grpc 1.28.0 → 1.30.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7694 -11190
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +19 -21
- data/include/grpc/impl/codegen/port_platform.h +6 -2
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +212 -241
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
- data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
- data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +5 -5
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +52 -39
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +329 -297
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- metadata +115 -39
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -1,6 +1,6 @@
|
|
1
|
-
/* Autogenerated */
|
1
|
+
/* Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --static p256 '2^256 - 2^224 + 2^192 + 2^96 - 1' 64 mul square add sub opp from_montgomery nonzero selectznz to_bytes from_bytes */
|
2
2
|
/* curve description: p256 */
|
3
|
-
/* requested operations:
|
3
|
+
/* requested operations: mul, square, add, sub, opp, from_montgomery, nonzero, selectznz, to_bytes, from_bytes */
|
4
4
|
/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */
|
5
5
|
/* machine_wordsize = 64 (from "64") */
|
6
6
|
/* */
|
@@ -17,8 +17,17 @@ typedef signed char fiat_p256_int1;
|
|
17
17
|
typedef signed __int128 fiat_p256_int128;
|
18
18
|
typedef unsigned __int128 fiat_p256_uint128;
|
19
19
|
|
20
|
+
#if (-1 & 3) != 3
|
21
|
+
#error "This code only works on a two's complement system"
|
22
|
+
#endif
|
23
|
+
|
20
24
|
|
21
25
|
/*
|
26
|
+
* The function fiat_p256_addcarryx_u64 is an addition with carry.
|
27
|
+
* Postconditions:
|
28
|
+
* out1 = (arg1 + arg2 + arg3) mod 2^64
|
29
|
+
* out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋
|
30
|
+
*
|
22
31
|
* Input Bounds:
|
23
32
|
* arg1: [0x0 ~> 0x1]
|
24
33
|
* arg2: [0x0 ~> 0xffffffffffffffff]
|
@@ -36,6 +45,11 @@ static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_
|
|
36
45
|
}
|
37
46
|
|
38
47
|
/*
|
48
|
+
* The function fiat_p256_subborrowx_u64 is a subtraction with borrow.
|
49
|
+
* Postconditions:
|
50
|
+
* out1 = (-arg1 + arg2 + -arg3) mod 2^64
|
51
|
+
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋
|
52
|
+
*
|
39
53
|
* Input Bounds:
|
40
54
|
* arg1: [0x0 ~> 0x1]
|
41
55
|
* arg2: [0x0 ~> 0xffffffffffffffff]
|
@@ -53,6 +67,11 @@ static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat
|
|
53
67
|
}
|
54
68
|
|
55
69
|
/*
|
70
|
+
* The function fiat_p256_mulx_u64 is a multiplication, returning the full double-width result.
|
71
|
+
* Postconditions:
|
72
|
+
* out1 = (arg1 * arg2) mod 2^64
|
73
|
+
* out2 = ⌊arg1 * arg2 / 2^64⌋
|
74
|
+
*
|
56
75
|
* Input Bounds:
|
57
76
|
* arg1: [0x0 ~> 0xffffffffffffffff]
|
58
77
|
* arg2: [0x0 ~> 0xffffffffffffffff]
|
@@ -69,6 +88,10 @@ static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui
|
|
69
88
|
}
|
70
89
|
|
71
90
|
/*
|
91
|
+
* The function fiat_p256_cmovznz_u64 is a single-word conditional move.
|
92
|
+
* Postconditions:
|
93
|
+
* out1 = (if arg1 = 0 then arg2 else arg3)
|
94
|
+
*
|
72
95
|
* Input Bounds:
|
73
96
|
* arg1: [0x0 ~> 0x1]
|
74
97
|
* arg2: [0x0 ~> 0xffffffffffffffff]
|
@@ -90,6 +113,14 @@ static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t
|
|
90
113
|
}
|
91
114
|
|
92
115
|
/*
|
116
|
+
* The function fiat_p256_mul multiplies two field elements in the Montgomery domain.
|
117
|
+
* Preconditions:
|
118
|
+
* 0 ≤ eval arg1 < m
|
119
|
+
* 0 ≤ eval arg2 < m
|
120
|
+
* Postconditions:
|
121
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
|
122
|
+
* 0 ≤ eval out1 < m
|
123
|
+
*
|
93
124
|
* Input Bounds:
|
94
125
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
95
126
|
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
@@ -115,295 +146,277 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
115
146
|
fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0]));
|
116
147
|
uint64_t x13;
|
117
148
|
fiat_p256_uint1 x14;
|
118
|
-
fiat_p256_addcarryx_u64(&x13, &x14, 0x0,
|
149
|
+
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
119
150
|
uint64_t x15;
|
120
151
|
fiat_p256_uint1 x16;
|
121
|
-
fiat_p256_addcarryx_u64(&x15, &x16, x14,
|
152
|
+
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
122
153
|
uint64_t x17;
|
123
154
|
fiat_p256_uint1 x18;
|
124
|
-
fiat_p256_addcarryx_u64(&x17, &x18, x16,
|
125
|
-
uint64_t x19;
|
126
|
-
|
127
|
-
fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6);
|
155
|
+
fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
|
156
|
+
uint64_t x19 = (x18 + x6);
|
157
|
+
uint64_t x20;
|
128
158
|
uint64_t x21;
|
159
|
+
fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
|
129
160
|
uint64_t x22;
|
130
|
-
fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001));
|
131
161
|
uint64_t x23;
|
162
|
+
fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
|
132
163
|
uint64_t x24;
|
133
|
-
fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff));
|
134
164
|
uint64_t x25;
|
165
|
+
fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
|
135
166
|
uint64_t x26;
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26);
|
167
|
+
fiat_p256_uint1 x27;
|
168
|
+
fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22);
|
169
|
+
uint64_t x28 = (x27 + x23);
|
140
170
|
uint64_t x29;
|
141
171
|
fiat_p256_uint1 x30;
|
142
|
-
fiat_p256_addcarryx_u64(&x29, &x30,
|
172
|
+
fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
|
143
173
|
uint64_t x31;
|
144
174
|
fiat_p256_uint1 x32;
|
145
|
-
fiat_p256_addcarryx_u64(&x31, &x32,
|
175
|
+
fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
|
146
176
|
uint64_t x33;
|
147
177
|
fiat_p256_uint1 x34;
|
148
|
-
fiat_p256_addcarryx_u64(&x33, &x34, x32,
|
178
|
+
fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
|
149
179
|
uint64_t x35;
|
150
180
|
fiat_p256_uint1 x36;
|
151
|
-
fiat_p256_addcarryx_u64(&x35, &x36, x34,
|
181
|
+
fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
|
152
182
|
uint64_t x37;
|
153
183
|
fiat_p256_uint1 x38;
|
154
|
-
fiat_p256_addcarryx_u64(&x37, &x38, x36,
|
184
