "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", "typing_Lib.Sequence.index", "typing_LowStar.Buffer.trivial_preorder", @@ -1904,12 +1910,11 @@ "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Prims.pow2", "typing_Spec.AES.gf8", "typing_Spec.Ed25519.q", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.word", "typing_Spec.Hash.Definitions.word_t", "typing_Tm_abs_3d77c1d80c0e9e736cdcf018f4780b14", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", "unit_typing" ], diff --git a/hints/Hacl.SHA2.Scalar32.fst.hints b/hints/Hacl.SHA2.Scalar32.fst.hints index b93a1e728c..a30be80e8a 100644 --- a/hints/Hacl.SHA2.Scalar32.fst.hints +++ b/hints/Hacl.SHA2.Scalar32.fst.hints @@ -1,11 +1,25 @@ [ - "í±-¡Þê½ã\tÎî\u0019×´\u0010", + "^\u0002õ̳帧~w.2\tO\tD", [ [ - "Hacl.SHA2.Scalar32.sha224_update1", + "Hacl.SHA2.Scalar32.sha224_init", 1, + 2, + 1, + [ + "@query", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_Spec.Hash.Definitions.is_sha2", + "projection_inverse_BoxBool_proj_0" + ], 0, - 0, + "0db594a0ecd559e16b5a511726c157de" + ], + [ + "Hacl.SHA2.Scalar32.sha224_update", + 1, + 2, + 1, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", @@ -14,6 +28,7 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -27,52 +42,57 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "23eeb592c485d1b7ed92985f4465015f" + "1b9ca4310b16b651ca81a0269cb7645a" ], [ - "Hacl.SHA2.Scalar32.sha224_update1", + "Hacl.SHA2.Scalar32.sha224_update_nblocks", + 1, 2, - 0, - 0, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", - "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "5597c5f21923dd49742275a560c8342a" + "a581b3a1f014e2df2d9fc35ffdc92fa0" ], [ - "Hacl.SHA2.Scalar32.sha224_update1", - 3, - 0, - 0, + "Hacl.SHA2.Scalar32.sha224_update_last", + 1, + 2, + 1, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -83,169 +103,106 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "bd31f191ad8e30baedc585ead729513e" + "077dfbcdad2e6d730be6e3de72735b3f" ], [ - "Hacl.SHA2.Scalar32.sha224", + "Hacl.SHA2.Scalar32.sha224_finish", + 1, + 2, 1, - 0, - 0, [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "constructor_distinct_Lib.Buffer.MUT", + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.less_than_max_input_length", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Spec.AES.elem", - "lemma_FStar.Map.lemma_ContainsDom", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6f6c5e83910194b4306c518ba7fc5678", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Lib.Buffer.length", "typing_Lib.IntTypes.v", - "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.less_than_max_input_length", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "33314cabb95ac4253845472ca0603303" + "34e5c13251601f977f7d451bdad06cf2" ], [ - "Hacl.SHA2.Scalar32.sha224", + "Hacl.SHA2.Scalar32.sha256_init", + 1, 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], 0, - 0, + "50d648f6b514190b0c81778441ad6f62" + ], + [ + "Hacl.SHA2.Scalar32.sha256_update", + 1, + 2, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_Hacl.Hash.Definitions.hash_len", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", "equation_Hacl.Spec.SHA2.Vec.is_supported", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.internally_disjoint", - "equation_Lib.MultiBuffer.live_multi", - "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", - "equation_Prims.nat", "equation_Spec.AES.elem", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.hash_length", - "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", - "equation_Spec.Hash.Definitions.word_length", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Prims.__cache_version_number__", - "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", - "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt.pow2_values", - "lemma_Lib.MultiBuffer.as_seq_multi_lemma", - "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_Equality", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_610a43752b9b6cd8e18a986ff1c24a31", - "refinement_interpretation_Tm_refine_6f6c5e83910194b4306c518ba7fc5678", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", - "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", - "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", - "typing_Hacl.Hash.Definitions.hash_len", - "typing_Lib.Buffer.lbuffer_t", "typing_Lib.IntTypes.minint", - "typing_Lib.IntTypes.v", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "d7e0ee7c7e22eb9e9c68e9f5798dbcbd" + "1d86ccbacad39c1baddb27a50954083d" ], [ - "Hacl.SHA2.Scalar32.sha256_update1", + "Hacl.SHA2.Scalar32.sha256_update_nblocks", + 1, + 2, 1, - 0, - 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", @@ -254,6 +211,7 @@ "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -267,54 +225,57 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "c36be971241fae1edcd3c14b7b43e6cc" + "4c822f8f1eb88969851aa79dec509df0" ], [ - "Hacl.SHA2.Scalar32.sha256_update1", + "Hacl.SHA2.Scalar32.sha256_update_last", + 1, 2, - 0, - 0, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", - "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "506402840bd3d69b02539bdb30787000" + "edab68ffb099f0e124dd416605d913eb" ], [ - "Hacl.SHA2.Scalar32.sha256_update1", - 3, - 0, - 0, + "Hacl.SHA2.Scalar32.sha256_finish", + 1, + 2, + 1, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -325,182 +286,76 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "774da0e835e58e53cd5d0c06bfc9c3d3" + "7fb3d699805a0c39b395f12fff8bf04e" ], [ - "Hacl.SHA2.Scalar32.sha256", + "Hacl.SHA2.Scalar32.sha384_init", + 1, + 2, 1, - 0, - 0, [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "constructor_distinct_Lib.Buffer.MUT", + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.Buffer.CONST", "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.less_than_max_input_length", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Spec.AES.elem", - "lemma_FStar.Map.lemma_ContainsDom", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", - "refinement_interpretation_Tm_refine_cf1a24f01332d00e6f80de32d9355c8c", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Lib.Buffer.length", "typing_Lib.IntTypes.v", - "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.less_than_max_input_length", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "0d4f516143e654ac07593ddc325f86b9" + "c143e0d66c307185bc5ef8ed5c023ca7" ], [ - "Hacl.SHA2.Scalar32.sha256", + "Hacl.SHA2.Scalar32.sha384_update", + 1, 2, - 0, - 0, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.MUT", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", - "equation_Hacl.Hash.Definitions.hash_len", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", - "equation_Hacl.Spec.SHA2.Vec.lanes_t", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.internally_disjoint", - "equation_Lib.MultiBuffer.live_multi", - "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Prims.__cache_version_number__", - "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", - "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt.pow2_values", - "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.MultiBuffer.as_seq_multi_lemma", - "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", - "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5e104c04f960ac658fc1e6c21cd22e76", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", - "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", - "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", - "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", - "refinement_interpretation_Tm_refine_cf1a24f01332d00e6f80de32d9355c8c", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Hacl.Hash.Definitions.hash_len", - "typing_Lib.Buffer.lbuffer_t", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", - "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "9fdfdd85db7a3c09ca90761b7e2dd16a" + "c84595181369357009e3b43f19213f4e" ], [ - "Hacl.SHA2.Scalar32.sha384_update1", + "Hacl.SHA2.Scalar32.sha384_update_nblocks", + 1, + 2, 1, - 0, - 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", @@ -510,6 +365,7 @@ "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -523,58 +379,59 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "92a89a07f2e82692ed0b99e2924060e4" + "370596b0a049cd11ad7246ccb6cad290" ], [ - "Hacl.SHA2.Scalar32.sha384_update1", + "Hacl.SHA2.Scalar32.sha384_update_last", + 1, 2, - 0, - 0, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.CONST", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", - "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "ba4f52e3bf675bac19213d07cea6639b" + "810ff56b945a586cab0f895ae1222e2b" ], [ - "Hacl.SHA2.Scalar32.sha384_update1", - 3, - 0, - 0, + "Hacl.SHA2.Scalar32.sha384_finish", + 1, + 2, + 1, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.Buffer.CONST", - "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -585,179 +442,76 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "bfd853ebac572cdb51dbeddc79f493ac" + "056b86b496d2d136d0420e3478ee7633" ], [ - "Hacl.SHA2.Scalar32.sha384", + "Hacl.SHA2.Scalar32.sha512_init", + 1, + 2, 1, - 0, - 0, [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "constructor_distinct_Lib.Buffer.MUT", + "@MaxIFuel_assumption", "@query", "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.less_than_max_input_length", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Spec.AES.elem", - "lemma_FStar.Map.lemma_ContainsDom", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_2cf0d3d5b3efb0aadafee6b6b1ea64b3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Lib.Buffer.length", "typing_Lib.IntTypes.v", - "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.less_than_max_input_length", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "0a2f480f766daea7b639dee92bf46d92" + "b0db39705509d3450ef07aebb6efc962" ], [ - "Hacl.SHA2.Scalar32.sha384", + "Hacl.SHA2.Scalar32.sha512_update", + 1, 2, - 0, - 0, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.CONST", - "constructor_distinct_Lib.Buffer.MUT", - "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", - "equation_Hacl.Hash.Definitions.hash_len", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", "equation_Hacl.Spec.SHA2.Vec.is_supported", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", - "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.internally_disjoint", - "equation_Lib.MultiBuffer.live_multi", - "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Prims.__cache_version_number__", - "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", - "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt.pow2_values", - "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.MultiBuffer.as_seq_multi_lemma", - "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", - "refinement_interpretation_Tm_refine_2cf0d3d5b3efb0aadafee6b6b1ea64b3", - "refinement_interpretation_Tm_refine_4c95819efb9e8e85cc6ac2dc15b0b4a5", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", - "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", - "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", - "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Hacl.Hash.Definitions.hash_len", - "typing_Lib.Buffer.lbuffer_t", "typing_Lib.IntTypes.minint", - "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "3b6806c1a5cc3cf52222437122a38bd4" + "8bdebae2500c91000f6c09cd3d696b01" ], [ - "Hacl.SHA2.Scalar32.sha512_update1", + "Hacl.SHA2.Scalar32.sha512_update_nblocks", + 1, + 2, 1, - 0, - 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", @@ -767,6 +521,7 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -781,57 +536,60 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "47b3e23154c751fadfffe2ad5bc62063" + "708f1c28ba2d0f403be3853f8c63fc65" ], [ - "Hacl.SHA2.Scalar32.sha512_update1", + "Hacl.SHA2.Scalar32.sha512_update_last", + 1, 2, - 0, - 0, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", - "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "523e5e8d6916e2288503906b539c1272" + "acf44362665e98d2641662f02d79a3b3" ], [ - "Hacl.SHA2.Scalar32.sha512_update1", - 3, - 0, - 0, + "Hacl.SHA2.Scalar32.sha512_finish", + 1, + 2, + 1, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", @@ -842,176 +600,233 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "e16c667ebf1ae60e05055ec0864e84b0" + "433b724847e3d306ceaf57c028fa249b" ], [ - "Hacl.SHA2.Scalar32.sha512", + "Hacl.SHA2.Scalar32.coerce", 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_754b00004f4a881ff74d076ab276dfe1" + ], 0, + "0d6285b0f28127118b2759ae954756ba" + ], + [ + "Hacl.SHA2.Scalar32.init", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Spec.Hash.Definitions.SHA2_224", + "disc_equation_Spec.Hash.Definitions.SHA2_256", + "disc_equation_Spec.Hash.Definitions.SHA2_384", + "disc_equation_Spec.Hash.Definitions.SHA2_512", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.uu___is_SHA2_512" + ], + 0, + "c79eb3eebe80b8e89b7df055f9e1c081" + ], + [ + "Hacl.SHA2.Scalar32.update_nblocks", + 1, + 2, + 1, + [ + "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2" + ], 0, + "4d0d95b7e592d0290cecd5a618548a3c" + ], + [ + "Hacl.SHA2.Scalar32.update_nblocks", + 2, + 2, + 1, [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "constructor_distinct_Lib.Buffer.MUT", + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "bool_inversion", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "disc_equation_Spec.Hash.Definitions.SHA2_224", + "disc_equation_Spec.Hash.Definitions.SHA2_256", + "disc_equation_Spec.Hash.Definitions.SHA2_384", + "disc_equation_Spec.Hash.Definitions.SHA2_512", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.less_than_max_input_length", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Spec.AES.elem", - "lemma_FStar.Map.lemma_ContainsDom", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", "proj_equation_Spec.GaloisField.GF_t", "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_363b643e643b90936395674da4167394", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Lib.Buffer.length", "typing_Lib.IntTypes.v", - "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.less_than_max_input_length", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.uu___is_SHA2_512" ], 0, - "d22983a21c09d1ac52aa327c78c6c2e4" + "24ebf420a94d7deb1e88fcecfe481861" ], [ - "Hacl.SHA2.Scalar32.sha512", + "Hacl.SHA2.Scalar32.update_last", + 1, 2, + 1, + [ + "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2" + ], + 0, + "efc37678c5d21c77d5b77b802fdfe76f" + ], + [ + "Hacl.SHA2.Scalar32.update_last", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "bool_inversion", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "disc_equation_Spec.Hash.Definitions.SHA2_224", + "disc_equation_Spec.Hash.Definitions.SHA2_256", + "disc_equation_Spec.Hash.Definitions.SHA2_384", + "disc_equation_Spec.Hash.Definitions.SHA2_512", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.uu___is_SHA2_512" + ], 0, + "6d4dd3c01b3f15917281255cabe0fd53" + ], + [ + "Hacl.SHA2.Scalar32.finish", + 1, + 2, + 1, + [ + "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2" + ], 0, + "bae3f9fca3b90f6c937aa2f689e4b367" + ], + [ + "Hacl.SHA2.Scalar32.finish", + 2, + 2, + 1, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", "bool_inversion", "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", - "constructor_distinct_Lib.Buffer.MUT", - "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", + "disc_equation_Spec.Hash.Definitions.SHA2_224", + "disc_equation_Spec.Hash.Definitions.SHA2_256", + "disc_equation_Spec.Hash.Definitions.SHA2_384", + "disc_equation_Spec.Hash.Definitions.SHA2_512", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "equality_tok_Lib.Buffer.MUT@tok", - "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", - "equation_FStar.Monotonic.HyperHeap.hmap", - "equation_FStar.Monotonic.HyperStack.is_tip", - "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", - "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", - "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", - "equation_Hacl.Spec.SHA2.Vec.lanes_t", - "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", - "equation_Lib.Buffer.length", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.internally_disjoint", - "equation_Lib.MultiBuffer.live_multi", - "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", - "equation_LowStar.Buffer.trivial_preorder", - "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Spec.AES.elem", "equation_Spec.AES.gf8", - "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", - "equation_Spec.GaloisField.gf", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", - "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Prims.__cache_version_number__", - "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", - "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt.pow2_values", - "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.MultiBuffer.as_seq_multi_lemma", - "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.sha2_alg", "proj_equation_Spec.GaloisField.GF_t", "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", - "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", - "refinement_interpretation_Tm_refine_2d4c3132aca495529c76bb302c5c4b81", - "refinement_interpretation_Tm_refine_363b643e643b90936395674da4167394", - "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", - "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", - "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", - "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", - "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", - "typing_Hacl.Hash.Definitions.hash_len", - "typing_Lib.Buffer.lbuffer_t", "typing_Lib.IntTypes.minint", - "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", - "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", - "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.uu___is_SHA2_512" ], 0, - "9e06bfc14e3ce9af8261181e760a7d60" + "dfaa874eaa0b3cd4da600825fc520349" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.SHA2.Vec128.fst.hints b/hints/Hacl.SHA2.Vec128.fst.hints index c1251487e8..3af61c3b63 100644 --- a/hints/Hacl.SHA2.Vec128.fst.hints +++ b/hints/Hacl.SHA2.Vec128.fst.hints @@ -1,6 +1,20 @@ [ - "\u001b!c\u000fŸW4îÍB<•\u0001oU\u0004", + "ÑÇ«ðééåPÈéš`çç¬â", [ + [ + "Hacl.SHA2.Vec128.sha224_init4", + 1, + 0, + 0, + [ + "@query", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_Spec.Hash.Definitions.is_sha2", + "projection_inverse_BoxBool_proj_0" + ], + 0, + "ffdc4535e221345297e491c1ccc20413" + ], [ "Hacl.SHA2.Vec128.sha224_update4", 1, @@ -32,18 +46,19 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "2259a315e3e8fb0af332fb3fbc79916d" + "7be5c001eebfa7d784d031b1fca89ee0" ], [ - "Hacl.SHA2.Vec128.sha224_update4", - 2, + "Hacl.SHA2.Vec128.sha224_update_nblocks4", + 1, 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", @@ -51,34 +66,65 @@ "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "bc5e1c4c09097929a33f9d513ea05add" + "ed8aca0a36c07fd3f053e2ffc9660ea6" ], [ - "Hacl.SHA2.Vec128.sha224_update4", - 3, + "Hacl.SHA2.Vec128.sha224_update_last4", + 1, 0, 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "c7a51b59da5da3867066e4651409ab9c" + ], + [ + "Hacl.SHA2.Vec128.sha224_finish4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", @@ -92,16 +138,14 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "4f02214072c3d632f83f5b0c81339187" + "0e25044bc9508e6e381686d5f21317c6" ], [ "Hacl.SHA2.Vec128.sha224_4", @@ -179,7 +223,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" ], 0, - "9197aa4c8b60d8fcef214c8fde0299f5" + "196d7d2afd3938862eaaf98fbdd382e3" ], [ "Hacl.SHA2.Vec128.sha224_4", @@ -212,6 +256,7 @@ "equation_FStar.Monotonic.HyperStack.is_tip", "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.lseq", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", @@ -219,12 +264,10 @@ "equation_Lib.Buffer.length", "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.op_Bar_Plus_Bar", "equation_Lib.Buffer.union", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.as_seq_multi", "equation_Lib.MultiBuffer.internally_disjoint", "equation_Lib.MultiBuffer.internally_disjoint4", "equation_Lib.MultiBuffer.live4", @@ -244,7 +287,6 @@ "equation_Spec.Hash.Definitions.word_length", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.Buffer.as_seq", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.