grpc 1.53.0 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +80 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/impl/grpc_types.h +11 -2
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +1 -15
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +42 -23
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +5 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
- data/src/core/lib/backoff/random_early_detection.h +59 -0
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/endpoint_pair.h +2 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +9 -6
- data/src/core/lib/transport/metadata_batch.h +58 -16
- data/src/core/lib/transport/parsed_metadata.h +3 -3
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +105 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -1,8 +1,8 @@
|
|
1
|
-
/* Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --static p256 '2^256 - 2^224 + 2^192 + 2^96 - 1'
|
1
|
+
/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */
|
2
2
|
/* curve description: p256 */
|
3
|
-
/* requested operations: mul, square, add, sub, opp, from_montgomery, nonzero, selectznz, to_bytes, from_bytes */
|
4
|
-
/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */
|
5
3
|
/* machine_wordsize = 64 (from "64") */
|
4
|
+
/* requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp */
|
5
|
+
/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */
|
6
6
|
/* */
|
7
7
|
/* NOTE: In addition to the bounds specified above each function, all */
|
8
8
|
/* functions synthesized for this Montgomery arithmetic require the */
|
@@ -10,20 +10,52 @@
|
|
10
10
|
/* require the input to be in the unique saturated representation. */
|
11
11
|
/* All functions also ensure that these two properties are true of */
|
12
12
|
/* return values. */
|
13
|
+
/* */
|
14
|
+
/* Computed values: */
|
15
|
+
/* eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) */
|
16
|
+
/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */
|
17
|
+
/* twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in */
|
18
|
+
/* if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 */
|
13
19
|
|
14
20
|
#include <stdint.h>
|
15
21
|
typedef unsigned char fiat_p256_uint1;
|
16
22
|
typedef signed char fiat_p256_int1;
|
17
|
-
|
18
|
-
|
23
|
+
#if defined(__GNUC__) || defined(__clang__)
|
24
|
+
# define FIAT_P256_FIAT_EXTENSION __extension__
|
25
|
+
# define FIAT_P256_FIAT_INLINE __inline__
|
26
|
+
#else
|
27
|
+
# define FIAT_P256_FIAT_EXTENSION
|
28
|
+
# define FIAT_P256_FIAT_INLINE
|
29
|
+
#endif
|
30
|
+
|
31
|
+
FIAT_P256_FIAT_EXTENSION typedef signed __int128 fiat_p256_int128;
|
32
|
+
FIAT_P256_FIAT_EXTENSION typedef unsigned __int128 fiat_p256_uint128;
|
33
|
+
|
34
|
+
/* The type fiat_p256_montgomery_domain_field_element is a field element in the Montgomery domain. */
|
35
|
+
/* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */
|
36
|
+
typedef uint64_t fiat_p256_montgomery_domain_field_element[4];
|
37
|
+
|
38
|
+
/* The type fiat_p256_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */
|
39
|
+
/* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */
|
40
|
+
typedef uint64_t fiat_p256_non_montgomery_domain_field_element[4];
|
19
41
|
|
20
42
|
#if (-1 & 3) != 3
|
21
43
|
#error "This code only works on a two's complement system"
|
22
44
|
#endif
|
23
45
|
|
46
|
+
#if !defined(FIAT_P256_NO_ASM) && (defined(__GNUC__) || defined(__clang__))
|
47
|
+
static __inline__ uint64_t fiat_p256_value_barrier_u64(uint64_t a) {
|
48
|
+
__asm__("" : "+r"(a) : /* no inputs */);
|
49
|
+
return a;
|
50
|
+
}
|
51
|
+
#else
|
52
|
+
# define fiat_p256_value_barrier_u64(x) (x)
|
53
|
+
#endif
|
54
|
+
|
24
55
|
|
25
56
|
/*
|
26
57
|
* The function fiat_p256_addcarryx_u64 is an addition with carry.
|
58
|
+
*
|
27
59
|
* Postconditions:
|
28
60
|
* out1 = (arg1 + arg2 + arg3) mod 2^64
|
29
61
|
* out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋
|
@@ -36,16 +68,20 @@ typedef unsigned __int128 fiat_p256_uint128;
|
|
36
68
|
* out1: [0x0 ~> 0xffffffffffffffff]
|
37
69
|
* out2: [0x0 ~> 0x1]
|
38
70
|
*/
|
39
|
-
static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
|
40
|
-
fiat_p256_uint128 x1
|
41
|
-
uint64_t x2
|
42
|
-
fiat_p256_uint1 x3
|
71
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
|
72
|
+
fiat_p256_uint128 x1;
|
73
|
+
uint64_t x2;
|
74
|
+
fiat_p256_uint1 x3;
|
75
|
+
x1 = ((arg1 + (fiat_p256_uint128)arg2) + arg3);
|
76
|
+
x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
|
77
|
+
x3 = (fiat_p256_uint1)(x1 >> 64);
|
43
78
|
*out1 = x2;
|
44
79
|
*out2 = x3;
|
45
80
|
}
|
46
81
|
|
47
82
|
/*
|
48
83
|
* The function fiat_p256_subborrowx_u64 is a subtraction with borrow.
|
84
|
+
*
|
49
85
|
* Postconditions:
|
50
86
|
* out1 = (-arg1 + arg2 + -arg3) mod 2^64
|
51
87
|
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋
|
@@ -58,16 +94,20 @@ static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_
|
|
58
94
|
* out1: [0x0 ~> 0xffffffffffffffff]
|
59
95
|
* out2: [0x0 ~> 0x1]
|
60
96
|
*/
|
61
|
-
static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
|
62
|
-
fiat_p256_int128 x1
|
63
|
-
fiat_p256_int1 x2
|
64
|
-
uint64_t x3
|
97
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
|
98
|
+
fiat_p256_int128 x1;
|
99
|
+
fiat_p256_int1 x2;
|
100
|
+
uint64_t x3;
|
101
|
+
x1 = ((arg2 - (fiat_p256_int128)arg1) - arg3);
|
102
|
+
x2 = (fiat_p256_int1)(x1 >> 64);
|
103
|
+
x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
|
65
104
|
*out1 = x3;
|
66
105
|
*out2 = (fiat_p256_uint1)(0x0 - x2);
|
67
106
|
}
|
68
107
|
|
69
108
|
/*
|
70
109
|
* The function fiat_p256_mulx_u64 is a multiplication, returning the full double-width result.
|
110
|
+
*
|
71
111
|
* Postconditions:
|
72
112
|
* out1 = (arg1 * arg2) mod 2^64
|
73
113
|
* out2 = ⌊arg1 * arg2 / 2^64⌋
|
@@ -79,16 +119,20 @@ static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat
|
|
79
119
|
* out1: [0x0 ~> 0xffffffffffffffff]
|
80
120
|
* out2: [0x0 ~> 0xffffffffffffffff]
|
81
121
|
*/
|
82
|
-
static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) {
|
83
|
-
fiat_p256_uint128 x1
|
84
|
-
uint64_t x2
|
85
|
-
uint64_t x3
|
122
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) {
|
123
|
+
fiat_p256_uint128 x1;
|
124
|
+
uint64_t x2;
|
125
|
+
uint64_t x3;
|
126
|
+
x1 = ((fiat_p256_uint128)arg1 * arg2);
|
127
|
+
x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
|
128
|
+
x3 = (uint64_t)(x1 >> 64);
|
86
129
|
*out1 = x2;
|
87
130
|
*out2 = x3;
|
88
131
|
}
|
89
132
|
|
90
133
|
/*
|
91
134
|
* The function fiat_p256_cmovznz_u64 is a single-word conditional move.
|
135
|
+
*
|
92
136
|
* Postconditions:
|
93
137
|
* out1 = (if arg1 = 0 then arg2 else arg3)
|
94
138
|
*
|
@@ -99,21 +143,19 @@ static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui
|
|
99
143
|
* Output Bounds:
|
100
144
|
* out1: [0x0 ~> 0xffffffffffffffff]
|
101
145
|
*/
|
102
|
-
static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
|
103
|
-
fiat_p256_uint1 x1
|
104
|
-
uint64_t x2
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
// to a cmov, it sometimes further transforms it into a branch, which we do
|
110
|
-
// not want.
|
111
|
-
uint64_t x3 = ((value_barrier_u64(x2) & arg3) | (value_barrier_u64(~x2) & arg2));
|
146
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
|
147
|
+
fiat_p256_uint1 x1;
|
148
|
+
uint64_t x2;
|
149
|
+
uint64_t x3;
|
150
|
+
x1 = (!(!arg1));
|
151
|
+
x2 = ((fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff));
|
152
|
+
x3 = ((fiat_p256_value_barrier_u64(x2) & arg3) | (fiat_p256_value_barrier_u64((~x2)) & arg2));
|
112
153
|
*out1 = x3;
|
113
154
|
}
|
114
155
|
|
115
156
|
/*
|
116
157
|
* The function fiat_p256_mul multiplies two field elements in the Montgomery domain.
|
158
|
+
*
|
117
159
|
* Preconditions:
|
118
160
|
* 0 ≤ eval arg1 < m
|
119
161
|
* 0 ≤ eval arg2 < m
|
@@ -121,287 +163,297 @@ static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t
|
|
121
163
|
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
|
122
164
|
* 0 ≤ eval out1 < m
|
123
165
|
*
|
124
|
-
* Input Bounds:
|
125
|
-
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
126
|
-
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
127
|
-
* Output Bounds:
|
128
|
-
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
129
166
|
*/
|
130
|
-
static void fiat_p256_mul(
|
131
|
-
uint64_t x1
|
132
|
-
uint64_t x2
|
133
|
-
uint64_t x3
|
134
|
-
uint64_t x4
|
167
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_mul(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1, const fiat_p256_montgomery_domain_field_element arg2) {
|
168
|
+
uint64_t x1;
|
169
|
+
uint64_t x2;
|
170
|
+
uint64_t x3;
|
171
|
+
uint64_t x4;
|
135
172
|
uint64_t x5;
|
136
173
|
uint64_t x6;
|
137
|
-
fiat_p256_mulx_u64(&x5, &x6, x4, (arg2[3]));
|
138
174
|
uint64_t x7;
|
139
175
|
uint64_t x8;
|
140
|
-
fiat_p256_mulx_u64(&x7, &x8, x4, (arg2[2]));
|
141
176
|
uint64_t x9;
|
142
177
|
uint64_t x10;
|
143
|
-
fiat_p256_mulx_u64(&x9, &x10, x4, (arg2[1]));
|
144
178
|
uint64_t x11;
|
145
179
|
uint64_t x12;
|
146
|
-
fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0]));
|
147
180
|
uint64_t x13;
|
148
181
|
fiat_p256_uint1 x14;
|
149
|
-
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
150
182
|
uint64_t x15;
|
151
183
|
fiat_p256_uint1 x16;
|
152
|
-
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
153
184
|
uint64_t x17;
|
154
185
|
fiat_p256_uint1 x18;
|
155
|
-
|
156
|
-
uint64_t x19 = (x18 + x6);
|
186
|
+
uint64_t x19;
|
157
187
|
uint64_t x20;
|
158
188
|
uint64_t x21;
|
159
|
-
fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
|
160
189
|
uint64_t x22;
|
161
190
|
uint64_t x23;
|
162
|
-
fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
|
163
191
|
uint64_t x24;
|
164
192
|
uint64_t x25;
|
165
|
-
fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
|
166
193
|
uint64_t x26;
|
167
194
|
fiat_p256_uint1 x27;
|
168
|
-
|
169
|
-
uint64_t x28 = (x27 + x23);
|
195
|
+
uint64_t x28;
|
170
196
|
uint64_t x29;
|
171
197
|
fiat_p256_uint1 x30;
|
172
|
-
fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
|
173
198
|
uint64_t x31;
|
174
199
|
fiat_p256_uint1 x32;
|
175
|
-
fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
|
176
200
|
uint64_t x33;
|
177
201
|
fiat_p256_uint1 x34;
|
178
|
-
fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
|
179
202
|
uint64_t x35;
|
180
203
|
fiat_p256_uint1 x36;
|
181
|
-
fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
|
182
204
|
uint64_t x37;
|
183
205
|
fiat_p256_uint1 x38;
|
184
|
-
fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
|
185
206
|
uint64_t x39;
|
186
207
|
uint64_t x40;
|
187
|
-
fiat_p256_mulx_u64(&x39, &x40, x1, (arg2[3]));
|
188
208
|
uint64_t x41;
|
189
209
|
uint64_t x42;
|
190
|
-
fiat_p256_mulx_u64(&x41, &x42, x1, (arg2[2]));
|
191
210
|
uint64_t x43;
|
192
211
|
uint64_t x44;
|
193
|
-
fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[1]));
|
194
212
|
uint64_t x45;
|
195
213
|
uint64_t x46;
|
196
|
-
fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[0]));
|
197
214
|
uint64_t x47;
|
198
215
|
fiat_p256_uint1 x48;
|
199
|
-
fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
|
200
216
|
uint64_t x49;
|
201
217
|
fiat_p256_uint1 x50;
|
202
|
-
fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
|
203
218
|
uint64_t x51;
|
204
219
|
fiat_p256_uint1 x52;
|
205
|
-
|
206
|
-
uint64_t x53 = (x52 + x40);
|
220
|
+
uint64_t x53;
|
207
221
|
uint64_t x54;
|
208
222
|
fiat_p256_uint1 x55;
|
209
|
-
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
|
210
223
|
uint64_t x56;
|
211
224
|
fiat_p256_uint1 x57;
|
212
|
-
fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
|
213
225
|
uint64_t x58;
|
214
226
|
fiat_p256_uint1 x59;
|
215
|
-
fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
|
216
227
|
uint64_t x60;
|
217
228
|
fiat_p256_uint1 x61;
|
218
|
-
fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
|
219
229
|
uint64_t x62;
|
220
230
|
fiat_p256_uint1 x63;
|
221
|
-
fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
|
222
231
|
uint64_t x64;
|
223
232
|
uint64_t x65;
|
224
|
-
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
|
225
233
|
uint64_t x66;
|
226
234
|
uint64_t x67;
|
227
|
-
fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
|
228
235
|
uint64_t x68;
|
229
236
|
uint64_t x69;
|
230
|
-
fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
|
231
237
|
uint64_t x70;
|
232
238
|
fiat_p256_uint1 x71;
|
233
|
-
|
234
|
-
uint64_t x72 = (x71 + x67);
|
239
|
+
uint64_t x72;
|
235
240
|
uint64_t x73;
|
236
241
|
fiat_p256_uint1 x74;
|
237
|
-
fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
|
238
242
|
uint64_t x75;
|
239
243
|
fiat_p256_uint1 x76;
|
240
|
-
fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
|
241
244
|
uint64_t x77;
|
242
245
|
fiat_p256_uint1 x78;
|
243
|
-
fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
|
244
246
|
uint64_t x79;
|
245
247
|
fiat_p256_uint1 x80;
|
246
|
-
fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
|
247
248
|
uint64_t x81;
|
248
249
|
fiat_p256_uint1 x82;
|
249
|
-
|
250
|
-
uint64_t x83 = ((uint64_t)x82 + x63);
|
250
|
+
uint64_t x83;
|
251
251
|
uint64_t x84;
|
252
252
|
uint64_t x85;
|
253
|
-
fiat_p256_mulx_u64(&x84, &x85, x2, (arg2[3]));
|
254
253
|
uint64_t x86;
|
255
254
|
uint64_t x87;
|
256
|
-
fiat_p256_mulx_u64(&x86, &x87, x2, (arg2[2]));
|
257
255
|
uint64_t x88;
|
258
256
|
uint64_t x89;
|
259
|
-
fiat_p256_mulx_u64(&x88, &x89, x2, (arg2[1]));
|
260
257
|
uint64_t x90;
|
261
258
|
uint64_t x91;
|
262
|
-
fiat_p256_mulx_u64(&x90, &x91, x2, (arg2[0]));
|
263
259
|
uint64_t x92;
|
264
260
|
fiat_p256_uint1 x93;
|
265
|
-
fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
|
266
261
|
uint64_t x94;
|
267
262
|
fiat_p256_uint1 x95;
|
268
|
-
fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
|
269
263
|
uint64_t x96;
|
270
264
|
fiat_p256_uint1 x97;
|
271
|
-
|
272
|
-
uint64_t x98 = (x97 + x85);
|
265
|
+
uint64_t x98;
|
273
266
|
uint64_t x99;
|
274
267
|
fiat_p256_uint1 x100;
|
275
|
-
fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
|
276
268
|
uint64_t x101;
|
277
269
|
fiat_p256_uint1 x102;
|
278
|
-
fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
|
279
270
|
uint64_t x103;
|
280
271
|
fiat_p256_uint1 x104;
|
281
|
-
fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
|
282
272
|
uint64_t x105;
|
283
273
|
fiat_p256_uint1 x106;
|
284
|
-
fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
|
285
274
|
uint64_t x107;
|
286
275
|
fiat_p256_uint1 x108;
|
287
|
-
fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
|
288
276
|
uint64_t x109;
|
289
277
|
uint64_t x110;
|
290
|
-
fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
|
291
278
|
uint64_t x111;
|
292
279
|
uint64_t x112;
|
293
|
-
fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
|
294
280
|
uint64_t x113;
|
295
281
|
uint64_t x114;
|
296
|
-
fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
|
297
282
|
uint64_t x115;
|
298
283
|
fiat_p256_uint1 x116;
|
299
|
-
|
300
|
-
uint64_t x117 = (x116 + x112);
|
284
|
+
uint64_t x117;
|
301
285
|
uint64_t x118;
|
302
286
|
fiat_p256_uint1 x119;
|
303
|
-
fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
|
304
287
|
uint64_t x120;
|
305
288
|
fiat_p256_uint1 x121;
|
306
|
-
fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
|
307
289
|
uint64_t x122;
|
308
290
|
fiat_p256_uint1 x123;
|
309
|
-
fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
|
310
291
|
uint64_t x124;
|
311
292
|
fiat_p256_uint1 x125;
|
312
|
-
fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
