grpc 1.28.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7694 -11190
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +22 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +19 -21
- data/include/grpc/impl/codegen/port_platform.h +6 -2
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +203 -236
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
- data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
- data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +5 -5
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +52 -39
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +329 -297
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- metadata +111 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
|
@@ -1,19 +1,30 @@
|
|
|
1
|
-
/* Autogenerated */
|
|
1
|
+
/* Autogenerated: src/ExtractionOCaml/unsaturated_solinas --static 25519 5 '2^255 - 19' 64 carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes carry_scmul121666 */
|
|
2
2
|
/* curve description: 25519 */
|
|
3
|
-
/* requested operations: carry_mul, carry_square,
|
|
3
|
+
/* requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, carry_scmul121666 */
|
|
4
4
|
/* n = 5 (from "5") */
|
|
5
|
-
/* s =
|
|
6
|
-
/* c = [(1, 19)] (from "1,19") */
|
|
5
|
+
/* s-c = 2^255 - [(1, 19)] (from "2^255 - 19") */
|
|
7
6
|
/* machine_wordsize = 64 (from "64") */
|
|
8
7
|
|
|
8
|
+
/* Computed values: */
|
|
9
|
+
/* carry_chain = [0, 1, 2, 3, 4, 0, 1] */
|
|
10
|
+
|
|
9
11
|
#include <stdint.h>
|
|
10
12
|
typedef unsigned char fiat_25519_uint1;
|
|
11
13
|
typedef signed char fiat_25519_int1;
|
|
12
14
|
typedef signed __int128 fiat_25519_int128;
|
|
13
15
|
typedef unsigned __int128 fiat_25519_uint128;
|
|
14
16
|
|
|
17
|
+
#if (-1 & 3) != 3
|
|
18
|
+
#error "This code only works on a two's complement system"
|
|
19
|
+
#endif
|
|
20
|
+
|
|
15
21
|
|
|
16
22
|
/*
|
|
23
|
+
* The function fiat_25519_addcarryx_u51 is an addition with carry.
|
|
24
|
+
* Postconditions:
|
|
25
|
+
* out1 = (arg1 + arg2 + arg3) mod 2^51
|
|
26
|
+
* out2 = ⌊(arg1 + arg2 + arg3) / 2^51⌋
|
|
27
|
+
*
|
|
17
28
|
* Input Bounds:
|
|
18
29
|
* arg1: [0x0 ~> 0x1]
|
|
19
30
|
* arg2: [0x0 ~> 0x7ffffffffffff]
|
|
@@ -31,6 +42,11 @@ static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fia
|
|
|
31
42
|
}
|
|
32
43
|
|
|
33
44
|
/*
|
|
45
|
+
* The function fiat_25519_subborrowx_u51 is a subtraction with borrow.
|
|
46
|
+
* Postconditions:
|
|
47
|
+
* out1 = (-arg1 + arg2 + -arg3) mod 2^51
|
|
48
|
+
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^51⌋
|
|
49
|
+
*
|
|
34
50
|
* Input Bounds:
|
|
35
51
|
* arg1: [0x0 ~> 0x1]
|
|
36
52
|
* arg2: [0x0 ~> 0x7ffffffffffff]
|
|
@@ -48,6 +64,10 @@ static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fi
|
|
|
48
64
|
}
|
|
49
65
|
|
|
50
66
|
/*
|
|
67
|
+
* The function fiat_25519_cmovznz_u64 is a single-word conditional move.
|
|
68
|
+
* Postconditions:
|
|
69
|
+
* out1 = (if arg1 = 0 then arg2 else arg3)
|
|
70
|
+
*
|
|
51
71
|
* Input Bounds:
|
|
52
72
|
* arg1: [0x0 ~> 0x1]
|
|
53
73
|
* arg2: [0x0 ~> 0xffffffffffffffff]
|
|
@@ -69,6 +89,10 @@ static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64
|
|
|
69
89
|
}
|
|
70
90
|
|
|
71
91
|
/*
|
|
92
|
+
* The function fiat_25519_carry_mul multiplies two field elements and reduces the result.
|
|
93
|
+
* Postconditions:
|
|
94
|
+
* eval out1 mod m = (eval arg1 * eval arg2) mod m
|
|
95
|
+
*
|
|
72
96
|
* Input Bounds:
|
|
73
97
|
* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
|
|
74
98
|
* arg2: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
|
|
@@ -76,16 +100,16 @@ static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64
|
|
|
76
100
|
* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
77
101
|
*/
|
|
78
102
|
static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
|
|
79
|
-
fiat_25519_uint128 x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) *
|
|
80
|
-
fiat_25519_uint128 x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) *
|
|
81
|
-
fiat_25519_uint128 x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) *
|
|
82
|
-
fiat_25519_uint128 x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) *
|
|
83
|
-
fiat_25519_uint128 x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) *
|
|
84
|
-
fiat_25519_uint128 x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) *
|
|
85
|
-
fiat_25519_uint128 x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) *
|
|
86
|
-
fiat_25519_uint128 x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) *
|
|
87
|
-
fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) *
|
|
88
|
-
fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) *
|
|
103
|
+
fiat_25519_uint128 x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
104
|
+
fiat_25519_uint128 x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) * UINT8_C(0x13)));
|
|
105
|
+
fiat_25519_uint128 x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) * UINT8_C(0x13)));
|
|
106
|
+
fiat_25519_uint128 x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) * UINT8_C(0x13)));
|
|
107
|
+
fiat_25519_uint128 x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
108
|
+
fiat_25519_uint128 x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) * UINT8_C(0x13)));
|
|
109
|
+
fiat_25519_uint128 x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) * UINT8_C(0x13)));
|
|
110
|
+
fiat_25519_uint128 x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
111
|
+
fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) * UINT8_C(0x13)));
|
|
112
|
+
fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
89
113
|
fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[4]) * (arg2[0]));
|
|
90
114
|
fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[3]) * (arg2[1]));
|
|
91
115
|
fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[3]) * (arg2[0]));
|
|
@@ -120,12 +144,12 @@ static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const
|
|
|
120
144
|
fiat_25519_uint128 x42 = (x40 + x29);
|
|
121
145
|
uint64_t x43 = (uint64_t)(x42 >> 51);
|
|
122
146
|
uint64_t x44 = (uint64_t)(x42 & UINT64_C(0x7ffffffffffff));
|
|
123
|
-
uint64_t x45 = (x43 *
|
|
147
|
+
uint64_t x45 = (x43 * UINT8_C(0x13));
|
|
124
148
|
uint64_t x46 = (x28 + x45);
|
|
125
149
|
uint64_t x47 = (x46 >> 51);
|
|
126
150
|
uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff));
|
|
127
151
|
uint64_t x49 = (x47 + x35);
|
|
128
|
-
|
|
152
|
+
fiat_25519_uint1 x50 = (fiat_25519_uint1)(x49 >> 51);
|
|
129
153
|
uint64_t x51 = (x49 & UINT64_C(0x7ffffffffffff));
|
|
130
154
|
uint64_t x52 = (x50 + x38);
|
|
131
155
|
out1[0] = x48;
|
|
@@ -136,20 +160,24 @@ static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const
|
|
|
136
160
|
}
|
|
137
161
|
|
|
138
162
|
/*
|
|
163
|
+
* The function fiat_25519_carry_square squares a field element and reduces the result.
|
|
164
|
+
* Postconditions:
|
|
165
|
+
* eval out1 mod m = (eval arg1 * eval arg1) mod m
|
|
166
|
+
*
|
|
139
167
|
* Input Bounds:
|
|
140
168
|
* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
|
|
141
169
|
* Output Bounds:
|
|
142
170
|
* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
143
171
|
*/
|
|
144
172
|
static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
145
|
-
uint64_t x1 = ((arg1[4]) *
|
|
146
|
-
uint64_t x2 = (x1 *
|
|
147
|
-
uint64_t x3 = ((arg1[4]) *
|
|
148
|
-
uint64_t x4 = ((arg1[3]) *
|
|
149
|
-
uint64_t x5 = (x4 *
|
|
150
|
-
uint64_t x6 = ((arg1[3]) *
|
|
151
|
-
uint64_t x7 = ((arg1[2]) *
|
|
152
|
-
uint64_t x8 = ((arg1[1]) *
|
|
173
|
+
uint64_t x1 = ((arg1[4]) * UINT8_C(0x13));
|
|
174
|
+
uint64_t x2 = (x1 * 0x2);
|
|
175
|
+
uint64_t x3 = ((arg1[4]) * 0x2);
|
|
176
|
+
uint64_t x4 = ((arg1[3]) * UINT8_C(0x13));
|
|
177
|
+
uint64_t x5 = (x4 * 0x2);
|
|
178
|
+
uint64_t x6 = ((arg1[3]) * 0x2);
|
|
179
|
+
uint64_t x7 = ((arg1[2]) * 0x2);
|
|
180
|
+
uint64_t x8 = ((arg1[1]) * 0x2);
|
|
153
181
|
fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[4]) * x1);
|
|
154
182
|
fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[3]) * x2);
|
|
155
183
|
fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[3]) * x4);
|
|
@@ -184,12 +212,12 @@ static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
|
184
212
|
fiat_25519_uint128 x40 = (x38 + x27);
|
|
185
213
|
uint64_t x41 = (uint64_t)(x40 >> 51);
|
|
186
214
|
uint64_t x42 = (uint64_t)(x40 & UINT64_C(0x7ffffffffffff));
|
|
187
|
-
uint64_t x43 = (x41 *
|
|
215
|
+
uint64_t x43 = (x41 * UINT8_C(0x13));
|
|
188
216
|
uint64_t x44 = (x26 + x43);
|
|
189
217
|
uint64_t x45 = (x44 >> 51);
|
|
190
218
|
uint64_t x46 = (x44 & UINT64_C(0x7ffffffffffff));
|
|
191
219
|
uint64_t x47 = (x45 + x33);
|
|
192
|
-
|
|
220
|
+
fiat_25519_uint1 x48 = (fiat_25519_uint1)(x47 >> 51);
|
|
193
221
|
uint64_t x49 = (x47 & UINT64_C(0x7ffffffffffff));
|
|
194
222
|
uint64_t x50 = (x48 + x36);
|
|
195
223
|
out1[0] = x46;
|
|
@@ -200,47 +228,10 @@ static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
|
200
228
|
}
|
|
201
229
|
|
|
202
230
|
/*
|
|
203
|
-
*
|
|
204
|
-
*
|
|
205
|
-
*
|
|
206
|
-
*
|
|
207
|
-
*/
|
|
208
|
-
static void fiat_25519_carry_scmul_121666(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
209
|
-
fiat_25519_uint128 x1 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[4]));
|
|
210
|
-
fiat_25519_uint128 x2 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[3]));
|
|
211
|
-
fiat_25519_uint128 x3 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[2]));
|
|
212
|
-
fiat_25519_uint128 x4 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[1]));
|
|
213
|
-
fiat_25519_uint128 x5 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[0]));
|
|
214
|
-
uint64_t x6 = (uint64_t)(x5 >> 51);
|
|
215
|
-
uint64_t x7 = (uint64_t)(x5 & UINT64_C(0x7ffffffffffff));
|
|
216
|
-
fiat_25519_uint128 x8 = (x6 + x4);
|
|
217
|
-
uint64_t x9 = (uint64_t)(x8 >> 51);
|
|
218
|
-
uint64_t x10 = (uint64_t)(x8 & UINT64_C(0x7ffffffffffff));
|
|
219
|
-
fiat_25519_uint128 x11 = (x9 + x3);
|
|
220
|
-
uint64_t x12 = (uint64_t)(x11 >> 51);
|
|
221
|
-
uint64_t x13 = (uint64_t)(x11 & UINT64_C(0x7ffffffffffff));
|
|
222
|
-
fiat_25519_uint128 x14 = (x12 + x2);
|
|
223
|
-
uint64_t x15 = (uint64_t)(x14 >> 51);
|
|
224
|
-
uint64_t x16 = (uint64_t)(x14 & UINT64_C(0x7ffffffffffff));
|
|
225
|
-
fiat_25519_uint128 x17 = (x15 + x1);
|
|
226
|
-
uint64_t x18 = (uint64_t)(x17 >> 51);
|
|
227
|
-
uint64_t x19 = (uint64_t)(x17 & UINT64_C(0x7ffffffffffff));
|
|
228
|
-
uint64_t x20 = (x18 * (uint64_t)UINT8_C(0x13));
|
|
229
|
-
uint64_t x21 = (x7 + x20);
|
|
230
|
-
uint64_t x22 = (x21 >> 51);
|
|
231
|
-
uint64_t x23 = (x21 & UINT64_C(0x7ffffffffffff));
|
|
232
|
-
uint64_t x24 = (x22 + x10);
|
|
233
|
-
uint64_t x25 = (x24 >> 51);
|
|
234
|
-
uint64_t x26 = (x24 & UINT64_C(0x7ffffffffffff));
|
|
235
|
-
uint64_t x27 = (x25 + x13);
|
|
236
|
-
out1[0] = x23;
|
|
237
|
-
out1[1] = x26;
|
|
238
|
-
out1[2] = x27;
|
|
239
|
-
out1[3] = x16;
|
|
240
|
-
out1[4] = x19;
|
|
241
|
-
}
|
|
242
|
-
|
|
243
|
-
/*
|
|
231
|
+
* The function fiat_25519_carry reduces a field element.
|
|
232
|
+
* Postconditions:
|
|
233
|
+
* eval out1 mod m = eval arg1 mod m
|
|
234
|
+
*
|
|
244
235
|
* Input Bounds:
|
|
245
236
|
* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
|
|
246
237
|
* Output Bounds:
|
|
@@ -252,11 +243,11 @@ static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
|
252
243
|
uint64_t x3 = ((x2 >> 51) + (arg1[2]));
|
|
253
244
|
uint64_t x4 = ((x3 >> 51) + (arg1[3]));
|
|
254
245
|
uint64_t x5 = ((x4 >> 51) + (arg1[4]));
|
|
255
|
-
uint64_t x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) *
|
|
256
|
-
uint64_t x7 = ((x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff)));
|
|
246
|
+
uint64_t x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) * UINT8_C(0x13)));
|
|
247
|
+
uint64_t x7 = ((fiat_25519_uint1)(x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff)));
|
|
257
248
|
uint64_t x8 = (x6 & UINT64_C(0x7ffffffffffff));
|
|
258
249
|
uint64_t x9 = (x7 & UINT64_C(0x7ffffffffffff));
|
|
259
|
-
uint64_t x10 = ((x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff)));
|
|
250
|
+
uint64_t x10 = ((fiat_25519_uint1)(x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff)));
|
|
260
251
|
uint64_t x11 = (x4 & UINT64_C(0x7ffffffffffff));
|
|
261
252
|
uint64_t x12 = (x5 & UINT64_C(0x7ffffffffffff));
|
|
262
253
|
out1[0] = x8;
|
|
@@ -267,6 +258,10 @@ static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
|
267
258
|
}
|
|
268
259
|
|
|
269
260
|
/*
|
|
261
|
+
* The function fiat_25519_add adds two field elements.
|
|
262
|
+
* Postconditions:
|
|
263
|
+
* eval out1 mod m = (eval arg1 + eval arg2) mod m
|
|
264
|
+
*
|
|
270
265
|
* Input Bounds:
|
|
271
266
|
* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
272
267
|
* arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
@@ -287,6 +282,10 @@ static void fiat_25519_add(uint64_t out1[5], const uint64_t arg1[5], const uint6
|
|
|
287
282
|
}
|
|
288
283
|
|
|
289
284
|
/*
|
|
285
|
+
* The function fiat_25519_sub subtracts two field elements.
|
|
286
|
+
* Postconditions:
|
|
287
|
+
* eval out1 mod m = (eval arg1 - eval arg2) mod m
|
|
288
|
+
*
|
|
290
289
|
* Input Bounds:
|
|
291
290
|
* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
292
291
|
* arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
@@ -307,6 +306,10 @@ static void fiat_25519_sub(uint64_t out1[5], const uint64_t arg1[5], const uint6
|
|
|
307
306
|
}
|
|
308
307
|
|
|
309
308
|
/*
|
|
309
|
+
* The function fiat_25519_opp negates a field element.
|
|
310
|
+
* Postconditions:
|
|
311
|
+
* eval out1 mod m = -eval arg1 mod m
|
|
312
|
+
*
|
|
310
313
|
* Input Bounds:
|
|
311
314
|
* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
312
315
|
* Output Bounds:
|
|
@@ -326,6 +329,10 @@ static void fiat_25519_opp(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
|
326
329
|
}
|
|
327
330
|
|
|
328
331
|
/*
|
|
332
|
+
* The function fiat_25519_selectznz is a multi-limb conditional select.
|
|
333
|
+
* Postconditions:
|
|
334
|
+
* eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
|
|
335
|
+
*
|
|
329
336
|
* Input Bounds:
|
|
330
337
|
* arg1: [0x0 ~> 0x1]
|
|
331
338
|
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
|
@@ -352,6 +359,10 @@ static void fiat_25519_selectznz(uint64_t out1[5], fiat_25519_uint1 arg1, const
|
|
|
352
359
|
}
|
|
353
360
|
|
|
354
361
|
/*
|
|
362
|
+
* The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order.
|
|
363
|
+
* Postconditions:
|
|
364
|
+
* out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31]
|
|
365
|
+
*
|
|
355
366
|
* Input Bounds:
|
|
356
367
|
* arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
357
368
|
* Output Bounds:
|
|
@@ -377,19 +388,19 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) {
|
|
|
377
388
|
fiat_25519_cmovznz_u64(&x11, x10, 0x0, UINT64_C(0xffffffffffffffff));
|
|
378
389
|
uint64_t x12;
|
|
379
390
|
fiat_25519_uint1 x13;
|
|
380
|
-
fiat_25519_addcarryx_u51(&x12, &x13, 0x0, (x11 & UINT64_C(0x7ffffffffffed))
|
|
391
|
+
fiat_25519_addcarryx_u51(&x12, &x13, 0x0, x1, (x11 & UINT64_C(0x7ffffffffffed)));
|
|
381
392
|
uint64_t x14;
|
|
382
393
|
fiat_25519_uint1 x15;
|
|
383
|
-
fiat_25519_addcarryx_u51(&x14, &x15, x13, (x11 & UINT64_C(0x7ffffffffffff))
|
|
394
|
+
fiat_25519_addcarryx_u51(&x14, &x15, x13, x3, (x11 & UINT64_C(0x7ffffffffffff)));
|
|
384
395
|
uint64_t x16;
|
|
385
396
|
fiat_25519_uint1 x17;
|
|
386
|
-
fiat_25519_addcarryx_u51(&x16, &x17, x15, (x11 & UINT64_C(0x7ffffffffffff))
|
|
397
|
+
fiat_25519_addcarryx_u51(&x16, &x17, x15, x5, (x11 & UINT64_C(0x7ffffffffffff)));
|
|
387
398
|
uint64_t x18;
|
|
388
399
|
fiat_25519_uint1 x19;
|
|
389
|
-
fiat_25519_addcarryx_u51(&x18, &x19, x17, (x11 & UINT64_C(0x7ffffffffffff))
|
|
400
|
+
fiat_25519_addcarryx_u51(&x18, &x19, x17, x7, (x11 & UINT64_C(0x7ffffffffffff)));
|
|
390
401
|
uint64_t x20;
|
|
391
402
|
fiat_25519_uint1 x21;
|
|
392
|
-
fiat_25519_addcarryx_u51(&x20, &x21, x19, (x11 & UINT64_C(0x7ffffffffffff))
|
|
403
|
+
fiat_25519_addcarryx_u51(&x20, &x21, x19, x9, (x11 & UINT64_C(0x7ffffffffffff)));
|
|
393
404
|
uint64_t x22 = (x20 << 4);
|
|
394
405
|
uint64_t x23 = (x18 * (uint64_t)0x2);
|
|
395
406
|
uint64_t x24 = (x16 << 6);
|
|
@@ -495,6 +506,10 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) {
|
|
|
495
506
|
}
|
|
496
507
|
|
|
497
508
|
/*
|
|
509
|
+
* The function fiat_25519_from_bytes deserializes a field element from bytes in little-endian order.
|
|
510
|
+
* Postconditions:
|
|
511
|
+
* eval out1 mod m = bytes_eval arg1 mod m
|
|
512
|
+
*
|
|
498
513
|
* Input Bounds:
|
|
499
514
|
* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
|
|
500
515
|
* Output Bounds:
|
|
@@ -557,3 +572,48 @@ static void fiat_25519_from_bytes(uint64_t out1[5], const uint8_t arg1[32]) {
|
|
|
557
572
|
out1[4] = x49;
|
|
558
573
|
}
|
|
559
574
|
|
|
575
|
+
/*
|
|
576
|
+
* The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result.
|
|
577
|
+
* Postconditions:
|
|
578
|
+
* eval out1 mod m = (121666 * eval arg1) mod m
|
|
579
|
+
*
|
|
580
|
+
* Input Bounds:
|
|
581
|
+
* arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
|
|
582
|
+
* Output Bounds:
|
|
583
|
+
* out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
|
|
584
|
+
*/
|
|
585
|
+
static void fiat_25519_carry_scmul_121666(uint64_t out1[5], const uint64_t arg1[5]) {
|
|
586
|
+
fiat_25519_uint128 x1 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[4]));
|
|
587
|
+
fiat_25519_uint128 x2 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[3]));
|
|
588
|
+
fiat_25519_uint128 x3 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[2]));
|
|
589
|
+
fiat_25519_uint128 x4 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[1]));
|
|
590
|
+
fiat_25519_uint128 x5 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[0]));
|
|
591
|
+
uint64_t x6 = (uint64_t)(x5 >> 51);
|
|
592
|
+
uint64_t x7 = (uint64_t)(x5 & UINT64_C(0x7ffffffffffff));
|
|
593
|
+
fiat_25519_uint128 x8 = (x6 + x4);
|
|
594
|
+
uint64_t x9 = (uint64_t)(x8 >> 51);
|
|
595
|
+
uint64_t x10 = (uint64_t)(x8 & UINT64_C(0x7ffffffffffff));
|
|
596
|
+
fiat_25519_uint128 x11 = (x9 + x3);
|
|
597
|
+
uint64_t x12 = (uint64_t)(x11 >> 51);
|
|
598
|
+
uint64_t x13 = (uint64_t)(x11 & UINT64_C(0x7ffffffffffff));
|
|
599
|
+
fiat_25519_uint128 x14 = (x12 + x2);
|
|
600
|
+
uint64_t x15 = (uint64_t)(x14 >> 51);
|
|
601
|
+
uint64_t x16 = (uint64_t)(x14 & UINT64_C(0x7ffffffffffff));
|
|
602
|
+
fiat_25519_uint128 x17 = (x15 + x1);
|
|
603
|
+
uint64_t x18 = (uint64_t)(x17 >> 51);
|
|
604
|
+
uint64_t x19 = (uint64_t)(x17 & UINT64_C(0x7ffffffffffff));
|
|
605
|
+
uint64_t x20 = (x18 * UINT8_C(0x13));
|
|
606
|
+
uint64_t x21 = (x7 + x20);
|
|
607
|
+
fiat_25519_uint1 x22 = (fiat_25519_uint1)(x21 >> 51);
|
|
608
|
+
uint64_t x23 = (x21 & UINT64_C(0x7ffffffffffff));
|
|
609
|
+
uint64_t x24 = (x22 + x10);
|
|
610
|
+
fiat_25519_uint1 x25 = (fiat_25519_uint1)(x24 >> 51);
|
|
611
|
+
uint64_t x26 = (x24 & UINT64_C(0x7ffffffffffff));
|
|
612
|
+
uint64_t x27 = (x25 + x13);
|
|
613
|
+
out1[0] = x23;
|
|
614
|
+
out1[1] = x26;
|
|
615
|
+
out1[2] = x27;
|
|
616
|
+
out1[3] = x16;
|
|
617
|
+
out1[4] = x19;
|
|
618
|
+
}
|
|
619
|
+
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
/* Autogenerated */
|
|
1
|
+
/* Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --static p256 '2^256 - 2^224 + 2^192 + 2^96 - 1' 32 mul square add sub opp from_montgomery nonzero selectznz to_bytes from_bytes */
|
|
2
2
|
/* curve description: p256 */
|
|
3
|
-
/* requested operations:
|
|
3
|
+
/* requested operations: mul, square, add, sub, opp, from_montgomery, nonzero, selectznz, to_bytes, from_bytes */
|
|
4
4
|
/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */
|
|
5
5
|
/* machine_wordsize = 32 (from "32") */
|
|
6
6
|
/* */
|
|
@@ -15,8 +15,17 @@
|
|
|
15
15
|
typedef unsigned char fiat_p256_uint1;
|
|
16
16
|
typedef signed char fiat_p256_int1;
|
|
17
17
|
|
|
18
|
+
#if (-1 & 3) != 3
|
|
19
|
+
#error "This code only works on a two's complement system"
|
|
20
|
+
#endif
|
|
21
|
+
|
|
18
22
|
|
|
19
23
|
/*
|
|
24
|
+
* The function fiat_p256_addcarryx_u32 is an addition with carry.
|
|
25
|
+
* Postconditions:
|
|
26
|
+
* out1 = (arg1 + arg2 + arg3) mod 2^32
|
|
27
|
+
* out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋
|
|
28
|
+
*
|
|
20
29
|
* Input Bounds:
|
|
21
30
|
* arg1: [0x0 ~> 0x1]
|
|
22
31
|
* arg2: [0x0 ~> 0xffffffff]
|
|
@@ -34,6 +43,11 @@ static void fiat_p256_addcarryx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat_
|
|
|
34
43
|
}
|
|
35
44
|
|
|
36
45
|
/*
|
|
46
|
+
* The function fiat_p256_subborrowx_u32 is a subtraction with borrow.
|
|
47
|
+
* Postconditions:
|
|
48
|
+
* out1 = (-arg1 + arg2 + -arg3) mod 2^32
|
|
49
|
+
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋
|
|
50
|
+
*
|
|
37
51
|
* Input Bounds:
|
|
38
52
|
* arg1: [0x0 ~> 0x1]
|
|
39
53
|
* arg2: [0x0 ~> 0xffffffff]
|
|
@@ -51,6 +65,11 @@ static void fiat_p256_subborrowx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat
|
|
|
51
65
|
}
|
|
52
66
|
|
|
53
67
|
/*
|
|
68
|
+
* The function fiat_p256_mulx_u32 is a multiplication, returning the full double-width result.
|
|
69
|
+
* Postconditions:
|
|
70
|
+
* out1 = (arg1 * arg2) mod 2^32
|
|
71
|
+
* out2 = ⌊arg1 * arg2 / 2^32⌋
|
|
72
|
+
*
|
|
54
73
|
* Input Bounds:
|
|
55
74
|
* arg1: [0x0 ~> 0xffffffff]
|
|
56
75
|
* arg2: [0x0 ~> 0xffffffff]
|
|
@@ -67,6 +86,10 @@ static void fiat_p256_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, ui
|
|
|
67
86
|
}
|
|
68
87
|
|
|
69
88
|
/*
|
|
89
|
+
* The function fiat_p256_cmovznz_u32 is a single-word conditional move.
|
|
90
|
+
* Postconditions:
|
|
91
|
+
* out1 = (if arg1 = 0 then arg2 else arg3)
|
|
92
|
+
*
|
|
70
93
|
* Input Bounds:
|
|
71
94
|
* arg1: [0x0 ~> 0x1]
|
|
72
95
|
* arg2: [0x0 ~> 0xffffffff]
|
|
@@ -88,6 +111,14 @@ static void fiat_p256_cmovznz_u32(uint32_t* out1, fiat_p256_uint1 arg1, uint32_t
|
|
|
88
111
|
}
|
|
89
112
|
|
|
90
113
|
/*
|
|
114
|
+
* The function fiat_p256_mul multiplies two field elements in the Montgomery domain.
