grpc 1.28.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (497) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +7694 -11190
  3. data/include/grpc/grpc.h +2 -2
  4. data/include/grpc/grpc_security.h +22 -9
  5. data/include/grpc/grpc_security_constants.h +1 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +19 -21
  7. data/include/grpc/impl/codegen/port_platform.h +6 -2
  8. data/include/grpc/module.modulemap +24 -39
  9. data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +203 -236
  11. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  12. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
  13. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  14. data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
  15. data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
  16. data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
  17. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
  20. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  26. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
  28. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  29. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  34. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
  35. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  36. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  37. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  38. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
  40. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  48. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
  49. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
  50. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  51. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
  53. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  54. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
  55. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  56. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
  57. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
  58. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
  59. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
  60. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  61. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  62. data/src/core/ext/filters/client_channel/service_config.cc +104 -144
  63. data/src/core/ext/filters/client_channel/service_config.h +28 -98
  64. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  65. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  66. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  67. data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
  68. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  69. data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
  70. data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
  71. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
  72. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
  73. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
  74. data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
  75. data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
  76. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
  77. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
  78. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
  79. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  80. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  81. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  82. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  83. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  84. data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
  85. data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
  86. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
  87. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
  89. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  90. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  91. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  92. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  93. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  94. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  95. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  96. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  97. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  98. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  99. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  100. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  101. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  102. data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
  103. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  104. data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
  105. data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
  106. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
  107. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
  108. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  109. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  110. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  111. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  112. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  113. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  114. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
  115. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
  116. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
  117. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
  118. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
  119. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
  120. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
  121. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  122. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  123. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
  124. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
  125. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
  126. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  127. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  128. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
  129. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
  130. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
  131. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
  133. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
  134. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
  137. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
  138. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
  139. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
  140. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
  141. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
  142. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
  144. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
  145. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
  146. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
  147. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
  148. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
  151. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
  152. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
  153. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
  154. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
  156. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
  157. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
  158. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
  159. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
  160. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  161. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  162. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  163. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  164. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
  165. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  166. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
  167. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
  168. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
  169. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
  170. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  171. data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
  172. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
  173. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
  174. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
  175. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
  176. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  177. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  178. data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
  179. data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
  180. data/src/core/lib/channel/channel_args.cc +15 -14
  181. data/src/core/lib/channel/channel_args.h +3 -1
  182. data/src/core/lib/channel/channel_stack.h +20 -13
  183. data/src/core/lib/channel/channelz.cc +5 -6
  184. data/src/core/lib/channel/channelz.h +3 -2
  185. data/src/core/lib/channel/channelz_registry.cc +5 -3
  186. data/src/core/lib/channel/connected_channel.cc +7 -5
  187. data/src/core/lib/channel/context.h +1 -1
  188. data/src/core/lib/channel/handshaker.cc +11 -13
  189. data/src/core/lib/channel/handshaker.h +4 -2
  190. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  191. data/src/core/lib/channel/status_util.cc +2 -3
  192. data/src/core/lib/compression/message_compress.cc +5 -1
  193. data/src/core/lib/debug/stats.cc +21 -27
  194. data/src/core/lib/debug/stats.h +3 -1
  195. data/src/core/lib/gpr/spinlock.h +2 -3
  196. data/src/core/lib/gpr/string.cc +2 -26
  197. data/src/core/lib/gpr/string.h +0 -16
  198. data/src/core/lib/gpr/sync_abseil.cc +2 -0
  199. data/src/core/lib/gpr/time.cc +4 -0
  200. data/src/core/lib/gpr/time_posix.cc +1 -1
  201. data/src/core/lib/gprpp/atomic.h +6 -6
  202. data/src/core/lib/gprpp/fork.cc +1 -1
  203. data/src/core/lib/gprpp/host_port.cc +29 -35
  204. data/src/core/lib/gprpp/host_port.h +14 -17
  205. data/src/core/lib/gprpp/map.h +5 -11
  206. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  207. data/src/core/lib/http/format_request.cc +46 -65
  208. data/src/core/lib/http/httpcli.cc +2 -3
  209. data/src/core/lib/http/httpcli.h +2 -3
  210. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  211. data/src/core/lib/http/parser.h +2 -3
  212. data/src/core/lib/iomgr/buffer_list.h +22 -21
  213. data/src/core/lib/iomgr/call_combiner.h +3 -2
  214. data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
  215. data/src/core/lib/iomgr/closure.h +2 -3
  216. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  217. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  218. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  219. data/src/core/lib/iomgr/error.cc +6 -9
  220. data/src/core/lib/iomgr/error.h +0 -1
  221. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  222. data/src/core/lib/iomgr/ev_apple.h +43 -0
  223. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
  224. data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
  225. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
  226. data/src/core/lib/iomgr/ev_posix.cc +2 -3
  227. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  228. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  229. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  230. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  231. data/src/core/lib/iomgr/port.h +1 -0
  232. data/src/core/lib/iomgr/python_util.h +46 -0
  233. data/src/core/lib/iomgr/resolve_address.h +4 -6
  234. data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
  235. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  236. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  237. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
  238. data/src/core/lib/iomgr/resource_quota.cc +4 -6
  239. data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
  240. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  241. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  242. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  243. data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
  244. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  245. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
  246. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
  247. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  248. data/src/core/lib/iomgr/tcp_custom.cc +2 -3
  249. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
  250. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
  251. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
  252. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  253. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  254. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  255. data/src/core/lib/iomgr/timer_generic.cc +2 -3
  256. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  257. data/src/core/lib/iomgr/timer_heap.h +2 -3
  258. data/src/core/lib/iomgr/udp_server.cc +9 -14
  259. data/src/core/lib/json/json.h +3 -2
  260. data/src/core/lib/json/json_reader.cc +5 -5
  261. data/src/core/lib/json/json_writer.cc +13 -12
  262. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  263. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  264. data/src/core/lib/security/credentials/credentials.cc +0 -84
  265. data/src/core/lib/security/credentials/credentials.h +8 -59
  266. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  267. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
  268. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  269. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  270. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  271. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  272. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  273. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
  274. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  275. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
  276. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
  277. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
  278. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  279. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
  280. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
  281. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
  282. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
  283. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  284. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  285. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  286. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
  287. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
  288. data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
  289. data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
  290. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
  291. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
  292. data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
  293. data/src/core/lib/slice/slice_intern.cc +2 -3
  294. data/src/core/lib/slice/slice_internal.h +14 -0
  295. data/src/core/lib/slice/slice_utils.h +9 -0
  296. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  297. data/src/core/lib/surface/call.cc +2 -3
  298. data/src/core/lib/surface/call_log_batch.cc +50 -58
  299. data/src/core/lib/surface/channel.cc +53 -31
  300. data/src/core/lib/surface/channel.h +35 -4
  301. data/src/core/lib/surface/channel_ping.cc +2 -3
  302. data/src/core/lib/surface/completion_queue.cc +33 -33
  303. data/src/core/lib/surface/event_string.cc +18 -25
  304. data/src/core/lib/surface/event_string.h +3 -1
  305. data/src/core/lib/surface/init_secure.cc +1 -4
  306. data/src/core/lib/surface/server.cc +570 -369
  307. data/src/core/lib/surface/server.h +32 -0
  308. data/src/core/lib/surface/version.cc +2 -2
  309. data/src/core/lib/transport/byte_stream.h +7 -2
  310. data/src/core/lib/transport/connectivity_state.cc +7 -6
  311. data/src/core/lib/transport/connectivity_state.h +5 -3
  312. data/src/core/lib/transport/metadata.cc +3 -3
  313. data/src/core/lib/transport/metadata_batch.h +2 -3
  314. data/src/core/lib/transport/static_metadata.h +1 -1
  315. data/src/core/lib/transport/status_conversion.cc +6 -14
  316. data/src/core/lib/transport/transport.cc +2 -3
  317. data/src/core/lib/transport/transport.h +3 -2
  318. data/src/core/lib/transport/transport_op_string.cc +61 -102
  319. data/src/core/lib/uri/uri_parser.h +2 -3
  320. data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
  321. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  322. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
  323. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  324. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
  325. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  326. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  327. data/src/core/tsi/fake_transport_security.cc +10 -15
  328. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  329. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  330. data/src/core/tsi/ssl_transport_security.cc +52 -39
  331. data/src/core/tsi/ssl_transport_security.h +8 -8
  332. data/src/core/tsi/ssl_types.h +0 -2
  333. data/src/core/tsi/transport_security.h +6 -9
  334. data/src/core/tsi/transport_security_grpc.h +2 -3
  335. data/src/core/tsi/transport_security_interface.h +3 -3
  336. data/src/ruby/ext/grpc/rb_call.c +9 -1
  337. data/src/ruby/lib/grpc/errors.rb +103 -42
  338. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  339. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  340. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  341. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  342. data/src/ruby/lib/grpc/structs.rb +1 -1
  343. data/src/ruby/lib/grpc/version.rb +1 -1
  344. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  345. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
  346. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  347. data/src/ruby/spec/debug_message_spec.rb +134 -0
  348. data/src/ruby/spec/generic/service_spec.rb +2 -0
  349. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
  350. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
  351. data/src/ruby/spec/testdata/ca.pem +18 -13
  352. data/src/ruby/spec/testdata/client.key +26 -14
  353. data/src/ruby/spec/testdata/client.pem +18 -12
  354. data/src/ruby/spec/testdata/server1.key +26 -14
  355. data/src/ruby/spec/testdata/server1.pem +20 -14
  356. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  357. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  358. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  359. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  360. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  361. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  362. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  363. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  364. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  365. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  366. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  367. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  368. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  369. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  370. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  371. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  372. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  373. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  374. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  375. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  376. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  377. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  378. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  379. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  380. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  381. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  382. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  383. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  384. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  385. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  386. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  387. data/third_party/boringssl-with-bazel/err_data.c +329 -297
  388. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  389. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
  390. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  391. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  392. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  393. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  394. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  395. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  396. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
  397. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  399. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  400. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  401. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  403. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  437. data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
  438. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  439. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  440. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  442. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  445. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  446. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
  447. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
  449. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
  450. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
  451. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
  452. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  453. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  454. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  455. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  456. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  457. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
  458. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  459. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  460. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
  461. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
  462. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  463. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
  464. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  465. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  466. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  467. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  468. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
  469. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
  470. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
  471. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
  472. data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
  473. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  474. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  475. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  476. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
  477. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
  478. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
  479. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  480. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
  481. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  482. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
  483. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
  484. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
  485. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
  486. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
  487. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
  488. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  489. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  490. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  491. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  492. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  493. metadata +111 -37
  494. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
  495. data/src/core/lib/gprpp/string_view.h +0 -60
  496. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  497. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -1,6 +1,6 @@
1
- /* Autogenerated */
1
+ /* Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --static p256 '2^256 - 2^224 + 2^192 + 2^96 - 1' 64 mul square add sub opp from_montgomery nonzero selectznz to_bytes from_bytes */
2
2
  /* curve description: p256 */
3
- /* requested operations: (all) */
3
+ /* requested operations: mul, square, add, sub, opp, from_montgomery, nonzero, selectznz, to_bytes, from_bytes */
4
4
  /* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */
5
5
  /* machine_wordsize = 64 (from "64") */
6
6
  /* */
@@ -17,8 +17,17 @@ typedef signed char fiat_p256_int1;
17
17
  typedef signed __int128 fiat_p256_int128;
18
18
  typedef unsigned __int128 fiat_p256_uint128;
19
19
 