|
+
fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
|
155
185
|
uint64_t x39;
|
156
|
-
|
157
|
-
|
186
|
+
uint64_t x40;
|
187
|
+
fiat_p256_mulx_u64(&x39, &x40, x1, (arg2[3]));
|
158
188
|
uint64_t x41;
|
159
|
-
|
160
|
-
|
189
|
+
uint64_t x42;
|
190
|
+
fiat_p256_mulx_u64(&x41, &x42, x1, (arg2[2]));
|
161
191
|
uint64_t x43;
|
162
192
|
uint64_t x44;
|
163
|
-
fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[
|
193
|
+
fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[1]));
|
164
194
|
uint64_t x45;
|
165
195
|
uint64_t x46;
|
166
|
-
fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[
|
196
|
+
fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[0]));
|
167
197
|
uint64_t x47;
|
168
|
-
|
169
|
-
|
198
|
+
fiat_p256_uint1 x48;
|
199
|
+
fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
|
170
200
|
uint64_t x49;
|
171
|
-
|
172
|
-
|
201
|
+
fiat_p256_uint1 x50;
|
202
|
+
fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
|
173
203
|
uint64_t x51;
|
174
204
|
fiat_p256_uint1 x52;
|
175
|
-
fiat_p256_addcarryx_u64(&x51, &x52,
|
176
|
-
uint64_t x53;
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37);
|
205
|
+
fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39);
|
206
|
+
uint64_t x53 = (x52 + x40);
|
207
|
+
uint64_t x54;
|
208
|
+
fiat_p256_uint1 x55;
|
209
|
+
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
|
210
|
+
uint64_t x56;
|
211
|
+
fiat_p256_uint1 x57;
|
212
|
+
fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
|
213
|
+
uint64_t x58;
|
214
|
+
fiat_p256_uint1 x59;
|
215
|
+
fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
|
216
|
+
uint64_t x60;
|
217
|
+
fiat_p256_uint1 x61;
|
218
|
+
fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
|
219
|
+
uint64_t x62;
|
220
|
+
fiat_p256_uint1 x63;
|
221
|
+
fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
|
222
|
+
uint64_t x64;
|
194
223
|
uint64_t x65;
|
195
|
-
|
196
|
-
|
224
|
+
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
|
225
|
+
uint64_t x66;
|
197
226
|
uint64_t x67;
|
198
|
-
|
199
|
-
|
227
|
+
fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
|
228
|
+
uint64_t x68;
|
200
229
|
uint64_t x69;
|
230
|
+
fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
|
201
231
|
uint64_t x70;
|
202
|
-
|
203
|
-
|
204
|
-
uint64_t x72;
|
205
|
-
fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff));
|
232
|
+
fiat_p256_uint1 x71;
|
233
|
+
fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66);
|
234
|
+
uint64_t x72 = (x71 + x67);
|
206
235
|
uint64_t x73;
|
207
|
-
|
208
|
-
|
236
|
+
fiat_p256_uint1 x74;
|
237
|
+
fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
|
209
238
|
uint64_t x75;
|
210
239
|
fiat_p256_uint1 x76;
|
211
|
-
fiat_p256_addcarryx_u64(&x75, &x76,
|
240
|
+
fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
|
212
241
|
uint64_t x77;
|
213
242
|
fiat_p256_uint1 x78;
|
214
|
-
fiat_p256_addcarryx_u64(&x77, &x78, x76,
|
243
|
+
fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
|
215
244
|
uint64_t x79;
|
216
245
|
fiat_p256_uint1 x80;
|
217
|
-
fiat_p256_addcarryx_u64(&x79, &x80,
|
246
|
+
fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
|
218
247
|
uint64_t x81;
|
219
248
|
fiat_p256_uint1 x82;
|
220
|
-
fiat_p256_addcarryx_u64(&x81, &x82, x80,
|
221
|
-
uint64_t x83;
|
222
|
-
|
223
|
-
fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63);
|
249
|
+
fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65);
|
250
|
+
uint64_t x83 = ((uint64_t)x82 + x63);
|
251
|
+
uint64_t x84;
|
224
252
|
uint64_t x85;
|
225
|
-
|
226
|
-
|
253
|
+
fiat_p256_mulx_u64(&x84, &x85, x2, (arg2[3]));
|
254
|
+
uint64_t x86;
|
227
255
|
uint64_t x87;
|
228
|
-
|
229
|
-
|
256
|
+
fiat_p256_mulx_u64(&x86, &x87, x2, (arg2[2]));
|
257
|
+
uint64_t x88;
|
230
258
|
uint64_t x89;
|
231
|
-
|
232
|
-
|
259
|
+
fiat_p256_mulx_u64(&x88, &x89, x2, (arg2[1]));
|
260
|
+
uint64_t x90;
|
233
261
|
uint64_t x91;
|
262
|
+
fiat_p256_mulx_u64(&x90, &x91, x2, (arg2[0]));
|
234
263
|
uint64_t x92;
|
235
|
-
|
236
|
-
|
264
|
+
fiat_p256_uint1 x93;
|
265
|
+
fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
|
237
266
|
uint64_t x94;
|
238
|
-
|
239
|
-
|
267
|
+
fiat_p256_uint1 x95;
|
268
|
+
fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
|
240
269
|
uint64_t x96;
|
241
|
-
|
242
|
-
|
243
|
-
uint64_t x98;
|
244
|
-
fiat_p256_mulx_u64(&x97, &x98, x2, (arg2[0]));
|
270
|
+
fiat_p256_uint1 x97;
|
271
|
+
fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84);
|
272
|
+
uint64_t x98 = (x97 + x85);
|
245
273
|
uint64_t x99;
|
246
274
|
fiat_p256_uint1 x100;
|
247
|
-
fiat_p256_addcarryx_u64(&x99, &x100, 0x0,
|
275
|
+
fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
|
248
276
|
uint64_t x101;
|
249
277
|
fiat_p256_uint1 x102;
|
250
|
-
fiat_p256_addcarryx_u64(&x101, &x102, x100,
|
278
|
+
fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
|
251
279
|
uint64_t x103;
|
252
280
|
fiat_p256_uint1 x104;
|
253
|
-
fiat_p256_addcarryx_u64(&x103, &x104, x102,
|
281
|
+
fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
|
254
282
|
uint64_t x105;
|
255
283
|
fiat_p256_uint1 x106;
|
256
|
-
fiat_p256_addcarryx_u64(&x105, &x106, x104,
|
284
|
+
fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
|
257
285
|
uint64_t x107;
|
258
286
|
fiat_p256_uint1 x108;
|
259
|
-
fiat_p256_addcarryx_u64(&x107, &x108,
|
287
|
+
fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
|
260
288
|
uint64_t x109;
|
261
|
-
|
262
|
-
|
289
|
+
uint64_t x110;
|
290
|
+
fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
|
263
291
|
uint64_t x111;
|
264
|
-
|
265
|
-
|
292
|
+
uint64_t x112;
|
293
|
+
fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
|
266
294
|
uint64_t x113;
|
267
|
-
|
268
|
-
|
295
|
+
uint64_t x114;
|
296
|
+
fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
|
269
297
|
uint64_t x115;
|
270
298
|
fiat_p256_uint1 x116;
|
271
|
-
fiat_p256_addcarryx_u64(&x115, &x116,
|
272
|
-
uint64_t x117;
|
299
|
+
fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111);
|
300
|
+
uint64_t x117 = (x116 + x112);
|
273
301
|