|
|
115
|
+
* Preconditions:
|
|
116
|
+
* 0 ≤ eval arg1 < m
|
|
117
|
+
* 0 ≤ eval arg2 < m
|
|
118
|
+
* Postconditions:
|
|
119
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
|
|
120
|
+
* 0 ≤ eval out1 < m
|
|
121
|
+
*
|
|
91
122
|
* Input Bounds:
|
|
92
123
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
93
124
|
* arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
@@ -129,1015 +160,973 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32
|
|
|
129
160
|
fiat_p256_mulx_u32(&x23, &x24, x8, (arg2[0]));
|
|
130
161
|
uint32_t x25;
|
|
131
162
|
fiat_p256_uint1 x26;
|
|
132
|
-
fiat_p256_addcarryx_u32(&x25, &x26, 0x0,
|
|
163
|
+
fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x24, x21);
|
|
133
164
|
uint32_t x27;
|
|
134
165
|
fiat_p256_uint1 x28;
|
|
135
|
-
fiat_p256_addcarryx_u32(&x27, &x28, x26,
|
|
166
|
+
fiat_p256_addcarryx_u32(&x27, &x28, x26, x22, x19);
|
|
136
167
|
uint32_t x29;
|
|
137
168
|
fiat_p256_uint1 x30;
|
|
138
|
-
fiat_p256_addcarryx_u32(&x29, &x30, x28,
|
|
169
|
+
fiat_p256_addcarryx_u32(&x29, &x30, x28, x20, x17);
|
|
139
170
|
uint32_t x31;
|
|
140
171
|
fiat_p256_uint1 x32;
|
|
141
|
-
fiat_p256_addcarryx_u32(&x31, &x32, x30,
|
|
172
|
+
fiat_p256_addcarryx_u32(&x31, &x32, x30, x18, x15);
|
|
142
173
|
uint32_t x33;
|
|
143
174
|
fiat_p256_uint1 x34;
|
|
144
|
-
fiat_p256_addcarryx_u32(&x33, &x34, x32,
|
|
175
|
+
fiat_p256_addcarryx_u32(&x33, &x34, x32, x16, x13);
|
|
145
176
|
uint32_t x35;
|
|
146
177
|
fiat_p256_uint1 x36;
|
|
147
|
-
fiat_p256_addcarryx_u32(&x35, &x36, x34,
|
|
178
|
+
fiat_p256_addcarryx_u32(&x35, &x36, x34, x14, x11);
|
|
148
179
|
uint32_t x37;
|
|
149
180
|
fiat_p256_uint1 x38;
|
|
150
|
-
fiat_p256_addcarryx_u32(&x37, &x38, x36,
|
|
151
|
-
uint32_t x39;
|
|
152
|
-
|
|
153
|
-
fiat_p256_addcarryx_u32(&x39, &x40, x38, 0x0, x10);
|
|
181
|
+
fiat_p256_addcarryx_u32(&x37, &x38, x36, x12, x9);
|
|
182
|
+
uint32_t x39 = (x38 + x10);
|
|
183
|
+
uint32_t x40;
|
|
154
184
|
uint32_t x41;
|
|
185
|
+
fiat_p256_mulx_u32(&x40, &x41, x23, UINT32_C(0xffffffff));
|
|
155
186
|
uint32_t x42;
|
|
156
|
-
fiat_p256_mulx_u32(&x41, &x42, x23, UINT32_C(0xffffffff));
|
|
157
187
|
uint32_t x43;
|
|
188
|
+
fiat_p256_mulx_u32(&x42, &x43, x23, UINT32_C(0xffffffff));
|
|
158
189
|
uint32_t x44;
|
|
159
|
-
fiat_p256_mulx_u32(&x43, &x44, x23, UINT32_C(0xffffffff));
|
|
160
190
|
uint32_t x45;
|
|
191
|
+
fiat_p256_mulx_u32(&x44, &x45, x23, UINT32_C(0xffffffff));
|
|
161
192
|
uint32_t x46;
|
|
162
|
-
fiat_p256_mulx_u32(&x45, &x46, x23, UINT32_C(0xffffffff));
|
|
163
193
|
uint32_t x47;
|
|
194
|
+
fiat_p256_mulx_u32(&x46, &x47, x23, UINT32_C(0xffffffff));
|
|
164
195
|
uint32_t x48;
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
fiat_p256_addcarryx_u32(&x51, &x52, x50, x43, x46);
|
|
196
|
+
fiat_p256_uint1 x49;
|
|
197
|
+
fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x47, x44);
|
|
198
|
+
uint32_t x50;
|
|
199
|
+
fiat_p256_uint1 x51;
|
|
200
|
+
fiat_p256_addcarryx_u32(&x50, &x51, x49, x45, x42);
|
|
201
|
+
uint32_t x52 = (x51 + x43);
|
|
172
202
|
uint32_t x53;
|
|
173
203
|
fiat_p256_uint1 x54;
|
|
174
|
-
fiat_p256_addcarryx_u32(&x53, &x54,
|
|
204
|
+
fiat_p256_addcarryx_u32(&x53, &x54, 0x0, x23, x46);
|
|
175
205
|
uint32_t x55;
|
|
176
206
|
fiat_p256_uint1 x56;
|
|
177
|
-
fiat_p256_addcarryx_u32(&x55, &x56,
|
|
207
|
+
fiat_p256_addcarryx_u32(&x55, &x56, x54, x25, x48);
|
|
178
208
|
uint32_t x57;
|
|
179
209
|
fiat_p256_uint1 x58;
|
|
180
|
-
fiat_p256_addcarryx_u32(&x57, &x58, x56,
|
|
210
|
+
fiat_p256_addcarryx_u32(&x57, &x58, x56, x27, x50);
|
|
181
211
|
uint32_t x59;
|
|
182
212
|
fiat_p256_uint1 x60;
|
|
183
|
-
fiat_p256_addcarryx_u32(&x59, &x60, x58,
|
|
213
|
+
fiat_p256_addcarryx_u32(&x59, &x60, x58, x29, x52);
|
|
184
214
|
uint32_t x61;
|
|
185
215
|
fiat_p256_uint1 x62;
|
|
186
|
-
fiat_p256_addcarryx_u32(&x61, &x62, x60,
|
|
216
|
+
fiat_p256_addcarryx_u32(&x61, &x62, x60, x31, 0x0);
|
|
187
217
|
uint32_t x63;
|
|
188
218
|
fiat_p256_uint1 x64;
|
|
189
|
-
fiat_p256_addcarryx_u32(&x63, &x64, x62,
|
|
219
|
+
fiat_p256_addcarryx_u32(&x63, &x64, x62, x33, 0x0);
|
|
190
220
|
uint32_t x65;
|
|
191
221
|
fiat_p256_uint1 x66;
|
|
192
|
-
fiat_p256_addcarryx_u32(&x65, &x66, x64,
|
|
222
|
+
fiat_p256_addcarryx_u32(&x65, &x66, x64, x35, x23);
|
|
193
223
|
uint32_t x67;
|
|
194
224
|
fiat_p256_uint1 x68;
|
|
195
|
-
fiat_p256_addcarryx_u32(&x67, &x68, x66,
|
|
225
|
+
fiat_p256_addcarryx_u32(&x67, &x68, x66, x37, x40);
|
|
196
226
|
uint32_t x69;
|
|
197
227
|
fiat_p256_uint1 x70;
|
|
198
|
-
fiat_p256_addcarryx_u32(&x69, &x70, x68,
|
|
228
|
+
fiat_p256_addcarryx_u32(&x69, &x70, x68, x39, x41);
|
|
199
229
|
uint32_t x71;
|
|
200
|
-
|
|
201
|
-
|
|
230
|
+
uint32_t x72;
|
|
231
|
+
fiat_p256_mulx_u32(&x71, &x72, x1, (arg2[7]));
|
|
202
232
|
uint32_t x73;
|
|
203
|
-
|
|
204
|
-
|
|
233
|
+
uint32_t x74;
|
|
234
|
+
fiat_p256_mulx_u32(&x73, &x74, x1, (arg2[6]));
|
|
205
235
|
uint32_t x75;
|
|
206
236
|
uint32_t x76;
|
|
207
|
-
fiat_p256_mulx_u32(&x75, &x76, x1, (arg2[
|
|
237
|
+
fiat_p256_mulx_u32(&x75, &x76, x1, (arg2[5]));
|
|
208
238
|
uint32_t x77;
|
|
209
239
|
uint32_t x78;
|
|
210
|
-
fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[
|
|
240
|
+
fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[4]));
|
|
211
241
|
uint32_t x79;
|
|
212
242
|
uint32_t x80;
|
|
213
|
-
fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[
|
|
243
|
+
fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[3]));
|
|
214
244
|
uint32_t x81;
|
|
215
245
|
uint32_t x82;
|
|
216
|
-
fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[
|
|
246
|
+
fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[2]));
|
|
217
247
|
uint32_t x83;
|
|
218
248
|
uint32_t x84;
|
|
219
|
-
fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[
|
|
249
|
+
fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[1]));
|
|
220
250
|
uint32_t x85;
|
|
221
251
|
uint32_t x86;
|
|
222
|
-
fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[
|
|
252
|
+
fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[0]));
|
|
223
253
|
uint32_t x87;
|
|
224
|
-
|
|
225
|
-
|
|
254
|
+
fiat_p256_uint1 x88;
|
|
255
|
+
fiat_p256_addcarryx_u32(&x87, &x88, 0x0, x86, x83);
|
|
226
256
|
uint32_t x89;
|
|
227
|
-
|
|
228
|
-
|
|
257
|
+
fiat_p256_uint1 x90;
|
|
258
|
+
fiat_p256_addcarryx_u32(&x89, &x90, x88, x84, x81);
|
|
229
259
|
uint32_t x91;
|
|
230
260
|
fiat_p256_uint1 x92;
|
|
231
|
-
fiat_p256_addcarryx_u32(&x91, &x92,
|
|
261
|
+
fiat_p256_addcarryx_u32(&x91, &x92, x90, x82, x79);
|
|
232
262
|
uint32_t x93;
|
|
233
263
|
fiat_p256_uint1 x94;
|
|
234
|
-
fiat_p256_addcarryx_u32(&x93, &x94, x92,
|
|
264
|
+
fiat_p256_addcarryx_u32(&x93, &x94, x92, x80, x77);
|
|
235
265
|
uint32_t x95;
|
|
236
266
|
fiat_p256_uint1 x96;
|
|
237
|
-
fiat_p256_addcarryx_u32(&x95, &x96, x94,
|
|
267
|
+
fiat_p256_addcarryx_u32(&x95, &x96, x94, x78, x75);
|
|
238
268
|
uint32_t x97;
|
|
239
269
|
fiat_p256_uint1 x98;
|
|
240
|
-
fiat_p256_addcarryx_u32(&x97, &x98, x96,
|
|
270
|
+
fiat_p256_addcarryx_u32(&x97, &x98, x96, x76, x73);
|
|
241
271
|
uint32_t x99;
|
|
242
272
|
fiat_p256_uint1 x100;
|
|
243
|
-
fiat_p256_addcarryx_u32(&x99, &x100, x98,
|
|
244
|
-
uint32_t x101;
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
fiat_p256_addcarryx_u32(&x119, &x120, x118, x101, x69);
|
|
273
|
+
fiat_p256_addcarryx_u32(&x99, &x100, x98, x74, x71);
|
|
274
|
+
uint32_t x101 = (x100 + x72);
|
|
275
|
+
uint32_t x102;
|
|
276
|
+
fiat_p256_uint1 x103;
|
|
277
|
+
fiat_p256_addcarryx_u32(&x102, &x103, 0x0, x55, x85);
|
|
278
|
+
uint32_t x104;
|
|
279
|
+
fiat_p256_uint1 x105;
|
|
280
|
+
fiat_p256_addcarryx_u32(&x104, &x105, x103, x57, x87);
|
|
281
|
+
uint32_t x106;
|
|
282
|
+
fiat_p256_uint1 x107;
|
|
283
|
+
fiat_p256_addcarryx_u32(&x106, &x107, x105, x59, x89);
|
|
284
|
+
uint32_t x108;
|
|
285
|
+
fiat_p256_uint1 x109;
|
|
286
|
+
fiat_p256_addcarryx_u32(&x108, &x109, x107, x61, x91);
|
|
287
|
+
uint32_t x110;
|
|
288
|
+
fiat_p256_uint1 x111;
|
|
289
|
+
fiat_p256_addcarryx_u32(&x110, &x111, x109, x63, x93);
|
|
290
|
+
uint32_t x112;
|
|
291
|
+
fiat_p256_uint1 x113;
|
|
292
|
+
fiat_p256_addcarryx_u32(&x112, &x113, x111, x65, x95);
|
|
293
|
+
uint32_t x114;
|
|
294
|
+
fiat_p256_uint1 x115;
|
|
295
|
+
fiat_p256_addcarryx_u32(&x114, &x115, x113, x67, x97);
|
|
296
|
+
uint32_t x116;
|
|
297
|
+
fiat_p256_uint1 x117;
|
|
298
|
+
fiat_p256_addcarryx_u32(&x116, &x117, x115, x69, x99);
|
|
299
|
+
uint32_t x118;
|
|
300
|
+
fiat_p256_uint1 x119;
|
|
301
|
+
fiat_p256_addcarryx_u32(&x118, &x119, x117, x70, x101);
|
|
302
|
+
uint32_t x120;
|
|
274
303
|
uint32_t x121;
|
|
275
|
-
|
|
276
|
-
|
|
304
|
+
fiat_p256_mulx_u32(&x120, &x121, x102, UINT32_C(0xffffffff));
|
|
305
|
+
uint32_t x122;
|
|
277
306
|
uint32_t x123;
|
|
278
|
-
|
|
279
|
-
|
|
307
|
+
fiat_p256_mulx_u32(&x122, &x123, x102, UINT32_C(0xffffffff));
|
|
308
|
+
uint32_t x124;
|
|
280
309
|
uint32_t x125;
|
|
310
|
+
fiat_p256_mulx_u32(&x124, &x125, x102, UINT32_C(0xffffffff));
|
|
281
311
|
uint32_t x126;
|
|
282
|
-
fiat_p256_mulx_u32(&x125, &x126, x107, UINT32_C(0xffffffff));
|
|
283
312
|
uint32_t x127;
|
|
313
|
+
fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff));
|
|
284
314
|
uint32_t x128;
|
|
285
|
-
|
|
286
|
-
|
|
315
|
+
fiat_p256_uint1 x129;
|
|
316
|
+
fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x127, x124);
|
|
287
317
|
uint32_t x130;
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
uint32_t x132;
|
|
291
|
-
fiat_p256_mulx_u32(&x131, &x132, x107, UINT32_C(0xffffffff));
|
|
318
|
+
fiat_p256_uint1 x131;
|
|
319
|
+
fiat_p256_addcarryx_u32(&x130, &x131, x129, x125, x122);
|
|
320
|
+
uint32_t x132 = (x131 + x123);
|
|
292
321
|
uint32_t x133;
|
|
293
322
|
fiat_p256_uint1 x134;
|
|
294
|
-
fiat_p256_addcarryx_u32(&x133, &x134, 0x0,
|
|
323
|
+
fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x102, x126);
|
|
295
324
|
uint32_t x135;
|
|
296
325
|
fiat_p256_uint1 x136;
|
|
297
|
-
fiat_p256_addcarryx_u32(&x135, &x136, x134,
|
|
326
|
+
fiat_p256_addcarryx_u32(&x135, &x136, x134, x104, x128);
|
|
298
327
|
uint32_t x137;
|
|
299
328
|
fiat_p256_uint1 x138;
|
|
300
|
-
fiat_p256_addcarryx_u32(&x137, &x138, x136,
|
|
329
|
+
fiat_p256_addcarryx_u32(&x137, &x138, x136, x106, x130);
|
|
301
330
|
uint32_t x139;
|
|
302
331
|
fiat_p256_uint1 x140;
|
|
303
|
-
fiat_p256_addcarryx_u32(&x139, &x140,
|
|
332
|
+
fiat_p256_addcarryx_u32(&x139, &x140, x138, x108, x132);
|
|
304
333
|
uint32_t x141;
|
|
305
334
|
fiat_p256_uint1 x142;
|
|
306
|
-
fiat_p256_addcarryx_u32(&x141, &x142, x140,
|
|
335
|
+
fiat_p256_addcarryx_u32(&x141, &x142, x140, x110, 0x0);
|
|
307
336
|
uint32_t x143;
|
|
308
337
|
fiat_p256_uint1 x144;
|
|
309
|
-
fiat_p256_addcarryx_u32(&x143, &x144, x142,
|
|
338
|
+
fiat_p256_addcarryx_u32(&x143, &x144, x142, x112, 0x0);
|
|
310
339
|
uint32_t x145;
|
|
311
340
|
fiat_p256_uint1 x146;
|
|
312
|
-
fiat_p256_addcarryx_u32(&x145, &x146, x144,
|
|
341
|
+
fiat_p256_addcarryx_u32(&x145, &x146, x144, x114, x102);
|
|
313
342
|
uint32_t x147;
|
|
314
343
|
fiat_p256_uint1 x148;
|
|
315
|
-
fiat_p256_addcarryx_u32(&x147, &x148, x146,
|
|
344
|
+
fiat_p256_addcarryx_u32(&x147, &x148, x146, x116, x120);
|
|
316
345
|
uint32_t x149;
|
|
317
346
|
fiat_p256_uint1 x150;
|
|
318
|
-
fiat_p256_addcarryx_u32(&x149, &x150, x148,
|
|
319
|
-
uint32_t x151;
|
|
320
|
-
|
|
321
|
-
fiat_p256_addcarryx_u32(&x151, &x152, x150, x107, x119);
|
|
347
|
+
fiat_p256_addcarryx_u32(&x149, &x150, x148, x118, x121);
|
|
348
|
+
uint32_t x151 = ((uint32_t)x150 + x119);
|
|
349
|
+
uint32_t x152;
|
|
322
350
|
uint32_t x153;
|
|
323
|
-
|
|
324
|
-
|
|
351
|
+
fiat_p256_mulx_u32(&x152, &x153, x2, (arg2[7]));
|
|
352
|
+
uint32_t x154;
|
|
325
353
|
uint32_t x155;
|
|
326
|
-
|
|
327
|
-
|
|
354
|
+
fiat_p256_mulx_u32(&x154, &x155, x2, (arg2[6]));
|
|
355
|
+
uint32_t x156;
|
|
328
356
|
uint32_t x157;
|
|
329
|
-
|
|
330
|
-
|
|
357
|
+
fiat_p256_mulx_u32(&x156, &x157, x2, (arg2[5]));
|
|
358
|
+
uint32_t x158;
|
|
331
359
|
uint32_t x159;
|
|
360
|
+
fiat_p256_mulx_u32(&x158, &x159, x2, (arg2[4]));
|
|
332
361
|
uint32_t x160;
|
|
333
|
-
fiat_p256_mulx_u32(&x159, &x160, x2, (arg2[7]));
|
|
334
362
|
uint32_t x161;
|
|
363
|
+
fiat_p256_mulx_u32(&x160, &x161, x2, (arg2[3]));
|
|
335
364
|
uint32_t x162;
|
|
336
|
-
fiat_p256_mulx_u32(&x161, &x162, x2, (arg2[6]));
|
|
337
365
|
uint32_t x163;
|
|
366
|
+
fiat_p256_mulx_u32(&x162, &x163, x2, (arg2[2]));
|
|
338
367
|
uint32_t x164;
|
|
339
|
-
fiat_p256_mulx_u32(&x163, &x164, x2, (arg2[5]));
|
|
340
368
|
uint32_t x165;
|
|
369
|
+
fiat_p256_mulx_u32(&x164, &x165, x2, (arg2[1]));
|
|
341
370
|
uint32_t x166;
|
|
342
|
-
fiat_p256_mulx_u32(&x165, &x166, x2, (arg2[4]));
|
|
343
371
|
uint32_t x167;
|
|
372
|
+
fiat_p256_mulx_u32(&x166, &x167, x2, (arg2[0]));
|
|
344
373
|
uint32_t x168;
|
|
345
|
-
|
|
346
|
-
|
|
374
|
+
fiat_p256_uint1 x169;
|
|
375
|
+
fiat_p256_addcarryx_u32(&x168, &x169, 0x0, x167, x164);
|
|
347
376
|
uint32_t x170;
|
|
348
|
-
|
|
349
|
-
|
|
377
|
+
fiat_p256_uint1 x171;
|
|
378
|
+
fiat_p256_addcarryx_u32(&x170, &x171, x169, x165, x162);
|
|
350
379
|
uint32_t x172;
|
|
351
|
-
|
|
352
|
-
|
|
380
|
+
fiat_p256_uint1 x173;
|
|
381
|
+
fiat_p256_addcarryx_u32(&x172, &x173, x171, x163, x160);
|
|
353
382
|
uint32_t x174;
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
fiat_p256_addcarryx_u32(&x181, &x182, x180, x165, x168);
|
|
383
|
+
fiat_p256_uint1 x175;
|
|
384
|
+
fiat_p256_addcarryx_u32(&x174, &x175, x173, x161, x158);
|
|
385
|
+
uint32_t x176;
|
|
386
|
+
fiat_p256_uint1 x177;
|
|
387
|
+
fiat_p256_addcarryx_u32(&x176, &x177, x175, x159, x156);
|
|
388
|
+
uint32_t x178;
|
|
389
|
+
fiat_p256_uint1 x179;
|
|
390
|
+
fiat_p256_addcarryx_u32(&x178, &x179, x177, x157, x154);
|
|
391
|
+
uint32_t x180;
|
|
392
|
+
fiat_p256_uint1 x181;
|
|
393
|
+
fiat_p256_addcarryx_u32(&x180, &x181, x179, x155, x152);
|
|
394
|
+
uint32_t x182 = (x181 + x153);
|
|
367
395
|
uint32_t x183;
|
|
368
396
|
fiat_p256_uint1 x184;
|
|
369
|
-
fiat_p256_addcarryx_u32(&x183, &x184,
|
|
397
|
+
fiat_p256_addcarryx_u32(&x183, &x184, 0x0, x135, x166);
|
|
370
398
|
uint32_t x185;
|
|
371
399
|
fiat_p256_uint1 x186;
|
|
372
|
-
fiat_p256_addcarryx_u32(&x185, &x186, x184,
|
|
400
|
+
fiat_p256_addcarryx_u32(&x185, &x186, x184, x137, x168);
|
|
373
401
|
uint32_t x187;
|
|
374
402
|
fiat_p256_uint1 x188;
|
|
375
|
-
fiat_p256_addcarryx_u32(&x187, &x188, x186,
|
|
403
|
+
fiat_p256_addcarryx_u32(&x187, &x188, x186, x139, x170);
|
|
376
404
|
uint32_t x189;
|
|
377
405
|
fiat_p256_uint1 x190;
|
|
378
|
-
fiat_p256_addcarryx_u32(&x189, &x190, x188,
|
|
406
|
+
fiat_p256_addcarryx_u32(&x189, &x190, x188, x141, x172);
|
|
379
407
|
uint32_t x191;
|
|
380
408
|
fiat_p256_uint1 x192;
|
|
381
|
-
fiat_p256_addcarryx_u32(&x191, &x192,
|
|
409
|
+
fiat_p256_addcarryx_u32(&x191, &x192, x190, x143, x174);
|
|
382
410
|
uint32_t x193;
|
|
383
411
|
fiat_p256_uint1 x194;
|
|
384
|
-
fiat_p256_addcarryx_u32(&x193, &x194, x192,
|
|
412
|
+
fiat_p256_addcarryx_u32(&x193, &x194, x192, x145, x176);
|
|
385
413
|
uint32_t x195;
|
|
386
414
|
fiat_p256_uint1 x196;
|
|
387
|
-
fiat_p256_addcarryx_u32(&x195, &x196, x194,
|
|
415
|
+
fiat_p256_addcarryx_u32(&x195, &x196, x194, x147, x178);
|
|
388
416
|
uint32_t x197;
|
|
389
417
|
fiat_p256_uint1 x198;
|
|
390
|
-
fiat_p256_addcarryx_u32(&x197, &x198, x196,
|
|
418
|
+
fiat_p256_addcarryx_u32(&x197, &x198, x196, x149, x180);
|
|
391
419
|
uint32_t x199;
|
|
392
420
|
fiat_p256_uint1 x200;
|
|
393
|
-
fiat_p256_addcarryx_u32(&x199, &x200, x198,
|
|
421
|
+
fiat_p256_addcarryx_u32(&x199, &x200, x198, x151, x182);
|
|
394
422
|
uint32_t x201;
|
|
395
|
-
|
|
396
|
-
|
|
423
|
+
uint32_t x202;
|
|
424
|
+
fiat_p256_mulx_u32(&x201, &x202, x183, UINT32_C(0xffffffff));
|
|
397
425
|
uint32_t x203;
|
|
398
|
-
|
|
399
|
-
|
|
426
|
+
uint32_t x204;
|
|
427
|
+
fiat_p256_mulx_u32(&x203, &x204, x183, UINT32_C(0xffffffff));
|
|
400
428
|
uint32_t x205;
|
|
401
|
-
|
|
402
|
-
|
|
429
|
+
uint32_t x206;
|
|
430
|
+
fiat_p256_mulx_u32(&x205, &x206, x183, UINT32_C(0xffffffff));
|
|
403
431
|
uint32_t x207;
|
|
404
|
-
|
|
405
|
-
|
|
432
|
+
uint32_t x208;
|
|
433
|
+
fiat_p256_mulx_u32(&x207, &x208, x183, UINT32_C(0xffffffff));
|
|
406
434
|
uint32_t x209;
|
|
407
|
-
|
|
408
|
-
|
|
435
|
+
fiat_p256_uint1 x210;
|
|
436
|
+
fiat_p256_addcarryx_u32(&x209, &x210, 0x0, x208, x205);
|
|
409
437
|
uint32_t x211;
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
uint32_t x213;
|
|
438
|
+
fiat_p256_uint1 x212;
|
|
439
|
+
fiat_p256_addcarryx_u32(&x211, &x212, x210, x206, x203);
|
|
440
|
+
uint32_t x213 = (x212 + x204);
|
|
413
441
|
uint32_t x214;
|
|
414
|
-
|
|
415
|
-
|
|
442
|
+
fiat_p256_uint1 x215;
|
|
443
|
+
fiat_p256_addcarryx_u32(&x214, &x215, 0x0, x183, x207);
|
|
416
444
|
uint32_t x216;
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
fiat_p256_addcarryx_u32(&x231, &x232, x230, 0x0, x199);
|
|
445
|
+
fiat_p256_uint1 x217;
|
|
446
|
+
fiat_p256_addcarryx_u32(&x216, &x217, x215, x185, x209);
|
|
447
|
+
uint32_t x218;
|
|
448
|
+
fiat_p256_uint1 x219;
|
|
449
|
+
fiat_p256_addcarryx_u32(&x218, &x219, x217, x187, x211);
|
|
450
|
+
uint32_t x220;
|
|
451
|
+
fiat_p256_uint1 x221;
|
|
452
|
+
fiat_p256_addcarryx_u32(&x220, &x221, x219, x189, x213);
|
|
453
|
+
uint32_t x222;
|
|
454
|
+
fiat_p256_uint1 x223;
|
|
455
|
+
fiat_p256_addcarryx_u32(&x222, &x223, x221, x191, 0x0);
|
|
456
|
+
uint32_t x224;
|
|
457
|
+
fiat_p256_uint1 x225;
|
|
458
|
+
fiat_p256_addcarryx_u32(&x224, &x225, x223, x193, 0x0);
|
|
459
|
+
uint32_t x226;
|
|
460
|
+
fiat_p256_uint1 x227;
|
|
461
|
+
fiat_p256_addcarryx_u32(&x226, &x227, x225, x195, x183);
|
|
462
|
+
uint32_t x228;
|
|
463
|
+
fiat_p256_uint1 x229;
|
|
464
|
+
fiat_p256_addcarryx_u32(&x228, &x229, x227, x197, x201);
|
|
465
|
+
uint32_t x230;
|
|
466
|
+
fiat_p256_uint1 x231;
|
|
467
|
+
fiat_p256_addcarryx_u32(&x230, &x231, x229, x199, x202);
|
|
468
|
+
uint32_t x232 = ((uint32_t)x231 + x200);
|
|
442
469
|
uint32_t x233;
|
|
443
|
-
|
|
444
|
-
|
|
470
|
+
uint32_t x234;
|
|
471
|
+
fiat_p256_mulx_u32(&x233, &x234, x3, (arg2[7]));
|
|
445
472
|
uint32_t x235;
|
|
446
|
-
|
|
447
|
-
|
|
473
|
+
uint32_t x236;
|
|
474
|
+
fiat_p256_mulx_u32(&x235, &x236, x3, (arg2[6]));
|
|
448
475
|
uint32_t x237;
|
|
449
|
-
|
|
450
|
-
|
|
476
|
+
uint32_t x238;
|
|
477
|
+
fiat_p256_mulx_u32(&x237, &x238, x3, (arg2[5]));
|
|
451
478
|
uint32_t x239;
|
|
452
|
-
|
|
453
|
-
|
|
479
|
+
uint32_t x240;
|
|
480
|
+
fiat_p256_mulx_u32(&x239, &x240, x3, (arg2[4]));
|
|
454
481
|
uint32_t x241;
|
|
455
|
-
|
|
456
|
-
|
|
482
|
+
uint32_t x242;
|
|
483
|
+
fiat_p256_mulx_u32(&x241, &x242, x3, (arg2[3]));
|
|
457
484
|
uint32_t x243;
|
|
458
485
|
uint32_t x244;
|
|
459
|
-
fiat_p256_mulx_u32(&x243, &x244, x3, (arg2[
|
|
486
|
+
fiat_p256_mulx_u32(&x243, &x244, x3, (arg2[2]));
|
|
460
487
|
uint32_t x245;
|
|
461
488
|
uint32_t x246;
|
|
462
|
-
fiat_p256_mulx_u32(&x245, &x246, x3, (arg2[
|
|
489
|
+
fiat_p256_mulx_u32(&x245, &x246, x3, (arg2[1]));
|
|
463
490
|
uint32_t x247;
|
|
464
491
|
uint32_t x248;
|
|
465
|
-
fiat_p256_mulx_u32(&x247, &x248, x3, (arg2[
|
|
492
|
+
fiat_p256_mulx_u32(&x247, &x248, x3, (arg2[0]));
|
|
466
493
|
uint32_t x249;
|
|
467
|
-
|
|
468
|
-
|
|
494
|
+
fiat_p256_uint1 x250;
|
|
495
|
+
fiat_p256_addcarryx_u32(&x249, &x250, 0x0, x248, x245);
|
|
469
496
|
uint32_t x251;
|
|
470
|
-
|
|
471
|
-
|
|
497
|
+
fiat_p256_uint1 x252;
|
|
498
|
+
fiat_p256_addcarryx_u32(&x251, &x252, x250, x246, x243);
|
|
472
499
|
uint32_t x253;
|
|
473
|
-
|
|
474
|
-
|
|
500
|
+
fiat_p256_uint1 x254;
|
|
501
|
+
fiat_p256_addcarryx_u32(&x253, &x254, x252, x244, x241);
|
|
475
502
|
uint32_t x255;
|
|
476
|
-
|
|
477
|
-
|
|
503
|
+
fiat_p256_uint1 x256;
|
|
504
|
+
fiat_p256_addcarryx_u32(&x255, &x256, x254, x242, x239);
|
|
478
505
|
uint32_t x257;
|
|
479
|
-
|
|
480
|
-
|
|
506
|
+
fiat_p256_uint1 x258;
|
|
507
|
+
fiat_p256_addcarryx_u32(&x257, &x258, x256, x240, x237);
|
|
481
508
|
uint32_t x259;
|
|
482
509
|
fiat_p256_uint1 x260;
|
|
483
|
-
fiat_p256_addcarryx_u32(&x259, &x260,
|
|
510
|
+
fiat_p256_addcarryx_u32(&x259, &x260, x258, x238, x235);
|
|
484
511
|
uint32_t x261;
|
|
485
512
|
fiat_p256_uint1 x262;
|
|
486
|
-
fiat_p256_addcarryx_u32(&x261, &x262, x260,
|
|
487
|
-
uint32_t x263;
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
fiat_p256_addcarryx_u32(&x281, &x282, x280, x263, x231);
|
|
513
|
+
fiat_p256_addcarryx_u32(&x261, &x262, x260, x236, x233);
|
|
514
|
+
uint32_t x263 = (x262 + x234);
|
|
515
|
+
uint32_t x264;
|
|
516
|
+
fiat_p256_uint1 x265;
|
|
517
|
+
fiat_p256_addcarryx_u32(&x264, &x265, 0x0, x216, x247);
|
|
518
|
+
uint32_t x266;
|
|
519
|
+
fiat_p256_uint1 x267;
|
|
520
|
+
fiat_p256_addcarryx_u32(&x266, &x267, x265, x218, x249);
|
|
521
|
+
uint32_t x268;
|
|
522
|
+
fiat_p256_uint1 x269;
|
|
523
|
+
fiat_p256_addcarryx_u32(&x268, &x269, x267, x220, x251);
|
|
524
|
+
uint32_t x270;
|
|
525
|
+
fiat_p256_uint1 x271;
|
|
526
|
+
fiat_p256_addcarryx_u32(&x270, &x271, x269, x222, x253);
|
|
527
|
+
uint32_t x272;
|
|
528
|
+
fiat_p256_uint1 x273;
|
|
529
|
+
fiat_p256_addcarryx_u32(&x272, &x273, x271, x224, x255);
|
|
530
|
+
uint32_t x274;
|
|
531
|
+
fiat_p256_uint1 x275;
|
|
532
|
+
fiat_p256_addcarryx_u32(&x274, &x275, x273, x226, x257);
|
|
533
|
+
uint32_t x276;
|
|
534
|
+
fiat_p256_uint1 x277;
|
|
535
|
+
fiat_p256_addcarryx_u32(&x276, &x277, x275, x228, x259);
|
|
536
|
+
uint32_t x278;
|
|
537
|
+
fiat_p256_uint1 x279;
|
|
538
|
+
fiat_p256_addcarryx_u32(&x278, &x279, x277, x230, x261);
|
|
539
|
+
uint32_t x280;
|
|
540
|
+
fiat_p256_uint1 x281;
|
|
541
|
+
fiat_p256_addcarryx_u32(&x280, &x281, x279, x232, x263);
|
|
542
|
+
uint32_t x282;
|
|
517
543
|
uint32_t x283;
|
|
518
|
-
|
|
519
|
-
|
|
544
|
+
fiat_p256_mulx_u32(&x282, &x283, x264, UINT32_C(0xffffffff));
|
|
545
|
+
uint32_t x284;
|
|
520
546
|
uint32_t x285;
|
|
521
|
-
|
|
522
|
-
|
|
547
|
+
fiat_p256_mulx_u32(&x284, &x285, x264, UINT32_C(0xffffffff));
|
|
548
|
+
uint32_t x286;
|
|
523
549
|
uint32_t x287;
|
|
524
|
-
|
|
525
|
-
|
|
550
|
+
fiat_p256_mulx_u32(&x286, &x287, x264, UINT32_C(0xffffffff));
|
|
551
|
+
uint32_t x288;
|
|
526
552
|
uint32_t x289;
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
553
|
+
fiat_p256_mulx_u32(&x288, &x289, x264, UINT32_C(0xffffffff));
|
|
554
|
+
uint32_t x290;
|
|
555
|
+
fiat_p256_uint1 x291;
|
|
556
|
+
fiat_p256_addcarryx_u32(&x290, &x291, 0x0, x289, x286);
|
|
557
|
+
uint32_t x292;
|
|
558
|
+
fiat_p256_uint1 x293;
|
|
559
|
+
fiat_p256_addcarryx_u32(&x292, &x293, x291, x287, x284);
|
|
560
|
+
uint32_t x294 = (x293 + x285);
|
|
535
561
|
uint32_t x295;
|
|
536
|
-
|
|
537
|
-
|
|
562
|
+
fiat_p256_uint1 x296;
|
|
563
|
+
fiat_p256_addcarryx_u32(&x295, &x296, 0x0, x264, x288);
|
|
538
564
|
uint32_t x297;
|
|
539
|
-
|
|
540
|
-
|
|
565
|
+
fiat_p256_uint1 x298;
|
|
566
|
+
fiat_p256_addcarryx_u32(&x297, &x298, x296, x266, x290);
|
|
541
567
|
uint32_t x299;
|
|
542
|
-
|
|
543
|
-
|
|
568
|
+
fiat_p256_uint1 x300;
|
|
569
|
+
fiat_p256_addcarryx_u32(&x299, &x300, x298, x268, x292);
|
|
544
570
|
uint32_t x301;
|
|
545
571
|
fiat_p256_uint1 x302;
|
|
546
|
-
fiat_p256_addcarryx_u32(&x301, &x302,
|
|
572
|
+
fiat_p256_addcarryx_u32(&x301, &x302, x300, x270, x294);
|
|
547
573
|
uint32_t x303;
|
|
548
574
|
fiat_p256_uint1 x304;
|
|
549
|
-
fiat_p256_addcarryx_u32(&x303, &x304, x302,
|
|
575
|
+
fiat_p256_addcarryx_u32(&x303, &x304, x302, x272, 0x0);
|
|
550
576
|
uint32_t x305;
|
|
551
577
|
fiat_p256_uint1 x306;
|
|
552
|
-
fiat_p256_addcarryx_u32(&x305, &x306, x304,
|
|
578
|
+
fiat_p256_addcarryx_u32(&x305, &x306, x304, x274, 0x0);
|
|
553
579
|
uint32_t x307;
|
|
554
580
|
fiat_p256_uint1 x308;
|
|
555
|
-
fiat_p256_addcarryx_u32(&x307, &x308,
|
|
581
|
+
fiat_p256_addcarryx_u32(&x307, &x308, x306, x276, x264);
|
|
556
582
|
uint32_t x309;
|
|
557
583
|
fiat_p256_uint1 x310;
|
|
558
|
-
fiat_p256_addcarryx_u32(&x309, &x310, x308,
|
|
584
|
+
fiat_p256_addcarryx_u32(&x309, &x310, x308, x278, x282);
|
|
559
585
|
uint32_t x311;
|
|
560
586
|
fiat_p256_uint1 x312;
|
|
561
|
-
fiat_p256_addcarryx_u32(&x311, &x312, x310,
|
|
562
|
-
uint32_t x313;
|
|
563
|
-
|
|
564
|
-
fiat_p256_addcarryx_u32(&x313, &x314, x312, x305, x281);
|
|
587
|
+
fiat_p256_addcarryx_u32(&x311, &x312, x310, x280, x283);
|
|
588
|
+
uint32_t x313 = ((uint32_t)x312 + x281);
|
|
589
|
+
uint32_t x314;
|
|
565
590
|
uint32_t x315;
|
|
566
|
-
|
|
567
|
-
|
|
591
|
+
fiat_p256_mulx_u32(&x314, &x315, x4, (arg2[7]));
|
|
592
|
+
uint32_t x316;
|
|
568
593
|
uint32_t x317;
|
|
569
|
-
|
|
570
|
-
|
|
594
|
+
fiat_p256_mulx_u32(&x316, &x317, x4, (arg2[6]));
|
|
595
|
+
uint32_t x318;
|
|
571
596
|
uint32_t x319;
|
|
572
|
-
|
|
573
|
-
|
|
597
|
+
fiat_p256_mulx_u32(&x318, &x319, x4, (arg2[5]));
|
|
598
|
+
uint32_t x320;
|
|
574
599
|
uint32_t x321;
|
|
575
|
-
|
|
576
|
-
|
|
600
|
+
fiat_p256_mulx_u32(&x320, &x321, x4, (arg2[4]));
|
|
601
|
+
uint32_t x322;
|
|
577
602
|
uint32_t x323;
|
|
578
|
-
|
|
579
|
-
|
|
603
|
+
fiat_p256_mulx_u32(&x322, &x323, x4, (arg2[3]));
|
|
604
|
+
uint32_t x324;
|
|
580
605
|
uint32_t x325;
|
|
581
|
-
|
|
582
|
-
|
|
606
|
+
fiat_p256_mulx_u32(&x324, &x325, x4, (arg2[2]));
|
|
607
|
+
uint32_t x326;
|
|
583
608
|
uint32_t x327;
|
|
609
|
+
fiat_p256_mulx_u32(&x326, &x327, x4, (arg2[1]));
|
|
584
610
|
uint32_t x328;
|
|
585
|
-
fiat_p256_mulx_u32(&x327, &x328, x4, (arg2[7]));
|
|
586
611
|
uint32_t x329;
|
|
612
|
+
fiat_p256_mulx_u32(&x328, &x329, x4, (arg2[0]));
|
|
587
613
|
uint32_t x330;
|
|
588
|
-
|
|
589
|
-
|
|
614
|
+
fiat_p256_uint1 x331;
|
|
615
|
+
fiat_p256_addcarryx_u32(&x330, &x331, 0x0, x329, x326);
|
|
590
616
|
uint32_t x332;
|
|
591
|
-
|
|
592
|
-
|
|
617
|
+
fiat_p256_uint1 x333;
|
|
618
|
+
fiat_p256_addcarryx_u32(&x332, &x333, x331, x327, x324);
|
|
593
619
|
uint32_t x334;
|
|
594
|
-
|
|
595
|
-
|
|
620
|
+
fiat_p256_uint1 x335;
|
|
621
|
+
fiat_p256_addcarryx_u32(&x334, &x335, x333, x325, x322);
|
|
596
622
|
uint32_t x336;
|
|
597
|
-
|
|
598
|
-
|
|
623
|
+
fiat_p256_uint1 x337;
|
|
624
|
+
fiat_p256_addcarryx_u32(&x336, &x337, x335, x323, x320);
|
|
599
625
|
uint32_t x338;
|
|
600
|
-
|
|
601
|
-
|
|
626
|
+
fiat_p256_uint1 x339;
|
|
627
|
+
fiat_p256_addcarryx_u32(&x338, &x339, x337, x321, x318);
|
|
602
628
|
uint32_t x340;
|
|
603
|
-
|
|
604
|
-
|
|
629
|
+
fiat_p256_uint1 x341;
|
|
630
|
+
fiat_p256_addcarryx_u32(&x340, &x341, x339, x319, x316);
|
|
605
631
|
uint32_t x342;
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
fiat_p256_addcarryx_u32(&x343, &x344, 0x0, x339, x342);
|
|
632
|
+
fiat_p256_uint1 x343;
|
|
633
|
+
fiat_p256_addcarryx_u32(&x342, &x343, x341, x317, x314);
|
|
634
|
+
uint32_t x344 = (x343 + x315);
|
|
610
635
|
uint32_t x345;
|
|
611
636
|
fiat_p256_uint1 x346;
|
|
612
|
-
fiat_p256_addcarryx_u32(&x345, &x346,
|
|
637
|
+
fiat_p256_addcarryx_u32(&x345, &x346, 0x0, x297, x328);
|
|
613
638
|
uint32_t x347;
|
|
614
639
|
fiat_p256_uint1 x348;
|
|
615
|
-
fiat_p256_addcarryx_u32(&x347, &x348, x346,
|
|
640
|
+
fiat_p256_addcarryx_u32(&x347, &x348, x346, x299, x330);
|
|
616
641
|
uint32_t x349;
|
|
617
642
|
fiat_p256_uint1 x350;
|
|
618
|
-
fiat_p256_addcarryx_u32(&x349, &x350, x348,
|
|
643
|
+
fiat_p256_addcarryx_u32(&x349, &x350, x348, x301, x332);
|
|
619
644
|
uint32_t x351;
|
|
620
645
|
fiat_p256_uint1 x352;
|
|
621
|
-
fiat_p256_addcarryx_u32(&x351, &x352, x350,
|
|
646
|
+
fiat_p256_addcarryx_u32(&x351, &x352, x350, x303, x334);
|
|
622
647
|
uint32_t x353;
|
|
623
648
|