|
313
293
|
uint64_t x126;
|
314
294
|
fiat_p256_uint1 x127;
|
315
|
-
|
316
|
-
uint64_t x128 = ((uint64_t)x127 + x108);
|
295
|
+
uint64_t x128;
|
317
296
|
uint64_t x129;
|
318
297
|
uint64_t x130;
|
319
|
-
fiat_p256_mulx_u64(&x129, &x130, x3, (arg2[3]));
|
320
298
|
uint64_t x131;
|
321
299
|
uint64_t x132;
|
322
|
-
fiat_p256_mulx_u64(&x131, &x132, x3, (arg2[2]));
|
323
300
|
uint64_t x133;
|
324
301
|
uint64_t x134;
|
325
|
-
fiat_p256_mulx_u64(&x133, &x134, x3, (arg2[1]));
|
326
302
|
uint64_t x135;
|
327
303
|
uint64_t x136;
|
328
|
-
fiat_p256_mulx_u64(&x135, &x136, x3, (arg2[0]));
|
329
304
|
uint64_t x137;
|
330
305
|
fiat_p256_uint1 x138;
|
331
|
-
fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
|
332
306
|
uint64_t x139;
|
333
307
|
fiat_p256_uint1 x140;
|
334
|
-
fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
|
335
308
|
uint64_t x141;
|
336
309
|
fiat_p256_uint1 x142;
|
337
|
-
|
338
|
-
uint64_t x143 = (x142 + x130);
|
310
|
+
uint64_t x143;
|
339
311
|
uint64_t x144;
|
340
312
|
fiat_p256_uint1 x145;
|
341
|
-
fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
|
342
313
|
uint64_t x146;
|
343
314
|
fiat_p256_uint1 x147;
|
344
|
-
fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
|
345
315
|
uint64_t x148;
|
346
316
|
fiat_p256_uint1 x149;
|
347
|
-
fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
|
348
317
|
uint64_t x150;
|
349
318
|
fiat_p256_uint1 x151;
|
350
|
-
fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
|
351
319
|
uint64_t x152;
|
352
320
|
fiat_p256_uint1 x153;
|
353
|
-
fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
|
354
321
|
uint64_t x154;
|
355
322
|
uint64_t x155;
|
356
|
-
fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
|
357
323
|
uint64_t x156;
|
358
324
|
uint64_t x157;
|
359
|
-
fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
|
360
325
|
uint64_t x158;
|
361
326
|
uint64_t x159;
|
362
|
-
fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
|
363
327
|
uint64_t x160;
|
364
328
|
fiat_p256_uint1 x161;
|
365
|
-
|
366
|
-
uint64_t x162 = (x161 + x157);
|
329
|
+
uint64_t x162;
|
367
330
|
uint64_t x163;
|
368
331
|
fiat_p256_uint1 x164;
|
369
|
-
fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
|
370
332
|
uint64_t x165;
|
371
333
|
fiat_p256_uint1 x166;
|
372
|
-
fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
|
373
334
|
uint64_t x167;
|
374
335
|
fiat_p256_uint1 x168;
|
375
|
-
fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
|
376
336
|
uint64_t x169;
|
377
337
|
fiat_p256_uint1 x170;
|
378
|
-
fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
|
379
338
|
uint64_t x171;
|
380
339
|
fiat_p256_uint1 x172;
|
381
|
-
|
382
|
-
uint64_t x173 = ((uint64_t)x172 + x153);
|
340
|
+
uint64_t x173;
|
383
341
|
uint64_t x174;
|
384
342
|
fiat_p256_uint1 x175;
|
385
|
-
fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
|
386
343
|
uint64_t x176;
|
387
344
|
fiat_p256_uint1 x177;
|
388
|
-
fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
|
389
345
|
uint64_t x178;
|
390
346
|
fiat_p256_uint1 x179;
|
391
|
-
fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
|
392
347
|
uint64_t x180;
|
393
348
|
fiat_p256_uint1 x181;
|
394
|
-
fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
|
395
349
|
uint64_t x182;
|
396
350
|
fiat_p256_uint1 x183;
|
397
|
-
fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
|
398
351
|
uint64_t x184;
|
399
|
-
fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
|
400
352
|
uint64_t x185;
|
401
|
-
fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
|
402
353
|
uint64_t x186;
|
403
|
-
fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
|
404
354
|
uint64_t x187;
|
355
|
+
x1 = (arg1[1]);
|
356
|
+
x2 = (arg1[2]);
|
357
|
+
x3 = (arg1[3]);
|
358
|
+
x4 = (arg1[0]);
|
359
|
+
fiat_p256_mulx_u64(&x5, &x6, x4, (arg2[3]));
|
360
|
+
fiat_p256_mulx_u64(&x7, &x8, x4, (arg2[2]));
|
361
|
+
fiat_p256_mulx_u64(&x9, &x10, x4, (arg2[1]));
|
362
|
+
fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0]));
|
363
|
+
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
364
|
+
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
365
|
+
fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
|
366
|
+
x19 = (x18 + x6);
|
367
|
+
fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
|
368
|
+
fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
|
369
|
+
fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
|
370
|
+
fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22);
|
371
|
+
x28 = (x27 + x23);
|
372
|
+
fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
|
373
|
+
fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
|
374
|
+
fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
|
375
|
+
fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
|
376
|
+
fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
|
377
|
+
fiat_p256_mulx_u64(&x39, &x40, x1, (arg2[3]));
|
378
|
+
fiat_p256_mulx_u64(&x41, &x42, x1, (arg2[2]));
|
379
|
+
fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[1]));
|
380
|
+
fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[0]));
|
381
|
+
fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
|
382
|
+
fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
|
383
|
+
fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39);
|
384
|
+
x53 = (x52 + x40);
|
385
|
+
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
|
386
|
+
fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
|
387
|
+
fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
|
388
|
+
fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
|
389
|
+
fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
|
390
|
+
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
|
391
|
+
fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
|
392
|
+
fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
|
393
|
+
fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66);
|
394
|
+
x72 = (x71 + x67);
|
395
|
+
fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
|
396
|
+
fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
|
397
|
+
fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
|
398
|
+
fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
|
399
|
+
fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65);
|
400
|
+
x83 = ((uint64_t)x82 + x63);
|
401
|
+
fiat_p256_mulx_u64(&x84, &x85, x2, (arg2[3]));
|
402
|
+
fiat_p256_mulx_u64(&x86, &x87, x2, (arg2[2]));
|
403
|
+
fiat_p256_mulx_u64(&x88, &x89, x2, (arg2[1]));
|
404
|
+
fiat_p256_mulx_u64(&x90, &x91, x2, (arg2[0]));
|
405
|
+
fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
|
406
|
+
fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
|
407
|
+
fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84);
|
408
|
+
x98 = (x97 + x85);
|
409
|
+
fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
|
410
|
+
fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
|
411
|
+
fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
|
412
|
+
fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
|
413
|
+
fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
|
414
|
+
fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
|
415
|
+
fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
|
416
|
+
fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
|
417
|
+
fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111);
|
418
|
+
x117 = (x116 + x112);
|
419
|
+
fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
|
420
|
+
fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
|
421
|
+
fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
|
422
|
+
fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
|
423
|
+
fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110);
|
424
|
+
x128 = ((uint64_t)x127 + x108);
|
425
|
+
fiat_p256_mulx_u64(&x129, &x130, x3, (arg2[3]));
|
426
|
+
fiat_p256_mulx_u64(&x131, &x132, x3, (arg2[2]));
|
427
|
+
fiat_p256_mulx_u64(&x133, &x134, x3, (arg2[1]));
|
428
|
+
fiat_p256_mulx_u64(&x135, &x136, x3, (arg2[0]));
|
429
|
+
fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
|
430
|
+
fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
|
431
|
+
fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129);
|
432
|
+
x143 = (x142 + x130);
|
433
|
+
fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
|
434
|
+
fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
|
435
|
+
fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
|
436
|
+
fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
|
437
|
+
fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
|
438
|
+
fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
|
439
|
+
fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
|
440
|
+
fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
|
441
|
+
fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156);
|
442
|
+
x162 = (x161 + x157);
|
443
|
+
fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
|
444
|
+
fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
|
445
|
+
fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
|
446
|
+
fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
|
447
|
+
fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155);
|
448
|
+
x173 = ((uint64_t)x172 + x153);
|
449
|
+
fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
|
450
|
+
fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
|
451
|
+
fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
|
452
|
+
fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
|
453
|
+
fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
|
454
|
+
fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
|
455
|
+
fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
|
456
|
+
fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
|
405
457
|
fiat_p256_cmovznz_u64(&x187, x183, x180, x171);
|
406
458
|
out1[0] = x184;
|
407
459
|
out1[1] = x185;
|
@@ -411,292 +463,304 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
411
463
|
|
412
464
|
/*
|
413
465
|
* The function fiat_p256_square squares a field element in the Montgomery domain.
|
466
|
+
*
|
414
467
|
* Preconditions:
|
415
468
|
* 0 ≤ eval arg1 < m
|
416
469
|
* Postconditions:
|
417
470
|
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
|
418
471
|
* 0 ≤ eval out1 < m
|
419
472
|
*
|
420
|
-
* Input Bounds:
|
421
|
-
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
422
|
-
* Output Bounds:
|
423
|
-
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
424
473
|
*/
|
425
|
-
static void fiat_p256_square(
|
426
|
-
uint64_t x1
|
427
|
-
uint64_t x2
|
428
|
-
uint64_t x3
|
429
|
-
uint64_t x4
|
474
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_square(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1) {
|
475
|
+
uint64_t x1;
|
476
|
+
uint64_t x2;
|
477
|
+
uint64_t x3;
|
478
|
+
uint64_t x4;
|
430
479
|
uint64_t x5;
|
431
480
|
uint64_t x6;
|
432
|
-
fiat_p256_mulx_u64(&x5, &x6, x4, (arg1[3]));
|
433
481
|
uint64_t x7;
|
434
482
|
uint64_t x8;
|
435
|
-
fiat_p256_mulx_u64(&x7, &x8, x4, (arg1[2]));
|
436
483
|
uint64_t x9;
|
437
484
|
uint64_t x10;
|
438
|
-
fiat_p256_mulx_u64(&x9, &x10, x4, (arg1[1]));
|
439
485
|
uint64_t x11;
|
440
486
|
uint64_t x12;
|
441
|
-
fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0]));
|
442
487
|
uint64_t x13;
|
443
488
|
fiat_p256_uint1 x14;
|
444
|
-
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
445
489
|
uint64_t x15;
|
446
490
|
fiat_p256_uint1 x16;
|
447
|
-
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
448
491
|
uint64_t x17;
|
449
492
|
fiat_p256_uint1 x18;
|
450
|
-
|
451
|
-
uint64_t x19 = (x18 + x6);
|
493
|
+
uint64_t x19;
|
452
494
|
uint64_t x20;
|
453
495
|
uint64_t x21;
|
454
|
-
fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
|
455
496
|
uint64_t x22;
|
456
497
|
uint64_t x23;
|
457
|
-
fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
|
458
498
|
uint64_t x24;
|
459
499
|
uint64_t x25;
|
460
|
-
fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
|
461
500
|
uint64_t x26;
|
462
501
|
fiat_p256_uint1 x27;
|
463
|
-
|
464
|
-
uint64_t x28 = (x27 + x23);
|
502
|
+
uint64_t x28;
|
465
503
|
uint64_t x29;
|
466
504
|
fiat_p256_uint1 x30;
|
467
|
-
fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
|
468
505
|
uint64_t x31;
|
469
506
|
fiat_p256_uint1 x32;
|
470
|
-
fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
|
471
507
|
uint64_t x33;
|
472
508
|
fiat_p256_uint1 x34;
|
473
|
-
fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
|
474
509
|
uint64_t x35;
|
475
510
|
fiat_p256_uint1 x36;
|
476
|
-
fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
|
477
511
|
uint64_t x37;
|
478
512
|
fiat_p256_uint1 x38;
|
479
|
-
fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
|
480
513
|
uint64_t x39;
|
481
514
|
uint64_t x40;
|
482
|
-
fiat_p256_mulx_u64(&x39, &x40, x1, (arg1[3]));
|
483
515
|
uint64_t x41;
|
484
516
|
uint64_t x42;
|
485
|
-
fiat_p256_mulx_u64(&x41, &x42, x1, (arg1[2]));
|
486
517
|
uint64_t x43;
|
487
518
|
uint64_t x44;
|
488
|
-
fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[1]));
|
489
519
|
uint64_t x45;
|
490
520
|
uint64_t x46;
|
491
|
-
fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[0]));
|
492
521
|
uint64_t x47;
|
493
522
|
fiat_p256_uint1 x48;
|
494
|
-
fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
|
495
523
|
uint64_t x49;
|
496
524
|
fiat_p256_uint1 x50;
|
497
|
-
fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
|
498
525
|
uint64_t x51;
|
499
526
|
fiat_p256_uint1 x52;
|
500
|
-
|
501
|
-
uint64_t x53 = (x52 + x40);
|
527
|
+
uint64_t x53;
|
502
528
|
uint64_t x54;
|
503
529
|
fiat_p256_uint1 x55;
|
504
|
-
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
|
505
530
|
uint64_t x56;
|
506
531
|
fiat_p256_uint1 x57;
|
507
|
-
fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
|
508
532
|
uint64_t x58;
|
509
533
|
fiat_p256_uint1 x59;
|
510
|
-
fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
|
511
534
|
uint64_t x60;
|
512
535
|
fiat_p256_uint1 x61;
|
513
|
-
fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
|
514
536
|
uint64_t x62;
|
515
537
|
fiat_p256_uint1 x63;
|
516
|
-
fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
|
517
538
|
uint64_t x64;
|
518
539
|
uint64_t x65;
|
519
|
-
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
|
520
540
|
uint64_t x66;
|
521
541
|
uint64_t x67;
|
522
|
-
fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
|
523
542
|
uint64_t x68;
|
524
543
|
uint64_t x69;
|
525
|
-
fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
|
526
544
|
uint64_t x70;
|
527
545
|
fiat_p256_uint1 x71;
|
528
|
-
|
529
|
-
uint64_t x72 = (x71 + x67);
|
546
|
+
uint64_t x72;
|
530
547
|
uint64_t x73;
|
531
548
|
fiat_p256_uint1 x74;
|
532
|
-
fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
|
533
549
|
uint64_t x75;
|
534
550
|
fiat_p256_uint1 x76;
|
535
|
-
fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
|
536
551
|
uint64_t x77;
|
537
552
|
fiat_p256_uint1 x78;
|
538
|
-
fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
|
539
553
|
uint64_t x79;
|
540
554
|
fiat_p256_uint1 x80;
|
541
|
-
fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
|
542
555
|
uint64_t x81;
|
543
556
|
fiat_p256_uint1 x82;
|
544
|
-
|
545
|
-
uint64_t x83 = ((uint64_t)x82 + x63);
|
557
|
+
uint64_t x83;
|
546
558
|
uint64_t x84;
|
547
559
|
uint64_t x85;
|
548
|
-
fiat_p256_mulx_u64(&x84, &x85, x2, (arg1[3]));
|
549
560
|
uint64_t x86;
|
550
561
|
uint64_t x87;
|
551
|
-
fiat_p256_mulx_u64(&x86, &x87, x2, (arg1[2]));
|
552
562
|
uint64_t x88;
|
553
563
|
uint64_t x89;
|
554
|
-
fiat_p256_mulx_u64(&x88, &x89, x2, (arg1[1]));
|
555
564
|
uint64_t x90;
|
556
565
|
uint64_t x91;
|
557
|
-
fiat_p256_mulx_u64(&x90, &x91, x2, (arg1[0]));
|
558
566
|
uint64_t x92;
|
559
567
|
fiat_p256_uint1 x93;
|
560
|
-
fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
|
561
568
|
uint64_t x94;
|
562
569
|
fiat_p256_uint1 x95;
|
563
|
-
fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
|
564
570
|
uint64_t x96;
|
565
571
|
fiat_p256_uint1 x97;
|
566
|
-
|
567
|
-
uint64_t x98 = (x97 + x85);
|
572
|
+
uint64_t x98;
|
568
573
|
uint64_t x99;
|
569
574
|
fiat_p256_uint1 x100;
|
570
|
-
fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
|
571
575
|
uint64_t x101;
|
572
576
|
fiat_p256_uint1 x102;
|
573
|
-
fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
|
574
577
|
uint64_t x103;
|
575
578
|
fiat_p256_uint1 x104;
|
576
|
-
fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
|
577
579
|
uint64_t x105;
|
578
580
|
fiat_p256_uint1 x106;
|
579
|
-
fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
|
580
581
|
uint64_t x107;
|
581
582
|
fiat_p256_uint1 x108;
|
582
|
-
fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
|
583
583
|
uint64_t x109;
|
584
584
|
uint64_t x110;
|
585
|
-
fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
|
586
585
|
uint64_t x111;
|
587
586
|
uint64_t x112;
|
588
|
-
fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
|
589
587
|
uint64_t x113;
|
590
588
|
uint64_t x114;
|
591
|
-
fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
|
592
589
|
uint64_t x115;
|
593
590
|
fiat_p256_uint1 x116;
|
594
|
-
|
595
|
-
uint64_t x117 = (x116 + x112);
|
591
|
+
uint64_t x117;
|
596
592
|
uint64_t x118;
|
597
593
|
fiat_p256_uint1 x119;
|
598
|
-
fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
|
599
594
|
uint64_t x120;
|
600
595
|
fiat_p256_uint1 x121;
|
601
|
-
fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
|
602
596
|
uint64_t x122;
|
603
597
|
fiat_p256_uint1 x123;
|
604
|
-
fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
|
605
598
|
uint64_t x124;
|
606
599
|
fiat_p256_uint1 x125;
|
607
|
-
fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
|
608
600
|
uint64_t x126;
|
609
601
|
fiat_p256_uint1 x127;
|
610
|
-
|
611
|
-
uint64_t x128 = ((uint64_t)x127 + x108);
|
602
|
+
uint64_t x128;
|
612
603
|
uint64_t x129;
|
613
604
|
uint64_t x130;
|
614
|
-
fiat_p256_mulx_u64(&x129, &x130, x3, (arg1[3]));
|
615
605
|
uint64_t x131;
|
616
606
|
uint64_t x132;
|
617
|
-
fiat_p256_mulx_u64(&x131, &x132, x3, (arg1[2]));
|
618
607
|
uint64_t x133;
|
619
608
|
uint64_t x134;
|
620
|
-
fiat_p256_mulx_u64(&x133, &x134, x3, (arg1[1]));
|
621
609
|
uint64_t x135;
|
622
610
|
uint64_t x136;
|
623
|
-
fiat_p256_mulx_u64(&x135, &x136, x3, (arg1[0]));
|
624
611
|
uint64_t x137;
|
625
612
|
fiat_p256_uint1 x138;
|
626
|
-
fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
|
627
613
|
uint64_t x139;
|
628
614
|
fiat_p256_uint1 x140;
|
629
|
-
fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
|
630
615
|
uint64_t x141;
|
631
616
|
fiat_p256_uint1 x142;
|
632
|
-
|
633
|
-
uint64_t x143 = (x142 + x130);
|
617
|
+
uint64_t x143;
|
634
618
|
uint64_t x144;
|
635
619
|
fiat_p256_uint1 x145;
|
636
|
-
fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
|
637
620
|
uint64_t x146;
|
638
621
|
fiat_p256_uint1 x147;
|
639
|
-
fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
|
640
622
|
uint64_t x148;
|
641
623
|
fiat_p256_uint1 x149;
|
642
|
-
fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
|
643
624
|
uint64_t x150;
|
644
625
|
fiat_p256_uint1 x151;
|
645
|
-
fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
|
646
626
|
uint64_t x152;
|
647
627
|
fiat_p256_uint1 x153;
|
648
|
-
fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
|
649
628
|
uint64_t x154;
|
650
629
|
uint64_t x155;
|
651
|
-
fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
|
652
630
|
uint64_t x156;
|
653
631
|
uint64_t x157;
|
654
|
-
fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
|
655
632
|
uint64_t x158;
|
656
633
|
uint64_t x159;
|
657
|
-
fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
|
658
634
|
uint64_t x160;
|
659
635
|
fiat_p256_uint1 x161;
|
660
|
-
|
661
|
-
uint64_t x162 = (x161 + x157);
|
636
|
+
uint64_t x162;
|
662
637
|
uint64_t x163;
|
663
638
|
fiat_p256_uint1 x164;
|
664
|
-
fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
|
665
639
|
uint64_t x165;
|
666
640
|
fiat_p256_uint1 x166;
|
667
|
-
fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
|
668
641
|
uint64_t x167;
|
669
642
|
fiat_p256_uint1 x168;
|
670
|
-
fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
|
671
643
|
uint64_t x169;
|
672
644
|
fiat_p256_uint1 x170;
|
673
|
-
fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
|
674
645
|
uint64_t x171;
|
675
646
|
fiat_p256_uint1 x172;
|
676
|
-
|
677
|
-
uint64_t x173 = ((uint64_t)x172 + x153);
|
647
|
+
uint64_t x173;
|
678
648
|
uint64_t x174;
|
679
649
|
fiat_p256_uint1 x175;
|
680
|
-
fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
|
681
650
|
uint64_t x176;
|
682
651
|
fiat_p256_uint1 x177;
|
683
|
-
fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
|
684
652
|
uint64_t x178;
|
685
653
|
fiat_p256_uint1 x179;
|
686
|
-
fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
|
687
654
|
uint64_t x180;
|
688
655
|
fiat_p256_uint1 x181;
|
689
|
-
fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
|
690
656
|
uint64_t x182;
|
691
657
|
fiat_p256_uint1 x183;
|
692
|
-
fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
|
693
658
|
uint64_t x184;
|
694
|
-
fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
|
695
659
|
uint64_t x185;
|
696
|
-
fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
|
697
660
|
uint64_t x186;
|
698
|
-
fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
|
699
661
|
uint64_t x187;
|
662
|
+
x1 = (arg1[1]);
|
663
|
+
x2 = (arg1[2]);
|
664
|
+
x3 = (arg1[3]);
|
665
|
+
x4 = (arg1[0]);
|
666
|
+
fiat_p256_mulx_u64(&x5, &x6, x4, (arg1[3]));
|
667
|
+
fiat_p256_mulx_u64(&x7, &x8, x4, (arg1[2]));
|
668
|
+
fiat_p256_mulx_u64(&x9, &x10, x4, (arg1[1]));
|
669
|
+
fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0]));
|
670
|
+
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
671
|
+
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
672
|
+
fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
|
673
|
+
x19 = (x18 + x6);
|
674
|
+
fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001));
|
675
|
+
fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff));
|
676
|
+
fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff));
|
677
|
+
fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22);
|
678
|
+
x28 = (x27 + x23);
|
679
|
+
fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24);
|
680
|
+
fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26);
|
681
|
+
fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28);
|
682
|
+
fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20);
|
683
|
+
fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21);
|
684
|
+
fiat_p256_mulx_u64(&x39, &x40, x1, (arg1[3]));
|
685
|
+
fiat_p256_mulx_u64(&x41, &x42, x1, (arg1[2]));
|
686
|
+
fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[1]));
|
687
|
+
fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[0]));
|
688
|
+
fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43);
|
689
|
+
fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41);
|
690
|
+
fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39);
|
691
|
+
x53 = (x52 + x40);
|
692
|
+
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45);
|
693
|
+
fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47);
|
694
|
+
fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49);
|
695
|
+
fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51);
|
696
|
+
fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53);
|
697
|
+
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001));
|
698
|
+
fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff));
|
699
|
+
fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff));
|
700
|
+
fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66);
|
701
|
+
x72 = (x71 + x67);
|
702
|
+
fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68);
|
703
|
+
fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70);
|
704
|
+
fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72);
|
705
|
+
fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64);
|
706
|
+
fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65);
|
707
|
+
x83 = ((uint64_t)x82 + x63);
|
708
|
+
fiat_p256_mulx_u64(&x84, &x85, x2, (arg1[3]));
|
709
|
+
fiat_p256_mulx_u64(&x86, &x87, x2, (arg1[2]));
|
710
|
+
fiat_p256_mulx_u64(&x88, &x89, x2, (arg1[1]));
|
711
|
+
fiat_p256_mulx_u64(&x90, &x91, x2, (arg1[0]));
|
712
|
+
fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88);
|
713
|
+
fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86);
|
714
|
+
fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84);
|
715
|
+
x98 = (x97 + x85);
|
716
|
+
fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90);
|
717
|
+
fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92);
|
718
|
+
fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94);
|
719
|
+
fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96);
|
720
|
+
fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98);
|
721
|
+
fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001));
|
722
|
+
fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff));
|
723
|
+
fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff));
|
724
|
+
fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111);
|
725
|
+
x117 = (x116 + x112);
|
726
|
+
fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113);
|
727
|
+
fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115);
|
728
|
+
fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117);
|
729
|
+
fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109);
|
730
|
+
fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110);
|
731
|
+
x128 = ((uint64_t)x127 + x108);
|
732
|
+
fiat_p256_mulx_u64(&x129, &x130, x3, (arg1[3]));
|
733
|
+
fiat_p256_mulx_u64(&x131, &x132, x3, (arg1[2]));
|
734
|
+
fiat_p256_mulx_u64(&x133, &x134, x3, (arg1[1]));
|
735
|
+
fiat_p256_mulx_u64(&x135, &x136, x3, (arg1[0]));
|
736
|
+
fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133);
|
737
|
+
fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131);
|
738
|
+
fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129);
|
739
|
+
x143 = (x142 + x130);
|
740
|
+
fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135);
|
741
|
+
fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137);
|
742
|
+
fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139);
|
743
|
+
fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141);
|
744
|
+
fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143);
|
745
|
+
fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001));
|
746
|
+
fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff));
|
747
|
+
fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff));
|
748
|
+
fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156);
|
749
|
+
x162 = (x161 + x157);
|
750
|
+
fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158);
|
751
|
+
fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160);
|
752
|
+
fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162);
|
753
|
+
fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154);
|
754
|
+
fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155);
|
755
|
+
x173 = ((uint64_t)x172 + x153);
|
756
|
+
fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff));
|
757
|
+
fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff));
|
758
|
+
fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0);
|
759
|
+
fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001));
|
760
|
+
fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0);
|
761
|
+
fiat_p256_cmovznz_u64(&x184, x183, x174, x165);
|
762
|
+
fiat_p256_cmovznz_u64(&x185, x183, x176, x167);
|
763
|
+
fiat_p256_cmovznz_u64(&x186, x183, x178, x169);
|
700
764
|
fiat_p256_cmovznz_u64(&x187, x183, x180, x171);
|
701
765
|
out1[0] = x184;
|
702
766
|
out1[1] = x185;
|
@@ -706,6 +770,7 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
706
770
|
|
707
771
|
/*
|
708
772
|
* The function fiat_p256_add adds two field elements in the Montgomery domain.
|
773
|
+
*
|
709
774
|
* Preconditions:
|
710
775
|
* 0 ≤ eval arg1 < m
|
711
776
|
* 0 ≤ eval arg2 < m
|
@@ -713,47 +778,42 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
713
778
|
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
|
714
779
|
* 0 ≤ eval out1 < m
|
715
780
|
*
|
716
|
-
* Input Bounds:
|
717
|
-
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
718
|
-
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
719
|
-
* Output Bounds:
|
720
|
-
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
721
781
|
*/
|
722
|
-
static void fiat_p256_add(
|
782
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_add(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1, const fiat_p256_montgomery_domain_field_element arg2) {
|
723
783
|
uint64_t x1;
|
724
784
|
fiat_p256_uint1 x2;
|
725
|
-
fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
|
726
785
|
uint64_t x3;
|
727
786
|
fiat_p256_uint1 x4;
|
728
|
-
fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
|
729
787
|
uint64_t x5;
|
730
788
|
fiat_p256_uint1 x6;
|
731
|
-
fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
|
732
789
|
uint64_t x7;
|
733
790
|
fiat_p256_uint1 x8;
|
734
|
-
fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
|
735
791
|
uint64_t x9;
|
736
792
|
fiat_p256_uint1 x10;
|
737
|
-
fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff));
|
738
793
|
uint64_t x11;
|
739
794
|
fiat_p256_uint1 x12;
|
740
|
-
fiat_p256_subborrowx_u64(&x11, &x12, x10, x3, UINT32_C(0xffffffff));
|
741
795
|
uint64_t x13;
|
742
796
|
fiat_p256_uint1 x14;
|
743
|
-
fiat_p256_subborrowx_u64(&x13, &x14, x12, x5, 0x0);
|
744
797
|
uint64_t x15;
|
745
798
|
fiat_p256_uint1 x16;
|
746
|
-
fiat_p256_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffff00000001));
|
747
799
|
uint64_t x17;
|
748
800
|
fiat_p256_uint1 x18;
|
749
|
-
fiat_p256_subborrowx_u64(&x17, &x18, x16, x8, 0x0);
|
750
801
|
uint64_t x19;
|
751
|
-
fiat_p256_cmovznz_u64(&x19, x18, x9, x1);
|
752
802
|
uint64_t x20;
|
753
|
-
fiat_p256_cmovznz_u64(&x20, x18, x11, x3);
|
754
803
|
uint64_t x21;
|
755
|
-
fiat_p256_cmovznz_u64(&x21, x18, x13, x5);
|
756
804
|
uint64_t x22;
|
805
|
+
fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
|
806
|
+
fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
|
807
|
+
fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
|
808
|
+
fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
|
809
|
+
fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff));
|
810
|
+
fiat_p256_subborrowx_u64(&x11, &x12, x10, x3, UINT32_C(0xffffffff));
|
811
|
+
fiat_p256_subborrowx_u64(&x13, &x14, x12, x5, 0x0);
|
812
|
+
fiat_p256_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffff00000001));
|
813
|
+
fiat_p256_subborrowx_u64(&x17, &x18, x16, x8, 0x0);
|
814
|
+
fiat_p256_cmovznz_u64(&x19, x18, x9, x1);
|
815
|
+
fiat_p256_cmovznz_u64(&x20, x18, x11, x3);
|
816
|
+
fiat_p256_cmovznz_u64(&x21, x18, x13, x5);
|
757
817
|
fiat_p256_cmovznz_u64(&x22, x18, x15, x7);
|
758
818
|
out1[0] = x19;
|
759
819
|
out1[1] = x20;
|
@@ -763,6 +823,7 @@ static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
763
823
|
|
764
824
|
/*
|
765
825
|
* The function fiat_p256_sub subtracts two field elements in the Montgomery domain.
|
826
|
+
*
|
766
827
|
* Preconditions:
|
767
828
|
* 0 ≤ eval arg1 < m
|
768
829
|
* 0 ≤ eval arg2 < m
|
@@ -770,38 +831,33 @@ static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
770
831
|
* eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
|
771
832
|
* 0 ≤ eval out1 < m
|
772
833
|
*
|
773
|
-
* Input Bounds:
|
774
|
-
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
775
|
-
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
776
|
-
* Output Bounds:
|
777
|
-
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
778
834
|
*/
|
779
|
-
static void fiat_p256_sub(
|
835
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_sub(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1, const fiat_p256_montgomery_domain_field_element arg2) {
|
780
836
|
uint64_t x1;
|
781
837
|
fiat_p256_uint1 x2;
|
782
|
-
fiat_p256_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
|
783
838
|
uint64_t x3;
|
784
839
|
fiat_p256_uint1 x4;
|
785
|
-
fiat_p256_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
|
786
840
|
uint64_t x5;
|
787
841
|
fiat_p256_uint1 x6;
|
788
|
-
fiat_p256_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
|
789
842
|
uint64_t x7;
|
790
843
|
fiat_p256_uint1 x8;
|
791
|
-
fiat_p256_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
|
792
844
|
uint64_t x9;
|
793
|
-
fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
|
794
845
|
uint64_t x10;
|
795
846
|
fiat_p256_uint1 x11;
|
796
|
-
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff)));
|
797
847
|
uint64_t x12;
|
798
848
|
fiat_p256_uint1 x13;
|
799
|
-
fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
|
800
849
|
uint64_t x14;
|
801
850
|
fiat_p256_uint1 x15;
|
802
|
-
fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
|
803
851
|
uint64_t x16;
|
804
852
|
fiat_p256_uint1 x17;
|
853
|
+
fiat_p256_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
|
854
|
+
fiat_p256_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
|
855
|
+
fiat_p256_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
|
856
|
+
fiat_p256_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
|
857
|
+
fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
|
858
|
+
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x9);
|
859
|
+
fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
|
860
|
+
fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
|
805
861
|
fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001)));
|
806
862
|
out1[0] = x10;
|
807
863
|
out1[1] = x12;
|
@@ -811,43 +867,40 @@ static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64
|
|
811
867
|
|
812
868
|
/*
|
813
869
|
* The function fiat_p256_opp negates a field element in the Montgomery domain.
|
870
|
+
*
|
814
871
|
* Preconditions:
|
815
872
|
* 0 ≤ eval arg1 < m
|
816
873
|
* Postconditions:
|
817
874
|
* eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
|
818
875
|
* 0 ≤ eval out1 < m
|
819
876
|
*
|
820
|
-
* Input Bounds:
|
821
|
-
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
822
|
-
* Output Bounds:
|
823
|
-
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
824
877
|
*/
|
825
|
-
static void fiat_p256_opp(
|
878
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_opp(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1) {
|
826
879
|
uint64_t x1;
|
827
880
|
fiat_p256_uint1 x2;
|
828
|
-
fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0]));
|
829
881
|
uint64_t x3;
|
830
882
|
fiat_p256_uint1 x4;
|
831
|
-
fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1]));
|
832
883
|
uint64_t x5;
|
833
884
|
fiat_p256_uint1 x6;
|
834
|
-
fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2]));
|
835
885
|
uint64_t x7;
|
836
886
|
fiat_p256_uint1 x8;
|
837
|
-
fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3]));
|
838
887
|
uint64_t x9;
|
839
|
-
fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
|
840
888
|
uint64_t x10;
|
841
889
|
fiat_p256_uint1 x11;
|
842
|
-
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff)));
|
843
890
|
uint64_t x12;
|
844
891
|
fiat_p256_uint1 x13;
|
845
|
-
fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
|
846
892
|
uint64_t x14;
|
847
893
|
fiat_p256_uint1 x15;
|
848
|
-
fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
|
849
894
|
uint64_t x16;
|
850
895
|
fiat_p256_uint1 x17;
|
896
|
+
fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0]));
|
897
|
+
fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1]));
|
898
|
+
fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2]));
|
899
|
+
fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3]));
|
900
|
+
fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
|
901
|
+
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x9);
|
902
|
+
fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff)));
|
903
|
+
fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0);
|
851
904
|
fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001)));
|
852
905
|
out1[0] = x10;
|
853
906
|
out1[1] = x12;
|
@@ -857,153 +910,152 @@ static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) {
|
|
857
910
|
|
858
911
|
/*
|
859
912
|
* The function fiat_p256_from_montgomery translates a field element out of the Montgomery domain.
|
913
|
+
*
|
860
914
|
* Preconditions:
|
861
915
|
* 0 ≤ eval arg1 < m
|
862
916
|
* Postconditions:
|
863
917
|
* eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m
|
864
918
|
* 0 ≤ eval out1 < m
|
865
919
|
*
|
866
|
-
* Input Bounds:
|
867
|
-
* arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
868
|
-
* Output Bounds:
|
869
|
-
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
870
920
|
*/
|
871
|
-
static void fiat_p256_from_montgomery(
|
872
|
-
uint64_t x1
|
921
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_from_montgomery(fiat_p256_non_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1) {
|
922
|
+
uint64_t x1;
|
873
923
|
uint64_t x2;
|
874
924
|
uint64_t x3;
|
875
|
-
fiat_p256_mulx_u64(&x2, &x3, x1, UINT64_C(0xffffffff00000001));
|
876
925
|
uint64_t x4;
|
877
926
|
uint64_t x5;
|
878
|
-
fiat_p256_mulx_u64(&x4, &x5, x1, UINT32_C(0xffffffff));
|
879
927
|
uint64_t x6;
|
880
928
|
uint64_t x7;
|
881
|
-
fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff));
|
882
929
|
uint64_t x8;
|
883
930
|
fiat_p256_uint1 x9;
|
884
|
-
fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x7, x4);
|
885
931
|
uint64_t x10;
|
886
932
|
fiat_p256_uint1 x11;
|
887
|
-
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x6);
|
888
933
|
uint64_t x12;
|
889
934
|
fiat_p256_uint1 x13;
|
890
|
-
fiat_p256_addcarryx_u64(&x12, &x13, x11, 0x0, x8);
|
891
935
|
uint64_t x14;
|
892
936
|
fiat_p256_uint1 x15;
|
893
|
-
fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x12, (arg1[1]));
|
894
937
|
uint64_t x16;
|
895
938
|
uint64_t x17;
|
896
|
-
fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001));
|
897
939
|
uint64_t x18;
|
898
940
|
uint64_t x19;
|
899
|
-
fiat_p256_mulx_u64(&x18, &x19, x14, UINT32_C(0xffffffff));
|
900
941
|
uint64_t x20;
|
901
942
|
uint64_t x21;
|
902
|
-
fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff));
|
903
943
|
uint64_t x22;
|
904
944
|
fiat_p256_uint1 x23;
|
905
|
-
fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x21, x18);
|
906
945
|
uint64_t x24;
|
907
946
|
fiat_p256_uint1 x25;
|
908
|
-
fiat_p256_addcarryx_u64(&x24, &x25, 0x0, x14, x20);
|
909
947
|
uint64_t x26;
|
910
948
|
fiat_p256_uint1 x27;
|
911
|
-
fiat_p256_addcarryx_u64(&x26, &x27, x25, (x15 + (x13 + (x9 + x5))), x22);
|
912
949
|
uint64_t x28;
|
913
950
|
fiat_p256_uint1 x29;
|
914
|
-
fiat_p256_addcarryx_u64(&x28, &x29, x27, x2, (x23 + x19));
|
915
951
|
uint64_t x30;
|
916
952
|
fiat_p256_uint1 x31;
|
917
|
-
fiat_p256_addcarryx_u64(&x30, &x31, x29, x3, x16);
|
918
953
|
uint64_t x32;
|
919
954
|
fiat_p256_uint1 x33;
|
920
|
-
fiat_p256_addcarryx_u64(&x32, &x33, 0x0, x26, (arg1[2]));
|
921
955
|
uint64_t x34;
|
922
956
|
fiat_p256_uint1 x35;
|
923
|
-
fiat_p256_addcarryx_u64(&x34, &x35, x33, x28, 0x0);
|
924
957
|
uint64_t x36;
|
925
958
|
fiat_p256_uint1 x37;
|
926
|
-
fiat_p256_addcarryx_u64(&x36, &x37, x35, x30, 0x0);
|
927
959
|
uint64_t x38;
|
928
960
|
uint64_t x39;
|
929
|
-
fiat_p256_mulx_u64(&x38, &x39, x32, UINT64_C(0xffffffff00000001));
|
930
961
|
uint64_t x40;
|
931
962
|
uint64_t x41;
|
932
|
-
fiat_p256_mulx_u64(&x40, &x41, x32, UINT32_C(0xffffffff));
|
933
963
|
uint64_t x42;
|
934
964
|
uint64_t x43;
|
935
|
-
fiat_p256_mulx_u64(&x42, &x43, x32, UINT64_C(0xffffffffffffffff));
|
936
965
|
uint64_t x44;
|
937
966
|
fiat_p256_uint1 x45;
|
938
|
-
fiat_p256_addcarryx_u64(&x44, &x45, 0x0, x43, x40);
|
939
967
|
uint64_t x46;
|
940
968
|
fiat_p256_uint1 x47;
|
941
|
-
fiat_p256_addcarryx_u64(&x46, &x47, 0x0, x32, x42);
|
942
969
|
uint64_t x48;
|
943
970
|
fiat_p256_uint1 x49;
|
944
|
-
fiat_p256_addcarryx_u64(&x48, &x49, x47, x34, x44);
|
945
971
|
uint64_t x50;
|
946
972
|
fiat_p256_uint1 x51;
|
947
|
-
fiat_p256_addcarryx_u64(&x50, &x51, x49, x36, (x45 + x41));
|
948
973
|
uint64_t x52;
|
949
974
|
fiat_p256_uint1 x53;
|
950
|
-
fiat_p256_addcarryx_u64(&x52, &x53, x51, (x37 + (x31 + x17)), x38);
|
951
975
|
uint64_t x54;
|
952
976
|
fiat_p256_uint1 x55;
|
953
|
-
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x48, (arg1[3]));
|
954
977
|
uint64_t x56;
|
955
978
|
fiat_p256_uint1 x57;
|
956
|
-
fiat_p256_addcarryx_u64(&x56, &x57, x55, x50, 0x0);
|
957
979
|
uint64_t x58;
|
958
980
|
fiat_p256_uint1 x59;
|
959
|
-
fiat_p256_addcarryx_u64(&x58, &x59, x57, x52, 0x0);
|
960
981
|
uint64_t x60;
|
961
982
|
uint64_t x61;
|
962
|
-
fiat_p256_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffff00000001));
|
963
983
|
uint64_t x62;
|
964
984
|
uint64_t x63;
|
965
|
-
fiat_p256_mulx_u64(&x62, &x63, x54, UINT32_C(0xffffffff));
|
966
985
|
uint64_t x64;
|
967
986
|
uint64_t x65;
|
968
|
-
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffffffffffff));
|
969
987
|
uint64_t x66;
|
970
988
|
fiat_p256_uint1 x67;
|
971
|
-
fiat_p256_addcarryx_u64(&x66, &x67, 0x0, x65, x62);
|
972
989
|
uint64_t x68;
|
973
990
|
fiat_p256_uint1 x69;
|
974
|
-
fiat_p256_addcarryx_u64(&x68, &x69, 0x0, x54, x64);
|
975
991
|
uint64_t x70;
|
976
992
|
fiat_p256_uint1 x71;
|
977
|
-
fiat_p256_addcarryx_u64(&x70, &x71, x69, x56, x66);
|
978
993
|
uint64_t x72;
|
979
994
|
fiat_p256_uint1 x73;
|
980
|
-
fiat_p256_addcarryx_u64(&x72, &x73, x71, x58, (x67 + x63));
|
981
995
|
uint64_t x74;
|
982
996
|
fiat_p256_uint1 x75;
|
983
|
-
|
984
|
-
uint64_t x76 = (x75 + x61);
|
997
|
+
uint64_t x76;
|
985
998
|
uint64_t x77;
|
986
999
|
fiat_p256_uint1 x78;
|
987
|
-
fiat_p256_subborrowx_u64(&x77, &x78, 0x0, x70, UINT64_C(0xffffffffffffffff));
|
988
1000
|
uint64_t x79;
|
989
1001
|
fiat_p256_uint1 x80;
|
990
|
-
fiat_p256_subborrowx_u64(&x79, &x80, x78, x72, UINT32_C(0xffffffff));
|
991
1002
|
uint64_t x81;
|
992
1003
|
fiat_p256_uint1 x82;
|
993
|
-
fiat_p256_subborrowx_u64(&x81, &x82, x80, x74, 0x0);
|
994
1004
|
uint64_t x83;
|
995
1005
|
fiat_p256_uint1 x84;
|
996
|
-
fiat_p256_subborrowx_u64(&x83, &x84, x82, x76, UINT64_C(0xffffffff00000001));
|
997
1006
|
uint64_t x85;
|
998
1007
|
fiat_p256_uint1 x86;
|
999
|
-
fiat_p256_subborrowx_u64(&x85, &x86, x84, 0x0, 0x0);
|
1000
1008
|
uint64_t x87;
|
1001
|
-
fiat_p256_cmovznz_u64(&x87, x86, x77, x70);
|
1002
1009
|
uint64_t x88;
|
1003
|
-
fiat_p256_cmovznz_u64(&x88, x86, x79, x72);
|
1004
1010
|
uint64_t x89;
|
1005
|
-
fiat_p256_cmovznz_u64(&x89, x86, x81, x74);
|
1006
1011
|
uint64_t x90;
|
1012
|
+
x1 = (arg1[0]);
|
1013
|
+
fiat_p256_mulx_u64(&x2, &x3, x1, UINT64_C(0xffffffff00000001));
|
1014
|
+
fiat_p256_mulx_u64(&x4, &x5, x1, UINT32_C(0xffffffff));
|
1015
|
+
fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff));
|
1016
|
+
fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x7, x4);
|
1017
|
+
fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x6);
|
1018
|
+
fiat_p256_addcarryx_u64(&x12, &x13, x11, 0x0, x8);
|
1019
|
+
fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x12, (arg1[1]));
|
1020
|
+
fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001));
|
1021
|
+
fiat_p256_mulx_u64(&x18, &x19, x14, UINT32_C(0xffffffff));
|
1022
|
+
fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff));
|
1023
|
+
fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x21, x18);
|
1024
|
+
fiat_p256_addcarryx_u64(&x24, &x25, 0x0, x14, x20);
|
1025
|
+
fiat_p256_addcarryx_u64(&x26, &x27, x25, (x15 + (x13 + (x9 + x5))), x22);
|
1026
|
+
fiat_p256_addcarryx_u64(&x28, &x29, x27, x2, (x23 + x19));
|
1027
|
+
fiat_p256_addcarryx_u64(&x30, &x31, x29, x3, x16);
|
1028
|
+
fiat_p256_addcarryx_u64(&x32, &x33, 0x0, x26, (arg1[2]));
|
1029
|
+
fiat_p256_addcarryx_u64(&x34, &x35, x33, x28, 0x0);
|
1030
|
+
fiat_p256_addcarryx_u64(&x36, &x37, x35, x30, 0x0);
|
1031
|
+
fiat_p256_mulx_u64(&x38, &x39, x32, UINT64_C(0xffffffff00000001));
|
1032
|
+
fiat_p256_mulx_u64(&x40, &x41, x32, UINT32_C(0xffffffff));
|
1033
|
+
fiat_p256_mulx_u64(&x42, &x43, x32, UINT64_C(0xffffffffffffffff));
|
1034
|
+
fiat_p256_addcarryx_u64(&x44, &x45, 0x0, x43, x40);
|
1035
|
+
fiat_p256_addcarryx_u64(&x46, &x47, 0x0, x32, x42);
|
1036
|
+
fiat_p256_addcarryx_u64(&x48, &x49, x47, x34, x44);
|
1037
|
+
fiat_p256_addcarryx_u64(&x50, &x51, x49, x36, (x45 + x41));
|
1038
|
+
fiat_p256_addcarryx_u64(&x52, &x53, x51, (x37 + (x31 + x17)), x38);
|
1039
|
+
fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x48, (arg1[3]));
|
1040
|
+
fiat_p256_addcarryx_u64(&x56, &x57, x55, x50, 0x0);
|
1041
|
+
fiat_p256_addcarryx_u64(&x58, &x59, x57, x52, 0x0);
|
1042
|
+
fiat_p256_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffff00000001));
|
1043
|
+
fiat_p256_mulx_u64(&x62, &x63, x54, UINT32_C(0xffffffff));
|
1044
|
+
fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffffffffffff));
|
1045
|
+
fiat_p256_addcarryx_u64(&x66, &x67, 0x0, x65, x62);
|
1046
|
+
fiat_p256_addcarryx_u64(&x68, &x69, 0x0, x54, x64);
|
1047
|
+
fiat_p256_addcarryx_u64(&x70, &x71, x69, x56, x66);
|
1048
|
+
fiat_p256_addcarryx_u64(&x72, &x73, x71, x58, (x67 + x63));
|
1049
|
+
fiat_p256_addcarryx_u64(&x74, &x75, x73, (x59 + (x53 + x39)), x60);
|
1050
|
+
x76 = (x75 + x61);
|
1051
|
+
fiat_p256_subborrowx_u64(&x77, &x78, 0x0, x70, UINT64_C(0xffffffffffffffff));
|
1052
|
+
fiat_p256_subborrowx_u64(&x79, &x80, x78, x72, UINT32_C(0xffffffff));
|
1053
|
+
fiat_p256_subborrowx_u64(&x81, &x82, x80, x74, 0x0);
|
1054
|
+
fiat_p256_subborrowx_u64(&x83, &x84, x82, x76, UINT64_C(0xffffffff00000001));
|
1055
|
+
fiat_p256_subborrowx_u64(&x85, &x86, x84, 0x0, 0x0);
|
1056
|
+
fiat_p256_cmovznz_u64(&x87, x86, x77, x70);
|
1057
|
+
fiat_p256_cmovznz_u64(&x88, x86, x79, x72);
|
1058
|
+
fiat_p256_cmovznz_u64(&x89, x86, x81, x74);
|
1007
1059
|
fiat_p256_cmovznz_u64(&x90, x86, x83, x76);
|
1008
1060
|
out1[0] = x87;
|
1009
1061
|
out1[1] = x88;
|
@@ -1011,8 +1063,285 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4])
|
|
1011
1063
|
out1[3] = x90;
|
1012
1064
|
}
|
1013
1065
|
|
1066
|
+
/*
|
1067
|
+
* The function fiat_p256_to_montgomery translates a field element into the Montgomery domain.
|
1068
|
+
*
|
1069
|
+
* Preconditions:
|
1070
|
+
* 0 ≤ eval arg1 < m
|
1071
|
+
* Postconditions:
|
1072
|
+
* eval (from_montgomery out1) mod m = eval arg1 mod m
|
1073
|
+
* 0 ≤ eval out1 < m
|
1074
|
+
*
|
1075
|
+
*/
|
1076
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_to_montgomery(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_non_montgomery_domain_field_element arg1) {
|
1077
|
+
uint64_t x1;
|
1078
|
+
uint64_t x2;
|
1079
|
+
uint64_t x3;
|
1080
|
+
uint64_t x4;
|
1081
|
+
uint64_t x5;
|
1082
|
+
uint64_t x6;
|
1083
|
+
uint64_t x7;
|
1084
|
+
uint64_t x8;
|
1085
|
+
uint64_t x9;
|
1086
|
+
uint64_t x10;
|
1087
|
+
uint64_t x11;
|
1088
|
+
uint64_t x12;
|
1089
|
+
uint64_t x13;
|
1090
|
+
fiat_p256_uint1 x14;
|
1091
|
+
uint64_t x15;
|
1092
|
+
fiat_p256_uint1 x16;
|
1093
|
+
uint64_t x17;
|
1094
|
+
fiat_p256_uint1 x18;
|
1095
|
+
uint64_t x19;
|
1096
|
+
uint64_t x20;
|
1097
|
+
uint64_t x21;
|
1098
|
+
uint64_t x22;
|
1099
|
+
uint64_t x23;
|
1100
|
+
uint64_t x24;
|
1101
|
+
uint64_t x25;
|
1102
|
+
fiat_p256_uint1 x26;
|
1103
|
+
uint64_t x27;
|
1104
|
+
fiat_p256_uint1 x28;
|
1105
|
+
uint64_t x29;
|
1106
|
+
fiat_p256_uint1 x30;
|
1107
|
+
uint64_t x31;
|
1108
|
+
fiat_p256_uint1 x32;
|
1109
|
+
uint64_t x33;
|
1110
|
+
fiat_p256_uint1 x34;
|
1111
|
+
uint64_t x35;
|
1112
|
+
fiat_p256_uint1 x36;
|
1113
|
+
uint64_t x37;
|
1114
|
+
uint64_t x38;
|
1115
|
+
uint64_t x39;
|
1116
|
+
uint64_t x40;
|
1117
|
+
uint64_t x41;
|
1118
|
+
uint64_t x42;
|
1119
|
+
uint64_t x43;
|
1120
|
+
uint64_t x44;
|
1121
|
+
uint64_t x45;
|
1122
|
+
fiat_p256_uint1 x46;
|
1123
|
+
uint64_t x47;
|
1124
|
+
fiat_p256_uint1 x48;
|
1125
|
+
uint64_t x49;
|
1126
|
+
fiat_p256_uint1 x50;
|
1127
|
+
uint64_t x51;
|
1128
|
+
fiat_p256_uint1 x52;
|
1129
|
+
uint64_t x53;
|
1130
|
+
fiat_p256_uint1 x54;
|
1131
|
+
uint64_t x55;
|
1132
|
+
fiat_p256_uint1 x56;
|
1133
|
+
uint64_t x57;
|
1134
|
+
fiat_p256_uint1 x58;
|
1135
|
+
uint64_t x59;
|
1136
|
+
uint64_t x60;
|
1137
|
+
uint64_t x61;
|
1138
|
+
uint64_t x62;
|
1139
|
+
uint64_t x63;
|
1140
|
+
uint64_t x64;
|
1141
|
+
uint64_t x65;
|
1142
|
+
fiat_p256_uint1 x66;
|
1143
|
+
uint64_t x67;
|
1144
|
+
fiat_p256_uint1 x68;
|
1145
|
+
uint64_t x69;
|
1146
|
+
fiat_p256_uint1 x70;
|
1147
|
+
uint64_t x71;
|
1148
|
+
fiat_p256_uint1 x72;
|
1149
|
+
uint64_t x73;
|
1150
|
+
fiat_p256_uint1 x74;
|
1151
|
+
uint64_t x75;
|
1152
|
+
fiat_p256_uint1 x76;
|
1153
|
+
uint64_t x77;
|
1154
|
+
uint64_t x78;
|
1155
|
+
uint64_t x79;
|
1156
|
+
uint64_t x80;
|
1157
|
+
uint64_t x81;
|
1158
|
+
uint64_t x82;
|
1159
|
+
uint64_t x83;
|
1160
|
+
uint64_t x84;
|
1161
|
+
uint64_t x85;
|
1162
|
+
fiat_p256_uint1 x86;
|
1163
|
+
uint64_t x87;
|
1164
|
+
fiat_p256_uint1 x88;
|
1165
|
+
uint64_t x89;
|
1166
|
+
fiat_p256_uint1 x90;
|
1167
|
+
uint64_t x91;
|
1168
|
+
fiat_p256_uint1 x92;
|
1169
|
+
uint64_t x93;
|
1170
|
+
fiat_p256_uint1 x94;
|
1171
|
+
uint64_t x95;
|
1172
|
+
fiat_p256_uint1 x96;
|
1173
|
+
uint64_t x97;
|
1174
|
+
fiat_p256_uint1 x98;
|
1175
|
+
uint64_t x99;
|
1176
|
+
uint64_t x100;
|
1177
|
+
uint64_t x101;
|
1178
|
+
uint64_t x102;
|
1179
|
+
uint64_t x103;
|
1180
|
+
uint64_t x104;
|
1181
|
+
uint64_t x105;
|
1182
|
+
fiat_p256_uint1 x106;
|
1183
|
+
uint64_t x107;
|
1184
|
+
fiat_p256_uint1 x108;
|
1185
|
+
uint64_t x109;
|
1186
|
+
fiat_p256_uint1 x110;
|
1187
|
+
uint64_t x111;
|
1188
|
+
fiat_p256_uint1 x112;
|
1189
|
+
uint64_t x113;
|
1190
|
+
fiat_p256_uint1 x114;
|
1191
|
+
uint64_t x115;
|
1192
|
+
fiat_p256_uint1 x116;
|
1193
|
+
uint64_t x117;
|
1194
|
+
uint64_t x118;
|
1195
|
+
uint64_t x119;
|
1196
|
+
uint64_t x120;
|
1197
|
+
uint64_t x121;
|
1198
|
+
uint64_t x122;
|
1199
|
+
uint64_t x123;
|
1200
|
+
uint64_t x124;
|
1201
|
+
uint64_t x125;
|
1202
|
+
fiat_p256_uint1 x126;
|
1203
|
+
uint64_t x127;
|
1204
|
+
fiat_p256_uint1 x128;
|
1205
|
+
uint64_t x129;
|
1206
|
+
fiat_p256_uint1 x130;
|
1207
|
+
uint64_t x131;
|
1208
|
+
fiat_p256_uint1 x132;
|
1209
|
+
uint64_t x133;
|
1210
|
+
fiat_p256_uint1 x134;
|
1211
|
+
uint64_t x135;
|
1212
|
+
fiat_p256_uint1 x136;
|
1213
|
+
uint64_t x137;
|
1214
|
+
fiat_p256_uint1 x138;
|
1215
|
+
uint64_t x139;
|
1216
|
+
uint64_t x140;
|
1217
|
+
uint64_t x141;
|
1218
|
+
uint64_t x142;
|
1219
|
+
uint64_t x143;
|
1220
|
+
uint64_t x144;
|
1221
|
+
uint64_t x145;
|
1222
|
+
fiat_p256_uint1 x146;
|
1223
|
+
uint64_t x147;
|
1224
|
+
fiat_p256_uint1 x148;
|
1225
|
+
uint64_t x149;
|
1226
|
+
fiat_p256_uint1 x150;
|
1227
|
+
uint64_t x151;
|
1228
|
+
fiat_p256_uint1 x152;
|
1229
|
+
uint64_t x153;
|
1230
|
+
fiat_p256_uint1 x154;
|
1231
|
+
uint64_t x155;
|
1232
|
+
fiat_p256_uint1 x156;
|
1233
|
+
uint64_t x157;
|
1234
|
+
fiat_p256_uint1 x158;
|
1235
|
+
uint64_t x159;
|
1236
|
+
fiat_p256_uint1 x160;
|
1237
|
+
uint64_t x161;
|
1238
|
+
fiat_p256_uint1 x162;
|
1239
|
+
uint64_t x163;
|
1240
|
+
fiat_p256_uint1 x164;
|
1241
|
+
uint64_t x165;
|
1242
|
+
fiat_p256_uint1 x166;
|
1243
|
+
uint64_t x167;
|
1244
|
+
uint64_t x168;
|
1245
|
+
uint64_t x169;
|
1246
|
+
uint64_t x170;
|
1247
|
+
x1 = (arg1[1]);
|
1248
|
+
x2 = (arg1[2]);
|
1249
|
+
x3 = (arg1[3]);
|
1250
|
+
x4 = (arg1[0]);
|
1251
|
+
fiat_p256_mulx_u64(&x5, &x6, x4, UINT64_C(0x4fffffffd));
|
1252
|
+
fiat_p256_mulx_u64(&x7, &x8, x4, UINT64_C(0xfffffffffffffffe));
|
1253
|
+
fiat_p256_mulx_u64(&x9, &x10, x4, UINT64_C(0xfffffffbffffffff));
|
1254
|
+
fiat_p256_mulx_u64(&x11, &x12, x4, 0x3);
|
1255
|
+
fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
|
1256
|
+
fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7);
|
1257
|
+
fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5);
|
1258
|
+
fiat_p256_mulx_u64(&x19, &x20, x11, UINT64_C(0xffffffff00000001));
|
1259
|
+
fiat_p256_mulx_u64(&x21, &x22, x11, UINT32_C(0xffffffff));
|
1260
|
+
fiat_p256_mulx_u64(&x23, &x24, x11, UINT64_C(0xffffffffffffffff));
|
1261
|
+
fiat_p256_addcarryx_u64(&x25, &x26, 0x0, x24, x21);
|
1262
|
+
fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x11, x23);
|
1263
|
+
fiat_p256_addcarryx_u64(&x29, &x30, x28, x13, x25);
|
1264
|
+
fiat_p256_addcarryx_u64(&x31, &x32, x30, x15, (x26 + x22));
|
1265
|
+
fiat_p256_addcarryx_u64(&x33, &x34, x32, x17, x19);
|
1266
|
+
fiat_p256_addcarryx_u64(&x35, &x36, x34, (x18 + x6), x20);
|
1267
|
+
fiat_p256_mulx_u64(&x37, &x38, x1, UINT64_C(0x4fffffffd));
|
1268
|
+
fiat_p256_mulx_u64(&x39, &x40, x1, UINT64_C(0xfffffffffffffffe));
|
1269
|
+
fiat_p256_mulx_u64(&x41, &x42, x1, UINT64_C(0xfffffffbffffffff));
|
1270
|
+
fiat_p256_mulx_u64(&x43, &x44, x1, 0x3);
|
1271
|
+
fiat_p256_addcarryx_u64(&x45, &x46, 0x0, x44, x41);
|
1272
|
+
fiat_p256_addcarryx_u64(&x47, &x48, x46, x42, x39);
|
1273
|
+
fiat_p256_addcarryx_u64(&x49, &x50, x48, x40, x37);
|
1274
|
+
fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x29, x43);
|
1275
|
+
fiat_p256_addcarryx_u64(&x53, &x54, x52, x31, x45);
|
1276
|
+
fiat_p256_addcarryx_u64(&x55, &x56, x54, x33, x47);
|
1277
|
+
fiat_p256_addcarryx_u64(&x57, &x58, x56, x35, x49);
|
1278
|
+
fiat_p256_mulx_u64(&x59, &x60, x51, UINT64_C(0xffffffff00000001));
|
1279
|
+
fiat_p256_mulx_u64(&x61, &x62, x51, UINT32_C(0xffffffff));
|
1280
|
+
fiat_p256_mulx_u64(&x63, &x64, x51, UINT64_C(0xffffffffffffffff));
|
1281
|
+
fiat_p256_addcarryx_u64(&x65, &x66, 0x0, x64, x61);
|
1282
|
+
fiat_p256_addcarryx_u64(&x67, &x68, 0x0, x51, x63);
|
1283
|
+
fiat_p256_addcarryx_u64(&x69, &x70, x68, x53, x65);
|
1284
|
+
fiat_p256_addcarryx_u64(&x71, &x72, x70, x55, (x66 + x62));
|
1285
|
+
fiat_p256_addcarryx_u64(&x73, &x74, x72, x57, x59);
|
1286
|
+
fiat_p256_addcarryx_u64(&x75, &x76, x74, (((uint64_t)x58 + x36) + (x50 + x38)), x60);
|
1287
|
+
fiat_p256_mulx_u64(&x77, &x78, x2, UINT64_C(0x4fffffffd));
|
1288
|
+
fiat_p256_mulx_u64(&x79, &x80, x2, UINT64_C(0xfffffffffffffffe));
|
1289
|
+
fiat_p256_mulx_u64(&x81, &x82, x2, UINT64_C(0xfffffffbffffffff));
|
1290
|
+
fiat_p256_mulx_u64(&x83, &x84, x2, 0x3);
|
1291
|
+
fiat_p256_addcarryx_u64(&x85, &x86, 0x0, x84, x81);
|
1292
|
+
fiat_p256_addcarryx_u64(&x87, &x88, x86, x82, x79);
|
1293
|
+
fiat_p256_addcarryx_u64(&x89, &x90, x88, x80, x77);
|
1294
|
+
fiat_p256_addcarryx_u64(&x91, &x92, 0x0, x69, x83);
|
1295
|
+
fiat_p256_addcarryx_u64(&x93, &x94, x92, x71, x85);
|
1296
|
+
fiat_p256_addcarryx_u64(&x95, &x96, x94, x73, x87);
|
1297
|
+
fiat_p256_addcarryx_u64(&x97, &x98, x96, x75, x89);
|
1298
|
+
fiat_p256_mulx_u64(&x99, &x100, x91, UINT64_C(0xffffffff00000001));
|
1299
|
+
fiat_p256_mulx_u64(&x101, &x102, x91, UINT32_C(0xffffffff));
|
1300
|
+
fiat_p256_mulx_u64(&x103, &x104, x91, UINT64_C(0xffffffffffffffff));
|
1301
|
+
fiat_p256_addcarryx_u64(&x105, &x106, 0x0, x104, x101);
|
1302
|
+
fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x91, x103);
|
1303
|
+
fiat_p256_addcarryx_u64(&x109, &x110, x108, x93, x105);
|
1304
|
+
fiat_p256_addcarryx_u64(&x111, &x112, x110, x95, (x106 + x102));
|
1305
|
+
fiat_p256_addcarryx_u64(&x113, &x114, x112, x97, x99);
|
1306
|
+
fiat_p256_addcarryx_u64(&x115, &x116, x114, (((uint64_t)x98 + x76) + (x90 + x78)), x100);
|
1307
|
+
fiat_p256_mulx_u64(&x117, &x118, x3, UINT64_C(0x4fffffffd));
|
1308
|
+
fiat_p256_mulx_u64(&x119, &x120, x3, UINT64_C(0xfffffffffffffffe));
|
1309
|
+
fiat_p256_mulx_u64(&x121, &x122, x3, UINT64_C(0xfffffffbffffffff));
|
1310
|
+
fiat_p256_mulx_u64(&x123, &x124, x3, 0x3);
|
1311
|
+
fiat_p256_addcarryx_u64(&x125, &x126, 0x0, x124, x121);
|
1312
|
+
fiat_p256_addcarryx_u64(&x127, &x128, x126, x122, x119);
|
1313
|
+
fiat_p256_addcarryx_u64(&x129, &x130, x128, x120, x117);
|
1314
|
+
fiat_p256_addcarryx_u64(&x131, &x132, 0x0, x109, x123);
|
1315
|
+
fiat_p256_addcarryx_u64(&x133, &x134, x132, x111, x125);
|
1316
|
+
fiat_p256_addcarryx_u64(&x135, &x136, x134, x113, x127);
|
1317
|
+
fiat_p256_addcarryx_u64(&x137, &x138, x136, x115, x129);
|
1318
|
+
fiat_p256_mulx_u64(&x139, &x140, x131, UINT64_C(0xffffffff00000001));
|
1319
|
+
fiat_p256_mulx_u64(&x141, &x142, x131, UINT32_C(0xffffffff));
|
1320
|
+
fiat_p256_mulx_u64(&x143, &x144, x131, UINT64_C(0xffffffffffffffff));
|
1321
|
+
fiat_p256_addcarryx_u64(&x145, &x146, 0x0, x144, x141);
|
1322
|
+
fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x131, x143);
|
1323
|
+
fiat_p256_addcarryx_u64(&x149, &x150, x148, x133, x145);
|
1324
|
+
fiat_p256_addcarryx_u64(&x151, &x152, x150, x135, (x146 + x142));
|
1325
|
+
fiat_p256_addcarryx_u64(&x153, &x154, x152, x137, x139);
|
1326
|
+
fiat_p256_addcarryx_u64(&x155, &x156, x154, (((uint64_t)x138 + x116) + (x130 + x118)), x140);
|
1327
|
+
fiat_p256_subborrowx_u64(&x157, &x158, 0x0, x149, UINT64_C(0xffffffffffffffff));
|
1328
|
+
fiat_p256_subborrowx_u64(&x159, &x160, x158, x151, UINT32_C(0xffffffff));
|
1329
|
+
fiat_p256_subborrowx_u64(&x161, &x162, x160, x153, 0x0);
|
1330
|
+
fiat_p256_subborrowx_u64(&x163, &x164, x162, x155, UINT64_C(0xffffffff00000001));
|
1331
|
+
fiat_p256_subborrowx_u64(&x165, &x166, x164, x156, 0x0);
|
1332
|
+
fiat_p256_cmovznz_u64(&x167, x166, x157, x149);
|
1333
|
+
fiat_p256_cmovznz_u64(&x168, x166, x159, x151);
|
1334
|
+
fiat_p256_cmovznz_u64(&x169, x166, x161, x153);
|
1335
|
+
fiat_p256_cmovznz_u64(&x170, x166, x163, x155);
|
1336
|
+
out1[0] = x167;
|
1337
|
+
out1[1] = x168;
|
1338
|
+
out1[2] = x169;
|
1339
|
+
out1[3] = x170;
|
1340
|
+
}
|
1341
|
+
|
1014
1342
|
/*
|
1015
1343
|
* The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
|
1344
|
+
*
|
1016
1345
|
* Preconditions:
|
1017
1346
|
* 0 ≤ eval arg1 < m
|
1018
1347
|
* Postconditions:
|
@@ -1023,13 +1352,15 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4])
|
|
1023
1352
|
* Output Bounds:
|
1024
1353
|
* out1: [0x0 ~> 0xffffffffffffffff]
|
1025
1354
|
*/
|
1026
|
-
static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
|
1027
|
-
uint64_t x1
|
1355
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
|
1356
|
+
uint64_t x1;
|
1357
|
+
x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3]))));
|
1028
1358
|
*out1 = x1;
|
1029
1359
|
}
|
1030
1360
|
|
1031
1361
|
/*
|
1032
1362
|
* The function fiat_p256_selectznz is a multi-limb conditional select.
|
1363
|
+
*
|
1033
1364
|
* Postconditions:
|
1034
1365
|
* eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
|
1035
1366
|
*
|
@@ -1040,14 +1371,14 @@ static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
|
|
1040
1371
|
* Output Bounds:
|
1041
1372
|
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1042
1373
|
*/
|
1043
|
-
static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) {
|
1374
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) {
|
1044
1375
|
uint64_t x1;
|
1045
|
-
fiat_p256_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0]));
|
1046
1376
|
uint64_t x2;
|
1047
|
-
fiat_p256_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1]));
|
1048
1377
|
uint64_t x3;
|
1049
|
-
fiat_p256_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2]));
|
1050
1378
|
uint64_t x4;
|
1379
|
+
fiat_p256_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0]));
|
1380
|
+
fiat_p256_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1]));
|
1381
|
+
fiat_p256_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2]));
|
1051
1382
|
fiat_p256_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3]));
|
1052
1383
|
out1[0] = x1;
|
1053
1384
|
out1[1] = x2;
|
@@ -1056,7 +1387,8 @@ static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const ui
|
|
1056
1387
|
}
|
1057
1388
|
|
1058
1389
|
/*
|
1059
|
-
* The function fiat_p256_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order.
|
1390
|
+
* The function fiat_p256_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order.
|
1391
|
+
*
|
1060
1392
|
* Preconditions:
|
1061
1393
|
* 0 ≤ eval arg1 < m
|
1062
1394
|
* Postconditions:
|
@@ -1067,106 +1399,164 @@ static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const ui
|
|
1067
1399
|
* Output Bounds:
|
1068
1400
|
* out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
|
1069
1401
|
*/
|
1070
|
-
static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
|
1071
|
-
uint64_t x1
|
1072
|
-
uint64_t x2
|
1073
|
-
uint64_t x3
|
1074
|
-
uint64_t x4
|
1075
|
-
|
1076
|
-
|
1077
|
-
|
1078
|
-
|
1079
|
-
|
1080
|
-
|
1081
|
-
|
1082
|
-
|
1083
|
-
|
1084
|
-
|
1085
|
-
|
1086
|
-
|
1087
|
-
uint8_t x17
|
1088
|
-
uint8_t x18
|
1089
|
-
uint8_t x19
|
1090
|
-
uint64_t x20
|
1091
|
-
uint8_t x21
|
1092
|
-
uint64_t x22
|
1093
|
-
uint8_t x23
|
1094
|
-
uint64_t x24
|
1095
|
-
uint8_t x25
|
1096
|
-
uint64_t x26
|
1097
|
-
uint8_t x27
|
1098
|
-
uint64_t x28
|
1099
|
-
uint8_t x29
|
1100
|
-
uint64_t x30
|
1101
|
-
uint8_t x31
|
1102
|
-
uint8_t x32
|
1103
|
-
uint8_t x33
|
1104
|
-
|
1105
|
-
|
1106
|
-
|
1107
|
-
|
1108
|
-
|
1109
|
-
|
1110
|
-
|
1111
|
-
|
1112
|
-
|
1113
|
-
|
1114
|
-
|
1115
|
-
|
1116
|
-
uint8_t x46
|
1117
|
-
uint8_t x47
|
1118
|
-
|
1119
|
-
uint8_t x49
|
1120
|
-
uint64_t x50
|
1121
|
-
uint8_t x51
|
1122
|
-
uint64_t x52
|
1123
|
-
uint8_t x53
|
1124
|
-
uint64_t x54
|
1125
|
-
uint8_t x55
|
1126
|
-
uint64_t x56
|
1127
|
-
uint8_t x57
|
1128
|
-
uint64_t x58
|
1129
|
-
uint8_t x59
|
1130
|
-
|
1131
|
-
|
1132
|
-
|
1133
|
-
|
1134
|
-
|
1135
|
-
|
1136
|
-
|
1137
|
-
|
1138
|
-
|
1139
|
-
|
1140
|
-
|
1141
|
-
|
1142
|
-
|
1143
|
-
|
1144
|
-
|
1145
|
-
|
1146
|
-
|
1147
|
-
|
1148
|
-
|
1149
|
-
|
1150
|
-
|
1151
|
-
|
1152
|
-
|
1153
|
-
|
1154
|
-
|
1155
|
-
|
1156
|
-
|
1157
|
-
|
1158
|
-
|
1159
|
-
|
1160
|
-
|
1161
|
-
|
1162
|
-
|
1163
|
-
|
1164
|
-
|
1165
|
-
|
1402
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
|
1403
|
+
uint64_t x1;
|
1404
|
+
uint64_t x2;
|
1405
|
+
uint64_t x3;
|
1406
|
+
uint64_t x4;
|
1407
|
+
uint8_t x5;
|
1408
|
+
uint64_t x6;
|
1409
|
+
uint8_t x7;
|
1410
|
+
uint64_t x8;
|
1411
|
+
uint8_t x9;
|
1412
|
+
uint64_t x10;
|
1413
|
+
uint8_t x11;
|
1414
|
+
uint64_t x12;
|
1415
|
+
uint8_t x13;
|
1416
|
+
uint64_t x14;
|
1417
|
+
uint8_t x15;
|
1418
|
+
uint64_t x16;
|
1419
|
+
uint8_t x17;
|
1420
|
+
uint8_t x18;
|
1421
|
+
uint8_t x19;
|
1422
|
+
uint64_t x20;
|
1423
|
+
uint8_t x21;
|
1424
|
+
uint64_t x22;
|
1425
|
+
uint8_t x23;
|
1426
|
+
uint64_t x24;
|
1427
|
+
uint8_t x25;
|
1428
|
+
uint64_t x26;
|
1429
|
+
uint8_t x27;
|
1430
|
+
uint64_t x28;
|
1431
|
+
uint8_t x29;
|
1432
|
+
uint64_t x30;
|
1433
|
+
uint8_t x31;
|
1434
|
+
uint8_t x32;
|
1435
|
+
uint8_t x33;
|
1436
|
+
uint64_t x34;
|
1437
|
+
uint8_t x35;
|
1438
|
+
uint64_t x36;
|
1439
|
+
uint8_t x37;
|
1440
|
+
uint64_t x38;
|
1441
|
+
uint8_t x39;
|
1442
|
+
uint64_t x40;
|
1443
|
+
uint8_t x41;
|
1444
|
+
uint64_t x42;
|
1445
|
+
uint8_t x43;
|
1446
|
+
uint64_t x44;
|
1447
|
+
uint8_t x45;
|
1448
|
+
uint8_t x46;
|
1449
|
+
uint8_t x47;
|
1450
|
+
uint64_t x48;
|
1451
|
+
uint8_t x49;
|
1452
|
+
uint64_t x50;
|
1453
|
+
uint8_t x51;
|
1454
|
+
uint64_t x52;
|
1455
|
+
uint8_t x53;
|
1456
|
+
uint64_t x54;
|
1457
|
+
uint8_t x55;
|
1458
|
+
uint64_t x56;
|
1459
|
+
uint8_t x57;
|
1460
|
+
uint64_t x58;
|
1461
|
+
uint8_t x59;
|
1462
|
+
uint8_t x60;
|
1463
|
+
x1 = (arg1[3]);
|
1464
|
+
x2 = (arg1[2]);
|
1465
|
+
x3 = (arg1[1]);
|
1466
|
+
x4 = (arg1[0]);
|
1467
|
+
x5 = (uint8_t)(x4 & UINT8_C(0xff));
|
1468
|
+
x6 = (x4 >> 8);
|
1469
|
+
x7 = (uint8_t)(x6 & UINT8_C(0xff));
|
1470
|
+
x8 = (x6 >> 8);
|
1471
|
+
x9 = (uint8_t)(x8 & UINT8_C(0xff));
|
1472
|
+
x10 = (x8 >> 8);
|
1473
|
+
x11 = (uint8_t)(x10 & UINT8_C(0xff));
|
1474
|
+
x12 = (x10 >> 8);
|
1475
|
+
x13 = (uint8_t)(x12 & UINT8_C(0xff));
|
1476
|
+
x14 = (x12 >> 8);
|
1477
|
+
x15 = (uint8_t)(x14 & UINT8_C(0xff));
|
1478
|
+
x16 = (x14 >> 8);
|
1479
|
+
x17 = (uint8_t)(x16 & UINT8_C(0xff));
|
1480
|
+
x18 = (uint8_t)(x16 >> 8);
|
1481
|
+
x19 = (uint8_t)(x3 & UINT8_C(0xff));
|
1482
|
+
x20 = (x3 >> 8);
|
1483
|
+
x21 = (uint8_t)(x20 & UINT8_C(0xff));
|
1484
|
+
x22 = (x20 >> 8);
|
1485
|
+
x23 = (uint8_t)(x22 & UINT8_C(0xff));
|
1486
|
+
x24 = (x22 >> 8);
|
1487
|
+
x25 = (uint8_t)(x24 & UINT8_C(0xff));
|
1488
|
+
x26 = (x24 >> 8);
|
1489
|
+
x27 = (uint8_t)(x26 & UINT8_C(0xff));
|
1490
|
+
x28 = (x26 >> 8);
|
1491
|
+
x29 = (uint8_t)(x28 & UINT8_C(0xff));
|
1492
|
+
x30 = (x28 >> 8);
|
1493
|
+
x31 = (uint8_t)(x30 & UINT8_C(0xff));
|
1494
|
+
x32 = (uint8_t)(x30 >> 8);
|
1495
|
+
x33 = (uint8_t)(x2 & UINT8_C(0xff));
|
1496
|
+
x34 = (x2 >> 8);
|
1497
|
+
x35 = (uint8_t)(x34 & UINT8_C(0xff));
|
1498
|
+
x36 = (x34 >> 8);
|
1499
|
+
x37 = (uint8_t)(x36 & UINT8_C(0xff));
|
1500
|
+
x38 = (x36 >> 8);
|
1501
|
+
x39 = (uint8_t)(x38 & UINT8_C(0xff));
|
1502
|
+
x40 = (x38 >> 8);
|
1503
|
+
x41 = (uint8_t)(x40 & UINT8_C(0xff));
|
1504
|
+
x42 = (x40 >> 8);
|
1505
|
+
x43 = (uint8_t)(x42 & UINT8_C(0xff));
|
1506
|
+
x44 = (x42 >> 8);
|
1507
|
+
x45 = (uint8_t)(x44 & UINT8_C(0xff));
|
1508
|
+
x46 = (uint8_t)(x44 >> 8);
|
1509
|
+
x47 = (uint8_t)(x1 & UINT8_C(0xff));
|
1510
|
+
x48 = (x1 >> 8);
|
1511
|
+
x49 = (uint8_t)(x48 & UINT8_C(0xff));
|
1512
|
+
x50 = (x48 >> 8);
|
1513
|
+
x51 = (uint8_t)(x50 & UINT8_C(0xff));
|
1514
|
+
x52 = (x50 >> 8);
|
1515
|
+
x53 = (uint8_t)(x52 & UINT8_C(0xff));
|
1516
|
+
x54 = (x52 >> 8);
|
1517
|
+
x55 = (uint8_t)(x54 & UINT8_C(0xff));
|
1518
|
+
x56 = (x54 >> 8);
|
1519
|
+
x57 = (uint8_t)(x56 & UINT8_C(0xff));
|
1520
|
+
x58 = (x56 >> 8);
|
1521
|
+
x59 = (uint8_t)(x58 & UINT8_C(0xff));
|
1522
|
+
x60 = (uint8_t)(x58 >> 8);
|
1523
|
+
out1[0] = x5;
|
1524
|
+
out1[1] = x7;
|
1525
|
+
out1[2] = x9;
|
1526
|
+
out1[3] = x11;
|
1527
|
+
out1[4] = x13;
|
1528
|
+
out1[5] = x15;
|
1529
|
+
out1[6] = x17;
|
1530
|
+
out1[7] = x18;
|
1531
|
+
out1[8] = x19;
|
1532
|
+
out1[9] = x21;
|
1533
|
+
out1[10] = x23;
|
1534
|
+
out1[11] = x25;
|
1535
|
+
out1[12] = x27;
|
1536
|
+
out1[13] = x29;
|
1537
|
+
out1[14] = x31;
|
1538
|
+
out1[15] = x32;
|
1539
|
+
out1[16] = x33;
|
1540
|
+
out1[17] = x35;
|
1541
|
+
out1[18] = x37;
|
1542
|
+
out1[19] = x39;
|
1543
|
+
out1[20] = x41;
|
1544
|
+
out1[21] = x43;
|
1545
|
+
out1[22] = x45;
|
1546
|
+
out1[23] = x46;
|
1547
|
+
out1[24] = x47;
|
1548
|
+
out1[25] = x49;
|
1549
|
+
out1[26] = x51;
|
1550
|
+
out1[27] = x53;
|
1551
|
+
out1[28] = x55;
|
1552
|
+
out1[29] = x57;
|
1553
|
+
out1[30] = x59;
|
1554
|
+
out1[31] = x60;
|
1166
1555
|
}
|
1167
1556
|
|
1168
1557
|
/*
|
1169
|
-
* The function fiat_p256_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order.
|
1558
|
+
* The function fiat_p256_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order.
|
1559
|
+
*
|
1170
1560
|
* Preconditions:
|
1171
1561
|
* 0 ≤ bytes_eval arg1 < m
|
1172
1562
|
* Postconditions:
|
@@ -1178,49 +1568,444 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
|
|
1178
1568
|
* Output Bounds:
|
1179
1569
|
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1180
1570
|
*/
|
1181
|
-
static void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) {
|
1182
|
-
uint64_t x1
|
1183
|
-
uint64_t x2
|
1184
|
-
uint64_t x3
|
1185
|
-
uint64_t x4
|
1186
|
-
uint64_t x5
|
1187
|
-
uint64_t x6
|
1188
|
-
uint64_t x7
|
1189
|
-
uint8_t x8
|
1190
|
-
uint64_t x9
|
1191
|
-
uint64_t x10
|
1192
|
-
uint64_t x11
|
1193
|
-
uint64_t x12
|
1194
|
-
uint64_t x13
|
1195
|
-
uint64_t x14
|
1196
|
-
uint64_t x15
|
1197
|
-
uint8_t x16
|
1198
|
-
uint64_t x17
|
1199
|
-
uint64_t x18
|
1200
|
-
uint64_t x19
|
1201
|
-
uint64_t x20
|
1202
|
-
uint64_t x21
|
1203
|
-
uint64_t x22
|
1204
|
-
uint64_t x23
|
1205
|
-
uint8_t x24
|
1206
|
-
uint64_t x25
|
1207
|
-
uint64_t x26
|
1208
|
-
uint64_t x27
|
1209
|
-
uint64_t x28
|
1210
|
-
uint64_t x29
|
1211
|
-
uint64_t x30
|
1212
|
-
uint64_t x31
|
1213
|
-
uint8_t x32
|
1214
|
-
uint64_t x33
|
1215
|
-
uint64_t x34
|
1216
|
-
uint64_t x35
|
1217
|
-
uint64_t x36
|
1218
|
-
uint64_t x37
|
1219
|
-
uint64_t x38
|
1220
|
-
uint64_t x39
|
1221
|
-
|
1222
|
-
|
1223
|
-
|
1224
|
-
|
1571
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) {
|
1572
|
+
uint64_t x1;
|
1573
|
+
uint64_t x2;
|
1574
|
+
uint64_t x3;
|
1575
|
+
uint64_t x4;
|
1576
|
+
uint64_t x5;
|
1577
|
+
uint64_t x6;
|
1578
|
+
uint64_t x7;
|
1579
|
+
uint8_t x8;
|
1580
|
+
uint64_t x9;
|
1581
|
+
uint64_t x10;
|
1582
|
+
uint64_t x11;
|
1583
|
+
uint64_t x12;
|
1584
|
+
uint64_t x13;
|
1585
|
+
uint64_t x14;
|
1586
|
+
uint64_t x15;
|
1587
|
+
uint8_t x16;
|
1588
|
+
uint64_t x17;
|
1589
|
+
uint64_t x18;
|
1590
|
+
uint64_t x19;
|
1591
|
+
uint64_t x20;
|
1592
|
+
uint64_t x21;
|
1593
|
+
uint64_t x22;
|
1594
|
+
uint64_t x23;
|
1595
|
+
uint8_t x24;
|
1596
|
+
uint64_t x25;
|
1597
|
+
uint64_t x26;
|
1598
|
+
uint64_t x27;
|
1599
|
+
uint64_t x28;
|
1600
|
+
uint64_t x29;
|
1601
|
+
uint64_t x30;
|
1602
|
+
uint64_t x31;
|
1603
|
+
uint8_t x32;
|
1604
|
+
uint64_t x33;
|
1605
|
+
uint64_t x34;
|
1606
|
+
uint64_t x35;
|
1607
|
+
uint64_t x36;
|
1608
|
+
uint64_t x37;
|
1609
|
+
uint64_t x38;
|
1610
|
+
uint64_t x39;
|
1611
|
+
uint64_t x40;
|
1612
|
+
uint64_t x41;
|
1613
|
+
uint64_t x42;
|
1614
|
+
uint64_t x43;
|
1615
|
+
uint64_t x44;
|
1616
|
+
uint64_t x45;
|
1617
|
+
uint64_t x46;
|
1618
|
+
uint64_t x47;
|
1619
|
+
uint64_t x48;
|
1620
|
+
uint64_t x49;
|
1621
|
+
uint64_t x50;
|
1622
|
+
uint64_t x51;
|
1623
|
+
uint64_t x52;
|
1624
|
+
uint64_t x53;
|
1625
|
+
uint64_t x54;
|
1626
|
+
uint64_t x55;
|
1627
|
+
uint64_t x56;
|
1628
|
+
uint64_t x57;
|
1629
|
+
uint64_t x58;
|
1630
|
+
uint64_t x59;
|
1631
|
+
uint64_t x60;
|
1632
|
+
x1 = ((uint64_t)(arg1[31]) << 56);
|
1633
|
+
x2 = ((uint64_t)(arg1[30]) << 48);
|
1634
|
+
x3 = ((uint64_t)(arg1[29]) << 40);
|
1635
|
+
x4 = ((uint64_t)(arg1[28]) << 32);
|
1636
|
+
x5 = ((uint64_t)(arg1[27]) << 24);
|
1637
|
+
x6 = ((uint64_t)(arg1[26]) << 16);
|
1638
|
+
x7 = ((uint64_t)(arg1[25]) << 8);
|
1639
|
+
x8 = (arg1[24]);
|
1640
|
+
x9 = ((uint64_t)(arg1[23]) << 56);
|
1641
|
+
x10 = ((uint64_t)(arg1[22]) << 48);
|
1642
|
+
x11 = ((uint64_t)(arg1[21]) << 40);
|
1643
|
+
x12 = ((uint64_t)(arg1[20]) << 32);
|
1644
|
+
x13 = ((uint64_t)(arg1[19]) << 24);
|
1645
|
+
x14 = ((uint64_t)(arg1[18]) << 16);
|
1646
|
+
x15 = ((uint64_t)(arg1[17]) << 8);
|
1647
|
+
x16 = (arg1[16]);
|
1648
|
+
x17 = ((uint64_t)(arg1[15]) << 56);
|
1649
|
+
x18 = ((uint64_t)(arg1[14]) << 48);
|
1650
|
+
x19 = ((uint64_t)(arg1[13]) << 40);
|
1651
|
+
x20 = ((uint64_t)(arg1[12]) << 32);
|
1652
|
+
x21 = ((uint64_t)(arg1[11]) << 24);
|
1653
|
+
x22 = ((uint64_t)(arg1[10]) << 16);
|
1654
|
+
x23 = ((uint64_t)(arg1[9]) << 8);
|
1655
|
+
x24 = (arg1[8]);
|
1656
|
+
x25 = ((uint64_t)(arg1[7]) << 56);
|
1657
|
+
x26 = ((uint64_t)(arg1[6]) << 48);
|
1658
|
+
x27 = ((uint64_t)(arg1[5]) << 40);
|
1659
|
+
x28 = ((uint64_t)(arg1[4]) << 32);
|
1660
|
+
x29 = ((uint64_t)(arg1[3]) << 24);
|
1661
|
+
x30 = ((uint64_t)(arg1[2]) << 16);
|
1662
|
+
x31 = ((uint64_t)(arg1[1]) << 8);
|
1663
|
+
x32 = (arg1[0]);
|
1664
|
+
x33 = (x31 + (uint64_t)x32);
|
1665
|
+
x34 = (x30 + x33);
|
1666
|
+
x35 = (x29 + x34);
|
1667
|
+
x36 = (x28 + x35);
|
1668
|
+
x37 = (x27 + x36);
|
1669
|
+
x38 = (x26 + x37);
|
1670
|
+
x39 = (x25 + x38);
|
1671
|
+
x40 = (x23 + (uint64_t)x24);
|
1672
|
+
x41 = (x22 + x40);
|
1673
|
+
x42 = (x21 + x41);
|
1674
|
+
x43 = (x20 + x42);
|
1675
|
+
x44 = (x19 + x43);
|
1676
|
+
x45 = (x18 + x44);
|
1677
|
+
x46 = (x17 + x45);
|
1678
|
+
x47 = (x15 + (uint64_t)x16);
|
1679
|
+
x48 = (x14 + x47);
|
1680
|
+
x49 = (x13 + x48);
|
1681
|
+
x50 = (x12 + x49);
|
1682
|
+
x51 = (x11 + x50);
|
1683
|
+
x52 = (x10 + x51);
|
1684
|
+
x53 = (x9 + x52);
|
1685
|
+
x54 = (x7 + (uint64_t)x8);
|
1686
|
+
x55 = (x6 + x54);
|
1687
|
+
x56 = (x5 + x55);
|
1688
|
+
x57 = (x4 + x56);
|
1689
|
+
x58 = (x3 + x57);
|
1690
|
+
x59 = (x2 + x58);
|
1691
|
+
x60 = (x1 + x59);
|
1692
|
+
out1[0] = x39;
|
1693
|
+
out1[1] = x46;
|
1694
|
+
out1[2] = x53;
|
1695
|
+
out1[3] = x60;
|
1696
|
+
}
|
1697
|
+
|
1698
|
+
/*
|
1699
|
+
* The function fiat_p256_set_one returns the field element one in the Montgomery domain.
|
1700
|
+
*
|
1701
|
+
* Postconditions:
|
1702
|
+
* eval (from_montgomery out1) mod m = 1 mod m
|
1703
|
+
* 0 ≤ eval out1 < m
|
1704
|
+
*
|
1705
|
+
*/
|
1706
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_set_one(fiat_p256_montgomery_domain_field_element out1) {
|
1707
|
+
out1[0] = 0x1;
|
1708
|
+
out1[1] = UINT64_C(0xffffffff00000000);
|
1709
|
+
out1[2] = UINT64_C(0xffffffffffffffff);
|
1710
|
+
out1[3] = UINT32_C(0xfffffffe);
|
1711
|
+
}
|
1712
|
+
|
1713
|
+
/*
|
1714
|
+
* The function fiat_p256_msat returns the saturated representation of the prime modulus.
|
1715
|
+
*
|
1716
|
+
* Postconditions:
|
1717
|
+
* twos_complement_eval out1 = m
|
1718
|
+
* 0 ≤ eval out1 < m
|
1719
|
+
*
|
1720
|
+
* Output Bounds:
|
1721
|
+
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1722
|
+
*/
|
1723
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_msat(uint64_t out1[5]) {
|
1724
|
+
out1[0] = UINT64_C(0xffffffffffffffff);
|
1725
|
+
out1[1] = UINT32_C(0xffffffff);
|
1726
|
+
out1[2] = 0x0;
|
1727
|
+
out1[3] = UINT64_C(0xffffffff00000001);
|
1728
|
+
out1[4] = 0x0;
|
1729
|
+
}
|
1730
|
+
|
1731
|
+
/*
|
1732
|
+
* The function fiat_p256_divstep computes a divstep.
|
1733
|
+
*
|
1734
|
+
* Preconditions:
|
1735
|
+
* 0 ≤ eval arg4 < m
|
1736
|
+
* 0 ≤ eval arg5 < m
|
1737
|
+
* Postconditions:
|
1738
|
+
* out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1)
|
1739
|
+
* twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2)
|
1740
|
+
* twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋)
|
1741
|
+
* eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m)
|
1742
|
+
* eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m)
|
1743
|
+
* 0 ≤ eval out5 < m
|
1744
|
+
* 0 ≤ eval out5 < m
|
1745
|
+
* 0 ≤ eval out2 < m
|
1746
|
+
* 0 ≤ eval out3 < m
|
1747
|
+
*
|
1748
|
+
* Input Bounds:
|
1749
|
+
* arg1: [0x0 ~> 0xffffffffffffffff]
|
1750
|
+
* arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1751
|
+
* arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1752
|
+
* arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1753
|
+
* arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1754
|
+
* Output Bounds:
|
1755
|
+
* out1: [0x0 ~> 0xffffffffffffffff]
|
1756
|
+
* out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1757
|
+
* out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1758
|
+
* out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1759
|
+
* out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
1760
|
+
*/
|
1761
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5], uint64_t out4[4], uint64_t out5[4], uint64_t arg1, const uint64_t arg2[5], const uint64_t arg3[5], const uint64_t arg4[4], const uint64_t arg5[4]) {
|
1762
|
+
uint64_t x1;
|
1763
|
+
fiat_p256_uint1 x2;
|
1764
|
+
fiat_p256_uint1 x3;
|
1765
|
+
uint64_t x4;
|
1766
|
+
fiat_p256_uint1 x5;
|
1767
|
+
uint64_t x6;
|
1768
|
+
uint64_t x7;
|
1769
|
+
uint64_t x8;
|
1770
|
+
uint64_t x9;
|
1771
|
+
uint64_t x10;
|
1772
|
+
uint64_t x11;
|
1773
|
+
uint64_t x12;
|
1774
|
+
fiat_p256_uint1 x13;
|
1775
|
+
uint64_t x14;
|
1776
|
+
fiat_p256_uint1 x15;
|
1777
|
+
uint64_t x16;
|
1778
|
+
fiat_p256_uint1 x17;
|
1779
|
+
uint64_t x18;
|
1780
|
+
fiat_p256_uint1 x19;
|
1781
|
+
uint64_t x20;
|
1782
|
+
fiat_p256_uint1 x21;
|
1783
|
+
uint64_t x22;
|
1784
|
+
uint64_t x23;
|
1785
|
+
uint64_t x24;
|
1786
|
+
uint64_t x25;
|
1787
|
+
uint64_t x26;
|
1788
|
+
uint64_t x27;
|
1789
|
+
uint64_t x28;
|
1790
|
+
uint64_t x29;
|
1791
|
+
uint64_t x30;
|
1792
|
+
uint64_t x31;
|
1793
|
+
fiat_p256_uint1 x32;
|
1794
|
+
uint64_t x33;
|
1795
|
+
fiat_p256_uint1 x34;
|
1796
|
+
uint64_t x35;
|
1797
|
+
fiat_p256_uint1 x36;
|
1798
|
+
uint64_t x37;
|
1799
|
+
fiat_p256_uint1 x38;
|
1800
|
+
uint64_t x39;
|
1801
|
+
fiat_p256_uint1 x40;
|
1802
|
+
uint64_t x41;
|
1803
|
+
fiat_p256_uint1 x42;
|
1804
|
+
uint64_t x43;
|
1805
|
+
fiat_p256_uint1 x44;
|
1806
|
+
uint64_t x45;
|
1807
|
+
fiat_p256_uint1 x46;
|
1808
|
+
uint64_t x47;
|
1809
|
+
fiat_p256_uint1 x48;
|
1810
|
+
uint64_t x49;
|
1811
|
+
uint64_t x50;
|
1812
|
+
uint64_t x51;
|
1813
|
+
uint64_t x52;
|
1814
|
+
uint64_t x53;
|
1815
|
+
fiat_p256_uint1 x54;
|
1816
|
+
uint64_t x55;
|
1817
|
+
fiat_p256_uint1 x56;
|
1818
|
+
uint64_t x57;
|
1819
|
+
fiat_p256_uint1 x58;
|
1820
|
+
uint64_t x59;
|
1821
|
+
fiat_p256_uint1 x60;
|
1822
|
+
uint64_t x61;
|
1823
|
+
uint64_t x62;
|
1824
|
+
fiat_p256_uint1 x63;
|
1825
|
+
uint64_t x64;
|
1826
|
+
fiat_p256_uint1 x65;
|
1827
|
+
uint64_t x66;
|
1828
|
+
fiat_p256_uint1 x67;
|
1829
|
+
uint64_t x68;
|
1830
|
+
fiat_p256_uint1 x69;
|
1831
|
+
uint64_t x70;
|
1832
|
+
uint64_t x71;
|
1833
|
+
uint64_t x72;
|
1834
|
+
uint64_t x73;
|
1835
|
+
fiat_p256_uint1 x74;
|
1836
|
+
uint64_t x75;
|
1837
|
+
uint64_t x76;
|
1838
|
+
uint64_t x77;
|
1839
|
+
uint64_t x78;
|
1840
|
+
uint64_t x79;
|
1841
|
+
uint64_t x80;
|
1842
|
+
fiat_p256_uint1 x81;
|
1843
|
+
uint64_t x82;
|
1844
|
+
fiat_p256_uint1 x83;
|
1845
|
+
uint64_t x84;
|
1846
|
+
fiat_p256_uint1 x85;
|
1847
|
+
uint64_t x86;
|
1848
|
+
fiat_p256_uint1 x87;
|
1849
|
+
uint64_t x88;
|
1850
|
+
fiat_p256_uint1 x89;
|
1851
|
+
uint64_t x90;
|
1852
|
+
uint64_t x91;
|
1853
|
+
uint64_t x92;
|
1854
|
+
uint64_t x93;
|
1855
|
+
uint64_t x94;
|
1856
|
+
fiat_p256_uint1 x95;
|
1857
|
+
uint64_t x96;
|
1858
|
+
fiat_p256_uint1 x97;
|
1859
|
+
uint64_t x98;
|
1860
|
+
fiat_p256_uint1 x99;
|
1861
|
+
uint64_t x100;
|
1862
|
+
fiat_p256_uint1 x101;
|
1863
|
+
uint64_t x102;
|
1864
|
+
fiat_p256_uint1 x103;
|
1865
|
+
uint64_t x104;
|
1866
|
+
fiat_p256_uint1 x105;
|
1867
|
+
uint64_t x106;
|
1868
|
+
fiat_p256_uint1 x107;
|
1869
|
+
uint64_t x108;
|
1870
|
+
fiat_p256_uint1 x109;
|
1871
|
+
uint64_t x110;
|
1872
|
+
fiat_p256_uint1 x111;
|
1873
|
+
uint64_t x112;
|
1874
|
+
fiat_p256_uint1 x113;
|
1875
|
+
uint64_t x114;
|
1876
|
+
uint64_t x115;
|
1877
|
+
uint64_t x116;
|
1878
|
+
uint64_t x117;
|
1879
|
+
uint64_t x118;
|
1880
|
+
uint64_t x119;
|
1881
|
+
uint64_t x120;
|
1882
|
+
uint64_t x121;
|
1883
|
+
uint64_t x122;
|
1884
|
+
uint64_t x123;
|
1885
|
+
uint64_t x124;
|
1886
|
+
uint64_t x125;
|
1887
|
+
uint64_t x126;
|
1888
|
+
fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1);
|
1889
|
+
x3 = (fiat_p256_uint1)((fiat_p256_uint1)(x1 >> 63) & (fiat_p256_uint1)((arg3[0]) & 0x1));
|
1890
|
+
fiat_p256_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1);
|
1891
|
+
fiat_p256_cmovznz_u64(&x6, x3, arg1, x4);
|
1892
|
+
fiat_p256_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0]));
|
1893
|
+
fiat_p256_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1]));
|
1894
|
+
fiat_p256_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2]));
|
1895
|
+
fiat_p256_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3]));
|
1896
|
+
fiat_p256_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4]));
|
1897
|
+
fiat_p256_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0])));
|
1898
|
+
fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1])));
|
1899
|
+
fiat_p256_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2])));
|
1900
|
+
fiat_p256_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3])));
|
1901
|
+
fiat_p256_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4])));
|
1902
|
+
fiat_p256_cmovznz_u64(&x22, x3, (arg3[0]), x12);
|
1903
|
+
fiat_p256_cmovznz_u64(&x23, x3, (arg3[1]), x14);
|
1904
|
+
fiat_p256_cmovznz_u64(&x24, x3, (arg3[2]), x16);
|
1905
|
+
fiat_p256_cmovznz_u64(&x25, x3, (arg3[3]), x18);
|
1906
|
+
fiat_p256_cmovznz_u64(&x26, x3, (arg3[4]), x20);
|
1907
|
+
fiat_p256_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0]));
|
1908
|
+
fiat_p256_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1]));
|
1909
|
+
fiat_p256_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2]));
|
1910
|
+
fiat_p256_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3]));
|
1911
|
+
fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x27, x27);
|
1912
|
+
fiat_p256_addcarryx_u64(&x33, &x34, x32, x28, x28);
|
1913
|
+
fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x29);
|
1914
|
+
fiat_p256_addcarryx_u64(&x37, &x38, x36, x30, x30);
|
1915
|
+
fiat_p256_subborrowx_u64(&x39, &x40, 0x0, x31, UINT64_C(0xffffffffffffffff));
|
1916
|
+
fiat_p256_subborrowx_u64(&x41, &x42, x40, x33, UINT32_C(0xffffffff));
|
1917
|
+
fiat_p256_subborrowx_u64(&x43, &x44, x42, x35, 0x0);
|
1918
|
+
fiat_p256_subborrowx_u64(&x45, &x46, x44, x37, UINT64_C(0xffffffff00000001));
|
1919
|
+
fiat_p256_subborrowx_u64(&x47, &x48, x46, x38, 0x0);
|
1920
|
+
x49 = (arg4[3]);
|
1921
|
+
x50 = (arg4[2]);
|
1922
|
+
x51 = (arg4[1]);
|
1923
|
+
x52 = (arg4[0]);
|
1924
|
+
fiat_p256_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52);
|
1925
|
+
fiat_p256_subborrowx_u64(&x55, &x56, x54, 0x0, x51);
|
1926
|
+
fiat_p256_subborrowx_u64(&x57, &x58, x56, 0x0, x50);
|
1927
|
+
fiat_p256_subborrowx_u64(&x59, &x60, x58, 0x0, x49);
|
1928
|
+
fiat_p256_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff));
|
1929
|
+
fiat_p256_addcarryx_u64(&x62, &x63, 0x0, x53, x61);
|
1930
|
+
fiat_p256_addcarryx_u64(&x64, &x65, x63, x55, (x61 & UINT32_C(0xffffffff)));
|
1931
|
+
fiat_p256_addcarryx_u64(&x66, &x67, x65, x57, 0x0);
|
1932
|
+
fiat_p256_addcarryx_u64(&x68, &x69, x67, x59, (x61 & UINT64_C(0xffffffff00000001)));
|
1933
|
+
fiat_p256_cmovznz_u64(&x70, x3, (arg5[0]), x62);
|
1934
|
+
fiat_p256_cmovznz_u64(&x71, x3, (arg5[1]), x64);
|
1935
|
+
fiat_p256_cmovznz_u64(&x72, x3, (arg5[2]), x66);
|
1936
|
+
fiat_p256_cmovznz_u64(&x73, x3, (arg5[3]), x68);
|
1937
|
+
x74 = (fiat_p256_uint1)(x22 & 0x1);
|
1938
|
+
fiat_p256_cmovznz_u64(&x75, x74, 0x0, x7);
|
1939
|
+
fiat_p256_cmovznz_u64(&x76, x74, 0x0, x8);
|
1940
|
+
fiat_p256_cmovznz_u64(&x77, x74, 0x0, x9);
|
1941
|
+
fiat_p256_cmovznz_u64(&x78, x74, 0x0, x10);
|
1942
|
+
fiat_p256_cmovznz_u64(&x79, x74, 0x0, x11);
|
1943
|
+
fiat_p256_addcarryx_u64(&x80, &x81, 0x0, x22, x75);
|
1944
|
+
fiat_p256_addcarryx_u64(&x82, &x83, x81, x23, x76);
|
1945
|
+
fiat_p256_addcarryx_u64(&x84, &x85, x83, x24, x77);
|
1946
|
+
fiat_p256_addcarryx_u64(&x86, &x87, x85, x25, x78);
|
1947
|
+
fiat_p256_addcarryx_u64(&x88, &x89, x87, x26, x79);
|
1948
|
+
fiat_p256_cmovznz_u64(&x90, x74, 0x0, x27);
|
1949
|
+
fiat_p256_cmovznz_u64(&x91, x74, 0x0, x28);
|
1950
|
+
fiat_p256_cmovznz_u64(&x92, x74, 0x0, x29);
|
1951
|
+
fiat_p256_cmovznz_u64(&x93, x74, 0x0, x30);
|
1952
|
+
fiat_p256_addcarryx_u64(&x94, &x95, 0x0, x70, x90);
|
1953
|
+
fiat_p256_addcarryx_u64(&x96, &x97, x95, x71, x91);
|
1954
|
+
fiat_p256_addcarryx_u64(&x98, &x99, x97, x72, x92);
|
1955
|
+
fiat_p256_addcarryx_u64(&x100, &x101, x99, x73, x93);
|
1956
|
+
fiat_p256_subborrowx_u64(&x102, &x103, 0x0, x94, UINT64_C(0xffffffffffffffff));
|
1957
|
+
fiat_p256_subborrowx_u64(&x104, &x105, x103, x96, UINT32_C(0xffffffff));
|
1958
|
+
fiat_p256_subborrowx_u64(&x106, &x107, x105, x98, 0x0);
|
1959
|
+
fiat_p256_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffff00000001));
|
1960
|
+
fiat_p256_subborrowx_u64(&x110, &x111, x109, x101, 0x0);
|
1961
|
+
fiat_p256_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1);
|
1962
|
+
x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff)));
|
1963
|
+
x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff)));
|
1964
|
+
x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff)));
|
1965
|
+
x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff)));
|
1966
|
+
x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1));
|
1967
|
+
fiat_p256_cmovznz_u64(&x119, x48, x39, x31);
|
1968
|
+
fiat_p256_cmovznz_u64(&x120, x48, x41, x33);
|
1969
|
+
fiat_p256_cmovznz_u64(&x121, x48, x43, x35);
|
1970
|
+
fiat_p256_cmovznz_u64(&x122, x48, x45, x37);
|
1971
|
+
fiat_p256_cmovznz_u64(&x123, x111, x102, x94);
|
1972
|
+
fiat_p256_cmovznz_u64(&x124, x111, x104, x96);
|
1973
|
+
fiat_p256_cmovznz_u64(&x125, x111, x106, x98);
|
1974
|
+
fiat_p256_cmovznz_u64(&x126, x111, x108, x100);
|
1975
|
+
*out1 = x112;
|
1976
|
+
out2[0] = x7;
|
1977
|
+
out2[1] = x8;
|
1978
|
+
out2[2] = x9;
|
1979
|
+
out2[3] = x10;
|
1980
|
+
out2[4] = x11;
|
1981
|
+
out3[0] = x114;
|
1982
|
+
out3[1] = x115;
|
1983
|
+
out3[2] = x116;
|
1984
|
+
out3[3] = x117;
|
1985
|
+
out3[4] = x118;
|
1986
|
+
out4[0] = x119;
|
1987
|
+
out4[1] = x120;
|
1988
|
+
out4[2] = x121;
|
1989
|
+
out4[3] = x122;
|
1990
|
+
out5[0] = x123;
|
1991
|
+
out5[1] = x124;
|
1992
|
+
out5[2] = x125;
|
1993
|
+
out5[3] = x126;
|
1225
1994
|
}
|
1226
1995
|
|
1996
|
+
/*
|
1997
|
+
* The function fiat_p256_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form).
|
1998
|
+
*
|
1999
|
+
* Postconditions:
|
2000
|
+
* eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋)
|
2001
|
+
* 0 ≤ eval out1 < m
|
2002
|
+
*
|
2003
|
+
* Output Bounds:
|
2004
|
+
* out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
|
2005
|
+
*/
|
2006
|
+
static FIAT_P256_FIAT_INLINE void fiat_p256_divstep_precomp(uint64_t out1[4]) {
|
2007
|
+
out1[0] = UINT64_C(0x67ffffffb8000000);
|
2008
|
+
out1[1] = UINT64_C(0xc000000038000000);
|
2009
|
+
out1[2] = UINT64_C(0xd80000007fffffff);
|
2010
|
+
out1[3] = UINT64_C(0x2fffffffffffffff);
|
2011
|
+
}
|