uint64_t x118;
|
274
|
-
|
275
|
-
|
302
|
+
fiat_p256_uint1 x119;
|
303
|
+
fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
|
276
304
|
uint64_t x120;
|
277
|
-
|
278
|
-
|
305
|
+
fiat_p256_uint1 x121;
|
306
|
+
fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
|
279
307
|
uint64_t x122;
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107);
|
308
|
+
fiat_p256_uint1 x123;
|
309
|
+
fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
|
310
|
+
uint64_t x124;
|
311
|
+
fiat_p256_uint1 x125;
|
312
|
+
fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
|
313
|
+
uint64_t x126;
|
314
|
+
fiat_p256_uint1 x127;
|
315
|
+
fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110);
|
316
|
+
uint64_t x128 = ((uint64_t)x127 + x108);
|
290
317
|
uint64_t x129;
|
291
|
-
|
292
|
-
|
318
|
+
uint64_t x130;
|
319
|
+
fiat_p256_mulx_u64(&x129, &x130, x3, (arg2[3]));
|
293
320
|
uint64_t x131;
|
294
|
-
|
295
|
-
|
321
|
+
uint64_t x132;
|
322
|
+
fiat_p256_mulx_u64(&x131, &x132, x3, (arg2[2]));
|
296
323
|
uint64_t x133;
|
297
|
-
|
298
|
-
|
324
|
+
uint64_t x134;
|
325
|
+
fiat_p256_mulx_u64(&x133, &x134, x3, (arg2[1]));
|
299
326
|
uint64_t x135;
|
300
|
-
|
301
|
-
|
327
|
+
uint64_t x136;
|
328
|
+
fiat_p256_mulx_u64(&x135, &x136, x3, (arg2[0]));
|
302
329
|
uint64_t x137;
|
303
330
|
fiat_p256_uint1 x138;
|
304
|
-
fiat_p256_addcarryx_u64(&x137, &x138,
|
331
|
+
fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
|
305
332
|
uint64_t x139;
|
306
|
-
|
307
|
-
|
333
|
+
fiat_p256_uint1 x140;
|
334
|
+
fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
|
308
335
|
uint64_t x141;
|
309
|
-
|
310
|
-
|
311
|
-
uint64_t x143;
|
336
|
+
fiat_p256_uint1 x142;
|
337
|
+
fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129);
|
338
|
+
uint64_t x143 = (x142 + x130);
|
312
339
|
uint64_t x144;
|
313
|
-
|
314
|
-
|
340
|
+
fiat_p256_uint1 x145;
|
341
|
+
fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
|
315
342
|
uint64_t x146;
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140);
|
343
|
+
fiat_p256_uint1 x147;
|
344
|
+
fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
|
345
|
+
uint64_t x148;
|
346
|
+
fiat_p256_uint1 x149;
|
347
|
+
fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
|
348
|
+
uint64_t x150;
|
349
|
+
fiat_p256_uint1 x151;
|
350
|
+
fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
|
351
|
+
uint64_t x152;
|
352
|
+
fiat_p256_uint1 x153;
|
353
|
+
fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
|
354
|
+
uint64_t x154;
|
329
355
|
uint64_t x155;
|
330
|
-
|
331
|
-
|
356
|
+
fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
|
357
|
+
uint64_t x156;
|
332
358
|
uint64_t x157;
|
333
|
-
|
334
|
-
|
359
|
+
fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
|
360
|
+
uint64_t x158;
|
335
361
|
uint64_t x159;
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
362
|
+
fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
|
363
|
+
uint64_t x160;
|
364
|
+
fiat_p256_uint1 x161;
|
365
|
+
fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156);
|
366
|
+
uint64_t x162 = (x161 + x157);
|
341
367
|
uint64_t x163;
|
342
368
|
fiat_p256_uint1 x164;
|
343
|
-
fiat_p256_addcarryx_u64(&x163, &x164,
|
369
|
+
fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
|
344
370
|
uint64_t x165;
|
345
|
-
|
346
|
-
|
371
|
+
fiat_p256_uint1 x166;
|
372
|
+
fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
|
347
373
|
uint64_t x167;
|
348
|
-
|
349
|
-
|
374
|
+
fiat_p256_uint1 x168;
|
375
|
+
fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
|
350
376
|
uint64_t x169;
|
351
|
-
|
352
|
-
|
377
|
+
fiat_p256_uint1 x170;
|
378
|
+
fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
|
353
379
|
uint64_t x171;
|
354
380
|
fiat_p256_uint1 x172;
|
355
|
-
fiat_p256_addcarryx_u64(&x171, &x172,
|
356
|
-
uint64_t x173;
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
381
|
+
fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155);
|
382
|
+
uint64_t x173 = ((uint64_t)x172 + x153);
|
383
|
+
uint64_t x174;
|
384
|
+
fiat_p256_uint1 x175;
|
385
|
+
fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
|
386
|
+
uint64_t x176;
|
387
|
+
fiat_p256_uint1 x177;
|
388
|
+
fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
|
389
|
+
uint64_t x178;
|
390
|
+
fiat_p256_uint1 x179;
|
391
|
+
fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
|
392
|
+
uint64_t x180;
|
393
|
+
fiat_p256_uint1 x181;
|
394
|
+
fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
|
395
|
+
uint64_t x182;
|
396
|
+
fiat_p256_uint1 x183;
|
397
|
+
fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
|
398
|
+
uint64_t x184;
|
399
|
+
fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
|
374
400
|
uint64_t x185;
|
375
|
-
|
376
|
-
|
401
|
+
fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
|
402
|
+
uint64_t x186;
|
403
|
+
fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
|
377
404
|
uint64_t x187;
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
383
|
-
uint64_t x191;
|
384
|
-
fiat_p256_uint1 x192;
|
385
|
-
fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0);
|
386
|
-
uint64_t x193;
|
387
|
-
fiat_p256_uint1 x194;
|
388
|
-
fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001));
|
389
|
-
uint64_t x195;
|
390
|
-
fiat_p256_uint1 x196;
|
391
|
-
fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0);
|
392
|
-
uint64_t x197;
|
393
|
-
fiat_p256_cmovznz_u64(&x197, x196, x187, x177);
|
394
|
-
uint64_t x198;
|
395
|
-
fiat_p256_cmovznz_u64(&x198, x196, x189, x179);
|
396
|
-
uint64_t x199;
|
397
|
-
fiat_p256_cmovznz_u64(&x199, x196, x191, x181);
|
398
|
-
uint64_t x200;
|
399
|
-
fiat_p256_cmovznz_u64(&x200, x196, x193, x183);
|
400
|
-
out1[0] = x197;
|
401
|
-
out1[1] = x198;
|
402
|
-
out1[2] = x199;
|
403
|
-
out1[3] = x200;
|
405
|
+
fiat_p256_cmovznz_u64(&x187, x183, x180, x171);
|
406
|
+
out1[0] = x184;
|
407
|
+
out1[1] = x185;
|
408
|
+
out1[2] = x186;
|
409
|
+
out1[3] = x187;
|
404
410
|
}
|
405
411
|
|
406
412
|
/*
|
413
|
+
* The function fiat_p256_square squares a field element in the Montgomery domain.