fiat_p256_uint1 x354;
|
|
624
|
-
fiat_p256_addcarryx_u32(&x353, &x354, x352,
|
|
649
|
+
fiat_p256_addcarryx_u32(&x353, &x354, x352, x305, x336);
|
|
625
650
|
uint32_t x355;
|
|
626
651
|
fiat_p256_uint1 x356;
|
|
627
|
-
fiat_p256_addcarryx_u32(&x355, &x356, x354,
|
|
652
|
+
fiat_p256_addcarryx_u32(&x355, &x356, x354, x307, x338);
|
|
628
653
|
uint32_t x357;
|
|
629
654
|
fiat_p256_uint1 x358;
|
|
630
|
-
fiat_p256_addcarryx_u32(&x357, &x358, x356,
|
|
655
|
+
fiat_p256_addcarryx_u32(&x357, &x358, x356, x309, x340);
|
|
631
656
|
uint32_t x359;
|
|
632
657
|
fiat_p256_uint1 x360;
|
|
633
|
-
fiat_p256_addcarryx_u32(&x359, &x360,
|
|
658
|
+
fiat_p256_addcarryx_u32(&x359, &x360, x358, x311, x342);
|
|
634
659
|
uint32_t x361;
|
|
635
660
|
fiat_p256_uint1 x362;
|
|
636
|
-
fiat_p256_addcarryx_u32(&x361, &x362, x360,
|
|
661
|
+
fiat_p256_addcarryx_u32(&x361, &x362, x360, x313, x344);
|
|
637
662
|
uint32_t x363;
|
|
638
|
-
|
|
639
|
-
|
|
663
|
+
uint32_t x364;
|
|
664
|
+
fiat_p256_mulx_u32(&x363, &x364, x345, UINT32_C(0xffffffff));
|
|
640
665
|
uint32_t x365;
|
|
641
|
-
|
|
642
|
-
|
|
666
|
+
uint32_t x366;
|
|
667
|
+
fiat_p256_mulx_u32(&x365, &x366, x345, UINT32_C(0xffffffff));
|
|
643
668
|
uint32_t x367;
|
|
644
|
-
|
|
645
|
-
|
|
669
|
+
uint32_t x368;
|
|
670
|
+
fiat_p256_mulx_u32(&x367, &x368, x345, UINT32_C(0xffffffff));
|
|
646
671
|
uint32_t x369;
|
|
647
|
-
|
|
648
|
-
|
|
672
|
+
uint32_t x370;
|
|
673
|
+
fiat_p256_mulx_u32(&x369, &x370, x345, UINT32_C(0xffffffff));
|
|
649
674
|
uint32_t x371;
|
|
650
675
|
fiat_p256_uint1 x372;
|
|
651
|
-
fiat_p256_addcarryx_u32(&x371, &x372,
|
|
676
|
+
fiat_p256_addcarryx_u32(&x371, &x372, 0x0, x370, x367);
|
|
652
677
|
uint32_t x373;
|
|
653
678
|
fiat_p256_uint1 x374;
|
|
654
|
-
fiat_p256_addcarryx_u32(&x373, &x374, x372,
|
|
655
|
-
uint32_t x375;
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
679
|
+
fiat_p256_addcarryx_u32(&x373, &x374, x372, x368, x365);
|
|
680
|
+
uint32_t x375 = (x374 + x366);
|
|
681
|
+
uint32_t x376;
|
|
682
|
+
fiat_p256_uint1 x377;
|
|
683
|
+
fiat_p256_addcarryx_u32(&x376, &x377, 0x0, x345, x369);
|
|
659
684
|
uint32_t x378;
|
|
660
|
-
|
|
661
|
-
|
|
685
|
+
fiat_p256_uint1 x379;
|
|
686
|
+
fiat_p256_addcarryx_u32(&x378, &x379, x377, x347, x371);
|
|
662
687
|
uint32_t x380;
|
|
663
|
-
|
|
664
|
-
|
|
688
|
+
fiat_p256_uint1 x381;
|
|
689
|
+
fiat_p256_addcarryx_u32(&x380, &x381, x379, x349, x373);
|
|
665
690
|
uint32_t x382;
|
|
666
|
-
|
|
667
|
-
|
|
691
|
+
fiat_p256_uint1 x383;
|
|
692
|
+
fiat_p256_addcarryx_u32(&x382, &x383, x381, x351, x375);
|
|
668
693
|
uint32_t x384;
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
674
|
-
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
fiat_p256_addcarryx_u32(&x393, &x394, x392, x385, x361);
|
|
694
|
+
fiat_p256_uint1 x385;
|
|
695
|
+
fiat_p256_addcarryx_u32(&x384, &x385, x383, x353, 0x0);
|
|
696
|
+
uint32_t x386;
|
|
697
|
+
fiat_p256_uint1 x387;
|
|
698
|
+
fiat_p256_addcarryx_u32(&x386, &x387, x385, x355, 0x0);
|
|
699
|
+
uint32_t x388;
|
|
700
|
+
fiat_p256_uint1 x389;
|
|
701
|
+
fiat_p256_addcarryx_u32(&x388, &x389, x387, x357, x345);
|
|
702
|
+
uint32_t x390;
|
|
703
|
+
fiat_p256_uint1 x391;
|
|
704
|
+
fiat_p256_addcarryx_u32(&x390, &x391, x389, x359, x363);
|
|
705
|
+
uint32_t x392;
|
|
706
|
+
fiat_p256_uint1 x393;
|
|
707
|
+
fiat_p256_addcarryx_u32(&x392, &x393, x391, x361, x364);
|
|
708
|
+
uint32_t x394 = ((uint32_t)x393 + x362);
|
|
685
709
|
uint32_t x395;
|
|
686
|
-
|
|
687
|
-
|
|
710
|
+
uint32_t x396;
|
|
711
|
+
fiat_p256_mulx_u32(&x395, &x396, x5, (arg2[7]));
|
|
688
712
|
uint32_t x397;
|
|
689
|
-
|
|
690
|
-
|
|
713
|
+
uint32_t x398;
|
|
714
|
+
fiat_p256_mulx_u32(&x397, &x398, x5, (arg2[6]));
|
|
691
715
|
uint32_t x399;
|
|
692
|
-
|
|
693
|
-
|
|
716
|
+
uint32_t x400;
|
|
717
|
+
fiat_p256_mulx_u32(&x399, &x400, x5, (arg2[5]));
|
|
694
718
|
uint32_t x401;
|
|
695
|
-
|
|
696
|
-
|
|
719
|
+
uint32_t x402;
|
|
720
|
+
fiat_p256_mulx_u32(&x401, &x402, x5, (arg2[4]));
|
|
697
721
|
uint32_t x403;
|
|
698
|
-
|
|
699
|
-
|
|
722
|
+
uint32_t x404;
|
|
723
|
+
fiat_p256_mulx_u32(&x403, &x404, x5, (arg2[3]));
|
|
700
724
|
uint32_t x405;
|
|
701
|
-
|
|
702
|
-
|
|
725
|
+
uint32_t x406;
|
|
726
|
+
fiat_p256_mulx_u32(&x405, &x406, x5, (arg2[2]));
|
|
703
727
|
uint32_t x407;
|
|
704
|
-
|
|
705
|
-
|
|
728
|
+
uint32_t x408;
|
|
729
|
+
fiat_p256_mulx_u32(&x407, &x408, x5, (arg2[1]));
|
|
706
730
|
uint32_t x409;
|
|
707
|
-
|
|
708
|
-
|
|
731
|
+
uint32_t x410;
|
|
732
|
+
fiat_p256_mulx_u32(&x409, &x410, x5, (arg2[0]));
|
|
709
733
|
uint32_t x411;
|
|
710
|
-
|
|
711
|
-
|
|
734
|
+
fiat_p256_uint1 x412;
|
|
735
|
+
fiat_p256_addcarryx_u32(&x411, &x412, 0x0, x410, x407);
|
|
712
736
|
uint32_t x413;
|
|
713
|
-
|
|
714
|
-
|
|
737
|
+
fiat_p256_uint1 x414;
|
|
738
|
+
fiat_p256_addcarryx_u32(&x413, &x414, x412, x408, x405);
|
|
715
739
|
uint32_t x415;
|
|
716
|
-
|
|
717
|
-
|
|
740
|
+
fiat_p256_uint1 x416;
|
|
741
|
+
fiat_p256_addcarryx_u32(&x415, &x416, x414, x406, x403);
|
|
718
742
|
uint32_t x417;
|
|
719
|
-
|
|
720
|
-
|
|
743
|
+
fiat_p256_uint1 x418;
|
|
744
|
+
fiat_p256_addcarryx_u32(&x417, &x418, x416, x404, x401);
|
|
721
745
|
uint32_t x419;
|
|
722
|
-
|
|
723
|
-
|
|
746
|
+
fiat_p256_uint1 x420;
|
|
747
|
+
fiat_p256_addcarryx_u32(&x419, &x420, x418, x402, x399);
|
|
724
748
|
uint32_t x421;
|
|
725
|
-
|
|
726
|
-
|
|
749
|
+
fiat_p256_uint1 x422;
|
|
750
|
+
fiat_p256_addcarryx_u32(&x421, &x422, x420, x400, x397);
|
|
727
751
|
uint32_t x423;
|
|
728
|
-
|
|
729
|
-
|
|
730
|
-
uint32_t x425;
|
|
752
|
+
fiat_p256_uint1 x424;
|
|
753
|
+
fiat_p256_addcarryx_u32(&x423, &x424, x422, x398, x395);
|
|
754
|
+
uint32_t x425 = (x424 + x396);
|
|
731
755
|
uint32_t x426;
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
fiat_p256_addcarryx_u32(&x443, &x444, 0x0, x425, x393);
|
|
756
|
+
fiat_p256_uint1 x427;
|
|
757
|
+
fiat_p256_addcarryx_u32(&x426, &x427, 0x0, x378, x409);
|
|
758
|
+
uint32_t x428;
|
|
759
|
+
fiat_p256_uint1 x429;
|
|
760
|
+
fiat_p256_addcarryx_u32(&x428, &x429, x427, x380, x411);
|
|
761
|
+
uint32_t x430;
|
|
762
|
+
fiat_p256_uint1 x431;
|
|
763
|
+
fiat_p256_addcarryx_u32(&x430, &x431, x429, x382, x413);
|
|
764
|
+
uint32_t x432;
|
|
765
|
+
fiat_p256_uint1 x433;
|
|
766
|
+
fiat_p256_addcarryx_u32(&x432, &x433, x431, x384, x415);
|
|
767
|
+
uint32_t x434;
|
|
768
|
+
fiat_p256_uint1 x435;
|
|
769
|
+
fiat_p256_addcarryx_u32(&x434, &x435, x433, x386, x417);
|
|
770
|
+
uint32_t x436;
|
|
771
|
+
fiat_p256_uint1 x437;
|
|
772
|
+
fiat_p256_addcarryx_u32(&x436, &x437, x435, x388, x419);
|
|
773
|
+
uint32_t x438;
|
|
774
|
+
fiat_p256_uint1 x439;
|
|
775
|
+
fiat_p256_addcarryx_u32(&x438, &x439, x437, x390, x421);
|
|
776
|
+
uint32_t x440;
|
|
777
|
+
fiat_p256_uint1 x441;
|
|
778
|
+
fiat_p256_addcarryx_u32(&x440, &x441, x439, x392, x423);
|
|
779
|
+
uint32_t x442;
|
|
780
|
+
fiat_p256_uint1 x443;
|
|
781
|
+
fiat_p256_addcarryx_u32(&x442, &x443, x441, x394, x425);
|
|
782
|
+
uint32_t x444;
|
|
760
783
|
uint32_t x445;
|
|
761
|
-
|
|
762
|
-
|
|
784
|
+
fiat_p256_mulx_u32(&x444, &x445, x426, UINT32_C(0xffffffff));
|
|
785
|
+
uint32_t x446;
|
|
763
786
|
uint32_t x447;
|
|
764
|
-
|
|
765
|
-
|
|
787
|
+
fiat_p256_mulx_u32(&x446, &x447, x426, UINT32_C(0xffffffff));
|
|
788
|
+
uint32_t x448;
|
|
766
789
|
uint32_t x449;
|
|
767
|
-
|
|
768
|
-
|
|
790
|
+
fiat_p256_mulx_u32(&x448, &x449, x426, UINT32_C(0xffffffff));
|
|
791
|
+
uint32_t x450;
|
|
769
792
|
uint32_t x451;
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
793
|
+
fiat_p256_mulx_u32(&x450, &x451, x426, UINT32_C(0xffffffff));
|
|
794
|
+
uint32_t x452;
|
|
795
|
+
fiat_p256_uint1 x453;
|
|
796
|
+
fiat_p256_addcarryx_u32(&x452, &x453, 0x0, x451, x448);
|
|
797
|
+
uint32_t x454;
|
|
798
|
+
fiat_p256_uint1 x455;
|
|
799
|
+
fiat_p256_addcarryx_u32(&x454, &x455, x453, x449, x446);
|
|
800
|
+
uint32_t x456 = (x455 + x447);
|
|
778
801
|
uint32_t x457;
|
|
779
802
|
fiat_p256_uint1 x458;
|
|
780
|
-
fiat_p256_addcarryx_u32(&x457, &x458,
|
|
803
|
+
fiat_p256_addcarryx_u32(&x457, &x458, 0x0, x426, x450);
|
|
781
804
|
uint32_t x459;
|
|
782
805
|
fiat_p256_uint1 x460;
|
|
783
|
-
fiat_p256_addcarryx_u32(&x459, &x460, x458,
|
|
806
|
+
fiat_p256_addcarryx_u32(&x459, &x460, x458, x428, x452);
|
|
784
807
|
uint32_t x461;
|
|
785
|
-
|
|
786
|
-
|
|
808
|
+
fiat_p256_uint1 x462;
|
|
809
|
+
fiat_p256_addcarryx_u32(&x461, &x462, x460, x430, x454);
|
|
787
810
|
uint32_t x463;
|
|
788
|
-
|
|
789
|
-
|
|
811
|
+
fiat_p256_uint1 x464;
|
|
812
|
+
fiat_p256_addcarryx_u32(&x463, &x464, x462, x432, x456);
|
|
790
813
|
uint32_t x465;
|
|
791
|
-
|
|
792
|
-
|
|
814
|
+
fiat_p256_uint1 x466;
|
|
815
|
+
fiat_p256_addcarryx_u32(&x465, &x466, x464, x434, 0x0);
|
|
793
816
|
uint32_t x467;
|
|
794
|
-
|
|
795
|
-
|
|
817
|
+
fiat_p256_uint1 x468;
|
|
818
|
+
fiat_p256_addcarryx_u32(&x467, &x468, x466, x436, 0x0);
|
|
796
819
|
uint32_t x469;
|
|
797
820
|
fiat_p256_uint1 x470;
|
|
798
|
-
fiat_p256_addcarryx_u32(&x469, &x470,
|
|
821
|
+
fiat_p256_addcarryx_u32(&x469, &x470, x468, x438, x426);
|
|
799
822
|
uint32_t x471;
|
|
800
823
|
fiat_p256_uint1 x472;
|
|
801
|
-
fiat_p256_addcarryx_u32(&x471, &x472, x470,
|
|
824
|
+
fiat_p256_addcarryx_u32(&x471, &x472, x470, x440, x444);
|
|
802
825
|
uint32_t x473;
|
|
803
826
|
fiat_p256_uint1 x474;
|
|
804
|
-
fiat_p256_addcarryx_u32(&x473, &x474, x472,
|
|
805
|
-
uint32_t x475;
|
|
806
|
-
|
|
807
|
-
fiat_p256_addcarryx_u32(&x475, &x476, 0x0, x467, x443);
|
|
827
|
+
fiat_p256_addcarryx_u32(&x473, &x474, x472, x442, x445);
|
|
828
|
+
uint32_t x475 = ((uint32_t)x474 + x443);
|
|
829
|
+
uint32_t x476;
|
|
808
830
|
uint32_t x477;
|
|
809
|
-
|
|
810
|
-
|
|
831
|
+
fiat_p256_mulx_u32(&x476, &x477, x6, (arg2[7]));
|
|
832
|
+
uint32_t x478;
|
|
811
833
|
uint32_t x479;
|
|
812
|
-
|
|
813
|
-
|
|
834
|
+
fiat_p256_mulx_u32(&x478, &x479, x6, (arg2[6]));
|
|
835
|
+
uint32_t x480;
|
|
814
836
|
uint32_t x481;
|
|
815
|
-
|
|
816
|
-
|
|
837
|
+
fiat_p256_mulx_u32(&x480, &x481, x6, (arg2[5]));
|
|
838
|
+
uint32_t x482;
|
|
817
839
|
uint32_t x483;
|
|
818
|
-
|
|
819
|
-
|
|
840
|
+
fiat_p256_mulx_u32(&x482, &x483, x6, (arg2[4]));
|
|
841
|
+
uint32_t x484;
|
|
820
842
|
uint32_t x485;
|
|
821
|
-
|
|
822
|
-
|
|
843
|
+
fiat_p256_mulx_u32(&x484, &x485, x6, (arg2[3]));
|
|
844
|
+
uint32_t x486;
|
|
823
845
|
uint32_t x487;
|
|
824
|
-
|
|
825
|
-
|
|
846
|
+
fiat_p256_mulx_u32(&x486, &x487, x6, (arg2[2]));
|
|
847
|
+
uint32_t x488;
|
|
826
848
|
uint32_t x489;
|
|
827
|
-
|
|
828
|
-
|
|
849
|
+
fiat_p256_mulx_u32(&x488, &x489, x6, (arg2[1]));
|
|
850
|
+
uint32_t x490;
|
|
829
851
|
uint32_t x491;
|
|
830
|
-
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
|
|
834
|
-
|
|
835
|
-
|
|
852
|
+
fiat_p256_mulx_u32(&x490, &x491, x6, (arg2[0]));
|
|
853
|
+
uint32_t x492;
|
|
854
|
+
fiat_p256_uint1 x493;
|
|
855
|
+
fiat_p256_addcarryx_u32(&x492, &x493, 0x0, x491, x488);
|
|
856
|
+
uint32_t x494;
|
|
857
|
+
fiat_p256_uint1 x495;
|
|
858
|
+
fiat_p256_addcarryx_u32(&x494, &x495, x493, x489, x486);
|
|
836
859
|
uint32_t x496;
|
|
837
|
-
|
|
838
|
-
|
|
860
|
+
fiat_p256_uint1 x497;
|
|
861
|
+
fiat_p256_addcarryx_u32(&x496, &x497, x495, x487, x484);
|
|
839
862
|
uint32_t x498;
|
|
840
|
-
|
|
841
|
-
|
|
863
|
+
fiat_p256_uint1 x499;
|
|
864
|
+
fiat_p256_addcarryx_u32(&x498, &x499, x497, x485, x482);
|
|
842
865
|
uint32_t x500;
|
|
843
|
-
|
|
844
|
-
|
|
866
|
+
fiat_p256_uint1 x501;
|
|
867
|
+
fiat_p256_addcarryx_u32(&x500, &x501, x499, x483, x480);
|
|
845
868
|
uint32_t x502;
|
|
846
|
-
|
|
847
|
-
|
|
869
|
+
fiat_p256_uint1 x503;
|
|
870
|
+
fiat_p256_addcarryx_u32(&x502, &x503, x501, x481, x478);
|
|
848
871
|
uint32_t x504;
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
uint32_t x506;
|
|
852
|
-
fiat_p256_mulx_u32(&x505, &x506, x6, (arg2[2]));
|
|
872
|
+
fiat_p256_uint1 x505;
|
|
873
|
+
fiat_p256_addcarryx_u32(&x504, &x505, x503, x479, x476);
|
|
874
|
+
uint32_t x506 = (x505 + x477);
|
|
853
875
|
uint32_t x507;
|
|
854
|
-
|
|
855
|
-
|
|
876
|
+
fiat_p256_uint1 x508;
|
|
877
|
+
fiat_p256_addcarryx_u32(&x507, &x508, 0x0, x459, x490);
|
|
856
878
|
uint32_t x509;
|
|
857
|
-
|
|
858
|
-
|
|
879
|
+
fiat_p256_uint1 x510;
|
|
880
|
+
fiat_p256_addcarryx_u32(&x509, &x510, x508, x461, x492);
|
|
859
881
|
uint32_t x511;
|
|
860
882
|
fiat_p256_uint1 x512;
|
|
861
|
-
fiat_p256_addcarryx_u32(&x511, &x512,
|
|
883
|
+
fiat_p256_addcarryx_u32(&x511, &x512, x510, x463, x494);
|
|
862
884
|
uint32_t x513;
|
|
863
885
|
fiat_p256_uint1 x514;
|
|
864
|
-
fiat_p256_addcarryx_u32(&x513, &x514, x512,
|
|
886
|
+
fiat_p256_addcarryx_u32(&x513, &x514, x512, x465, x496);
|
|
865
887
|
uint32_t x515;
|
|
866
888
|
fiat_p256_uint1 x516;
|
|
867
|
-
fiat_p256_addcarryx_u32(&x515, &x516, x514,
|
|
889
|
+
fiat_p256_addcarryx_u32(&x515, &x516, x514, x467, x498);
|
|
868
890
|
uint32_t x517;
|
|
869
891
|
fiat_p256_uint1 x518;
|
|
870
|
-
fiat_p256_addcarryx_u32(&x517, &x518, x516,
|
|
892
|
+
fiat_p256_addcarryx_u32(&x517, &x518, x516, x469, x500);
|
|
871
893
|
uint32_t x519;
|
|
872
894
|
fiat_p256_uint1 x520;
|
|
873
|
-
fiat_p256_addcarryx_u32(&x519, &x520, x518,
|
|
895
|
+
fiat_p256_addcarryx_u32(&x519, &x520, x518, x471, x502);
|
|
874
896
|
uint32_t x521;
|
|
875
897
|
fiat_p256_uint1 x522;
|
|
876
|
-
fiat_p256_addcarryx_u32(&x521, &x522, x520,
|
|
898
|
+
fiat_p256_addcarryx_u32(&x521, &x522, x520, x473, x504);
|
|
877
899
|
uint32_t x523;
|
|
878
900
|
fiat_p256_uint1 x524;
|
|
879
|
-
fiat_p256_addcarryx_u32(&x523, &x524, x522,
|
|
901
|
+
fiat_p256_addcarryx_u32(&x523, &x524, x522, x475, x506);
|
|
880
902
|
uint32_t x525;
|
|
881
|
-
|
|
882
|
-
|
|
903
|
+
uint32_t x526;
|
|
904
|
+
fiat_p256_mulx_u32(&x525, &x526, x507, UINT32_C(0xffffffff));
|
|
883
905
|
uint32_t x527;
|
|
884
|
-
|
|
885
|
-
|
|
906
|
+
uint32_t x528;
|
|
907
|
+
fiat_p256_mulx_u32(&x527, &x528, x507, UINT32_C(0xffffffff));
|
|
886
908
|
uint32_t x529;
|
|
887
|
-
|
|
888
|
-
|
|
909
|
+
uint32_t x530;
|
|
910
|
+
fiat_p256_mulx_u32(&x529, &x530, x507, UINT32_C(0xffffffff));
|
|
889
911
|
uint32_t x531;
|
|
890
|
-
|
|
891
|
-
|
|
912
|
+
uint32_t x532;
|
|
913
|
+
fiat_p256_mulx_u32(&x531, &x532, x507, UINT32_C(0xffffffff));
|
|
892
914
|
uint32_t x533;
|
|
893
915
|
fiat_p256_uint1 x534;
|
|
894
|
-
fiat_p256_addcarryx_u32(&x533, &x534,
|
|
916
|
+
fiat_p256_addcarryx_u32(&x533, &x534, 0x0, x532, x529);
|
|
895
917
|
uint32_t x535;
|
|
896
918
|
fiat_p256_uint1 x536;
|
|
897
|
-
fiat_p256_addcarryx_u32(&x535, &x536, x534,
|
|
898
|
-
uint32_t x537;
|
|
899
|
-
|
|
900
|
-
|
|
901
|
-
|
|
902
|
-
|
|
903
|
-
|
|
904
|
-
|
|
905
|
-
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
919
|
+
fiat_p256_addcarryx_u32(&x535, &x536, x534, x530, x527);
|
|
920
|
+
uint32_t x537 = (x536 + x528);
|
|
921
|
+
uint32_t x538;
|
|
922
|
+
fiat_p256_uint1 x539;
|
|
923
|
+
fiat_p256_addcarryx_u32(&x538, &x539, 0x0, x507, x531);
|
|
924
|
+
uint32_t x540;
|
|
925
|
+
fiat_p256_uint1 x541;
|
|
926
|
+
fiat_p256_addcarryx_u32(&x540, &x541, x539, x509, x533);
|
|
927
|
+
uint32_t x542;
|
|
928
|
+
fiat_p256_uint1 x543;
|
|
929
|
+
fiat_p256_addcarryx_u32(&x542, &x543, x541, x511, x535);
|
|
930
|
+
uint32_t x544;
|
|
931
|
+
fiat_p256_uint1 x545;
|
|
932
|
+
fiat_p256_addcarryx_u32(&x544, &x545, x543, x513, x537);
|
|
911
933
|
uint32_t x546;
|
|
912
|
-
|
|
913
|
-
|
|
934
|
+
fiat_p256_uint1 x547;
|
|
935
|
+
fiat_p256_addcarryx_u32(&x546, &x547, x545, x515, 0x0);
|
|
914
936
|
uint32_t x548;
|
|
915
|
-
|
|
916
|
-
|
|
937
|
+
fiat_p256_uint1 x549;
|
|
938
|
+
fiat_p256_addcarryx_u32(&x548, &x549, x547, x517, 0x0);
|
|
917
939
|
uint32_t x550;
|
|
918
|
-
|
|
919
|
-
|
|
940
|
+
fiat_p256_uint1 x551;
|
|
941
|
+
fiat_p256_addcarryx_u32(&x550, &x551, x549, x519, x507);
|
|
920
942
|
uint32_t x552;
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
fiat_p256_addcarryx_u32(&x555, &x556, x554, x547, x550);
|
|
943
|
+
fiat_p256_uint1 x553;
|
|
944
|
+
fiat_p256_addcarryx_u32(&x552, &x553, x551, x521, x525);
|
|
945
|
+
uint32_t x554;
|
|
946
|
+
fiat_p256_uint1 x555;
|
|
947
|
+
fiat_p256_addcarryx_u32(&x554, &x555, x553, x523, x526);
|
|
948
|
+
uint32_t x556 = ((uint32_t)x555 + x524);
|
|
928
949
|
uint32_t x557;
|
|
929
|
-
|
|
930
|
-
|
|
950
|
+
uint32_t x558;
|
|
951
|
+
fiat_p256_mulx_u32(&x557, &x558, x7, (arg2[7]));
|
|
931
952
|
uint32_t x559;
|
|
932
|
-
|
|
933
|
-
|
|
953
|
+
uint32_t x560;
|
|
954
|
+
fiat_p256_mulx_u32(&x559, &x560, x7, (arg2[6]));
|
|
934
955
|
uint32_t x561;
|
|
935
|
-
|
|
936
|
-
|
|
956
|
+
uint32_t x562;
|
|
957
|
+
fiat_p256_mulx_u32(&x561, &x562, x7, (arg2[5]));
|
|
937
958
|
uint32_t x563;
|
|
938
|
-
|
|
939
|
-
|
|
959
|
+
uint32_t x564;
|
|
960
|
+
fiat_p256_mulx_u32(&x563, &x564, x7, (arg2[4]));
|
|
940
961
|
uint32_t x565;
|
|
941
|
-
|
|
942
|
-
|
|
962
|
+
uint32_t x566;
|
|
963
|
+
fiat_p256_mulx_u32(&x565, &x566, x7, (arg2[3]));
|
|
943
964
|
uint32_t x567;
|
|
944
|
-
|
|
945
|
-
|
|
965
|
+
uint32_t x568;
|
|
966
|
+
fiat_p256_mulx_u32(&x567, &x568, x7, (arg2[2]));
|
|
946
967
|
uint32_t x569;
|
|
947
|
-
|
|
948
|
-
|
|
968
|
+
uint32_t x570;
|
|
969
|
+
fiat_p256_mulx_u32(&x569, &x570, x7, (arg2[1]));
|
|
949
970
|
uint32_t x571;
|
|
950
|
-
|
|
951
|
-
|
|
971
|
+
uint32_t x572;
|
|
972
|
+
fiat_p256_mulx_u32(&x571, &x572, x7, (arg2[0]));
|
|
952
973
|
uint32_t x573;
|
|
953
974
|
fiat_p256_uint1 x574;
|
|
954
|
-
fiat_p256_addcarryx_u32(&x573, &x574,
|
|
975
|
+
fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x572, x569);
|
|
955
976
|
uint32_t x575;
|
|
956
977
|
fiat_p256_uint1 x576;
|
|
957
|
-
fiat_p256_addcarryx_u32(&x575, &x576, x574,
|
|
978
|
+
fiat_p256_addcarryx_u32(&x575, &x576, x574, x570, x567);
|
|
958
979
|
uint32_t x577;
|
|
959
980
|
fiat_p256_uint1 x578;
|
|
960
|
-
fiat_p256_addcarryx_u32(&x577, &x578, x576,
|
|
981
|
+
fiat_p256_addcarryx_u32(&x577, &x578, x576, x568, x565);
|
|
961
982
|
uint32_t x579;
|
|
962
|
-
|
|
963
|
-
|
|
983
|
+
fiat_p256_uint1 x580;
|
|
984
|
+
fiat_p256_addcarryx_u32(&x579, &x580, x578, x566, x563);
|
|
964
985
|
uint32_t x581;
|
|
965
|
-
|
|
966
|
-
|
|
986
|
+
fiat_p256_uint1 x582;
|
|
987
|
+
fiat_p256_addcarryx_u32(&x581, &x582, x580, x564, x561);
|
|
967
988
|
uint32_t x583;
|
|
968
|
-
|
|
969
|
-
|
|
989
|
+
fiat_p256_uint1 x584;
|
|
990
|
+
fiat_p256_addcarryx_u32(&x583, &x584, x582, x562, x559);
|
|
970
991
|
uint32_t x585;
|
|
971
|
-
|
|
972
|
-
|
|
973
|
-
uint32_t x587;
|
|
992
|
+
fiat_p256_uint1 x586;
|
|
993
|
+
fiat_p256_addcarryx_u32(&x585, &x586, x584, x560, x557);
|
|
994
|
+
uint32_t x587 = (x586 + x558);
|
|
974
995
|
uint32_t x588;
|
|
975
|
-
|
|
976
|
-
|
|
996
|
+
fiat_p256_uint1 x589;
|
|
997
|
+
fiat_p256_addcarryx_u32(&x588, &x589, 0x0, x540, x571);
|
|
977
998
|
uint32_t x590;
|
|
978
|
-
|
|
979
|
-
|
|
999
|
+
fiat_p256_uint1 x591;
|
|
1000
|
+
fiat_p256_addcarryx_u32(&x590, &x591, x589, x542, x573);
|
|
980
1001
|
uint32_t x592;
|
|
981
|
-
|
|
982
|
-
|
|
1002
|
+
fiat_p256_uint1 x593;
|
|
1003
|
+
fiat_p256_addcarryx_u32(&x592, &x593, x591, x544, x575);
|
|
983
1004
|
uint32_t x594;
|
|
984
|
-
|
|
985
|
-
|
|
986
|
-
|
|
987
|
-
|
|
988
|
-
|
|
989
|
-
|
|
990
|
-
|
|
991
|
-
|
|
992
|
-
|
|
993
|
-
|
|
994
|
-
|
|
995
|
-
|
|
996
|
-
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
fiat_p256_addcarryx_u32(&x605, &x606, x604, x581, x584);
|
|
1005
|
+
fiat_p256_uint1 x595;
|
|
1006
|
+
fiat_p256_addcarryx_u32(&x594, &x595, x593, x546, x577);
|
|
1007
|
+
uint32_t x596;
|
|
1008
|
+
fiat_p256_uint1 x597;
|
|
1009
|
+
fiat_p256_addcarryx_u32(&x596, &x597, x595, x548, x579);
|
|
1010
|
+
uint32_t x598;
|
|
1011
|
+
fiat_p256_uint1 x599;
|
|
1012
|
+
fiat_p256_addcarryx_u32(&x598, &x599, x597, x550, x581);
|
|
1013
|
+
uint32_t x600;
|
|
1014
|
+
fiat_p256_uint1 x601;
|
|
1015
|
+
fiat_p256_addcarryx_u32(&x600, &x601, x599, x552, x583);
|
|
1016
|
+
uint32_t x602;
|
|
1017
|
+
fiat_p256_uint1 x603;
|
|
1018
|
+
fiat_p256_addcarryx_u32(&x602, &x603, x601, x554, x585);
|
|
1019
|
+
uint32_t x604;
|
|
1020
|
+
fiat_p256_uint1 x605;
|
|
1021
|
+
fiat_p256_addcarryx_u32(&x604, &x605, x603, x556, x587);
|
|
1022
|
+
uint32_t x606;
|
|
1003
1023
|
uint32_t x607;
|
|
1004
|
-
|
|
1005
|
-
|
|
1024
|
+
fiat_p256_mulx_u32(&x606, &x607, x588, UINT32_C(0xffffffff));
|
|
1025
|
+
uint32_t x608;
|
|
1006
1026
|
uint32_t x609;
|
|
1007
|
-
|
|
1008
|
-
|
|
1027
|
+
fiat_p256_mulx_u32(&x608, &x609, x588, UINT32_C(0xffffffff));
|
|
1028
|
+
uint32_t x610;
|
|
1009
1029
|
uint32_t x611;
|
|
1010
|
-
|
|
1011
|
-
|
|
1030
|
+
fiat_p256_mulx_u32(&x610, &x611, x588, UINT32_C(0xffffffff));
|
|
1031
|
+
uint32_t x612;
|
|
1012
1032
|
uint32_t x613;
|
|
1013
|
-
|
|
1014
|
-
|
|
1015
|
-
|
|
1016
|
-
|
|
1017
|
-
|
|
1018
|
-
|
|
1019
|
-
|
|
1020
|
-
|
|
1033
|
+
fiat_p256_mulx_u32(&x612, &x613, x588, UINT32_C(0xffffffff));
|
|
1034
|
+
uint32_t x614;
|
|
1035
|
+
fiat_p256_uint1 x615;
|
|
1036
|
+
fiat_p256_addcarryx_u32(&x614, &x615, 0x0, x613, x610);
|
|
1037
|
+
uint32_t x616;
|
|
1038
|
+
fiat_p256_uint1 x617;
|
|
1039
|
+
fiat_p256_addcarryx_u32(&x616, &x617, x615, x611, x608);
|
|
1040
|
+
uint32_t x618 = (x617 + x609);
|
|
1021
1041
|
uint32_t x619;
|
|
1022
1042
|
fiat_p256_uint1 x620;
|
|
1023
|
-
fiat_p256_addcarryx_u32(&x619, &x620,
|
|
1043
|
+
fiat_p256_addcarryx_u32(&x619, &x620, 0x0, x588, x612);
|
|
1024
1044
|
uint32_t x621;
|
|
1025
1045
|
fiat_p256_uint1 x622;
|
|
1026
|
-
fiat_p256_addcarryx_u32(&x621, &x622, x620,
|
|
1046
|
+
fiat_p256_addcarryx_u32(&x621, &x622, x620, x590, x614);
|
|
1027
1047
|
uint32_t x623;
|
|
1028
1048
|
fiat_p256_uint1 x624;
|
|
1029
|
-
fiat_p256_addcarryx_u32(&x623, &x624, x622,
|
|
1049
|
+
fiat_p256_addcarryx_u32(&x623, &x624, x622, x592, x616);
|
|
1030
1050
|
uint32_t x625;
|
|
1031
1051
|
fiat_p256_uint1 x626;
|
|
1032
|
-
fiat_p256_addcarryx_u32(&x625, &x626, x624,
|
|
1052
|
+
fiat_p256_addcarryx_u32(&x625, &x626, x624, x594, x618);
|
|
1033
1053
|
uint32_t x627;
|
|
1034
1054
|
fiat_p256_uint1 x628;
|
|
1035
|
-
fiat_p256_addcarryx_u32(&x627, &x628, x626,
|
|
1055
|
+
fiat_p256_addcarryx_u32(&x627, &x628, x626, x596, 0x0);
|
|
1036
1056
|
uint32_t x629;
|
|
1037
|
-
|
|
1038
|
-
|
|
1057
|
+
fiat_p256_uint1 x630;
|
|
1058
|
+
fiat_p256_addcarryx_u32(&x629, &x630, x628, x598, 0x0);
|
|
1039
1059
|
uint32_t x631;
|
|
1040
|
-
|
|
1041
|
-
|
|
1060
|
+
fiat_p256_uint1 x632;
|
|
1061
|
+
fiat_p256_addcarryx_u32(&x631, &x632, x630, x600, x588);
|
|
1042
1062
|
uint32_t x633;
|
|
1043
|
-
|
|
1044
|
-
|
|
1063
|
+
fiat_p256_uint1 x634;
|
|
1064
|
+
fiat_p256_addcarryx_u32(&x633, &x634, x632, x602, x606);
|
|
1045
1065
|
uint32_t x635;
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
uint32_t x637;
|
|
1049
|
-
|
|
1050
|
-
|
|
1051
|
-
|
|
1052
|
-
|
|
1053
|
-
|
|
1054
|
-
|
|
1055
|
-
|
|
1056
|
-
|
|
1057
|
-
|
|
1058
|
-
|
|
1059
|
-
|
|
1060
|
-
|
|
1061
|
-
|
|
1062
|
-
|
|
1063
|
-
|
|
1064
|
-
|
|
1065
|
-
|
|
1066
|
-
|
|
1067
|
-
|
|
1068
|
-
|
|
1069
|
-
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
|
|
1074
|
-
|
|
1075
|
-
|
|
1076
|
-
|
|
1077
|
-
|
|
1066
|
+
fiat_p256_uint1 x636;
|
|
1067
|
+
fiat_p256_addcarryx_u32(&x635, &x636, x634, x604, x607);
|
|
1068
|
+
uint32_t x637 = ((uint32_t)x636 + x605);
|
|
1069
|
+
uint32_t x638;
|
|
1070
|
+
fiat_p256_uint1 x639;
|
|
1071
|
+
fiat_p256_subborrowx_u32(&x638, &x639, 0x0, x621, UINT32_C(0xffffffff));
|
|
1072
|
+
uint32_t x640;
|
|
1073
|
+
fiat_p256_uint1 x641;
|
|
1074
|
+
fiat_p256_subborrowx_u32(&x640, &x641, x639, x623, UINT32_C(0xffffffff));
|
|
1075
|
+
uint32_t x642;
|
|
1076
|
+
fiat_p256_uint1 x643;
|
|
1077
|
+
fiat_p256_subborrowx_u32(&x642, &x643, x641, x625, UINT32_C(0xffffffff));
|
|
1078
|
+
uint32_t x644;
|
|
1079
|
+
fiat_p256_uint1 x645;
|
|
1080
|
+
fiat_p256_subborrowx_u32(&x644, &x645, x643, x627, 0x0);
|
|
1081
|
+
uint32_t x646;
|
|
1082
|
+
fiat_p256_uint1 x647;
|
|
1083
|
+
fiat_p256_subborrowx_u32(&x646, &x647, x645, x629, 0x0);
|
|
1084
|
+
uint32_t x648;
|
|
1085
|
+
fiat_p256_uint1 x649;
|
|
1086
|
+
fiat_p256_subborrowx_u32(&x648, &x649, x647, x631, 0x0);
|
|
1087
|
+
uint32_t x650;
|
|
1088
|
+
fiat_p256_uint1 x651;
|
|
1089
|
+
fiat_p256_subborrowx_u32(&x650, &x651, x649, x633, 0x1);
|
|
1090
|
+
uint32_t x652;
|
|
1091
|
+
fiat_p256_uint1 x653;
|
|
1092
|
+
fiat_p256_subborrowx_u32(&x652, &x653, x651, x635, UINT32_C(0xffffffff));
|
|
1093
|
+
uint32_t x654;
|
|
1094
|
+
fiat_p256_uint1 x655;
|
|
1095
|
+
fiat_p256_subborrowx_u32(&x654, &x655, x653, x637, 0x0);
|
|
1096
|
+
uint32_t x656;
|
|
1097
|
+
fiat_p256_cmovznz_u32(&x656, x655, x638, x621);
|
|
1078
1098
|
uint32_t x657;
|
|
1079
|
-
|
|
1080
|
-
|
|
1099
|
+
fiat_p256_cmovznz_u32(&x657, x655, x640, x623);
|
|
1100
|
+
uint32_t x658;
|
|
1101
|
+
fiat_p256_cmovznz_u32(&x658, x655, x642, x625);
|
|
1081
1102
|
uint32_t x659;
|
|
1082
|
-
|
|
1083
|
-
|
|
1103
|
+
fiat_p256_cmovznz_u32(&x659, x655, x644, x627);
|
|
1104
|
+
uint32_t x660;
|
|
1105
|
+
fiat_p256_cmovznz_u32(&x660, x655, x646, x629);
|
|
1084
1106
|
uint32_t x661;
|
|
1085
|
-
|
|
1086
|
-
|
|
1107
|
+
fiat_p256_cmovznz_u32(&x661, x655, x648, x631);
|
|
1108
|
+
uint32_t x662;
|
|
1109
|
+
fiat_p256_cmovznz_u32(&x662, x655, x650, x633);
|
|
1087
1110
|
uint32_t x663;
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1092
|
-
|
|
1093
|
-
|
|
1094
|
-
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
fiat_p256_uint1 x670;
|
|
1098
|
-
fiat_p256_subborrowx_u32(&x669, &x670, x668, x651, 0x0);
|
|
1099
|
-
uint32_t x671;
|
|
1100
|
-
fiat_p256_uint1 x672;
|
|
1101
|
-
fiat_p256_subborrowx_u32(&x671, &x672, x670, x653, 0x0);
|
|
1102
|
-
uint32_t x673;
|
|
1103
|
-
fiat_p256_uint1 x674;
|
|
1104
|
-
fiat_p256_subborrowx_u32(&x673, &x674, x672, x655, 0x0);
|
|
1105
|
-
uint32_t x675;
|
|
1106
|
-
fiat_p256_uint1 x676;
|
|
1107
|
-
fiat_p256_subborrowx_u32(&x675, &x676, x674, x657, 0x1);
|
|
1108
|
-
uint32_t x677;
|
|
1109
|
-
fiat_p256_uint1 x678;
|
|
1110
|
-
fiat_p256_subborrowx_u32(&x677, &x678, x676, x659, UINT32_C(0xffffffff));
|
|
1111
|
-
uint32_t x679;
|
|
1112
|
-
fiat_p256_uint1 x680;
|
|
1113
|
-
fiat_p256_subborrowx_u32(&x679, &x680, x678, x661, 0x0);
|
|
1114
|
-
uint32_t x681;
|
|
1115
|
-
fiat_p256_cmovznz_u32(&x681, x680, x663, x645);
|
|
1116
|
-
uint32_t x682;
|
|
1117
|
-
fiat_p256_cmovznz_u32(&x682, x680, x665, x647);
|
|
1118
|
-
uint32_t x683;
|
|
1119
|
-
fiat_p256_cmovznz_u32(&x683, x680, x667, x649);
|
|
1120
|
-
uint32_t x684;
|
|
1121
|
-
fiat_p256_cmovznz_u32(&x684, x680, x669, x651);
|
|
1122
|
-
uint32_t x685;
|
|
1123
|
-
fiat_p256_cmovznz_u32(&x685, x680, x671, x653);
|
|
1124
|
-
uint32_t x686;
|
|
1125
|
-
fiat_p256_cmovznz_u32(&x686, x680, x673, x655);
|
|
1126
|
-
uint32_t x687;
|
|
1127
|
-
fiat_p256_cmovznz_u32(&x687, x680, x675, x657);
|
|
1128
|
-
uint32_t x688;
|
|
1129
|
-
fiat_p256_cmovznz_u32(&x688, x680, x677, x659);
|
|
1130
|
-
out1[0] = x681;
|
|
1131
|
-
out1[1] = x682;
|
|
1132
|
-
out1[2] = x683;
|
|
1133
|
-
out1[3] = x684;
|
|
1134
|
-
out1[4] = x685;
|
|
1135
|
-
out1[5] = x686;
|
|
1136
|
-
out1[6] = x687;
|
|
1137
|
-
out1[7] = x688;
|
|
1111
|
+
fiat_p256_cmovznz_u32(&x663, x655, x652, x635);
|
|
1112
|
+
out1[0] = x656;
|
|
1113
|
+
out1[1] = x657;
|
|
1114
|
+
out1[2] = x658;
|
|
1115
|
+
out1[3] = x659;
|
|
1116
|
+
out1[4] = x660;
|
|
1117
|
+
out1[5] = x661;
|
|
1118
|
+
out1[6] = x662;
|
|
1119
|
+
out1[7] = x663;
|
|
1138
1120
|
}
|
|
1139
1121
|
|
|
1140
1122
|
/*
|
|
1123
|
+
* The function fiat_p256_square squares a field element in the Montgomery domain.