20
+ #if (-1 & 3) != 3
21
+ #error "This code only works on a two's complement system"
22
+ #endif
23
+
20
24
 
21
25
  /*
26
+ * The function fiat_p256_addcarryx_u64 is an addition with carry.
27
+ * Postconditions:
28
+ * out1 = (arg1 + arg2 + arg3) mod 2^64
29
+ * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋
30
+ *
22
31
  * Input Bounds:
23
32
  * arg1: [0x0 ~> 0x1]
24
33
  * arg2: [0x0 ~> 0xffffffffffffffff]
@@ -36,6 +45,11 @@ static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_
36
45
  }
37
46
 
38
47
  /*
48
+ * The function fiat_p256_subborrowx_u64 is a subtraction with borrow.
49
+ * Postconditions:
50
+ * out1 = (-arg1 + arg2 + -arg3) mod 2^64
51
+ * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋
52
+ *
39
53
  * Input Bounds:
40
54
  * arg1: [0x0 ~> 0x1]
41
55
  * arg2: [0x0 ~> 0xffffffffffffffff]
@@ -53,6 +67,11 @@ static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat
53
67
  }
54
68
 
55
69
  /*
70
+ * The function fiat_p256_mulx_u64 is a multiplication, returning the full double-width result.
71
+ * Postconditions:
72
+ * out1 = (arg1 * arg2) mod 2^64
73
+ * out2 = ⌊arg1 * arg2 / 2^64⌋
74
+ *
56
75
  * Input Bounds:
57
76
  * arg1: [0x0 ~> 0xffffffffffffffff]
58
77
  * arg2: [0x0 ~> 0xffffffffffffffff]
@@ -69,6 +88,10 @@ static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui
69
88
  }
70
89
 
71
90
  /*
91
+ * The function fiat_p256_cmovznz_u64 is a single-word conditional move.
92
+ * Postconditions:
93
+ * out1 = (if arg1 = 0 then arg2 else arg3)
94
+ *
72
95
  * Input Bounds:
73
96
  * arg1: [0x0 ~> 0x1]
74
97
  * arg2: [0x0 ~> 0xffffffffffffffff]
@@ -90,6 +113,14 @@ static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t
90
113
  }
91
114
 