|
414
|
+
* Preconditions:
|
415
|
+
* 0 ≤ eval arg1 < m
|
416
|
+
* Postconditions:
|
417
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
|
418
|
+
* 0 ≤ eval out1 < m
|
419
|
+
*
|
407
420
|
* Input Bounds:
|
408
421
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
409
422
|
* Output Bounds:
|
@@ -428,295 +441,278 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
428
441
|
fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0]));
|
429
442
|
uint64_t x13;
|
430
443
|
fiat_p256_uint1 x14;
|
431
|
-
fiat_p256_addcarryx_u64(&x13, &x14, 0x0,
|
444
|
+
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
432
445
|
uint64_t x15;
|
433
446
|
fiat_p256_uint1 x16;
|
434
|
-
fiat_p256_addcarryx_u64(&x15, &x16, x14,
|
447
|
+
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
435
448
|
uint64_t x17;
|
436
449
|
fiat_p256_uint1 x18;
|
437
|
-
fiat_p256_addcarryx_u64(&x17, &x18, x16,
|
438
|
-
uint64_t x19;
|
439
|
-
|
440
|
-
fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6);
|
450
|
+
fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
|
451
|
+
uint64_t x19 = (x18 + x6);
|
452
|
+
uint64_t x20;
|
441
453
|
uint64_t x21;
|
454
|
+
fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
|
442
455
|
uint64_t x22;
|
443
|
-
fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001));
|
444
456
|
uint64_t x23;
|
457
|
+
fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
|
445
458
|
uint64_t x24;
|
446
|
-
fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff));
|
447
459
|
uint64_t x25;
|
460
|
+
fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
|
448
461
|
uint64_t x26;
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26);
|
462
|
+
fiat_p256_uint1 x27;
|
463
|
+
fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22);
|
464
|
+
uint64_t x28 = (x27 + x23);
|
453
465
|
uint64_t x29;
|
454
466
|
fiat_p256_uint1 x30;
|
455
|
-
fiat_p256_addcarryx_u64(&x29, &x30,
|
467
|
+
fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
|
456
468
|
uint64_t x31;
|
457
469
|
fiat_p256_uint1 x32;
|
458
|
-
fiat_p256_addcarryx_u64(&x31, &x32,
|
470
|
+
fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
|
459
471
|
uint64_t x33;
|
460
472
|
fiat_p256_uint1 x34;
|
461
|
-
fiat_p256_addcarryx_u64(&x33, &x34, x32,
|
473
|
+
fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
|
462
474
|
uint64_t x35;
|
463
475
|
fiat_p256_uint1 x36;
|
464
|
-
fiat_p256_addcarryx_u64(&x35, &x36, x34,
|
476
|
+
fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
|
465
477
|
uint64_t x37;
|
466
478
|
fiat_p256_uint1 x38;
|
467
|
-
fiat_p256_addcarryx_u64(&x37, &x38, x36,
|
479
|
+
fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
|
468
480
|
uint64_t x39;
|
469
|
-
|
470
|
-
|
481
|
+
uint64_t x40;
|
482
|
+
fiat_p256_mulx_u64(&x39, &x40, x1, (arg1[3]));
|
471
483
|
uint64_t x41;
|
472
|
-
|
473
|
-
|
484
|
+
uint64_t x42;
|
485
|
+
fiat_p256_mulx_u64(&x41, &x42, x1, (arg1[2]));
|
474
486
|
uint64_t x43;
|
475
487
|
uint64_t x44;
|
476
|
-
fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[
|
488
|
+
fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[1]));
|
477
489
|
uint64_t x45;
|
478
490
|
uint64_t x46;
|
479
|
-
fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[
|
491
|
+
fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[0]));
|
480
492
|
uint64_t x47;
|
481
|
-
|
482
|
-
|
493
|
+
fiat_p256_uint1 x48;
|
494
|
+
fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
|
483
495
|
uint64_t x49;
|
484
|
-
|
485
|
-
|
496
|
+
fiat_p256_uint1 x50;
|
497
|
+
fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
|
486
498
|
uint64_t x51;
|
487
499
|
fiat_p256_uint1 x52;
|
488
|
-
fiat_p256_addcarryx_u64(&x51, &x52,
|
489
|
-
uint64_t x53;
|
490
|
-
|
491
|
-
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
|
506
|
-
fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37);
|
500
|
+
fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39);
|
501
|
+
uint64_t x53 = (x52 + x40);
|
502
|
+
uint64_t x54;
|
503
|
+
fiat_p256_uint1 x55;
|
504
|
+
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
|
505
|
+
uint64_t x56;
|
506
|
+
fiat_p256_uint1 x57;
|
507
|
+
fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
|
508
|
+
uint64_t x58;
|
509
|
+
fiat_p256_uint1 x59;
|
510
|
+
fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
|
511
|
+
uint64_t x60;
|
512
|
+
fiat_p256_uint1 x61;
|
513
|
+
fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
|
514
|
+
uint64_t x62;
|
515
|
+
fiat_p256_uint1 x63;
|
516
|
+
fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
|
517
|
+
uint64_t x64;
|
507
518
|
uint64_t x65;
|
508
|
-
|
509
|
-
|
519
|
+
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
|
520
|
+
uint64_t x66;
|
510
521
|
uint64_t x67;
|
511
|
-
|
512
|
-
|
522
|
+
fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
|
523
|
+
uint64_t x68;
|
513
524
|
uint64_t x69;
|
525
|
+
fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
|
514
526
|
uint64_t x70;
|
515
|
-
|
516
|
-
|
517
|
-
uint64_t x72;
|
518
|
-
fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff));
|
527
|
+
fiat_p256_uint1 x71;
|
528
|
+
fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66);
|
529
|
+
uint64_t x72 = (x71 + x67);
|
519
530
|
uint64_t x73;
|
520
|
-
|
521
|
-
|
531
|
+
fiat_p256_uint1 x74;
|
532
|
+
fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
|
522
533
|
uint64_t x75;
|
523
534
|
fiat_p256_uint1 x76;
|
524
|
-
fiat_p256_addcarryx_u64(&x75, &x76,
|
535
|
+
fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
|
525
536
|
uint64_t x77;
|
526
537
|
fiat_p256_uint1 x78;
|
527
|
-
fiat_p256_addcarryx_u64(&x77, &x78, x76,
|
538
|
+
fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
|
528
539
|
uint64_t x79;
|
529
540
|
fiat_p256_uint1 x80;
|
530
|
-
fiat_p256_addcarryx_u64(&x79, &x80,
|
541
|
+
fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
|
531
542
|
uint64_t x81;
|
532
543
|
fiat_p256_uint1 x82;
|
533
|
-
fiat_p256_addcarryx_u64(&x81, &x82, x80,
|
534
|
-
uint64_t x83;
|
535
|
-
|
536
|
-
fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63);
|
544
|
+
fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65);
|
545
|
+
uint64_t x83 = ((uint64_t)x82 + x63);
|
546
|
+
uint64_t x84;
|
537
547
|
uint64_t x85;
|
538
|
-
|
539
|
-
|
548
|
+
fiat_p256_mulx_u64(&x84, &x85, x2, (arg1[3]));
|
549
|
+
uint64_t x86;
|
540
550
|
uint64_t x87;
|
541
|
-
|
542
|
-
|
551
|
+
fiat_p256_mulx_u64(&x86, &x87, x2, (arg1[2]));
|
552
|
+
uint64_t x88;
|
543
553
|
uint64_t x89;
|
544
|
-
|
545
|
-
|
554
|
+
fiat_p256_mulx_u64(&x88, &x89, x2, (arg1[1]));
|
555
|
+
uint64_t x90;
|
546
556
|
uint64_t x91;
|
557
|
+
fiat_p256_mulx_u64(&x90, &x91, x2, (arg1[0]));
|
547
558
|
uint64_t x92;
|
548
|
-
|
549
|
-
|
559
|
+
fiat_p256_uint1 x93;
|
560
|
+
fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
|
550
561
|
uint64_t x94;
|
551
|
-
|
552
|
-
|
562
|
+
fiat_p256_uint1 x95;
|
563
|
+
fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
|
553
564
|
uint64_t x96;
|
554
|
-
|
555
|
-
|
556
|
-
uint64_t x98;
|
557
|
-
fiat_p256_mulx_u64(&x97, &x98, x2, (arg1[0]));
|
565
|
+
fiat_p256_uint1 x97;
|
566
|
+
fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84);
|
567
|
+
uint64_t x98 = (x97 + x85);
|
558
568
|
uint64_t x99;
|
559
569
|
fiat_p256_uint1 x100;
|
560
|
-
fiat_p256_addcarryx_u64(&x99, &x100, 0x0,
|
570
|
+
fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
|
561
571
|
uint64_t x101;
|
562
572
|
fiat_p256_uint1 x102;
|
563
|
-
fiat_p256_addcarryx_u64(&x101, &x102, x100,
|
573
|
+
fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
|
564
574
|
uint64_t x103;
|
565
575
|