__cache_version_number__", "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", @@ -274,6 +316,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_d9f6ece87b1352396bec93798648e884", @@ -295,7 +338,30 @@ "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" ], 0, - "775ba9b27109c3b531d1b2dacb3178a0" + "a5112ad7fd3e00c6be980a433e01817e" + ], + [ + "Hacl.SHA2.Vec128.sha256_init4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "e148bdb7eec580cf8912eaeea5153e9e" ], [ "Hacl.SHA2.Vec128.sha256_update4", @@ -327,19 +393,17 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "72eb09ca68396979d70f53f2e0d55988" + "28c3f2767a95e4f92f5219fe658b6dd9" ], [ - "Hacl.SHA2.Vec128.sha256_update4", - 2, + "Hacl.SHA2.Vec128.sha256_update_nblocks4", + 1, 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", - "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", @@ -347,28 +411,25 @@ "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "cce5f36ea07934bb289113a926ec2bda" + "13efbfb836d8ee76fc640641f88368d1" ], [ - "Hacl.SHA2.Vec128.sha256_update4", - 3, + "Hacl.SHA2.Vec128.sha256_update_last4", + 1, 0, 0, [ @@ -376,7 +437,6 @@ "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", @@ -389,7 +449,6 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", @@ -398,7 +457,39 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "c35c29ab3923d2d6d695aa0962e5c85a" + "9491afa3fbb2e3f86e4660a2d1795830" + ], + [ + "Hacl.SHA2.Vec128.sha256_finish4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Hacl.Spec.SHA2.Vec.M128@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "53bd487493eeff75970f20d82589a452" ], [ "Hacl.SHA2.Vec128.sha256_4", @@ -477,7 +568,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" ], 0, - "81c8f9576995ead6c64c4a0f8ea788cc" + "0276af6798d4c026450bfe6767a4f577" ], [ "Hacl.SHA2.Vec128.sha256_4", @@ -510,6 +601,7 @@ "equation_FStar.Monotonic.HyperStack.is_tip", "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.lseq", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", @@ -517,8 +609,7 @@ "equation_Lib.Buffer.length", "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.op_Bar_Plus_Bar", "equation_Lib.Buffer.union", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", @@ -527,12 +618,14 @@ "equation_Lib.MultiBuffer.live4", "equation_Lib.MultiBuffer.live_multi", "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_Lib.MultiBuffer.multibuf", + "equation_Lib.MultiBuffer.multiseq", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", - "equation_Prims.pos", "equation_Spec.AES.elem", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.hash_length", "equation_Spec.Hash.Definitions.hash_word_length", "equation_Spec.Hash.Definitions.is_sha2", @@ -543,7 +636,7 @@ "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", "kinding_FStar.Pervasives.Native.tuple2@tok", "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt.pow2_values", - "lemma_FStar.UInt32.uv_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_FStar.UInt32.uv_inv", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", "lemma_Lib.NTuple.ntup4_lemma", "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", @@ -563,21 +656,21 @@ "refinement_interpretation_Tm_refine_2c0540c5e62eb447470336123983ef18", "refinement_interpretation_Tm_refine_2db8c6f7d734132a8fe2eb6580ed4b5e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Monotonic.HyperStack.get_hmap", "typing_FStar.Monotonic.HyperStack.get_tip", "typing_Hacl.Hash.Definitions.hash_len", "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", "typing_Lib.Buffer.op_Bar_Plus_Bar", - "typing_Lib.Buffer.union", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", + "typing_Lib.MultiBuffer.loc_multi", "typing_Lib.NTuple.index", + "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.less_than_max_input_length", @@ -587,7 +680,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" ], 0, - "166d5af151ced3a329d9f82931a12fd9" + "02bfd9a0de37eb62f93785ef75f78f86" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.SHA2.Vec256.fst.hints b/hints/Hacl.SHA2.Vec256.fst.hints index 6856c0d82b..17f3acb519 100644 --- a/hints/Hacl.SHA2.Vec256.fst.hints +++ b/hints/Hacl.SHA2.Vec256.fst.hints @@ -1,6 +1,20 @@ [ - "¶\u000f¦X@_·ÜºplSÄj", + "p'×}´‰Jý®¿£¼ïŽ8", [ + [ + "Hacl.SHA2.Vec256.sha224_init8", + 1, + 0, + 0, + [ + "@query", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_Spec.Hash.Definitions.is_sha2", + "projection_inverse_BoxBool_proj_0" + ], + 0, + "ffdc4535e221345297e491c1ccc20413" + ], [ "Hacl.SHA2.Vec256.sha224_update8", 1, @@ -32,19 +46,19 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "7fbf4ec0014efd146a172c893d9d2fb3" + "814ddd40eb52daaac4d4968fb04229d8" ], [ - "Hacl.SHA2.Vec256.sha224_update8", - 2, + "Hacl.SHA2.Vec256.sha224_update_nblocks8", + 1, 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", - "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", @@ -52,34 +66,32 @@ "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "acdcb6d5388eddb8d474427fd3d1135e" + "74c97dfbd5b49d6bb79c12ed72d7f634" ], [ - "Hacl.SHA2.Vec256.sha224_update8", - 3, + "Hacl.SHA2.Vec256.sha224_update_last8", + 1, 0, 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", @@ -93,16 +105,47 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "0bf6454609dfb56809aa48b811c039d0" + "9ea388cf2bfc9255f37d8947123bfb45" + ], + [ + "Hacl.SHA2.Vec256.sha224_finish8", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "cb83173a9e09d5093ca30db08e47439e" ], [ "Hacl.SHA2.Vec256.sha224_8", @@ -180,7 +223,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" ], 0, - "fcbbe973244c99b072ea6d10583776d2" + "75a76515e8a344381e924940dd18b595" ], [ "Hacl.SHA2.Vec256.sha224_8", @@ -215,9 +258,9 @@ "equation_FStar.Monotonic.HyperStack.is_tip", "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", "equation_FStar.Monotonic.HyperStack.mem", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", @@ -228,7 +271,6 @@ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.as_seq_multi", "equation_Lib.MultiBuffer.internally_disjoint", "equation_Lib.MultiBuffer.internally_disjoint8", "equation_Lib.MultiBuffer.live8", @@ -248,7 +290,6 @@ "equation_Spec.Hash.Definitions.word_t", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.Buffer.as_seq", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.__cache_version_number__", "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", @@ -276,6 +317,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_cc750ac91a960737ad60778c2989199d", @@ -301,7 +343,30 @@ "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" ], 0, - "d6bd434ff4d60a04ff272954794c35ac" + "14246e3cf6035361aefb5c5215199d71" + ], + [ + "Hacl.SHA2.Vec256.sha256_init8", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "bd7fd3a5de2f26d4c51eecf6c1611688" ], [ "Hacl.SHA2.Vec256.sha256_update8", @@ -333,20 +398,17 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "e15e928dcf93edb857985bce863fc16e" + "31f57908e609cf9528fc37cebf51fa80" ], [ - "Hacl.SHA2.Vec256.sha256_update8", - 2, + "Hacl.SHA2.Vec256.sha256_update_nblocks8", + 1, 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", - "constructor_distinct_Lib.Buffer.CONST", - "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", @@ -354,34 +416,62 @@ "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "46f30503598ff3261deef2eb75d1f1ce" + "f58a73c30b626f8ca89d424f5f874693" ], [ - "Hacl.SHA2.Vec256.sha256_update8", - 3, + "Hacl.SHA2.Vec256.sha256_update_last8", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "c9fd29819cc0684519bb530719828c2e" + ], + [ + "Hacl.SHA2.Vec256.sha256_finish8", + 1, 0, 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_256", @@ -396,7 +486,6 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", @@ -405,7 +494,7 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "027bafb35b494a1dec326d8d161a8641" + "dd39dcce5ab02d98729a5e46c70a272b" ], [ "Hacl.SHA2.Vec256.sha256_8", @@ -484,7 +573,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" ], 0, - "f52aa92faaa56ff72d7f83592b551b33" + "19897bcc6be378f5e1126ea084a9454f" ], [ "Hacl.SHA2.Vec256.sha256_8", @@ -519,24 +608,25 @@ "equation_FStar.Monotonic.HyperStack.is_tip", "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.lseq", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.disjoint", "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.numbytes", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.as_seq_multi", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.MultiBuffer.internally_disjoint", "equation_Lib.MultiBuffer.internally_disjoint8", "equation_Lib.MultiBuffer.live8", "equation_Lib.MultiBuffer.live_multi", "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.NTuple.ntup8", "equation_Lib.NTuple.ntuple", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_Lib.MultiBuffer.multiseq", "equation_Lib.NTuple.ntup8", + "equation_Lib.NTuple.ntuple", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", "equation_Spec.AES.elem", "equation_Spec.AES.gf8", @@ -550,7 +640,6 @@ "equation_Spec.Hash.Definitions.word_t", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.Buffer.as_seq", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.__cache_version_number__", "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", @@ -575,6 +664,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", @@ -585,7 +675,8 @@ "typing_Hacl.Hash.Definitions.hash_len", "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", "typing_Lib.IntTypes.minint", - "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_Lib.IntTypes.v", "typing_Lib.NTuple.index", + "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.less_than_max_input_length", @@ -596,7 +687,31 @@ "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" ], 0, - "5ca505c780de0b49d611454e04e016c9" + "c52319e96dc86fa62a79534feb34106a" + ], + [ + "Hacl.SHA2.Vec256.sha384_init4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "fa6c81e22db2aed42d756dd560937b82" ], [ "Hacl.SHA2.Vec256.sha384_update4", @@ -631,18 +746,16 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "70f151d9e865ca98447d74d45a22e761" + "a182f23895c942d42b4d49e8fccb0e25" ], [ - "Hacl.SHA2.Vec256.sha384_update4", - 2, + "Hacl.SHA2.Vec256.sha384_update_nblocks4", + 1, 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", "constructor_distinct_Lib.Buffer.CONST", "constructor_distinct_Lib.IntTypes.U1", @@ -654,37 +767,33 @@ "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "097967e95d95614da06b450a4e89cdec" + "6dd390182fdbe2d996fb6a30be8c5d61" ], [ - "Hacl.SHA2.Vec256.sha384_update4", - 3, + "Hacl.SHA2.Vec256.sha384_update_last4", + 1, 0, 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", "constructor_distinct_Lib.Buffer.CONST", - "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", @@ -699,7 +808,6 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", @@ -708,7 +816,42 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "8063a02d52c473fb958687df93175408" + "438941532d63bbd1d948a927fbcbc26f" + ], + [ + "Hacl.SHA2.Vec256.sha384_finish4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "2c38089c53c032545caf621607cc6fa0" ], [ "Hacl.SHA2.Vec256.sha384_4", @@ -789,7 +932,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" ], 0, - "242c3c77828f7dafe3d56b592ef150e8" + "b979b5e40fe580dbcb5ce99d04c890f7" ], [ "Hacl.SHA2.Vec256.sha384_4", @@ -824,6 +967,7 @@ "equation_FStar.Monotonic.HyperStack.is_tip", "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.lseq", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", @@ -831,12 +975,10 @@ "equation_Lib.Buffer.length", "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.op_Bar_Plus_Bar", "equation_Lib.Buffer.union", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.MultiBuffer.as_seq_multi", "equation_Lib.MultiBuffer.internally_disjoint", "equation_Lib.MultiBuffer.internally_disjoint4", "equation_Lib.MultiBuffer.live4", @@ -856,7 +998,6 @@ "equation_Spec.Hash.Definitions.word_length", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.Buffer.as_seq", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.__cache_version_number__", "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", @@ -886,6 +1027,7 @@ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9c4071d199825dbbe7ffb5ac03ad5d31", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", @@ -907,7 +1049,30 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" ], 0, - "ee982d440d1c040db379f2848f53feb1" + "9ee5076812045e391327d8f56dbd3582" + ], + [ + "Hacl.SHA2.Vec256.sha512_init4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "7059e5fddc035fbee2f4f738b6a6e7f2" ], [ "Hacl.SHA2.Vec256.sha512_update4", @@ -942,16 +1107,15 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "743d06b9a87c7fb28ce6b6b9ce3ca047" + "79529c7b564bbda138b3bb1d449abaa9" ], [ - "Hacl.SHA2.Vec256.sha512_update4", - 2, + "Hacl.SHA2.Vec256.sha512_update_nblocks4", + 1, 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", "constructor_distinct_Lib.Buffer.CONST", @@ -964,35 +1128,68 @@ "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", - "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.is_sha2", "int_typing", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "4ad9b6e5ff86afade1bbc17534fb8d42" + "d3d6245feeb14a30f20940d37911b81f" ], [ - "Hacl.SHA2.Vec256.sha512_update4", - 3, + "Hacl.SHA2.Vec256.sha512_update_last4", + 1, 0, 0, [ "@MaxIFuel_assumption", "@query", "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", - "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "equality_tok_Hacl.Spec.SHA2.Vec.M256@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "bd30b04e3a43173990873de3084c282c" + ], + [ + "Hacl.SHA2.Vec256.sha512_finish4", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Lib.Buffer.CONST", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", @@ -1007,7 +1204,6 @@ "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_sha2", "proj_equation_Spec.GaloisField.GF_t", - "projection_inverse_BoxBool_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", @@ -1016,7 +1212,7 @@ "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" ], 0, - "e4096ff35a1dd1922cc807c82b9e42b3" + "0d147c40ea17f73cfc32324ab962be1c" ], [ "Hacl.SHA2.Vec256.sha512_4", @@ -1095,7 +1291,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" ], 0, - "0fdab9eebda7733aca3e71420e309d62" + "a644bc638fef1bc82bdfff6f196d937c" ], [ "Hacl.SHA2.Vec256.sha512_4", @@ -1129,6 +1325,7 @@ "equation_FStar.Monotonic.HyperStack.is_tip", "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.lseq", "equation_Hacl.Hash.Definitions.hash_len", "equation_Hacl.Spec.SHA2.Vec.is_supported", "equation_Hacl.Spec.SHA2.Vec.lanes", "equation_Lib.Buffer.buffer_t", @@ -1136,8 +1333,7 @@ "equation_Lib.Buffer.length", "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", "equation_Lib.Buffer.op_Bar_Plus_Bar", "equation_Lib.Buffer.union", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", @@ -1146,7 +1342,8 @@ "equation_Lib.MultiBuffer.live4", "equation_Lib.MultiBuffer.live_multi", "equation_Lib.MultiBuffer.modifies_multi", - "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_Lib.MultiBuffer.multiseq", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.trivial_preorder", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", "equation_Spec.AES.elem", "equation_Spec.AES.gf8", @@ -1184,6 +1381,7 @@ "refinement_interpretation_Tm_refine_68223c193e7cbb2aec9dc97ce1346396", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", @@ -1194,7 +1392,8 @@ "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", "typing_Lib.Buffer.loc", "typing_Lib.Buffer.op_Bar_Plus_Bar", "typing_Lib.Buffer.union", "typing_Lib.IntTypes.minint", - "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_Lib.IntTypes.v", "typing_Lib.NTuple.index", + "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.less_than_max_input_length", @@ -1204,7 +1403,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" ], 0, - "062f6bd72a44e505c127e0cdb3676d33" + "ca9c6049bd27cb47ef609eda4a275b62" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Spec.SHA2.EquivScalar.fst.hints b/hints/Hacl.Spec.SHA2.EquivScalar.fst.hints index 4536277da9..00689b1362 100644 --- a/hints/Hacl.Spec.SHA2.EquivScalar.fst.hints +++ b/hints/Hacl.Spec.SHA2.EquivScalar.fst.hints @@ -1,5 +1,5 @@ [ - "7ù†çï¸ÑÖÏʾ^0×)", + "„È¿ÏIç…ô¼\u0003ú\u0015ÊÓ8", [ [ "Hacl.Spec.SHA2.EquivScalar.ws_next_inductive", @@ -23,7 +23,7 @@ "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42" ], 0, - "afefb424de180e6e383271fb39d1c3f2" + "efd5f544b6df39ddee2bc6dab8dcf416" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_inductive", @@ -80,7 +80,7 @@ "typing_Lib.Sequence.index", "typing_Spec.Hash.Definitions.word" ], 0, - "0980487d8461733194eba4f0577be4f3" + "b0189e1d94a4478a953d3124a877e1e6" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_lemma", @@ -106,7 +106,7 @@ "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42" ], 0, - "4ee0d6968f5f568fb162a7351782d2ea" + "2deb9d61d9c2448bf408d262cf259d8a" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_lemma", @@ -120,7 +120,7 @@ "refinement_interpretation_Tm_refine_9f3af2b4c130f519785ecadcb120ea01" ], 0, - "a3b0767b55ec3267521d37d0cbf503f2" + "7a293006d2420a3c1598cabec510bb1c" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_lemma_k", @@ -156,7 +156,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "f60d971885c97010360070bef004a4c0" + "f940f784564c0947f38d319339603f2c" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_lemma_k", @@ -205,7 +205,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "95be80bdeff07f0391768942c952f891" + "da11a5b229e13e0e4e3ba54ed1895ec1" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_inductive", @@ -236,7 +236,7 @@ "typing_Spec.Hash.Definitions.word", "typing_Spec.SHA2.size_k_w" ], 0, - "8e7c329645508ade5cf7859e3365e123" + "55ff5af579b55597734e3a752f79a83b" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_inductive", @@ -316,7 +316,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "3c9e18e27aef008facd02be4473d665b" + "5b5e2c26bff69bf09f6a956a8d94e278" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_lemma", @@ -345,7 +345,7 @@ "typing_Spec.Hash.Definitions.word", "typing_Spec.SHA2.size_k_w" ], 0, - "c413d5664133a03a2d4eff7bc86fed7e" + "b02d95981631c8aae1a45cf5d84d3d20" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_lemma", @@ -359,7 +359,7 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" ], 0, - "d70737fca3b95ca35a9209fe8f0558af" + "9bf4c2b1659d944878459f7bc0487ade" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_lemma_k", @@ -384,7 +384,7 @@ "typing_Spec.Hash.Definitions.word", "typing_Spec.SHA2.size_k_w" ], 0, - "45ee665a8026acad685f6f15f5944fac" + "e162a33229513cfb16d2a292324bd619" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_lemma_k", @@ -400,7 +400,7 @@ "refinement_interpretation_Tm_refine_cc62286b275420c1e615dc14a3d3ef42" ], 0, - "d037f3c8bd566e6e0e40617a5b04075e" + "f7841f260260d2cf83b412bf0b0a5fe4" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_j_step", @@ -438,7 +438,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "70517fdf1e655436bb658892ff00bbb6" + "ccf7f5751c5fb21fc44c28a0278f42d9" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_j_step", @@ -553,7 +553,7 @@ "typing_Spec.SHA2._sigma1" ], 0, - "244fae1fb2ae0cba0f342c83d2cb93fc" + "d6e4bb11e7325b10838f3810151bd5fb" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_aux", @@ -594,7 +594,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "dd9df2a46f04676519986aa7b05cda4e" + "95e9251e581af66f8a0524fa7cd7fc44" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_aux", @@ -645,7 +645,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "6f8babceec18b5e2a55d14881019d78f" + "959a27bedec8daeddb7dffcc9423e4cf" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_init", @@ -677,7 +677,7 @@ "typing_Prims.pow2", "typing_Spec.Hash.Definitions.word" ], 0, - "3259a37a624f1ea9e74af750b35cf172" + "892053e84064178c2ad2ec7f1e951d1b" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_init", @@ -722,7 +722,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "732a7bf5d1a072faa07dc99ef5931429" + "2ad5611ac3754baa5374f930c90b8a32" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_j", @@ -769,7 +769,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "80e978b9763a69539e8358b43e5e34e1" + "90cf5331de60cfa3ff543e65c738e46b" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_j", @@ -800,9 +800,9 @@ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0605c4a2ebae47445b62d3098297c6fd", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_40384ff54a4297cd01efd4362f27136f", - "refinement_interpretation_Tm_refine_538240c5ce4fe926b75f17cfe51a196c", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7a51da7fe5afc1830f1104f656c03726", @@ -816,7 +816,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "10da1315d6da1fe1bbff8cc9d4dcd9a7" + "3ab6f0f5b560d2e066e27440b58fe208" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma_j", @@ -906,7 +906,7 @@ "well-founded-ordering-on-nat" ], 0, - "786c8eff816ee2b5134d1508acb72dbc" + "4437a082cf03cc83b6b78b7521fb8714" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma", @@ -946,7 +946,7 @@ "typing_Spec.Hash.Definitions.word", "typing_Spec.SHA2.ws_pre" ], 0, - "2730e173a7b73e2a2ede78eae7213dec" + "3114a721a81c51f2f7bbd42228038866" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_pre_lemma", @@ -1005,7 +1005,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "cb2c4898d176805008ae6b5d3248a8b5" + "2be6e2e668e8807959f4e94fb85c1572" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_core_pre_lemma", @@ -1082,7 +1082,7 @@ "typing_Spec.SHA2.op0" ], 0, - "86669ab19c2b931a44c292a63e406a65" + "d6d76759ca6cb91f6c032746f4ce17a1" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_pre_inner", @@ -1101,7 +1101,7 @@ "refinement_interpretation_Tm_refine_ea6ae5ef5319d82c13f8e384d7ff2e70" ], 0, - "6d51d82122d8f694ba4b5b13c5fe3a62" + "7d2401e47811ff19c5d132d6d880250a" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma", @@ -1113,7 +1113,7 @@ "equation_Spec.SHA2.size_k_w" ], 0, - "499202b8750d5f6ec2667750ff588d8b" + "703f545af41f276e33a4fb7070868f4d" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma", @@ -1138,7 +1138,7 @@ "typing_Spec.SHA2.ws_pre" ], 0, - "163b6d76ef98d9b79cf23c8e554e4c4f" + "2d277ecb1d8771f194ec60ecefcf1d14" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_pre_inner16", @@ -1164,7 +1164,7 @@ "typing_Hacl.Spec.SHA2.num_rounds16" ], 0, - "00efb95782d594e65ba960d1e03aacb7" + "a7f45ed934cb92d2a62c924da8000f20" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma16_step", @@ -1186,7 +1186,7 @@ "typing_Hacl.Spec.SHA2.num_rounds16" ], 0, - "d81c9af7592a04097bec21467a6113bd" + "83a5a4d80a04177269e1dc5b7bd92d55" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma16_step", @@ -1200,12 +1200,12 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_7fc4e979700038338efb9b0ad24f2964", - "refinement_interpretation_Tm_refine_cce45dd9f16e2ccebc750e86251e88b5", "refinement_interpretation_Tm_refine_cf52a5ae8fae81938a5fa8e10ed7c82d", + "refinement_interpretation_Tm_refine_f85efd8df03a46ecfdc3073a82b6401f", "typing_Hacl.Spec.SHA2.num_rounds16" ], 0, - "ff83e79fb82edca8c1b7aa39951406ff" + "a673d7388e9a261ed10e85313c8e4676" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma16_step", @@ -1244,7 +1244,7 @@ "well-founded-ordering-on-nat" ], 0, - "437524b7c35fb85cb18f5b0fbb646b23" + "679489af54eba053adf74577ca97f2ee" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma16", @@ -1256,7 +1256,7 @@ "equation_Spec.SHA2.size_k_w" ], 0, - "8d3ee98d9176d9ead0c64085a8f937c3" + "52c02c8a3671df04933fc5a754988d2f" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_spec_lemma16", @@ -1280,7 +1280,7 @@ "typing_Hacl.Spec.SHA2.num_rounds16" ], 0, - "ccec2d004c5379a37a6cf81fd499bb5c" + "a26c29447f1697dc63bc0ea65db60522" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_inner_lemma", @@ -1309,7 +1309,7 @@ "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "6d7e5d63755903e4435a3c07928d5549" + "9af8a87b0bf2aec31289e1996974184c" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_next_inner_lemma", @@ -1352,7 +1352,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "3aeb800a0876d90009dcc4f6b8272cee" + "95b19d01cfdda4044d9717344204d969" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma_i_step", @@ -1381,7 +1381,7 @@ "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "96b93abb005152b22e7ad4ad61939aac" + "38af36d5f42bd8e3c55b2fe6fb4d14e2" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma_i_step", @@ -1431,7 +1431,7 @@ "typing_Spec.Hash.Definitions.word" ], 0, - "4f9e574fe8586650fba4cec8bfaae072" + "21709390f2847b624fac2bd58b5c9e88" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_init_lemma", @@ -1453,7 +1453,7 @@ "typing_Spec.Hash.Definitions.is_sha2", "typing_Spec.SHA2.size_k_w" ], 0, - "45f8291e8590f53a83712784e59ee06f" + "87974ddaef5ba1bba936776f642e4f98" ], [ "Hacl.Spec.SHA2.EquivScalar.ws_pre_init_lemma", @@ -1509,7 +1509,7 @@ "typing_Spec.SHA2.size_k_w" ], 0, - "a1297c6cde06e0d181f87c6f0ae5e67b" + "3ca47c86cf25cc2eb2bca9f4c79985a0" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma_i", @@ -1538,7 +1538,7 @@ "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "097540b5c553a827c190f7b35f336f5e" + "3b210112fa85e1c275c93e800f2736be" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma_i", @@ -1559,15 +1559,15 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_77239d3c763dbe32e5a583495031cf9e", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7aa74b9f65b69e8b4de33386e835b0ca", "refinement_interpretation_Tm_refine_7fc4e979700038338efb9b0ad24f2964", - "refinement_interpretation_Tm_refine_8847d4e03b847ebbc2267bb5193d64b5", "typing_Hacl.Spec.SHA2.num_rounds16", "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "011960187c653301e3e3db209fe366d3" + "4feee3f14f0e46aec3250464bc2fc1aa" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma_i", @@ -1605,7 +1605,7 @@ "well-founded-ordering-on-nat" ], 0, - "f7b959dfef8db38c7c792a7a435860fe" + "967a86f9dc0f129268ca3ddd3b3ff23c" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma", @@ -1614,7 +1614,7 @@ 0, [ "@query" ], 0, - "a060bd96148c7fe68670a3e74c226bcc" + "b489781f503523c57c255a8abf51f974" ], [ "Hacl.Spec.SHA2.EquivScalar.shuffle_lemma", @@ -1630,7 +1630,7 @@ "typing_Hacl.Spec.SHA2.num_rounds16" ], 0, - "f83a15c24ac4d9f4ed86f60c8e4826fb" + "ab624f91a0b28843381a0b423d5b2a03" ], [ "Hacl.Spec.SHA2.EquivScalar.update_lemma", @@ -1639,7 +1639,7 @@ 0, [ "@query" ], 0, - "cfabadc99f9ce5ca04811f4bfebf207d" + "22f602051f82d7ee4d7435bd2f114dfa" ], [ "Hacl.Spec.SHA2.EquivScalar.update_lemma", @@ -1733,7 +1733,7 @@ "typing_tok_Lib.IntTypes.SEC@tok" ], 0, - "cc42701d4e5b240a6af10aa7ec645293" + "58a051ff9aca57d8f903fd17dec1ee61" ], [ "Hacl.Spec.SHA2.EquivScalar.finish_lemma", @@ -1762,7 +1762,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "ac6aac8a403e0b40655d5fd2e7a54b0e" + "bb45df2de301cf5ab4880462b47dd340" ], [ "Hacl.Spec.SHA2.EquivScalar.finish_lemma", @@ -1851,7 +1851,7 @@ "typing_Spec.Hash.PadFinish.finish" ], 0, - "43c571071045a7c712b6f4960ffe8e71" + "a9843cd2ea33fad882e74c5dbff7d867" ], [ "Hacl.Spec.SHA2.EquivScalar.repeat_blocks_multi_extensionality", @@ -1864,7 +1864,7 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" ], 0, - "4ea03b402f6e3ad6d530f5468c2ce981" + "6a56d25d0f9755c04a8e8b55fd92625a" ], [ "Hacl.Spec.SHA2.EquivScalar.repeat_blocks_multi_extensionality", @@ -1877,7 +1877,7 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" ], 0, - "c4271dc59a2a6320d6000ff84ad35fe0" + "b5382ab6adbb3fd2e0136268cceddca2" ], [ "Hacl.Spec.SHA2.EquivScalar.repeat_blocks_multi_extensionality", @@ -1906,7 +1906,7 @@ "typing_FStar.Seq.Base.slice", "typing_Lib.Sequence.length" ], 0, - "00d4161c01e195dd46aca069ee48b1a3" + "5e4407ebe1b3125ae36b0b745470d553" ], [ "Hacl.Spec.SHA2.EquivScalar.update_multi_is_repeat_blocks_multi", @@ -1916,44 +1916,58 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.U1", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Tm_unit", + "disc_equation_FStar.Pervasives.Native.Some", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", - "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.is_md", "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_length", + "equation_Spec.Hash.Definitions.maxed_hash_alg", "equation_Spec.Hash.Definitions.md_alg", "equation_Spec.Hash.Definitions.pad0_length", "equation_Spec.Hash.Definitions.pad_length", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", - "function_token_typing_Lib.IntTypes.uint8", "int_inversion", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", "int_typing", "lemma_FStar.Seq.Base.lemma_len_append", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", + "lemma_FStar.UInt.pow2_values", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_8a87b8a531982aadb85bf1f25e594833", - "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e7c5f4e71af26642dc90739b89f6278e", "typing_Spec.Hash.Definitions.is_md", "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.pad_length", - "typing_Spec.Hash.Definitions.word_length" + "typing_Spec.Hash.Definitions.len_length", + "typing_Spec.Hash.Definitions.pad_length" ], 0, - "20e1a91ecde6ba5be3ab4acc85451a6b" + "d08b0110e38e67d4feb5f9e0816965da" ], [ "Hacl.Spec.SHA2.EquivScalar.update_multi_is_repeat_blocks_multi", @@ -1963,34 +1977,46 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.U1", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", "equation_Prims.nat", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Tm_unit", + "disc_equation_FStar.Pervasives.Native.Some", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.is_md", "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_length", + "equation_Spec.Hash.Definitions.maxed_hash_alg", "equation_Spec.Hash.Definitions.pad0_length", "equation_Spec.Hash.Definitions.pad_length", "equation_Spec.Hash.Definitions.sha2_alg", - "equation_Spec.Hash.Definitions.word_length", "int_inversion", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_Addition", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "typing_Spec.Hash.Definitions.is_md", "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.word_length" + "typing_Spec.Hash.Definitions.len_length" ], 0, - "809dade98bd2951cf29c64ac1b360148" + "104604ef97514ada49d884b71ec7831e" ], [ "Hacl.Spec.SHA2.EquivScalar.update_multi_is_repeat_blocks_multi", @@ -2000,8 +2026,11 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.U1", + "bool_inversion", "constructor_distinct_BoxInt", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", @@ -2009,8 +2038,9 @@ "equation_FStar.Seq.Properties.split", "equation_Hacl.Spec.SHA2.block_t", "equation_Hacl.Spec.SHA2.num_rounds16", - "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.length", - "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Hacl.Spec.SHA2.size_k_w", "equation_Lib.IntTypes.uint8", + "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", + "equation_Lib.Sequence.seq", "equation_Lib.UpdateMulti.Lemmas.repeat_f", "equation_Lib.UpdateMulti.Lemmas.repeat_l", "equation_Lib.UpdateMulti.Lemmas.uint8", @@ -2019,7 +2049,7 @@ "equation_Lib.UpdateMulti.split_block", "equation_Lib.UpdateMulti.uint8", "equation_Lib.UpdateMulti.update_full", "equation_Prims.nat", - "equation_Prims.pos", "equation_Spec.Agile.Hash.update", + "equation_Spec.Agile.Hash.update", "equation_Spec.Agile.Hash.update_multi", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", @@ -2045,8 +2075,8 @@ "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_362e2dfd5fc10941f1049c892a15d4e9", "refinement_interpretation_Tm_refine_36fc4a3bd4656ab76ef7de64c5b7198c", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7fc4e979700038338efb9b0ad24f2964", "refinement_interpretation_Tm_refine_8a87b8a531982aadb85bf1f25e594833", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", @@ -2058,7 +2088,7 @@ "typing_Spec.Hash.Definitions.word_length" ], 0, - "c11c6b39b0155d0800b89c01186a9e4c" + "c6c479befb351cc2aebd387601fb2947" ], [ "Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks", @@ -2068,167 +2098,105 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Lib.IntTypes_pretyping_d450aafb6f125538d0e96425faddef55", - "Prims_pretyping_f8666440faa91836cc5a13998af863fc", "b2t_def", - "bool_inversion", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Lib.IntTypes.inttype", - "constructor_distinct_Prims.unit", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "disc_equation_FStar.Pervasives.Native.None", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U128@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.op_At_Percent_Dot", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.length", - "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.to_seq", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", - "equation_Spec.Hash.Definitions.block_length", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.length", + "equation_Lib.Sequence.seq", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.is_sha2", - "equation_Spec.Hash.Definitions.len_int_type", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.len_length", "equation_Spec.Hash.Definitions.sha2_alg", - "equation_Spec.Hash.Definitions.word_length", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", - "lemma_FStar.UInt.pow2_values", "lemma_Lib.IntTypes.v_mk_int", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", - "refinement_interpretation_Tm_refine_45de79b9bfd92937f3e5de19a3ca97cf", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", - "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", - "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_interpretation_Tm_refine_f643b9a14ebfdd130ac3fa14e021f656", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_FStar.UInt32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.pub_int_v", "typing_Lib.IntTypes.unsigned", - "typing_Prims.pow2", "typing_Spec.Hash.Definitions.block_length", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", "unit_typing" + "typing_Spec.Hash.Definitions.word_length" ], 0, - "2635e3787185b031d4e09ac55ea33f4a" + "92134cb0ee4bcd66627b4c0831593b4d" ], [ "Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks", 2, 0, 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "d7d6575d28e5aeec27cb62e930c6727b" + ], + [ + "Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks", + 3, + 0, + 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S64", - "constructor_distinct_Lib.IntTypes.S8", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "disc_equation_FStar.Pervasives.Native.None", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U128@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equation_Hacl.Spec.SHA2.size_k_w", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Hacl.Spec.SHA2.update_block", "equation_Hacl.Spec.SHA2.update_nblocks", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.length", - "equation_Lib.Sequence.lseq", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.length", "equation_Lib.Sequence.repeat_blocks_f", "equation_Lib.Sequence.seq", - "equation_Lib.Sequence.to_seq", "equation_Prims.nat", - "equation_Prims.pos", "equation_Spec.Hash.Definitions.block_length", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.extra_state", "equation_Spec.Hash.Definitions.is_sha2", - "equation_Spec.Hash.Definitions.len_int_type", - "equation_Spec.Hash.Definitions.max_input_length", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", "equation_Spec.Hash.Definitions.words_state", "equation_Spec.Hash.Definitions.words_state_", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "function_token_typing_Lib.IntTypes.uint8", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", - "lemma_FStar.Seq.Base.lemma_len_slice", - "lemma_FStar.UInt.pow2_values", "lemma_Lib.IntTypes.v_mk_int", - "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "projection_inverse_FStar.Pervasives.Native.Some_a", - "projection_inverse_FStar.Pervasives.Native.Some_v", - "refinement_interpretation_Tm_refine_11888fecf812f197898447624c24e106", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5eda2e166d6b590f3959f59d68af0750", "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", - "refinement_interpretation_Tm_refine_b9bf9d0f857340a8d758087374a41c06", - "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", - "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "token_correspondence_Hacl.Spec.SHA2.update", - "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", - "typing_Hacl.Spec.SHA2.size_k_w", "typing_Lib.IntTypes.mk_int", - "typing_Lib.Sequence.sub", "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length", - "typing_Spec.Hash.Definitions.word_length", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" + "typing_FStar.Seq.Base.length", + "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "71f2e68f4b300f29abf4e0c6a62fa086" + "fb9fd5a38c784fa065f979af7460f01e" ], [ "Hacl.Spec.SHA2.EquivScalar.append_pad_last_length_lemma", @@ -2261,7 +2229,7 @@ "typing_Spec.Hash.Definitions.max_input_length" ], 0, - "4e4e1f56972d3d3b2c37704ea55ea1a1" + "9c03705fc7418d658f90f603917ba98d" ], [ "Hacl.Spec.SHA2.EquivScalar.append_pad_last_length_lemma", @@ -2299,7 +2267,7 @@ "typing_Spec.Hash.Definitions.max_input_length" ], 0, - "341a2c3d58fb7d9ba69ad5c0bf3875af" + "1820b2e7aeeb6a11cee920bfa7abb9ff" ], [ "Hacl.Spec.SHA2.EquivScalar.load_last_lemma", @@ -2373,7 +2341,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "87b52eb5a14a79fa0ed1ee0dc6992c93" + "b3a5f1c4e5dbc71c7e177389ad28d7be" ], [ "Hacl.Spec.SHA2.EquivScalar.load_last_lemma", @@ -2412,7 +2380,7 @@ "typing_Spec.Hash.Definitions.max_input_length" ], 0, - "603db76d160342da892f62679605bd02" + "5070480c4c2bff347d94d93484e23355" ], [ "Hacl.Spec.SHA2.EquivScalar.load_last_lemma", @@ -2527,19 +2495,17 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "ad99adfd4098a6bf0034cf1293d3c21b" + "25d9d6604b3b8c1efc82d48939a7b1b7" ], [ - "Hacl.Spec.SHA2.EquivScalar.load_last_pad_lemma", + "Hacl.Spec.SHA2.EquivScalar.lemma_len_lt_max_a_mul_by_8", 1, 0, 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", @@ -2550,101 +2516,54 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "disc_equation_FStar.Pervasives.Native.None", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", - "equality_tok_Lib.IntTypes.PUB@tok", + "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U128@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.uint8", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", - "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", - "equation_Spec.Hash.Definitions.block_length", - "equation_Spec.Hash.Definitions.block_word_length", - "equation_Spec.Hash.Definitions.is_md", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_int_type", - "equation_Spec.Hash.Definitions.max_input_length", - "equation_Spec.Hash.Definitions.pad0_length", - "equation_Spec.Hash.Definitions.sha2_alg", - "equation_Spec.Hash.Definitions.word_length", - "function_token_typing_Lib.IntTypes.uint8", - "function_token_typing_Prims.int", - "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", - "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.IntTypes.v_mk_int", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.sha2_alg", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", - "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", - "refinement_interpretation_Tm_refine_45de79b9bfd92937f3e5de19a3ca97cf", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a7ae7259a82980fd2320414439f52b24", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", - "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", - "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", - "typing_Lib.IntTypes.unsigned", "typing_Lib.IntTypes.v", - "typing_Spec.Hash.Definitions.block_length", - "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length", - "typing_Spec.Hash.Definitions.word_length", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" + "typing_FStar.UInt32.uint_to_t", "typing_Hacl.Spec.SHA2.mk_len_t", + "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "6ad86954f86d64c26d5b31666760ecf9" + "72e410ae715a6e5cee7735e1cc21ff4f" ], [ - "Hacl.Spec.SHA2.EquivScalar.load_last_pad_lemma", + "Hacl.Spec.SHA2.EquivScalar.lemma_len_lt_max_a_mul_by_8", 2, 0, 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", - "equation_Prims.nat", "function_token_typing_Prims.int", - "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" - ], - 0, - "2610f547520af8a66736cc39894943e1" - ], - [ - "Hacl.Spec.SHA2.EquivScalar.load_last_pad_lemma", - 3, - 0, - 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.SEC", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", @@ -2655,29 +2574,196 @@ "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "constructor_distinct_Tm_unit", - "disc_equation_FStar.Pervasives.Native.None", "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", + "disc_equation_Spec.Hash.Definitions.SHA2_224", + "disc_equation_Spec.Hash.Definitions.SHA2_256", + "disc_equation_Spec.Hash.Definitions.SHA2_384", + "disc_equation_Spec.Hash.Definitions.SHA2_512", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", "equality_tok_Lib.IntTypes.U128@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_FStar.Seq.Base.op_At_Bar", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.numbytes", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt128.n", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Hacl.Spec.SHA2.mk_len_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.op_At_Percent_Dot", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.shiftval", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.lseq", - "equation_Lib.Sequence.seq", "equation_Lib.Sequence.to_seq", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Prims.nat", "equation_Prims.pos", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.len_int_type", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.less_than_max_input_length", + "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.sha2_alg", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.shift_left_lemma", "lemma_Lib.IntTypes.v_mk_int", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_3667fd6eabf06c7cb385f1857e7237ec", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_576183a4f8267f6296f94f4827351efd", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", + "refinement_interpretation_Tm_refine_d96d126280e4d44b4c6d27838df6e25f", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fffc918f3ac13711d39fee794fcdce53", + "typing_FStar.UInt.fits", "typing_FStar.UInt128.v", + "typing_FStar.UInt32.uint_to_t", "typing_Hacl.Spec.SHA2.mk_len_t", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.mk_int", + "typing_Lib.IntTypes.sec_int_v", "typing_Lib.IntTypes.secret", + "typing_Lib.IntTypes.shift_left", "typing_Lib.IntTypes.v", + "typing_Prims.pow2", "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.less_than_max_input_length", + "typing_Spec.Hash.Definitions.uu___is_SHA2_224", + "typing_Spec.Hash.Definitions.uu___is_SHA2_512", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", + "typing_tok_Lib.IntTypes.U128@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "df2433e42e9e61c93c7810a497f329b5" + ], + [ + "Hacl.Spec.SHA2.EquivScalar.load_last_pad_lemma", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U128@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.is_md", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.len_int_type", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.pad0_length", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.pow2_3", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_90af67ab52b0bbbd6188bde83a87bc86", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.uint_to_t", "typing_Hacl.Spec.SHA2.mk_len_t", + "typing_Lib.IntTypes.pub_int_v", + "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Lib.IntTypes.U32@tok" + ], + 0, + "efb10047ea37f2de3d89fddbd8159fb0" + ], + [ + "Hacl.Spec.SHA2.EquivScalar.load_last_pad_lemma", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "69e0792efd5236ea0dcd40921921e308" + ], + [ + "Hacl.Spec.SHA2.EquivScalar.load_last_pad_lemma", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U128@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Base.op_At_Bar", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Lib.Sequence.to_seq", "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.bytes", @@ -2685,7 +2771,6 @@ "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_int_type", "equation_Spec.Hash.Definitions.len_t", - "equation_Spec.Hash.Definitions.max_input_length", "equation_Spec.Hash.Definitions.nat_to_len", "equation_Spec.Hash.Definitions.pad0_length", "equation_Spec.Hash.Definitions.sha2_alg", @@ -2693,14 +2778,13 @@ "equation_Spec.Hash.PadFinish.pad", "equation_Spec.Hash.PadFinish.pad_md", "function_token_typing_Lib.IntTypes.uint8", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", - "lemma_FStar.Seq.Base.lemma_eq_elim", + "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", "lemma_FStar.Seq.Base.lemma_index_app1", "lemma_FStar.Seq.Base.lemma_index_app2", "lemma_FStar.Seq.Base.lemma_len_append", "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.shift_left_lemma", - "lemma_Lib.IntTypes.v_injective", "lemma_Lib.IntTypes.v_mk_int", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.v_injective", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", @@ -2709,42 +2793,31 @@ "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_2043fe1d818aaeaa104a717402baf403", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", - "refinement_interpretation_Tm_refine_3667fd6eabf06c7cb385f1857e7237ec", - "refinement_interpretation_Tm_refine_45de79b9bfd92937f3e5de19a3ca97cf", "refinement_interpretation_Tm_refine_472487d41973f0cb61dae82d55c2306c", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", "refinement_interpretation_Tm_refine_64007e4a8c187c3787ce4f8705e9db35", "refinement_interpretation_Tm_refine_669be302d36ca44361d06a8cf43c4c72", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_850fe300f875565a60c2c1ce43a6fda4", "refinement_interpretation_Tm_refine_8578def5d198588272dc248df6e36e4f", - "refinement_interpretation_Tm_refine_92e09cdbcd750dfba9a3a08bb0917dcc", - "refinement_interpretation_Tm_refine_97a5396f3da9f68385628f7ed86fe69d", - "refinement_interpretation_Tm_refine_a7ae7259a82980fd2320414439f52b24", + "refinement_interpretation_Tm_refine_90af67ab52b0bbbd6188bde83a87bc86", "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", + "refinement_interpretation_Tm_refine_bcf394c140b4160c830f8eea3a568468", "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_interpretation_Tm_refine_fffc918f3ac13711d39fee794fcdce53", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.op_At_Bar", - "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", - "typing_FStar.UInt32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.unsigned", "typing_Lib.IntTypes.v", - "typing_Lib.Sequence.to_seq", "typing_Prims.pow2", + "typing_FStar.UInt32.uint_to_t", "typing_Hacl.Spec.SHA2.mk_len_t", + "typing_Lib.IntTypes.pub_int_v", "typing_Lib.Sequence.to_seq", "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length", - "typing_Spec.Hash.Definitions.word_length", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "dafd1530598d62e4eb674337ac0f669b" + "a8e4e544d09f03fd996129642550e803" ], [ "Hacl.Spec.SHA2.EquivScalar.update_last_lemma", @@ -2756,9 +2829,7 @@ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "Lib.IntTypes_pretyping_d450aafb6f125538d0e96425faddef55", "Prims_pretyping_f8666440faa91836cc5a13998af863fc", "b2t_def", - "bool_inversion", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", + "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", @@ -2771,14 +2842,6 @@ "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Lib.IntTypes.inttype", "constructor_distinct_Prims.unit", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "constructor_distinct_Tm_unit", - "disc_equation_FStar.Pervasives.Native.None", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U128@tok", "equality_tok_Lib.IntTypes.U32@tok", @@ -2786,6 +2849,7 @@ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Hacl.Spec.SHA2.padded_blocks", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", @@ -2802,50 +2866,43 @@ "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_int_type", "equation_Spec.Hash.Definitions.len_length", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.len_t", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.int", "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", - "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", - "lemma_Lib.IntTypes.v_mk_int", "primitive_Prims.op_Addition", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0a319766f7b5a8764d7b48155798fe57", "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_3374008071a940d7bf1b5ca333a3fef3", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5a31b93ba3c7fad34bf5f4c94dc9e54e", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", "refinement_interpretation_Tm_refine_69a99d4a0db2941e686a77becc32bc56", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_8bea2569a76f982f82f6df876009dbe0", "refinement_interpretation_Tm_refine_9cf08ea3924cce0407272bab7df2f620", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", "refinement_interpretation_Tm_refine_eb32171c74bb02949aa6c90cfbac2b67", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.uint_to_t", - "typing_Lib.IntTypes.unsigned", "typing_Prims.pow2", - "typing_Spec.Hash.Definitions.block_length", + "typing_Hacl.Spec.SHA2.mk_len_t", "typing_Lib.IntTypes.numbytes", + "typing_Prims.pow2", "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length", - "typing_Spec.Hash.Definitions.word_length", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "unit_typing" + "typing_Spec.Hash.Definitions.word_length", "unit_typing" ], 