|
|
1124
|
+
* Preconditions:
|
|
1125
|
+
* 0 ≤ eval arg1 < m
|
|
1126
|
+
* Postconditions:
|
|
1127
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
|
|
1128
|
+
* 0 ≤ eval out1 < m
|
|
1129
|
+
*
|
|
1141
1130
|
* Input Bounds:
|
|
1142
1131
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
1143
1132
|
* Output Bounds:
|
|
@@ -1178,1015 +1167,974 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) {
|
|
|
1178
1167
|
fiat_p256_mulx_u32(&x23, &x24, x8, (arg1[0]));
|
|
1179
1168
|
uint32_t x25;
|
|
1180
1169
|
fiat_p256_uint1 x26;
|
|
1181
|
-
fiat_p256_addcarryx_u32(&x25, &x26, 0x0,
|
|
1170
|
+
fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x24, x21);
|
|
1182
1171
|
uint32_t x27;
|
|
1183
1172
|
fiat_p256_uint1 x28;
|
|
1184
|
-
fiat_p256_addcarryx_u32(&x27, &x28, x26,
|
|
1173
|
+
fiat_p256_addcarryx_u32(&x27, &x28, x26, x22, x19);
|
|
1185
1174
|
uint32_t x29;
|
|
1186
1175
|
fiat_p256_uint1 x30;
|
|
1187
|
-
fiat_p256_addcarryx_u32(&x29, &x30, x28,
|
|
1176
|
+
fiat_p256_addcarryx_u32(&x29, &x30, x28, x20, x17);
|
|
1188
1177
|
uint32_t x31;
|
|
1189
1178
|
fiat_p256_uint1 x32;
|
|
1190
|
-
fiat_p256_addcarryx_u32(&x31, &x32, x30,
|
|
1179
|
+
fiat_p256_addcarryx_u32(&x31, &x32, x30, x18, x15);
|
|
1191
1180
|
uint32_t x33;
|
|
1192
1181
|
fiat_p256_uint1 x34;
|
|
1193
|
-
fiat_p256_addcarryx_u32(&x33, &x34, x32,
|
|
1182
|
+
fiat_p256_addcarryx_u32(&x33, &x34, x32, x16, x13);
|
|
1194
1183
|
uint32_t x35;
|
|
1195
1184
|
fiat_p256_uint1 x36;
|
|
1196
|
-
fiat_p256_addcarryx_u32(&x35, &x36, x34,
|
|
1185
|
+
fiat_p256_addcarryx_u32(&x35, &x36, x34, x14, x11);
|
|
1197
1186
|
uint32_t x37;
|
|
1198
1187
|
fiat_p256_uint1 x38;
|
|
1199
|
-
fiat_p256_addcarryx_u32(&x37, &x38, x36,
|
|
1200
|
-
uint32_t x39;
|
|
1201
|
-
|
|
1202
|
-
fiat_p256_addcarryx_u32(&x39, &x40, x38, 0x0, x10);
|
|
1188
|
+
fiat_p256_addcarryx_u32(&x37, &x38, x36, x12, x9);
|
|
1189
|
+
uint32_t x39 = (x38 + x10);
|
|
1190
|
+
uint32_t x40;
|
|
1203
1191
|
uint32_t x41;
|
|
1192
|
+
fiat_p256_mulx_u32(&x40, &x41, x23, UINT32_C(0xffffffff));
|
|
1204
1193
|
uint32_t x42;
|
|
1205
|
-
fiat_p256_mulx_u32(&x41, &x42, x23, UINT32_C(0xffffffff));
|
|
1206
1194
|
uint32_t x43;
|
|
1195
|
+
fiat_p256_mulx_u32(&x42, &x43, x23, UINT32_C(0xffffffff));
|
|
1207
1196
|
uint32_t x44;
|
|
1208
|
-
fiat_p256_mulx_u32(&x43, &x44, x23, UINT32_C(0xffffffff));
|
|
1209
1197
|
uint32_t x45;
|
|
1198
|
+
fiat_p256_mulx_u32(&x44, &x45, x23, UINT32_C(0xffffffff));
|
|
1210
1199
|
uint32_t x46;
|
|
1211
|
-
fiat_p256_mulx_u32(&x45, &x46, x23, UINT32_C(0xffffffff));
|
|
1212
1200
|
uint32_t x47;
|
|
1201
|
+
fiat_p256_mulx_u32(&x46, &x47, x23, UINT32_C(0xffffffff));
|
|
1213
1202
|
uint32_t x48;
|
|
1214
|
-
|
|
1215
|
-
|
|
1216
|
-
|
|
1217
|
-
|
|
1218
|
-
|
|
1219
|
-
|
|
1220
|
-
fiat_p256_addcarryx_u32(&x51, &x52, x50, x43, x46);
|
|
1203
|
+
fiat_p256_uint1 x49;
|
|
1204
|
+
fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x47, x44);
|
|
1205
|
+
uint32_t x50;
|
|
1206
|
+
fiat_p256_uint1 x51;
|
|
1207
|
+
fiat_p256_addcarryx_u32(&x50, &x51, x49, x45, x42);
|
|
1208
|
+
uint32_t x52 = (x51 + x43);
|
|
1221
1209
|
uint32_t x53;
|
|
1222
1210
|
fiat_p256_uint1 x54;
|
|
1223
|
-
fiat_p256_addcarryx_u32(&x53, &x54,
|
|
1211
|
+
fiat_p256_addcarryx_u32(&x53, &x54, 0x0, x23, x46);
|
|
1224
1212
|
uint32_t x55;
|
|
1225
1213
|
fiat_p256_uint1 x56;
|
|
1226
|
-
fiat_p256_addcarryx_u32(&x55, &x56,
|
|
1214
|
+
fiat_p256_addcarryx_u32(&x55, &x56, x54, x25, x48);
|
|
1227
1215
|
uint32_t x57;
|
|
1228
1216
|
fiat_p256_uint1 x58;
|
|
1229
|
-
fiat_p256_addcarryx_u32(&x57, &x58, x56,
|
|
1217
|
+
fiat_p256_addcarryx_u32(&x57, &x58, x56, x27, x50);
|
|
1230
1218
|
uint32_t x59;
|
|
1231
1219
|
fiat_p256_uint1 x60;
|
|
1232
|
-
fiat_p256_addcarryx_u32(&x59, &x60, x58,
|
|
1220
|
+
fiat_p256_addcarryx_u32(&x59, &x60, x58, x29, x52);
|
|
1233
1221
|
uint32_t x61;
|
|
1234
1222
|
fiat_p256_uint1 x62;
|
|
1235
|
-
fiat_p256_addcarryx_u32(&x61, &x62, x60,
|
|
1223
|
+
fiat_p256_addcarryx_u32(&x61, &x62, x60, x31, 0x0);
|
|
1236
1224
|
uint32_t x63;
|
|
1237
1225
|
fiat_p256_uint1 x64;
|
|
1238
|
-
fiat_p256_addcarryx_u32(&x63, &x64, x62,
|
|
1226
|
+
fiat_p256_addcarryx_u32(&x63, &x64, x62, x33, 0x0);
|
|
1239
1227
|
uint32_t x65;
|
|
1240
1228
|
fiat_p256_uint1 x66;
|
|
1241
|
-
fiat_p256_addcarryx_u32(&x65, &x66, x64,
|
|
1229
|
+
fiat_p256_addcarryx_u32(&x65, &x66, x64, x35, x23);
|
|
1242
1230
|
uint32_t x67;
|
|
1243
1231
|
fiat_p256_uint1 x68;
|
|
1244
|
-
fiat_p256_addcarryx_u32(&x67, &x68, x66,
|
|
1232
|
+
fiat_p256_addcarryx_u32(&x67, &x68, x66, x37, x40);
|
|
1245
1233
|
uint32_t x69;
|
|
1246
1234
|
fiat_p256_uint1 x70;
|
|
1247
|
-
fiat_p256_addcarryx_u32(&x69, &x70, x68,
|
|
1235
|
+
fiat_p256_addcarryx_u32(&x69, &x70, x68, x39, x41);
|
|
1248
1236
|
uint32_t x71;
|
|
1249
|
-
|
|
1250
|
-
|
|
1237
|
+
uint32_t x72;
|
|
1238
|
+
fiat_p256_mulx_u32(&x71, &x72, x1, (arg1[7]));
|
|
1251
1239
|
uint32_t x73;
|
|
1252
|
-
|
|
1253
|
-
|
|
1240
|
+
uint32_t x74;
|
|
1241
|
+
fiat_p256_mulx_u32(&x73, &x74, x1, (arg1[6]));
|
|
1254
1242
|
uint32_t x75;
|
|
1255
1243
|
uint32_t x76;
|
|
1256
|
-
fiat_p256_mulx_u32(&x75, &x76, x1, (arg1[
|
|
1244
|
+
fiat_p256_mulx_u32(&x75, &x76, x1, (arg1[5]));
|
|
1257
1245
|
uint32_t x77;
|
|
1258
1246
|
uint32_t x78;
|
|
1259
|
-
fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[
|
|
1247
|
+
fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[4]));
|
|
1260
1248
|
uint32_t x79;
|
|
1261
1249
|
uint32_t x80;
|
|
1262
|
-
fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[
|
|
1250
|
+
fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[3]));
|
|
1263
1251
|
uint32_t x81;
|
|
1264
1252
|
uint32_t x82;
|
|
1265
|
-
fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[
|
|
1253
|
+
fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[2]));
|
|
1266
1254
|
uint32_t x83;
|
|
1267
1255
|
uint32_t x84;
|
|
1268
|
-
fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[
|
|
1256
|
+
fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[1]));
|
|
1269
1257
|
uint32_t x85;
|
|
1270
1258
|
uint32_t x86;
|
|
1271
|
-
fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[
|
|
1259
|
+
fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[0]));
|
|
1272
1260
|
uint32_t x87;
|
|
1273
|
-
|
|
1274
|
-
|
|
1261
|
+
fiat_p256_uint1 x88;
|
|
1262
|
+
fiat_p256_addcarryx_u32(&x87, &x88, 0x0, x86, x83);
|
|
1275
1263
|
uint32_t x89;
|
|
1276
|
-
|
|
1277
|
-
|
|
1264
|
+
fiat_p256_uint1 x90;
|
|
1265
|
+
fiat_p256_addcarryx_u32(&x89, &x90, x88, x84, x81);
|
|
1278
1266
|
uint32_t x91;
|
|
1279
1267
|
fiat_p256_uint1 x92;
|
|
1280
|
-
fiat_p256_addcarryx_u32(&x91, &x92,
|
|
1268
|
+
fiat_p256_addcarryx_u32(&x91, &x92, x90, x82, x79);
|
|
1281
1269
|
uint32_t x93;
|
|
1282
1270
|
fiat_p256_uint1 x94;
|
|
1283
|
-
fiat_p256_addcarryx_u32(&x93, &x94, x92,
|
|
1271
|
+
fiat_p256_addcarryx_u32(&x93, &x94, x92, x80, x77);
|
|
1284
1272
|
uint32_t x95;
|
|
1285
1273
|
fiat_p256_uint1 x96;
|
|
1286
|
-
fiat_p256_addcarryx_u32(&x95, &x96, x94,
|
|
1274
|
+
fiat_p256_addcarryx_u32(&x95, &x96, x94, x78, x75);
|
|
1287
1275
|
uint32_t x97;
|
|
1288
1276
|
fiat_p256_uint1 x98;
|
|
1289
|
-
fiat_p256_addcarryx_u32(&x97, &x98, x96,
|
|
1277
|
+
fiat_p256_addcarryx_u32(&x97, &x98, x96, x76, x73);
|
|
1290
1278
|
uint32_t x99;
|
|
1291
1279
|
fiat_p256_uint1 x100;
|
|
1292
|
-
fiat_p256_addcarryx_u32(&x99, &x100, x98,
|
|
1293
|
-
uint32_t x101;
|
|
1294
|
-
|
|
1295
|
-
|
|
1296
|
-
|
|
1297
|
-
|
|
1298
|
-
|
|
1299
|
-
|
|
1300
|
-
|
|
1301
|
-
|
|
1302
|
-
|
|
1303
|
-
|
|
1304
|
-
|
|
1305
|
-
|
|
1306
|
-
|
|
1307
|
-
|
|
1308
|
-
|
|
1309
|
-
|
|
1310
|
-
|
|
1311
|
-
|
|
1312
|
-
|
|
1313
|
-
|
|
1314
|
-
|
|
1315
|
-
|
|
1316
|
-
|
|
1317
|
-
|
|
1318
|
-
|
|
1319
|
-
|
|
1320
|
-
|
|
1321
|
-
|
|
1322
|
-
fiat_p256_addcarryx_u32(&x119, &x120, x118, x101, x69);
|
|
1280
|
+
fiat_p256_addcarryx_u32(&x99, &x100, x98, x74, x71);
|
|
1281
|
+
uint32_t x101 = (x100 + x72);
|
|
1282
|
+
uint32_t x102;
|
|
1283
|
+
fiat_p256_uint1 x103;
|
|
1284
|
+
fiat_p256_addcarryx_u32(&x102, &x103, 0x0, x55, x85);
|
|
1285
|
+
uint32_t x104;
|
|
1286
|
+
fiat_p256_uint1 x105;
|
|
1287
|
+
fiat_p256_addcarryx_u32(&x104, &x105, x103, x57, x87);
|
|
1288
|
+
uint32_t x106;
|
|
1289
|
+
fiat_p256_uint1 x107;
|
|
1290
|
+
fiat_p256_addcarryx_u32(&x106, &x107, x105, x59, x89);
|
|
1291
|
+
uint32_t x108;
|
|
1292
|
+
fiat_p256_uint1 x109;
|
|
1293
|
+
fiat_p256_addcarryx_u32(&x108, &x109, x107, x61, x91);
|
|
1294
|
+
uint32_t x110;
|
|
1295
|
+
fiat_p256_uint1 x111;
|
|
1296
|
+
fiat_p256_addcarryx_u32(&x110, &x111, x109, x63, x93);
|
|
1297
|
+
uint32_t x112;
|
|
1298
|
+
fiat_p256_uint1 x113;
|
|
1299
|
+
fiat_p256_addcarryx_u32(&x112, &x113, x111, x65, x95);
|
|
1300
|
+
uint32_t x114;
|
|
1301
|
+
fiat_p256_uint1 x115;
|
|
1302
|
+
fiat_p256_addcarryx_u32(&x114, &x115, x113, x67, x97);
|
|
1303
|
+
uint32_t x116;
|
|
1304
|
+
fiat_p256_uint1 x117;
|
|
1305
|
+
fiat_p256_addcarryx_u32(&x116, &x117, x115, x69, x99);
|
|
1306
|
+
uint32_t x118;
|
|
1307
|
+
fiat_p256_uint1 x119;
|
|
1308
|
+
fiat_p256_addcarryx_u32(&x118, &x119, x117, x70, x101);
|
|
1309
|
+
uint32_t x120;
|
|
1323
1310
|
uint32_t x121;
|
|
1324
|
-
|
|
1325
|
-
|
|
1311
|
+
fiat_p256_mulx_u32(&x120, &x121, x102, UINT32_C(0xffffffff));
|
|
1312
|
+
uint32_t x122;
|
|
1326
1313
|
uint32_t x123;
|
|
1327
|
-
|
|
1328
|
-
|
|
1314
|
+
fiat_p256_mulx_u32(&x122, &x123, x102, UINT32_C(0xffffffff));
|
|
1315
|
+
uint32_t x124;
|
|
1329
1316
|
uint32_t x125;
|
|
1317
|
+
fiat_p256_mulx_u32(&x124, &x125, x102, UINT32_C(0xffffffff));
|
|
1330
1318
|
uint32_t x126;
|
|
1331
|
-
fiat_p256_mulx_u32(&x125, &x126, x107, UINT32_C(0xffffffff));
|
|
1332
1319
|
uint32_t x127;
|
|
1320
|
+
fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff));
|
|
1333
1321
|
uint32_t x128;
|
|
1334
|
-
|
|
1335
|
-
|
|
1322
|
+
fiat_p256_uint1 x129;
|
|
1323
|
+
fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x127, x124);
|
|
1336
1324
|
uint32_t x130;
|
|
1337
|
-
|
|
1338
|
-
|
|
1339
|
-
uint32_t x132;
|
|
1340
|
-
fiat_p256_mulx_u32(&x131, &x132, x107, UINT32_C(0xffffffff));
|
|
1325
|
+
fiat_p256_uint1 x131;
|
|
1326
|
+
fiat_p256_addcarryx_u32(&x130, &x131, x129, x125, x122);
|
|
1327
|
+
uint32_t x132 = (x131 + x123);
|
|
1341
1328
|
uint32_t x133;
|
|
1342
1329
|
fiat_p256_uint1 x134;
|
|
1343
|
-
fiat_p256_addcarryx_u32(&x133, &x134, 0x0,
|
|
1330
|
+
fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x102, x126);
|
|
1344
1331
|
uint32_t x135;
|
|
1345
1332
|
fiat_p256_uint1 x136;
|
|
1346
|
-
fiat_p256_addcarryx_u32(&x135, &x136, x134,
|
|
1333
|
+
fiat_p256_addcarryx_u32(&x135, &x136, x134, x104, x128);
|
|
1347
1334
|
uint32_t x137;
|
|
1348
1335
|
fiat_p256_uint1 x138;
|
|
1349
|
-
fiat_p256_addcarryx_u32(&x137, &x138, x136,
|
|
1336
|
+
fiat_p256_addcarryx_u32(&x137, &x138, x136, x106, x130);
|
|
1350
1337
|
uint32_t x139;
|
|
1351
1338
|
fiat_p256_uint1 x140;
|
|
1352
|
-
fiat_p256_addcarryx_u32(&x139, &x140,
|
|
1339
|
+
fiat_p256_addcarryx_u32(&x139, &x140, x138, x108, x132);
|
|
1353
1340
|
uint32_t x141;
|
|
1354
1341
|
fiat_p256_uint1 x142;
|
|
1355
|
-
fiat_p256_addcarryx_u32(&x141, &x142, x140,
|
|
1342
|
+
fiat_p256_addcarryx_u32(&x141, &x142, x140, x110, 0x0);
|
|
1356
1343
|
uint32_t x143;
|
|
1357
1344
|
fiat_p256_uint1 x144;
|
|
1358
|
-
fiat_p256_addcarryx_u32(&x143, &x144, x142,
|
|
1345
|
+
fiat_p256_addcarryx_u32(&x143, &x144, x142, x112, 0x0);
|
|
1359
1346
|
uint32_t x145;
|
|
1360
1347
|
fiat_p256_uint1 x146;
|
|
1361
|
-
fiat_p256_addcarryx_u32(&x145, &x146, x144,
|
|
1348
|
+
fiat_p256_addcarryx_u32(&x145, &x146, x144, x114, x102);
|
|
1362
1349
|
uint32_t x147;
|
|
1363
1350
|
fiat_p256_uint1 x148;
|
|
1364
|
-
fiat_p256_addcarryx_u32(&x147, &x148, x146,
|
|
1351
|
+
fiat_p256_addcarryx_u32(&x147, &x148, x146, x116, x120);
|
|
1365
1352
|
uint32_t x149;
|
|
1366
1353
|
fiat_p256_uint1 x150;
|
|
1367
|
-
fiat_p256_addcarryx_u32(&x149, &x150, x148,
|
|
1368
|
-
uint32_t x151;
|
|
1369
|
-
|
|
1370
|
-
fiat_p256_addcarryx_u32(&x151, &x152, x150, x107, x119);
|
|
1354
|
+
fiat_p256_addcarryx_u32(&x149, &x150, x148, x118, x121);
|
|
1355
|
+
uint32_t x151 = ((uint32_t)x150 + x119);
|
|
1356
|
+
uint32_t x152;
|
|
1371
1357
|
uint32_t x153;
|
|
1372
|
-
|
|
1373
|
-
|
|
1358
|
+
fiat_p256_mulx_u32(&x152, &x153, x2, (arg1[7]));
|
|
1359
|
+
uint32_t x154;
|
|
1374
1360
|
uint32_t x155;
|
|
1375
|
-
|
|
1376
|
-
|
|
1361
|
+
fiat_p256_mulx_u32(&x154, &x155, x2, (arg1[6]));
|
|
1362
|
+
uint32_t x156;
|
|
1377
1363
|
uint32_t x157;
|
|
1378
|
-
|
|
1379
|
-
|
|
1364
|
+
fiat_p256_mulx_u32(&x156, &x157, x2, (arg1[5]));
|
|
1365
|
+
uint32_t x158;
|
|
1380
1366
|
uint32_t x159;
|
|
1367
|
+
fiat_p256_mulx_u32(&x158, &x159, x2, (arg1[4]));
|
|
1381
1368
|
uint32_t x160;
|
|
1382
|
-
fiat_p256_mulx_u32(&x159, &x160, x2, (arg1[7]));
|
|
1383
1369
|
uint32_t x161;
|
|
1370
|
+
fiat_p256_mulx_u32(&x160, &x161, x2, (arg1[3]));
|
|
1384
1371
|
uint32_t x162;
|
|
1385
|
-
fiat_p256_mulx_u32(&x161, &x162, x2, (arg1[6]));
|
|
1386
1372
|
uint32_t x163;
|
|
1373
|
+
fiat_p256_mulx_u32(&x162, &x163, x2, (arg1[2]));
|
|
1387
1374
|
uint32_t x164;
|
|
1388
|
-
fiat_p256_mulx_u32(&x163, &x164, x2, (arg1[5]));
|
|
1389
1375
|
uint32_t x165;
|
|
1376
|
+
fiat_p256_mulx_u32(&x164, &x165, x2, (arg1[1]));
|
|
1390
1377
|
uint32_t x166;
|
|
1391
|
-
fiat_p256_mulx_u32(&x165, &x166, x2, (arg1[4]));
|
|
1392
1378
|
uint32_t x167;
|
|
1379
|
+
fiat_p256_mulx_u32(&x166, &x167, x2, (arg1[0]));
|
|
1393
1380
|
uint32_t x168;
|
|
1394
|
-
|
|
1395
|
-
|
|
1381
|
+
fiat_p256_uint1 x169;
|
|
1382
|
+
fiat_p256_addcarryx_u32(&x168, &x169, 0x0, x167, x164);
|
|
1396
1383
|
uint32_t x170;
|
|
1397
|
-
|
|
1398
|
-
|
|
1384
|
+
fiat_p256_uint1 x171;
|
|
1385
|
+
fiat_p256_addcarryx_u32(&x170, &x171, x169, x165, x162);
|
|
1399
1386
|
uint32_t x172;
|
|
1400
|
-
|
|
1401
|
-
|
|
1387
|
+
fiat_p256_uint1 x173;
|
|
1388
|
+
fiat_p256_addcarryx_u32(&x172, &x173, x171, x163, x160);
|
|
1402
1389
|
uint32_t x174;
|
|
1403
|
-
|
|
1404
|
-
|
|
1405
|
-
|
|
1406
|
-
|
|
1407
|
-
|
|
1408
|
-
|
|
1409
|
-
|
|
1410
|
-
|
|
1411
|
-
|
|
1412
|
-
|
|
1413
|
-
|
|
1414
|
-
|
|
1415
|
-
fiat_p256_addcarryx_u32(&x181, &x182, x180, x165, x168);
|
|
1390
|
+
fiat_p256_uint1 x175;
|
|
1391
|
+
fiat_p256_addcarryx_u32(&x174, &x175, x173, x161, x158);
|
|
1392
|
+
uint32_t x176;
|
|
1393
|
+
fiat_p256_uint1 x177;
|
|
1394
|
+
fiat_p256_addcarryx_u32(&x176, &x177, x175, x159, x156);
|
|
1395
|
+
uint32_t x178;
|
|
1396
|
+
fiat_p256_uint1 x179;
|
|
1397
|
+
fiat_p256_addcarryx_u32(&x178, &x179, x177, x157, x154);
|
|
1398
|
+
uint32_t x180;
|
|
1399
|
+
fiat_p256_uint1 x181;
|
|
1400
|
+
fiat_p256_addcarryx_u32(&x180, &x181, x179, x155, x152);
|
|
1401
|
+
uint32_t x182 = (x181 + x153);
|
|
1416
1402
|
uint32_t x183;
|
|
1417
1403
|
fiat_p256_uint1 x184;
|
|
1418
|
-
fiat_p256_addcarryx_u32(&x183, &x184,
|
|
1404
|
+
fiat_p256_addcarryx_u32(&x183, &x184, 0x0, x135, x166);
|
|
1419
1405
|
uint32_t x185;
|
|
1420
1406
|
fiat_p256_uint1 x186;
|
|
1421
|
-
fiat_p256_addcarryx_u32(&x185, &x186, x184,
|
|
1407
|
+
fiat_p256_addcarryx_u32(&x185, &x186, x184, x137, x168);
|
|
1422
1408
|
uint32_t x187;
|
|
1423
1409
|
fiat_p256_uint1 x188;
|
|
1424
|
-
fiat_p256_addcarryx_u32(&x187, &x188, x186,
|
|
1410
|
+
fiat_p256_addcarryx_u32(&x187, &x188, x186, x139, x170);
|
|
1425
1411
|
uint32_t x189;
|
|
1426
1412
|
fiat_p256_uint1 x190;
|
|
1427
|
-
fiat_p256_addcarryx_u32(&x189, &x190, x188,
|
|
1413
|
+
fiat_p256_addcarryx_u32(&x189, &x190, x188, x141, x172);
|
|
1428
1414
|
uint32_t x191;
|
|
1429
1415
|
fiat_p256_uint1 x192;
|
|
1430
|
-
fiat_p256_addcarryx_u32(&x191, &x192,
|
|
1416
|
+
fiat_p256_addcarryx_u32(&x191, &x192, x190, x143, x174);
|
|
1431
1417
|
uint32_t x193;
|
|
1432
1418
|
fiat_p256_uint1 x194;
|
|
1433
|
-
fiat_p256_addcarryx_u32(&x193, &x194, x192,
|
|
1419
|
+
fiat_p256_addcarryx_u32(&x193, &x194, x192, x145, x176);
|
|
1434
1420
|
uint32_t x195;
|
|
1435
1421
|
fiat_p256_uint1 x196;
|
|
1436
|
-
fiat_p256_addcarryx_u32(&x195, &x196, x194,
|
|
1422
|
+
fiat_p256_addcarryx_u32(&x195, &x196, x194, x147, x178);
|
|
1437
1423
|
uint32_t x197;
|
|
1438
1424
|
fiat_p256_uint1 x198;
|
|
1439
|
-
fiat_p256_addcarryx_u32(&x197, &x198, x196,
|
|
1425
|
+
fiat_p256_addcarryx_u32(&x197, &x198, x196, x149, x180);
|
|
1440
1426
|
uint32_t x199;
|
|
1441
1427
|
fiat_p256_uint1 x200;
|
|
1442
|
-
fiat_p256_addcarryx_u32(&x199, &x200, x198,
|
|
1428
|
+
fiat_p256_addcarryx_u32(&x199, &x200, x198, x151, x182);
|
|
1443
1429
|
uint32_t x201;
|
|
1444
|
-
|
|
1445
|
-
|
|
1430
|
+
uint32_t x202;
|
|
1431
|
+
fiat_p256_mulx_u32(&x201, &x202, x183, UINT32_C(0xffffffff));
|
|
1446
1432
|
uint32_t x203;
|
|
1447
|
-
|
|
1448
|
-
|
|
1433
|
+
uint32_t x204;
|
|
1434
|
+
fiat_p256_mulx_u32(&x203, &x204, x183, UINT32_C(0xffffffff));
|
|
1449
1435
|
uint32_t x205;
|
|
1450
|
-
|
|
1451
|
-
|
|
1436
|
+
uint32_t x206;
|
|
1437
|
+
fiat_p256_mulx_u32(&x205, &x206, x183, UINT32_C(0xffffffff));
|
|
1452
1438
|
uint32_t x207;
|
|
1453
|
-
|
|
1454
|
-
|
|
1439
|
+
uint32_t x208;
|
|
1440
|
+
fiat_p256_mulx_u32(&x207, &x208, x183, UINT32_C(0xffffffff));
|
|
1455
1441
|
uint32_t x209;
|
|
1456
|
-
|
|
1457
|
-
|
|
1442
|
+
fiat_p256_uint1 x210;
|
|
1443
|
+
fiat_p256_addcarryx_u32(&x209, &x210, 0x0, x208, x205);
|
|
1458
1444
|
uint32_t x211;
|
|
1459
|
-
|
|
1460
|
-
|
|
1461
|
-
uint32_t x213;
|
|
1445
|
+
fiat_p256_uint1 x212;
|
|
1446
|
+
fiat_p256_addcarryx_u32(&x211, &x212, x210, x206, x203);
|
|
1447
|
+
uint32_t x213 = (x212 + x204);
|
|
1462
1448
|
uint32_t x214;
|
|
1463
|
-
|
|
1464
|
-
|
|
1449
|
+
fiat_p256_uint1 x215;
|
|
1450
|
+
fiat_p256_addcarryx_u32(&x214, &x215, 0x0, x183, x207);
|
|
1465
1451
|
uint32_t x216;
|
|
1466
|
-
|
|
1467
|
-
|
|
1468
|
-
|
|
1469
|
-
|
|
1470
|
-
|
|
1471
|
-
|
|
1472
|
-
|
|
1473
|
-
|
|
1474
|
-
|
|
1475
|
-
|
|
1476
|
-
|
|
1477
|
-
|
|
1478
|
-
|
|
1479
|
-
|
|
1480
|
-
|
|
1481
|
-
|
|
1482
|
-
|
|
1483
|
-
|
|
1484
|
-
|
|
1485
|
-
|
|
1486
|
-
|
|
1487
|
-
|
|
1488
|
-
|
|
1489
|
-
|
|
1490
|
-
fiat_p256_addcarryx_u32(&x231, &x232, x230, 0x0, x199);
|
|
1452
|
+
fiat_p256_uint1 x217;
|
|
1453
|
+
fiat_p256_addcarryx_u32(&x216, &x217, x215, x185, x209);
|
|
1454
|
+
uint32_t x218;
|
|
1455
|
+
fiat_p256_uint1 x219;
|
|
1456
|
+
fiat_p256_addcarryx_u32(&x218, &x219, x217, x187, x211);
|
|
1457
|
+
uint32_t x220;
|
|
1458
|
+
fiat_p256_uint1 x221;
|
|
1459
|
+
fiat_p256_addcarryx_u32(&x220, &x221, x219, x189, x213);
|
|
1460
|
+
uint32_t x222;
|
|
1461
|
+
fiat_p256_uint1 x223;
|
|
1462
|
+
fiat_p256_addcarryx_u32(&x222, &x223, x221, x191, 0x0);
|
|
1463
|
+
uint32_t x224;
|
|
1464
|
+
fiat_p256_uint1 x225;
|
|
1465
|
+
fiat_p256_addcarryx_u32(&x224, &x225, x223, x193, 0x0);
|
|
1466
|
+
uint32_t x226;
|
|
1467
|
+
fiat_p256_uint1 x227;
|
|
1468
|
+
fiat_p256_addcarryx_u32(&x226, &x227, x225, x195, x183);
|
|
1469
|
+
uint32_t x228;
|
|
1470
|
+
fiat_p256_uint1 x229;
|
|
1471
|
+
fiat_p256_addcarryx_u32(&x228, &x229, x227, x197, x201);
|
|
1472
|
+
uint32_t x230;
|
|
1473
|
+
fiat_p256_uint1 x231;
|
|
1474
|
+
fiat_p256_addcarryx_u32(&x230, &x231, x229, x199, x202);
|
|
1475
|
+
uint32_t x232 = ((uint32_t)x231 + x200);
|
|
1491
1476
|
uint32_t x233;
|
|
1492
|
-
|
|
1493
|
-
|
|
1477
|
+
uint32_t x234;
|
|
1478
|
+