fiat_p256_uint1 x104;
|
566
|
-
fiat_p256_addcarryx_u64(&x103, &x104, x102,
|
576
|
+
fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
|
567
577
|
uint64_t x105;
|
568
578
|
fiat_p256_uint1 x106;
|
569
|
-
fiat_p256_addcarryx_u64(&x105, &x106, x104,
|
579
|
+
fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
|
570
580
|
uint64_t x107;
|
571
581
|
fiat_p256_uint1 x108;
|
572
|
-
fiat_p256_addcarryx_u64(&x107, &x108,
|
582
|
+
fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
|
573
583
|
uint64_t x109;
|
574
|
-
|
575
|
-
|
584
|
+
uint64_t x110;
|
585
|
+
fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
|
576
586
|
uint64_t x111;
|
577
|
-
|
578
|
-
|
587
|
+
uint64_t x112;
|
588
|
+
fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
|
579
589
|
uint64_t x113;
|
580
|
-
|
581
|
-
|
590
|
+
uint64_t x114;
|
591
|
+
fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
|
582
592
|
uint64_t x115;
|
583
593
|
fiat_p256_uint1 x116;
|
584
|
-
fiat_p256_addcarryx_u64(&x115, &x116,
|
585
|
-
uint64_t x117;
|
594
|
+
fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111);
|
595
|
+
uint64_t x117 = (x116 + x112);
|
586
596
|
uint64_t x118;
|
587
|
-
|
588
|
-
|
597
|
+
fiat_p256_uint1 x119;
|
598
|
+
fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
|
589
599
|
uint64_t x120;
|
590
|
-
|
591
|
-
|
600
|
+
fiat_p256_uint1 x121;
|
601
|
+
fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
|
592
602
|
uint64_t x122;
|
593
|
-
|
594
|
-
|
595
|
-
|
596
|
-
|
597
|
-
|
598
|
-
|
599
|
-
|
600
|
-
|
601
|
-
|
602
|
-
fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107);
|
603
|
+
fiat_p256_uint1 x123;
|
604
|
+
fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
|
605
|
+
uint64_t x124;
|
606
|
+
fiat_p256_uint1 x125;
|
607
|
+
fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
|
608
|
+
uint64_t x126;
|
609
|
+
fiat_p256_uint1 x127;
|
610
|
+
fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110);
|
611
|
+
uint64_t x128 = ((uint64_t)x127 + x108);
|
603
612
|
uint64_t x129;
|
604
|
-
|
605
|
-
|
613
|
+
uint64_t x130;
|
614
|
+
fiat_p256_mulx_u64(&x129, &x130, x3, (arg1[3]));
|
606
615
|
uint64_t x131;
|
607
|
-
|
608
|
-
|
616
|
+
uint64_t x132;
|
617
|
+
fiat_p256_mulx_u64(&x131, &x132, x3, (arg1[2]));
|
609
618
|
uint64_t x133;
|
610
|
-
|
611
|
-
|
619
|
+
uint64_t x134;
|
620
|
+
fiat_p256_mulx_u64(&x133, &x134, x3, (arg1[1]));
|
612
621
|
uint64_t x135;
|
613
|
-
|
614
|
-
|
622
|
+
uint64_t x136;
|
623
|
+
fiat_p256_mulx_u64(&x135, &x136, x3, (arg1[0]));
|
615
624
|
uint64_t x137;
|
616
625
|
fiat_p256_uint1 x138;
|
617
|
-
fiat_p256_addcarryx_u64(&x137, &x138,
|
626
|
+
fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
|
618
627
|
uint64_t x139;
|
619
|
-
|
620
|
-
|
628
|
+
fiat_p256_uint1 x140;
|
629
|
+
fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
|
621
630
|
uint64_t x141;
|
622
|
-
|
623
|
-
|
624
|
-
uint64_t x143;
|
631
|
+
fiat_p256_uint1 x142;
|
632
|
+
fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129);
|
633
|
+
uint64_t x143 = (x142 + x130);
|
625
634
|
uint64_t x144;
|
626
|
-
|
627
|
-
|
635
|
+
fiat_p256_uint1 x145;
|
636
|
+
fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
|
628
637
|
uint64_t x146;
|
629
|
-
|
630
|
-
|
631
|
-
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
636
|
-
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
|
641
|
-
fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140);
|
638
|
+
fiat_p256_uint1 x147;
|
639
|
+
fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
|
640
|
+
uint64_t x148;
|
641
|
+
fiat_p256_uint1 x149;
|
642
|
+
fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
|
643
|
+
uint64_t x150;
|
644
|
+
fiat_p256_uint1 x151;
|
645
|
+
fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
|
646
|
+
uint64_t x152;
|
647
|
+
fiat_p256_uint1 x153;
|
648
|
+
fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
|
649
|
+
uint64_t x154;
|
642
650
|
uint64_t x155;
|
643
|
-
|
644
|
-
|
651
|
+
fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
|
652
|
+
uint64_t x156;
|
645
653
|
uint64_t x157;
|
646
|
-
|
647
|
-
|
654
|
+
fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
|
655
|
+
uint64_t x158;
|
648
656
|
uint64_t x159;
|
649
|
-
|
650
|
-
|
651
|
-
|
652
|
-
|
653
|
-
|
657
|
+
fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
|
658
|
+
uint64_t x160;
|
659
|
+
fiat_p256_uint1 x161;
|
660
|
+
fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156);
|
661
|
+
uint64_t x162 = (x161 + x157);
|
654
662
|
uint64_t x163;
|
655
663
|
fiat_p256_uint1 x164;
|
656
|
-
fiat_p256_addcarryx_u64(&x163, &x164,
|
664
|
+
fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
|
657
665
|
uint64_t x165;
|
658
|
-
|
659
|
-
|
666
|
+
fiat_p256_uint1 x166;
|
667
|
+
fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
|
660
668
|
uint64_t x167;
|
661
|
-
|
662
|
-
|
669
|
+
fiat_p256_uint1 x168;
|
670
|
+
fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
|
663
671
|
uint64_t x169;
|
664
|
-
|
665
|
-
|
672
|
+
fiat_p256_uint1 x170;
|
673
|
+
fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
|
666
674
|
uint64_t x171;
|
667
675
|
fiat_p256_uint1 x172;
|
668
|
-
fiat_p256_addcarryx_u64(&x171, &x172,
|
669
|
-
uint64_t x173;
|
670
|
-
|
671
|
-
|
672
|
-
|
673
|
-
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
|
678
|
-
|
679
|
-
|
680
|
-
|
681
|
-
|
682
|
-
|
683
|
-
|
684
|
-
|
685
|
-
|
686
|
-
|
676
|
+
fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155);
|
677
|
+
uint64_t x173 = ((uint64_t)x172 + x153);
|
678
|
+
uint64_t x174;
|
679
|
+
fiat_p256_uint1 x175;
|
680
|
+
fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
|
681
|
+
uint64_t x176;
|
682
|
+
fiat_p256_uint1 x177;
|
683
|
+
fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
|
684
|
+
uint64_t x178;
|
685
|
+
fiat_p256_uint1 x179;
|
686
|
+
fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
|
687
|
+
uint64_t x180;
|
688
|
+
fiat_p256_uint1 x181;
|
689
|
+
fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
|
690
|
+
uint64_t x182;
|
691
|
+
fiat_p256_uint1 x183;
|
692
|
+
fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
|
693
|
+
uint64_t x184;
|
694
|
+
fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
|
687
695
|
uint64_t x185;
|
688
|
-
|
689
|
-
|
696
|
+
fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
|
697
|
+
uint64_t x186;
|
698
|
+
fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
|
690
699
|
uint64_t x187;
|
691
|
-
|
692
|
-
|
693
|
-
|
694
|
-
|
695
|
-
|
696
|
-
uint64_t x191;
|
697
|
-
fiat_p256_uint1 x192;
|
698
|
-
fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0);
|
699
|
-
uint64_t x193;
|
700
|
-
fiat_p256_uint1 x194;
|
701
|
-
fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001));
|
702
|
-
uint64_t x195;
|
703
|
-
fiat_p256_uint1 x196;
|
704
|
-
fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0);
|
705
|
-
uint64_t x197;
|
706
|
-
fiat_p256_cmovznz_u64(&x197, x196, x187, x177);
|
707
|
-
uint64_t x198;
|
708
|
-
fiat_p256_cmovznz_u64(&x198, x196, x189, x179);
|
709
|
-
uint64_t x199;
|
710
|
-
fiat_p256_cmovznz_u64(&x199, x196, x191, x181);
|
711
|
-
uint64_t x200;
|
712
|
-
fiat_p256_cmovznz_u64(&x200, x196, x193, x183);
|
713
|
-
out1[0] = x197;
|
714
|
-
out1[1] = x198;
|
715
|
-
out1[2] = x199;
|
716
|
-
out1[3] = x200;
|
700
|
+
fiat_p256_cmovznz_u64(&x187, x183, x180, x171);
|
701
|
+
out1[0] = x184;
|
702
|
+
out1[1] = x185;
|
703
|
+
out1[2] = x186;
|
704
|
+
out1[3] = x187;
|
717
705
|
}
|
718
706
|
|
719
707
|
/*
|
708
|
+
* The function fiat_p256_add adds two field elements in the Montgomery domain.