92
115
  /*
116
+ * The function fiat_p256_mul multiplies two field elements in the Montgomery domain.
117
+ * Preconditions:
118
+ * 0 ≤ eval arg1 < m
119
+ * 0 ≤ eval arg2 < m
120
+ * Postconditions:
121
+ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
122
+ * 0 ≤ eval out1 < m
123
+ *
93
124
  * Input Bounds:
94
125
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
95
126
  * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
@@ -115,295 +146,277 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64
115
146
  fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0]));
116
147
  uint64_t x13;
117
148
  fiat_p256_uint1 x14;
118
- fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x9, x12);
149
+ fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
119
150
  uint64_t x15;
120
151
  fiat_p256_uint1 x16;
121
- fiat_p256_addcarryx_u64(&x15, &x16, x14, x7, x10);
152
+ fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
122
153
  uint64_t x17;
123
154
  fiat_p256_uint1 x18;
124
- fiat_p256_addcarryx_u64(&x17, &x18, x16, x5, x8);
125
- uint64_t x19;
126
- fiat_p256_uint1 x20;
127
- fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6);
155
+ fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
156
+ uint64_t x19 = (x18 + x6);
157
+ uint64_t x20;
128
158
  uint64_t x21;
159
+ fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
129
160
  uint64_t x22;
130
- fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001));
131
161
  uint64_t x23;
162
+ fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
132
163
  uint64_t x24;
133
- fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff));
134
164
  uint64_t x25;
165
+ fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
135
166
  uint64_t x26;
136
- fiat_p256_mulx_u64(&x25, &x26, x11, UINT64_C(0xffffffffffffffff));
137
- uint64_t x27;
138
- fiat_p256_uint1 x28;
139
- fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26);
167
+ fiat_p256_uint1 x27;
168
+ fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22);
169
+ uint64_t x28 = (x27 + x23);
140
170
  uint64_t x29;
141
171
  fiat_p256_uint1 x30;
142
- fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24);
172
+ fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
143
173
  uint64_t x31;
144
174
  fiat_p256_uint1 x32;
145
- fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11);
175
+ fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
146
176
  uint64_t x33;
147
177
  fiat_p256_uint1 x34;
148
- fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13);
178
+ fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
149
179
  uint64_t x35;
150
180
  fiat_p256_uint1 x36;
151
- fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15);
181
+ fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
152
182
  uint64_t x37;
153
183
  fiat_p256_uint1 x38;
154
- fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17);
184
+ fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
155
185
  uint64_t x39;
156
- fiat_p256_uint1 x40;
157
- fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19);
186
+ uint64_t x40;
187
+ fiat_p256_mulx_u64(&x39, &x40, x1, (arg2[3]));
158
188
  uint64_t x41;
159
- fiat_p256_uint1 x42;
160
- fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0);
189
+ uint64_t x42;
190
+ fiat_p256_mulx_u64(&x41, &x42, x1, (arg2[2]));
161
191
  uint64_t x43;
162
192
  uint64_t x44;
163
- fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[3]));
193
+ fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[1]));
164
194
  uint64_t x45;
165
195
  uint64_t x46;
166
- fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[2]));
196
+ fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[0]));
167
197
  uint64_t x47;
168
- uint64_t x48;
169
- fiat_p256_mulx_u64(&x47, &x48, x1, (arg2[1]));
198
+ fiat_p256_uint1 x48;
199
+ fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
170
200
  uint64_t x49;
171
- uint64_t x50;
172
- fiat_p256_mulx_u64(&x49, &x50, x1, (arg2[0]));
201
+ fiat_p256_uint1 x50;
202
+ fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
173
203
  uint64_t x51;
174
204
  fiat_p256_uint1 x52;
175
- fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50);
176
- uint64_t x53;
177
- fiat_p256_uint1 x54;
178
- fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48);
179
- uint64_t x55;
180
- fiat_p256_uint1 x56;
181
- fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46);
182
- uint64_t x57;
183
- fiat_p256_uint1 x58;
184
- fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44);
185
- uint64_t x59;
186
- fiat_p256_uint1 x60;
187
- fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33);
188
- uint64_t x61;
189
- fiat_p256_uint1 x62;
190
- fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35);
191
- uint64_t x63;
192
- fiat_p256_uint1 x64;
193
- fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37);
205
+ fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39);
206
+ uint64_t x53 = (x52 + x40);
207
+ uint64_t x54;
208
+ fiat_p256_uint1 x55;
209
+ fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
210
+ uint64_t x56;
211
+ fiat_p256_uint1 x57;
212
+ fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
213
+ uint64_t x58;
214
+ fiat_p256_uint1 x59;
215
+ fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
216
+ uint64_t x60;
217
+ fiat_p256_uint1 x61;
218
+ fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
219
+ uint64_t x62;
220
+ fiat_p256_uint1 x63;
221
+ fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
222
+ uint64_t x64;
194
223
  uint64_t x65;
195
- fiat_p256_uint1 x66;
196
- fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39);
224
+ fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
225
+ uint64_t x66;
197
226
  uint64_t x67;
198
- fiat_p256_uint1 x68;
199
- fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41);
227
+ fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
228
+ uint64_t x68;
200
229
  uint64_t x69;
230
+ fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
201
231
  uint64_t x70;
202
- fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001));
203
- uint64_t x71;
204
- uint64_t x72;
205
- fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff));
232
+ fiat_p256_uint1 x71;
233
+ fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66);
234
+ uint64_t x72 = (x71 + x67);
206
235
  uint64_t x73;
207
- uint64_t x74;
208
- fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff));
236
+ fiat_p256_uint1 x74;
237
+ fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
209
238
  uint64_t x75;
210
239
  fiat_p256_uint1 x76;
211
- fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74);
240
+ fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
212
241
  uint64_t x77;
213
242
  fiat_p256_uint1 x78;
214
- fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72);
243
+ fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
215
244
  uint64_t x79;
216
245
  fiat_p256_uint1 x80;
217
- fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59);
246
+ fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
218
247
  uint64_t x81;
219
248
  fiat_p256_uint1 x82;
220
- fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61);
221
- uint64_t x83;
222
- fiat_p256_uint1 x84;
223
- fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63);
249
+ fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65);
250
+ uint64_t x83 = ((uint64_t)x82 + x63);
251
+ uint64_t x84;
224
252
  uint64_t x85;
225
- fiat_p256_uint1 x86;
226
- fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65);
253
+ fiat_p256_mulx_u64(&x84, &x85, x2, (arg2[3]));
254
+ uint64_t x86;
227
255
  uint64_t x87;
228
- fiat_p256_uint1 x88;
229
- fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67);
256
+ fiat_p256_mulx_u64(&x86, &x87, x2, (arg2[2]));
257
+ uint64_t x88;
230
258
  uint64_t x89;
231
- fiat_p256_uint1 x90;
232
- fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68);
259
+ fiat_p256_mulx_u64(&x88, &x89, x2, (arg2[1]));
260
+ uint64_t x90;
233
261
  uint64_t x91;
262
+ fiat_p256_mulx_u64(&x90, &x91, x2, (arg2[0]));
234
263
  uint64_t x92;
235
- fiat_p256_mulx_u64(&x91, &x92, x2, (arg2[3]));
236
- uint64_t x93;
264
+ fiat_p256_uint1 x93;
265
+ fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
237
266
  uint64_t x94;
238
- fiat_p256_mulx_u64(&x93, &x94, x2, (arg2[2]));
239
- uint64_t x95;
267
+ fiat_p256_uint1 x95;
268
+ fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
240
269
  uint64_t x96;
241
- fiat_p256_mulx_u64(&x95, &x96, x2, (arg2[1]));
242
- uint64_t x97;
243
- uint64_t x98;
244
- fiat_p256_mulx_u64(&x97, &x98, x2, (arg2[0]));
270
+ fiat_p256_uint1 x97;
271
+ fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84);
272
+ uint64_t x98 = (x97 + x85);
245
273
  uint64_t x99;
246
274
  fiat_p256_uint1 x100;
247
- fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98);
275
+ fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
248
276
  uint64_t x101;
249
277
  fiat_p256_uint1 x102;
250
- fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96);
278
+ fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
251
279
  uint64_t x103;
252
280
  fiat_p256_uint1 x104;
253
- fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94);
281
+ fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
254
282
  uint64_t x105;
255
283
  fiat_p256_uint1 x106;
256
- fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92);
284
+ fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
257
285
  uint64_t x107;
258
286
  fiat_p256_uint1 x108;
259
- fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81);
287
+ fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
260
288
  uint64_t x109;
261
- fiat_p256_uint1 x110;
262
- fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83);
289
+ uint64_t x110;
290
+ fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
263
291
  uint64_t x111;
264
- fiat_p256_uint1 x112;
265
- fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85);
292
+ uint64_t x112;
293
+ fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
266
294
  uint64_t x113;
267
- fiat_p256_uint1 x114;
268
- fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87);
295
+ uint64_t x114;
296
+ fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
269
297
  uint64_t x115;
270
298
  fiat_p256_uint1 x116;
271
- fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89);
272
- uint64_t x117;
299
+ fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111);
300
+ uint64_t x117 = (x116 + x112);
273
301
  uint64_t x118;
274
- fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001));
275
- uint64_t x119;
302
+ fiat_p256_uint1 x119;
303
+ fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
276
304
  uint64_t x120;
277
- fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff));
278
- uint64_t x121;
305
+ fiat_p256_uint1 x121;
306
+ fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
279
307
  uint64_t x122;
280
- fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff));
281
- uint64_t x123;
282
- fiat_p256_uint1 x124;
283
- fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122);
284
- uint64_t x125;
285
- fiat_p256_uint1 x126;
286
- fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120);
287
- uint64_t x127;
288
- fiat_p256_uint1 x128;
289
- fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107);
308
+ fiat_p256_uint1 x123;
309
+ fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
310
+ uint64_t x124;
311
+ fiat_p256_uint1 x125;
312
+ fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
313
+ uint64_t x126;
314
+ fiat_p256_uint1 x127;
315
+ fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110);
316
+ uint64_t x128 = ((uint64_t)x127 + x108);
290
317
  uint64_t x129;
291
- fiat_p256_uint1 x130;
292
- fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109);
318
+ uint64_t x130;
319
+ fiat_p256_mulx_u64(&x129, &x130, x3, (arg2[3]));
293
320
  uint64_t x131;
294
- fiat_p256_uint1 x132;
295
- fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111);
321
+ uint64_t x132;
322
+ fiat_p256_mulx_u64(&x131, &x132, x3, (arg2[2]));
296
323
  uint64_t x133;
297
- fiat_p256_uint1 x134;
298
- fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113);
324
+ uint64_t x134;
325
+ fiat_p256_mulx_u64(&x133, &x134, x3, (arg2[1]));
299
326
  uint64_t x135;
300
- fiat_p256_uint1 x136;
301
- fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115);
327
+ uint64_t x136;
328
+ fiat_p256_mulx_u64(&x135, &x136, x3, (arg2[0]));
302
329
  uint64_t x137;
303
330
  fiat_p256_uint1 x138;
304
- fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116);
331
+ fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
305
332
  uint64_t x139;
306
- uint64_t x140;
307
- fiat_p256_mulx_u64(&x139, &x140, x3, (arg2[3]));
333
+ fiat_p256_uint1 x140;
334
+ fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
308
335
  uint64_t x141;
309
- uint64_t x142;
310
- fiat_p256_mulx_u64(&x141, &x142, x3, (arg2[2]));
311
- uint64_t x143;
336
+ fiat_p256_uint1 x142;
337
+ fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129);
338
+ uint64_t x143 = (x142 + x130);
312
339
  uint64_t x144;
313
- fiat_p256_mulx_u64(&x143, &x144, x3, (arg2[1]));
314
- uint64_t x145;
340
+ fiat_p256_uint1 x145;
341
+ fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
315
342
  uint64_t x146;
316
- fiat_p256_mulx_u64(&x145, &x146, x3, (arg2[0]));
317
- uint64_t x147;
318
- fiat_p256_uint1 x148;
319
- fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146);
320
- uint64_t x149;
321
- fiat_p256_uint1 x150;
322
- fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144);
323
- uint64_t x151;
324
- fiat_p256_uint1 x152;
325
- fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142);
326
- uint64_t x153;
327
- fiat_p256_uint1 x154;
328
- fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140);
343
+ fiat_p256_uint1 x147;
344
+ fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
345
+ uint64_t x148;
346
+ fiat_p256_uint1 x149;
347
+ fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
348
+ uint64_t x150;
349
+ fiat_p256_uint1 x151;
350
+ fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
351
+ uint64_t x152;
352
+ fiat_p256_uint1 x153;
353
+ fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
354
+ uint64_t x154;
329
355
  uint64_t x155;
330
- fiat_p256_uint1 x156;
331
- fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129);
356
+ fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
357
+ uint64_t x156;
332
358
  uint64_t x157;
333
- fiat_p256_uint1 x158;
334
- fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131);
359
+ fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
360
+ uint64_t x158;
335
361
  uint64_t x159;
336
- fiat_p256_uint1 x160;
337
- fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133);
338
- uint64_t x161;
339
- fiat_p256_uint1 x162;
340
- fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135);
362
+ fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
363
+ uint64_t x160;
364
+ fiat_p256_uint1 x161;
365
+ fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156);
366
+ uint64_t x162 = (x161 + x157);
341
367
  uint64_t x163;
342
368
  fiat_p256_uint1 x164;
343
- fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137);
369
+ fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
344
370
  uint64_t x165;
345
- uint64_t x166;
346
- fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001));
371
+ fiat_p256_uint1 x166;
372
+ fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
347
373
  uint64_t x167;
348
- uint64_t x168;
349
- fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff));
374
+ fiat_p256_uint1 x168;
375
+ fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
350
376
  uint64_t x169;
351
- uint64_t x170;
352
- fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff));
377
+ fiat_p256_uint1 x170;
378
+ fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
353
379
  uint64_t x171;
354
380
  fiat_p256_uint1 x172;
355
- fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170);
356
- uint64_t x173;
357
- fiat_p256_uint1 x174;
358
- fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168);
359
- uint64_t x175;
360
- fiat_p256_uint1 x176;
361
- fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155);
362
- uint64_t x177;
363
- fiat_p256_uint1 x178;
364
- fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157);
365
- uint64_t x179;
366
- fiat_p256_uint1 x180;
367
- fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159);
368
- uint64_t x181;
369
- fiat_p256_uint1 x182;
370
- fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161);
371
- uint64_t x183;
372
- fiat_p256_uint1 x184;
373
- fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163);
381
+ fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155);
382
+ uint64_t x173 = ((uint64_t)x172 + x153);
383
+ uint64_t x174;
384
+ fiat_p256_uint1 x175;
385
+ fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
386
+ uint64_t x176;
387
+ fiat_p256_uint1 x177;
388
+ fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
389
+ uint64_t x178;
390
+ fiat_p256_uint1 x179;
391
+ fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
392
+ uint64_t x180;
393
+ fiat_p256_uint1 x181;
394
+ fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
395
+ uint64_t x182;
396
+ fiat_p256_uint1 x183;
397
+ fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
398
+ uint64_t x184;
399
+ fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
374
400
  uint64_t x185;
375
- fiat_p256_uint1 x186;
376
- fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164);
401
+ fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
402
+ uint64_t x186;
403
+ fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
377
404
  uint64_t x187;
378
- fiat_p256_uint1 x188;
379
- fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff));
380
- uint64_t x189;
381
- fiat_p256_uint1 x190;
382
- fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff));
383
- uint64_t x191;
384
- fiat_p256_uint1 x192;
385
- fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0);
386
- uint64_t x193;
387
- fiat_p256_uint1 x194;
388
- fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001));
389
- uint64_t x195;
390
- fiat_p256_uint1 x196;
391
- fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0);
392
- uint64_t x197;
393
- fiat_p256_cmovznz_u64(&x197, x196, x187, x177);
394
- uint64_t x198;
395
- fiat_p256_cmovznz_u64(&x198, x196, x189, x179);
396
- uint64_t x199;
397
- fiat_p256_cmovznz_u64(&x199, x196, x191, x181);
398
- uint64_t x200;
399
- fiat_p256_cmovznz_u64(&x200, x196, x193, x183);
400
- out1[0] = x197;
401
- out1[1] = x198;
402
- out1[2] = x199;
403
- out1[3] = x200;
405
+ fiat_p256_cmovznz_u64(&x187, x183, x180, x171);
406
+ out1[0] = x184;
407
+ out1[1] = x185;
408
+ out1[2] = x186;
409
+ out1[3] = x187;
404
410
  }
405
411
 