0, - "0cc402c9b8f8c5e90a3d676736ece1c2" + "78175c3136dac97d9900c54e14a77362" ], [ "Hacl.Spec.SHA2.EquivScalar.update_last_lemma", @@ -2874,7 +2931,7 @@ "typing_Spec.Hash.Definitions.block_length" ], 0, - "44a7b098b641e7cab4b9c4c01cf1b837" + "b5e3e4c0af869ef72e7f1e6e88b30e89" ], [ "Hacl.Spec.SHA2.EquivScalar.update_last_lemma", @@ -2884,9 +2941,7 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", @@ -2897,37 +2952,33 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "constructor_distinct_Tm_unit", - "disc_equation_FStar.Pervasives.Native.None", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", - "equality_tok_Lib.IntTypes.PUB@tok", + "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U128@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Hacl.Spec.SHA2.padded_blocks", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.numbytes", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.length", - "equation_Lib.Sequence.lseq", "equation_Prims.nat", - "equation_Prims.pos", "equation_Spec.Hash.Definitions.block_length", + "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", + "equation_Lib.Sequence.seq", "equation_Prims.nat", + "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_int_type", "equation_Spec.Hash.Definitions.len_length", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.len_t", "equation_Spec.Hash.Definitions.sha2_alg", - "equation_Spec.Hash.Definitions.word_length", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", - "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", @@ -2935,20 +2986,17 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", - "refinement_interpretation_Tm_refine_415d9f15a679296ef4a273ce6085f29d", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_FStar.UInt32.uint_to_t", "typing_Lib.IntTypes.unsigned", - "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length" + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.uint_to_t", + "typing_Hacl.Spec.SHA2.mk_len_t", "typing_Lib.IntTypes.numbytes", + "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "9b69761a4080ad2404589a293f223ea9" + "45e12e1d0448088b942b496ed749872c" ], [ "Hacl.Spec.SHA2.EquivScalar.update_last_is_repeat_blocks_multi", @@ -3058,7 +3106,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" ], 0, - "eb8e9731ed1ba4cfb0ca016562ff1359" + "80f2bb4f336e01f0f8f218d027abd0e1" ], [ "Hacl.Spec.SHA2.EquivScalar.update_last_is_repeat_blocks_multi", @@ -3087,7 +3135,7 @@ "typing_Spec.Hash.Definitions.block_length" ], 0, - "2ae8e9b8632cc76266761d453b75ab22" + "0dcae7197a9231721370657392e05992" ], [ "Hacl.Spec.SHA2.EquivScalar.update_last_is_repeat_blocks_multi", @@ -3098,9 +3146,7 @@ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", + "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", @@ -3111,28 +3157,21 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", "equality_tok_Lib.IntTypes.U128@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", - "equation_FStar.Seq.Base.op_At_Bar", "equation_FStar.UInt.fits", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", "equation_Hacl.Spec.SHA2.block_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Hacl.Spec.SHA2.load_last", + "equation_Hacl.Spec.SHA2.mk_len_t", + "equation_Hacl.Spec.SHA2.num_rounds16", "equation_Hacl.Spec.SHA2.padded_blocks", + "equation_Hacl.Spec.SHA2.size_k_w", "equation_Hacl.Spec.SHA2.update_last", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.numbytes", @@ -3150,28 +3189,22 @@ "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_int_type", "equation_Spec.Hash.Definitions.len_length", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.len_t", "equation_Spec.Hash.Definitions.maxed_hash_alg", "equation_Spec.Hash.Definitions.md_alg", - "equation_Spec.Hash.Definitions.nat_to_len", "equation_Spec.Hash.Definitions.pad0_length", "equation_Spec.Hash.Definitions.pad_length", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", "equation_Spec.Hash.Definitions.words_state", - "equation_Spec.Hash.PadFinish.pad", - "equation_Spec.Hash.PadFinish.pad_md", "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "function_token_typing_Lib.IntTypes.uint8", "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "int_typing", - "lemma_FStar.Seq.Base.lemma_create_len", - "lemma_FStar.Seq.Base.lemma_eq_elim", + "int_inversion", "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", "lemma_FStar.Seq.Base.lemma_len_append", - "lemma_FStar.Seq.Base.lemma_len_slice", "lemma_FStar.Seq.Properties.slice_length", - "lemma_FStar.Seq.Properties.slice_slice", "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", @@ -3181,66 +3214,56 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", - "projection_inverse_FStar.Pervasives.Native.Some_a", - "projection_inverse_FStar.Pervasives.Native.Some_v", "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_11888fecf812f197898447624c24e106", - "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", "refinement_interpretation_Tm_refine_2043fe1d818aaeaa104a717402baf403", - "refinement_interpretation_Tm_refine_2182032b8ffb445c856acde128dfcc30", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_387e6d282145573240ab7b8a4b94cce5", "refinement_interpretation_Tm_refine_415d9f15a679296ef4a273ce6085f29d", - "refinement_interpretation_Tm_refine_45de79b9bfd92937f3e5de19a3ca97cf", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_576183a4f8267f6296f94f4827351efd", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", "refinement_interpretation_Tm_refine_6e296b6b449dd8fe1af30e0e60e4afd6", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7fc4e979700038338efb9b0ad24f2964", "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_850fe300f875565a60c2c1ce43a6fda4", "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", "refinement_interpretation_Tm_refine_b9bf9d0f857340a8d758087374a41c06", "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", "refinement_interpretation_Tm_refine_ccbef96ee6e044a9cf0b4353c2d1f06e", - "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_d96d126280e4d44b4c6d27838df6e25f", "refinement_interpretation_Tm_refine_dee0f34b44c44e6d512c6db0858b92ef", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", "refinement_interpretation_Tm_refine_e7c5f4e71af26642dc90739b89f6278e", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_interpretation_Tm_refine_f68b09e768068763d6aac8d1124307c0", "refinement_interpretation_Tm_refine_fc1f69e4229a94f85b0de30f1747a8d3", "token_correspondence_Hacl.Spec.SHA2.update", "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", - "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", - "typing_FStar.UInt32.v", "typing_Lib.ByteSequence.uint_to_bytes_be", - "typing_Lib.IntTypes.mk_int", "typing_Lib.IntTypes.secret", - "typing_Lib.IntTypes.v", "typing_Lib.Sequence.create", - "typing_Lib.Sequence.length", "typing_Lib.Sequence.sub", - "typing_Lib.Sequence.upd", "typing_Lib.Sequence.update_sub", - "typing_Prims.pow2", "typing_Spec.Hash.Definitions.block_length", - "typing_Spec.Hash.Definitions.is_md", + "typing_FStar.UInt32.uint_to_t", "typing_Hacl.Spec.SHA2.mk_len_t", + "typing_Hacl.Spec.SHA2.num_rounds16", + "typing_Lib.ByteSequence.uint_to_bytes_be", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.mk_int", + "typing_Lib.IntTypes.numbytes", "typing_Lib.IntTypes.secret", + "typing_Lib.IntTypes.shift_left", "typing_Lib.IntTypes.unsigned", + "typing_Lib.Sequence.create", "typing_Lib.Sequence.length", + "typing_Lib.Sequence.sub", "typing_Lib.Sequence.upd", + "typing_Lib.Sequence.update_sub", "typing_Prims.pow2", + "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.is_sha2", "typing_Spec.Hash.Definitions.len_int_type", "typing_Spec.Hash.Definitions.len_length", - "typing_Spec.Hash.Definitions.nat_to_len", "typing_Spec.Hash.Definitions.pad0_length", "typing_Spec.Hash.Definitions.word_length", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", - "typing_tok_Lib.IntTypes.U128@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b2bc6023c9791d5b5d6b1b6ccdf0af59" + "a7496115a4356714f68650b498252bc7" ], [ "Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks_multi", @@ -3250,90 +3273,65 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Lib.IntTypes_pretyping_d450aafb6f125538d0e96425faddef55", - "Prims_pretyping_f8666440faa91836cc5a13998af863fc", "bool_inversion", - "constructor_distinct_FStar.Pervasives.Native.Some", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Lib.IntTypes.inttype", - "constructor_distinct_Prims.unit", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "disc_equation_FStar.Pervasives.Native.None", - "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U128@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.length", - "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Spec.Hash.Definitions.block_length", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.length", + "equation_Lib.Sequence.seq", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.bytes", "equation_Spec.Hash.Definitions.is_md", "equation_Spec.Hash.Definitions.is_sha2", - "equation_Spec.Hash.Definitions.len_int_type", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.len_length", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", - "function_token_typing_Lib.IntTypes.uint8", "int_inversion", - "int_typing", "lemma_FStar.Pervasives.invertOption", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_typing", "lemma_FStar.Seq.Base.lemma_len_append", - "lemma_FStar.UInt.pow2_values", "lemma_Lib.IntTypes.v_mk_int", - "primitive_Prims.op_Addition", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_850fe300f875565a60c2c1ce43a6fda4", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", - "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", - "refinement_kinding_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_Lib.IntTypes.unsigned", - "typing_Spec.Hash.Definitions.block_length", - "typing_Spec.Hash.Definitions.is_sha2", - "typing_Spec.Hash.Definitions.max_input_length", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok", "unit_typing" + "typing_Spec.Hash.Definitions.is_sha2" ], 0, - "5b7d44d3f6063393e434ebeee8d2dc41" + "7b5e758e1748f816490daef1d2f81596" ], [ "Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks_multi", 2, 0, 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "a555ed9c30f303d82cb96a35c5b84678" + ], + [ + "Hacl.Spec.SHA2.EquivScalar.hash_is_repeat_blocks_multi", + 3, + 0, + 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", "constructor_distinct_Lib.IntTypes.S8", @@ -3344,23 +3342,16 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "disc_equation_FStar.Pervasives.Native.Some", - "disc_equation_Lib.IntTypes.PUB", - "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", "equality_tok_Lib.IntTypes.U128@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", "equation_FStar.Seq.Base.op_At_Bar", "equation_FStar.UInt.min_int", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.numbytes", - "equation_Lib.IntTypes.op_At_Percent_Dot", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", @@ -3372,8 +3363,8 @@ "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.len_int_type", "equation_Spec.Hash.Definitions.len_length", - "equation_Spec.Hash.Definitions.max_input_length", "equation_Spec.Hash.Definitions.maxed_hash_alg", + "equation_Spec.Hash.Definitions.md_alg", "equation_Spec.Hash.Definitions.nat_to_len", "equation_Spec.Hash.Definitions.pad0_length", "equation_Spec.Hash.Definitions.pad_length", @@ -3389,10 +3380,7 @@ "lemma_FStar.Seq.Base.lemma_index_slice", "lemma_FStar.Seq.Base.lemma_len_append", "lemma_FStar.Seq.Base.lemma_len_slice", - "lemma_FStar.Seq.Properties.slice_is_empty", - "lemma_FStar.Seq.Properties.slice_length", - "lemma_FStar.UInt.pow2_values", "lemma_Lib.IntTypes.pow2_3", - "lemma_Lib.IntTypes.v_mk_int", + "lemma_FStar.UInt.pow2_values", "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_Addition", "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", @@ -3401,13 +3389,14 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", "refinement_interpretation_Tm_refine_1bb461a94f2222e653284809986676f4", + "refinement_interpretation_Tm_refine_2043fe1d818aaeaa104a717402baf403", "refinement_interpretation_Tm_refine_2182032b8ffb445c856acde128dfcc30", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", "refinement_interpretation_Tm_refine_387e6d282145573240ab7b8a4b94cce5", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_576183a4f8267f6296f94f4827351efd", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", @@ -3415,35 +3404,30 @@ "refinement_interpretation_Tm_refine_923b1a2679a97ac121731e58ecb697a1", "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", - "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", - "refinement_interpretation_Tm_refine_b3fcac59602bf14430ac809b452796d0", - "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_e7c5f4e71af26642dc90739b89f6278e", "refinement_interpretation_Tm_refine_f68b09e768068763d6aac8d1124307c0", "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", - "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", - "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", "typing_Lib.ByteSequence.uint_to_bytes_be", - "typing_Lib.IntTypes.mk_int", "typing_Lib.IntTypes.secret", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.mk_int", + "typing_Lib.IntTypes.secret", "typing_Lib.IntTypes.unsigned", "typing_Lib.Sequence.length", "typing_Prims.pow2", "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.is_md", "typing_Spec.Hash.Definitions.is_sha2", "typing_Spec.Hash.Definitions.len_int_type", "typing_Spec.Hash.Definitions.len_length", "typing_Spec.Hash.Definitions.nat_to_len", + "typing_Spec.Hash.Definitions.pad0_length", "typing_Spec.Hash.Definitions.word_length", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", - "typing_tok_Lib.IntTypes.U128@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "0fac8040901476877f90b1c1a4801159" + "19ad6323c10d2badb5c7510aca9422f8" ], [ "Hacl.Spec.SHA2.EquivScalar.hash_agile_lemma", @@ -3459,35 +3443,53 @@ "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", "equation_Lib.Sequence.lseq", + "constructor_distinct_Lib.IntTypes.U8", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Lib.Sequence.length", "equation_Prims.eqtype", "equation_Prims.nat", "equation_Spec.Hash.Definitions.hash_length", "equation_Spec.Hash.Definitions.hash_word_length", "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.sha2_alg", - "equation_Spec.Hash.Definitions.word_length", "int_typing", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_typing", "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", - "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", - "typing_Spec.Hash.Definitions.word_length" + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "typing_Spec.Hash.Definitions.hash_word_length" ], 0, - "849d6241ffd2d65550f5e33cdc067ce6" + "ef67d4f82a757e179a31b1a5098bc55b" ], [ "Hacl.Spec.SHA2.EquivScalar.hash_agile_lemma", 2, 0, 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "14290f18b957c3d615444ecd8c9e8969" + ], + [ + "Hacl.Spec.SHA2.EquivScalar.hash_agile_lemma", + 3, + 0, + 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_BoxInt", - "constructor_distinct_FStar.Pervasives.Native.Some", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", @@ -3502,7 +3504,6 @@ "constructor_distinct_Spec.Hash.Definitions.SHA2_256", "constructor_distinct_Spec.Hash.Definitions.SHA2_384", "constructor_distinct_Spec.Hash.Definitions.SHA2_512", - "constructor_distinct_Tm_unit", "disc_equation_FStar.Pervasives.Native.Some", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.SEC@tok", @@ -3510,16 +3511,21 @@ "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equation_FStar.Seq.Base.op_At_Bar", "equation_Hacl.Spec.SHA2.h0", - "equation_Hacl.Spec.SHA2.hash", "equation_Hacl.Spec.SHA2.init", - "equation_Hacl.Spec.SHA2.num_rounds16", + "equation_FStar.Seq.Base.op_At_Bar", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.h0", "equation_Hacl.Spec.SHA2.hash", + "equation_Hacl.Spec.SHA2.init", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", "equation_Hacl.Spec.SHA2.padded_blocks", - "equation_Hacl.Spec.SHA2.size_k_w", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Lib.IntTypes.numbytes", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.shiftval", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Lib.Sequence.length", "equation_Lib.Sequence.lseq", + "equation_Lib.Sequence.seq", "equation_Lib.Sequence.to_seq", "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.Agile.Hash.hash", "equation_Spec.Agile.Hash.init", "equation_Spec.Hash.Definitions.block_length", @@ -3532,62 +3538,61 @@ "equation_Spec.Hash.Definitions.is_sha3", "equation_Spec.Hash.Definitions.len_int_type", "equation_Spec.Hash.Definitions.len_length", - "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.len_t", "equation_Spec.Hash.Definitions.maxed_hash_alg", - "equation_Spec.Hash.Definitions.md_alg", - "equation_Spec.Hash.Definitions.nat_to_len", "equation_Spec.Hash.Definitions.pad0_length", "equation_Spec.Hash.Definitions.pad_length", "equation_Spec.Hash.Definitions.sha2_alg", "equation_Spec.Hash.Definitions.word_length", - "equation_Spec.Hash.PadFinish.pad", - "equation_Spec.Hash.PadFinish.pad_md", "equation_Spec.SHA2.h0", - "equation_Spec.SHA2.init", + "equation_Spec.SHA2.h0", "equation_Spec.SHA2.init", "function_token_typing_Lib.IntTypes.uint8", "int_inversion", - "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", - "lemma_FStar.Seq.Base.lemma_len_append", - "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "projection_inverse_FStar.Pervasives.Native.Some_a", - "projection_inverse_FStar.Pervasives.Native.Some_v", "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", - "refinement_interpretation_Tm_refine_2043fe1d818aaeaa104a717402baf403", - "refinement_interpretation_Tm_refine_2182032b8ffb445c856acde128dfcc30", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_387e6d282145573240ab7b8a4b94cce5", + "refinement_interpretation_Tm_refine_415d9f15a679296ef4a273ce6085f29d", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_576183a4f8267f6296f94f4827351efd", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7fc4e979700038338efb9b0ad24f2964", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_850fe300f875565a60c2c1ce43a6fda4", "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", + "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", - "refinement_interpretation_Tm_refine_e7c5f4e71af26642dc90739b89f6278e", - "refinement_interpretation_Tm_refine_f68b09e768068763d6aac8d1124307c0", + "refinement_interpretation_Tm_refine_d96d126280e4d44b4c6d27838df6e25f", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fc1f69e4229a94f85b0de30f1747a8d3", "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", - "typing_FStar.Seq.Base.length", "typing_Hacl.Spec.SHA2.num_rounds16", + "typing_FStar.UInt32.uint_to_t", "typing_Hacl.Spec.SHA2.mk_len_t", "typing_Lib.ByteSequence.uint_to_bytes_be", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.mk_int", - "typing_Lib.IntTypes.secret", "typing_Lib.IntTypes.unsigned", - "typing_Prims.pow2", "typing_Spec.Hash.Definitions.is_md", + "typing_Lib.IntTypes.secret", "typing_Lib.IntTypes.shift_left", + "typing_Lib.IntTypes.unsigned", "typing_Lib.Sequence.create", + "typing_Lib.Sequence.length", "typing_Prims.pow2", + "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.is_md", "typing_Spec.Hash.Definitions.is_sha2", "typing_Spec.Hash.Definitions.len_int_type", - "typing_Spec.Hash.Definitions.len_length", - "typing_Spec.Hash.Definitions.nat_to_len", - "typing_Spec.Hash.Definitions.pad0_length", "typing_Spec.Hash.Definitions.word_length", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", - "typing_tok_Lib.IntTypes.U128@tok", "typing_tok_Lib.IntTypes.U8@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "519106a436039a76a042051f89818333" + "8647bc5dec2fe32b7955fd3bd6bde235" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Spec.SHA2.EquivScalar.fsti.hints b/hints/Hacl.Spec.SHA2.EquivScalar.fsti.hints index bd468cfd92..fcbb883238 100644 --- a/hints/Hacl.Spec.SHA2.EquivScalar.fsti.hints +++ b/hints/Hacl.Spec.SHA2.EquivScalar.fsti.hints @@ -1,5 +1,5 @@ [ - "Çfôš¾Ó\u0007\fVÿÞö|nÿƒ", + "p\u0003rñ§t9¦È¼\u000f\u001f·2Ã", [ [ "Hacl.Spec.SHA2.EquivScalar.hash_agile_lemma", @@ -15,24 +15,29 @@ "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", "equation_Lib.Sequence.lseq", + "constructor_distinct_Lib.IntTypes.U8", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Lib.Sequence.length", "equation_Prims.eqtype", "equation_Prims.nat", "equation_Spec.Hash.Definitions.hash_length", "equation_Spec.Hash.Definitions.hash_word_length", "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.sha2_alg", - "equation_Spec.Hash.Definitions.word_length", "int_typing", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_typing", "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_460ce49837473aafb58331137146734e", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6297485be64bb40865d67533878b6d3a", - "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", - "typing_Spec.Hash.Definitions.word_length" + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "typing_Spec.Hash.Definitions.hash_word_length" ], 0, - "c56329097c13b02a9feaea9fedcbfc63" + "b6e9065b91642d1358b72991b3acd8c3" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Streaming.MD.fst.hints b/hints/Hacl.Streaming.MD.fst.hints index 0b28afc6e9..6de6e55203 100644 --- a/hints/Hacl.Streaming.MD.fst.hints +++ b/hints/Hacl.Streaming.MD.fst.hints @@ -1,5 +1,5 @@ [ - "//\u000f8ä~äãåÑOê\u0002lŸ®", + "ýCk‹¹\u000fìPf\u0016L\u001a´\u0012\u0013=", [ [ "Hacl.Streaming.MD.max_input_len64", @@ -100,7 +100,7 @@ "typing_tok_Spec.Hash.Definitions.SHA3_256@tok" ], 0, - "fe2cc3678a2362dc12c22a6975a11844" + "1d5e84639ff1f30a282674ca42aa5f47" ], [ "Hacl.Streaming.MD.uu___22", @@ -109,7 +109,28 @@ 0, [ "@query" ], 0, - "eb47db683b5f4ea5a8994f423f7656f2" + "4d74f31a63c60cafae02c6d824f8f10c" + ], + [ + "Hacl.Streaming.MD.word", + 1, + 0, + 0, + [ "@query", "projection_inverse_BoxBool_proj_0" ], + 0, + "41d658dcbd456803b12aeeae9a816ef1" + ], + [ + "Hacl.Streaming.MD.coerce", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_754b00004f4a881ff74d076ab276dfe1" + ], + 0, + "b5b8420cb8532ea66d8f5f93e9d99f95" ], [ "Hacl.Streaming.MD.init_elem", @@ -119,7 +140,7 @@ [ "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "constructor_distinct_FStar.Integers.W16", + "bool_inversion", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", @@ -135,17 +156,9 @@ "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Spec.Hash.Definitions.MD5", "constructor_distinct_Spec.Hash.Definitions.SHA1", - "constructor_distinct_Spec.Hash.Definitions.SHA2_224", - "constructor_distinct_Spec.Hash.Definitions.SHA2_256", - "constructor_distinct_Spec.Hash.Definitions.SHA2_384", - "constructor_distinct_Spec.Hash.Definitions.SHA2_512", "constructor_distinct_Spec.Hash.Definitions.SHA3_256", "disc_equation_Spec.Hash.Definitions.MD5", "disc_equation_Spec.Hash.Definitions.SHA1", - "disc_equation_Spec.Hash.Definitions.SHA2_224", - "disc_equation_Spec.Hash.Definitions.SHA2_256", - "disc_equation_Spec.Hash.Definitions.SHA2_384", - "disc_equation_Spec.Hash.Definitions.SHA2_512", "disc_equation_Spec.Hash.Definitions.SHA3_256", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", @@ -158,19 +171,17 @@ "equality_tok_Lib.IntTypes.U8@tok", "equality_tok_Spec.Hash.Definitions.MD5@tok", "equality_tok_Spec.Hash.Definitions.SHA1@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", - "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", "equality_tok_Spec.Hash.Definitions.SHA3_256@tok", "equation_Hacl.Streaming.MD.alg", - "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.bits", + "equation_Hacl.Streaming.MD.uu___22", + "equation_Hacl.Streaming.MD.word", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", "equation_Prims.pos", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.word", "equation_Spec.Hash.Definitions.word_t", "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", @@ -182,249 +193,2377 @@ "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_b47cabb890633249ae7f38d35cac724e", + "refinement_interpretation_Tm_refine_bcfd4f09500dfb41a9241811296b15aa", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Lib.IntTypes.bits", "typing_Prims.pow2", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "1214ce80b68662274aa104fe2ceecaa5" + ], + [ + "Hacl.Streaming.MD.sha2_mb_state", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "66eca1f223eb799dd14770603e4b3892" + ], + [ + "Hacl.Streaming.MD.uu___34", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "53d6cc6f901abdb56dcf833241435410" + ], + [ + "Hacl.Streaming.MD.multiseq_is_seq", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.NTuple.ntuple", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_Equality", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "a31f3a8f05426d0f62a739d19740cf12" + ], + [ + "Hacl.Streaming.MD.multiseq_hash_is_hash", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.NTuple.ntuple", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Prims.