|
709
|
+
* Preconditions:
|
710
|
+
* 0 ≤ eval arg1 < m
|
711
|
+
* 0 ≤ eval arg2 < m
|
712
|
+
* Postconditions:
|
713
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
|
714
|
+
* 0 ≤ eval out1 < m
|
715
|
+
*
|
720
716
|
* Input Bounds:
|
721
717
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
722
718
|
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
@@ -726,16 +722,16 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
726
722
|
static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) {
|
727
723
|
uint64_t x1;
|
728
724
|
fiat_p256_uint1 x2;
|
729
|
-
fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (
|
725
|
+
fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
|
730
726
|
uint64_t x3;
|
731
727
|
fiat_p256_uint1 x4;
|
732
|
-
fiat_p256_addcarryx_u64(&x3, &x4, x2, (
|
728
|
+
fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
|
733
729
|
uint64_t x5;
|
734
730
|
fiat_p256_uint1 x6;
|
735
|
-
fiat_p256_addcarryx_u64(&x5, &x6, x4, (
|
731
|
+
fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
|
736
732
|
uint64_t x7;
|
737
733
|
fiat_p256_uint1 x8;
|
738
|
-
fiat_p256_addcarryx_u64(&x7, &x8, x6, (
|
734
|
+
fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
|
739
735
|
uint64_t x9;
|
740
736
|
fiat_p256_uint1 x10;
|
741
737
|
fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff));
|
@@ -766,6 +762,14 @@ static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
766
762
|
}
|
767
763
|
|
768
764
|
/*
|
765
|
+
* The function fiat_p256_sub subtracts two field elements in the Montgomery domain.
|
766
|
+
* Preconditions:
|
767
|
+
* 0 ≤ eval arg1 < m
|
768
|
+
* 0 ≤ eval arg2 < m
|
769
|
+
* Postconditions:
|
770
|
+
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
|
771
|
+
* 0 ≤ eval out1 < m
|
772
|
+
*
|
769
773
|
* Input Bounds:
|
770
774
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
771
775
|
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
@@ -789,16 +793,16 @@ static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
789
793
|
fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
|
790
794
|
uint64_t x10;
|
791
795
|
fiat_p256_uint1 x11;
|
792
|
-
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff))
|
796
|
+
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff)));
|
793
797
|
uint64_t x12;
|
794
798
|
fiat_p256_uint1 x13;
|
795
|
-
fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff))
|
799
|
+
fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
|
796
800
|
uint64_t x14;
|
797
801
|
fiat_p256_uint1 x15;
|
798
|
-
fiat_p256_addcarryx_u64(&x14, &x15, x13,
|
802
|
+
fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
|
799
803
|
uint64_t x16;
|
800
804
|
fiat_p256_uint1 x17;
|
801
|
-
fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001))
|
805
|
+
fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001)));
|
802
806
|
out1[0] = x10;
|
803
807
|
out1[1] = x12;
|
804
808
|
out1[2] = x14;
|
@@ -806,6 +810,13 @@ static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
806
810
|
}
|
807
811
|
|
808
812
|
/*
|
813
|
+
* The function fiat_p256_opp negates a field element in the Montgomery domain.
|
814
|
+
* Preconditions:
|
815
|
+
* 0 ≤ eval arg1 < m
|
816
|
+
* Postconditions:
|
817
|
+
* eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
|
818
|
+
* 0 ≤ eval out1 < m
|
819
|
+
*
|
809
820
|
* Input Bounds:
|
810
821
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
811
822
|
* Output Bounds:
|
@@ -828,16 +839,16 @@ static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
828
839
|
fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
|
829
840
|
uint64_t x10;
|
830
841
|
fiat_p256_uint1 x11;
|
831
|
-
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff))
|
842
|
+
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff)));
|
832
843
|
uint64_t x12;
|
833
844
|
fiat_p256_uint1 x13;
|
834
|
-
fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff))
|
845
|
+
fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
|
835
846
|
uint64_t x14;
|
836
847
|
fiat_p256_uint1 x15;
|
837
|
-
fiat_p256_addcarryx_u64(&x14, &x15, x13,
|
848
|
+
fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
|
838
849
|
uint64_t x16;
|
839
850
|
fiat_p256_uint1 x17;
|
840
|
-
fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001))
|
851
|
+
fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001)));
|
841
852
|
out1[0] = x10;
|
842
853
|
out1[1] = x12;
|
843
854
|
out1[2] = x14;
|
@@ -845,6 +856,13 @@ static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
845
856
|
}
|
846
857
|
|
847
858
|
/*
|
859
|
+
* The function fiat_p256_from_montgomery translates a field element out of the Montgomery domain.