406
412
  /*
413
+ * The function fiat_p256_square squares a field element in the Montgomery domain.
414
+ * Preconditions:
415
+ * 0 ≤ eval arg1 < m
416
+ * Postconditions:
417
+ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
418
+ * 0 ≤ eval out1 < m
419
+ *
407
420
  * Input Bounds:
408
421
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
409
422
  * Output Bounds:
@@ -428,295 +441,278 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
428
441
  fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0]));
429
442
  uint64_t x13;
430
443
  fiat_p256_uint1 x14;
431
- fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x9, x12);
444
+ fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
432
445
  uint64_t x15;
433
446
  fiat_p256_uint1 x16;
434
- fiat_p256_addcarryx_u64(&x15, &x16, x14, x7, x10);
447
+ fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
435
448
  uint64_t x17;
436
449
  fiat_p256_uint1 x18;
437
- fiat_p256_addcarryx_u64(&x17, &x18, x16, x5, x8);
438
- uint64_t x19;
439
- fiat_p256_uint1 x20;
440
- fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6);
450
+ fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
451
+ uint64_t x19 = (x18 + x6);
452
+ uint64_t x20;
441
453
  uint64_t x21;
454
+ fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
442
455
  uint64_t x22;
443
- fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001));
444
456
  uint64_t x23;
457
+ fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
445
458
  uint64_t x24;
446
- fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff));
447
459
  uint64_t x25;
460
+ fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
448
461
  uint64_t x26;
449
- fiat_p256_mulx_u64(&x25, &x26, x11, UINT64_C(0xffffffffffffffff));
450
- uint64_t x27;
451
- fiat_p256_uint1 x28;
452
- fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26);
462
+ fiat_p256_uint1 x27;
463
+ fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22);
464
+ uint64_t x28 = (x27 + x23);
453
465
  uint64_t x29;
454
466
  fiat_p256_uint1 x30;
455
- fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24);
467
+ fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
456
468
  uint64_t x31;
457
469
  fiat_p256_uint1 x32;
458
- fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11);
470
+ fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
459
471
  uint64_t x33;
460
472
  fiat_p256_uint1 x34;
461
- fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13);
473
+ fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
462
474
  uint64_t x35;
463
475
  fiat_p256_uint1 x36;
464
- fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15);
476
+ fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
465
477
  uint64_t x37;
466
478
  fiat_p256_uint1 x38;
467
- fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17);
479
+ fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
468
480
  uint64_t x39;
469
- fiat_p256_uint1 x40;
470
- fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19);
481
+ uint64_t x40;
482
+ fiat_p256_mulx_u64(&x39, &x40, x1, (arg1[3]));
471
483
  uint64_t x41;
472
- fiat_p256_uint1 x42;
473
- fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0);
484
+ uint64_t x42;
485
+ fiat_p256_mulx_u64(&x41, &x42, x1, (arg1[2]));
474
486
  uint64_t x43;
475
487
  uint64_t x44;
476
- fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[3]));
488
+ fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[1]));
477
489
  uint64_t x45;
478
490
  uint64_t x46;
479
- fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[2]));
491
+ fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[0]));
480
492
  uint64_t x47;
481
- uint64_t x48;
482
- fiat_p256_mulx_u64(&x47, &x48, x1, (arg1[1]));
493
+ fiat_p256_uint1 x48;
494
+ fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
483
495
  uint64_t x49;
484
- uint64_t x50;
485
- fiat_p256_mulx_u64(&x49, &x50, x1, (arg1[0]));
496
+ fiat_p256_uint1 x50;
497
+ fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
486
498
  uint64_t x51;
487
499
  fiat_p256_uint1 x52;
488
- fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50);
489
- uint64_t x53;
490
- fiat_p256_uint1 x54;
491
- fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48);
492
- uint64_t x55;
493
- fiat_p256_uint1 x56;
494
- fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46);
495
- uint64_t x57;
496
- fiat_p256_uint1 x58;
497
- fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44);
498
- uint64_t x59;
499
- fiat_p256_uint1 x60;
500
- fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33);
501
- uint64_t x61;
502
- fiat_p256_uint1 x62;
503
- fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35);
504
- uint64_t x63;
505
- fiat_p256_uint1 x64;
506
- fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37);
500
+ fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39);
501
+ uint64_t x53 = (x52 + x40);
502
+ uint64_t x54;
503
+ fiat_p256_uint1 x55;
504
+ fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
505
+ uint64_t x56;
506
+ fiat_p256_uint1 x57;
507
+ fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
508
+ uint64_t x58;
509
+ fiat_p256_uint1 x59;
510
+ fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
511
+ uint64_t x60;
512
+ fiat_p256_uint1 x61;
513
+ fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
514
+ uint64_t x62;
515
+ fiat_p256_uint1 x63;
516
+ fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
517
+ uint64_t x64;
507
518
  uint64_t x65;
508
- fiat_p256_uint1 x66;
509
- fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39);
519
+ fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
520
+ uint64_t x66;
510
521
  uint64_t x67;
511
- fiat_p256_uint1 x68;
512
- fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41);
522
+ fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
523
+ uint64_t x68;
513
524
  uint64_t x69;
525
+ fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
514
526
  uint64_t x70;
515
- fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001));
516
- uint64_t x71;
517
- uint64_t x72;
518
- fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff));
527
+ fiat_p256_uint1 x71;
528
+ fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66);
529
+ uint64_t x72 = (x71 + x67);
519
530
  uint64_t x73;
520
- uint64_t x74;
521
- fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff));
531
+ fiat_p256_uint1 x74;
532
+ fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
522
533
  uint64_t x75;
523
534
  fiat_p256_uint1 x76;
524
- fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74);
535
+ fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
525
536
  uint64_t x77;
526
537
  fiat_p256_uint1 x78;
527
- fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72);
538
+ fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
528
539
  uint64_t x79;
529
540
  fiat_p256_uint1 x80;
530
- fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59);
541
+ fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
531
542
  uint64_t x81;
532
543
  fiat_p256_uint1 x82;
533
- fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61);
534
- uint64_t x83;
535
- fiat_p256_uint1 x84;
536
- fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63);
544
+ fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65);
545
+ uint64_t x83 = ((uint64_t)x82 + x63);
546
+ uint64_t x84;
537
547
  uint64_t x85;
538
- fiat_p256_uint1 x86;
539
- fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65);
548
+ fiat_p256_mulx_u64(&x84, &x85, x2, (arg1[3]));
549
+ uint64_t x86;
540
550
  uint64_t x87;
541
- fiat_p256_uint1 x88;
542
- fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67);
551
+ fiat_p256_mulx_u64(&x86, &x87, x2, (arg1[2]));
552
+ uint64_t x88;
543
553
  uint64_t x89;
544
- fiat_p256_uint1 x90;
545
- fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68);
554
+ fiat_p256_mulx_u64(&x88, &x89, x2, (arg1[1]));
555
+ uint64_t x90;
546
556
  uint64_t x91;
557
+ fiat_p256_mulx_u64(&x90, &x91, x2, (arg1[0]));
547
558
  uint64_t x92;
548
- fiat_p256_mulx_u64(&x91, &x92, x2, (arg1[3]));
549
- uint64_t x93;
559
+ fiat_p256_uint1 x93;
560
+ fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
550
561
  uint64_t x94;
551
- fiat_p256_mulx_u64(&x93, &x94, x2, (arg1[2]));
552
- uint64_t x95;
562
+ fiat_p256_uint1 x95;
563
+ fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
553
564
  uint64_t x96;
554
- fiat_p256_mulx_u64(&x95, &x96, x2, (arg1[1]));
555
- uint64_t x97;
556
- uint64_t x98;
557
- fiat_p256_mulx_u64(&x97, &x98, x2, (arg1[0]));
565
+ fiat_p256_uint1 x97;
566
+ fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84);
567
+ uint64_t x98 = (x97 + x85);
558
568
  uint64_t x99;
559
569
  fiat_p256_uint1 x100;
560
- fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98);
570
+ fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
561
571
  uint64_t x101;
562
572
  fiat_p256_uint1 x102;
563
- fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96);
573
+ fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
564
574
  uint64_t x103;
565
575
  fiat_p256_uint1 x104;
566
- fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94);
576
+ fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
567
577
  uint64_t x105;
568
578
  fiat_p256_uint1 x106;
569
- fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92);
579
+ fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
570
580
  uint64_t x107;
571
581
  fiat_p256_uint1 x108;
572
- fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81);
582
+ fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
573
583
  uint64_t x109;
574
- fiat_p256_uint1 x110;
575
- fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83);
584
+ uint64_t x110;
585
+ fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
576
586
  uint64_t x111;
577
- fiat_p256_uint1 x112;
578
- fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85);
587
+ uint64_t x112;
588
+ fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
579
589
  uint64_t x113;
580
- fiat_p256_uint1 x114;
581
- fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87);
590
+ uint64_t x114;
591
+ fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
582
592
  uint64_t x115;
583
593
  fiat_p256_uint1 x116;
584
- fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89);
585
- uint64_t x117;
594
+ fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111);
595
+ uint64_t x117 = (x116 + x112);
586
596
  uint64_t x118;
587
- fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001));
588
- uint64_t x119;
597
+ fiat_p256_uint1 x119;
598
+ fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
589
599
  uint64_t x120;
590
- fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff));
591
- uint64_t x121;
600
+ fiat_p256_uint1 x121;
601
+ fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
592
602
  uint64_t x122;
593
- fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff));
594
- uint64_t x123;
595
- fiat_p256_uint1 x124;
596
- fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122);
597
- uint64_t x125;
598
- fiat_p256_uint1 x126;
599
- fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120);
600
- uint64_t x127;
601
- fiat_p256_uint1 x128;
602
- fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107);
603
+ fiat_p256_uint1 x123;
604
+ fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
605
+ uint64_t x124;
606
+ fiat_p256_uint1 x125;
607
+ fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
608
+ uint64_t x126;
609
+ fiat_p256_uint1 x127;
610
+ fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110);
611
+ uint64_t x128 = ((uint64_t)x127 + x108);
603
612
  uint64_t x129;
604
- fiat_p256_uint1 x130;
605
- fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109);
613
+ uint64_t x130;
614
+ fiat_p256_mulx_u64(&x129, &x130, x3, (arg1[3]));
606
615
  uint64_t x131;
607
- fiat_p256_uint1 x132;
608
- fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111);
616
+ uint64_t x132;
617
+ fiat_p256_mulx_u64(&x131, &x132, x3, (arg1[2]));
609
618
  uint64_t x133;
610
- fiat_p256_uint1 x134;
611
- fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113);
619
+ uint64_t x134;
620
+ fiat_p256_mulx_u64(&x133, &x134, x3, (arg1[1]));
612
621
  uint64_t x135;
613
- fiat_p256_uint1 x136;
614
- fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115);
622
+ uint64_t x136;
623
+ fiat_p256_mulx_u64(&x135, &x136, x3, (arg1[0]));
615
624
  uint64_t x137;
616
625
  fiat_p256_uint1 x138;
617
- fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116);
626
+ fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
618
627
  uint64_t x139;
619
- uint64_t x140;
620
- fiat_p256_mulx_u64(&x139, &x140, x3, (arg1[3]));
628
+ fiat_p256_uint1 x140;
629
+ fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
621
630
  uint64_t x141;
622
- uint64_t x142;
623
- fiat_p256_mulx_u64(&x141, &x142, x3, (arg1[2]));
624
- uint64_t x143;
631
+ fiat_p256_uint1 x142;
632
+ fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129);
633
+ uint64_t x143 = (x142 + x130);
625
634
  uint64_t x144;
626
- fiat_p256_mulx_u64(&x143, &x144, x3, (arg1[1]));
627
- uint64_t x145;
635
+ fiat_p256_uint1 x145;
636
+ fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
628
637
  uint64_t x146;
629
- fiat_p256_mulx_u64(&x145, &x146, x3, (arg1[0]));
630
- uint64_t x147;
631
- fiat_p256_uint1 x148;
632
- fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146);
633
- uint64_t x149;
634
- fiat_p256_uint1 x150;
635
- fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144);
636
- uint64_t x151;
637
- fiat_p256_uint1 x152;
638
- fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142);
639
- uint64_t x153;
640
- fiat_p256_uint1 x154;
641
- fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140);
638
+ fiat_p256_uint1 x147;
639
+ fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
640
+ uint64_t x148;
641
+ fiat_p256_uint1 x149;
642
+ fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
643
+ uint64_t x150;
644
+ fiat_p256_uint1 x151;
645
+ fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
646
+ uint64_t x152;
647
+ fiat_p256_uint1 x153;
648
+ fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
649
+ uint64_t x154;
642
650
  uint64_t x155;
643
- fiat_p256_uint1 x156;
644
- fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129);
651
+ fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
652
+ uint64_t x156;
645
653
  uint64_t x157;
646
- fiat_p256_uint1 x158;
647
- fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131);
654
+ fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
655
+ uint64_t x158;
648
656
  uint64_t x159;
649
- fiat_p256_uint1 x160;
650
- fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133);
651
- uint64_t x161;
652
- fiat_p256_uint1 x162;
653
- fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135);
657
+ fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
658
+ uint64_t x160;
659
+ fiat_p256_uint1 x161;
660
+ fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156);
661
+ uint64_t x162 = (x161 + x157);
654
662
  uint64_t x163;
655
663
  fiat_p256_uint1 x164;
656
- fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137);
664
+ fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
657
665
  uint64_t x165;
658
- uint64_t x166;
659
- fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001));
666
+ fiat_p256_uint1 x166;
667
+ fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
660
668
  uint64_t x167;
661
- uint64_t x168;
662
- fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff));
669
+ fiat_p256_uint1 x168;
670
+ fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
663
671
  uint64_t x169;
664
- uint64_t x170;
665
- fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff));
672
+ fiat_p256_uint1 x170;
673
+ fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
666
674
  uint64_t x171;
667
675
  fiat_p256_uint1 x172;
668
- fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170);
669
- uint64_t x173;
670
- fiat_p256_uint1 x174;
671
- fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168);
672
- uint64_t x175;
673
- fiat_p256_uint1 x176;
674
- fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155);
675
- uint64_t x177;
676
- fiat_p256_uint1 x178;
677
- fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157);
678
- uint64_t x179;
679
- fiat_p256_uint1 x180;
680
- fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159);
681
- uint64_t x181;
682
- fiat_p256_uint1 x182;
683
- fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161);
684
- uint64_t x183;
685
- fiat_p256_uint1 x184;
686
- fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163);
676
+ fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155);
677
+ uint64_t x173 = ((uint64_t)x172 + x153);
678
+ uint64_t x174;
679
+ fiat_p256_uint1 x175;
680
+ fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
681
+ uint64_t x176;
682
+ fiat_p256_uint1 x177;
683
+ fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
684
+ uint64_t x178;
685
+ fiat_p256_uint1 x179;
686
+ fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
687
+ uint64_t x180;
688
+ fiat_p256_uint1 x181;
689
+ fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
690
+ uint64_t x182;
691
+ fiat_p256_uint1 x183;
692
+ fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
693
+ uint64_t x184;
694
+ fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
687
695
  uint64_t x185;
688
- fiat_p256_uint1 x186;
689
- fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164);
696
+ fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
697
+ uint64_t x186;
698
+ fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
690
699
  uint64_t x187;
691
- fiat_p256_uint1 x188;
692
- fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff));
693
- uint64_t x189;
694
- fiat_p256_uint1 x190;
695
- fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff));
696
- uint64_t x191;
697
- fiat_p256_uint1 x192;
698
- fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0);
699
- uint64_t x193;
700
- fiat_p256_uint1 x194;
701
- fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001));
702
- uint64_t x195;
703
- fiat_p256_uint1 x196;
704
- fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0);
705
- uint64_t x197;
706
- fiat_p256_cmovznz_u64(&x197, x196, x187, x177);
707
- uint64_t x198;
708
- fiat_p256_cmovznz_u64(&x198, x196, x189, x179);
709
- uint64_t x199;
710
- fiat_p256_cmovznz_u64(&x199, x196, x191, x181);
711
- uint64_t x200;
712
- fiat_p256_cmovznz_u64(&x200, x196, x193, x183);
713
- out1[0] = x197;
714
- out1[1] = x198;
715
- out1[2] = x199;
716
- out1[3] = x200;
700
+ fiat_p256_cmovznz_u64(&x187, x183, x180, x171);
701
+ out1[0] = x184;
702
+ out1[1] = x185;
703
+ out1[2] = x186;
704
+ out1[3] = x187;
717
705
  }
718
706
 