__cache_version_number__", + "primitive_Prims.op_Equality", "primitive_Prims.op_Multiply", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.hash_word_length", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "d93b9c7322924bf1dbfaee6276190f9f" + ], + [ + "Hacl.Streaming.MD.multibuf_is_buf", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_Lib.MultiBuffer.multibuf", "equation_Lib.NTuple.ntuple", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_Prims.__cache_version_number__", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "0a7d1877f6e1cdc5e9f42ed97527edce" + ], + [ + "Hacl.Streaming.MD.lib_of_agile", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Lib.IntTypes.uint8", + "equation_Prims.nat", "equation_Prims.op_Equals_Equals_Equals", + "equation_Spec.Hash.Definitions.bytes", + "equation_Spec.Hash.Definitions.bytes_hash", + "function_token_typing_Lib.IntTypes.uint8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_b3e3751c3894f166dfde09b500dd73a6", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_FStar.Seq.Base.length" + ], + 0, + "68c1de44c14ea37f3da4f5887d563092" + ], + [ + "Hacl.Streaming.MD.agile_of_lib", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Hacl.Streaming.MD.alg", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", + "primitive_Prims.op_Multiply", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.hash_word_length", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2" + ], + 0, + "593e5cae2e95137e2835b66ca8a35592" + ], + [ + "Hacl.Streaming.MD.agile_of_lib", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Lib.IntTypes.uint8", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", + "equation_Spec.Hash.Definitions.bytes", + "equation_Spec.Hash.Definitions.bytes_hash", + "equation_Spec.Hash.Definitions.hash_length", + "function_token_typing_Lib.IntTypes.uint8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_b3e3751c3894f166dfde09b500dd73a6", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_FStar.Seq.Base.length" + ], + 0, + "d74886ff43fed74e1aa4dc2e70b32052" + ], + [ + "Hacl.Streaming.MD.lib_of_buffer", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "ec58edccb903b07a359859448d3f44b9" + ], + [ + "Hacl.Streaming.MD.buffer_of_lib", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "0016199d0b205fcb0150af8d7f60cef9" + ], + [ + "Hacl.Streaming.MD.buffer_of_lib", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7c58b901d7392692732c0cc241452d2a", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "f3b0ab36f0e8ef45f67bc05f5bfd0d0f" + ], + [ + "Hacl.Streaming.MD.state_t", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Hash.Definitions.get_alg", + "equation_Hacl.Hash.Definitions.impl_state_length", + "equation_Hacl.Hash.Definitions.m_spec", + "equation_Hacl.Streaming.MD.alg", + "equation_Hacl.Streaming.MD.uu___22", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.state_word_length", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Hacl.Streaming.MD.uu___22", + "inversion-interp", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Prims.Mkdtuple2__1", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "unit_typing" + ], + 0, + "5e008cc104bc3e02ecc625c7ae8b7219" + ], + [ + "Hacl.Streaming.MD.eq_word_element", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equation_Hacl.Streaming.MD.alg", "equation_Hacl.Streaming.MD.word", + "equation_Spec.Hash.Definitions.is_sha2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_Spec.Hash.Definitions.is_sha2" + ], + 0, + "43195e6160cee7e3fea67a33a874d896" + ], + [ + "Hacl.Streaming.MD.eq_length_lib_state", + 1, + 0, + 0, + [ "@query" ], + 0, + "71c468dba44334fce3e2c07239597718" + ], + [ + "Hacl.Streaming.MD.eq_length_lib_state", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "FStar.UInt32_pretyping_2ab3c8ba2d08b0172817fc70b5994868", + "bool_inversion", "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.MD5", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Hash.Definitions.get_alg", + "equation_Hacl.Hash.Definitions.impl_state_len", + "equation_Hacl.Hash.Definitions.m_spec", + "equation_Hacl.Spec.SHA2.Vec.element_t", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eq2", + "equation_Prims.squash", "equation_Prims.subtype_of", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "lemma_FStar.UInt32.uv_inv", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Prims.Mkdtuple2__1", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_eb2718c41c612a53598b1ff9060f2e81", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", "unit_typing" + ], + 0, + "04d36dc4822368e1fac9d88796980a87" + ], + [ + "Hacl.Streaming.MD.lib_of_state", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Hash.Definitions.get_alg", + "equation_Hacl.Hash.Definitions.impl_state_len", + "equation_Hacl.Hash.Definitions.m_spec", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.unsigned", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Prims.Mkdtuple2__1", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", "unit_typing" + ], + 0, + "a90da6dff569fbcb7075d87dd9d759c1" + ], + [ + "Hacl.Streaming.MD.update_multi_s", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Hacl.Streaming.MD.alg", + "equation_Hacl.Streaming.MD.uu___22", + "equation_Lib.IntTypes.unsigned", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_blake", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Hacl.Streaming.MD.uu___22", + "inversion-interp", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "unit_typing" + ], + 0, + "c295c79a4f8727eb2ce8bd49612f53f5" + ], + [ + "Hacl.Streaming.MD.update_multi_zero", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.pattern", + "equation_Hacl.Streaming.MD.alg", + "equation_Hacl.Streaming.MD.update_multi_s", + "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Prims.squash", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.word_length", + "equation_Spec.Hash.Definitions.words_state", + "equation_Spec.Hash.Definitions.words_state_", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_FStar.Pervasives.pattern", + "function_token_typing_Hacl.Streaming.MD.uu___22", "int_inversion", + "inversion-interp", "lemma_Spec.Hash.Lemmas.update_multi_zero", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.extra_state", + "typing_Spec.Hash.Definitions.words_state_", "unit_typing" + ], + 0, + "a2f559bb53a16ef108c1bd568a1560a2" + ], + [ + "Hacl.Streaming.MD.multiseq_empty", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df" + ], + 0, + "4859f3036434dfa1d0d97ace139cc55a" + ], + [ + "Hacl.Streaming.MD.update_multi_associative", + 1, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA3_256@tok", + "equation_FStar.Pervasives.Native.fst", + "equation_Hacl.Hash.Definitions.block_len", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.alg", + "equation_Hacl.Streaming.MD.update_multi_s", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.bytes", + "equation_Spec.Hash.Definitions.bytes_blocks", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.state_word_length", + "equation_Spec.Hash.Definitions.word_length", + "equation_Spec.Hash.Definitions.words_state", + "equation_Spec.Hash.Definitions.words_state_", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Spec.Hash.Incremental.sha3_state_is_hash_state", + "int_inversion", "primitive_Prims.op_Multiply", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", + "refinement_interpretation_Tm_refine_b2f1e72a50166a01f536a5c97d0395aa", + "refinement_interpretation_Tm_refine_db403e8c2026d79b452c0dc021b7ff93", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f7a8f8340b3c54b659acfc982cbf3004", + "typing_Hacl.Hash.Definitions.block_len", "typing_Lib.IntTypes.v", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.Agile.Hash.update_multi", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", + "unit_inversion", "unit_typing" + ], + 0, + "f836b986f070e241988b9db7571564c6" + ], + [ + "Hacl.Streaming.MD.update_nblocks_vec_m32_is_repeat_blocks_multi", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.lseq", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.length", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Prims.__cache_version_number__", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Equality", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5586545be0eec16cc66a215f21bed3b7", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_6e5a6d6c0b828b75fe667c617fb6b8c1", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "unit_typing" + ], + 0, + "d8be5a4040a959e1f60e9801d9d6fc62" + ], + [ + "Hacl.Streaming.MD.update_nblocks_vec_m32_is_repeat_blocks_multi", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word_length", + "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a" + ], + 0, + "84114da49b5eefeda885b5154076e42c" + ], + [ + "Hacl.Streaming.MD.update_nblocks_vec_m32_is_repeat_blocks_multi", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_FStar.Seq.Properties.lseq", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.NTuple.ntuple", "equation_Lib.NTuple.tup1", + "equation_Lib.Sequence.length", "equation_Prims.nat", + "equation_Prims.squash", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.word_length", + "equation_Spec.Hash.Definitions.words_state", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Hacl.Streaming.MD.uu___22", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", "int_typing", + "inversion-interp", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5586545be0eec16cc66a215f21bed3b7", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_6e5a6d6c0b828b75fe667c617fb6b8c1", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Pervasives.Native.snd", "typing_FStar.Seq.Base.length", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.extra_state", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.words_state_", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "unit_inversion", + "unit_typing" + ], + 0, + "21001387cb8549aed56ed9478f0d3b66" + ], + [ + "Hacl.Streaming.MD.state_spec_v_extensionality", + 1, + 0, + 0, + [ "@query" ], + 0, + "7a657876b270170e8679f1491d252765" + ], + [ + "Hacl.Streaming.MD.state_spec_v_extensionality", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_44bb45ed5c2534b346e0f58ea5033251", + "Hacl.Spec.SHA2.Vec_interpretation_Tm_arrow_83f694799cf94a571de5c65690a6187c", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "bool_inversion", "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Hacl.Spec.SHA2.Vec.element_t", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.lanes_t", + "equation_Hacl.Spec.SHA2.Vec.state_spec", + "equation_Hacl.Spec.SHA2.Vec.state_spec_v", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntVector.vec_v_t", + "equation_Lib.IntVector.width", "equation_Lib.Sequence.lseq", + "equation_Lib.Sequence.seq", "equation_Lib.Sequence.to_seq", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.state_word_length", + "equation_Spec.Hash.Definitions.word_t", "int_inversion", + "int_typing", + "interpretation_Tm_abs_99be2ae8834c450abbf2e67dfe8a645e", + "lemma_FStar.UInt.pow2_values", "lemma_Lib.Sequence.create8_lemma", + "lemma_Lib.Sequence.eq_elim", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_26d768cc241c6628db9e0d45d45d9136", + "refinement_interpretation_Tm_refine_2a5b7b8b7ab8a787193d47e8e0ed3bb5", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_335e5bfc9edee38d58c934e23a4de7eb", + "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5d7fc65a01f63f2bc577298c179f855a", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_945f2963e964dbe59ae9f47947f9c58a", + "refinement_interpretation_Tm_refine_abbfe228c7a3d1ae1f16ed243e0e6a67", + "refinement_interpretation_Tm_refine_bb718e95348d377a39b80a7b07e6a724", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", + "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_dee0f34b44c44e6d512c6db0858b92ef", + "refinement_interpretation_Tm_refine_e1c762389524104622d94627274f4095", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "refinement_interpretation_Tm_refine_f329878e92bb1efc120000057d7014bb", + "typing_FStar.Seq.Base.length", + "typing_Hacl.Spec.SHA2.Vec.element_t", + "typing_Hacl.Spec.SHA2.Vec.lanes", "typing_Hacl.Spec.SHA2.Vec.word", + "typing_Hacl.Spec.SHA2.Vec.words_state_", + "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.unsigned", + "typing_Lib.IntVector.vec_v", "typing_Lib.Sequence.createi", + "typing_Lib.Sequence.index", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.word_t", + "typing_Tm_abs_99be2ae8834c450abbf2e67dfe8a645e", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "46ebf95e42048cb9a0ee2a2efa4a37be" + ], + [ + "Hacl.Streaming.MD.repeati_associative", + 1, + 0, + 0, + [ "@query" ], + 0, + "3dc64c1ac0666b01fd140e53cbedfa29" + ], + [ + "Hacl.Streaming.MD.repeati_associative", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.block_len", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.alg", + "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.NTuple.ntuple", + "equation_Lib.Sequence.length", "equation_Lib.Sequence.seq", + "equation_Prims.nat", "equation_Prims.pos", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.less_than_max_input_length", + "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.state_word_length", + "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.word_length", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Hacl.Streaming.MD.uu___22", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "inversion-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Some_v", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3afc7df83deea37c7d951e1c67f92d4c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_74ba29dbdc96ba85f934753ae27cd62c", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_dd4ba748f1eb344a711cf60afecbc735", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.block_len", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.pub_int_v", "typing_Lib.Sequence.length", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", + "unit_typing" + ], + 0, + "729644eede3d163391708a2351b98dea" + ], + [ + "Hacl.Streaming.MD.hash_vec_m32_is_repeat_blocks", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.lseq", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.length", + "equation_Prims.nat", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.word_length", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Hacl.Streaming.MD.uu___22", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "inversion-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "typing_FStar.Seq.Base.length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", "unit_typing" + ], + 0, + "f858015a2dcccbf77558086c2231620c" + ], + [ + "Hacl.Streaming.MD.hash_vec_m32_is_repeat_blocks", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_Lib.IntTypes.U1", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Seq.Properties.lseq", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Hacl.Spec.SHA2.mk_len_t", "equation_Hacl.Spec.SHA2.update", + "equation_Hacl.Spec.SHA2.update_last", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.NTuple.ntuple", "equation_Lib.NTuple.tup1", + "equation_Lib.Sequence.length", "equation_Prims.nat", + "equation_Prims.squash", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.word_length", + "equation_Spec.Hash.Definitions.words_state", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", + "function_token_typing_Hacl.Streaming.MD.uu___22", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "inversion-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_6e5a6d6c0b828b75fe667c617fb6b8c1", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_e1bc4e39c23f93224b85439ca4e691b9", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", + "unit_typing" + ], + 0, + "e73da7d1ce5877de7fd5ce54b6607f66" + ], + [ + "Hacl.Streaming.MD.update_nblocks_with_last_sliced", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.lseq", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.less_than_max_input_length", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_dbad65e5a25b5b0e91211f25a785ddb4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.less_than_max_input_length", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "d284f7afc5349275fc055552cd98a26e" + ], + [ + "Hacl.Streaming.MD.update_nblocks_with_last_sliced", + 2, + 0, + 0, + [ "@query" ], + 0, + "9ee1cf808d98371ef1ae2c477e71b675" + ], + [ + "Hacl.Streaming.MD.update_nblocks_with_last_sliced", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "constructor_distinct_FStar.Integers.W128", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.SEC", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_FStar.Integers.W128@tok", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U128@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.Vec.element_t", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Spec.SHA2.Vec.padded_blocks", + "equation_Hacl.Spec.SHA2.Vec.state_spec", + "equation_Hacl.Spec.SHA2.Vec.word", + "equation_Hacl.Spec.SHA2.Vec.words_state_", + "equation_Hacl.Spec.SHA2.block_t", + "equation_Hacl.Spec.SHA2.len_lt_max_a_t", + "equation_Hacl.Spec.SHA2.load_last", + "equation_Hacl.Spec.SHA2.mk_len_t", + "equation_Hacl.Spec.SHA2.padded_blocks", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.numbytes", + "equation_Lib.IntTypes.op_At_Percent_Dot", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.shiftval", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.NTuple.ntuple", + "equation_Lib.NTuple.tup1", "equation_Lib.Sequence.length", + "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Lib.Sequence.to_seq", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.len_int_type", + "equation_Spec.Hash.Definitions.len_length", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.less_than_max_input_length", + "equation_Spec.Hash.Definitions.maxed_hash_alg", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.state_word_length", + "equation_Spec.Hash.Definitions.word", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.shift_left_lemma", + "lemma_Lib.IntTypes.v_mk_int", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_11888fecf812f197898447624c24e106", + "refinement_interpretation_Tm_refine_1c9cac51889f899e39ced4f16d2a528b", + "refinement_interpretation_Tm_refine_26b40771b28c68a04dd26659aed72022", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_3667fd6eabf06c7cb385f1857e7237ec", + "refinement_interpretation_Tm_refine_387e6d282145573240ab7b8a4b94cce5", + "refinement_interpretation_Tm_refine_415d9f15a679296ef4a273ce6085f29d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_576183a4f8267f6296f94f4827351efd", + "refinement_interpretation_Tm_refine_579453b00c862fadd52ac79527f2e94b", + "refinement_interpretation_Tm_refine_60490cbbf9fe23e8a5ead0e152a97b26", + "refinement_interpretation_Tm_refine_634f4775e66c4394b62c104716e17745", + "refinement_interpretation_Tm_refine_6e296b6b449dd8fe1af30e0e60e4afd6", + "refinement_interpretation_Tm_refine_7a2b7732e22da2c28e6df1e51a7874f3", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_b9bf9d0f857340a8d758087374a41c06", + "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", + "refinement_interpretation_Tm_refine_ccbef96ee6e044a9cf0b4353c2d1f06e", + "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_d96d126280e4d44b4c6d27838df6e25f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_dee0f34b44c44e6d512c6db0858b92ef", + "refinement_interpretation_Tm_refine_def2e040c30808fdfb69d60ec25eb78f", + "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fc1f69e4229a94f85b0de30f1747a8d3", + "refinement_interpretation_Tm_refine_fffc918f3ac13711d39fee794fcdce53", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt64.v", "typing_Hacl.Spec.SHA2.Vec.element_t", + "typing_Hacl.Spec.SHA2.Vec.padded_blocks", + "typing_Hacl.Spec.SHA2.Vec.word", + "typing_Lib.ByteSequence.uint_to_bytes_be", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.mk_int", "typing_Lib.IntTypes.secret", + "typing_Lib.IntTypes.shift_left", "typing_Lib.IntTypes.v", + "typing_Lib.Sequence.create", "typing_Lib.Sequence.sub", + "typing_Lib.Sequence.upd", "typing_Lib.Sequence.update_sub", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.len_int_type", + "typing_Spec.Hash.Definitions.len_length", + "typing_Spec.Hash.Definitions.less_than_max_input_length", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.SEC@tok", + "typing_tok_Lib.IntTypes.U128@tok", + "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok", + "unit_typing" + ], + 0, + "9f8247cccc9a669eb796eb531d5a6899" + ], + [ + "Hacl.Streaming.MD.lemma_split_at_last_lazy", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.split", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", + "equation_Lib.UpdateMulti.split_at_last_lazy", + "equation_Lib.UpdateMulti.uint8", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", "int_inversion", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4e60b1c7def32a01aedbcd10bc8538aa", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ee39f9357cbd63bb5cf348fb8515eff7", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_Lib.UpdateMulti.split_at_last_lazy_nb_rem", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "cc3263dfc7319e4b4afb615739be9d72" + ], + [ + "Hacl.Streaming.MD.update_last_one_block", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.lseq", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.NTuple.ntuple", + "equation_Prims.nat", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Multiply", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_FStar.Seq.Base.length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "9938c934a0c47b0b2cce9b4d66e04525" + ], + [ + "Hacl.Streaming.MD.sub_update_sub", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Lib.Sequence.to_seq", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_Lib.Sequence.eq_elim", "lemma_Lib.Sequence.eq_intro", + "primitive_Prims.op_Addition", "primitive_Prims.op_BarBar", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0b72b617030921a422a8020811c2f320", + "refinement_interpretation_Tm_refine_11888fecf812f197898447624c24e106", + "refinement_interpretation_Tm_refine_168ba734386141cfed2015802f4c2d27", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_443fc7b8c585204994d3ead35c0ecc3d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5ed0c3a9ee0a94becb9596183bb88bd6", + "refinement_interpretation_Tm_refine_6f61b02c4ee9bcfdeb12c56819cff15d", + "refinement_interpretation_Tm_refine_830b94bd5a990880f200107e5a7902bd", + "refinement_interpretation_Tm_refine_970dae042e74dc6c85f833481c0002bf", + "refinement_interpretation_Tm_refine_b9bf9d0f857340a8d758087374a41c06", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", + "refinement_interpretation_Tm_refine_ccbef96ee6e044a9cf0b4353c2d1f06e", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_dee0f34b44c44e6d512c6db0858b92ef", + "refinement_interpretation_Tm_refine_e462e74de4b15d552210d01e7702c23e", + "refinement_interpretation_Tm_refine_f329878e92bb1efc120000057d7014bb", + "typing_Lib.Sequence.sub", "typing_Lib.Sequence.to_seq", + "typing_Lib.Sequence.update_sub", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "f7a918013f232a5dd12c4c29964089c2" + ], + [ + "Hacl.Streaming.MD.update_last_one_block", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Hacl.Streaming.MD.alg", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.word_length", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "typing_Spec.Hash.Definitions.word_length" + ], + 0, + "15406fcb03dbfd5c969808859c5447ee" + ], + [ + "Hacl.Streaming.MD.update_last_one_block", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_44bb45ed5c2534b346e0f58ea5033251", + "Hacl.Spec.SHA2.Vec_interpretation_Tm_arrow_c2d296fde0b122ceadac8ae3326fbc9e", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "constructor_distinct_FStar.Integers.W128", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W128@tok", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U128@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Spec.SHA2.Vec.element_t", + "equation_Hacl.Spec.SHA2.Vec.get_multiblock_spec", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.load_last1", + "equation_Hacl.Spec.SHA2.Vec.load_last_blocks", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Spec.SHA2.Vec.padded_blocks", + "equation_Hacl.Spec.SHA2.Vec.state_spec", + "equation_Hacl.Spec.SHA2.Vec.update_block", + "equation_Hacl.Spec.SHA2.Vec.update_last", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.numbytes", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.shiftval", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.NTuple.ntup1", + "equation_Lib.NTuple.ntuple", "equation_Lib.NTuple.tup1", + "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", + "equation_Lib.Sequence.to_seq", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.len_int_type", + "equation_Spec.Hash.Definitions.len_length", + "equation_Spec.Hash.Definitions.len_t", + "equation_Spec.Hash.Definitions.maxed_hash_alg", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_18402e046ed836be65b3e210152dcb0d", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.upd_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_Lib.NTuple.createi_lemma", "lemma_Lib.NTuple.eq_elim", + "lemma_Lib.Sequence.eq_elim", "lemma_Lib.Sequence.eq_intro", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_003102fad14c40530c58b9f09342f292", + "refinement_interpretation_Tm_refine_0670f5e0e1e9b088474a62946a59f628", + "refinement_interpretation_Tm_refine_0b72b617030921a422a8020811c2f320", + "refinement_interpretation_Tm_refine_0ca46d94042fcc13e1dbb5a197aa184d", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_11888fecf812f197898447624c24e106", + "refinement_interpretation_Tm_refine_168ba734386141cfed2015802f4c2d27", + "refinement_interpretation_Tm_refine_2196200fa65a1c3cedf51279e6b39308", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_39074a49018746b04bb6fca6a7270d95", + "refinement_interpretation_Tm_refine_40d595f4cf0396b96a55339b206724ba", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_415d9f15a679296ef4a273ce6085f29d", + "refinement_interpretation_Tm_refine_4481d2c0d5fc80bcc1121676bc10c8ac", + "refinement_interpretation_Tm_refine_473129284344448f7ef70a4944eaf724", + "refinement_interpretation_Tm_refine_4796c61e704173565ccbf999ad4d3a42", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_5d7fc65a01f63f2bc577298c179f855a", + "refinement_interpretation_Tm_refine_6265a3b25982ced026b727e1d351c225", + "refinement_interpretation_Tm_refine_6d05d37f10f7d850c6dce2628205f339", + "refinement_interpretation_Tm_refine_6e296b6b449dd8fe1af30e0e60e4afd6", "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", - "refinement_interpretation_Tm_refine_b47cabb890633249ae7f38d35cac724e", - "refinement_interpretation_Tm_refine_bcfd4f09500dfb41a9241811296b15aa", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_90af67ab52b0bbbd6188bde83a87bc86", + "refinement_interpretation_Tm_refine_9cf08ea3924cce0407272bab7df2f620", + "refinement_interpretation_Tm_refine_9d3fd79fd314167f1a9c213a188da3ec", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_b9bf9d0f857340a8d758087374a41c06", + "refinement_interpretation_Tm_refine_bb718e95348d377a39b80a7b07e6a724", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", + "refinement_interpretation_Tm_refine_caefe922bff8599962b24916e66a20de", + "refinement_interpretation_Tm_refine_ccbef96ee6e044a9cf0b4353c2d1f06e", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d8d83307254a8900dd20598654272e42", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Lib.IntTypes.bits", "typing_Prims.pow2", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + "refinement_interpretation_Tm_refine_dee0f34b44c44e6d512c6db0858b92ef", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e0734590c99f1dd12d6b61e44400f8f0", + "refinement_interpretation_Tm_refine_e40dba697735a60216c598c2a27841b5", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "refinement_interpretation_Tm_refine_ef46150014ed7af7eaa31a232443de26", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f329878e92bb1efc120000057d7014bb", + "refinement_interpretation_Tm_refine_f889d61f460f8c1d5e328492d8d2681e", + "true_interp", "typing_FStar.Seq.Base.length", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", + "typing_Hacl.Spec.SHA2.Vec.element_t", + "typing_Hacl.Spec.SHA2.Vec.lanes", + "typing_Hacl.Spec.SHA2.Vec.multiseq", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.mk_int", + "typing_Lib.IntTypes.numbytes", "typing_Lib.IntTypes.unsigned", + "typing_Lib.IntTypes.v", "typing_Lib.NTuple.index", + "typing_Lib.Sequence.index", "typing_Lib.Sequence.sub", + "typing_Lib.Sequence.to_seq", "typing_Lib.Sequence.upd", + "typing_Lib.Sequence.update_sub", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.len_length", + "typing_Tm_abs_18402e046ed836be65b3e210152dcb0d", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "ff46720fadc5078351b4924800280f9b" + "12a5badfbddbc4636baeb34e502a3361" ], [ - "Hacl.Streaming.MD.state_t", - 1, + "Hacl.Streaming.MD.update_last_one_block", + 4, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok" + ], + 0, + "76f892913223164d9f5b68a41366e1b5" + ], + [ + "Hacl.Streaming.MD.update_last_one_block", + 5, 0, 0, [ "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_b675b0ffb6d1c413de6799662783baa8", + "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50" + ], + 0, + "498dbdfbb8aafaaa655ec786372f1532" + ], + [ + "Hacl.Streaming.MD.sha2_mb_is_incremental", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_44bb45ed5c2534b346e0f58ea5033251", + "Hacl.Spec.SHA2.Vec_interpretation_Tm_arrow_b0654f3989b2f5dcd4916a2482ce0965", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.SEC", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Spec.Hash.Definitions.MD5", + "disc_equation_FStar.Pervasives.Native.Some", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.SEC@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equation_Hacl.Hash.Definitions.get_alg", - "equation_Hacl.Hash.Definitions.impl_state_length", - "equation_Hacl.Hash.Definitions.m_spec", - "equation_Hacl.Streaming.MD.alg", - "equation_Hacl.Streaming.MD.uu___22", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Prims.squash", + "equation_FStar.Seq.Properties.lseq", + "equation_FStar.Seq.Properties.split", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.block_len", + "equation_Hacl.Spec.SHA2.Vec.get_multilast_spec", + "equation_Hacl.Spec.SHA2.Vec.hash", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Spec.SHA2.Vec.update_nblocks", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.agile_of_lib", + "equation_Hacl.Streaming.MD.alg", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.NTuple.ntup1", + "equation_Lib.NTuple.ntuple", "equation_Lib.NTuple.tup1", + "equation_Lib.UpdateMulti.split_at_last_lazy", + "equation_Lib.UpdateMulti.split_at_last_lazy_nb_rem", + "equation_Lib.UpdateMulti.split_at_last_nb_rem", + "equation_Lib.UpdateMulti.uint8", "equation_Prims.nat", + "equation_Prims.pos", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", "equation_Spec.Hash.Definitions.is_blake", - "equation_Spec.Hash.Definitions.state_word_length", - "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", - "function_token_typing_Hacl.Streaming.MD.uu___22", - "inversion-interp", "proj_equation_Spec.GaloisField.GF_t", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.less_than_max_input_length", + "equation_Spec.Hash.Definitions.max_input_length", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_45bdf2156a73c7b116d801d7704b38bd", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.UInt.pow2_values", "lemma_Lib.NTuple.createi_lemma", + "lemma_Lib.NTuple.eq_elim", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_disEquality", + "proj_equation_FStar.Pervasives.Native.Some_v", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", - "projection_inverse_Prims.Mkdtuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_27badd4e3cc84cb3667efbdc988d2a12", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_362e2dfd5fc10941f1049c892a15d4e9", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bb718e95348d377a39b80a7b07e6a724", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cc936e5a549dcdc2e3f9713145143490", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "unit_typing" + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", + "refinement_interpretation_Tm_refine_ee39f9357cbd63bb5cf348fb8515eff7", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f889d61f460f8c1d5e328492d8d2681e", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.lseq", + "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.block_len", + "typing_Hacl.Spec.SHA2.Vec.lanes", + "typing_Hacl.Spec.SHA2.Vec.multiseq", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.v", "typing_Lib.NTuple.index", + "typing_Lib.UpdateMulti.split_at_last_lazy", + "typing_Lib.UpdateMulti.split_at_last_lazy_nb_rem", + "typing_Lib.UpdateMulti.split_at_last_nb_rem", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.less_than_max_input_length", + "typing_Tm_abs_45bdf2156a73c7b116d801d7704b38bd", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "18eaaf5c620cbebb02c7fb40fed31a04" + "f2b406d33ab31f7daba99ed82e644697" ], [ - "Hacl.Streaming.MD.update_multi_s", + "Hacl.Streaming.MD.live_multi_of_live", 1, 0, 0, [ - "@MaxIFuel_assumption", "@query", + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.U1@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_Hacl.Streaming.MD.alg", - "equation_Hacl.Streaming.MD.uu___22", - "equation_Lib.IntTypes.unsigned", "equation_Prims.squash", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.extra_state", - "equation_Spec.Hash.Definitions.is_blake", - "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", - "function_token_typing_Hacl.Streaming.MD.uu___22", - "inversion-interp", "proj_equation_Spec.GaloisField.GF_t", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", - "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "unit_typing" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "a9539336599eca4fb9555d82e35585b4" + "cac82e03dedc7ad9284d7af5824c5c2a" ], [ - "Hacl.Streaming.MD.update_multi_zero", - 1, + "Hacl.Streaming.MD.live_multi_of_live", + 2, 0, 0, [ - "@MaxIFuel_assumption", "@query", + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", - "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U128", - "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", - "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equation_FStar.Pervasives.Native.fst", - "equation_FStar.Pervasives.pattern", - "equation_Hacl.Streaming.MD.alg", - "equation_Hacl.Streaming.MD.update_multi_s", - "equation_Hacl.Streaming.MD.uu___22", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.buffer_of_lib", + "equation_Lib.Buffer.live", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_Lib.MultiBuffer.live_multi", + "equation_Lib.MultiBuffer.multibuf", "equation_Lib.NTuple.ntup1", + "equation_Lib.NTuple.ntuple", "equation_Prims.nat", "equation_Prims.squash", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.block_length", - "equation_Spec.Hash.Definitions.block_word_length", - "equation_Spec.Hash.Definitions.extra_state", - "equation_Spec.Hash.Definitions.is_blake", - "equation_Spec.Hash.Definitions.word_length", - "equation_Spec.Hash.Definitions.words_state", - "equation_Spec.Hash.Definitions.words_state_", - "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", - "function_token_typing_FStar.Pervasives.pattern", - "function_token_typing_Hacl.Streaming.MD.uu___22", "int_inversion", - "inversion-interp", "lemma_Spec.Hash.Lemmas.update_multi_zero", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_Spec.Hash.Definitions.extra_state", - "typing_Spec.Hash.Definitions.words_state_", "unit_typing" + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "cb64f0121259a07bc9307f0392599de6" + "601fe5dd731b8070e366567bac4e206a" ], [ - "Hacl.Streaming.MD.update_multi_associative", + "Hacl.Streaming.MD.disjoint_multi_of_disjoint", 1, 0, - 1, + 0, [ - "@MaxIFuel_assumption", "@query", + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "1e69ce2c9de1aa68b829e09d2b356e11" + ], + [ + "Hacl.Streaming.MD.disjoint_multi_of_disjoint", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", - "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U128", - "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "data_elim_FStar.Pervasives.Native.Mktuple2", "equality_tok_FStar.Integers.W16@tok", "equality_tok_FStar.Integers.W32@tok", - "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.SEC@tok", "equality_tok_Lib.IntTypes.U1@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", - "equality_tok_Spec.Hash.Definitions.SHA3_256@tok", - "equation_FStar.Pervasives.Native.fst", - "equation_Hacl.Hash.Definitions.block_len", "equation_Hacl.Streaming.Interface.uint8", - "equation_Hacl.Streaming.MD.alg", - "equation_Hacl.Streaming.MD.update_multi_s", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Prims.nat", - "equation_Spec.AES.gf8", "equation_Spec.AES.irred", - "equation_Spec.GaloisField.gf", - "equation_Spec.Hash.Definitions.block_length", - "equation_Spec.Hash.Definitions.block_word_length", - "equation_Spec.Hash.Definitions.bytes", - "equation_Spec.Hash.Definitions.bytes_blocks", - "equation_Spec.Hash.Definitions.extra_state", - "equation_Spec.Hash.Definitions.is_blake", - "equation_Spec.Hash.Definitions.state_word_length", - "equation_Spec.Hash.Definitions.word_length", - "equation_Spec.Hash.Definitions.words_state", - "equation_Spec.Hash.Definitions.words_state_", - "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", - "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", - "function_token_typing_Spec.Hash.Incremental.sha3_state_is_hash_state", - "int_inversion", "primitive_Prims.op_Multiply", - "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "equation_Hacl.Streaming.MD.buffer_of_lib", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.disjoint", + "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", + "equation_Lib.Buffer.loc", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Lib.MultiBuffer.disjoint_multi", + "equation_Lib.MultiBuffer.multibuf", "equation_Lib.NTuple.ntup1", + "equation_Lib.NTuple.ntuple", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.disjoint", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", + "equation_Prims.squash", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Subtraction", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", "projection_inverse_Spec.GaloisField.GF_t", - "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", - "refinement_interpretation_Tm_refine_b2f1e72a50166a01f536a5c97d0395aa", - "refinement_interpretation_Tm_refine_db403e8c2026d79b452c0dc021b7ff93", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", - "refinement_interpretation_Tm_refine_f7a8f8340b3c54b659acfc982cbf3004", - "typing_Hacl.Hash.Definitions.block_len", "typing_Lib.IntTypes.v", - "typing_Spec.AES.gf8", "typing_Spec.AES.irred", - "typing_Spec.Agile.Hash.update_multi", - "typing_Spec.GaloisField.__proj__GF__item__t", - "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", - "unit_inversion", "unit_typing" + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "7d2bd15506b9b896320c88353b055954" + "59b8e76efe145ed161f175ded83bdb23" ], [ "Hacl.Streaming.MD.hacl_md", @@ -434,21 +2573,33 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_44bb45ed5c2534b346e0f58ea5033251", + "Hacl.Spec.SHA2.Vec_interpretation_Tm_arrow_7240c29908087fbdf980875702329f4e", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", "Hacl.Streaming.Interface_interpretation_Tm_ghost_arrow_04b9730aff26c627742e69bcb26a498d", + "Hacl.Streaming.Interface_interpretation_Tm_ghost_arrow_5841be334e786c29f8af78b01c2d7898", "Hacl.Streaming.Interface_interpretation_Tm_ghost_arrow_b9523084facfccc7b660219925e6e2f0", "Prims_interpretation_Tm_arrow_2eaa01e78f73e9bab5d0955fc1a662da", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "Spec.Hash.Definitions_interpretation_Tm_arrow_3ac874e39b1c409ba69a2358a6f73691", - "b2t_def", "bool_inversion", "bool_typing", + "assumption_Spec.Hash.Definitions.hash_alg__uu___haseq", "b2t_def", + "bool_inversion", "constructor_distinct_FStar.Integers.Signed", "constructor_distinct_FStar.Integers.W16", "constructor_distinct_FStar.Integers.W32", "constructor_distinct_FStar.Integers.W64", "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", "constructor_distinct_FStar.Pervasives.Native.None", "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.Buffer.MUT", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", @@ -461,15 +2612,15 @@ "constructor_distinct_Spec.Hash.Definitions.SHA3_256", "constructor_distinct_Tm_unit", "data_elim_FStar.Pervasives.Native.Mktuple2", + "data_elim_FStar.Pervasives.Native.Some", + "data_elim_Hacl.Streaming.Interface.Stateful", "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", + "data_typing_intro_Hacl.Spec.SHA2.Vec.M128@tok", "data_typing_intro_Prims.Mkdtuple2@tok", "data_typing_intro_Spec.Hash.Definitions.MD5@tok", "data_typing_intro_Spec.Hash.Definitions.SHA1@tok", - "data_typing_intro_Spec.Hash.Definitions.SHA2_224@tok", - "data_typing_intro_Spec.Hash.Definitions.SHA2_256@tok", - "data_typing_intro_Spec.Hash.Definitions.SHA2_384@tok", - "data_typing_intro_Spec.Hash.Definitions.SHA2_512@tok", "data_typing_intro_Spec.Hash.Definitions.SHA3_256@tok", + "disc_equation_FStar.Pervasives.Native.Some", "disc_equation_Spec.Hash.Definitions.MD5", "disc_equation_Spec.Hash.Definitions.SHA1", "disc_equation_Spec.Hash.Definitions.SHA2_224", @@ -481,6 +2632,9 @@ "equality_tok_FStar.Integers.W32@tok", "equality_tok_FStar.Integers.W64@tok", "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.Buffer.MUT@tok", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U128@tok", "equality_tok_Lib.IntTypes.U1@tok", @@ -495,11 +2649,13 @@ "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", "equality_tok_Spec.Hash.Definitions.SHA3_256@tok", "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.Int.Cast.Full.uint64_to_uint128", + "equation_FStar.Integers.int_t", "equation_FStar.Monotonic.Heap.equal_dom", "equation_FStar.Monotonic.HyperHeap.hmap", "equation_FStar.Monotonic.HyperStack.mem", "equation_FStar.Pervasives.Native.fst", - "equation_FStar.Seq.Properties.split", "equation_FStar.UInt.fits", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", "equation_Hacl.Hash.Definitions.as_seq", @@ -511,44 +2667,72 @@ "equation_Hacl.Hash.Definitions.impl_state_length", "equation_Hacl.Hash.Definitions.impl_word", "equation_Hacl.Hash.Definitions.m_spec", + "equation_Hacl.Hash.Definitions.state", + "equation_Hacl.Spec.SHA2.Vec.element_t", + "equation_Hacl.Spec.SHA2.Vec.emit", + "equation_Hacl.Spec.SHA2.Vec.finish", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.multiseq", + "equation_Hacl.Spec.SHA2.Vec.state_spec", + "equation_Hacl.Spec.SHA2.Vec.store_state", + "equation_Hacl.Spec.SHA2.Vec.update_last", + "equation_Hacl.Spec.SHA2.Vec.update_nblocks", + "equation_Hacl.Spec.SHA2.mk_len_t", "equation_Hacl.Streaming.Interface.stateful_buffer", "equation_Hacl.Streaming.Interface.stateful_unused", "equation_Hacl.Streaming.Interface.uint8", + "equation_Hacl.Streaming.MD.agile_of_lib", "equation_Hacl.Streaming.MD.alg", + "equation_Hacl.Streaming.MD.buffer_of_lib", + "equation_Hacl.Streaming.MD.lib_of_buffer", "equation_Hacl.Streaming.MD.max_input_len64", + "equation_Hacl.Streaming.MD.multiseq_empty", "equation_Hacl.Streaming.MD.state_t", "equation_Hacl.Streaming.MD.update_multi_s", + "equation_Hacl.Streaming.MD.word", "equation_Lib.Buffer.as_seq", + "equation_Lib.Buffer.disjoint", "equation_Lib.Buffer.lbuffer_t", + "equation_Lib.Buffer.length", "equation_Lib.Buffer.live", + "equation_Lib.Buffer.loc", "equation_Lib.Buffer.modifies", + "equation_Lib.Buffer.modifies1", + "equation_Lib.Buffer.op_Bar_Plus_Bar", "equation_Lib.Buffer.union", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.uint32", "equation_Lib.IntTypes.uint64", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.uint64", "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Lib.Sequence.lseq", - "equation_Lib.Sequence.seq", + "equation_Lib.IntTypes.v", "equation_Lib.MultiBuffer.disjoint_multi", + "equation_Lib.MultiBuffer.internally_disjoint", + "equation_Lib.MultiBuffer.live_multi", + "equation_Lib.MultiBuffer.multibuf", + "equation_Lib.MultiBuffer.multiseq", "equation_Lib.NTuple.flen", + "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", + "equation_Lib.Sequence.lseq", "equation_Lib.Sequence.seq", "equation_Lib.UpdateMulti.split_at_last_lazy", "equation_Lib.UpdateMulti.uint8", "equation_LowStar.Buffer.buffer", "equation_LowStar.Monotonic.Buffer.disjoint", "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.eqtype", - "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Prims.nat", "equation_Prims.op_Equals_Equals_Equals", + "equation_Prims.pos", "equation_Spec.AES.elem", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.block_length", "equation_Spec.Hash.Definitions.block_word_length", "equation_Spec.Hash.Definitions.bytes", "equation_Spec.Hash.Definitions.bytes_blocks", + "equation_Spec.Hash.Definitions.bytes_hash", "equation_Spec.Hash.Definitions.extra_state", "equation_Spec.Hash.Definitions.extra_state_v", "equation_Spec.Hash.Definitions.hash_length", "equation_Spec.Hash.Definitions.hash_word_length", "equation_Spec.Hash.Definitions.init_t", "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.is_sha2", "equation_Spec.Hash.Definitions.is_sha3", "equation_Spec.Hash.Definitions.len_t", "equation_Spec.Hash.Definitions.len_v", "equation_Spec.Hash.Definitions.less_than_max_input_length", "equation_Spec.Hash.Definitions.max_input_length", "equation_Spec.Hash.Definitions.state_word_length", - "equation_Spec.Hash.Definitions.word", "equation_Spec.Hash.Definitions.word_length", "equation_Spec.Hash.Definitions.word_t", "equation_Spec.Hash.Definitions.words_state", @@ -565,9 +2749,10 @@ "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", "fuel_guarded_inversion_Spec.Hash.Definitions.hash_alg", "function_token_typing_FStar.Monotonic.Heap.heap", - "function_token_typing_Lib.IntTypes.uint32", + "function_token_typing_Hacl.Streaming.Interface.