|
860
|
+
* Preconditions:
|
861
|
+
* 0 ≤ eval arg1 < m
|
862
|
+
* Postconditions:
|
863
|
+
* eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m
|
864
|
+
* 0 ≤ eval out1 < m
|
865
|
+
*
|
848
866
|
* Input Bounds:
|
849
867
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
850
868
|
* Output Bounds:
|
@@ -863,16 +881,16 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4])
|
|
863
881
|
fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff));
|
864
882
|
uint64_t x8;
|
865
883
|
fiat_p256_uint1 x9;
|
866
|
-
fiat_p256_addcarryx_u64(&x8, &x9, 0x0,
|
884
|
+
fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x7, x4);
|
867
885
|
uint64_t x10;
|
868
886
|
fiat_p256_uint1 x11;
|
869
|
-
fiat_p256_addcarryx_u64(&x10, &x11, 0x0,
|
887
|
+
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x6);
|
870
888
|
uint64_t x12;
|
871
889
|
fiat_p256_uint1 x13;
|
872
|
-
fiat_p256_addcarryx_u64(&x12, &x13, x11,
|
890
|
+
fiat_p256_addcarryx_u64(&x12, &x13, x11, 0x0, x8);
|
873
891
|
uint64_t x14;
|
874
892
|
fiat_p256_uint1 x15;
|
875
|
-
fiat_p256_addcarryx_u64(&x14, &x15, 0x0, (arg1[1])
|
893
|
+
fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x12, (arg1[1]));
|
876
894
|
uint64_t x16;
|
877
895
|
uint64_t x17;
|
878
896
|
fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001));
|
@@ -884,148 +902,122 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4])
|
|
884
902
|
fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff));
|
885
903
|
uint64_t x22;
|
886
904
|
fiat_p256_uint1 x23;
|
887
|
-
fiat_p256_addcarryx_u64(&x22, &x23, 0x0,
|
905
|
+
fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x21, x18);
|
888
906
|
uint64_t x24;
|
889
907
|
fiat_p256_uint1 x25;
|
890
|
-
fiat_p256_addcarryx_u64(&x24, &x25,
|
908
|
+
fiat_p256_addcarryx_u64(&x24, &x25, 0x0, x14, x20);
|
891
909
|
uint64_t x26;
|
892
910
|
fiat_p256_uint1 x27;
|
893
|
-
fiat_p256_addcarryx_u64(&x26, &x27,
|
911
|
+
fiat_p256_addcarryx_u64(&x26, &x27, x25, (x15 + (x13 + (x9 + x5))), x22);
|
894
912
|
uint64_t x28;
|
895
913
|
fiat_p256_uint1 x29;
|
896
|
-
fiat_p256_addcarryx_u64(&x28, &x29,
|
914
|
+
fiat_p256_addcarryx_u64(&x28, &x29, x27, x2, (x23 + x19));
|
897
915
|
uint64_t x30;
|
898
916
|
fiat_p256_uint1 x31;
|
899
|
-
fiat_p256_addcarryx_u64(&x30, &x31,
|
917
|
+
fiat_p256_addcarryx_u64(&x30, &x31, x29, x3, x16);
|
900
918
|
uint64_t x32;
|
901
919
|
fiat_p256_uint1 x33;
|
902
|
-
fiat_p256_addcarryx_u64(&x32, &x33,
|
920
|
+
fiat_p256_addcarryx_u64(&x32, &x33, 0x0, x26, (arg1[2]));
|
903
921
|
uint64_t x34;
|
904
922
|
fiat_p256_uint1 x35;
|
905
|
-
fiat_p256_addcarryx_u64(&x34, &x35,
|
923
|
+
fiat_p256_addcarryx_u64(&x34, &x35, x33, x28, 0x0);
|
906
924
|
uint64_t x36;
|
907
925
|
fiat_p256_uint1 x37;
|
908
|
-
fiat_p256_addcarryx_u64(&x36, &x37,
|
926
|
+
fiat_p256_addcarryx_u64(&x36, &x37, x35, x30, 0x0);
|
909
927
|
uint64_t x38;
|
910
|
-
|
911
|
-
|
928
|
+
uint64_t x39;
|
929
|
+
fiat_p256_mulx_u64(&x38, &x39, x32, UINT64_C(0xffffffff00000001));
|
912
930
|
uint64_t x40;
|
913
|
-
|
914
|
-
|
931
|
+
uint64_t x41;
|
932
|
+
fiat_p256_mulx_u64(&x40, &x41, x32, UINT32_C(0xffffffff));
|
915
933
|
uint64_t x42;
|
916
|
-
|
917
|
-
|
934
|
+
uint64_t x43;
|
935
|
+
fiat_p256_mulx_u64(&x42, &x43, x32, UINT64_C(0xffffffffffffffff));
|
918
936
|
uint64_t x44;
|
919
937
|
fiat_p256_uint1 x45;
|
920
|
-
fiat_p256_addcarryx_u64(&x44, &x45,
|
938
|
+
fiat_p256_addcarryx_u64(&x44, &x45, 0x0, x43, x40);
|
921
939
|
uint64_t x46;
|
922
|
-
|
923
|
-
|
940
|
+
fiat_p256_uint1 x47;
|
941
|
+
fiat_p256_addcarryx_u64(&x46, &x47, 0x0, x32, x42);
|
924
942
|
uint64_t x48;
|
925
|
-
|
926
|
-
|
943
|
+
fiat_p256_uint1 x49;
|
944
|
+
fiat_p256_addcarryx_u64(&x48, &x49, x47, x34, x44);
|
927
945
|
uint64_t x50;
|
928
|
-
|
929
|
-
|
946
|
+
fiat_p256_uint1 x51;
|
947
|
+
fiat_p256_addcarryx_u64(&x50, &x51, x49, x36, (x45 + x41));
|
930
948
|
uint64_t x52;
|
931
949
|
fiat_p256_uint1 x53;
|
932
|
-
fiat_p256_addcarryx_u64(&x52, &x53,
|
950
|
+
fiat_p256_addcarryx_u64(&x52, &x53, x51, (x37 + (x31 + x17)), x38);
|
933
951
|
uint64_t x54;
|
934
952
|
fiat_p256_uint1 x55;
|
935
|
-
fiat_p256_addcarryx_u64(&x54, &x55, 0x0,
|
953
|
+
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x48, (arg1[3]));
|
936
954
|
uint64_t x56;
|
937
955
|
fiat_p256_uint1 x57;
|
938
|
-
fiat_p256_addcarryx_u64(&x56, &x57, x55,
|
956
|
+
fiat_p256_addcarryx_u64(&x56, &x57, x55, x50, 0x0);
|
939
957
|
uint64_t x58;
|
940
958
|
fiat_p256_uint1 x59;
|
941
|
-
fiat_p256_addcarryx_u64(&x58, &x59,
|
959
|
+
fiat_p256_addcarryx_u64(&x58, &x59, x57, x52, 0x0);
|
942
960
|
uint64_t x60;
|
943
|
-
|
944
|
-
|
961
|
+
uint64_t x61;
|
962
|
+
fiat_p256_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffff00000001));
|
945
963
|
uint64_t x62;
|
946
|
-
|
947
|
-
|
964
|
+
uint64_t x63;
|
965
|
+
fiat_p256_mulx_u64(&x62, &x63, x54, UINT32_C(0xffffffff));
|
948
966
|
uint64_t x64;
|
949
|
-
|
950
|
-
|
967
|
+
uint64_t x65;
|
968
|
+
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffffffffffff));
|
951
969
|
uint64_t x66;
|
952
970
|
fiat_p256_uint1 x67;
|
953
|
-
fiat_p256_addcarryx_u64(&x66, &x67,
|
971
|
+
fiat_p256_addcarryx_u64(&x66, &x67, 0x0, x65, x62);
|
954
972
|
uint64_t x68;
|
955
973
|
fiat_p256_uint1 x69;
|
956
|
-
fiat_p256_addcarryx_u64(&x68, &x69, 0x0,
|
974
|
+
fiat_p256_addcarryx_u64(&x68, &x69, 0x0, x54, x64);
|
957
975
|
uint64_t x70;
|
958
976
|
fiat_p256_uint1 x71;
|
959
|
-
fiat_p256_addcarryx_u64(&x70, &x71, x69,
|
977
|
+
fiat_p256_addcarryx_u64(&x70, &x71, x69, x56, x66);
|
960
978
|
uint64_t x72;
|
961
979
|
fiat_p256_uint1 x73;
|
962
|
-
fiat_p256_addcarryx_u64(&x72, &x73, x71,
|
980
|
+
fiat_p256_addcarryx_u64(&x72, &x73, x71, x58, (x67 + x63));
|
963
981
|
uint64_t x74;
|
964
|
-
|
965
|
-
|
966
|
-
uint64_t x76;
|
982
|
+
fiat_p256_uint1 x75;
|
983
|
+
fiat_p256_addcarryx_u64(&x74, &x75, x73, (x59 + (x53 + x39)), x60);
|
984
|
+
uint64_t x76 = (x75 + x61);
|
967
985
|
uint64_t x77;
|
968
|
-
|
969
|
-
|
986
|
+
fiat_p256_uint1 x78;
|
987
|
+
fiat_p256_subborrowx_u64(&x77, &x78, 0x0, x70, UINT64_C(0xffffffffffffffff));
|
970
988
|
uint64_t x79;
|
971
|
-
|
972
|
-
|
973
|
-
|
974
|
-
|
975
|
-
|
976
|
-
|
977
|
-
|
978
|
-
|
979
|
-
|
980
|
-
|
981
|
-
|
982
|
-
|
983
|
-
|
989
|
+
fiat_p256_uint1 x80;
|
990
|
+
fiat_p256_subborrowx_u64(&x79, &x80, x78, x72, UINT32_C(0xffffffff));
|
991
|
+
uint64_t x81;
|
992
|
+
fiat_p256_uint1 x82;
|
993
|
+
fiat_p256_subborrowx_u64(&x81, &x82, x80, x74, 0x0);
|
994
|
+
uint64_t x83;
|
995
|
+
fiat_p256_uint1 x84;
|
996
|
+
fiat_p256_subborrowx_u64(&x83, &x84, x82, x76, UINT64_C(0xffffffff00000001));
|
997
|
+
uint64_t x85;
|
998
|
+
fiat_p256_uint1 x86;
|
999
|
+
fiat_p256_subborrowx_u64(&x85, &x86, x84, 0x0, 0x0);
|
1000
|
+
uint64_t x87;
|
1001
|
+
fiat_p256_cmovznz_u64(&x87, x86, x77, x70);
|
984
1002
|
uint64_t x88;
|
985
|
-
|
986
|
-
|
1003
|
+
fiat_p256_cmovznz_u64(&x88, x86, x79, x72);
|
1004
|
+
uint64_t x89;
|
1005
|
+
fiat_p256_cmovznz_u64(&x89, x86, x81, x74);
|
987
1006
|
uint64_t x90;
|
988
|
-
|
989
|
-
|
990
|
-
|
991
|
-
|
992
|
-
|
993
|
-
uint64_t x94;
|
994
|
-
fiat_p256_uint1 x95;
|
995
|
-
fiat_p256_addcarryx_u64(&x94, &x95, x89, x74, x92);
|
996
|
-
uint64_t x96;
|
997
|
-
fiat_p256_uint1 x97;
|
998
|
-
fiat_p256_addcarryx_u64(&x96, &x97, x95, x75, 0x0);
|
999
|
-
uint64_t x98;
|
1000
|
-
fiat_p256_uint1 x99;
|
1001
|
-
fiat_p256_subborrowx_u64(&x98, &x99, 0x0, x84, UINT64_C(0xffffffffffffffff));
|
1002
|
-
uint64_t x100;
|
1003
|
-
fiat_p256_uint1 x101;
|
1004
|
-
fiat_p256_subborrowx_u64(&x100, &x101, x99, x88, UINT32_C(0xffffffff));
|
1005
|
-
uint64_t x102;
|
1006
|
-
fiat_p256_uint1 x103;
|
1007
|
-
fiat_p256_subborrowx_u64(&x102, &x103, x101, x94, 0x0);
|
1008
|
-
uint64_t x104;
|
1009
|
-
fiat_p256_uint1 x105;
|
1010
|
-
fiat_p256_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xffffffff00000001));
|
1011
|
-
uint64_t x106;
|
1012
|
-
fiat_p256_uint1 x107;
|
1013
|
-
fiat_p256_subborrowx_u64(&x106, &x107, x105, 0x0, 0x0);
|
1014
|
-
uint64_t x108;
|
1015
|
-
fiat_p256_cmovznz_u64(&x108, x107, x98, x84);
|
1016
|
-
uint64_t x109;
|
1017
|
-
fiat_p256_cmovznz_u64(&x109, x107, x100, x88);
|
1018
|
-
uint64_t x110;
|
1019
|
-
fiat_p256_cmovznz_u64(&x110, x107, x102, x94);
|
1020
|
-
uint64_t x111;
|
1021
|
-
fiat_p256_cmovznz_u64(&x111, x107, x104, x96);
|
1022
|
-
out1[0] = x108;
|
1023
|
-
out1[1] = x109;
|
1024
|
-
out1[2] = x110;
|
1025
|
-
out1[3] = x111;
|
1007
|
+
fiat_p256_cmovznz_u64(&x90, x86, x83, x76);
|
1008
|
+
out1[0] = x87;
|
1009
|
+
out1[1] = x88;
|
1010
|
+
out1[2] = x89;
|
1011
|
+
out1[3] = x90;
|
1026
1012
|
}
|
1027
1013
|
|
1028
1014
|
/*
|
1015
|
+
* The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
|
1016
|
+
* Preconditions:
|
1017
|
+
* 0 ≤ eval arg1 < m
|
1018
|
+
* Postconditions:
|
1019
|
+
* out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
|
1020
|
+
*
|
1029
1021
|
* Input Bounds:
|
1030
1022
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1031
1023
|
* Output Bounds:
|
@@ -1037,6 +1029,10 @@ static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
|
|
1037
1029
|
}
|
1038
1030
|
|
1039
1031
|
/*
|
1032
|
+
* The function fiat_p256_selectznz is a multi-limb conditional select.
|
1033
|
+
* Postconditions:
|
1034
|
+
* eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
|
1035
|
+
*
|
1040
1036
|
* Input Bounds:
|
1041
1037
|
* arg1: [0x0 ~> 0x1]
|
1042
1038
|
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
@@ -1060,6 +1056,12 @@ static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const ui
|
|
1060
1056
|
}
|
1061
1057
|
|
1062
1058
|
/*
|
1059
|
+
* The function fiat_p256_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order.
|
1060
|
+
* Preconditions:
|
1061
|
+
* 0 ≤ eval arg1 < m
|
1062
|
+
* Postconditions:
|
1063
|
+
* out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31]
|
1064
|
+
*
|
1063
1065
|
* Input Bounds:
|
1064
1066
|
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1065
1067
|
* Output Bounds:
|
@@ -1164,6 +1166,13 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
|
|
1164
1166
|
}
|
1165
1167
|
|
1166
1168
|
/*
|
1169
|
+
* The function fiat_p256_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order.
|
1170
|
+
* Preconditions:
|
1171
|
+
* 0 ≤ bytes_eval arg1 < m
|
1172
|
+
* Postconditions:
|
1173
|
+
* eval out1 mod m = bytes_eval arg1 mod m
|
1174
|
+
* 0 ≤ eval out1 < m
|
1175
|
+
*
|
1167
1176
|
* Input Bounds:
|
1168
1177
|
* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
|
1169
1178
|
* Output Bounds:
|