719
707
  /*
708
+ * The function fiat_p256_add adds two field elements in the Montgomery domain.
709
+ * Preconditions:
710
+ * 0 ≤ eval arg1 < m
711
+ * 0 ≤ eval arg2 < m
712
+ * Postconditions:
713
+ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
714
+ * 0 ≤ eval out1 < m
715
+ *
720
716
  * Input Bounds:
721
717
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
722
718
  * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
@@ -726,16 +722,16 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
726
722
  static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) {
727
723
  uint64_t x1;
728
724
  fiat_p256_uint1 x2;
729
- fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg2[0]), (arg1[0]));
725
+ fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
730
726
  uint64_t x3;
731
727
  fiat_p256_uint1 x4;
732
- fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg2[1]), (arg1[1]));
728
+ fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
733
729
  uint64_t x5;
734
730
  fiat_p256_uint1 x6;
735
- fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg2[2]), (arg1[2]));
731
+ fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
736
732
  uint64_t x7;
737
733
  fiat_p256_uint1 x8;
738
- fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg2[3]), (arg1[3]));
734
+ fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
739
735
  uint64_t x9;
740
736
  fiat_p256_uint1 x10;
741
737
  fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff));
@@ -766,6 +762,14 @@ static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64
766
762
  }
767
763
 