fiat_p256_mulx_u32(&x233, &x234, x3, (arg1[7]));
|
|
1494
1479
|
uint32_t x235;
|
|
1495
|
-
|
|
1496
|
-
|
|
1480
|
+
uint32_t x236;
|
|
1481
|
+
fiat_p256_mulx_u32(&x235, &x236, x3, (arg1[6]));
|
|
1497
1482
|
uint32_t x237;
|
|
1498
|
-
|
|
1499
|
-
|
|
1483
|
+
uint32_t x238;
|
|
1484
|
+
fiat_p256_mulx_u32(&x237, &x238, x3, (arg1[5]));
|
|
1500
1485
|
uint32_t x239;
|
|
1501
|
-
|
|
1502
|
-
|
|
1486
|
+
uint32_t x240;
|
|
1487
|
+
fiat_p256_mulx_u32(&x239, &x240, x3, (arg1[4]));
|
|
1503
1488
|
uint32_t x241;
|
|
1504
|
-
|
|
1505
|
-
|
|
1489
|
+
uint32_t x242;
|
|
1490
|
+
fiat_p256_mulx_u32(&x241, &x242, x3, (arg1[3]));
|
|
1506
1491
|
uint32_t x243;
|
|
1507
1492
|
uint32_t x244;
|
|
1508
|
-
fiat_p256_mulx_u32(&x243, &x244, x3, (arg1[
|
|
1493
|
+
fiat_p256_mulx_u32(&x243, &x244, x3, (arg1[2]));
|
|
1509
1494
|
uint32_t x245;
|
|
1510
1495
|
uint32_t x246;
|
|
1511
|
-
fiat_p256_mulx_u32(&x245, &x246, x3, (arg1[
|
|
1496
|
+
fiat_p256_mulx_u32(&x245, &x246, x3, (arg1[1]));
|
|
1512
1497
|
uint32_t x247;
|
|
1513
1498
|
uint32_t x248;
|
|
1514
|
-
fiat_p256_mulx_u32(&x247, &x248, x3, (arg1[
|
|
1499
|
+
fiat_p256_mulx_u32(&x247, &x248, x3, (arg1[0]));
|
|
1515
1500
|
uint32_t x249;
|
|
1516
|
-
|
|
1517
|
-
|
|
1501
|
+
fiat_p256_uint1 x250;
|
|
1502
|
+
fiat_p256_addcarryx_u32(&x249, &x250, 0x0, x248, x245);
|
|
1518
1503
|
uint32_t x251;
|
|
1519
|
-
|
|
1520
|
-
|
|
1504
|
+
fiat_p256_uint1 x252;
|
|
1505
|
+
fiat_p256_addcarryx_u32(&x251, &x252, x250, x246, x243);
|
|
1521
1506
|
uint32_t x253;
|
|
1522
|
-
|
|
1523
|
-
|
|
1507
|
+
fiat_p256_uint1 x254;
|
|
1508
|
+
fiat_p256_addcarryx_u32(&x253, &x254, x252, x244, x241);
|
|
1524
1509
|
uint32_t x255;
|
|
1525
|
-
|
|
1526
|
-
|
|
1510
|
+
fiat_p256_uint1 x256;
|
|
1511
|
+
fiat_p256_addcarryx_u32(&x255, &x256, x254, x242, x239);
|
|
1527
1512
|
uint32_t x257;
|
|
1528
|
-
|
|
1529
|
-
|
|
1513
|
+
fiat_p256_uint1 x258;
|
|
1514
|
+
fiat_p256_addcarryx_u32(&x257, &x258, x256, x240, x237);
|
|
1530
1515
|
uint32_t x259;
|
|
1531
1516
|
fiat_p256_uint1 x260;
|
|
1532
|
-
fiat_p256_addcarryx_u32(&x259, &x260,
|
|
1517
|
+
fiat_p256_addcarryx_u32(&x259, &x260, x258, x238, x235);
|
|
1533
1518
|
uint32_t x261;
|
|
1534
1519
|
fiat_p256_uint1 x262;
|
|
1535
|
-
fiat_p256_addcarryx_u32(&x261, &x262, x260,
|
|
1536
|
-
uint32_t x263;
|
|
1537
|
-
|
|
1538
|
-
|
|
1539
|
-
|
|
1540
|
-
|
|
1541
|
-
|
|
1542
|
-
|
|
1543
|
-
|
|
1544
|
-
|
|
1545
|
-
|
|
1546
|
-
|
|
1547
|
-
|
|
1548
|
-
|
|
1549
|
-
|
|
1550
|
-
|
|
1551
|
-
|
|
1552
|
-
|
|
1553
|
-
|
|
1554
|
-
|
|
1555
|
-
|
|
1556
|
-
|
|
1557
|
-
|
|
1558
|
-
|
|
1559
|
-
|
|
1560
|
-
|
|
1561
|
-
|
|
1562
|
-
|
|
1563
|
-
|
|
1564
|
-
|
|
1565
|
-
fiat_p256_addcarryx_u32(&x281, &x282, x280, x263, x231);
|
|
1520
|
+
fiat_p256_addcarryx_u32(&x261, &x262, x260, x236, x233);
|
|
1521
|
+
uint32_t x263 = (x262 + x234);
|
|
1522
|
+
uint32_t x264;
|
|
1523
|
+
fiat_p256_uint1 x265;
|
|
1524
|
+
fiat_p256_addcarryx_u32(&x264, &x265, 0x0, x216, x247);
|
|
1525
|
+
uint32_t x266;
|
|
1526
|
+
fiat_p256_uint1 x267;
|
|
1527
|
+
fiat_p256_addcarryx_u32(&x266, &x267, x265, x218, x249);
|
|
1528
|
+
uint32_t x268;
|
|
1529
|
+
fiat_p256_uint1 x269;
|
|
1530
|
+
fiat_p256_addcarryx_u32(&x268, &x269, x267, x220, x251);
|
|
1531
|
+
uint32_t x270;
|
|
1532
|
+
fiat_p256_uint1 x271;
|
|
1533
|
+
fiat_p256_addcarryx_u32(&x270, &x271, x269, x222, x253);
|
|
1534
|
+
uint32_t x272;
|
|
1535
|
+
fiat_p256_uint1 x273;
|
|
1536
|
+
fiat_p256_addcarryx_u32(&x272, &x273, x271, x224, x255);
|
|
1537
|
+
uint32_t x274;
|
|
1538
|
+
fiat_p256_uint1 x275;
|
|
1539
|
+
fiat_p256_addcarryx_u32(&x274, &x275, x273, x226, x257);
|
|
1540
|
+
uint32_t x276;
|
|
1541
|
+
fiat_p256_uint1 x277;
|
|
1542
|
+
fiat_p256_addcarryx_u32(&x276, &x277, x275, x228, x259);
|
|
1543
|
+
uint32_t x278;
|
|
1544
|
+
fiat_p256_uint1 x279;
|
|
1545
|
+
fiat_p256_addcarryx_u32(&x278, &x279, x277, x230, x261);
|
|
1546
|
+
uint32_t x280;
|
|
1547
|
+
fiat_p256_uint1 x281;
|
|
1548
|
+
fiat_p256_addcarryx_u32(&x280, &x281, x279, x232, x263);
|
|
1549
|
+
uint32_t x282;
|
|
1566
1550
|
uint32_t x283;
|
|
1567
|
-
|
|
1568
|
-
|
|
1551
|
+
fiat_p256_mulx_u32(&x282, &x283, x264, UINT32_C(0xffffffff));
|
|
1552
|
+
uint32_t x284;
|
|
1569
1553
|
uint32_t x285;
|
|
1570
|
-
|
|
1571
|
-
|
|
1554
|
+
fiat_p256_mulx_u32(&x284, &x285, x264, UINT32_C(0xffffffff));
|
|
1555
|
+
uint32_t x286;
|
|
1572
1556
|
uint32_t x287;
|
|
1573
|
-
|
|
1574
|
-
|
|
1557
|
+
fiat_p256_mulx_u32(&x286, &x287, x264, UINT32_C(0xffffffff));
|
|
1558
|
+
uint32_t x288;
|
|
1575
1559
|
uint32_t x289;
|
|
1576
|
-
|
|
1577
|
-
|
|
1578
|
-
|
|
1579
|
-
|
|
1580
|
-
|
|
1581
|
-
|
|
1582
|
-
|
|
1583
|
-
|
|
1560
|
+
fiat_p256_mulx_u32(&x288, &x289, x264, UINT32_C(0xffffffff));
|
|
1561
|
+
uint32_t x290;
|
|
1562
|
+
fiat_p256_uint1 x291;
|
|
1563
|
+
fiat_p256_addcarryx_u32(&x290, &x291, 0x0, x289, x286);
|
|
1564
|
+
uint32_t x292;
|
|
1565
|
+
fiat_p256_uint1 x293;
|
|
1566
|
+
fiat_p256_addcarryx_u32(&x292, &x293, x291, x287, x284);
|
|
1567
|
+
uint32_t x294 = (x293 + x285);
|
|
1584
1568
|
uint32_t x295;
|
|
1585
|
-
|
|
1586
|
-
|
|
1569
|
+
fiat_p256_uint1 x296;
|
|
1570
|
+
fiat_p256_addcarryx_u32(&x295, &x296, 0x0, x264, x288);
|
|
1587
1571
|
uint32_t x297;
|
|
1588
|
-
|
|
1589
|
-
|
|
1572
|
+
fiat_p256_uint1 x298;
|
|
1573
|
+
fiat_p256_addcarryx_u32(&x297, &x298, x296, x266, x290);
|
|
1590
1574
|
uint32_t x299;
|
|
1591
|
-
|
|
1592
|
-
|
|
1575
|
+
fiat_p256_uint1 x300;
|
|
1576
|
+
fiat_p256_addcarryx_u32(&x299, &x300, x298, x268, x292);
|
|
1593
1577
|
uint32_t x301;
|
|
1594
1578
|
fiat_p256_uint1 x302;
|
|
1595
|
-
fiat_p256_addcarryx_u32(&x301, &x302,
|
|
1579
|
+
fiat_p256_addcarryx_u32(&x301, &x302, x300, x270, x294);
|
|
1596
1580
|
uint32_t x303;
|
|
1597
1581
|
fiat_p256_uint1 x304;
|
|
1598
|
-
fiat_p256_addcarryx_u32(&x303, &x304, x302,
|
|
1582
|
+
fiat_p256_addcarryx_u32(&x303, &x304, x302, x272, 0x0);
|
|
1599
1583
|
uint32_t x305;
|
|
1600
1584
|
fiat_p256_uint1 x306;
|
|
1601
|
-
fiat_p256_addcarryx_u32(&x305, &x306, x304,
|
|
1585
|
+
fiat_p256_addcarryx_u32(&x305, &x306, x304, x274, 0x0);
|
|
1602
1586
|
uint32_t x307;
|
|
1603
1587
|
fiat_p256_uint1 x308;
|
|
1604
|
-
fiat_p256_addcarryx_u32(&x307, &x308,
|
|
1588
|
+
fiat_p256_addcarryx_u32(&x307, &x308, x306, x276, x264);
|
|
1605
1589
|
uint32_t x309;
|
|
1606
1590
|
fiat_p256_uint1 x310;
|
|
1607
|
-
fiat_p256_addcarryx_u32(&x309, &x310, x308,
|
|
1591
|
+
fiat_p256_addcarryx_u32(&x309, &x310, x308, x278, x282);
|
|
1608
1592
|
uint32_t x311;
|
|
1609
1593
|
fiat_p256_uint1 x312;
|
|
1610
|
-
fiat_p256_addcarryx_u32(&x311, &x312, x310,
|
|
1611
|
-
uint32_t x313;
|
|
1612
|
-
|
|
1613
|
-
fiat_p256_addcarryx_u32(&x313, &x314, x312, x305, x281);
|
|
1594
|
+
fiat_p256_addcarryx_u32(&x311, &x312, x310, x280, x283);
|
|
1595
|
+
uint32_t x313 = ((uint32_t)x312 + x281);
|
|
1596
|
+
uint32_t x314;
|
|
1614
1597
|
uint32_t x315;
|
|
1615
|
-
|
|
1616
|
-
|
|
1598
|
+
fiat_p256_mulx_u32(&x314, &x315, x4, (arg1[7]));
|
|
1599
|
+
uint32_t x316;
|
|
1617
1600
|
uint32_t x317;
|
|
1618
|
-
|
|
1619
|
-
|
|
1601
|
+
fiat_p256_mulx_u32(&x316, &x317, x4, (arg1[6]));
|
|
1602
|
+
uint32_t x318;
|
|
1620
1603
|
uint32_t x319;
|
|
1621
|
-
|
|
1622
|
-
|
|
1604
|
+
fiat_p256_mulx_u32(&x318, &x319, x4, (arg1[5]));
|
|
1605
|
+
uint32_t x320;
|
|
1623
1606
|
uint32_t x321;
|
|
1624
|
-
|
|
1625
|
-
|
|
1607
|
+
fiat_p256_mulx_u32(&x320, &x321, x4, (arg1[4]));
|
|
1608
|
+
uint32_t x322;
|
|
1626
1609
|
uint32_t x323;
|
|
1627
|
-
|
|
1628
|
-
|
|
1610
|
+
fiat_p256_mulx_u32(&x322, &x323, x4, (arg1[3]));
|
|
1611
|
+
uint32_t x324;
|
|
1629
1612
|
uint32_t x325;
|
|
1630
|
-
|
|
1631
|
-
|
|
1613
|
+
fiat_p256_mulx_u32(&x324, &x325, x4, (arg1[2]));
|
|
1614
|
+
uint32_t x326;
|
|
1632
1615
|
uint32_t x327;
|
|
1616
|
+
fiat_p256_mulx_u32(&x326, &x327, x4, (arg1[1]));
|
|
1633
1617
|
uint32_t x328;
|
|
1634
|
-
fiat_p256_mulx_u32(&x327, &x328, x4, (arg1[7]));
|
|
1635
1618
|
uint32_t x329;
|
|
1619
|
+
fiat_p256_mulx_u32(&x328, &x329, x4, (arg1[0]));
|
|
1636
1620
|
uint32_t x330;
|
|
1637
|
-
|
|
1638
|
-
|
|
1621
|
+
fiat_p256_uint1 x331;
|
|
1622
|
+
fiat_p256_addcarryx_u32(&x330, &x331, 0x0, x329, x326);
|
|
1639
1623
|
uint32_t x332;
|
|
1640
|
-
|
|
1641
|
-
|
|
1624
|
+
fiat_p256_uint1 x333;
|
|
1625
|
+
fiat_p256_addcarryx_u32(&x332, &x333, x331, x327, x324);
|
|
1642
1626
|
uint32_t x334;
|
|
1643
|
-
|
|
1644
|
-
|
|
1627
|
+
fiat_p256_uint1 x335;
|
|
1628
|
+
fiat_p256_addcarryx_u32(&x334, &x335, x333, x325, x322);
|
|
1645
1629
|
uint32_t x336;
|
|
1646
|
-
|
|
1647
|
-
|
|
1630
|
+
fiat_p256_uint1 x337;
|
|
1631
|
+
fiat_p256_addcarryx_u32(&x336, &x337, x335, x323, x320);
|
|
1648
1632
|
uint32_t x338;
|
|
1649
|
-
|
|
1650
|
-
|
|
1633
|
+
fiat_p256_uint1 x339;
|
|
1634
|
+
fiat_p256_addcarryx_u32(&x338, &x339, x337, x321, x318);
|
|
1651
1635
|
uint32_t x340;
|
|
1652
|
-
|
|
1653
|
-
|
|
1636
|
+
fiat_p256_uint1 x341;
|
|
1637
|
+
fiat_p256_addcarryx_u32(&x340, &x341, x339, x319, x316);
|
|
1654
1638
|
uint32_t x342;
|
|
1655
|
-
|
|
1656
|
-
|
|
1657
|
-
|
|
1658
|
-
fiat_p256_addcarryx_u32(&x343, &x344, 0x0, x339, x342);
|
|
1639
|
+
fiat_p256_uint1 x343;
|
|
1640
|
+
fiat_p256_addcarryx_u32(&x342, &x343, x341, x317, x314);
|
|
1641
|
+
uint32_t x344 = (x343 + x315);
|
|
1659
1642
|
uint32_t x345;
|
|
1660
1643
|
fiat_p256_uint1 x346;
|
|
1661
|
-
fiat_p256_addcarryx_u32(&x345, &x346,
|
|
1644
|
+
fiat_p256_addcarryx_u32(&x345, &x346, 0x0, x297, x328);
|
|
1662
1645
|
uint32_t x347;
|
|
1663
1646
|
fiat_p256_uint1 x348;
|
|
1664
|
-
fiat_p256_addcarryx_u32(&x347, &x348, x346,
|
|
1647
|
+
fiat_p256_addcarryx_u32(&x347, &x348, x346, x299, x330);
|
|
1665
1648
|
uint32_t x349;
|
|
1666
1649
|
fiat_p256_uint1 x350;
|
|
1667
|
-
fiat_p256_addcarryx_u32(&x349, &x350, x348,
|
|
1650
|
+
fiat_p256_addcarryx_u32(&x349, &x350, x348, x301, x332);
|
|
1668
1651
|
uint32_t x351;
|
|
1669
1652
|
fiat_p256_uint1 x352;
|
|
1670
|
-
fiat_p256_addcarryx_u32(&x351, &x352, x350,
|
|
1653
|
+
fiat_p256_addcarryx_u32(&x351, &x352, x350, x303, x334);
|
|
1671
1654
|
uint32_t x353;
|
|
1672
1655
|
fiat_p256_uint1 x354;
|
|
1673
|
-
fiat_p256_addcarryx_u32(&x353, &x354, x352,
|
|
1656
|
+
fiat_p256_addcarryx_u32(&x353, &x354, x352, x305, x336);
|
|
1674
1657
|
uint32_t x355;
|
|
1675
1658
|
fiat_p256_uint1 x356;
|
|
1676
|
-
fiat_p256_addcarryx_u32(&x355, &x356, x354,
|
|
1659
|
+
fiat_p256_addcarryx_u32(&x355, &x356, x354, x307, x338);
|
|
1677
1660
|
uint32_t x357;
|
|
1678
1661
|
fiat_p256_uint1 x358;
|
|
1679
|
-
fiat_p256_addcarryx_u32(&x357, &x358, x356,
|
|
1662
|
+
fiat_p256_addcarryx_u32(&x357, &x358, x356, x309, x340);
|
|
1680
1663
|
uint32_t x359;
|
|
1681
1664
|
fiat_p256_uint1 x360;
|
|
1682
|
-
fiat_p256_addcarryx_u32(&x359, &x360,
|
|
1665
|
+
fiat_p256_addcarryx_u32(&x359, &x360, x358, x311, x342);
|
|
1683
1666
|
uint32_t x361;
|
|
1684
1667
|
fiat_p256_uint1 x362;
|
|
1685
|
-
fiat_p256_addcarryx_u32(&x361, &x362, x360,
|
|
1668
|
+
fiat_p256_addcarryx_u32(&x361, &x362, x360, x313, x344);
|
|
1686
1669
|
uint32_t x363;
|
|
1687
|
-
|
|
1688
|
-
|
|
1670
|
+
uint32_t x364;
|
|
1671
|
+
fiat_p256_mulx_u32(&x363, &x364, x345, UINT32_C(0xffffffff));
|
|
1689
1672
|
uint32_t x365;
|
|
1690
|
-
|
|
1691
|
-
|
|
1673
|
+
uint32_t x366;
|
|
1674
|
+
fiat_p256_mulx_u32(&x365, &x366, x345, UINT32_C(0xffffffff));
|
|
1692
1675
|
uint32_t x367;
|
|
1693
|
-
|
|
1694
|
-
|
|
1676
|
+
uint32_t x368;
|
|
1677
|
+
fiat_p256_mulx_u32(&x367, &x368, x345, UINT32_C(0xffffffff));
|
|
1695
1678
|
uint32_t x369;
|
|
1696
|
-
|
|
1697
|
-
|
|
1679
|
+
uint32_t x370;
|
|
1680
|
+
fiat_p256_mulx_u32(&x369, &x370, x345, UINT32_C(0xffffffff));
|
|
1698
1681
|
uint32_t x371;
|
|
1699
1682
|
fiat_p256_uint1 x372;
|
|
1700
|
-
fiat_p256_addcarryx_u32(&x371, &x372,
|
|
1683
|
+
fiat_p256_addcarryx_u32(&x371, &x372, 0x0, x370, x367);
|
|
1701
1684
|
uint32_t x373;
|
|
1702
1685
|
fiat_p256_uint1 x374;
|
|
1703
|
-
fiat_p256_addcarryx_u32(&x373, &x374, x372,
|
|
1704
|
-
uint32_t x375;
|
|
1705
|
-
|
|
1706
|
-
|
|
1707
|
-
|
|
1686
|
+
fiat_p256_addcarryx_u32(&x373, &x374, x372, x368, x365);
|
|
1687
|
+
uint32_t x375 = (x374 + x366);
|
|
1688
|
+
uint32_t x376;
|
|
1689
|
+
fiat_p256_uint1 x377;
|
|
1690
|
+
fiat_p256_addcarryx_u32(&x376, &x377, 0x0, x345, x369);
|
|
1708
1691
|
uint32_t x378;
|
|
1709
|
-
|
|
1710
|
-
|
|
1692
|
+
fiat_p256_uint1 x379;
|
|
1693
|
+
fiat_p256_addcarryx_u32(&x378, &x379, x377, x347, x371);
|
|
1711
1694
|
uint32_t x380;
|
|
1712
|
-
|
|
1713
|
-
|
|
1695
|
+
fiat_p256_uint1 x381;
|
|
1696
|
+
fiat_p256_addcarryx_u32(&x380, &x381, x379, x349, x373);
|
|
1714
1697
|
uint32_t x382;
|
|
1715
|
-
|
|
1716
|
-
|
|
1698
|
+
fiat_p256_uint1 x383;
|
|
1699
|
+
fiat_p256_addcarryx_u32(&x382, &x383, x381, x351, x375);
|
|
1717
1700
|
uint32_t x384;
|
|
1718
|
-
|
|
1719
|
-
|
|
1720
|
-
|
|
1721
|
-
|
|
1722
|
-
|
|
1723
|
-
|
|
1724
|
-
|
|
1725
|
-
|
|
1726
|
-
|
|
1727
|
-
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
|
|
1732
|
-
|
|
1733
|
-
fiat_p256_addcarryx_u32(&x393, &x394, x392, x385, x361);
|
|
1701
|
+
fiat_p256_uint1 x385;
|
|
1702
|
+
fiat_p256_addcarryx_u32(&x384, &x385, x383, x353, 0x0);
|
|
1703
|
+
uint32_t x386;
|
|
1704
|
+
fiat_p256_uint1 x387;
|
|
1705
|
+
fiat_p256_addcarryx_u32(&x386, &x387, x385, x355, 0x0);
|
|
1706
|
+
uint32_t x388;
|
|
1707
|
+
fiat_p256_uint1 x389;
|
|
1708
|
+
fiat_p256_addcarryx_u32(&x388, &x389, x387, x357, x345);
|
|
1709
|
+
uint32_t x390;
|
|
1710
|
+
fiat_p256_uint1 x391;
|
|
1711
|
+
fiat_p256_addcarryx_u32(&x390, &x391, x389, x359, x363);
|
|
1712
|
+
uint32_t x392;
|
|
1713
|
+
fiat_p256_uint1 x393;
|
|
1714
|
+
fiat_p256_addcarryx_u32(&x392, &x393, x391, x361, x364);
|
|
1715
|
+
uint32_t x394 = ((uint32_t)x393 + x362);
|
|
1734
1716
|
uint32_t x395;
|
|
1735
|
-
|
|
1736
|
-
|
|
1717
|
+
uint32_t x396;
|
|
1718
|
+
fiat_p256_mulx_u32(&x395, &x396, x5, (arg1[7]));
|
|
1737
1719
|
uint32_t x397;
|
|
1738
|
-
|
|
1739
|
-
|
|
1720
|
+
uint32_t x398;
|
|
1721
|
+
fiat_p256_mulx_u32(&x397, &x398, x5, (arg1[6]));
|
|
1740
1722
|
uint32_t x399;
|
|
1741
|
-
|
|
1742
|
-
|
|
1723
|
+
uint32_t x400;
|
|
1724
|
+
fiat_p256_mulx_u32(&x399, &x400, x5, (arg1[5]));
|
|
1743
1725
|
uint32_t x401;
|
|
1744
|
-
|
|
1745
|
-
|
|
1726
|
+
uint32_t x402;
|
|
1727
|
+
fiat_p256_mulx_u32(&x401, &x402, x5, (arg1[4]));
|
|
1746
1728
|
uint32_t x403;
|
|
1747
|
-
|
|
1748
|
-
|
|
1729
|
+
uint32_t x404;
|
|
1730
|
+
fiat_p256_mulx_u32(&x403, &x404, x5, (arg1[3]));
|
|
1749
1731
|
uint32_t x405;
|
|
1750
|
-
|
|
1751
|
-
|
|
1732
|
+
uint32_t x406;
|
|
1733
|
+
fiat_p256_mulx_u32(&x405, &x406, x5, (arg1[2]));
|
|
1752
1734
|
uint32_t x407;
|
|
1753
|
-
|
|
1754
|
-
|
|
1735
|
+
uint32_t x408;
|
|
1736
|
+
fiat_p256_mulx_u32(&x407, &x408, x5, (arg1[1]));
|
|
1755
1737
|
uint32_t x409;
|
|
1756
|
-
|
|
1757
|
-
|
|
1738
|
+
uint32_t x410;
|
|
1739
|
+
fiat_p256_mulx_u32(&x409, &x410, x5, (arg1[0]));
|
|
1758
1740
|
uint32_t x411;
|
|
1759
|
-
|
|
1760
|
-
|
|
1741
|
+
fiat_p256_uint1 x412;
|
|
1742
|
+
fiat_p256_addcarryx_u32(&x411, &x412, 0x0, x410, x407);
|
|
1761
1743
|
uint32_t x413;
|
|
1762
|
-
|
|
1763
|
-
|
|
1744
|
+
fiat_p256_uint1 x414;
|
|
1745
|
+
fiat_p256_addcarryx_u32(&x413, &x414, x412, x408, x405);
|
|
1764
1746
|
uint32_t x415;
|
|
1765
|
-
|
|
1766
|
-
|
|
1747
|
+
fiat_p256_uint1 x416;
|
|
1748
|
+
fiat_p256_addcarryx_u32(&x415, &x416, x414, x406, x403);
|
|
1767
1749
|
uint32_t x417;
|
|
1768
|
-
|
|
1769
|
-
|
|
1750
|
+
fiat_p256_uint1 x418;
|
|
1751
|
+
fiat_p256_addcarryx_u32(&x417, &x418, x416, x404, x401);
|
|
1770
1752
|
uint32_t x419;
|
|
1771
|
-
|
|
1772
|
-
|
|
1753
|
+
fiat_p256_uint1 x420;
|
|
1754
|
+
fiat_p256_addcarryx_u32(&x419, &x420, x418, x402, x399);
|
|
1773
1755
|
uint32_t x421;
|
|
1774
|
-
|
|
1775
|
-
|
|
1756
|
+
fiat_p256_uint1 x422;
|
|
1757
|
+
fiat_p256_addcarryx_u32(&x421, &x422, x420, x400, x397);
|
|
1776
1758
|
uint32_t x423;
|
|
1777
|
-
|
|
1778
|
-
|
|
1779
|
-
uint32_t x425;
|
|
1759
|
+
fiat_p256_uint1 x424;
|
|
1760
|
+
fiat_p256_addcarryx_u32(&x423, &x424, x422, x398, x395);
|
|
1761
|
+
uint32_t x425 = (x424 + x396);
|
|
1780
1762
|
uint32_t x426;
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1795
|
-
|
|
1796
|
-
|
|
1797
|
-
|
|
1798
|
-
|
|
1799
|
-
|
|
1800
|
-
|
|
1801
|
-
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
|
|
1805
|
-
|
|
1806
|
-
|
|
1807
|
-
|
|
1808
|
-
fiat_p256_addcarryx_u32(&x443, &x444, 0x0, x425, x393);
|
|
1763
|
+
fiat_p256_uint1 x427;
|
|
1764
|
+
fiat_p256_addcarryx_u32(&x426, &x427, 0x0, x378, x409);
|
|
1765
|
+
uint32_t x428;
|
|
1766
|
+
fiat_p256_uint1 x429;
|
|
1767
|
+
fiat_p256_addcarryx_u32(&x428, &x429, x427, x380, x411);
|
|
1768
|
+
uint32_t x430;
|
|
1769
|
+
fiat_p256_uint1 x431;
|
|
1770
|
+
fiat_p256_addcarryx_u32(&x430, &x431, x429, x382, x413);
|
|
1771
|
+
uint32_t x432;
|
|
1772
|
+
fiat_p256_uint1 x433;
|
|
1773
|
+
fiat_p256_addcarryx_u32(&x432, &x433, x431, x384, x415);
|
|
1774
|
+
uint32_t x434;
|
|
1775
|
+
fiat_p256_uint1 x435;
|
|
1776
|
+
fiat_p256_addcarryx_u32(&x434, &x435, x433, x386, x417);
|
|
1777
|
+
uint32_t x436;
|
|
1778
|
+
fiat_p256_uint1 x437;
|
|
1779
|
+
fiat_p256_addcarryx_u32(&x436, &x437, x435, x388, x419);
|
|
1780
|
+
uint32_t x438;
|
|
1781
|
+
fiat_p256_uint1 x439;
|
|
1782
|
+
fiat_p256_addcarryx_u32(&x438, &x439, x437, x390, x421);
|
|
1783
|
+
uint32_t x440;
|
|
1784
|
+
fiat_p256_uint1 x441;
|
|
1785
|
+
fiat_p256_addcarryx_u32(&x440, &x441, x439, x392, x423);
|
|
1786
|
+
uint32_t x442;
|
|
1787
|
+
fiat_p256_uint1 x443;
|
|
1788
|
+
fiat_p256_addcarryx_u32(&x442, &x443, x441, x394, x425);
|
|
1789
|
+
uint32_t x444;
|
|
1809
1790
|
uint32_t x445;
|
|
1810
|
-
|
|
1811
|
-
|
|
1791
|
+
fiat_p256_mulx_u32(&x444, &x445, x426, UINT32_C(0xffffffff));
|
|
1792
|
+
uint32_t x446;
|
|
1812
1793
|
uint32_t x447;
|
|
1813
|
-
|
|
1814
|
-
|
|
1794
|
+
fiat_p256_mulx_u32(&x446, &x447, x426, UINT32_C(0xffffffff));
|
|
1795
|
+
uint32_t x448;
|
|
1815
1796
|
uint32_t x449;
|
|
1816
|
-
|
|
1817
|
-
|
|
1797
|
+
fiat_p256_mulx_u32(&x448, &x449, x426, UINT32_C(0xffffffff));
|
|
1798
|
+
uint32_t x450;
|
|
1818
1799
|
uint32_t x451;
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
|
|
1822
|
-
|
|
1823
|
-
|
|
1824
|
-
|
|
1825
|
-
|
|
1826
|
-
|
|
1800
|
+
fiat_p256_mulx_u32(&x450, &x451, x426, UINT32_C(0xffffffff));
|
|
1801
|
+
uint32_t x452;
|
|
1802
|
+
fiat_p256_uint1 x453;
|
|
1803
|
+
fiat_p256_addcarryx_u32(&x452, &x453, 0x0, x451, x448);
|
|
1804
|
+
uint32_t x454;
|
|
1805
|
+
fiat_p256_uint1 x455;
|
|
1806
|
+
fiat_p256_addcarryx_u32(&x454, &x455, x453, x449, x446);
|
|
1807
|
+
uint32_t x456 = (x455 + x447);
|
|
1827
1808
|
uint32_t x457;
|
|
1828
1809
|
fiat_p256_uint1 x458;
|
|
1829
|
-
fiat_p256_addcarryx_u32(&x457, &x458,
|
|
1810
|
+
fiat_p256_addcarryx_u32(&x457, &x458, 0x0, x426, x450);
|
|
1830
1811
|
uint32_t x459;
|
|
1831
1812
|
fiat_p256_uint1 x460;
|
|
1832
|
-
fiat_p256_addcarryx_u32(&x459, &x460, x458,
|
|
1813
|
+
fiat_p256_addcarryx_u32(&x459, &x460, x458, x428, x452);
|
|
1833
1814
|
uint32_t x461;
|
|
1834
|
-
|
|
1835
|
-
|
|
1815
|
+
fiat_p256_uint1 x462;
|
|
1816
|
+
fiat_p256_addcarryx_u32(&x461, &x462, x460, x430, x454);
|
|
1836
1817
|
uint32_t x463;
|
|
1837
|
-
|
|
1838
|
-
|
|
1818
|
+
fiat_p256_uint1 x464;
|
|
1819
|
+
fiat_p256_addcarryx_u32(&x463, &x464, x462, x432, x456);
|
|
1839
1820
|
uint32_t x465;
|
|
1840
|
-
|
|
1841
|
-
|
|
1821
|
+
fiat_p256_uint1 x466;
|
|
1822
|
+
fiat_p256_addcarryx_u32(&x465, &x466, x464, x434, 0x0);
|
|
1842
1823
|
uint32_t x467;
|
|
1843
|
-
|
|
1844
|
-
|
|
1824
|
+
fiat_p256_uint1 x468;
|
|
1825
|
+
fiat_p256_addcarryx_u32(&x467, &x468, x466, x436, 0x0);
|
|
1845
1826
|
uint32_t x469;
|
|
1846
1827
|
fiat_p256_uint1 x470;
|
|
1847
|
-
fiat_p256_addcarryx_u32(&x469, &x470,
|
|
1828
|
+
fiat_p256_addcarryx_u32(&x469, &x470, x468, x438, x426);
|
|
1848
1829
|
uint32_t x471;
|
|
1849
1830
|
fiat_p256_uint1 x472;
|
|
1850
|
-
fiat_p256_addcarryx_u32(&x471, &x472, x470,
|
|
1831
|
+
fiat_p256_addcarryx_u32(&x471, &x472, x470, x440, x444);
|
|
1851
1832
|
uint32_t x473;
|
|
1852
1833
|
fiat_p256_uint1 x474;
|
|
1853
|
-
fiat_p256_addcarryx_u32(&x473, &x474, x472,
|
|
1854
|
-
uint32_t x475;
|
|
1855
|
-
|
|
1856
|
-
fiat_p256_addcarryx_u32(&x475, &x476, 0x0, x467, x443);
|
|
1834
|
+
fiat_p256_addcarryx_u32(&x473, &x474, x472, x442, x445);
|
|
1835
|
+
uint32_t x475 = ((uint32_t)x474 + x443);
|
|
1836
|
+
uint32_t x476;
|
|
1857
1837
|
uint32_t x477;
|
|
1858
|
-
|
|
1859
|
-
|
|
1838
|
+
fiat_p256_mulx_u32(&x476, &x477, x6, (arg1[7]));
|
|
1839
|
+
uint32_t x478;
|
|
1860
1840
|
uint32_t x479;
|
|
1861
|
-
|
|
1862
|
-
|
|
1841
|
+
fiat_p256_mulx_u32(&x478, &x479, x6, (arg1[6]));
|
|
1842
|
+
uint32_t x480;
|
|
1863
1843
|
uint32_t x481;
|
|
1864
|
-
|
|
1865
|
-
|
|
1844
|
+
fiat_p256_mulx_u32(&x480, &x481, x6, (arg1[5]));
|
|
1845
|
+
uint32_t x482;
|
|
1866
1846
|
uint32_t x483;
|
|
1867
|
-
|
|
1868
|
-
|
|
1847
|
+
fiat_p256_mulx_u32(&x482, &x483, x6, (arg1[4]));
|
|
1848
|
+
uint32_t x484;
|
|
1869
1849
|
uint32_t x485;
|
|
1870
|
-
|
|
1871
|
-
|
|
1850
|
+
fiat_p256_mulx_u32(&x484, &x485, x6, (arg1[3]));
|
|
1851
|
+
uint32_t x486;
|
|
1872
1852
|
uint32_t x487;
|
|
1873
|
-
|
|
1874
|
-
|
|
1853
|
+
fiat_p256_mulx_u32(&x486, &x487, x6, (arg1[2]));
|
|
1854
|
+
uint32_t x488;
|
|
1875
1855
|
uint32_t x489;
|
|
1876
|
-
|
|
1877
|
-
|
|
1856
|
+
fiat_p256_mulx_u32(&x488, &x489, x6, (arg1[1]));
|
|
1857
|
+
uint32_t x490;
|
|
1878
1858
|
uint32_t x491;
|
|
1879
|
-
|
|
1880
|
-
|
|
1881
|
-
|
|
1882
|
-
|
|
1883
|
-
|
|
1884
|
-
|
|
1859
|
+
fiat_p256_mulx_u32(&x490, &x491, x6, (arg1[0]));
|
|
1860
|
+
uint32_t x492;
|
|
1861
|
+
fiat_p256_uint1 x493;
|
|
1862
|
+
fiat_p256_addcarryx_u32(&x492, &x493, 0x0, x491, x488);
|
|
1863
|
+
uint32_t x494;
|
|
1864
|
+
fiat_p256_uint1 x495;
|
|
1865
|
+
fiat_p256_addcarryx_u32(&x494, &x495, x493, x489, x486);
|
|
1885
1866
|
uint32_t x496;
|
|
1886
|
-
|
|
1887
|
-
|
|
1867
|
+
fiat_p256_uint1 x497;
|
|
1868
|
+
fiat_p256_addcarryx_u32(&x496, &x497, x495, x487, x484);
|
|
1888
1869
|
uint32_t x498;
|
|
1889
|
-
|
|
1890
|
-
|
|
1870
|
+
fiat_p256_uint1 x499;
|
|
1871
|
+
fiat_p256_addcarryx_u32(&x498, &x499, x497, x485, x482);
|
|
1891
1872
|
uint32_t x500;
|
|
1892
|
-
|
|
1893
|
-
|
|
1873
|
+
fiat_p256_uint1 x501;
|
|
1874
|
+
fiat_p256_addcarryx_u32(&x500, &x501, x499, x483, x480);
|
|
1894
1875
|
uint32_t x502;
|
|
1895
|
-
|
|
1896
|
-
|
|
1876
|
+
fiat_p256_uint1 x503;
|
|
1877
|
+
fiat_p256_addcarryx_u32(&x502, &x503, x501, x481, x478);
|
|
1897
1878
|
uint32_t x504;
|
|
1898
|
-
|
|
1899
|
-
|
|
1900
|
-
uint32_t x506;
|
|
1901
|
-
fiat_p256_mulx_u32(&x505, &x506, x6, (arg1[2]));
|
|
1879
|
+
fiat_p256_uint1 x505;
|
|
1880
|
+
fiat_p256_addcarryx_u32(&x504, &x505, x503, x479, x476);
|
|
1881
|
+
uint32_t x506 = (x505 + x477);
|
|
1902
1882
|
uint32_t x507;
|
|
1903
|
-
|
|
1904
|
-
|
|
1883
|
+
fiat_p256_uint1 x508;
|
|
1884
|
+
fiat_p256_addcarryx_u32(&x507, &x508, 0x0, x459, x490);
|
|
1905
1885
|
uint32_t x509;
|
|
1906
|
-
|
|
1907
|
-
|
|
1886
|
+
fiat_p256_uint1 x510;
|
|
1887
|
+
fiat_p256_addcarryx_u32(&x509, &x510, x508, x461, x492);
|
|
1908
1888
|
uint32_t x511;
|
|
1909
1889
|
fiat_p256_uint1 x512;
|
|
1910
|
-
fiat_p256_addcarryx_u32(&x511, &x512,
|
|
1890
|
+
fiat_p256_addcarryx_u32(&x511, &x512, x510, x463, x494);
|
|
1911
1891
|
uint32_t x513;
|
|
1912
1892
|
fiat_p256_uint1 x514;
|
|
1913
|
-
fiat_p256_addcarryx_u32(&x513, &x514, x512,
|
|
1893
|
+
fiat_p256_addcarryx_u32(&x513, &x514, x512, x465, x496);
|
|
1914
1894
|
uint32_t x515;
|
|
1915
1895
|
fiat_p256_uint1 x516;
|
|
1916
|
-
fiat_p256_addcarryx_u32(&x515, &x516, x514,
|
|
1896
|
+
fiat_p256_addcarryx_u32(&x515, &x516, x514, x467, x498);
|
|
1917
1897
|
uint32_t x517;
|
|
1918
1898
|
fiat_p256_uint1 x518;
|
|
1919
|
-
fiat_p256_addcarryx_u32(&x517, &x518, x516,
|
|
1899
|
+
fiat_p256_addcarryx_u32(&x517, &x518, x516, x469, x500);
|
|
1920
1900
|
uint32_t x519;
|
|
1921
1901
|
fiat_p256_uint1 x520;
|
|
1922
|
-
fiat_p256_addcarryx_u32(&x519, &x520, x518,
|
|
1902
|
+
fiat_p256_addcarryx_u32(&x519, &x520, x518, x471, x502);
|
|
1923
1903
|
uint32_t x521;
|
|
1924
1904
|
fiat_p256_uint1 x522;
|
|
1925
|
-
fiat_p256_addcarryx_u32(&x521, &x522, x520,
|
|
1905
|
+
fiat_p256_addcarryx_u32(&x521, &x522, x520, x473, x504);
|
|
1926
1906
|
uint32_t x523;
|
|
1927
1907
|
fiat_p256_uint1 x524;
|
|
1928
|
-
fiat_p256_addcarryx_u32(&x523, &x524, x522,
|
|
1908
|
+
fiat_p256_addcarryx_u32(&x523, &x524, x522, x475, x506);
|
|
1929
1909
|
uint32_t x525;
|
|
1930
|
-
|
|
1931
|
-
|
|
1910
|
+
uint32_t x526;
|
|
1911
|
+
fiat_p256_mulx_u32(&x525, &x526, x507, UINT32_C(0xffffffff));
|
|
1932
1912
|
uint32_t x527;
|
|
1933
|
-
|
|
1934
|
-
|
|
1913
|
+
uint32_t x528;
|
|
1914
|
+
fiat_p256_mulx_u32(&x527, &x528, x507, UINT32_C(0xffffffff));
|
|
1935
1915
|
uint32_t x529;
|
|
1936
|
-
|
|
1937
|
-
|
|
1916
|
+
uint32_t x530;
|
|
1917
|
+
fiat_p256_mulx_u32(&x529, &x530, x507, UINT32_C(0xffffffff));
|
|
1938
1918
|
uint32_t x531;
|
|
1939
|
-
|
|
1940
|
-
|
|
1919
|
+
uint32_t x532;
|
|
1920
|
+
fiat_p256_mulx_u32(&x531, &x532, x507, UINT32_C(0xffffffff));
|
|
1941
1921
|
uint32_t x533;
|
|
1942
1922
|
fiat_p256_uint1 x534;
|
|
1943
|
-
fiat_p256_addcarryx_u32(&x533, &x534,
|
|
1923
|
+
fiat_p256_addcarryx_u32(&x533, &x534, 0x0, x532, x529);
|
|
1944
1924
|
uint32_t x535;
|
|
1945
1925
|
fiat_p256_uint1 x536;
|
|
1946
|
-
fiat_p256_addcarryx_u32(&x535, &x536, x534,
|
|
1947
|
-
uint32_t x537;
|
|
1948
|
-
|
|
1949
|
-
|
|
1950
|
-
|
|
1951
|
-
|
|
1952
|
-
|
|
1953
|
-
|
|
1954
|
-
|
|
1955
|
-
|
|
1956
|
-
|
|
1957
|
-
|
|
1958
|
-
|
|
1959
|
-
|
|
1926
|
+
fiat_p256_addcarryx_u32(&x535, &x536, x534, x530, x527);
|
|
1927
|
+
uint32_t x537 = (x536 + x528);
|
|
1928
|
+
uint32_t x538;
|
|
1929
|
+
fiat_p256_uint1 x539;
|
|
1930
|
+
fiat_p256_addcarryx_u32(&x538, &x539, 0x0, x507, x531);
|
|
1931
|
+
uint32_t x540;
|
|
1932
|
+
fiat_p256_uint1 x541;
|
|
1933
|
+
fiat_p256_addcarryx_u32(&x540, &x541, x539, x509, x533);
|
|
1934
|
+
uint32_t x542;
|
|
1935
|
+
fiat_p256_uint1 x543;
|
|
1936
|
+
fiat_p256_addcarryx_u32(&x542, &x543, x541, x511, x535);
|
|
1937
|
+
uint32_t x544;
|
|
1938
|
+
fiat_p256_uint1 x545;
|
|
1939
|
+
fiat_p256_addcarryx_u32(&x544, &x545, x543, x513, x537);
|
|
1960
1940
|
uint32_t x546;
|
|
1961
|
-
|
|
1962
|
-
|
|
1941
|
+
fiat_p256_uint1 x547;
|
|
1942
|
+
fiat_p256_addcarryx_u32(&x546, &x547, x545, x515, 0x0);
|
|
1963
1943
|
uint32_t x548;
|
|
1964
|
-
|
|
1965
|
-
|
|
1944
|
+
fiat_p256_uint1 x549;
|
|
1945
|
+
fiat_p256_addcarryx_u32(&x548, &x549, x547, x517, 0x0);
|
|
1966
1946
|
uint32_t x550;
|
|
1967
|
-
|
|
1968
|
-
|
|
1947
|
+
fiat_p256_uint1 x551;
|
|
1948
|
+
fiat_p256_addcarryx_u32(&x550, &x551, x549, x519, x507);
|
|
1969
1949
|
uint32_t x552;
|
|
1970
|
-
|
|
1971
|
-
|
|
1972
|
-
|
|
1973
|
-
|
|
1974
|
-
|
|
1975
|
-
|
|
1976
|
-
fiat_p256_addcarryx_u32(&x555, &x556, x554, x547, x550);
|
|
1950
|
+
fiat_p256_uint1 x553;
|
|
1951
|
+
fiat_p256_addcarryx_u32(&x552, &x553, x551, x521, x525);
|
|
1952
|
+
uint32_t x554;
|
|
1953
|
+
fiat_p256_uint1 x555;
|
|
1954
|
+
fiat_p256_addcarryx_u32(&x554, &x555, x553, x523, x526);
|
|
1955
|
+
uint32_t x556 = ((uint32_t)x555 + x524);
|
|
1977
1956
|
uint32_t x557;
|
|
1978
|
-
|
|
1979
|
-
|
|
1957
|
+
uint32_t x558;
|
|
1958
|
+
fiat_p256_mulx_u32(&x557, &x558, x7, (arg1[7]));
|
|
1980
1959
|
uint32_t x559;
|
|
1981
|
-
|
|
1982
|
-
|
|
1960
|
+
uint32_t x560;
|
|
1961
|
+
fiat_p256_mulx_u32(&x559, &x560, x7, (arg1[6]));
|
|
1983
1962
|
uint32_t x561;
|
|
1984
|
-
|
|
1985
|
-
|
|
1963
|
+
uint32_t x562;
|
|
1964
|
+
fiat_p256_mulx_u32(&x561, &x562, x7, (arg1[5]));
|
|
1986
1965
|
uint32_t x563;
|
|
1987
|
-
|
|
1988
|
-
|
|
1966
|
+
uint32_t x564;
|
|
1967
|
+
fiat_p256_mulx_u32(&x563, &x564, x7, (arg1[4]));
|
|
1989
1968
|
uint32_t x565;
|
|
1990
|
-
|
|
1991
|
-
|
|
1969
|
+
uint32_t x566;
|
|
1970
|
+
fiat_p256_mulx_u32(&x565, &x566, x7, (arg1[3]));
|
|
1992
1971
|
uint32_t x567;
|
|
1993
|
-
|
|
1994
|
-
|
|
1972
|
+
uint32_t x568;
|
|
1973
|
+
fiat_p256_mulx_u32(&x567, &x568, x7, (arg1[2]));
|
|
1995
1974
|
uint32_t x569;
|
|
1996
|
-
|
|
1997
|
-
|
|
1975
|
+
uint32_t x570;
|
|
1976
|
+
fiat_p256_mulx_u32(&x569, &x570, x7, (arg1[1]));
|
|
1998
1977
|
uint32_t x571;
|
|
1999
|
-
|
|
2000
|
-
|
|
1978
|
+
uint32_t x572;
|
|
1979
|
+
fiat_p256_mulx_u32(&x571, &x572, x7, (arg1[0]));
|
|
2001
1980
|
uint32_t x573;
|
|
2002
1981
|
fiat_p256_uint1 x574;
|
|
2003
|
-
fiat_p256_addcarryx_u32(&x573, &x574,
|
|
1982
|
+
fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x572, x569);
|
|
2004
1983
|
uint32_t x575;
|
|
2005
1984
|
fiat_p256_uint1 x576;
|
|
2006
|
-
fiat_p256_addcarryx_u32(&x575, &x576, x574,
|
|
1985
|
+
fiat_p256_addcarryx_u32(&x575, &x576, x574, x570, x567);
|
|
2007
1986
|
uint32_t x577;
|
|
2008
1987
|
fiat_p256_uint1 x578;
|
|
2009
|
-
fiat_p256_addcarryx_u32(&x577, &x578, x576,
|
|
1988
|
+
fiat_p256_addcarryx_u32(&x577, &x578, x576, x568, x565);
|
|
2010
1989
|
uint32_t x579;
|
|
2011
|
-
|
|
2012
|
-
|
|
1990
|
+
fiat_p256_uint1 x580;
|
|
1991
|
+
fiat_p256_addcarryx_u32(&x579, &x580, x578, x566, x563);
|
|
2013
1992
|
uint32_t x581;
|
|
2014
|
-
|
|
2015
|
-
|
|
1993
|
+
fiat_p256_uint1 x582;
|
|
1994
|
+
fiat_p256_addcarryx_u32(&x581, &x582, x580, x564, x561);
|
|
2016
1995
|
uint32_t x583;
|
|
2017
|
-
|
|
2018
|
-
|
|
1996
|
+
fiat_p256_uint1 x584;
|
|
1997
|
+
fiat_p256_addcarryx_u32(&x583, &x584, x582, x562, x559);
|
|
2019
1998
|
uint32_t x585;
|
|
2020
|
-
|
|
2021
|
-
|
|
2022
|
-
uint32_t x587;
|
|
1999
|
+
fiat_p256_uint1 x586;
|
|
2000
|
+
fiat_p256_addcarryx_u32(&x585, &x586, x584, x560, x557);
|
|
2001
|
+
uint32_t x587 = (x586 + x558);
|
|
2023
2002
|
uint32_t x588;
|
|
2024
|
-
|
|
2025
|
-
|
|
2003
|
+
fiat_p256_uint1 x589;
|
|
2004
|
+
fiat_p256_addcarryx_u32(&x588, &x589, 0x0, x540, x571);
|
|
2026
2005
|
uint32_t x590;
|
|
2027
|
-
|
|
2028
|
-
|
|
2006
|
+
fiat_p256_uint1 x591;
|
|
2007
|
+
fiat_p256_addcarryx_u32(&x590, &x591, x589, x542, x573);
|
|
2029
2008
|
uint32_t x592;
|
|
2030
|
-
|
|
2031
|
-
|
|
2009
|
+
fiat_p256_uint1 x593;
|
|
2010
|
+
fiat_p256_addcarryx_u32(&x592, &x593, x591, x544, x575);
|
|
2032
2011
|
uint32_t x594;
|
|
2033
|
-
|
|
2034
|
-
|
|
2035
|
-
|
|
2036
|
-
|
|
2037
|
-
|
|
2038
|
-
|
|
2039
|
-
|
|
2040
|
-
|
|
2041
|
-
|
|
2042
|
-
|
|
2043
|
-
|
|
2044
|
-
|
|
2045
|
-
|
|
2046
|
-
|
|
2047
|
-
|
|
2048
|
-
|
|
2049
|
-
|
|
2050
|
-
|
|
2051
|
-
fiat_p256_addcarryx_u32(&x605, &x606, x604, x581, x584);
|
|
2012
|
+
fiat_p256_uint1 x595;
|
|
2013
|
+
fiat_p256_addcarryx_u32(&x594, &x595, x593, x546, x577);
|
|
2014
|
+
uint32_t x596;
|
|
2015
|
+
fiat_p256_uint1 x597;
|
|
2016
|
+
fiat_p256_addcarryx_u32(&x596, &x597, x595, x548, x579);
|
|
2017
|
+
uint32_t x598;
|
|
2018
|
+
fiat_p256_uint1 x599;
|
|
2019
|
+
fiat_p256_addcarryx_u32(&x598, &x599, x597, x550, x581);
|
|
2020
|
+
uint32_t x600;
|
|
2021
|
+
fiat_p256_uint1 x601;
|
|
2022
|
+
fiat_p256_addcarryx_u32(&x600, &x601, x599, x552, x583);
|
|
2023
|
+
uint32_t x602;
|
|
2024
|
+
fiat_p256_uint1 x603;
|
|
2025
|
+
fiat_p256_addcarryx_u32(&x602, &x603, x601, x554, x585);
|
|
2026
|
+
uint32_t x604;
|
|
2027
|
+
fiat_p256_uint1 x605;
|
|
2028
|
+
fiat_p256_addcarryx_u32(&x604, &x605, x603, x556, x587);
|
|
2029
|
+
uint32_t x606;
|
|
2052
2030
|
uint32_t x607;
|
|
2053
|
-
|
|
2054
|
-
|
|
2031
|
+
fiat_p256_mulx_u32(&x606, &x607, x588, UINT32_C(0xffffffff));
|
|
2032
|
+
uint32_t x608;
|
|
2055
2033
|
uint32_t x609;
|
|
2056
|
-
|
|
2057
|
-
|
|
2034
|
+
fiat_p256_mulx_u32(&x608, &x609, x588, UINT32_C(0xffffffff));
|
|
2035
|
+
uint32_t x610;
|
|
2058
2036
|
uint32_t x611;
|
|
2059
|
-
|
|
2060
|
-
|
|
2037
|
+
fiat_p256_mulx_u32(&x610, &x611, x588, UINT32_C(0xffffffff));
|
|
2038
|
+
uint32_t x612;
|
|
2061
2039
|
uint32_t x613;
|
|
2062
|
-
|
|
2063
|
-
|
|
2064
|
-
|
|
2065
|
-
|
|
2066
|
-
|
|
2067
|
-
|
|
2068
|
-
|
|
2069
|
-
|
|
2040
|
+
fiat_p256_mulx_u32(&x612, &x613, x588, UINT32_C(0xffffffff));
|
|
2041
|
+
uint32_t x614;
|
|
2042
|
+
fiat_p256_uint1 x615;
|
|
2043
|
+
fiat_p256_addcarryx_u32(&x614, &x615, 0x0, x613, x610);
|
|
2044
|
+
uint32_t x616;
|
|
2045
|
+
fiat_p256_uint1 x617;
|
|
2046
|
+
fiat_p256_addcarryx_u32(&x616, &x617, x615, x611, x608);
|
|
2047
|
+
uint32_t x618 = (x617 + x609);
|
|
2070
2048
|
uint32_t x619;
|
|
2071
2049
|
fiat_p256_uint1 x620;
|
|
2072
|
-
fiat_p256_addcarryx_u32(&x619, &x620,
|
|
2050
|
+
fiat_p256_addcarryx_u32(&x619, &x620, 0x0, x588, x612);
|
|
2073
2051
|
uint32_t x621;
|
|
2074
2052
|
fiat_p256_uint1 x622;
|
|
2075
|
-
fiat_p256_addcarryx_u32(&x621, &x622, x620,
|
|
2053
|
+
fiat_p256_addcarryx_u32(&x621, &x622, x620, x590, x614);
|
|
2076
2054
|
uint32_t x623;
|
|
2077
2055
|
fiat_p256_uint1 x624;
|
|
2078
|
-
fiat_p256_addcarryx_u32(&x623, &x624, x622,
|
|
2056
|
+
fiat_p256_addcarryx_u32(&x623, &x624, x622, x592, x616);
|
|
2079
2057
|
uint32_t x625;
|
|
2080
2058
|
fiat_p256_uint1 x626;
|
|
2081
|
-
fiat_p256_addcarryx_u32(&x625, &x626, x624,
|
|
2059
|
+
fiat_p256_addcarryx_u32(&x625, &x626, x624, x594, x618);
|
|
2082
2060
|
uint32_t x627;
|
|
2083
2061
|
fiat_p256_uint1 x628;
|
|
2084
|
-
fiat_p256_addcarryx_u32(&x627, &x628, x626,
|
|
2062
|
+
fiat_p256_addcarryx_u32(&x627, &x628, x626, x596, 0x0);
|
|
2085
2063
|
uint32_t x629;
|
|
2086
|
-
|
|
2087
|
-
|
|
2064
|
+
fiat_p256_uint1 x630;
|
|
2065
|
+
fiat_p256_addcarryx_u32(&x629, &x630, x628, x598, 0x0);
|
|
2088
2066
|
uint32_t x631;
|
|
2089
|
-
|
|
2090
|
-
|
|
2067
|
+
fiat_p256_uint1 x632;
|
|
2068
|
+
fiat_p256_addcarryx_u32(&x631, &x632, x630, x600, x588);
|
|
2091
2069
|
uint32_t x633;
|
|
2092
|
-
|
|
2093
|
-
|
|
2070
|
+
fiat_p256_uint1 x634;
|
|
2071
|
+
fiat_p256_addcarryx_u32(&x633, &x634, x632, x602, x606);
|
|
2094
2072
|
uint32_t x635;
|
|
2095
|
-
|
|
2096
|
-
|
|
2097
|
-
uint32_t x637;
|
|
2098
|
-
|
|
2099
|
-
|
|
2100
|
-
|
|
2101
|
-
|
|
2102
|
-
|
|
2103
|
-
|
|
2104
|
-
|
|
2105
|
-
|
|
2106
|
-
|
|
2107
|
-
|
|
2108
|
-
|
|
2109
|
-
|
|
2110
|
-
|
|
2111
|
-
|
|
2112
|
-
|
|
2113
|
-
|
|
2114
|
-
|
|
2115
|
-
|
|
2116
|
-
|
|
2117
|
-
|
|
2118
|
-
|
|
2119
|
-
|
|
2120
|
-
|
|
2121
|
-
|
|
2122
|
-
|
|
2123
|
-
|
|
2124
|
-
|
|
2125
|
-
|
|
2126
|
-
|
|
2073
|
+
fiat_p256_uint1 x636;
|
|
2074
|
+
fiat_p256_addcarryx_u32(&x635, &x636, x634, x604, x607);
|
|
2075
|
+
uint32_t x637 = ((uint32_t)x636 + x605);
|
|
2076
|
+
uint32_t x638;
|
|
2077
|
+
fiat_p256_uint1 x639;
|
|
2078
|
+
fiat_p256_subborrowx_u32(&x638, &x639, 0x0, x621, UINT32_C(0xffffffff));
|
|
2079
|
+
uint32_t x640;
|
|
2080
|
+
fiat_p256_uint1 x641;
|
|
2081
|
+
fiat_p256_subborrowx_u32(&x640, &x641, x639, x623, UINT32_C(0xffffffff));
|
|
2082
|
+
uint32_t x642;
|
|
2083
|
+
fiat_p256_uint1 x643;
|
|
2084
|
+
fiat_p256_subborrowx_u32(&x642, &x643, x641, x625, UINT32_C(0xffffffff));
|
|
2085
|
+
uint32_t x644;
|
|
2086
|
+
fiat_p256_uint1 x645;
|
|
2087
|
+
fiat_p256_subborrowx_u32(&x644, &x645, x643, x627, 0x0);
|
|
2088
|
+
uint32_t x646;
|
|
2089
|
+
fiat_p256_uint1 x647;
|
|
2090
|
+
fiat_p256_subborrowx_u32(&x646, &x647, x645, x629, 0x0);
|
|
2091
|
+
uint32_t x648;
|
|
2092
|
+
fiat_p256_uint1 x649;
|
|
2093
|
+
fiat_p256_subborrowx_u32(&x648, &x649, x647, x631, 0x0);
|
|
2094
|
+
uint32_t x650;
|
|
2095
|
+
fiat_p256_uint1 x651;
|
|
2096
|
+
fiat_p256_subborrowx_u32(&x650, &x651, x649, x633, 0x1);
|
|
2097
|
+
uint32_t x652;
|
|
2098
|
+
fiat_p256_uint1 x653;
|
|
2099
|
+
fiat_p256_subborrowx_u32(&x652, &x653, x651, x635, UINT32_C(0xffffffff));
|
|
2100
|
+
uint32_t x654;
|
|
2101
|
+
fiat_p256_uint1 x655;
|
|
2102
|
+
fiat_p256_subborrowx_u32(&x654, &x655, x653, x637, 0x0);
|
|
2103
|
+
uint32_t x656;
|
|
2104
|
+
fiat_p256_cmovznz_u32(&x656, x655, x638, x621);
|
|
2127
2105
|
uint32_t x657;
|
|
2128
|
-
|
|
2129
|
-
|
|
2106
|
+
fiat_p256_cmovznz_u32(&x657, x655, x640, x623);
|
|
2107
|
+
uint32_t x658;
|
|
2108
|
+
fiat_p256_cmovznz_u32(&x658, x655, x642, x625);
|
|
2130
2109
|
uint32_t x659;
|
|
2131
|
-
|
|
2132
|
-
|
|
2110
|
+
fiat_p256_cmovznz_u32(&x659, x655, x644, x627);
|
|
2111
|
+
uint32_t x660;
|
|
2112
|
+
fiat_p256_cmovznz_u32(&x660, x655, x646, x629);
|
|
2133
2113
|
uint32_t x661;
|
|
2134
|
-
|
|
2135
|
-
|
|
2114
|
+
fiat_p256_cmovznz_u32(&x661, x655, x648, x631);
|
|
2115
|
+
uint32_t x662;
|
|
2116
|
+
fiat_p256_cmovznz_u32(&x662, x655, x650, x633);
|
|
2136
2117
|
uint32_t x663;
|
|
2137
|
-
|
|
2138
|
-
|
|
2139
|
-
|
|
2140
|
-
|
|
2141
|
-
|
|
2142
|
-
|
|
2143
|
-
|
|
2144
|
-
|
|
2145
|
-
|
|
2146
|
-
fiat_p256_uint1 x670;
|
|
2147
|
-
fiat_p256_subborrowx_u32(&x669, &x670, x668, x651, 0x0);
|
|
2148
|
-
uint32_t x671;
|
|
2149
|
-
fiat_p256_uint1 x672;
|
|
2150
|
-
fiat_p256_subborrowx_u32(&x671, &x672, x670, x653, 0x0);
|
|
2151
|
-
uint32_t x673;
|
|
2152
|
-
fiat_p256_uint1 x674;
|
|
2153
|
-
fiat_p256_subborrowx_u32(&x673, &x674, x672, x655, 0x0);
|
|
2154
|
-
uint32_t x675;
|
|
2155
|
-
fiat_p256_uint1 x676;
|
|
2156
|
-
fiat_p256_subborrowx_u32(&x675, &x676, x674, x657, 0x1);
|
|
2157
|
-
uint32_t x677;
|
|
2158
|
-
fiat_p256_uint1 x678;
|
|
2159
|
-
fiat_p256_subborrowx_u32(&x677, &x678, x676, x659, UINT32_C(0xffffffff));
|
|
2160
|
-
uint32_t x679;
|
|
2161
|
-
fiat_p256_uint1 x680;
|
|
2162
|
-
fiat_p256_subborrowx_u32(&x679, &x680, x678, x661, 0x0);
|
|
2163
|
-
uint32_t x681;
|
|
2164
|
-
fiat_p256_cmovznz_u32(&x681, x680, x663, x645);
|
|
2165
|
-
uint32_t x682;
|
|
2166
|
-
fiat_p256_cmovznz_u32(&x682, x680, x665, x647);
|
|
2167
|
-
uint32_t x683;
|
|
2168
|
-
fiat_p256_cmovznz_u32(&x683, x680, x667, x649);
|
|
2169
|
-
uint32_t x684;
|
|
2170
|
-
fiat_p256_cmovznz_u32(&x684, x680, x669, x651);
|
|
2171
|
-
uint32_t x685;
|
|
2172
|
-
fiat_p256_cmovznz_u32(&x685, x680, x671, x653);
|
|
2173
|
-
uint32_t x686;
|
|
2174
|
-
fiat_p256_cmovznz_u32(&x686, x680, x673, x655);
|
|
2175
|
-
uint32_t x687;
|
|
2176
|
-
fiat_p256_cmovznz_u32(&x687, x680, x675, x657);
|
|
2177
|
-
uint32_t x688;
|
|
2178
|
-
fiat_p256_cmovznz_u32(&x688, x680, x677, x659);
|
|
2179
|
-
out1[0] = x681;
|
|
2180
|
-
out1[1] = x682;
|
|
2181
|
-
out1[2] = x683;
|
|
2182
|
-
out1[3] = x684;
|
|
2183
|
-
out1[4] = x685;
|
|
2184
|
-
out1[5] = x686;
|
|
2185
|
-
out1[6] = x687;
|
|
2186
|
-
out1[7] = x688;
|
|
2118
|
+
fiat_p256_cmovznz_u32(&x663, x655, x652, x635);
|
|
2119
|
+
out1[0] = x656;
|
|
2120
|
+
out1[1] = x657;
|
|
2121
|
+
out1[2] = x658;
|
|
2122
|
+
out1[3] = x659;
|
|
2123
|
+
out1[4] = x660;
|
|
2124
|
+
out1[5] = x661;
|
|
2125
|
+
out1[6] = x662;
|
|
2126
|
+
out1[7] = x663;
|
|
2187
2127
|
}
|
|
2188
2128
|
|
|
2189
2129
|
/*
|
|
2130
|
+
* The function fiat_p256_add adds two field elements in the Montgomery domain.
|
|
2131
|
+
* Preconditions:
|
|
2132
|
+
* 0 ≤ eval arg1 < m
|
|
2133
|
+
* 0 ≤ eval arg2 < m
|
|
2134
|
+
* Postconditions:
|
|
2135
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
|
|
2136
|
+
* 0 ≤ eval out1 < m
|
|
2137
|
+
*
|
|
2190
2138
|
* Input Bounds:
|
|
2191
2139
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
2192
2140
|
* arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
@@ -2196,28 +2144,28 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) {
|
|
|
2196
2144
|
static void fiat_p256_add(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) {
|
|
2197
2145
|
uint32_t x1;
|
|
2198
2146
|
fiat_p256_uint1 x2;
|
|
2199
|
-
fiat_p256_addcarryx_u32(&x1, &x2, 0x0, (
|
|
2147
|
+
fiat_p256_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
|
|
2200
2148
|
uint32_t x3;
|
|
2201
2149
|
fiat_p256_uint1 x4;
|
|
2202
|
-
fiat_p256_addcarryx_u32(&x3, &x4, x2, (
|
|
2150
|
+
fiat_p256_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1]));
|
|
2203
2151
|
uint32_t x5;
|
|
2204
2152
|
fiat_p256_uint1 x6;
|
|
2205
|
-
fiat_p256_addcarryx_u32(&x5, &x6, x4, (
|
|
2153
|
+
fiat_p256_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2]));
|
|
2206
2154
|
uint32_t x7;
|
|
2207
2155
|
fiat_p256_uint1 x8;
|
|
2208
|
-
fiat_p256_addcarryx_u32(&x7, &x8, x6, (
|
|
2156
|
+
fiat_p256_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3]));
|
|
2209
2157
|
uint32_t x9;
|
|
2210
2158
|
fiat_p256_uint1 x10;
|
|
2211
|
-
fiat_p256_addcarryx_u32(&x9, &x10, x8, (
|
|
2159
|
+
fiat_p256_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4]));
|
|
2212
2160
|
uint32_t x11;
|
|
2213
2161
|
fiat_p256_uint1 x12;
|
|
2214
|
-
fiat_p256_addcarryx_u32(&x11, &x12, x10, (
|
|
2162
|
+
fiat_p256_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5]));
|
|
2215
2163
|
uint32_t x13;
|
|
2216
2164
|
fiat_p256_uint1 x14;
|
|
2217
|
-
fiat_p256_addcarryx_u32(&x13, &x14, x12, (
|
|
2165
|
+
fiat_p256_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6]));
|
|
2218
2166
|
uint32_t x15;
|
|
2219
2167
|
fiat_p256_uint1 x16;
|
|
2220
|
-
fiat_p256_addcarryx_u32(&x15, &x16, x14, (
|
|
2168
|
+
fiat_p256_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7]));
|
|
2221
2169
|
uint32_t x17;
|
|
2222
2170
|
fiat_p256_uint1 x18;
|
|
2223
2171
|
fiat_p256_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xffffffff));
|
|
@@ -2272,6 +2220,14 @@ static void fiat_p256_add(uint32_t out1[8], const uint32_t arg1[8], const uint32
|
|
|
2272
2220
|
}
|
|
2273
2221
|
|
|
2274
2222
|
/*
|
|
2223
|
+
* The function fiat_p256_sub subtracts two field elements in the Montgomery domain.
|
|
2224
|
+
* Preconditions:
|
|
2225
|
+
* 0 ≤ eval arg1 < m
|
|
2226
|
+
* 0 ≤ eval arg2 < m
|
|
2227
|
+
* Postconditions:
|
|
2228
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
|
|
2229
|
+
* 0 ≤ eval out1 < m
|
|
2230
|
+
*
|
|
2275
2231
|
* Input Bounds:
|
|
2276
2232
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
2277
2233
|
* arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
@@ -2307,28 +2263,28 @@ static void fiat_p256_sub(uint32_t out1[8], const uint32_t arg1[8], const uint32
|
|
|
2307
2263
|
fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff));
|
|
2308
2264
|
uint32_t x18;
|
|
2309
2265
|
fiat_p256_uint1 x19;
|
|
2310
|
-
fiat_p256_addcarryx_u32(&x18, &x19, 0x0, (x17 & UINT32_C(0xffffffff))
|
|
2266
|
+
fiat_p256_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xffffffff)));
|
|
2311
2267
|
uint32_t x20;
|
|
2312
2268
|
fiat_p256_uint1 x21;
|
|
2313
|
-
fiat_p256_addcarryx_u32(&x20, &x21, x19, (x17 & UINT32_C(0xffffffff))
|
|
2269
|
+
fiat_p256_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xffffffff)));
|
|
2314
2270
|
uint32_t x22;
|
|
2315
2271
|
fiat_p256_uint1 x23;
|
|
2316
|
-
fiat_p256_addcarryx_u32(&x22, &x23, x21, (x17 & UINT32_C(0xffffffff))
|
|
2272
|
+
fiat_p256_addcarryx_u32(&x22, &x23, x21, x5, (x17 & UINT32_C(0xffffffff)));
|
|
2317
2273
|
uint32_t x24;
|
|
2318
2274
|
fiat_p256_uint1 x25;
|
|
2319
|
-
fiat_p256_addcarryx_u32(&x24, &x25, x23,
|
|
2275
|
+
fiat_p256_addcarryx_u32(&x24, &x25, x23, x7, 0x0);
|
|
2320
2276
|
uint32_t x26;
|
|
2321
2277
|
fiat_p256_uint1 x27;
|
|
2322
|
-
fiat_p256_addcarryx_u32(&x26, &x27, x25,
|
|
2278
|
+
fiat_p256_addcarryx_u32(&x26, &x27, x25, x9, 0x0);
|
|
2323
2279
|
uint32_t x28;
|
|
2324
2280
|
fiat_p256_uint1 x29;
|
|
2325
|
-
fiat_p256_addcarryx_u32(&x28, &x29, x27,
|
|
2281
|
+
fiat_p256_addcarryx_u32(&x28, &x29, x27, x11, 0x0);
|
|
2326
2282
|
uint32_t x30;
|
|
2327
2283
|
fiat_p256_uint1 x31;
|
|
2328
|
-
fiat_p256_addcarryx_u32(&x30, &x31, x29, (fiat_p256_uint1)(x17 & 0x1)
|
|
2284
|
+
fiat_p256_addcarryx_u32(&x30, &x31, x29, x13, (fiat_p256_uint1)(x17 & 0x1));
|
|
2329
2285
|
uint32_t x32;
|
|
2330
2286
|
fiat_p256_uint1 x33;
|
|
2331
|
-
fiat_p256_addcarryx_u32(&x32, &x33, x31, (x17 & UINT32_C(0xffffffff))
|
|
2287
|
+
fiat_p256_addcarryx_u32(&x32, &x33, x31, x15, (x17 & UINT32_C(0xffffffff)));
|
|
2332
2288
|
out1[0] = x18;
|
|
2333
2289
|
out1[1] = x20;
|
|
2334
2290
|
out1[2] = x22;
|
|
@@ -2340,6 +2296,13 @@ static void fiat_p256_sub(uint32_t out1[8], const uint32_t arg1[8], const uint32
|
|
|
2340
2296
|
}
|
|
2341
2297
|
|
|
2342
2298
|
/*
|
|
2299
|
+
* The function fiat_p256_opp negates a field element in the Montgomery domain.
|
|
2300
|
+
* Preconditions:
|
|
2301
|
+
* 0 ≤ eval arg1 < m
|
|
2302
|
+
* Postconditions:
|
|
2303
|
+
* eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
|
|
2304
|
+
* 0 ≤ eval out1 < m
|
|
2305
|
+
*
|
|
2343
2306
|
* Input Bounds:
|
|
2344
2307
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
2345
2308
|
* Output Bounds:
|
|
@@ -2374,28 +2337,28 @@ static void fiat_p256_opp(uint32_t out1[8], const uint32_t arg1[8]) {
|
|
|
2374
2337
|
fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff));
|
|
2375
2338
|
uint32_t x18;
|
|
2376
2339
|
fiat_p256_uint1 x19;
|
|
2377
|
-
fiat_p256_addcarryx_u32(&x18, &x19, 0x0, (x17 & UINT32_C(0xffffffff))
|
|
2340
|
+
fiat_p256_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xffffffff)));
|
|
2378
2341
|
uint32_t x20;
|
|
2379
2342
|
fiat_p256_uint1 x21;
|
|
2380
|
-
fiat_p256_addcarryx_u32(&x20, &x21, x19, (x17 & UINT32_C(0xffffffff))
|
|
2343
|
+
fiat_p256_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xffffffff)));
|
|
2381
2344
|
uint32_t x22;
|
|
2382
2345
|
fiat_p256_uint1 x23;
|
|
2383
|
-
fiat_p256_addcarryx_u32(&x22, &x23, x21, (x17 & UINT32_C(0xffffffff))
|
|
2346
|
+
fiat_p256_addcarryx_u32(&x22, &x23, x21, x5, (x17 & UINT32_C(0xffffffff)));
|
|
2384
2347
|
uint32_t x24;
|
|
2385
2348
|
fiat_p256_uint1 x25;
|
|
2386
|
-
fiat_p256_addcarryx_u32(&x24, &x25, x23,
|
|
2349
|
+
fiat_p256_addcarryx_u32(&x24, &x25, x23, x7, 0x0);
|
|
2387
2350
|
uint32_t x26;
|
|
2388
2351
|
fiat_p256_uint1 x27;
|
|
2389
|
-
fiat_p256_addcarryx_u32(&x26, &x27, x25,
|
|
2352
|
+
fiat_p256_addcarryx_u32(&x26, &x27, x25, x9, 0x0);
|
|
2390
2353
|
uint32_t x28;
|
|
2391
2354
|
fiat_p256_uint1 x29;
|
|
2392
|
-
fiat_p256_addcarryx_u32(&x28, &x29, x27,
|
|
2355
|
+
fiat_p256_addcarryx_u32(&x28, &x29, x27, x11, 0x0);
|
|
2393
2356
|
uint32_t x30;
|
|
2394
2357
|
fiat_p256_uint1 x31;
|
|
2395
|
-
fiat_p256_addcarryx_u32(&x30, &x31, x29, (fiat_p256_uint1)(x17 & 0x1)
|
|
2358
|
+
fiat_p256_addcarryx_u32(&x30, &x31, x29, x13, (fiat_p256_uint1)(x17 & 0x1));
|
|
2396
2359
|
uint32_t x32;
|
|
2397
2360
|
fiat_p256_uint1 x33;
|
|
2398
|
-
fiat_p256_addcarryx_u32(&x32, &x33, x31, (x17 & UINT32_C(0xffffffff))
|
|
2361
|
+
fiat_p256_addcarryx_u32(&x32, &x33, x31, x15, (x17 & UINT32_C(0xffffffff)));
|
|
2399
2362
|
out1[0] = x18;
|
|
2400
2363
|
out1[1] = x20;
|
|
2401
2364
|
out1[2] = x22;
|
|
@@ -2407,6 +2370,13 @@ static void fiat_p256_opp(uint32_t out1[8], const uint32_t arg1[8]) {
|
|
|
2407
2370
|
}
|
|
2408
2371
|
|
|
2409
2372
|
/*
|
|
2373
|
+
* The function fiat_p256_from_montgomery translates a field element out of the Montgomery domain.
|
|
2374
|
+
* Preconditions:
|
|
2375
|
+
* 0 ≤ eval arg1 < m
|
|
2376
|
+
* Postconditions:
|
|
2377
|
+
* eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m
|
|
2378
|
+
* 0 ≤ eval out1 < m
|
|
2379
|
+
*
|
|
2410
2380
|
* Input Bounds:
|
|
2411
2381
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
2412
2382
|
* Output Bounds:
|
|
@@ -2428,589 +2398,523 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8])
|
|
|
2428
2398
|
fiat_p256_mulx_u32(&x8, &x9, x1, UINT32_C(0xffffffff));
|
|
2429
2399
|
uint32_t x10;
|
|
2430
2400
|
fiat_p256_uint1 x11;
|
|
2431
|
-
fiat_p256_addcarryx_u32(&x10, &x11, 0x0,
|
|
2401
|
+
fiat_p256_addcarryx_u32(&x10, &x11, 0x0, x9, x6);
|
|
2432
2402
|
uint32_t x12;
|
|
2433
2403
|
fiat_p256_uint1 x13;
|
|
2434
|
-
fiat_p256_addcarryx_u32(&x12, &x13, x11,
|
|
2404
|
+
fiat_p256_addcarryx_u32(&x12, &x13, x11, x7, x4);
|
|
2435
2405
|
uint32_t x14;
|
|
2436
2406
|
fiat_p256_uint1 x15;
|
|
2437
|
-
fiat_p256_addcarryx_u32(&x14, &x15, 0x0,
|
|
2407
|
+
fiat_p256_addcarryx_u32(&x14, &x15, 0x0, x1, x8);
|
|
2438
2408
|
uint32_t x16;
|
|
2439
2409
|
fiat_p256_uint1 x17;
|
|
2440
|
-
fiat_p256_addcarryx_u32(&x16, &x17, x15,
|
|
2410
|
+
fiat_p256_addcarryx_u32(&x16, &x17, x15, 0x0, x10);
|
|
2441
2411
|
uint32_t x18;
|
|
2442
2412
|
fiat_p256_uint1 x19;
|
|
2443
|
-
fiat_p256_addcarryx_u32(&x18, &x19, x17,
|
|
2413
|
+
fiat_p256_addcarryx_u32(&x18, &x19, x17, 0x0, x12);
|
|
2444
2414
|
uint32_t x20;
|
|
2445
2415
|
fiat_p256_uint1 x21;
|
|
2446
|
-
fiat_p256_addcarryx_u32(&x20, &x21,
|
|
2416
|
+
fiat_p256_addcarryx_u32(&x20, &x21, x19, 0x0, (x13 + x5));
|
|
2447
2417
|
uint32_t x22;
|
|
2448
2418
|
fiat_p256_uint1 x23;
|
|
2449
|
-
fiat_p256_addcarryx_u32(&x22, &x23,
|
|
2419
|
+
fiat_p256_addcarryx_u32(&x22, &x23, 0x0, x16, (arg1[1]));
|
|
2450
2420
|
uint32_t x24;
|
|
2451
2421
|
fiat_p256_uint1 x25;
|
|
2452
|
-
fiat_p256_addcarryx_u32(&x24, &x25,
|
|
2422
|
+
fiat_p256_addcarryx_u32(&x24, &x25, x23, x18, 0x0);
|
|
2453
2423
|
uint32_t x26;
|
|
2454
2424
|
fiat_p256_uint1 x27;
|
|
2455
|
-
fiat_p256_addcarryx_u32(&x26, &x27, x25,
|
|
2425
|
+
fiat_p256_addcarryx_u32(&x26, &x27, x25, x20, 0x0);
|
|
2456
2426
|
uint32_t x28;
|
|
2457
|
-
|
|
2458
|
-
|
|
2427
|
+
uint32_t x29;
|
|
2428
|
+
fiat_p256_mulx_u32(&x28, &x29, x22, UINT32_C(0xffffffff));
|
|
2459
2429
|
uint32_t x30;
|
|
2460
2430
|
uint32_t x31;
|
|
2461
|
-
fiat_p256_mulx_u32(&x30, &x31,
|
|
2431
|
+
fiat_p256_mulx_u32(&x30, &x31, x22, UINT32_C(0xffffffff));
|
|
2462
2432
|
uint32_t x32;
|
|
2463
2433
|
uint32_t x33;
|
|
2464
|
-
fiat_p256_mulx_u32(&x32, &x33,
|
|
2434
|
+
fiat_p256_mulx_u32(&x32, &x33, x22, UINT32_C(0xffffffff));
|
|
2465
2435
|
uint32_t x34;
|
|
2466
2436
|
uint32_t x35;
|
|
2467
|
-
fiat_p256_mulx_u32(&x34, &x35,
|
|
2437
|
+
fiat_p256_mulx_u32(&x34, &x35, x22, UINT32_C(0xffffffff));
|
|
2468
2438
|
uint32_t x36;
|
|
2469
|
-
|
|
2470
|
-
|
|
2439
|
+
fiat_p256_uint1 x37;
|
|
2440
|
+
fiat_p256_addcarryx_u32(&x36, &x37, 0x0, x35, x32);
|
|
2471
2441
|
uint32_t x38;
|
|
2472
2442
|
fiat_p256_uint1 x39;
|
|
2473
|
-
fiat_p256_addcarryx_u32(&x38, &x39,
|
|
2443
|
+
fiat_p256_addcarryx_u32(&x38, &x39, x37, x33, x30);
|
|
2474
2444
|
uint32_t x40;
|
|
2475
2445
|
fiat_p256_uint1 x41;
|
|
2476
|
-
fiat_p256_addcarryx_u32(&x40, &x41,
|
|
2446
|
+
fiat_p256_addcarryx_u32(&x40, &x41, 0x0, x22, x34);
|
|
2477
2447
|
uint32_t x42;
|
|
2478
2448
|
fiat_p256_uint1 x43;
|
|
2479
|
-
fiat_p256_addcarryx_u32(&x42, &x43,
|
|
2449
|
+
fiat_p256_addcarryx_u32(&x42, &x43, x41, x24, x36);
|
|
2480
2450
|
uint32_t x44;
|
|
2481
2451
|
fiat_p256_uint1 x45;
|
|
2482
|
-
fiat_p256_addcarryx_u32(&x44, &x45, x43,
|
|
2452
|
+
fiat_p256_addcarryx_u32(&x44, &x45, x43, x26, x38);
|
|
2483
2453
|
uint32_t x46;
|
|
2484
2454
|
fiat_p256_uint1 x47;
|
|
2485
|
-
fiat_p256_addcarryx_u32(&x46, &x47, x45,
|
|
2455
|
+
fiat_p256_addcarryx_u32(&x46, &x47, x45, ((uint32_t)x27 + x21), (x39 + x31));
|
|
2486
2456
|
uint32_t x48;
|
|
2487
2457
|
fiat_p256_uint1 x49;
|
|
2488
|
-
fiat_p256_addcarryx_u32(&x48, &x49,
|
|
2458
|
+
fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x2, x22);
|
|
2489
2459
|
uint32_t x50;
|
|
2490
2460
|
fiat_p256_uint1 x51;
|
|
2491
|
-
fiat_p256_addcarryx_u32(&x50, &x51,
|
|
2461
|
+
fiat_p256_addcarryx_u32(&x50, &x51, x49, x3, x28);
|
|
2492
2462
|
uint32_t x52;
|
|
2493
2463
|
fiat_p256_uint1 x53;
|
|
2494
|
-
fiat_p256_addcarryx_u32(&x52, &x53,
|
|
2464
|
+
fiat_p256_addcarryx_u32(&x52, &x53, 0x0, x42, (arg1[2]));
|
|
2495
2465
|
uint32_t x54;
|
|
2496
2466
|
fiat_p256_uint1 x55;
|
|
2497
|
-
fiat_p256_addcarryx_u32(&x54, &x55,
|
|
2467
|
+
fiat_p256_addcarryx_u32(&x54, &x55, x53, x44, 0x0);
|
|
2498
2468
|
uint32_t x56;
|
|
2499
2469
|
fiat_p256_uint1 x57;
|
|
2500
|
-
fiat_p256_addcarryx_u32(&x56, &x57,
|
|
2470
|
+
fiat_p256_addcarryx_u32(&x56, &x57, x55, x46, 0x0);
|
|
2501
2471
|
uint32_t x58;
|
|
2502
|
-
|
|
2503
|
-
|
|
2472
|
+
uint32_t x59;
|
|
2473
|
+
fiat_p256_mulx_u32(&x58, &x59, x52, UINT32_C(0xffffffff));
|
|
2504
2474
|
uint32_t x60;
|
|
2505
|
-
|
|
2506
|
-
|
|
2475
|
+
uint32_t x61;
|
|
2476
|
+
fiat_p256_mulx_u32(&x60, &x61, x52, UINT32_C(0xffffffff));
|
|
2507
2477
|
uint32_t x62;
|
|
2508
|
-
|
|
2509
|
-
|
|
2478
|
+
uint32_t x63;
|
|
2479
|
+
fiat_p256_mulx_u32(&x62, &x63, x52, UINT32_C(0xffffffff));
|
|
2510
2480
|
uint32_t x64;
|
|
2511
|
-
|
|
2512
|
-
|
|
2481
|
+
uint32_t x65;
|
|
2482
|
+
fiat_p256_mulx_u32(&x64, &x65, x52, UINT32_C(0xffffffff));
|
|
2513
2483
|
uint32_t x66;
|
|
2514
|
-
|
|
2515
|
-
|
|
2484
|
+
fiat_p256_uint1 x67;
|
|
2485
|
+
fiat_p256_addcarryx_u32(&x66, &x67, 0x0, x65, x62);
|
|
2516
2486
|
uint32_t x68;
|
|
2517
|
-
|
|
2518
|
-
|
|
2487
|
+
fiat_p256_uint1 x69;
|
|
2488
|
+
fiat_p256_addcarryx_u32(&x68, &x69, x67, x63, x60);
|
|
2519
2489
|
uint32_t x70;
|
|
2520
|
-
|
|
2521
|
-
|
|
2490
|
+
fiat_p256_uint1 x71;
|
|
2491
|
+
fiat_p256_addcarryx_u32(&x70, &x71, 0x0, x52, x64);
|
|
2522
2492
|
uint32_t x72;
|
|
2523
|
-
|
|
2524
|
-
|
|
2493
|
+
fiat_p256_uint1 x73;
|
|
2494
|
+
fiat_p256_addcarryx_u32(&x72, &x73, x71, x54, x66);
|
|
2525
2495
|
uint32_t x74;
|
|
2526
2496
|
fiat_p256_uint1 x75;
|
|
2527
|
-
fiat_p256_addcarryx_u32(&x74, &x75,
|
|
2497
|
+
fiat_p256_addcarryx_u32(&x74, &x75, x73, x56, x68);
|
|
2528
2498
|
uint32_t x76;
|
|
2529
2499
|
fiat_p256_uint1 x77;
|
|
2530
|
-
fiat_p256_addcarryx_u32(&x76, &x77, x75,
|
|
2500
|
+
fiat_p256_addcarryx_u32(&x76, &x77, x75, ((uint32_t)x57 + x47), (x69 + x61));
|
|
2531
2501
|
uint32_t x78;
|
|
2532
2502
|
fiat_p256_uint1 x79;
|
|
2533
|
-
fiat_p256_addcarryx_u32(&x78, &x79,
|
|
2503
|
+
fiat_p256_addcarryx_u32(&x78, &x79, x77, x1, 0x0);
|
|
2534
2504
|
uint32_t x80;
|
|
2535
2505
|
fiat_p256_uint1 x81;
|
|
2536
|
-
fiat_p256_addcarryx_u32(&x80, &x81, x79,
|
|
2506
|
+
fiat_p256_addcarryx_u32(&x80, &x81, x79, x48, 0x0);
|
|
2537
2507
|
uint32_t x82;
|
|
2538
2508
|
fiat_p256_uint1 x83;
|
|
2539
|
-
fiat_p256_addcarryx_u32(&x82, &x83, x81,
|
|
2509
|
+
fiat_p256_addcarryx_u32(&x82, &x83, x81, x50, x52);
|
|
2540
2510
|
uint32_t x84;
|
|
2541
2511
|
fiat_p256_uint1 x85;
|
|
2542
|
-
fiat_p256_addcarryx_u32(&x84, &x85,
|
|
2512
|
+
fiat_p256_addcarryx_u32(&x84, &x85, x83, (x51 + x29), x58);
|
|
2543
2513
|
uint32_t x86;
|
|
2544
2514
|
fiat_p256_uint1 x87;
|
|
2545
|
-
fiat_p256_addcarryx_u32(&x86, &x87,
|
|
2515
|
+
fiat_p256_addcarryx_u32(&x86, &x87, 0x0, x72, (arg1[3]));
|
|
2546
2516
|
uint32_t x88;
|
|
2547
2517
|
fiat_p256_uint1 x89;
|
|
2548
|
-
fiat_p256_addcarryx_u32(&x88, &x89,
|
|
2518
|
+
fiat_p256_addcarryx_u32(&x88, &x89, x87, x74, 0x0);
|
|
2549
2519
|
uint32_t x90;
|
|
2550
2520
|
fiat_p256_uint1 x91;
|
|
2551
|
-
fiat_p256_addcarryx_u32(&x90, &x91,
|
|
2521
|
+
fiat_p256_addcarryx_u32(&x90, &x91, x89, x76, 0x0);
|
|
2552
2522
|
uint32_t x92;
|
|
2553
2523
|
fiat_p256_uint1 x93;
|
|
2554
|
-
fiat_p256_addcarryx_u32(&x92, &x93, x91,
|
|
2524
|
+
fiat_p256_addcarryx_u32(&x92, &x93, x91, x78, 0x0);
|
|
2555
2525
|
uint32_t x94;
|
|
2556
2526
|
fiat_p256_uint1 x95;
|
|
2557
|
-
fiat_p256_addcarryx_u32(&x94, &x95, x93,
|
|
2527
|
+
fiat_p256_addcarryx_u32(&x94, &x95, x93, x80, 0x0);
|
|
2558
2528
|
uint32_t x96;
|
|
2559
2529
|
fiat_p256_uint1 x97;
|
|
2560
|
-
fiat_p256_addcarryx_u32(&x96, &x97, x95,
|
|
2530
|
+
fiat_p256_addcarryx_u32(&x96, &x97, x95, x82, 0x0);
|
|
2561
2531
|
uint32_t x98;
|
|
2562
2532
|
fiat_p256_uint1 x99;
|
|
2563
|
-
fiat_p256_addcarryx_u32(&x98, &x99,
|
|
2533
|
+
fiat_p256_addcarryx_u32(&x98, &x99, x97, x84, 0x0);
|
|
2564
2534
|
uint32_t x100;
|
|
2565
2535
|
fiat_p256_uint1 x101;
|
|
2566
|
-
fiat_p256_addcarryx_u32(&x100, &x101,
|
|
2536
|
+
fiat_p256_addcarryx_u32(&x100, &x101, x99, (x85 + x59), 0x0);
|
|
2567
2537
|
uint32_t x102;
|
|
2568
|
-
|
|
2569
|
-
|
|
2538
|
+
uint32_t x103;
|
|
2539
|
+
fiat_p256_mulx_u32(&x102, &x103, x86, UINT32_C(0xffffffff));
|
|
2570
2540
|
uint32_t x104;
|
|
2571
|
-
|
|
2572
|
-
|
|
2541
|
+
uint32_t x105;
|
|
2542
|
+
fiat_p256_mulx_u32(&x104, &x105, x86, UINT32_C(0xffffffff));
|
|
2573
2543
|
uint32_t x106;
|
|
2574
|
-
|
|
2575
|
-
|
|
2544
|
+
uint32_t x107;
|
|
2545
|
+
fiat_p256_mulx_u32(&x106, &x107, x86, UINT32_C(0xffffffff));
|
|
2576
2546
|
uint32_t x108;
|
|
2577
|
-
|
|
2578
|
-
|
|
2547
|
+
uint32_t x109;
|
|
2548
|
+
fiat_p256_mulx_u32(&x108, &x109, x86, UINT32_C(0xffffffff));
|
|
2579
2549
|
uint32_t x110;
|
|
2580
2550
|
fiat_p256_uint1 x111;
|
|
2581
|
-
fiat_p256_addcarryx_u32(&x110, &x111,
|
|
2551
|
+
fiat_p256_addcarryx_u32(&x110, &x111, 0x0, x109, x106);
|
|
2582
2552
|
uint32_t x112;
|
|
2583
2553
|
fiat_p256_uint1 x113;
|
|
2584
|
-
fiat_p256_addcarryx_u32(&x112, &x113, x111,
|
|
2554
|
+
fiat_p256_addcarryx_u32(&x112, &x113, x111, x107, x104);
|
|
2585
2555
|
uint32_t x114;
|
|
2586
2556
|
fiat_p256_uint1 x115;
|
|
2587
|
-
fiat_p256_addcarryx_u32(&x114, &x115,
|
|
2557
|
+
fiat_p256_addcarryx_u32(&x114, &x115, 0x0, x86, x108);
|
|
2588
2558
|
uint32_t x116;
|
|
2589
2559
|
fiat_p256_uint1 x117;
|
|
2590
|
-
fiat_p256_addcarryx_u32(&x116, &x117,
|
|
2560
|
+
fiat_p256_addcarryx_u32(&x116, &x117, x115, x88, x110);
|
|
2591
2561
|
uint32_t x118;
|
|
2592
2562
|
fiat_p256_uint1 x119;
|
|
2593
|
-
fiat_p256_addcarryx_u32(&x118, &x119,
|
|
2563
|
+
fiat_p256_addcarryx_u32(&x118, &x119, x117, x90, x112);
|
|
2594
2564
|
uint32_t x120;
|
|
2595
|
-
|
|
2596
|
-
|
|
2565
|
+
fiat_p256_uint1 x121;
|
|
2566
|
+
fiat_p256_addcarryx_u32(&x120, &x121, x119, x92, (x113 + x105));
|
|
2597
2567
|
uint32_t x122;
|
|
2598
|
-
|
|
2599
|
-
|
|
2568
|
+
fiat_p256_uint1 x123;
|
|
2569
|
+
fiat_p256_addcarryx_u32(&x122, &x123, x121, x94, 0x0);
|
|
2600
2570
|
uint32_t x124;
|
|
2601
|
-
|
|
2602
|
-
|
|
2571
|
+
fiat_p256_uint1 x125;
|
|
2572
|
+
fiat_p256_addcarryx_u32(&x124, &x125, x123, x96, 0x0);
|
|
2603
2573
|
uint32_t x126;
|
|
2604
|
-
|
|
2605
|
-
|
|
2574
|
+
fiat_p256_uint1 x127;
|
|
2575
|
+
fiat_p256_addcarryx_u32(&x126, &x127, x125, x98, x86);
|
|
2606
2576
|
uint32_t x128;
|
|
2607
2577
|
fiat_p256_uint1 x129;
|
|
2608
|
-
fiat_p256_addcarryx_u32(&x128, &x129,
|
|
2578
|
+
fiat_p256_addcarryx_u32(&x128, &x129, x127, x100, x102);
|
|
2609
2579
|
uint32_t x130;
|
|
2610
2580
|
fiat_p256_uint1 x131;
|
|
2611
|
-
fiat_p256_addcarryx_u32(&x130, &x131, x129,
|
|
2581
|
+
fiat_p256_addcarryx_u32(&x130, &x131, x129, x101, x103);
|
|
2612
2582
|
uint32_t x132;
|
|
2613
2583
|
fiat_p256_uint1 x133;
|
|
2614
|
-
fiat_p256_addcarryx_u32(&x132, &x133, 0x0,
|
|
2584
|
+
fiat_p256_addcarryx_u32(&x132, &x133, 0x0, x116, (arg1[4]));
|
|
2615
2585
|
uint32_t x134;
|
|
2616
2586
|
fiat_p256_uint1 x135;
|
|
2617
|
-
fiat_p256_addcarryx_u32(&x134, &x135, x133,
|
|
2587
|
+
fiat_p256_addcarryx_u32(&x134, &x135, x133, x118, 0x0);
|
|
2618
2588
|
uint32_t x136;
|
|
2619
2589
|
fiat_p256_uint1 x137;
|
|
2620
|
-
fiat_p256_addcarryx_u32(&x136, &x137, x135,
|
|
2590
|
+
fiat_p256_addcarryx_u32(&x136, &x137, x135, x120, 0x0);
|
|
2621
2591
|
uint32_t x138;
|
|
2622
2592
|
fiat_p256_uint1 x139;
|
|
2623
|
-
fiat_p256_addcarryx_u32(&x138, &x139,
|
|
2593
|
+
fiat_p256_addcarryx_u32(&x138, &x139, x137, x122, 0x0);
|
|
2624
2594
|
uint32_t x140;
|
|
2625
2595
|
fiat_p256_uint1 x141;
|
|
2626
|
-
fiat_p256_addcarryx_u32(&x140, &x141,
|
|
2596
|
+
fiat_p256_addcarryx_u32(&x140, &x141, x139, x124, 0x0);
|
|
2627
2597
|
uint32_t x142;
|
|
2628
2598
|
fiat_p256_uint1 x143;
|
|
2629
|
-
fiat_p256_addcarryx_u32(&x142, &x143, x141,
|
|
2599
|
+
fiat_p256_addcarryx_u32(&x142, &x143, x141, x126, 0x0);
|
|
2630
2600
|
uint32_t x144;
|
|
2631
2601
|
fiat_p256_uint1 x145;
|
|
2632
|
-
fiat_p256_addcarryx_u32(&x144, &x145, x143,
|
|
2602
|
+
fiat_p256_addcarryx_u32(&x144, &x145, x143, x128, 0x0);
|
|
2633
2603
|
uint32_t x146;
|
|
2634
2604
|
fiat_p256_uint1 x147;
|
|
2635
|
-
fiat_p256_addcarryx_u32(&x146, &x147, x145,
|
|
2605
|
+
fiat_p256_addcarryx_u32(&x146, &x147, x145, x130, 0x0);
|
|
2636
2606
|
uint32_t x148;
|
|
2637
|
-
|
|
2638
|
-
|
|
2607
|
+
uint32_t x149;
|
|
2608
|
+
fiat_p256_mulx_u32(&x148, &x149, x132, UINT32_C(0xffffffff));
|
|
2639
2609
|
uint32_t x150;
|
|
2640
|
-
|
|
2641
|
-
|
|
2610
|
+
uint32_t x151;
|
|
2611
|
+
fiat_p256_mulx_u32(&x150, &x151, x132, UINT32_C(0xffffffff));
|
|
2642
2612
|
uint32_t x152;
|
|
2643
|
-
|
|
2644
|
-
|
|
2613
|
+
uint32_t x153;
|
|
2614
|
+
fiat_p256_mulx_u32(&x152, &x153, x132, UINT32_C(0xffffffff));
|
|
2645
2615
|
uint32_t x154;
|
|
2646
|
-
|
|
2647
|
-
|
|
2616
|
+
uint32_t x155;
|
|
2617
|
+
fiat_p256_mulx_u32(&x154, &x155, x132, UINT32_C(0xffffffff));
|
|
2648
2618
|
uint32_t x156;
|
|
2649
2619
|
fiat_p256_uint1 x157;
|
|
2650
|
-
fiat_p256_addcarryx_u32(&x156, &x157,
|
|
2620
|
+
fiat_p256_addcarryx_u32(&x156, &x157, 0x0, x155, x152);
|
|
2651
2621
|
uint32_t x158;
|
|
2652
2622
|
fiat_p256_uint1 x159;
|
|
2653
|
-
fiat_p256_addcarryx_u32(&x158, &x159, x157,
|
|
2623
|
+
fiat_p256_addcarryx_u32(&x158, &x159, x157, x153, x150);
|
|
2654
2624
|
uint32_t x160;
|
|
2655
2625
|
fiat_p256_uint1 x161;
|
|
2656
|
-
fiat_p256_addcarryx_u32(&x160, &x161,
|
|
2626
|
+
fiat_p256_addcarryx_u32(&x160, &x161, 0x0, x132, x154);
|
|
2657
2627
|
uint32_t x162;
|
|
2658
2628
|
fiat_p256_uint1 x163;
|
|
2659
|
-