__proj__Stateful__item__t", "function_token_typing_Lib.IntTypes.uint64", "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", "function_token_typing_Prims.int", "function_token_typing_Spec.Hash.Incremental.Definitions.sha3_state_is_hash_state", "function_token_typing_Spec.SHA3.state", @@ -591,8 +2776,8 @@ "lemma_FStar.Seq.Base.lemma_eq_refl", "lemma_FStar.Seq.Base.lemma_len_append", "lemma_FStar.Set.lemma_equal_refl", "lemma_FStar.UInt.pow2_values", - "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.uv_inv", - "lemma_FStar.UInt64.vu_inv", + "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.vu_inv", + "lemma_Lib.IntTypes.v_injective", "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", "lemma_LowStar.Monotonic.Buffer.lemma_live_equal_mem_domains", "lemma_LowStar.Monotonic.Buffer.length_as_seq", @@ -605,13 +2790,17 @@ "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer", "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_Spec.Hash.Definitions.sha2_alg_is_maxed", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Some_v", "proj_equation_Hacl.Streaming.Interface.Stateful_footprint", "proj_equation_Hacl.Streaming.Interface.Stateful_freeable", "proj_equation_Hacl.Streaming.Interface.Stateful_invariant", @@ -622,6 +2811,7 @@ "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "projection_inverse_FStar.Pervasives.Native.None_a", @@ -637,7 +2827,7 @@ "projection_inverse_Spec.GaloisField.GF_t", "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", "refinement_interpretation_Tm_refine_090c66504516c455027e2452a636f0b6", - "refinement_interpretation_Tm_refine_0ee3a6999baaf2fbe579bcd157b82398", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", "refinement_interpretation_Tm_refine_1dedfade9bd5b2e99e5e8929e9bb5499", "refinement_interpretation_Tm_refine_2065983b7394855e8cae0a101ff57c0d", "refinement_interpretation_Tm_refine_30e6144473b54dee89b03bc9e962cecc", @@ -646,35 +2836,38 @@ "refinement_interpretation_Tm_refine_37c93ce5bbd59eacadc2b1f547360369", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_4879b3ae97fc9ab9e442503feaa32563", - "refinement_interpretation_Tm_refine_48c1b5b4c02ad49f0760911a9d4b1fb4", "refinement_interpretation_Tm_refine_49d93a0cb246c536781f6c5dba1a6214", - "refinement_interpretation_Tm_refine_4a250fae5c49229cf6bcc6a3069b80a8", "refinement_interpretation_Tm_refine_5323f6903bda6be0b11ccc9f42cf660b", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_547240b2475f155577e710689cbdcde0", "refinement_interpretation_Tm_refine_57fa8c96898948b638a7ae016b7718f4", - "refinement_interpretation_Tm_refine_63ce364d9f196a49e6d41e3bc2731e0d", - "refinement_interpretation_Tm_refine_66c124f492ec193d4bbaa9a39421d6d4", - "refinement_interpretation_Tm_refine_739034b5c242b3c46d74acbee1cb63c5", + "refinement_interpretation_Tm_refine_5bb33a5a72b720c92ad89ed2d28d9308", + "refinement_interpretation_Tm_refine_609674d96c81c962549b0076055bf213", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_778cda52ca3898c9d0220c148d4775e7", "refinement_interpretation_Tm_refine_7792679b3c450daf2a53ac4df195b5eb", - "refinement_interpretation_Tm_refine_78db224f600b3acabdab42a044183b6c", "refinement_interpretation_Tm_refine_7ad58868b0f7e178200373668177e14d", - "refinement_interpretation_Tm_refine_7ad8bea900c9a7a6fa81f0cdc182ec54", "refinement_interpretation_Tm_refine_7e7f8b5ec11f034398c8e7a52a271b80", + "refinement_interpretation_Tm_refine_8147cc2d1c2cb872c75498b74b7dc074", "refinement_interpretation_Tm_refine_89263c8dd7df5c497acdada0682b1aab", "refinement_interpretation_Tm_refine_8a07cf4923f1a5cb77acd2dc1ddbcb7e", - "refinement_interpretation_Tm_refine_8bc4e8f6e7ee09cbaa619d7dc4ee7b68", "refinement_interpretation_Tm_refine_8d5661237b3f7553757484c33ca6fac8", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", "refinement_interpretation_Tm_refine_91c352d831715ed604553457a8078865", "refinement_interpretation_Tm_refine_976a1ecc425f3c073d6fbbf63b379d34", "refinement_interpretation_Tm_refine_99e6ae098f4fa438575d964449e9a741", - "refinement_interpretation_Tm_refine_9b1af48c1c55d17658e70eb2e7ad8075", - "refinement_interpretation_Tm_refine_a803b759f08d41207c176c52e6485f20", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_a8fa4255b4da3c02c368080086854c4b", + "refinement_interpretation_Tm_refine_abd312949615ad70ea978e01dc2529de", + "refinement_interpretation_Tm_refine_ae7ca5b591ae64c7d5df3036ef776f2c", "refinement_interpretation_Tm_refine_b2f1e72a50166a01f536a5c97d0395aa", + "refinement_interpretation_Tm_refine_b3e3751c3894f166dfde09b500dd73a6", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", "refinement_interpretation_Tm_refine_ba20691c598b7aba0d11d91ead0d6da1", + "refinement_interpretation_Tm_refine_bb718e95348d377a39b80a7b07e6a724", "refinement_interpretation_Tm_refine_bfc924edff6d883a9bfc6db6a236a69c", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c70a61643f68639d371b8bc4b7b31b33", "refinement_interpretation_Tm_refine_c72983f98e093ff51e4484a4afcff7a4", "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", @@ -687,9 +2880,8 @@ "refinement_interpretation_Tm_refine_dd3191e65062ac23d677567beeaf601e", "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", "refinement_interpretation_Tm_refine_dea1f29c505a4ef18720e2cb4380cbe1", - "refinement_interpretation_Tm_refine_eea4feac1b785fce2f85492feeb100bc", + "refinement_interpretation_Tm_refine_ec207ea84d2f7b7a5a03cae1ad39c9df", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "refinement_interpretation_Tm_refine_f4235ca35aeb7ebf867cf38b99ce6272", "refinement_interpretation_Tm_refine_f45ab303f246ea1722c1f05438371ae2", "refinement_interpretation_Tm_refine_f7a8f8340b3c54b659acfc982cbf3004", "refinement_interpretation_Tm_refine_fbadde237a43e0c78bed6643a50a5cee", @@ -706,53 +2898,65 @@ "typing_FStar.Int.Cast.Full.uint64_to_uint128", "typing_FStar.Map.domain", "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Monotonic.HyperStack.get_hmap", - "typing_FStar.Seq.Base.length", "typing_FStar.Set.singleton", + "typing_FStar.Pervasives.Native.fst", "typing_FStar.Seq.Base.append", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.lseq", "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", "typing_FStar.UInt32.v", - "typing_FStar.UInt64.uint_to_t", "typing_FStar.UInt64.v", + "typing_FStar.UInt64.v", "typing_Hacl.Hash.Definitions.as_seq", "typing_Hacl.Hash.Definitions.block_len", "typing_Hacl.Hash.Definitions.hash_len", "typing_Hacl.Hash.Definitions.impl_state_len", "typing_Hacl.Hash.Definitions.impl_word", + "typing_Hacl.Streaming.MD.agile_of_lib", "typing_Hacl.Streaming.MD.max_input_len64", - "typing_Lib.IntTypes.unsigned", + "typing_Hacl.Streaming.MD.state_t", "typing_Hacl.Streaming.MD.word", + "typing_Lib.Buffer.loc", "typing_Lib.Buffer.op_Bar_Plus_Bar", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.unsigned", "typing_Lib.MultiBuffer.loc_multi", + "typing_Lib.MultiBuffer.multibuf", "typing_Lib.NTuple.createi", + "typing_Lib.NTuple.index", "typing_Lib.UpdateMulti.split_at_last_lazy", "typing_LowStar.Buffer.trivial_preorder", "typing_LowStar.Monotonic.Buffer.as_addr", "typing_LowStar.Monotonic.Buffer.as_seq", "typing_LowStar.Monotonic.Buffer.frameOf", - "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", "typing_LowStar.Monotonic.Buffer.loc_addresses", "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_LowStar.Monotonic.Buffer.loc_union", "typing_Spec.AES.gf8", - "typing_Spec.Agile.Hash.init", "typing_Spec.Agile.Hash.update_multi", + "typing_Spec.Agile.Hash.hash", "typing_Spec.Agile.Hash.init", + "typing_Spec.Agile.Hash.update_multi", "typing_Spec.GaloisField.__proj__GF__item__t", "typing_Spec.Hash.Definitions.block_length", "typing_Spec.Hash.Definitions.block_word_length", + "typing_Spec.Hash.Definitions.extra_state", + "typing_Spec.Hash.Definitions.hash_length", "typing_Spec.Hash.Definitions.is_blake", + "typing_Spec.Hash.Definitions.is_sha3", "typing_Spec.Hash.Definitions.len_t", "typing_Spec.Hash.Definitions.less_than_max_input_length", - "typing_Spec.Hash.Definitions.word", + "typing_Spec.Hash.Definitions.max_input_length", + "typing_Spec.Hash.Definitions.state_word_length", + "typing_Spec.Hash.Definitions.word_t", "typing_Spec.Hash.Definitions.words_state_", "typing_Spec.Hash.Incremental.Definitions.hash", "typing_Spec.Hash.Incremental.Definitions.hash_incremental", - "typing_Spec.Hash.Incremental.Definitions.hash_incremental_body", "typing_Spec.Hash.Incremental.Definitions.split_blocks", "typing_Spec.Hash.PadFinish.finish", "typing_Tm_abs_3d77c1d80c0e9e736cdcf018f4780b14", "typing_Tm_abs_52a0ed64348f472cf681bfc70625daa4", + "typing_Tm_abs_ace6b227d2c50150f9d1aa9702bf202c", "typing_Tm_abs_bca86c378e629c7384680d9f5e5b4192", - "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.U128@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok", "typing_tok_Spec.Hash.Definitions.MD5@tok", "typing_tok_Spec.Hash.Definitions.SHA1@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_224@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_256@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_384@tok", - "typing_tok_Spec.Hash.Definitions.SHA2_512@tok", "typing_tok_Spec.Hash.Definitions.SHA3_256@tok", "unit_inversion", "unit_typing" ], 0, - "3422fe58d33453bc97cd338adee70037" + "b9d64d48735ebe54ff9c3e27a0816162" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Streaming.MD5.fst.hints b/hints/Hacl.Streaming.MD5.fst.hints index fe7d9c48fc..27aa09f56c 100644 --- a/hints/Hacl.Streaming.MD5.fst.hints +++ b/hints/Hacl.Streaming.MD5.fst.hints @@ -13,7 +13,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "6e5a950a201e0c2da144edef0321d6d9" + "f191acda57b317769aa15d7debda8ccf" ], [ "Hacl.Streaming.MD5.state_t_md5", @@ -27,7 +27,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "26014a3955280631ca287a3fce5cb915" + "36f4a58328bfbdb1dc5861797a25745e" ], [ "Hacl.Streaming.MD5.state_md5", @@ -55,7 +55,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "a60125c665e68f9fd90b211d4f3cee39" + "15997bb408fe2abf18ebefeed77844c7" ], [ "Hacl.Streaming.MD5.legacy_alloca_md5", @@ -83,7 +83,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "429905eb05bcbf6a16de25ed5cac7c51" + "b2731066d432fc0dad6f894101f838cc" ], [ "Hacl.Streaming.MD5.legacy_create_in_md5", @@ -111,7 +111,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "1cf84fbed48122592f45432dacee6381" + "755add083db08aa409300dff789e4ebc" ], [ "Hacl.Streaming.MD5.legacy_init_md5", @@ -143,7 +143,7 @@ "unit_typing" ], 0, - "bd018fe5a306f856a0a1b99429ec211e" + "e533ee240afed422d9330c2f25bfdd91" ], [ "Hacl.Streaming.MD5.legacy_update_md5", @@ -175,7 +175,7 @@ "unit_typing" ], 0, - "b65e700d1ebf43552515a57128a2768b" + "c4d0c5d6ab9a8da89e6281136cf37e65" ], [ "Hacl.Streaming.MD5.legacy_finish_md5", @@ -203,7 +203,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "5cc0da1e602a82bd5953f254c6812730" + "22241d352d88cb428263d12aea28a9fe" ], [ "Hacl.Streaming.MD5.legacy_free_md5", @@ -235,7 +235,7 @@ "unit_typing" ], 0, - "75d635e7cce732d3f2f0befba17b40b7" + "8e20a5c76b3f21e0ac5e88ce946b1b15" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Streaming.SHA1.fst.hints b/hints/Hacl.Streaming.SHA1.fst.hints index 9fb779478b..16b938eb88 100644 --- a/hints/Hacl.Streaming.SHA1.fst.hints +++ b/hints/Hacl.Streaming.SHA1.fst.hints @@ -13,7 +13,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "8f2345124224e0afa286c2e7b2e855b2" + "e1b6ba8674de0a446cbd787d91c6ea9d" ], [ "Hacl.Streaming.SHA1.state_t_sha1", @@ -27,7 +27,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "56b6bfcfbf082c0862f065ec82d4766d" + "724b4c27421f1204f50efa9858ff35ce" ], [ "Hacl.Streaming.SHA1.state_sha1", @@ -55,7 +55,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "3d5035e5abbfd580d8d1d77b39262b42" + "8f925e2aa619d5938982037e286da848" ], [ "Hacl.Streaming.SHA1.legacy_alloca_sha1", @@ -83,7 +83,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "d92a41ce7cf35222991565ca1fb1f339" + "f5967a1ac26559a5f9b4d414f57bd367" ], [ "Hacl.Streaming.SHA1.legacy_create_in_sha1", @@ -111,7 +111,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "064cc1785006de185303f95c88910525" + "97fd0fdd019a91ab1be5564a13e743ff" ], [ "Hacl.Streaming.SHA1.legacy_init_sha1", @@ -143,7 +143,7 @@ "unit_typing" ], 0, - "9b7b1746caef1b0c4aeec85af0af9edf" + "c02ec07b34134e4e9dbec1f91d1ba261" ], [ "Hacl.Streaming.SHA1.legacy_update_sha1", @@ -175,7 +175,7 @@ "unit_typing" ], 0, - "2c160edf5e1c9fb0747c83116ca02080" + "1075062d879a5702f00a021643c0ce98" ], [ "Hacl.Streaming.SHA1.legacy_finish_sha1", @@ -203,7 +203,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "6ac12bf859cc2b8e7d714a526c84de43" + "d95acec4a0b598b1d7b2fb4d02ee8670" ], [ "Hacl.Streaming.SHA1.legacy_free_sha1", @@ -235,7 +235,7 @@ "unit_typing" ], 0, - "26691bc34be922e556f64713cbd72147" + "076822f2e310acd6893e185657991e58" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Streaming.SHA2.fst.hints b/hints/Hacl.Streaming.SHA2.fst.hints index b7f4f65c40..8d00d64cfd 100644 --- a/hints/Hacl.Streaming.SHA2.fst.hints +++ b/hints/Hacl.Streaming.SHA2.fst.hints @@ -1,5 +1,5 @@ [ - "µCY¢\tX¼[\u0011'ºMÂ\u000bÖx", + "l¦l†\u0003ËåD\u007f†×M\u0018;\u001a\u0011", [ [ "Hacl.Streaming.SHA2.hacl_sha2_224", @@ -14,7 +14,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "446fe7d34bdffd4f510dd2d29a5e67d1" + "fb5c4d794136dc8bf501c2f9292b0a45" ], [ "Hacl.Streaming.SHA2.hacl_sha2_256", @@ -28,7 +28,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "c379f3b543647135ce9a3a6aa2a2356d" + "a5d6f0676437f261af3684ba9e3c1fdc" ], [ "Hacl.Streaming.SHA2.hacl_sha2_384", @@ -42,7 +42,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "9dc0d19de72962660facacfb12ee6216" + "3aac259b232eab190d7404dbef879197" ], [ "Hacl.Streaming.SHA2.hacl_sha2_512", @@ -56,7 +56,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "61f40ce36f724b6e7a876c24935b40ab" + "610ba36b579c815ecd990e70a4d41e56" ], [ "Hacl.Streaming.SHA2.state_t_224", @@ -71,7 +71,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "647f51c70c1462260e237535b488233f" + "8801603cff6bbbe9d808e39f2692acbd" ], [ "Hacl.Streaming.SHA2.state_t_256", @@ -85,7 +85,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "e71b4358b4406a5bb0330658cc5df288" + "beebe384053a45dfe331ebdab22f7657" ], [ "Hacl.Streaming.SHA2.state_t_384", @@ -99,7 +99,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "67c054eadd2af34da81abefab2b0f697" + "ed68d0fbf1f450cf86d0e4938e6416c9" ], [ "Hacl.Streaming.SHA2.state_t_512", @@ -113,7 +113,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "17692f60656d0edcc5970a7cc67d5006" + "e0bcaf9ffbce7c8a49884ce142002398" ], [ "Hacl.Streaming.SHA2.state_sha2_224", @@ -141,7 +141,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "9676a32116aa8fffc8d208423df099dd" + "1b4d8961649a5cb0256c5855c227d267" ], [ "Hacl.Streaming.SHA2.state_sha2_256", @@ -169,7 +169,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "a28a03e8e85a424ced1759e3e882ddac" + "5485aa256d37fda9cb9fe9df85566a36" ], [ "Hacl.Streaming.SHA2.state_sha2_384", @@ -197,7 +197,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "be23f597f517678a74d3ee25be9221fe" + "f68b6da6b79e922f1b4a51d077ce6833" ], [ "Hacl.Streaming.SHA2.state_sha2_512", @@ -225,7 +225,38 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "3e1ee1fc73a8b4f79b3fcea88f6bdb17" + "b24f722fc80f896283ed7b22afc6bef3" + ], + [ + "Hacl.Streaming.SHA2.hash_t", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equation_Hacl.Hash.Definitions.hash_len", + "equation_Lib.Buffer.lbuffer_t", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.less_than_max_input_length", + "equation_Spec.Hash.Definitions.sha2_alg", + "function_token_typing_Lib.IntTypes.uint8", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_c401b1a3c83f2221694bf321c4e421cd", + "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", + "typing_Hacl.Hash.Definitions.hash_len", "typing_Lib.Buffer.length", + "typing_Spec.Hash.Definitions.is_sha2", + "typing_Spec.Hash.Definitions.less_than_max_input_length", + "typing_tok_Lib.Buffer.MUT@tok" + ], + 0, + "bca8b81a968d11bd9d5d89b13785d6bb" ], [ "Hacl.Streaming.SHA2.alloca_224", @@ -253,7 +284,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "bff1a9360d93d5648b58197a59a44807" + "88d989a897185da1d94cef326b8c676c" ], [ "Hacl.Streaming.SHA2.create_in_224", @@ -281,7 +312,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "83988aefa31a143290f0dc453f0f1937" + "2f9c6c06e82eac68aa9506fbcee23676" ], [ "Hacl.Streaming.SHA2.init_224", @@ -313,7 +344,7 @@ "unit_typing" ], 0, - "1dd726be4204fd423d0a713ce7b11bad" + "7b2f4299b2f31ad2097dae1930483812" ], [ "Hacl.Streaming.SHA2.update_224", @@ -345,7 +376,7 @@ "unit_typing" ], 0, - "e3de970db93d528f9a769a216f526f4f" + "c5226d248afe56d96bd5dd104929da87" ], [ "Hacl.Streaming.SHA2.finish_224", @@ -373,7 +404,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "da8eed9e821d9cd88a1446fdfd9df96b" + "da01a58e86684ab6dc68aa372b4bbbc5" ], [ "Hacl.Streaming.SHA2.free_224", @@ -405,7 +436,105 @@ "unit_typing" ], 0, - "43737c3bbb6ed56bac40e61f7003c5cf" + "37a2e4f4f1a20e1c0c6d0278307315a9" + ], + [ + "Hacl.Streaming.SHA2.sha224", + 1, + 0, + 0, + [ + "@query", "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_Spec.Hash.Definitions.is_sha2", + "projection_inverse_BoxBool_proj_0" + ], + 0, + "ef8037beb571fe07615ce8321e864816" + ], + [ + "Hacl.Streaming.SHA2.sha224", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_224@tok", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.hash_len", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.lanes_t", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", + "equation_Lib.Buffer.length", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Lib.MultiBuffer.internally_disjoint", + "equation_Lib.MultiBuffer.live_multi", + "equation_Lib.MultiBuffer.modifies_multi", + "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", + "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", + "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_610a43752b9b6cd8e18a986ff1c24a31", + "refinement_interpretation_Tm_refine_6f6c5e83910194b4306c518ba7fc5678", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.hash_len", + "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Spec.Hash.Definitions.SHA2_224@tok" + ], + 0, + "998df1237842b11259defb7f0f15d0b9" ], [ "Hacl.Streaming.SHA2.alloca_256", @@ -433,7 +562,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "3d64fdb61ced96245c8b48523e5a70fc" + "a2174f7ac667d08912e5f19b2d6a967b" ], [ "Hacl.Streaming.SHA2.create_in_256", @@ -461,7 +590,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "f2a80a4316dcb926956fc58e59a56de1" + "06f3499349f4bddab51f8b4ec17768b6" ], [ "Hacl.Streaming.SHA2.init_256", @@ -493,7 +622,7 @@ "unit_typing" ], 0, - "a1c2354027d04764510ed5c119d407f5" + "82ed341f4731f3d59c6b9b8ddc1ac825" ], [ "Hacl.Streaming.SHA2.update_256", @@ -525,7 +654,7 @@ "unit_typing" ], 0, - "2838a6c56fc51b1f46a0e5cce2813f44" + "07f73fc8e43e95e92167801fb74838f1" ], [ "Hacl.Streaming.SHA2.finish_256", @@ -553,7 +682,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "b5ee04cbb0323e04aecb9a99ace885d3" + "53cf7782b72c8bee37d66f28db1e39cf" ], [ "Hacl.Streaming.SHA2.free_256", @@ -585,7 +714,118 @@ "unit_typing" ], 0, - "81d936c55d3ff83f04cca68695468ebc" + "0fab224724cdbfa6bcad1215f13cffd8" + ], + [ + "Hacl.Streaming.SHA2.sha256", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "47c81e7e8b1257bb04a81f0505b41c8c" + ], + [ + "Hacl.Streaming.SHA2.sha256", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.hash_len", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.lanes_t", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", + "equation_Lib.Buffer.length", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Lib.MultiBuffer.internally_disjoint", + "equation_Lib.MultiBuffer.live_multi", + "equation_Lib.MultiBuffer.modifies_multi", + "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", + "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", + "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5e104c04f960ac658fc1e6c21cd22e76", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", + "refinement_interpretation_Tm_refine_cf1a24f01332d00e6f80de32d9355c8c", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.hash_len", + "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.hash_length", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" + ], + 0, + "804b4aafac00f38854706bbad7d19476" ], [ "Hacl.Streaming.SHA2.alloca_384", @@ -613,7 +853,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "9e18af561cfec098e86db9afc1a2712d" + "a85266e7f35c9c4e2e3658b6bd9f9b7c" ], [ "Hacl.Streaming.SHA2.create_in_384", @@ -641,7 +881,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "d323a2088e6f32afb4c57fd57e50a22e" + "e4bdfa892cf2b23499607c5b53c7a37d" ], [ "Hacl.Streaming.SHA2.init_384", @@ -673,7 +913,7 @@ "unit_typing" ], 0, - "57f7c06300a53c1fbfda38d11f72a6f7" + "d28b228bc8f97c894d8ad2f32b25905f" ], [ "Hacl.Streaming.SHA2.update_384", @@ -705,7 +945,7 @@ "unit_typing" ], 0, - "a347e0fab55a0ec32857ef5d1dce6765" + "5030c6e6b19879987d3926a6ccc27089" ], [ "Hacl.Streaming.SHA2.finish_384", @@ -733,7 +973,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "47cbc0b777274ac8217a72facbdeb002" + "91f03beda1ebee9e35fb3a35dddd43bc" ], [ "Hacl.Streaming.SHA2.free_384", @@ -765,7 +1005,124 @@ "unit_typing" ], 0, - "eeef241554b9347a6b6a23e263a56d1a" + "6c1e7b5c7adcf2259037ba48c7bedee1" + ], + [ + "Hacl.Streaming.SHA2.sha384", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "57aef6acbf7f6853d8464ee7d4f12415" + ], + [ + "Hacl.Streaming.SHA2.sha384", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M256", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "constructor_distinct_Spec.Hash.Definitions.SHA2_384", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_384@tok", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.hash_len", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.lanes_t", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", + "equation_Lib.Buffer.length", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Lib.MultiBuffer.internally_disjoint", + "equation_Lib.MultiBuffer.live_multi", + "equation_Lib.MultiBuffer.modifies_multi", + "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.sha2_alg", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", + "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", + "refinement_interpretation_Tm_refine_2c1f6dc1d378fed54224fbf63fca7a8a", + "refinement_interpretation_Tm_refine_2cf0d3d5b3efb0aadafee6b6b1ea64b3", + "refinement_interpretation_Tm_refine_4c95819efb9e8e85cc6ac2dc15b0b4a5", + "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.hash_len", + "typing_Hacl.Spec.SHA2.Vec.lanes", "typing_Lib.Buffer.lbuffer_t", + "typing_Lib.Buffer.length", "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" + ], + 0, + "f1678c9d220d36183adfeb7c836ab9d1" ], [ "Hacl.Streaming.SHA2.alloca_512", @@ -793,7 +1150,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "5b2ead80fda85de2d88e84fc7605418c" + "572f873dfb314753e2a83d865b3b83c9" ], [ "Hacl.Streaming.SHA2.create_in_512", @@ -821,7 +1178,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "8f4cb39317aab25725f14c9539cc0f5b" + "8ec82386d43e38f2e58367a024ac791a" ], [ "Hacl.Streaming.SHA2.init_512", @@ -853,7 +1210,7 @@ "unit_typing" ], 0, - "8192bf0609983aedad9432edaf7e1e16" + "71ca38a5e8e4029ed42bf40a86f5540e" ], [ "Hacl.Streaming.SHA2.update_512", @@ -885,7 +1242,7 @@ "unit_typing" ], 0, - "d862f6cd00aa5c9f97ced6becd6c76aa" + "3484be0c29938b87b87b321339bd14dc" ], [ "Hacl.Streaming.SHA2.finish_512", @@ -913,7 +1270,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "d5d99e6c3a061c028ccdad489d5ceff1" + "1e46f27955a025ffa55c8ef768e62527" ], [ "Hacl.Streaming.SHA2.free_512", @@ -945,7 +1302,122 @@ "unit_typing" ], 0, - "b7370466625c436dae790d1c43d7bbf9" + "ca7ff53d878fd775e6ad6df8b531fb02" + ], + [ + "Hacl.Streaming.SHA2.sha512", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_Lib.IntTypes.unsigned", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.is_sha2", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "ebfae093db728dfb1862f24eaba9ccb2" + ], + [ + "Hacl.Streaming.SHA2.sha512", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Hacl.Spec.SHA2.Vec_pretyping_ef9d7cf021ba37864f0e1ecf8fb737f1", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M128", + "constructor_distinct_Hacl.Spec.SHA2.Vec.M32", + "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_224", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "constructor_distinct_Spec.Hash.Definitions.SHA2_512", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_512@tok", + "equation_FStar.Seq.Properties.lseq", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", + "equation_Hacl.Hash.Definitions.hash_len", + "equation_Hacl.Spec.SHA2.Vec.is_supported", + "equation_Hacl.Spec.SHA2.Vec.lanes", + "equation_Hacl.Spec.SHA2.Vec.lanes_t", + "equation_Lib.Buffer.buffer_t", "equation_Lib.Buffer.lbuffer_t", + "equation_Lib.Buffer.length", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Lib.MultiBuffer.internally_disjoint", + "equation_Lib.MultiBuffer.live_multi", + "equation_Lib.MultiBuffer.modifies_multi", + "equation_Lib.NTuple.ntup1", "equation_Lib.NTuple.ntuple", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.is_sha2", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_Lib.MultiBuffer.as_seq_multi_lemma", + "lemma_Lib.NTuple.ntup1_lemma", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_1821bb125f421b67809195ad37eb533a", + "refinement_interpretation_Tm_refine_2d4c3132aca495529c76bb302c5c4b81", + "refinement_interpretation_Tm_refine_363b643e643b90936395674da4167394", + "refinement_interpretation_Tm_refine_52d8b90eecdfc1e33886adeb748d8e10", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_bded595d5c675d20923ebf7eee58cd50", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c7753baa38cd99c4f00a675631dc1dde", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Hacl.Hash.Definitions.hash_len", + "typing_Lib.Buffer.lbuffer_t", "typing_Lib.Buffer.length", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Hacl.Spec.SHA2.Vec.M32@tok", + "typing_tok_Lib.Buffer.MUT@tok", "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Spec.Hash.Definitions.SHA2_512@tok" + ], + 0, + "b58812c5b60e9a69177078e50cea92e4" ] ] ] \ No newline at end of file diff --git a/hints/Hacl.Streaming.SHA3.fst.hints b/hints/Hacl.Streaming.SHA3.fst.hints index 454301c95e..365253dba0 100644 --- a/hints/Hacl.Streaming.SHA3.fst.hints +++ b/hints/Hacl.Streaming.SHA3.fst.hints @@ -13,7 +13,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "558a65e43af0216c4456e6bd7d403ef2" + "125dc5634c4d9d706ef648e0332fb95f" ], [ "Hacl.Streaming.SHA3.state_t_256", @@ -27,7 +27,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "268aae913ff629e8fcbb3cd1c9d54c84" + "cd10733262474560603c78215fcac2a5" ], [ "Hacl.Streaming.SHA3.state_sha3_256", @@ -55,7 +55,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "287874b6e1a9d0a11f7799bb27594bb0" + "5710a4924827f86bd0729a1a61820274" ], [ "Hacl.Streaming.SHA3.alloca_256", @@ -83,7 +83,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "aeeadbd4a3813eeaafa7276b5ae86472" + "d3609e3bd92817bd6694e5c7f1cea740" ], [ "Hacl.Streaming.SHA3.create_in_256", @@ -111,7 +111,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "8e25c0b7c9f3375aba30b1850cf975e2" + "08eac5444ff9aedf14685b09eeb90dd2" ], [ "Hacl.Streaming.SHA3.init_256", @@ -139,7 +139,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "3ec85a478b2156cd54f4bb2e31760181" + "3284c566fb14c60f8627354cb14bf17f" ], [ "Hacl.Streaming.SHA3.update_256", @@ -167,7 +167,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "72d60a5070366996c2c2a06f00f43f85" + "9b4300076341ff2e23596ae9c8cbd334" ], [ "Hacl.Streaming.SHA3.finish_256", @@ -195,7 +195,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "cd41cd85d0ae36f4a3041acb3fab104d" + "93b98f581ef8874aeec515638fe96bbd" ], [ "Hacl.Streaming.SHA3.free_256", @@ -223,7 +223,7 @@ "token_correspondence_Hacl.Streaming.Interface.__proj__Stateful__item__t" ], 0, - "207e0f773eba2e6dc843b175a3a1ec5c" + "55380b94208022bb4bd5c69d5be75b91" ] ] ] \ No newline at end of file diff --git a/hints/Lib.Exponentiation.fst.hints b/hints/Lib.Exponentiation.fst.hints index d79b399df9..d0cd362704 100644 --- a/hints/Lib.Exponentiation.fst.hints +++ b/hints/Lib.Exponentiation.fst.hints @@ -183,7 +183,7 @@ "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d" ], 0, - "eb0d51c94cc4092f0ff569c1b1196b28" + "8d587b56f6216b5ef251031c31e933e9" ], [ "Lib.Exponentiation.exp_rl_lemma_loop", @@ -325,13 +325,13 @@ "@MaxIFuel_assumption", "@query", "equation_Prims.nat", "equation_Prims.pos", "int_inversion", "primitive_Prims.op_Division", "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_23030dc58aee4215a13bf6337f540bc2", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7d120eac9c3ce5a041208e35a16c5f23", "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709" ], 0, - "eaef1591d5851426a88074c3d0033621" + "f2750990b87898717b7a38a5c7970082" ], [ "Lib.Exponentiation.exp_lr_lemma_loop", @@ -361,7 +361,7 @@ "typing_Prims.pow2", "well-founded-ordering-on-nat" ], 0, - "0713e8baae840315ed2d697ed2d73d4e" + "633390d8bf2b410988d227b141cd2887" ], [ "Lib.Exponentiation.exp_lr_lemma", @@ -449,7 +449,7 @@ "token_correspondence_Lib.Exponentiation.Definition.mul" ], 0, - "65259540b91f361f3280637aca8f370b" + "21d8cac9a9a014b70420a23998e32b66" ], [ "Lib.Exponentiation.exp_mont_ladder_lemma_loop", @@ -478,12 +478,12 @@ "equation_Prims.pos", "int_inversion", "primitive_Prims.op_Division", "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5f8eefd7b73f048b470fb0c0e6a0c6bf", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709" + "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", + "refinement_interpretation_Tm_refine_c11baa4dd324ef69e14b403922b02ff0" ], 0, - "3e4bd180d07be5a4c93402e127c7d423" + "b5ba6edbf27be77c8e960dd120305177" ], [ "Lib.Exponentiation.exp_mont_ladder_lemma_loop", @@ -520,7 +520,7 @@ "well-founded-ordering-on-nat" ], 0, - "6238b248841faae2d8e61f835dbdaa97" + "0883076496b05f744846094f71ff0bf4" ], [ "Lib.Exponentiation.exp_mont_ladder_lemma", @@ -574,10 +574,10 @@ 0, [ "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_f3ee9c52859b5afa18e23dc081e59106" + "refinement_interpretation_Tm_refine_dbd12cee69ba71ee0c0edea85d7c1601" ], 0, - "d36a2494ad0e94cefc66a69a4e990068" + "3ffd843a049b34c8a96a26930c9e9701" ], [ "Lib.Exponentiation.exp_mont_ladder_swap2_lemma_loop", @@ -624,7 +624,7 @@ "typing_Lib.LoopCombinators.repeati", "well-founded-ordering-on-nat" ], 0, - "ad1d59a73933ac9db88e22b37344f085" + "41163cdc96fa35fbe1d5579c57287288" ], [ "Lib.Exponentiation.exp_mont_ladder_swap2_lemma", @@ -683,14 +683,14 @@ "int_inversion", "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a5798a4fde10aae5a8d56500f3752a4", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", - "refinement_interpretation_Tm_refine_950a0f8acde59b5e216c85c2613ac889", "refinement_interpretation_Tm_refine_aa64bce61191644d6312a5ed528e56d8", "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709" ], 0, - "32f6b7aeab9432466d37c7cc8d3a36c8" + "07690abb318d19e797ed660de674c682" ], [ "Lib.Exponentiation.exp_mont_ladder_swap_lemma_loop", @@ -738,7 +738,7 @@ "typing_Lib.Exponentiation.cswap", "well-founded-ordering-on-nat" ], 0, - "3d44722135f730197a9c80640c3bf65b" + "7724d2ed9fcde8c4778a5b8bc9f791fb" ], [ "Lib.Exponentiation.exp_mont_ladder_swap_lemma", @@ -783,7 +783,7 @@ 0, [ "@query" ], 0, - "5aade2f2ba3d1eeeb19f1faa01388300" + "394d65d13dc4ef01c6480bb56633beef" ], [ "Lib.Exponentiation.exp_pow2_loop_lemma", @@ -810,7 +810,7 @@ "well-founded-ordering-on-nat" ], 0, - "671b53ae7175e06f516f8be92a88f650" + "33e21c1161a2d9913994a54d961f65ed" ], [ "Lib.Exponentiation.exp_pow2_lemma", @@ -1020,8 +1020,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", - "token_correspondence_Lib.Exponentiation.Definition.mul", - "typing_Lib.Exponentiation.get_bits_l" + "token_correspondence_Lib.Exponentiation.Definition.mul" ], 0, "d19427b7d52b1fbc1a66b07e19e4ca64" @@ -1058,10 +1057,10 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", - "refinement_interpretation_Tm_refine_f46d7f4e1fb21a1c11ca87a6fe7c2aa7" + "refinement_interpretation_Tm_refine_cded2ee107d3c24d832f7ee956673135" ], 0, - "0c287df3a023e814c0de53e86f5cd485" + "34c640bf0c5cc5489ea6c2701650dc1f" ], [ "Lib.Exponentiation.exp_fw_lemma_loop", @@ -1093,7 +1092,7 @@ "typing_Prims.pow2", "well-founded-ordering-on-nat" ], 0, - "f324f810525607b8183a8e2dd0136b2a" + "9f07d8962a544df37e4f417f50cc5a21" ], [ "Lib.Exponentiation.exp_fw_acc0_lemma", @@ -1135,7 +1134,7 @@ "equation_Lib.Exponentiation.get_ith_lbits", "equation_Prims.nat", "equation_Prims.pos", "fuel_guarded_inversion_Lib.Exponentiation.Definition.comm_monoid", - "int_inversion", "int_typing", "primitive_Prims.op_Division", + "int_inversion", "primitive_Prims.op_Division", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", @@ -1146,7 +1145,7 @@ "typing_Prims.pow2" ], 0, - "73e230c01448f62b36ca9b5fe9330564" + "7af18eb7521ade6a00c82ae945a37898" ], [ "Lib.Exponentiation.exp_fw_acc0_aux_lemma", @@ -1384,11 +1383,11 @@ "refinement_interpretation_Tm_refine_46a3488d9284b64cf49bf6e16f2d7517", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_b72510fd8ac5205adc6d291337605117", + "refinement_interpretation_Tm_refine_7cb19537ae650f79e046c245591f33db", "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709" ], 0, - "38cb81d41b3adba750311c54d44d6239" + "0ca5042b5b5aa520a40bd0c781af42cb" ], [ "Lib.Exponentiation.exp_double_fw_lemma_loop", @@ -1420,7 +1419,7 @@ "well-founded-ordering-on-nat" ], 0, - "587221e4294e1c38187f733999275111" + "d0ca098ea3948ae2a772d37a9148e40b" ], [ "Lib.Exponentiation.exp_double_fw_acc0_lemma", @@ -1477,7 +1476,7 @@ "token_correspondence_Lib.Exponentiation.Definition.one" ], 0, - "daecd925f1810daea7fc1433bc8d8cf8" + "ffcd71a19d72c4473dce26f272495883" ], [ "Lib.Exponentiation.exp_double_fw_lemma", @@ -1595,7 +1594,7 @@ "equation_Lib.Exponentiation.mul_acc_pow_a_bits_l", "equation_Prims.nat", "equation_Prims.pos", "fuel_guarded_inversion_Lib.Exponentiation.Definition.comm_monoid", - "int_inversion", "int_typing", + "int_inversion", "interpretation_Tm_abs_c95910fed43d6f86affe4d87e5d85797", "primitive_Prims.op_Addition", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", @@ -1639,14 +1638,14 @@ "equation_Prims.pos", "fuel_guarded_inversion_Lib.Exponentiation.Definition.comm_monoid", "int_inversion", - "refinement_interpretation_Tm_refine_0f293ccf304eb2fb1a352a42dee35137", "refinement_interpretation_Tm_refine_46a3488d9284b64cf49bf6e16f2d7517", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_9e10ceac5d55e5863b1b26df0786ba2c", "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709" ], 0, - "7afd845066813650ae9b02aec5f79572" + "642d8eb6b5f391bf4b6f56365164fa45" ], [ "Lib.Exponentiation.exp_four_fw_lemma_loop", @@ -1683,7 +1682,7 @@ "well-founded-ordering-on-nat" ], 0, - "31d3f74e110cb9b832f519173494cd0b" + "35004e8fafead714c2212f09afa61f59" ], [ "Lib.Exponentiation.exp_four_fw_acc0_lemma", @@ -1723,7 +1722,7 @@ "equation_Prims.pos", "fuel_guarded_inversion_Lib.Exponentiation.Definition.comm_monoid", "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "int_typing", + "int_inversion", "interpretation_Tm_abs_5856999f765083806fadfe8f689df685", "interpretation_Tm_abs_c95910fed43d6f86affe4d87e5d85797", "primitive_Prims.op_Division", "primitive_Prims.op_Equality", diff --git a/hints/Test.Hash.fst.hints b/hints/Test.Hash.fst.hints index fd812b05fb..a810f1f0f8 100644 --- a/hints/Test.Hash.fst.hints +++ b/hints/Test.Hash.fst.hints @@ -56,7 +56,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_384@tok" ], 0, - "1a7a74cd57a4233dc845a6885b19869d" + "1add18748b32081079bb27357eb88c90" ], [ "Test.Hash.test_incremental_api", @@ -128,10 +128,9 @@ "equation_LowStar.Monotonic.Buffer.fresh_loc", "equation_LowStar.Monotonic.Buffer.length", "equation_LowStar.Monotonic.Buffer.loc_in", "equation_Prims.eqtype", - "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Prims.nat", "equation_Spec.AES.gf8", "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", "equation_Spec.Hash.Definitions.less_than_max_input_length", - "equation_Spec.Hash.Definitions.max_input_length", "function_token_typing_EverCrypt.Hash.state", "function_token_typing_FStar.Monotonic.Heap.heap", "function_token_typing_Hacl.Streaming.Blake2.unit_key", @@ -199,7 +198,6 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Integers.Signed__0", "projection_inverse_FStar.Integers.Unsigned__0", - "projection_inverse_FStar.Pervasives.Native.Some_v", "projection_inverse_Hacl.Streaming.Interface.Block_key", "projection_inverse_Hacl.Streaming.Interface.Block_km", "projection_inverse_Hacl.Streaming.Interface.Block_max_input_len", @@ -258,8 +256,8 @@ "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.Set.complement", "typing_FStar.Set.singleton", - "typing_FStar.UInt.fits", "typing_FStar.UInt32.v", - "typing_FStar.UInt64.v", "typing_Hacl.Streaming.Functor.footprint", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.v", + "typing_Hacl.Streaming.Functor.footprint", "typing_Hacl.Streaming.Functor.state_s", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.unsigned", "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", @@ -277,7 +275,7 @@ "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" ], 0, - "63c87296a53aec1402042a5a1d867b26" + "9f06e99fa29b9b5dfbc9f97743262291" ] ] ] \ No newline at end of file diff --git a/hints/Test.fst.hints b/hints/Test.fst.hints index a4f362ce8d..5c74971342 100644 --- a/hints/Test.fst.hints +++ b/hints/Test.fst.hints @@ -70,7 +70,7 @@ "projection_inverse_FStar.Integers.Unsigned__0" ], 0, - "c467e4468bb2ab445f1a3d403ca9fa50" + "6305a0425961643c4c6d6eeb1bf0f9b8" ], [ "Test.aead_max_length32", @@ -145,7 +145,7 @@ "typing_tok_Spec.Blake2.Blake2S@tok" ], 0, - "f1455dca47d1419d55a882e44853a335" + "5ad9e4210a2034b04fc3fccb00b88fee" ], [ "Test.aead_tag_length32", @@ -220,7 +220,7 @@ "typing_Spec.GaloisField.__proj__GF__item__t" ], 0, - "9ec1616f823abaf521bd390a63ada09a" + "d06c9506e7224af29bb19a390c5304d8" ], [ "Test.aead_iv_length32", @@ -286,7 +286,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d58bb44917a8b2fa6c00e050228f4c4e" + "d585c155167a92fc9439cd67d2c08adc" ], [ "Test.test_aead_st", @@ -522,7 +522,7 @@ "typing_tok_Spec.Blake2.Blake2S@tok", "unit_inversion", "unit_typing" ], 0, - "963b4187b299482f9343d14c0b73db65" + "ea41a68885e6da44eddf65064736e739" ], [ "Test.alg_of_alg", @@ -537,7 +537,7 @@ "fuel_guarded_inversion_Test.Vectors.cipher" ], 0, - "72a620e470dc6186b9bcff238c822da8" + "aa20fd0ad990ac34b27732a84b3d3082" ], [ "Test.test_aead_loop", @@ -623,7 +623,7 @@ "typing_Test.alg_of_alg" ], 0, - "2b93488c1ebfc573553acc3768b5c25e" + "edac8e3be1858245bb74c8d64cc48dfe" ], [ "Test.test_aes128_gcm_loop", @@ -690,7 +690,7 @@ "typing_Test.Vectors.Aes128Gcm.vectors_len" ], 0, - "f28de6b866dbe38a2cc0bf6dff13b759" + "28494108f6827e5e7d2ff5b81571da88" ], [ "Test.nonce_bound", @@ -747,7 +747,7 @@ "typing_tok_Spec.Agile.Cipher.AES256@tok" ], 0, - "5fa1f5d66c07ff95eeb364ad3e180d76" + "42dbaef18a95b30574a0226fd7f5a29e" ], [ "Test.block_len", @@ -771,7 +771,7 @@ "projection_inverse_FStar.Integers.Unsigned__0" ], 0, - "127ab0fddcc85f87261dc161e3f9ca8c" + "d4f3bc8029694839a9d62139e846d8fe" ], [ "Test.key_len", @@ -810,7 +810,7 @@ "projection_inverse_FStar.Integers.Unsigned__0" ], 0, - "1bb4f7a9df8b4872dbbd9f812264ccec" + "c8f6fe6dfee6b1517a66c73ed4cf94a7" ], [ "Test.test_rng", @@ -823,7 +823,7 @@ "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro" ], 0, - "e2b67d8bb4b809e4231691f42151764c" + "7a7dfab30348fa1da17e95463236685c" ], [ "Test.test_dh", @@ -836,7 +836,7 @@ "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro" ], 0, - "7c0d51921b2d5102ca74600bf0efcf8b" + "02188c9ef458022dd96c88f741164398" ], [ "Test.check_static_config", @@ -850,7 +850,7 @@ "lemma_FStar.HyperStack.ST.lemma_equal_domains_trans" ], 0, - "d9d2c5240b1ac34f8fe1c61c9662ddd0" + "ff527e312b03dde82d719ac30672c413" ], [ "Test.set_config", @@ -881,7 +881,7 @@ "typing_FStar.Monotonic.HyperStack.get_hmap" ], 0, - "d62eaa3ea56015f36bca05074fea5b17" + "dea10e761df7f2c40eef5809f4be6e6c" ], [ "Test.print_config", @@ -927,7 +927,7 @@ "unit_typing" ], 0, - "7eafbe6a9b82e435f91a9de39b9b6859" + "15f6d1a997b80c27eebfa4f14ccf32ed" ], [ "Test.ts_nil", @@ -940,7 +940,7 @@ "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro" ], 0, - "47484695b2a8a541cf1e92bf8e0fd784" + "b21bdd52b39647a2d6270d6e62e8badc" ], [ "Test.ts_one", @@ -966,7 +966,7 @@ "typing_FStar.Monotonic.HyperStack.get_hmap" ], 0, - "6d058b2c337a037a6235ec89226b7d79" + "3d4e460ebe926e5bf816f1b74de72e8f" ], [ "Test.ts_append", @@ -981,7 +981,7 @@ "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt" ], 0, - "3c19ab80cefccc2c04685f471eb772bc" + "2d8bf9906088f1384e9cf1ee3d1a0879" ], [ "Test.test_poly1305_body", @@ -1006,7 +1006,7 @@ "typing_FStar.Monotonic.HyperStack.get_hmap" ], 0, - "6a817d02b8c08a733b62a62112304023" + "1f8bb49cf25d8f856db868bb16ea232a" ], [ "Test.test_curve25519_body", @@ -1031,7 +1031,7 @@ "typing_FStar.Monotonic.HyperStack.get_hmap" ], 0, - "a31f58bad925254373c55cbe368c74ed" + "1ac688cf0bec8e0c00c41328105910ab" ], [ "Test.test_aes_gcm_body", @@ -1053,7 +1053,7 @@ "typing_FStar.Monotonic.HyperStack.get_tip" ], 0, - "b8f53365d07f197458ba5f93e26f954a" + "210ab07a0b3e92a6ec1d03ee1d3828d6" ], [ "Test.test_chacha20poly1305_body", @@ -1077,7 +1077,7 @@ "typing_FStar.Monotonic.HyperStack.get_tip" ], 0, - "301166b8ad3a7496dfe4b252228cc2b9" + "2f694c6bcb6c70f91b70d40879d4828d" ], [ "Test.test_hash_body", @@ -1107,7 +1107,7 @@ "typing_FStar.Monotonic.HyperStack.get_tip" ], 0, - "b3f797dad655a1a11f7b05b0483a7379" + "f4594b005abc3429c87954a27fe17f41" ], [ "Test.test_chacha20_body", @@ -1132,7 +1132,7 @@ "typing_FStar.Monotonic.HyperStack.get_hmap" ], 0, - "a6d04ea86b3d3596589ff96521acf3f8" + "e11a9cc7471e483fbb77c5535409485f" ], [ "Test.print_sep", @@ -1146,7 +1146,7 @@ "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro" ], 0, - "f47d51744c6e4c28a1e3e036715f4dda" + "f442f6b547437645219f7eada3c6bd64" ], [ "Test.test_all", @@ -1168,7 +1168,7 @@ "typing_FStar.Monotonic.HyperStack.get_tip" ], 0, - "25d14d0bf72e3a7a33d3d96d81212323" + "9e33f70f610114e75967618b0cf03163" ], [ "Test.main", @@ -1222,7 +1222,7 @@ "typing_tok_C.EXIT_SUCCESS@tok" ], 0, - "19a4ece304f23d9a26d30e7f07f61cd8" + "1b19c84b226369d5c5a7325f4c2f15ba" ] ] ] \ No newline at end of file diff --git a/lib/Lib.MultiBuffer.fst b/lib/Lib.MultiBuffer.fst index f5c4f5502b..c065889c1b 100644 --- a/lib/Lib.MultiBuffer.fst +++ b/lib/Lib.MultiBuffer.fst @@ -76,8 +76,8 @@ let modifies_multi #lanes #len (b:multibuf lanes len) (h0:mem) (h1:mem) = let stack_allocated_multi #lanes #len (b:multibuf lanes len) (h0:mem) (h1:mem) (s:lseq uint8 (v len)) = forall i. i < lanes ==> stack_allocated b.(|i|) h0 h1 s -let multiseq (lanes:flen) (len:size_nat) = - ntuple (lseq uint8 len) lanes +let multiseq (lanes:flen) (len:nat) = + ntuple (Seq.lseq uint8 len) lanes let as_seq_multi #lanes #len (h:mem) (b:multibuf lanes len) : GTot (multiseq lanes (v len)) = gmap (as_seq h) b diff --git a/tests/sha2-mb-test.c b/tests/sha2-mb-test.c index dd21fa26ab..4975fcb4dc 100644 --- a/tests/sha2-mb-test.c +++ b/tests/sha2-mb-test.c @@ -11,7 +11,7 @@ #include "test_helpers.h" -#include "Hacl_SHA2_Scalar32.h" +#include "Hacl_Streaming_SHA2.h" #if defined(HACL_CAN_COMPILE_VEC128) #include "Hacl_SHA2_Vec128.h" @@ -39,11 +39,11 @@ bool print_test1(uint8_t* in, int in_len, uint8_t* exp256, uint8_t* exp512){ uint8_t comp256[32] = {0}; uint8_t comp512[64] = {0}; - Hacl_SHA2_Scalar32_sha256(comp256,in_len,in); + Hacl_Streaming_SHA2_sha256(comp256,in_len,in); printf("NEW SHA2-256 (32-bit) Result:\n"); bool ok = print_result(comp256,exp256,32); - Hacl_SHA2_Scalar32_sha512(comp512,in_len,in); + Hacl_Streaming_SHA2_sha512(comp512,in_len,in); printf("NEW SHA2-512 (32-bit) Result:\n"); ok = print_result(comp512,exp512,64) && ok; @@ -147,13 +147,13 @@ int main() memset(plain,'P',SIZE); for (int j = 0; j < ROUNDS; j++) { - Hacl_SHA2_Scalar32_sha256(plain,SIZE,plain); + Hacl_Streaming_SHA2_sha256(plain,SIZE,plain); } t1 = clock(); a = cpucycles_begin(); for (int j = 0; j < ROUNDS; j++) { - Hacl_SHA2_Scalar32_sha256(plain,SIZE,plain); + Hacl_Streaming_SHA2_sha256(plain,SIZE,plain); } b = cpucycles_end(); t2 = clock(); @@ -196,13 +196,13 @@ int main() #endif for (int j = 0; j < ROUNDS; j++) { - Hacl_SHA2_Scalar32_sha512(plain,SIZE,plain); + Hacl_Streaming_SHA2_sha512(plain,SIZE,plain); } t1 = clock(); a = cpucycles_begin(); for (int j = 0; j < ROUNDS; j++) { - Hacl_SHA2_Scalar32_sha512(plain,SIZE,plain); + Hacl_Streaming_SHA2_sha512(plain,SIZE,plain); } b = cpucycles_end(); t2 = clock();