768
764
  /*
765
+ * The function fiat_p256_sub subtracts two field elements in the Montgomery domain.
766
+ * Preconditions:
767
+ * 0 ≤ eval arg1 < m
768
+ * 0 ≤ eval arg2 < m
769
+ * Postconditions:
770
+ * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
771
+ * 0 ≤ eval out1 < m
772
+ *
769
773
  * Input Bounds:
770
774
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
771
775
  * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
@@ -789,16 +793,16 @@ static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64
789
793
  fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
790
794
  uint64_t x10;
791
795
  fiat_p256_uint1 x11;
792
- fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff)), x1);
796
+ fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff)));
793
797
  uint64_t x12;
794
798
  fiat_p256_uint1 x13;
795
- fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff)), x3);
799
+ fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
796
800
  uint64_t x14;
797
801
  fiat_p256_uint1 x15;
798
- fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, x5);
802
+ fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
799
803
  uint64_t x16;
800
804
  fiat_p256_uint1 x17;
801
- fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001)), x7);
805
+ fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001)));
802
806
  out1[0] = x10;
803
807
  out1[1] = x12;
804
808
  out1[2] = x14;
@@ -806,6 +810,13 @@ static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64
806
810
  }
807
811
 
808
812
  /*
813
+ * The function fiat_p256_opp negates a field element in the Montgomery domain.
814
+ * Preconditions:
815
+ * 0 ≤ eval arg1 < m
816
+ * Postconditions:
817
+ * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
818
+ * 0 ≤ eval out1 < m
819
+ *
809
820
  * Input Bounds:
810
821
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
811
822
  * Output Bounds:
@@ -828,16 +839,16 @@ static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) {
828
839
  fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
829
840
  uint64_t x10;
830
841
  fiat_p256_uint1 x11;
831
- fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff)), x1);
842
+ fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff)));
832
843
  uint64_t x12;
833
844
  fiat_p256_uint1 x13;
834
- fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff)), x3);
845
+ fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
835
846
  uint64_t x14;
836
847
  fiat_p256_uint1 x15;
837
- fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, x5);
848
+ fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
838
849
  uint64_t x16;
839
850
  fiat_p256_uint1 x17;
840
- fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001)), x7);
851
+ fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001)));
841
852
  out1[0] = x10;
842
853
  out1[1] = x12;
843
854
  out1[2] = x14;
@@ -845,6 +856,13 @@ static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) {
845
856
  }
846
857
 
847
858
  /*
859
+ * The function fiat_p256_from_montgomery translates a field element out of the Montgomery domain.
860
+ * Preconditions:
861
+ * 0 ≤ eval arg1 < m
862
+ * Postconditions:
863
+ * eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m
864
+ * 0 ≤ eval out1 < m
865
+ *
848
866
  * Input Bounds:
849
867
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
850
868
  * Output Bounds:
@@ -863,16 +881,16 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4])
863
881
  fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff));
864
882
  uint64_t x8;
865
883
  fiat_p256_uint1 x9;
866
- fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x4, x7);
884
+ fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x7, x4);
867
885
  uint64_t x10;
868
886
  fiat_p256_uint1 x11;
869
- fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x6, x1);
887
+ fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x6);
870
888
  uint64_t x12;
871
889
  fiat_p256_uint1 x13;
872
- fiat_p256_addcarryx_u64(&x12, &x13, x11, x8, 0x0);
890
+ fiat_p256_addcarryx_u64(&x12, &x13, x11, 0x0, x8);
873
891
  uint64_t x14;
874
892
  fiat_p256_uint1 x15;
875
- fiat_p256_addcarryx_u64(&x14, &x15, 0x0, (arg1[1]), x12);
893
+ fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x12, (arg1[1]));
876
894
  uint64_t x16;
877
895
  uint64_t x17;
878
896
  fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001));
@@ -884,148 +902,122 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4])
884
902
  fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff));
885
903
  uint64_t x22;
886
904
  fiat_p256_uint1 x23;
887
- fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x18, x21);
905
+ fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x21, x18);
888
906
  uint64_t x24;
889
907
  fiat_p256_uint1 x25;
890
- fiat_p256_addcarryx_u64(&x24, &x25, x9, 0x0, x5);
908
+ fiat_p256_addcarryx_u64(&x24, &x25, 0x0, x14, x20);
891
909
  uint64_t x26;
892
910
  fiat_p256_uint1 x27;
893
- fiat_p256_addcarryx_u64(&x26, &x27, x13, x24, 0x0);
911
+ fiat_p256_addcarryx_u64(&x26, &x27, x25, (x15 + (x13 + (x9 + x5))), x22);
894
912
  uint64_t x28;
895
913
  fiat_p256_uint1 x29;
896
- fiat_p256_addcarryx_u64(&x28, &x29, x15, 0x0, x26);
914
+ fiat_p256_addcarryx_u64(&x28, &x29, x27, x2, (x23 + x19));
897
915
  uint64_t x30;
898
916
  fiat_p256_uint1 x31;
899
- fiat_p256_addcarryx_u64(&x30, &x31, 0x0, x20, x14);
917
+ fiat_p256_addcarryx_u64(&x30, &x31, x29, x3, x16);
900
918
  uint64_t x32;
901
919
  fiat_p256_uint1 x33;
902
- fiat_p256_addcarryx_u64(&x32, &x33, x31, x22, x28);
920
+ fiat_p256_addcarryx_u64(&x32, &x33, 0x0, x26, (arg1[2]));
903
921
  uint64_t x34;
904
922
  fiat_p256_uint1 x35;
905
- fiat_p256_addcarryx_u64(&x34, &x35, x23, 0x0, x19);
923
+ fiat_p256_addcarryx_u64(&x34, &x35, x33, x28, 0x0);
906
924
  uint64_t x36;
907
925
  fiat_p256_uint1 x37;
908
- fiat_p256_addcarryx_u64(&x36, &x37, x33, x34, x2);
926
+ fiat_p256_addcarryx_u64(&x36, &x37, x35, x30, 0x0);
909
927
  uint64_t x38;
910
- fiat_p256_uint1 x39;
911
- fiat_p256_addcarryx_u64(&x38, &x39, x37, x16, x3);
928
+ uint64_t x39;
929
+ fiat_p256_mulx_u64(&x38, &x39, x32, UINT64_C(0xffffffff00000001));
912
930
  uint64_t x40;
913
- fiat_p256_uint1 x41;
914
- fiat_p256_addcarryx_u64(&x40, &x41, 0x0, (arg1[2]), x32);
931
+ uint64_t x41;
932
+ fiat_p256_mulx_u64(&x40, &x41, x32, UINT32_C(0xffffffff));
915
933
  uint64_t x42;
916
- fiat_p256_uint1 x43;
917
- fiat_p256_addcarryx_u64(&x42, &x43, x41, 0x0, x36);
934
+ uint64_t x43;
935
+ fiat_p256_mulx_u64(&x42, &x43, x32, UINT64_C(0xffffffffffffffff));
918
936
  uint64_t x44;
919
937
  fiat_p256_uint1 x45;
920
- fiat_p256_addcarryx_u64(&x44, &x45, x43, 0x0, x38);
938
+ fiat_p256_addcarryx_u64(&x44, &x45, 0x0, x43, x40);
921
939
  uint64_t x46;
922
- uint64_t x47;
923
- fiat_p256_mulx_u64(&x46, &x47, x40, UINT64_C(0xffffffff00000001));
940
+ fiat_p256_uint1 x47;
941
+ fiat_p256_addcarryx_u64(&x46, &x47, 0x0, x32, x42);
924
942
  uint64_t x48;
925
- uint64_t x49;
926
- fiat_p256_mulx_u64(&x48, &x49, x40, UINT32_C(0xffffffff));
943
+ fiat_p256_uint1 x49;
944
+ fiat_p256_addcarryx_u64(&x48, &x49, x47, x34, x44);
927
945
  uint64_t x50;
928
- uint64_t x51;
929
- fiat_p256_mulx_u64(&x50, &x51, x40, UINT64_C(0xffffffffffffffff));
946
+ fiat_p256_uint1 x51;
947
+ fiat_p256_addcarryx_u64(&x50, &x51, x49, x36, (x45 + x41));
930
948
  uint64_t x52;
931
949
  fiat_p256_uint1 x53;
932
- fiat_p256_addcarryx_u64(&x52, &x53, 0x0, x48, x51);
950
+ fiat_p256_addcarryx_u64(&x52, &x53, x51, (x37 + (x31 + x17)), x38);
933
951
  uint64_t x54;
934
952
  fiat_p256_uint1 x55;
935
- fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x50, x40);
953
+ fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x48, (arg1[3]));
936
954
  uint64_t x56;
937
955
  fiat_p256_uint1 x57;
938
- fiat_p256_addcarryx_u64(&x56, &x57, x55, x52, x42);
956
+ fiat_p256_addcarryx_u64(&x56, &x57, x55, x50, 0x0);
939
957
  uint64_t x58;
940
958
  fiat_p256_uint1 x59;
941
- fiat_p256_addcarryx_u64(&x58, &x59, x53, 0x0, x49);
959
+ fiat_p256_addcarryx_u64(&x58, &x59, x57, x52, 0x0);
942
960
  uint64_t x60;
943
- fiat_p256_uint1 x61;
944
- fiat_p256_addcarryx_u64(&x60, &x61, x57, x58, x44);
961
+ uint64_t x61;
962
+ fiat_p256_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffff00000001));
945
963
  uint64_t x62;
946
- fiat_p256_uint1 x63;
947
- fiat_p256_addcarryx_u64(&x62, &x63, x39, x17, 0x0);
964
+ uint64_t x63;
965
+ fiat_p256_mulx_u64(&x62, &x63, x54, UINT32_C(0xffffffff));
948
966
  uint64_t x64;
949
- fiat_p256_uint1 x65;
950
- fiat_p256_addcarryx_u64(&x64, &x65, x45, 0x0, x62);
967
+ uint64_t x65;
968
+ fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffffffffffff));
951
969
  uint64_t x66;
952
970
  fiat_p256_uint1 x67;
953
- fiat_p256_addcarryx_u64(&x66, &x67, x61, x46, x64);
971
+ fiat_p256_addcarryx_u64(&x66, &x67, 0x0, x65, x62);
954
972
  uint64_t x68;
955
973
  fiat_p256_uint1 x69;
956
- fiat_p256_addcarryx_u64(&x68, &x69, 0x0, (arg1[3]), x56);
974
+ fiat_p256_addcarryx_u64(&x68, &x69, 0x0, x54, x64);
957
975
  uint64_t x70;
958
976
  fiat_p256_uint1 x71;
959
- fiat_p256_addcarryx_u64(&x70, &x71, x69, 0x0, x60);
977
+ fiat_p256_addcarryx_u64(&x70, &x71, x69, x56, x66);
960
978
  uint64_t x72;
961
979
  fiat_p256_uint1 x73;
962
- fiat_p256_addcarryx_u64(&x72, &x73, x71, 0x0, x66);
980
+ fiat_p256_addcarryx_u64(&x72, &x73, x71, x58, (x67 + x63));
963
981
  uint64_t x74;
964
- uint64_t x75;
965
- fiat_p256_mulx_u64(&x74, &x75, x68, UINT64_C(0xffffffff00000001));
966
- uint64_t x76;
982
+ fiat_p256_uint1 x75;
983
+ fiat_p256_addcarryx_u64(&x74, &x75, x73, (x59 + (x53 + x39)), x60);
984
+ uint64_t x76 = (x75 + x61);
967
985
  uint64_t x77;
968
- fiat_p256_mulx_u64(&x76, &x77, x68, UINT32_C(0xffffffff));
969
- uint64_t x78;
986
+ fiat_p256_uint1 x78;
987
+ fiat_p256_subborrowx_u64(&x77, &x78, 0x0, x70, UINT64_C(0xffffffffffffffff));
970
988
  uint64_t x79;
971
- fiat_p256_mulx_u64(&x78, &x79, x68, UINT64_C(0xffffffffffffffff));
972
- uint64_t x80;
973
- fiat_p256_uint1 x81;
974
- fiat_p256_addcarryx_u64(&x80, &x81, 0x0, x76, x79);
975
- uint64_t x82;
976
- fiat_p256_uint1 x83;
977
- fiat_p256_addcarryx_u64(&x82, &x83, 0x0, x78, x68);
978
- uint64_t x84;
979
- fiat_p256_uint1 x85;
980
- fiat_p256_addcarryx_u64(&x84, &x85, x83, x80, x70);
981
- uint64_t x86;
982
- fiat_p256_uint1 x87;
983
- fiat_p256_addcarryx_u64(&x86, &x87, x81, 0x0, x77);
989
+ fiat_p256_uint1 x80;
990
+ fiat_p256_subborrowx_u64(&x79, &x80, x78, x72, UINT32_C(0xffffffff));
991
+ uint64_t x81;
992
+ fiat_p256_uint1 x82;
993
+ fiat_p256_subborrowx_u64(&x81, &x82, x80, x74, 0x0);
994
+ uint64_t x83;
995
+ fiat_p256_uint1 x84;
996
+ fiat_p256_subborrowx_u64(&x83, &x84, x82, x76, UINT64_C(0xffffffff00000001));
997
+ uint64_t x85;
998
+ fiat_p256_uint1 x86;
999
+ fiat_p256_subborrowx_u64(&x85, &x86, x84, 0x0, 0x0);
1000
+ uint64_t x87;
1001
+ fiat_p256_cmovznz_u64(&x87, x86, x77, x70);
984
1002
  uint64_t x88;
985
- fiat_p256_uint1 x89;
986
- fiat_p256_addcarryx_u64(&x88, &x89, x85, x86, x72);
1003
+ fiat_p256_cmovznz_u64(&x88, x86, x79, x72);
1004
+ uint64_t x89;
1005
+ fiat_p256_cmovznz_u64(&x89, x86, x81, x74);
987
1006
  uint64_t x90;
988
- fiat_p256_uint1 x91;
989
- fiat_p256_addcarryx_u64(&x90, &x91, x67, x47, 0x0);
990
- uint64_t x92;
991
- fiat_p256_uint1 x93;
992
- fiat_p256_addcarryx_u64(&x92, &x93, x73, 0x0, x90);
993
- uint64_t x94;
994
- fiat_p256_uint1 x95;
995
- fiat_p256_addcarryx_u64(&x94, &x95, x89, x74, x92);
996
- uint64_t x96;
997
- fiat_p256_uint1 x97;
998
- fiat_p256_addcarryx_u64(&x96, &x97, x95, x75, 0x0);
999
- uint64_t x98;
1000
- fiat_p256_uint1 x99;
1001
- fiat_p256_subborrowx_u64(&x98, &x99, 0x0, x84, UINT64_C(0xffffffffffffffff));
1002
- uint64_t x100;
1003
- fiat_p256_uint1 x101;
1004
- fiat_p256_subborrowx_u64(&x100, &x101, x99, x88, UINT32_C(0xffffffff));
1005
- uint64_t x102;
1006
- fiat_p256_uint1 x103;
1007
- fiat_p256_subborrowx_u64(&x102, &x103, x101, x94, 0x0);
1008
- uint64_t x104;
1009
- fiat_p256_uint1 x105;
1010
- fiat_p256_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xffffffff00000001));
1011
- uint64_t x106;
1012
- fiat_p256_uint1 x107;
1013
- fiat_p256_subborrowx_u64(&x106, &x107, x105, 0x0, 0x0);
1014
- uint64_t x108;
1015
- fiat_p256_cmovznz_u64(&x108, x107, x98, x84);
1016
- uint64_t x109;
1017
- fiat_p256_cmovznz_u64(&x109, x107, x100, x88);
1018
- uint64_t x110;
1019
- fiat_p256_cmovznz_u64(&x110, x107, x102, x94);
1020
- uint64_t x111;
1021
- fiat_p256_cmovznz_u64(&x111, x107, x104, x96);
1022
- out1[0] = x108;
1023
- out1[1] = x109;
1024
- out1[2] = x110;
1025
- out1[3] = x111;
1007
+ fiat_p256_cmovznz_u64(&x90, x86, x83, x76);
1008
+ out1[0] = x87;
1009
+ out1[1] = x88;
1010
+ out1[2] = x89;
1011
+ out1[3] = x90;
1026
1012
  }
1027
1013
 