fiat_p256_addcarryx_u32(&x162, &x163, x161,
|
|
2629
|
+
fiat_p256_addcarryx_u32(&x162, &x163, x161, x134, x156);
|
|
2660
2630
|
uint32_t x164;
|
|
2661
2631
|
fiat_p256_uint1 x165;
|
|
2662
|
-
fiat_p256_addcarryx_u32(&x164, &x165, x163,
|
|
2632
|
+
fiat_p256_addcarryx_u32(&x164, &x165, x163, x136, x158);
|
|
2663
2633
|
uint32_t x166;
|
|
2664
2634
|
fiat_p256_uint1 x167;
|
|
2665
|
-
fiat_p256_addcarryx_u32(&x166, &x167, x165,
|
|
2635
|
+
fiat_p256_addcarryx_u32(&x166, &x167, x165, x138, (x159 + x151));
|
|
2666
2636
|
uint32_t x168;
|
|
2667
2637
|
fiat_p256_uint1 x169;
|
|
2668
|
-
fiat_p256_addcarryx_u32(&x168, &x169, x167,
|
|
2638
|
+
fiat_p256_addcarryx_u32(&x168, &x169, x167, x140, 0x0);
|
|
2669
2639
|
uint32_t x170;
|
|
2670
|
-
|
|
2671
|
-
|
|
2640
|
+
fiat_p256_uint1 x171;
|
|
2641
|
+
fiat_p256_addcarryx_u32(&x170, &x171, x169, x142, 0x0);
|
|
2672
2642
|
uint32_t x172;
|
|
2673
|
-
|
|
2674
|
-
|
|
2643
|
+
fiat_p256_uint1 x173;
|
|
2644
|
+
fiat_p256_addcarryx_u32(&x172, &x173, x171, x144, x132);
|
|
2675
2645
|
uint32_t x174;
|
|
2676
|
-
|
|
2677
|
-
|
|
2646
|
+
fiat_p256_uint1 x175;
|
|
2647
|
+
fiat_p256_addcarryx_u32(&x174, &x175, x173, x146, x148);
|
|
2678
2648
|
uint32_t x176;
|
|
2679
|
-
|
|
2680
|
-
|
|
2649
|
+
fiat_p256_uint1 x177;
|
|
2650
|
+
fiat_p256_addcarryx_u32(&x176, &x177, x175, ((uint32_t)x147 + x131), x149);
|
|
2681
2651
|
uint32_t x178;
|
|
2682
2652
|
fiat_p256_uint1 x179;
|
|
2683
|
-
fiat_p256_addcarryx_u32(&x178, &x179, 0x0,
|
|
2653
|
+
fiat_p256_addcarryx_u32(&x178, &x179, 0x0, x162, (arg1[5]));
|
|
2684
2654
|
uint32_t x180;
|
|
2685
2655
|
fiat_p256_uint1 x181;
|
|
2686
|
-
fiat_p256_addcarryx_u32(&x180, &x181, x179,
|
|
2656
|
+
fiat_p256_addcarryx_u32(&x180, &x181, x179, x164, 0x0);
|
|
2687
2657
|
uint32_t x182;
|
|
2688
2658
|
fiat_p256_uint1 x183;
|
|
2689
|
-
fiat_p256_addcarryx_u32(&x182, &x183,
|
|
2659
|
+
fiat_p256_addcarryx_u32(&x182, &x183, x181, x166, 0x0);
|
|
2690
2660
|
uint32_t x184;
|
|
2691
2661
|
fiat_p256_uint1 x185;
|
|
2692
|
-
fiat_p256_addcarryx_u32(&x184, &x185, x183,
|
|
2662
|
+
fiat_p256_addcarryx_u32(&x184, &x185, x183, x168, 0x0);
|
|
2693
2663
|
uint32_t x186;
|
|
2694
2664
|
fiat_p256_uint1 x187;
|
|
2695
|
-
fiat_p256_addcarryx_u32(&x186, &x187, x185,
|
|
2665
|
+
fiat_p256_addcarryx_u32(&x186, &x187, x185, x170, 0x0);
|
|
2696
2666
|
uint32_t x188;
|
|
2697
2667
|
fiat_p256_uint1 x189;
|
|
2698
|
-
fiat_p256_addcarryx_u32(&x188, &x189,
|
|
2668
|
+
fiat_p256_addcarryx_u32(&x188, &x189, x187, x172, 0x0);
|
|
2699
2669
|
uint32_t x190;
|
|
2700
2670
|
fiat_p256_uint1 x191;
|
|
2701
|
-
fiat_p256_addcarryx_u32(&x190, &x191,
|
|
2671
|
+
fiat_p256_addcarryx_u32(&x190, &x191, x189, x174, 0x0);
|
|
2702
2672
|
uint32_t x192;
|
|
2703
2673
|
fiat_p256_uint1 x193;
|
|
2704
|
-
fiat_p256_addcarryx_u32(&x192, &x193, x191,
|
|
2674
|
+
fiat_p256_addcarryx_u32(&x192, &x193, x191, x176, 0x0);
|
|
2705
2675
|
uint32_t x194;
|
|
2706
|
-
|
|
2707
|
-
|
|
2676
|
+
uint32_t x195;
|
|
2677
|
+
fiat_p256_mulx_u32(&x194, &x195, x178, UINT32_C(0xffffffff));
|
|
2708
2678
|
uint32_t x196;
|
|
2709
|
-
|
|
2710
|
-
|
|
2679
|
+
uint32_t x197;
|
|
2680
|
+
fiat_p256_mulx_u32(&x196, &x197, x178, UINT32_C(0xffffffff));
|
|
2711
2681
|
uint32_t x198;
|
|
2712
|
-
|
|
2713
|
-
|
|
2682
|
+
uint32_t x199;
|
|
2683
|
+
fiat_p256_mulx_u32(&x198, &x199, x178, UINT32_C(0xffffffff));
|
|
2714
2684
|
uint32_t x200;
|
|
2715
|
-
|
|
2716
|
-
|
|
2685
|
+
uint32_t x201;
|
|
2686
|
+
fiat_p256_mulx_u32(&x200, &x201, x178, UINT32_C(0xffffffff));
|
|
2717
2687
|
uint32_t x202;
|
|
2718
2688
|
fiat_p256_uint1 x203;
|
|
2719
|
-
fiat_p256_addcarryx_u32(&x202, &x203,
|
|
2689
|
+
fiat_p256_addcarryx_u32(&x202, &x203, 0x0, x201, x198);
|
|
2720
2690
|
uint32_t x204;
|
|
2721
2691
|
fiat_p256_uint1 x205;
|
|
2722
|
-
fiat_p256_addcarryx_u32(&x204, &x205,
|
|
2692
|
+
fiat_p256_addcarryx_u32(&x204, &x205, x203, x199, x196);
|
|
2723
2693
|
uint32_t x206;
|
|
2724
2694
|
fiat_p256_uint1 x207;
|
|
2725
|
-
fiat_p256_addcarryx_u32(&x206, &x207, 0x0,
|
|
2695
|
+
fiat_p256_addcarryx_u32(&x206, &x207, 0x0, x178, x200);
|
|
2726
2696
|
uint32_t x208;
|
|
2727
2697
|
fiat_p256_uint1 x209;
|
|
2728
|
-
fiat_p256_addcarryx_u32(&x208, &x209, x207,
|
|
2698
|
+
fiat_p256_addcarryx_u32(&x208, &x209, x207, x180, x202);
|
|
2729
2699
|
uint32_t x210;
|
|
2730
2700
|
fiat_p256_uint1 x211;
|
|
2731
|
-
fiat_p256_addcarryx_u32(&x210, &x211, x209,
|
|
2701
|
+
fiat_p256_addcarryx_u32(&x210, &x211, x209, x182, x204);
|
|
2732
2702
|
uint32_t x212;
|
|
2733
2703
|
fiat_p256_uint1 x213;
|
|
2734
|
-
fiat_p256_addcarryx_u32(&x212, &x213, x211,
|
|
2704
|
+
fiat_p256_addcarryx_u32(&x212, &x213, x211, x184, (x205 + x197));
|
|
2735
2705
|
uint32_t x214;
|
|
2736
2706
|
fiat_p256_uint1 x215;
|
|
2737
|
-
fiat_p256_addcarryx_u32(&x214, &x215, x213,
|
|
2707
|
+
fiat_p256_addcarryx_u32(&x214, &x215, x213, x186, 0x0);
|
|
2738
2708
|
uint32_t x216;
|
|
2739
2709
|
fiat_p256_uint1 x217;
|
|
2740
|
-
fiat_p256_addcarryx_u32(&x216, &x217, x215,
|
|
2710
|
+
fiat_p256_addcarryx_u32(&x216, &x217, x215, x188, 0x0);
|
|
2741
2711
|
uint32_t x218;
|
|
2742
2712
|
fiat_p256_uint1 x219;
|
|
2743
|
-
fiat_p256_addcarryx_u32(&x218, &x219, x217,
|
|
2713
|
+
fiat_p256_addcarryx_u32(&x218, &x219, x217, x190, x178);
|
|
2744
2714
|
uint32_t x220;
|
|
2745
2715
|
fiat_p256_uint1 x221;
|
|
2746
|
-
fiat_p256_addcarryx_u32(&x220, &x221, x219,
|
|
2716
|
+
fiat_p256_addcarryx_u32(&x220, &x221, x219, x192, x194);
|
|
2747
2717
|
uint32_t x222;
|
|
2748
|
-
|
|
2749
|
-
|
|
2718
|
+
fiat_p256_uint1 x223;
|
|
2719
|
+
fiat_p256_addcarryx_u32(&x222, &x223, x221, ((uint32_t)x193 + x177), x195);
|
|
2750
2720
|
uint32_t x224;
|
|
2751
|
-
|
|
2752
|
-
|
|
2721
|
+
fiat_p256_uint1 x225;
|
|
2722
|
+
fiat_p256_addcarryx_u32(&x224, &x225, 0x0, x208, (arg1[6]));
|
|
2753
2723
|
uint32_t x226;
|
|
2754
|
-
|
|
2755
|
-
|
|
2724
|
+
fiat_p256_uint1 x227;
|
|
2725
|
+
fiat_p256_addcarryx_u32(&x226, &x227, x225, x210, 0x0);
|
|
2756
2726
|
uint32_t x228;
|
|
2757
|
-
|
|
2758
|
-
|
|
2727
|
+
fiat_p256_uint1 x229;
|
|
2728
|
+
fiat_p256_addcarryx_u32(&x228, &x229, x227, x212, 0x0);
|
|
2759
2729
|
uint32_t x230;
|
|
2760
2730
|
fiat_p256_uint1 x231;
|
|
2761
|
-
fiat_p256_addcarryx_u32(&x230, &x231,
|
|
2731
|
+
fiat_p256_addcarryx_u32(&x230, &x231, x229, x214, 0x0);
|
|
2762
2732
|
uint32_t x232;
|
|
2763
2733
|
fiat_p256_uint1 x233;
|
|
2764
|
-
fiat_p256_addcarryx_u32(&x232, &x233, x231,
|
|
2734
|
+
fiat_p256_addcarryx_u32(&x232, &x233, x231, x216, 0x0);
|
|
2765
2735
|
uint32_t x234;
|
|
2766
2736
|
fiat_p256_uint1 x235;
|
|
2767
|
-
fiat_p256_addcarryx_u32(&x234, &x235,
|
|
2737
|
+
fiat_p256_addcarryx_u32(&x234, &x235, x233, x218, 0x0);
|
|
2768
2738
|
uint32_t x236;
|
|
2769
2739
|
fiat_p256_uint1 x237;
|
|
2770
|
-
fiat_p256_addcarryx_u32(&x236, &x237, x235,
|
|
2740
|
+
fiat_p256_addcarryx_u32(&x236, &x237, x235, x220, 0x0);
|
|
2771
2741
|
uint32_t x238;
|
|
2772
2742
|
fiat_p256_uint1 x239;
|
|
2773
|
-
fiat_p256_addcarryx_u32(&x238, &x239, x237,
|
|
2743
|
+
fiat_p256_addcarryx_u32(&x238, &x239, x237, x222, 0x0);
|
|
2774
2744
|
uint32_t x240;
|
|
2775
|
-
|
|
2776
|
-
|
|
2745
|
+
uint32_t x241;
|
|
2746
|
+
fiat_p256_mulx_u32(&x240, &x241, x224, UINT32_C(0xffffffff));
|
|
2777
2747
|
uint32_t x242;
|
|
2778
|
-
|
|
2779
|
-
|
|
2748
|
+
uint32_t x243;
|
|
2749
|
+
fiat_p256_mulx_u32(&x242, &x243, x224, UINT32_C(0xffffffff));
|
|
2780
2750
|
uint32_t x244;
|
|
2781
|
-
|
|
2782
|
-
|
|
2751
|
+
uint32_t x245;
|
|
2752
|
+
fiat_p256_mulx_u32(&x244, &x245, x224, UINT32_C(0xffffffff));
|
|
2783
2753
|
uint32_t x246;
|
|
2784
|
-
|
|
2785
|
-
|
|
2754
|
+
uint32_t x247;
|
|
2755
|
+
fiat_p256_mulx_u32(&x246, &x247, x224, UINT32_C(0xffffffff));
|
|
2786
2756
|
uint32_t x248;
|
|
2787
2757
|
fiat_p256_uint1 x249;
|
|
2788
|
-
fiat_p256_addcarryx_u32(&x248, &x249,
|
|
2758
|
+
fiat_p256_addcarryx_u32(&x248, &x249, 0x0, x247, x244);
|
|
2789
2759
|
uint32_t x250;
|
|
2790
2760
|
fiat_p256_uint1 x251;
|
|
2791
|
-
fiat_p256_addcarryx_u32(&x250, &x251, x249,
|
|
2761
|
+
fiat_p256_addcarryx_u32(&x250, &x251, x249, x245, x242);
|
|
2792
2762
|
uint32_t x252;
|
|
2793
2763
|
fiat_p256_uint1 x253;
|
|
2794
|
-
fiat_p256_addcarryx_u32(&x252, &x253,
|
|
2764
|
+
fiat_p256_addcarryx_u32(&x252, &x253, 0x0, x224, x246);
|
|
2795
2765
|
uint32_t x254;
|
|
2796
2766
|
fiat_p256_uint1 x255;
|
|
2797
|
-
fiat_p256_addcarryx_u32(&x254, &x255,
|
|
2767
|
+
fiat_p256_addcarryx_u32(&x254, &x255, x253, x226, x248);
|
|
2798
2768
|
uint32_t x256;
|
|
2799
2769
|
fiat_p256_uint1 x257;
|
|
2800
|
-
fiat_p256_addcarryx_u32(&x256, &x257,
|
|
2770
|
+
fiat_p256_addcarryx_u32(&x256, &x257, x255, x228, x250);
|
|
2801
2771
|
uint32_t x258;
|
|
2802
2772
|
fiat_p256_uint1 x259;
|
|
2803
|
-
fiat_p256_addcarryx_u32(&x258, &x259,
|
|
2773
|
+
fiat_p256_addcarryx_u32(&x258, &x259, x257, x230, (x251 + x243));
|
|
2804
2774
|
uint32_t x260;
|
|
2805
2775
|
fiat_p256_uint1 x261;
|
|
2806
|
-
fiat_p256_addcarryx_u32(&x260, &x261, x259,
|
|
2776
|
+
fiat_p256_addcarryx_u32(&x260, &x261, x259, x232, 0x0);
|
|
2807
2777
|
uint32_t x262;
|
|
2808
2778
|
fiat_p256_uint1 x263;
|
|
2809
|
-
fiat_p256_addcarryx_u32(&x262, &x263, x261,
|
|
2779
|
+
fiat_p256_addcarryx_u32(&x262, &x263, x261, x234, 0x0);
|
|
2810
2780
|
uint32_t x264;
|
|
2811
2781
|
fiat_p256_uint1 x265;
|
|
2812
|
-
fiat_p256_addcarryx_u32(&x264, &x265, x263,
|
|
2782
|
+
fiat_p256_addcarryx_u32(&x264, &x265, x263, x236, x224);
|
|
2813
2783
|
uint32_t x266;
|
|
2814
2784
|
fiat_p256_uint1 x267;
|
|
2815
|
-
fiat_p256_addcarryx_u32(&x266, &x267, x265,
|
|
2785
|
+
fiat_p256_addcarryx_u32(&x266, &x267, x265, x238, x240);
|
|
2816
2786
|
uint32_t x268;
|
|
2817
2787
|
fiat_p256_uint1 x269;
|
|
2818
|
-
fiat_p256_addcarryx_u32(&x268, &x269, x267,
|
|
2788
|
+
fiat_p256_addcarryx_u32(&x268, &x269, x267, ((uint32_t)x239 + x223), x241);
|
|
2819
2789
|
uint32_t x270;
|
|
2820
2790
|
fiat_p256_uint1 x271;
|
|
2821
|
-
fiat_p256_addcarryx_u32(&x270, &x271,
|
|
2791
|
+
fiat_p256_addcarryx_u32(&x270, &x271, 0x0, x254, (arg1[7]));
|
|
2822
2792
|
uint32_t x272;
|
|
2823
2793
|
fiat_p256_uint1 x273;
|
|
2824
|
-
fiat_p256_addcarryx_u32(&x272, &x273, x271,
|
|
2794
|
+
fiat_p256_addcarryx_u32(&x272, &x273, x271, x256, 0x0);
|
|
2825
2795
|
uint32_t x274;
|
|
2826
|
-
|
|
2827
|
-
|
|
2796
|
+
fiat_p256_uint1 x275;
|
|
2797
|
+
fiat_p256_addcarryx_u32(&x274, &x275, x273, x258, 0x0);
|
|
2828
2798
|
uint32_t x276;
|
|
2829
|
-
|
|
2830
|
-
|
|
2799
|
+
fiat_p256_uint1 x277;
|
|
2800
|
+
fiat_p256_addcarryx_u32(&x276, &x277, x275, x260, 0x0);
|
|
2831
2801
|
uint32_t x278;
|
|
2832
|
-
|
|
2833
|
-
|
|
2802
|
+
fiat_p256_uint1 x279;
|
|
2803
|
+
fiat_p256_addcarryx_u32(&x278, &x279, x277, x262, 0x0);
|
|
2834
2804
|
uint32_t x280;
|
|
2835
|
-
|
|
2836
|
-
|
|
2805
|
+
fiat_p256_uint1 x281;
|
|
2806
|
+
fiat_p256_addcarryx_u32(&x280, &x281, x279, x264, 0x0);
|
|
2837
2807
|
uint32_t x282;
|
|
2838
2808
|
fiat_p256_uint1 x283;
|
|
2839
|
-
fiat_p256_addcarryx_u32(&x282, &x283,
|
|
2809
|
+
fiat_p256_addcarryx_u32(&x282, &x283, x281, x266, 0x0);
|
|
2840
2810
|
uint32_t x284;
|
|
2841
2811
|
fiat_p256_uint1 x285;
|
|
2842
|
-
fiat_p256_addcarryx_u32(&x284, &x285, x283,
|
|
2812
|
+
fiat_p256_addcarryx_u32(&x284, &x285, x283, x268, 0x0);
|
|
2843
2813
|
uint32_t x286;
|
|
2844
|
-
|
|
2845
|
-
|
|
2814
|
+
uint32_t x287;
|
|
2815
|
+
fiat_p256_mulx_u32(&x286, &x287, x270, UINT32_C(0xffffffff));
|
|
2846
2816
|
uint32_t x288;
|
|
2847
|
-
|
|
2848
|
-
|
|
2817
|
+
uint32_t x289;
|
|
2818
|
+
fiat_p256_mulx_u32(&x288, &x289, x270, UINT32_C(0xffffffff));
|
|
2849
2819
|
uint32_t x290;
|
|
2850
|
-
|
|
2851
|
-
|
|
2820
|
+
uint32_t x291;
|
|
2821
|
+
fiat_p256_mulx_u32(&x290, &x291, x270, UINT32_C(0xffffffff));
|
|
2852
2822
|
uint32_t x292;
|
|
2853
|
-
|
|
2854
|
-
|
|
2823
|
+
uint32_t x293;
|
|
2824
|
+
fiat_p256_mulx_u32(&x292, &x293, x270, UINT32_C(0xffffffff));
|
|
2855
2825
|
uint32_t x294;
|
|
2856
2826
|
fiat_p256_uint1 x295;
|
|
2857
|
-
fiat_p256_addcarryx_u32(&x294, &x295,
|
|
2827
|
+
fiat_p256_addcarryx_u32(&x294, &x295, 0x0, x293, x290);
|
|
2858
2828
|
uint32_t x296;
|
|
2859
2829
|
fiat_p256_uint1 x297;
|
|
2860
|
-
fiat_p256_addcarryx_u32(&x296, &x297, x295,
|
|
2830
|
+
fiat_p256_addcarryx_u32(&x296, &x297, x295, x291, x288);
|
|
2861
2831
|
uint32_t x298;
|
|
2862
2832
|
fiat_p256_uint1 x299;
|
|
2863
|
-
fiat_p256_addcarryx_u32(&x298, &x299,
|
|
2833
|
+
fiat_p256_addcarryx_u32(&x298, &x299, 0x0, x270, x292);
|
|
2864
2834
|
uint32_t x300;
|
|
2865
2835
|
fiat_p256_uint1 x301;
|
|
2866
|
-
fiat_p256_addcarryx_u32(&x300, &x301, x299,
|
|
2836
|
+
fiat_p256_addcarryx_u32(&x300, &x301, x299, x272, x294);
|
|
2867
2837
|
uint32_t x302;
|
|
2868
2838
|
fiat_p256_uint1 x303;
|
|
2869
|
-
fiat_p256_addcarryx_u32(&x302, &x303, x301, x274,
|
|
2839
|
+
fiat_p256_addcarryx_u32(&x302, &x303, x301, x274, x296);
|
|
2870
2840
|
uint32_t x304;
|
|
2871
2841
|
fiat_p256_uint1 x305;
|
|
2872
|
-
fiat_p256_addcarryx_u32(&x304, &x305,
|
|
2842
|
+
fiat_p256_addcarryx_u32(&x304, &x305, x303, x276, (x297 + x289));
|
|
2873
2843
|
uint32_t x306;
|
|
2874
2844
|
fiat_p256_uint1 x307;
|
|
2875
|
-
fiat_p256_addcarryx_u32(&x306, &x307,
|
|
2845
|
+
fiat_p256_addcarryx_u32(&x306, &x307, x305, x278, 0x0);
|
|
2876
2846
|
uint32_t x308;
|
|
2877
2847
|
fiat_p256_uint1 x309;
|
|
2878
|
-
fiat_p256_addcarryx_u32(&x308, &x309,
|
|
2848
|
+
fiat_p256_addcarryx_u32(&x308, &x309, x307, x280, 0x0);
|
|
2879
2849
|
uint32_t x310;
|
|
2880
2850
|
fiat_p256_uint1 x311;
|
|
2881
|
-
fiat_p256_addcarryx_u32(&x310, &x311,
|
|
2851
|
+
fiat_p256_addcarryx_u32(&x310, &x311, x309, x282, x270);
|
|
2882
2852
|
uint32_t x312;
|
|
2883
2853
|
fiat_p256_uint1 x313;
|
|
2884
|
-
fiat_p256_addcarryx_u32(&x312, &x313, x311,
|
|
2854
|
+
fiat_p256_addcarryx_u32(&x312, &x313, x311, x284, x286);
|
|
2885
2855
|
uint32_t x314;
|
|
2886
2856
|
fiat_p256_uint1 x315;
|
|
2887
|
-
fiat_p256_addcarryx_u32(&x314, &x315, x313,
|
|
2857
|
+
fiat_p256_addcarryx_u32(&x314, &x315, x313, ((uint32_t)x285 + x269), x287);
|
|
2888
2858
|
uint32_t x316;
|
|
2889
2859
|
fiat_p256_uint1 x317;
|
|
2890
|
-
|
|
2860
|
+
fiat_p256_subborrowx_u32(&x316, &x317, 0x0, x300, UINT32_C(0xffffffff));
|
|
2891
2861
|
uint32_t x318;
|
|
2892
2862
|
fiat_p256_uint1 x319;
|
|
2893
|
-
|
|
2863
|
+
fiat_p256_subborrowx_u32(&x318, &x319, x317, x302, UINT32_C(0xffffffff));
|
|
2894
2864
|
uint32_t x320;
|
|
2895
2865
|
fiat_p256_uint1 x321;
|
|
2896
|
-
|
|
2866
|
+
fiat_p256_subborrowx_u32(&x320, &x321, x319, x304, UINT32_C(0xffffffff));
|
|
2897
2867
|
uint32_t x322;
|
|
2898
2868
|
fiat_p256_uint1 x323;
|
|
2899
|
-
|
|
2869
|
+
fiat_p256_subborrowx_u32(&x322, &x323, x321, x306, 0x0);
|
|
2900
2870
|
uint32_t x324;
|
|
2901
2871
|
fiat_p256_uint1 x325;
|
|
2902
|
-
|
|
2872
|
+
fiat_p256_subborrowx_u32(&x324, &x325, x323, x308, 0x0);
|
|
2903
2873
|
uint32_t x326;
|
|
2904
|
-
|
|
2905
|
-
|
|
2874
|
+
fiat_p256_uint1 x327;
|
|
2875
|
+
fiat_p256_subborrowx_u32(&x326, &x327, x325, x310, 0x0);
|
|
2906
2876
|
uint32_t x328;
|
|
2907
|
-
|
|
2908
|
-
|
|
2877
|
+
fiat_p256_uint1 x329;
|
|
2878
|
+
fiat_p256_subborrowx_u32(&x328, &x329, x327, x312, 0x1);
|
|
2909
2879
|
uint32_t x330;
|
|
2910
|
-
|
|
2911
|
-
|
|
2880
|
+
fiat_p256_uint1 x331;
|
|
2881
|
+
fiat_p256_subborrowx_u32(&x330, &x331, x329, x314, UINT32_C(0xffffffff));
|
|
2912
2882
|
uint32_t x332;
|
|
2913
|
-
|
|
2914
|
-
|
|
2883
|
+
fiat_p256_uint1 x333;
|
|
2884
|
+
fiat_p256_subborrowx_u32(&x332, &x333, x331, x315, 0x0);
|
|
2915
2885
|
uint32_t x334;
|
|
2916
|
-
|
|
2917
|
-
|
|
2886
|
+
fiat_p256_cmovznz_u32(&x334, x333, x316, x300);
|
|
2887
|
+
uint32_t x335;
|
|
2888
|
+
fiat_p256_cmovznz_u32(&x335, x333, x318, x302);
|
|
2918
2889
|
uint32_t x336;
|
|
2919
|
-
|
|
2920
|
-
|
|
2890
|
+
fiat_p256_cmovznz_u32(&x336, x333, x320, x304);
|
|
2891
|
+
uint32_t x337;
|
|
2892
|
+
fiat_p256_cmovznz_u32(&x337, x333, x322, x306);
|
|
2921
2893
|
uint32_t x338;
|
|
2922
|
-
|
|
2923
|
-
|
|
2894
|
+
fiat_p256_cmovznz_u32(&x338, x333, x324, x308);
|
|
2895
|
+
uint32_t x339;
|
|
2896
|
+
fiat_p256_cmovznz_u32(&x339, x333, x326, x310);
|
|
2924
2897
|
uint32_t x340;
|
|
2925
|
-
|
|
2926
|
-
|
|
2927
|
-
|
|
2928
|
-
|
|
2929
|
-
|
|
2930
|
-
|
|
2931
|
-
|
|
2932
|
-
|
|
2933
|
-
|
|
2934
|
-
|
|
2935
|
-
|
|
2936
|
-
uint32_t x348;
|
|
2937
|
-
fiat_p256_uint1 x349;
|
|
2938
|
-
fiat_p256_addcarryx_u32(&x348, &x349, x347, 0x0, x318);
|
|
2939
|
-
uint32_t x350;
|
|
2940
|
-
fiat_p256_uint1 x351;
|
|
2941
|
-
fiat_p256_addcarryx_u32(&x350, &x351, x349, 0x0, x320);
|
|
2942
|
-
uint32_t x352;
|
|
2943
|
-
fiat_p256_uint1 x353;
|
|
2944
|
-
fiat_p256_addcarryx_u32(&x352, &x353, x351, x310, x322);
|
|
2945
|
-
uint32_t x354;
|
|
2946
|
-
fiat_p256_uint1 x355;
|
|
2947
|
-
fiat_p256_addcarryx_u32(&x354, &x355, x353, x326, x324);
|
|
2948
|
-
uint32_t x356;
|
|
2949
|
-
fiat_p256_uint1 x357;
|
|
2950
|
-
fiat_p256_addcarryx_u32(&x356, &x357, x309, 0x0, 0x0);
|
|
2951
|
-
uint32_t x358;
|
|
2952
|
-
fiat_p256_uint1 x359;
|
|
2953
|
-
fiat_p256_addcarryx_u32(&x358, &x359, x325, 0x0, (fiat_p256_uint1)x356);
|
|
2954
|
-
uint32_t x360;
|
|
2955
|
-
fiat_p256_uint1 x361;
|
|
2956
|
-
fiat_p256_addcarryx_u32(&x360, &x361, x355, x327, x358);
|
|
2957
|
-
uint32_t x362;
|
|
2958
|
-
fiat_p256_uint1 x363;
|
|
2959
|
-
fiat_p256_subborrowx_u32(&x362, &x363, 0x0, x340, UINT32_C(0xffffffff));
|
|
2960
|
-
uint32_t x364;
|
|
2961
|
-
fiat_p256_uint1 x365;
|
|
2962
|
-
fiat_p256_subborrowx_u32(&x364, &x365, x363, x342, UINT32_C(0xffffffff));
|
|
2963
|
-
uint32_t x366;
|
|
2964
|
-
fiat_p256_uint1 x367;
|
|
2965
|
-
fiat_p256_subborrowx_u32(&x366, &x367, x365, x346, UINT32_C(0xffffffff));
|
|
2966
|
-
uint32_t x368;
|
|
2967
|
-
fiat_p256_uint1 x369;
|
|
2968
|
-
fiat_p256_subborrowx_u32(&x368, &x369, x367, x348, 0x0);
|
|
2969
|
-
uint32_t x370;
|
|
2970
|
-
fiat_p256_uint1 x371;
|
|
2971
|
-
fiat_p256_subborrowx_u32(&x370, &x371, x369, x350, 0x0);
|
|
2972
|
-
uint32_t x372;
|
|
2973
|
-
fiat_p256_uint1 x373;
|
|
2974
|
-
fiat_p256_subborrowx_u32(&x372, &x373, x371, x352, 0x0);
|
|
2975
|
-
uint32_t x374;
|
|
2976
|
-
fiat_p256_uint1 x375;
|
|
2977
|
-
fiat_p256_subborrowx_u32(&x374, &x375, x373, x354, 0x1);
|
|
2978
|
-
uint32_t x376;
|
|
2979
|
-
fiat_p256_uint1 x377;
|
|
2980
|
-
fiat_p256_subborrowx_u32(&x376, &x377, x375, x360, UINT32_C(0xffffffff));
|
|
2981
|
-
uint32_t x378;
|
|
2982
|
-
fiat_p256_uint1 x379;
|
|
2983
|
-
fiat_p256_addcarryx_u32(&x378, &x379, x361, 0x0, 0x0);
|
|
2984
|
-
uint32_t x380;
|
|
2985
|
-
fiat_p256_uint1 x381;
|
|
2986
|
-
fiat_p256_subborrowx_u32(&x380, &x381, x377, (fiat_p256_uint1)x378, 0x0);
|
|
2987
|
-
uint32_t x382;
|
|
2988
|
-
fiat_p256_cmovznz_u32(&x382, x381, x362, x340);
|
|
2989
|
-
uint32_t x383;
|
|
2990
|
-
fiat_p256_cmovznz_u32(&x383, x381, x364, x342);
|
|
2991
|
-
uint32_t x384;
|
|
2992
|
-
fiat_p256_cmovznz_u32(&x384, x381, x366, x346);
|
|
2993
|
-
uint32_t x385;
|
|
2994
|
-
fiat_p256_cmovznz_u32(&x385, x381, x368, x348);
|
|
2995
|
-
uint32_t x386;
|
|
2996
|
-
fiat_p256_cmovznz_u32(&x386, x381, x370, x350);
|
|
2997
|
-
uint32_t x387;
|
|
2998
|
-
fiat_p256_cmovznz_u32(&x387, x381, x372, x352);
|
|
2999
|
-
uint32_t x388;
|
|
3000
|
-
fiat_p256_cmovznz_u32(&x388, x381, x374, x354);
|
|
3001
|
-
uint32_t x389;
|
|
3002
|
-
fiat_p256_cmovznz_u32(&x389, x381, x376, x360);
|
|
3003
|
-
out1[0] = x382;
|
|
3004
|
-
out1[1] = x383;
|
|
3005
|
-
out1[2] = x384;
|
|
3006
|
-
out1[3] = x385;
|
|
3007
|
-
out1[4] = x386;
|
|
3008
|
-
out1[5] = x387;
|
|
3009
|
-
out1[6] = x388;
|
|
3010
|
-
out1[7] = x389;
|
|
2898
|
+
fiat_p256_cmovznz_u32(&x340, x333, x328, x312);
|
|
2899
|
+
uint32_t x341;
|
|
2900
|
+
fiat_p256_cmovznz_u32(&x341, x333, x330, x314);
|
|
2901
|
+
out1[0] = x334;
|
|
2902
|
+
out1[1] = x335;
|
|
2903
|
+
out1[2] = x336;
|
|
2904
|
+
out1[3] = x337;
|
|
2905
|
+
out1[4] = x338;
|
|
2906
|
+
out1[5] = x339;
|
|
2907
|
+
out1[6] = x340;
|
|
2908
|
+
out1[7] = x341;
|
|
3011
2909
|
}
|
|
3012
2910
|
|
|
3013
2911
|
/*
|
|
2912
|
+
* The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
|
|
2913
|
+
* Preconditions:
|
|
2914
|
+
* 0 ≤ eval arg1 < m
|
|
2915
|
+
* Postconditions:
|
|
2916
|
+
* out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
|
|
2917
|
+
*
|
|
3014
2918
|
* Input Bounds:
|
|
3015
2919
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
3016
2920
|
* Output Bounds:
|
|
@@ -3022,6 +2926,10 @@ static void fiat_p256_nonzero(uint32_t* out1, const uint32_t arg1[8]) {
|
|
|
3022
2926
|
}
|
|
3023
2927
|
|
|
3024
2928
|
/*
|
|
2929
|
+
* The function fiat_p256_selectznz is a multi-limb conditional select.
|
|
2930
|
+
* Postconditions:
|
|
2931
|
+
* eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
|
|
2932
|
+
*
|
|
3025
2933
|
* Input Bounds:
|
|
3026
2934
|
* arg1: [0x0 ~> 0x1]
|
|
3027
2935
|
* arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
@@ -3057,6 +2965,12 @@ static void fiat_p256_selectznz(uint32_t out1[8], fiat_p256_uint1 arg1, const ui
|
|
|
3057
2965
|
}
|
|
3058
2966
|
|
|
3059
2967
|
/*
|
|
2968
|
+
* The function fiat_p256_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order.
|
|
2969
|
+
* Preconditions:
|
|
2970
|
+
* 0 ≤ eval arg1 < m
|
|
2971
|
+
* Postconditions:
|
|
2972
|
+
* out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31]
|
|
2973
|
+
*
|
|
3060
2974
|
* Input Bounds:
|
|
3061
2975
|
* arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
3062
2976
|
* Output Bounds:
|
|
@@ -3161,6 +3075,13 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) {
|
|
|
3161
3075
|
}
|
|
3162
3076
|
|
|
3163
3077
|
/*
|
|
3078
|
+
* The function fiat_p256_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order.
|
|
3079
|
+
* Preconditions:
|
|
3080
|
+
* 0 ≤ bytes_eval arg1 < m
|
|
3081
|
+
* Postconditions:
|
|
3082
|
+
* eval out1 mod m = bytes_eval arg1 mod m
|
|
3083
|
+
* 0 ≤ eval out1 < m
|
|
3084
|
+
*
|
|
3164
3085
|
* Input Bounds:
|
|
3165
3086
|
* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
|
|
3166
3087
|
* Output Bounds:
|