1028
1014
  /*
1015
+ * The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
1016
+ * Preconditions:
1017
+ * 0 ≤ eval arg1 < m
1018
+ * Postconditions:
1019
+ * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
1020
+ *
1029
1021
  * Input Bounds:
1030
1022
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1031
1023
  * Output Bounds:
@@ -1037,6 +1029,10 @@ static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
1037
1029
  }
1038
1030
 
1039
1031
  /*
1032
+ * The function fiat_p256_selectznz is a multi-limb conditional select.
1033
+ * Postconditions:
1034
+ * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
1035
+ *
1040
1036
  * Input Bounds:
1041
1037
  * arg1: [0x0 ~> 0x1]
1042
1038
  * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
@@ -1060,6 +1056,12 @@ static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const ui
1060
1056
  }
1061
1057
 
1062
1058
  /*
1059
+ * The function fiat_p256_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order.
1060
+ * Preconditions:
1061
+ * 0 ≤ eval arg1 < m
1062
+ * Postconditions:
1063
+ * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31]
1064
+ *
1063
1065
  * Input Bounds:
1064
1066
  * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1065
1067
  * Output Bounds:
@@ -1164,6 +1166,13 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
1164
1166
  }
1165
1167
 
1166
1168
  /*
1169
+ * The function fiat_p256_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order.
1170
+ * Preconditions:
1171
+ * 0 ≤ bytes_eval arg1 < m
1172
+ * Postconditions:
1173
+ * eval out1 mod m = bytes_eval arg1 mod m
1174
+ * 0 ≤ eval out1 < m
1175
+ *
1167
1176
  * Input Bounds:
1168
1177
  * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
1169
1178
  * Output Bounds: