grpc 1.53.2 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -32
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +0 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +19 -55
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +0 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +0 -21
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
|
@@ -1,24 +1,51 @@
|
|
|
1
|
-
/* Autogenerated: src/ExtractionOCaml/unsaturated_solinas --static 25519
|
|
1
|
+
/* Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --inline --static --use-value-barrier 25519 32 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax carry_scmul121666 */
|
|
2
2
|
/* curve description: 25519 */
|
|
3
|
-
/* requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, carry_scmul121666 */
|
|
4
|
-
/* n = 10 (from "10") */
|
|
5
|
-
/* s-c = 2^255 - [(1, 19)] (from "2^255 - 19") */
|
|
6
3
|
/* machine_wordsize = 32 (from "32") */
|
|
7
|
-
|
|
4
|
+
/* requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax, carry_scmul121666 */
|
|
5
|
+
/* n = 10 (from "(auto)") */
|
|
6
|
+
/* s-c = 2^255 - [(1, 19)] (from "2^255 - 19") */
|
|
7
|
+
/* tight_bounds_multiplier = 1 (from "") */
|
|
8
|
+
/* */
|
|
8
9
|
/* Computed values: */
|
|
9
|
-
/*
|
|
10
|
+
/* carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1] */
|
|
11
|
+
/* eval z = z[0] + (z[1] << 26) + (z[2] << 51) + (z[3] << 77) + (z[4] << 102) + (z[5] << 128) + (z[6] << 153) + (z[7] << 179) + (z[8] << 204) + (z[9] << 230) */
|
|
12
|
+
/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */
|
|
13
|
+
/* balance = [0x7ffffda, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe] */
|
|
10
14
|
|
|
11
15
|
#include <stdint.h>
|
|
12
16
|
typedef unsigned char fiat_25519_uint1;
|
|
13
17
|
typedef signed char fiat_25519_int1;
|
|
18
|
+
#if defined(__GNUC__) || defined(__clang__)
|
|
19
|
+
# define FIAT_25519_FIAT_INLINE __inline__
|
|
20
|
+
#else
|
|
21
|
+
# define FIAT_25519_FIAT_INLINE
|
|
22
|
+
#endif
|
|
23
|
+
|
|
24
|
+
/* The type fiat_25519_loose_field_element is a field element with loose bounds. */
|
|
25
|
+
/* Bounds: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] */
|
|
26
|
+
typedef uint32_t fiat_25519_loose_field_element[10];
|
|
27
|
+
|
|
28
|
+
/* The type fiat_25519_tight_field_element is a field element with tight bounds. */
|
|
29
|
+
/* Bounds: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] */
|
|
30
|
+
typedef uint32_t fiat_25519_tight_field_element[10];
|
|
14
31
|
|
|
15
32
|
#if (-1 & 3) != 3
|
|
16
33
|
#error "This code only works on a two's complement system"
|
|
17
34
|
#endif
|
|
18
35
|
|
|
36
|
+
#if !defined(FIAT_25519_NO_ASM) && (defined(__GNUC__) || defined(__clang__))
|
|
37
|
+
static __inline__ uint32_t fiat_25519_value_barrier_u32(uint32_t a) {
|
|
38
|
+
__asm__("" : "+r"(a) : /* no inputs */);
|
|
39
|
+
return a;
|
|
40
|
+
}
|
|
41
|
+
#else
|
|
42
|
+
# define fiat_25519_value_barrier_u32(x) (x)
|
|
43
|
+
#endif
|
|
44
|
+
|
|
19
45
|
|
|
20
46
|
/*
|
|
21
47
|
* The function fiat_25519_addcarryx_u26 is an addition with carry.
|
|
48
|
+
*
|
|
22
49
|
* Postconditions:
|
|
23
50
|
* out1 = (arg1 + arg2 + arg3) mod 2^26
|
|
24
51
|
* out2 = ⌊(arg1 + arg2 + arg3) / 2^26⌋
|
|
@@ -31,16 +58,20 @@ typedef signed char fiat_25519_int1;
|
|
|
31
58
|
* out1: [0x0 ~> 0x3ffffff]
|
|
32
59
|
* out2: [0x0 ~> 0x1]
|
|
33
60
|
*/
|
|
34
|
-
static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
35
|
-
uint32_t x1
|
|
36
|
-
uint32_t x2
|
|
37
|
-
fiat_25519_uint1 x3
|
|
61
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
62
|
+
uint32_t x1;
|
|
63
|
+
uint32_t x2;
|
|
64
|
+
fiat_25519_uint1 x3;
|
|
65
|
+
x1 = ((arg1 + arg2) + arg3);
|
|
66
|
+
x2 = (x1 & UINT32_C(0x3ffffff));
|
|
67
|
+
x3 = (fiat_25519_uint1)(x1 >> 26);
|
|
38
68
|
*out1 = x2;
|
|
39
69
|
*out2 = x3;
|
|
40
70
|
}
|
|
41
71
|
|
|
42
72
|
/*
|
|
43
73
|
* The function fiat_25519_subborrowx_u26 is a subtraction with borrow.
|
|
74
|
+
*
|
|
44
75
|
* Postconditions:
|
|
45
76
|
* out1 = (-arg1 + arg2 + -arg3) mod 2^26
|
|
46
77
|
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^26⌋
|
|
@@ -53,16 +84,20 @@ static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fia
|
|
|
53
84
|
* out1: [0x0 ~> 0x3ffffff]
|
|
54
85
|
* out2: [0x0 ~> 0x1]
|
|
55
86
|
*/
|
|
56
|
-
static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
57
|
-
int32_t x1
|
|
58
|
-
fiat_25519_int1 x2
|
|
59
|
-
uint32_t x3
|
|
87
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
88
|
+
int32_t x1;
|
|
89
|
+
fiat_25519_int1 x2;
|
|
90
|
+
uint32_t x3;
|
|
91
|
+
x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
|
|
92
|
+
x2 = (fiat_25519_int1)(x1 >> 26);
|
|
93
|
+
x3 = (x1 & UINT32_C(0x3ffffff));
|
|
60
94
|
*out1 = x3;
|
|
61
95
|
*out2 = (fiat_25519_uint1)(0x0 - x2);
|
|
62
96
|
}
|
|
63
97
|
|
|
64
98
|
/*
|
|
65
99
|
* The function fiat_25519_addcarryx_u25 is an addition with carry.
|
|
100
|
+
*
|
|
66
101
|
* Postconditions:
|
|
67
102
|
* out1 = (arg1 + arg2 + arg3) mod 2^25
|
|
68
103
|
* out2 = ⌊(arg1 + arg2 + arg3) / 2^25⌋
|
|
@@ -75,16 +110,20 @@ static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fi
|
|
|
75
110
|
* out1: [0x0 ~> 0x1ffffff]
|
|
76
111
|
* out2: [0x0 ~> 0x1]
|
|
77
112
|
*/
|
|
78
|
-
static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
79
|
-
uint32_t x1
|
|
80
|
-
uint32_t x2
|
|
81
|
-
fiat_25519_uint1 x3
|
|
113
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
114
|
+
uint32_t x1;
|
|
115
|
+
uint32_t x2;
|
|
116
|
+
fiat_25519_uint1 x3;
|
|
117
|
+
x1 = ((arg1 + arg2) + arg3);
|
|
118
|
+
x2 = (x1 & UINT32_C(0x1ffffff));
|
|
119
|
+
x3 = (fiat_25519_uint1)(x1 >> 25);
|
|
82
120
|
*out1 = x2;
|
|
83
121
|
*out2 = x3;
|
|
84
122
|
}
|
|
85
123
|
|
|
86
124
|
/*
|
|
87
125
|
* The function fiat_25519_subborrowx_u25 is a subtraction with borrow.
|
|
126
|
+
*
|
|
88
127
|
* Postconditions:
|
|
89
128
|
* out1 = (-arg1 + arg2 + -arg3) mod 2^25
|
|
90
129
|
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^25⌋
|
|
@@ -97,16 +136,20 @@ static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fia
|
|
|
97
136
|
* out1: [0x0 ~> 0x1ffffff]
|
|
98
137
|
* out2: [0x0 ~> 0x1]
|
|
99
138
|
*/
|
|
100
|
-
static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
101
|
-
int32_t x1
|
|
102
|
-
fiat_25519_int1 x2
|
|
103
|
-
uint32_t x3
|
|
139
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
140
|
+
int32_t x1;
|
|
141
|
+
fiat_25519_int1 x2;
|
|
142
|
+
uint32_t x3;
|
|
143
|
+
x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
|
|
144
|
+
x2 = (fiat_25519_int1)(x1 >> 25);
|
|
145
|
+
x3 = (x1 & UINT32_C(0x1ffffff));
|
|
104
146
|
*out1 = x3;
|
|
105
147
|
*out2 = (fiat_25519_uint1)(0x0 - x2);
|
|
106
148
|
}
|
|
107
149
|
|
|
108
150
|
/*
|
|
109
151
|
* The function fiat_25519_cmovznz_u32 is a single-word conditional move.
|
|
152
|
+
*
|
|
110
153
|
* Postconditions:
|
|
111
154
|
* out1 = (if arg1 = 0 then arg2 else arg3)
|
|
112
155
|
*
|
|
@@ -117,178 +160,318 @@ static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fi
|
|
|
117
160
|
* Output Bounds:
|
|
118
161
|
* out1: [0x0 ~> 0xffffffff]
|
|
119
162
|
*/
|
|
120
|
-
static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
121
|
-
fiat_25519_uint1 x1
|
|
122
|
-
uint32_t x2
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
// to a cmov, it sometimes further transforms it into a branch, which we do
|
|
128
|
-
// not want.
|
|
129
|
-
uint32_t x3 = ((value_barrier_u32(x2) & arg3) | (value_barrier_u32(~x2) & arg2));
|
|
163
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
|
|
164
|
+
fiat_25519_uint1 x1;
|
|
165
|
+
uint32_t x2;
|
|
166
|
+
uint32_t x3;
|
|
167
|
+
x1 = (!(!arg1));
|
|
168
|
+
x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff));
|
|
169
|
+
x3 = ((fiat_25519_value_barrier_u32(x2) & arg3) | (fiat_25519_value_barrier_u32((~x2)) & arg2));
|
|
130
170
|
*out1 = x3;
|
|
131
171
|
}
|
|
132
172
|
|
|
133
173
|
/*
|
|
134
174
|
* The function fiat_25519_carry_mul multiplies two field elements and reduces the result.
|
|
175
|
+
*
|
|
135
176
|
* Postconditions:
|
|
136
177
|
* eval out1 mod m = (eval arg1 * eval arg2) mod m
|
|
137
178
|
*
|
|
138
|
-
* Input Bounds:
|
|
139
|
-
* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
140
|
-
* arg2: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
141
|
-
* Output Bounds:
|
|
142
|
-
* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
143
179
|
*/
|
|
144
|
-
static void fiat_25519_carry_mul(
|
|
145
|
-
uint64_t x1
|
|
146
|
-
uint64_t x2
|
|
147
|
-
uint64_t x3
|
|
148
|
-
uint64_t x4
|
|
149
|
-
uint64_t x5
|
|
150
|
-
uint64_t x6
|
|
151
|
-
uint64_t x7
|
|
152
|
-
uint64_t x8
|
|
153
|
-
uint64_t x9
|
|
154
|
-
uint64_t x10
|
|
155
|
-
uint64_t x11
|
|
156
|
-
uint64_t x12
|
|
157
|
-
uint64_t x13
|
|
158
|
-
uint64_t x14
|
|
159
|
-
uint64_t x15
|
|
160
|
-
uint64_t x16
|
|
161
|
-
uint64_t x17
|
|
162
|
-
uint64_t x18
|
|
163
|
-
uint64_t x19
|
|
164
|
-
uint64_t x20
|
|
165
|
-
uint64_t x21
|
|
166
|
-
uint64_t x22
|
|
167
|
-
uint64_t x23
|
|
168
|
-
uint64_t x24
|
|
169
|
-
uint64_t x25
|
|
170
|
-
uint64_t x26
|
|
171
|
-
uint64_t x27
|
|
172
|
-
uint64_t x28
|
|
173
|
-
uint64_t x29
|
|
174
|
-
uint64_t x30
|
|
175
|
-
uint64_t x31
|
|
176
|
-
uint64_t x32
|
|
177
|
-
uint64_t x33
|
|
178
|
-
uint64_t x34
|
|
179
|
-
uint64_t x35
|
|
180
|
-
uint64_t x36
|
|
181
|
-
uint64_t x37
|
|
182
|
-
uint64_t x38
|
|
183
|
-
uint64_t x39
|
|
184
|
-
uint64_t x40
|
|
185
|
-
uint64_t x41
|
|
186
|
-
uint64_t x42
|
|
187
|
-
uint64_t x43
|
|
188
|
-
uint64_t x44
|
|
189
|
-
uint64_t x45
|
|
190
|
-
uint64_t x46
|
|
191
|
-
uint64_t x47
|
|
192
|
-
uint64_t x48
|
|
193
|
-
uint64_t x49
|
|
194
|
-
uint64_t x50
|
|
195
|
-
uint64_t x51
|
|
196
|
-
uint64_t x52
|
|
197
|
-
uint64_t x53
|
|
198
|
-
uint64_t x54
|
|
199
|
-
uint64_t x55
|
|
200
|
-
uint64_t x56
|
|
201
|
-
uint64_t x57
|
|
202
|
-
uint64_t x58
|
|
203
|
-
uint64_t x59
|
|
204
|
-
uint64_t x60
|
|
205
|
-
uint64_t x61
|
|
206
|
-
uint64_t x62
|
|
207
|
-
uint64_t x63
|
|
208
|
-
uint64_t x64
|
|
209
|
-
uint64_t x65
|
|
210
|
-
uint64_t x66
|
|
211
|
-
uint64_t x67
|
|
212
|
-
uint64_t x68
|
|
213
|
-
uint64_t x69
|
|
214
|
-
uint64_t x70
|
|
215
|
-
uint64_t x71
|
|
216
|
-
uint64_t x72
|
|
217
|
-
uint64_t x73
|
|
218
|
-
uint64_t x74
|
|
219
|
-
uint64_t x75
|
|
220
|
-
uint64_t x76
|
|
221
|
-
uint64_t x77
|
|
222
|
-
uint64_t x78
|
|
223
|
-
uint64_t x79
|
|
224
|
-
uint64_t x80
|
|
225
|
-
uint64_t x81
|
|
226
|
-
uint64_t x82
|
|
227
|
-
uint64_t x83
|
|
228
|
-
uint64_t x84
|
|
229
|
-
uint64_t x85
|
|
230
|
-
uint64_t x86
|
|
231
|
-
uint64_t x87
|
|
232
|
-
uint64_t x88
|
|
233
|
-
uint64_t x89
|
|
234
|
-
uint64_t x90
|
|
235
|
-
uint64_t x91
|
|
236
|
-
uint64_t x92
|
|
237
|
-
uint64_t x93
|
|
238
|
-
uint64_t x94
|
|
239
|
-
uint64_t x95
|
|
240
|
-
uint64_t x96
|
|
241
|
-
uint64_t x97
|
|
242
|
-
uint64_t x98
|
|
243
|
-
uint64_t x99
|
|
244
|
-
uint64_t x100
|
|
245
|
-
uint64_t x101
|
|
246
|
-
uint64_t x102
|
|
247
|
-
uint32_t x103
|
|
248
|
-
uint64_t x104
|
|
249
|
-
uint64_t x105
|
|
250
|
-
uint64_t x106
|
|
251
|
-
uint64_t x107
|
|
252
|
-
uint64_t x108
|
|
253
|
-
uint64_t x109
|
|
254
|
-
uint64_t x110
|
|
255
|
-
uint64_t x111
|
|
256
|
-
uint64_t x112
|
|
257
|
-
uint64_t x113
|
|
258
|
-
uint64_t x114
|
|
259
|
-
uint32_t x115
|
|
260
|
-
uint64_t x116
|
|
261
|
-
uint64_t x117
|
|
262
|
-
uint32_t x118
|
|
263
|
-
uint64_t x119
|
|
264
|
-
uint64_t x120
|
|
265
|
-
uint32_t x121
|
|
266
|
-
uint64_t x122
|
|
267
|
-
uint64_t x123
|
|
268
|
-
uint32_t x124
|
|
269
|
-
uint64_t x125
|
|
270
|
-
uint64_t x126
|
|
271
|
-
uint32_t x127
|
|
272
|
-
uint64_t x128
|
|
273
|
-
uint64_t x129
|
|
274
|
-
uint32_t x130
|
|
275
|
-
uint64_t x131
|
|
276
|
-
uint64_t x132
|
|
277
|
-
uint32_t x133
|
|
278
|
-
uint64_t x134
|
|
279
|
-
uint64_t x135
|
|
280
|
-
uint32_t x136
|
|
281
|
-
uint64_t x137
|
|
282
|
-
uint64_t x138
|
|
283
|
-
uint32_t x139
|
|
284
|
-
uint64_t x140
|
|
285
|
-
uint64_t x141
|
|
286
|
-
uint32_t x142
|
|
287
|
-
uint32_t x143
|
|
288
|
-
uint32_t x144
|
|
289
|
-
fiat_25519_uint1 x145
|
|
290
|
-
uint32_t x146
|
|
291
|
-
uint32_t x147
|
|
180
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_carry_mul(fiat_25519_tight_field_element out1, const fiat_25519_loose_field_element arg1, const fiat_25519_loose_field_element arg2) {
|
|
181
|
+
uint64_t x1;
|
|
182
|
+
uint64_t x2;
|
|
183
|
+
uint64_t x3;
|
|
184
|
+
uint64_t x4;
|
|
185
|
+
uint64_t x5;
|
|
186
|
+
uint64_t x6;
|
|
187
|
+
uint64_t x7;
|
|
188
|
+
uint64_t x8;
|
|
189
|
+
uint64_t x9;
|
|
190
|
+
uint64_t x10;
|
|
191
|
+
uint64_t x11;
|
|
192
|
+
uint64_t x12;
|
|
193
|
+
uint64_t x13;
|
|
194
|
+
uint64_t x14;
|
|
195
|
+
uint64_t x15;
|
|
196
|
+
uint64_t x16;
|
|
197
|
+
uint64_t x17;
|
|
198
|
+
uint64_t x18;
|
|
199
|
+
uint64_t x19;
|
|
200
|
+
uint64_t x20;
|
|
201
|
+
uint64_t x21;
|
|
202
|
+
uint64_t x22;
|
|
203
|
+
uint64_t x23;
|
|
204
|
+
uint64_t x24;
|
|
205
|
+
uint64_t x25;
|
|
206
|
+
uint64_t x26;
|
|
207
|
+
uint64_t x27;
|
|
208
|
+
uint64_t x28;
|
|
209
|
+
uint64_t x29;
|
|
210
|
+
uint64_t x30;
|
|
211
|
+
uint64_t x31;
|
|
212
|
+
uint64_t x32;
|
|
213
|
+
uint64_t x33;
|
|
214
|
+
uint64_t x34;
|
|
215
|
+
uint64_t x35;
|
|
216
|
+
uint64_t x36;
|
|
217
|
+
uint64_t x37;
|
|
218
|
+
uint64_t x38;
|
|
219
|
+
uint64_t x39;
|
|
220
|
+
uint64_t x40;
|
|
221
|
+
uint64_t x41;
|
|
222
|
+
uint64_t x42;
|
|
223
|
+
uint64_t x43;
|
|
224
|
+
uint64_t x44;
|
|
225
|
+
uint64_t x45;
|
|
226
|
+
uint64_t x46;
|
|
227
|
+
uint64_t x47;
|
|
228
|
+
uint64_t x48;
|
|
229
|
+
uint64_t x49;
|
|
230
|
+
uint64_t x50;
|
|
231
|
+
uint64_t x51;
|
|
232
|
+
uint64_t x52;
|
|
233
|
+
uint64_t x53;
|
|
234
|
+
uint64_t x54;
|
|
235
|
+
uint64_t x55;
|
|
236
|
+
uint64_t x56;
|
|
237
|
+
uint64_t x57;
|
|
238
|
+
uint64_t x58;
|
|
239
|
+
uint64_t x59;
|
|
240
|
+
uint64_t x60;
|
|
241
|
+
uint64_t x61;
|
|
242
|
+
uint64_t x62;
|
|
243
|
+
uint64_t x63;
|
|
244
|
+
uint64_t x64;
|
|
245
|
+
uint64_t x65;
|
|
246
|
+
uint64_t x66;
|
|
247
|
+
uint64_t x67;
|
|
248
|
+
uint64_t x68;
|
|
249
|
+
uint64_t x69;
|
|
250
|
+
uint64_t x70;
|
|
251
|
+
uint64_t x71;
|
|
252
|
+
uint64_t x72;
|
|
253
|
+
uint64_t x73;
|
|
254
|
+
uint64_t x74;
|
|
255
|
+
uint64_t x75;
|
|
256
|
+
uint64_t x76;
|
|
257
|
+
uint64_t x77;
|
|
258
|
+
uint64_t x78;
|
|
259
|
+
uint64_t x79;
|
|
260
|
+
uint64_t x80;
|
|
261
|
+
uint64_t x81;
|
|
262
|
+
uint64_t x82;
|
|
263
|
+
uint64_t x83;
|
|
264
|
+
uint64_t x84;
|
|
265
|
+
uint64_t x85;
|
|
266
|
+
uint64_t x86;
|
|
267
|
+
uint64_t x87;
|
|
268
|
+
uint64_t x88;
|
|
269
|
+
uint64_t x89;
|
|
270
|
+
uint64_t x90;
|
|
271
|
+
uint64_t x91;
|
|
272
|
+
uint64_t x92;
|
|
273
|
+
uint64_t x93;
|
|
274
|
+
uint64_t x94;
|
|
275
|
+
uint64_t x95;
|
|
276
|
+
uint64_t x96;
|
|
277
|
+
uint64_t x97;
|
|
278
|
+
uint64_t x98;
|
|
279
|
+
uint64_t x99;
|
|
280
|
+
uint64_t x100;
|
|
281
|
+
uint64_t x101;
|
|
282
|
+
uint64_t x102;
|
|
283
|
+
uint32_t x103;
|
|
284
|
+
uint64_t x104;
|
|
285
|
+
uint64_t x105;
|
|
286
|
+
uint64_t x106;
|
|
287
|
+
uint64_t x107;
|
|
288
|
+
uint64_t x108;
|
|
289
|
+
uint64_t x109;
|
|
290
|
+
uint64_t x110;
|
|
291
|
+
uint64_t x111;
|
|
292
|
+
uint64_t x112;
|
|
293
|
+
uint64_t x113;
|
|
294
|
+
uint64_t x114;
|
|
295
|
+
uint32_t x115;
|
|
296
|
+
uint64_t x116;
|
|
297
|
+
uint64_t x117;
|
|
298
|
+
uint32_t x118;
|
|
299
|
+
uint64_t x119;
|
|
300
|
+
uint64_t x120;
|
|
301
|
+
uint32_t x121;
|
|
302
|
+
uint64_t x122;
|
|
303
|
+
uint64_t x123;
|
|
304
|
+
uint32_t x124;
|
|
305
|
+
uint64_t x125;
|
|
306
|
+
uint64_t x126;
|
|
307
|
+
uint32_t x127;
|
|
308
|
+
uint64_t x128;
|
|
309
|
+
uint64_t x129;
|
|
310
|
+
uint32_t x130;
|
|
311
|
+
uint64_t x131;
|
|
312
|
+
uint64_t x132;
|
|
313
|
+
uint32_t x133;
|
|
314
|
+
uint64_t x134;
|
|
315
|
+
uint64_t x135;
|
|
316
|
+
uint32_t x136;
|
|
317
|
+
uint64_t x137;
|
|
318
|
+
uint64_t x138;
|
|
319
|
+
uint32_t x139;
|
|
320
|
+
uint64_t x140;
|
|
321
|
+
uint64_t x141;
|
|
322
|
+
uint32_t x142;
|
|
323
|
+
uint32_t x143;
|
|
324
|
+
uint32_t x144;
|
|
325
|
+
fiat_25519_uint1 x145;
|
|
326
|
+
uint32_t x146;
|
|
327
|
+
uint32_t x147;
|
|
328
|
+
x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * UINT8_C(0x26)));
|
|
329
|
+
x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
330
|
+
x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * UINT8_C(0x26)));
|
|
331
|
+
x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * UINT8_C(0x13)));
|
|
332
|
+
x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * UINT8_C(0x26)));
|
|
333
|
+
x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
334
|
+
x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * UINT8_C(0x26)));
|
|
335
|
+
x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * UINT8_C(0x13)));
|
|
336
|
+
x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * UINT8_C(0x26)));
|
|
337
|
+
x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * UINT8_C(0x13)));
|
|
338
|
+
x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
339
|
+
x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * UINT8_C(0x13)));
|
|
340
|
+
x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * UINT8_C(0x13)));
|
|
341
|
+
x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * UINT8_C(0x13)));
|
|
342
|
+
x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
343
|
+
x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * UINT8_C(0x13)));
|
|
344
|
+
x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * UINT8_C(0x13)));
|
|
345
|
+
x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * UINT8_C(0x26)));
|
|
346
|
+
x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
347
|
+
x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * UINT8_C(0x26)));
|
|
348
|
+
x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * UINT8_C(0x13)));
|
|
349
|
+
x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * UINT8_C(0x26)));
|
|
350
|
+
x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
351
|
+
x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * UINT8_C(0x26)));
|
|
352
|
+
x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * UINT8_C(0x13)));
|
|
353
|
+
x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
354
|
+
x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * UINT8_C(0x13)));
|
|
355
|
+
x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * UINT8_C(0x13)));
|
|
356
|
+
x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * UINT8_C(0x13)));
|
|
357
|
+
x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * UINT8_C(0x13)));
|
|
358
|
+
x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * UINT8_C(0x26)));
|
|
359
|
+
x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
360
|
+
x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * UINT8_C(0x26)));
|
|
361
|
+
x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * UINT8_C(0x13)));
|
|
362
|
+
x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * UINT8_C(0x26)));
|
|
363
|
+
x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * UINT8_C(0x13)));
|
|
364
|
+
x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
365
|
+
x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * UINT8_C(0x13)));
|
|
366
|
+
x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * UINT8_C(0x13)));
|
|
367
|
+
x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * UINT8_C(0x26)));
|
|
368
|
+
x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
369
|
+
x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * UINT8_C(0x26)));
|
|
370
|
+
x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * UINT8_C(0x13)));
|
|
371
|
+
x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * UINT8_C(0x13)));
|
|
372
|
+
x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * UINT8_C(0x26)));
|
|
373
|
+
x46 = ((uint64_t)(arg1[9]) * (arg2[0]));
|
|
374
|
+
x47 = ((uint64_t)(arg1[8]) * (arg2[1]));
|
|
375
|
+
x48 = ((uint64_t)(arg1[8]) * (arg2[0]));
|
|
376
|
+
x49 = ((uint64_t)(arg1[7]) * (arg2[2]));
|
|
377
|
+
x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * 0x2));
|
|
378
|
+
x51 = ((uint64_t)(arg1[7]) * (arg2[0]));
|
|
379
|
+
x52 = ((uint64_t)(arg1[6]) * (arg2[3]));
|
|
380
|
+
x53 = ((uint64_t)(arg1[6]) * (arg2[2]));
|
|
381
|
+
x54 = ((uint64_t)(arg1[6]) * (arg2[1]));
|
|
382
|
+
x55 = ((uint64_t)(arg1[6]) * (arg2[0]));
|
|
383
|
+
x56 = ((uint64_t)(arg1[5]) * (arg2[4]));
|
|
384
|
+
x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * 0x2));
|
|
385
|
+
x58 = ((uint64_t)(arg1[5]) * (arg2[2]));
|
|
386
|
+
x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * 0x2));
|
|
387
|
+
x60 = ((uint64_t)(arg1[5]) * (arg2[0]));
|
|
388
|
+
x61 = ((uint64_t)(arg1[4]) * (arg2[5]));
|
|
389
|
+
x62 = ((uint64_t)(arg1[4]) * (arg2[4]));
|
|
390
|
+
x63 = ((uint64_t)(arg1[4]) * (arg2[3]));
|
|
391
|
+
x64 = ((uint64_t)(arg1[4]) * (arg2[2]));
|
|
392
|
+
x65 = ((uint64_t)(arg1[4]) * (arg2[1]));
|
|
393
|
+
x66 = ((uint64_t)(arg1[4]) * (arg2[0]));
|
|
394
|
+
x67 = ((uint64_t)(arg1[3]) * (arg2[6]));
|
|
395
|
+
x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * 0x2));
|
|
396
|
+
x69 = ((uint64_t)(arg1[3]) * (arg2[4]));
|
|
397
|
+
x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * 0x2));
|
|
398
|
+
x71 = ((uint64_t)(arg1[3]) * (arg2[2]));
|
|
399
|
+
x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * 0x2));
|
|
400
|
+
x73 = ((uint64_t)(arg1[3]) * (arg2[0]));
|
|
401
|
+
x74 = ((uint64_t)(arg1[2]) * (arg2[7]));
|
|
402
|
+
x75 = ((uint64_t)(arg1[2]) * (arg2[6]));
|
|
403
|
+
x76 = ((uint64_t)(arg1[2]) * (arg2[5]));
|
|
404
|
+
x77 = ((uint64_t)(arg1[2]) * (arg2[4]));
|
|
405
|
+
x78 = ((uint64_t)(arg1[2]) * (arg2[3]));
|
|
406
|
+
x79 = ((uint64_t)(arg1[2]) * (arg2[2]));
|
|
407
|
+
x80 = ((uint64_t)(arg1[2]) * (arg2[1]));
|
|
408
|
+
x81 = ((uint64_t)(arg1[2]) * (arg2[0]));
|
|
409
|
+
x82 = ((uint64_t)(arg1[1]) * (arg2[8]));
|
|
410
|
+
x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * 0x2));
|
|
411
|
+
x84 = ((uint64_t)(arg1[1]) * (arg2[6]));
|
|
412
|
+
x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * 0x2));
|
|
413
|
+
x86 = ((uint64_t)(arg1[1]) * (arg2[4]));
|
|
414
|
+
x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * 0x2));
|
|
415
|
+
x88 = ((uint64_t)(arg1[1]) * (arg2[2]));
|
|
416
|
+
x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * 0x2));
|
|
417
|
+
x90 = ((uint64_t)(arg1[1]) * (arg2[0]));
|
|
418
|
+
x91 = ((uint64_t)(arg1[0]) * (arg2[9]));
|
|
419
|
+
x92 = ((uint64_t)(arg1[0]) * (arg2[8]));
|
|
420
|
+
x93 = ((uint64_t)(arg1[0]) * (arg2[7]));
|
|
421
|
+
x94 = ((uint64_t)(arg1[0]) * (arg2[6]));
|
|
422
|
+
x95 = ((uint64_t)(arg1[0]) * (arg2[5]));
|
|
423
|
+
x96 = ((uint64_t)(arg1[0]) * (arg2[4]));
|
|
424
|
+
x97 = ((uint64_t)(arg1[0]) * (arg2[3]));
|
|
425
|
+
x98 = ((uint64_t)(arg1[0]) * (arg2[2]));
|
|
426
|
+
x99 = ((uint64_t)(arg1[0]) * (arg2[1]));
|
|
427
|
+
x100 = ((uint64_t)(arg1[0]) * (arg2[0]));
|
|
428
|
+
x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9)))))))));
|
|
429
|
+
x102 = (x101 >> 26);
|
|
430
|
+
x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
|
|
431
|
+
x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46)))))))));
|
|
432
|
+
x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1)))))))));
|
|
433
|
+
x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2)))))))));
|
|
434
|
+
x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3)))))))));
|
|
435
|
+
x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4)))))))));
|
|
436
|
+
x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5)))))))));
|
|
437
|
+
x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6)))))))));
|
|
438
|
+
x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7)))))))));
|
|
439
|
+
x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8)))))))));
|
|
440
|
+
x113 = (x102 + x112);
|
|
441
|
+
x114 = (x113 >> 25);
|
|
442
|
+
x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff));
|
|
443
|
+
x116 = (x114 + x111);
|
|
444
|
+
x117 = (x116 >> 26);
|
|
445
|
+
x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff));
|
|
446
|
+
x119 = (x117 + x110);
|
|
447
|
+
x120 = (x119 >> 25);
|
|
448
|
+
x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff));
|
|
449
|
+
x122 = (x120 + x109);
|
|
450
|
+
x123 = (x122 >> 26);
|
|
451
|
+
x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff));
|
|
452
|
+
x125 = (x123 + x108);
|
|
453
|
+
x126 = (x125 >> 25);
|
|
454
|
+
x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff));
|
|
455
|
+
x128 = (x126 + x107);
|
|
456
|
+
x129 = (x128 >> 26);
|
|
457
|
+
x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff));
|
|
458
|
+
x131 = (x129 + x106);
|
|
459
|
+
x132 = (x131 >> 25);
|
|
460
|
+
x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff));
|
|
461
|
+
x134 = (x132 + x105);
|
|
462
|
+
x135 = (x134 >> 26);
|
|
463
|
+
x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff));
|
|
464
|
+
x137 = (x135 + x104);
|
|
465
|
+
x138 = (x137 >> 25);
|
|
466
|
+
x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff));
|
|
467
|
+
x140 = (x138 * UINT8_C(0x13));
|
|
468
|
+
x141 = (x103 + x140);
|
|
469
|
+
x142 = (uint32_t)(x141 >> 26);
|
|
470
|
+
x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff));
|
|
471
|
+
x144 = (x142 + x115);
|
|
472
|
+
x145 = (fiat_25519_uint1)(x144 >> 25);
|
|
473
|
+
x146 = (x144 & UINT32_C(0x1ffffff));
|
|
474
|
+
x147 = (x145 + x118);
|
|
292
475
|
out1[0] = x143;
|
|
293
476
|
out1[1] = x146;
|
|
294
477
|
out1[2] = x147;
|
|
@@ -303,135 +486,252 @@ static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], con
|
|
|
303
486
|
|
|
304
487
|
/*
|
|
305
488
|
* The function fiat_25519_carry_square squares a field element and reduces the result.
|
|
489
|
+
*
|
|
306
490
|
* Postconditions:
|
|
307
491
|
* eval out1 mod m = (eval arg1 * eval arg1) mod m
|
|
308
492
|
*
|
|
309
|
-
* Input Bounds:
|
|
310
|
-
* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
311
|
-
* Output Bounds:
|
|
312
|
-
* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
313
493
|
*/
|
|
314
|
-
static void fiat_25519_carry_square(
|
|
315
|
-
uint32_t x1
|
|
316
|
-
uint32_t x2
|
|
317
|
-
uint32_t x3
|
|
318
|
-
uint32_t x4
|
|
319
|
-
uint64_t x5
|
|
320
|
-
uint32_t x6
|
|
321
|
-
uint32_t x7
|
|
322
|
-
uint32_t x8
|
|
323
|
-
uint32_t x9
|
|
324
|
-
uint32_t x10
|
|
325
|
-
uint64_t x11
|
|
326
|
-
uint32_t x12
|
|
327
|
-
uint32_t x13
|
|
328
|
-
uint32_t x14
|
|
329
|
-
uint32_t x15
|
|
330
|
-
uint32_t x16
|
|
331
|
-
uint32_t x17
|
|
332
|
-
uint32_t x18
|
|
333
|
-
uint64_t x19
|
|
334
|
-
uint64_t x20
|
|
335
|
-
uint64_t x21
|
|
336
|
-
uint64_t x22
|
|
337
|
-
uint64_t x23
|
|
338
|
-
uint64_t x24
|
|
339
|
-
uint64_t x25
|
|
340
|
-
uint64_t x26
|
|
341
|
-
uint64_t x27
|
|
342
|
-
uint64_t x28
|
|
343
|
-
uint64_t x29
|
|
344
|
-
uint64_t x30
|
|
345
|
-
uint64_t x31
|
|
346
|
-
uint64_t x32
|
|
347
|
-
uint64_t x33
|
|
348
|
-
uint64_t x34
|
|
349
|
-
uint64_t x35
|
|
350
|
-
uint64_t x36
|
|
351
|
-
uint64_t x37
|
|
352
|
-
uint64_t x38
|
|
353
|
-
uint64_t x39
|
|
354
|
-
uint64_t x40
|
|
355
|
-
uint64_t x41
|
|
356
|
-
uint64_t x42
|
|
357
|
-
uint64_t x43
|
|
358
|
-
uint64_t x44
|
|
359
|
-
uint64_t x45
|
|
360
|
-
uint64_t x46
|
|
361
|
-
uint64_t x47
|
|
362
|
-
uint64_t x48
|
|
363
|
-
uint64_t x49
|
|
364
|
-
uint64_t x50
|
|
365
|
-
uint64_t x51
|
|
366
|
-
uint64_t x52
|
|
367
|
-
uint64_t x53
|
|
368
|
-
uint64_t x54
|
|
369
|
-
uint64_t x55
|
|
370
|
-
uint64_t x56
|
|
371
|
-
uint64_t x57
|
|
372
|
-
uint64_t x58
|
|
373
|
-
uint64_t x59
|
|
374
|
-
uint64_t x60
|
|
375
|
-
uint64_t x61
|
|
376
|
-
uint64_t x62
|
|
377
|
-
uint64_t x63
|
|
378
|
-
uint64_t x64
|
|
379
|
-
uint64_t x65
|
|
380
|
-
uint64_t x66
|
|
381
|
-
uint64_t x67
|
|
382
|
-
uint64_t x68
|
|
383
|
-
uint64_t x69
|
|
384
|
-
uint64_t x70
|
|
385
|
-
uint64_t x71
|
|
386
|
-
uint64_t x72
|
|
387
|
-
uint64_t x73
|
|
388
|
-
uint64_t x74
|
|
389
|
-
uint64_t x75
|
|
390
|
-
uint32_t x76
|
|
391
|
-
uint64_t x77
|
|
392
|
-
uint64_t x78
|
|
393
|
-
uint64_t x79
|
|
394
|
-
uint64_t x80
|
|
395
|
-
uint64_t x81
|
|
396
|
-
uint64_t x82
|
|
397
|
-
uint64_t x83
|
|
398
|
-
uint64_t x84
|
|
399
|
-
uint64_t x85
|
|
400
|
-
uint64_t x86
|
|
401
|
-
uint64_t x87
|
|
402
|
-
uint32_t x88
|
|
403
|
-
uint64_t x89
|
|
404
|
-
uint64_t x90
|
|
405
|
-
uint32_t x91
|
|
406
|
-
uint64_t x92
|
|
407
|
-
uint64_t x93
|
|
408
|
-
uint32_t x94
|
|
409
|
-
uint64_t x95
|
|
410
|
-
uint64_t x96
|
|
411
|
-
uint32_t x97
|
|
412
|
-
uint64_t x98
|
|
413
|
-
uint64_t x99
|
|
414
|
-
uint32_t x100
|
|
415
|
-
uint64_t x101
|
|
416
|
-
uint64_t x102
|
|
417
|
-
uint32_t x103
|
|
418
|
-
uint64_t x104
|
|
419
|
-
uint64_t x105
|
|
420
|
-
uint32_t x106
|
|
421
|
-
uint64_t x107
|
|
422
|
-
uint64_t x108
|
|
423
|
-
uint32_t x109
|
|
424
|
-
uint64_t x110
|
|
425
|
-
uint64_t x111
|
|
426
|
-
uint32_t x112
|
|
427
|
-
uint64_t x113
|
|
428
|
-
uint64_t x114
|
|
429
|
-
uint32_t x115
|
|
430
|
-
uint32_t x116
|
|
431
|
-
uint32_t x117
|
|
432
|
-
fiat_25519_uint1 x118
|
|
433
|
-
uint32_t x119
|
|
434
|
-
uint32_t x120
|
|
494
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_carry_square(fiat_25519_tight_field_element out1, const fiat_25519_loose_field_element arg1) {
|
|
495
|
+
uint32_t x1;
|
|
496
|
+
uint32_t x2;
|
|
497
|
+
uint32_t x3;
|
|
498
|
+
uint32_t x4;
|
|
499
|
+
uint64_t x5;
|
|
500
|
+
uint32_t x6;
|
|
501
|
+
uint32_t x7;
|
|
502
|
+
uint32_t x8;
|
|
503
|
+
uint32_t x9;
|
|
504
|
+
uint32_t x10;
|
|
505
|
+
uint64_t x11;
|
|
506
|
+
uint32_t x12;
|
|
507
|
+
uint32_t x13;
|
|
508
|
+
uint32_t x14;
|
|
509
|
+
uint32_t x15;
|
|
510
|
+
uint32_t x16;
|
|
511
|
+
uint32_t x17;
|
|
512
|
+
uint32_t x18;
|
|
513
|
+
uint64_t x19;
|
|
514
|
+
uint64_t x20;
|
|
515
|
+
uint64_t x21;
|
|
516
|
+
uint64_t x22;
|
|
517
|
+
uint64_t x23;
|
|
518
|
+
uint64_t x24;
|
|
519
|
+
uint64_t x25;
|
|
520
|
+
uint64_t x26;
|
|
521
|
+
uint64_t x27;
|
|
522
|
+
uint64_t x28;
|
|
523
|
+
uint64_t x29;
|
|
524
|
+
uint64_t x30;
|
|
525
|
+
uint64_t x31;
|
|
526
|
+
uint64_t x32;
|
|
527
|
+
uint64_t x33;
|
|
528
|
+
uint64_t x34;
|
|
529
|
+
uint64_t x35;
|
|
530
|
+
uint64_t x36;
|
|
531
|
+
uint64_t x37;
|
|
532
|
+
uint64_t x38;
|
|
533
|
+
uint64_t x39;
|
|
534
|
+
uint64_t x40;
|
|
535
|
+
uint64_t x41;
|
|
536
|
+
uint64_t x42;
|
|
537
|
+
uint64_t x43;
|
|
538
|
+
uint64_t x44;
|
|
539
|
+
uint64_t x45;
|
|
540
|
+
uint64_t x46;
|
|
541
|
+
uint64_t x47;
|
|
542
|
+
uint64_t x48;
|
|
543
|
+
uint64_t x49;
|
|
544
|
+
uint64_t x50;
|
|
545
|
+
uint64_t x51;
|
|
546
|
+
uint64_t x52;
|
|
547
|
+
uint64_t x53;
|
|
548
|
+
uint64_t x54;
|
|
549
|
+
uint64_t x55;
|
|
550
|
+
uint64_t x56;
|
|
551
|
+
uint64_t x57;
|
|
552
|
+
uint64_t x58;
|
|
553
|
+
uint64_t x59;
|
|
554
|
+
uint64_t x60;
|
|
555
|
+
uint64_t x61;
|
|
556
|
+
uint64_t x62;
|
|
557
|
+
uint64_t x63;
|
|
558
|
+
uint64_t x64;
|
|
559
|
+
uint64_t x65;
|
|
560
|
+
uint64_t x66;
|
|
561
|
+
uint64_t x67;
|
|
562
|
+
uint64_t x68;
|
|
563
|
+
uint64_t x69;
|
|
564
|
+
uint64_t x70;
|
|
565
|
+
uint64_t x71;
|
|
566
|
+
uint64_t x72;
|
|
567
|
+
uint64_t x73;
|
|
568
|
+
uint64_t x74;
|
|
569
|
+
uint64_t x75;
|
|
570
|
+
uint32_t x76;
|
|
571
|
+
uint64_t x77;
|
|
572
|
+
uint64_t x78;
|
|
573
|
+
uint64_t x79;
|
|
574
|
+
uint64_t x80;
|
|
575
|
+
uint64_t x81;
|
|
576
|
+
uint64_t x82;
|
|
577
|
+
uint64_t x83;
|
|
578
|
+
uint64_t x84;
|
|
579
|
+
uint64_t x85;
|
|
580
|
+
uint64_t x86;
|
|
581
|
+
uint64_t x87;
|
|
582
|
+
uint32_t x88;
|
|
583
|
+
uint64_t x89;
|
|
584
|
+
uint64_t x90;
|
|
585
|
+
uint32_t x91;
|
|
586
|
+
uint64_t x92;
|
|
587
|
+
uint64_t x93;
|
|
588
|
+
uint32_t x94;
|
|
589
|
+
uint64_t x95;
|
|
590
|
+
uint64_t x96;
|
|
591
|
+
uint32_t x97;
|
|
592
|
+
uint64_t x98;
|
|
593
|
+
uint64_t x99;
|
|
594
|
+
uint32_t x100;
|
|
595
|
+
uint64_t x101;
|
|
596
|
+
uint64_t x102;
|
|
597
|
+
uint32_t x103;
|
|
598
|
+
uint64_t x104;
|
|
599
|
+
uint64_t x105;
|
|
600
|
+
uint32_t x106;
|
|
601
|
+
uint64_t x107;
|
|
602
|
+
uint64_t x108;
|
|
603
|
+
uint32_t x109;
|
|
604
|
+
uint64_t x110;
|
|
605
|
+
uint64_t x111;
|
|
606
|
+
uint32_t x112;
|
|
607
|
+
uint64_t x113;
|
|
608
|
+
uint64_t x114;
|
|
609
|
+
uint32_t x115;
|
|
610
|
+
uint32_t x116;
|
|
611
|
+
uint32_t x117;
|
|
612
|
+
fiat_25519_uint1 x118;
|
|
613
|
+
uint32_t x119;
|
|
614
|
+
uint32_t x120;
|
|
615
|
+
x1 = ((arg1[9]) * UINT8_C(0x13));
|
|
616
|
+
x2 = (x1 * 0x2);
|
|
617
|
+
x3 = ((arg1[9]) * 0x2);
|
|
618
|
+
x4 = ((arg1[8]) * UINT8_C(0x13));
|
|
619
|
+
x5 = ((uint64_t)x4 * 0x2);
|
|
620
|
+
x6 = ((arg1[8]) * 0x2);
|
|
621
|
+
x7 = ((arg1[7]) * UINT8_C(0x13));
|
|
622
|
+
x8 = (x7 * 0x2);
|
|
623
|
+
x9 = ((arg1[7]) * 0x2);
|
|
624
|
+
x10 = ((arg1[6]) * UINT8_C(0x13));
|
|
625
|
+
x11 = ((uint64_t)x10 * 0x2);
|
|
626
|
+
x12 = ((arg1[6]) * 0x2);
|
|
627
|
+
x13 = ((arg1[5]) * UINT8_C(0x13));
|
|
628
|
+
x14 = ((arg1[5]) * 0x2);
|
|
629
|
+
x15 = ((arg1[4]) * 0x2);
|
|
630
|
+
x16 = ((arg1[3]) * 0x2);
|
|
631
|
+
x17 = ((arg1[2]) * 0x2);
|
|
632
|
+
x18 = ((arg1[1]) * 0x2);
|
|
633
|
+
x19 = ((uint64_t)(arg1[9]) * (x1 * 0x2));
|
|
634
|
+
x20 = ((uint64_t)(arg1[8]) * x2);
|
|
635
|
+
x21 = ((uint64_t)(arg1[8]) * x4);
|
|
636
|
+
x22 = ((arg1[7]) * ((uint64_t)x2 * 0x2));
|
|
637
|
+
x23 = ((arg1[7]) * x5);
|
|
638
|
+
x24 = ((uint64_t)(arg1[7]) * (x7 * 0x2));
|
|
639
|
+
x25 = ((uint64_t)(arg1[6]) * x2);
|
|
640
|
+
x26 = ((arg1[6]) * x5);
|
|
641
|
+
x27 = ((uint64_t)(arg1[6]) * x8);
|
|
642
|
+
x28 = ((uint64_t)(arg1[6]) * x10);
|
|
643
|
+
x29 = ((arg1[5]) * ((uint64_t)x2 * 0x2));
|
|
644
|
+
x30 = ((arg1[5]) * x5);
|
|
645
|
+
x31 = ((arg1[5]) * ((uint64_t)x8 * 0x2));
|
|
646
|
+
x32 = ((arg1[5]) * x11);
|
|
647
|
+
x33 = ((uint64_t)(arg1[5]) * (x13 * 0x2));
|
|
648
|
+
x34 = ((uint64_t)(arg1[4]) * x2);
|
|
649
|
+
x35 = ((arg1[4]) * x5);
|
|
650
|
+
x36 = ((uint64_t)(arg1[4]) * x8);
|
|
651
|
+
x37 = ((arg1[4]) * x11);
|
|
652
|
+
x38 = ((uint64_t)(arg1[4]) * x14);
|
|
653
|
+
x39 = ((uint64_t)(arg1[4]) * (arg1[4]));
|
|
654
|
+
x40 = ((arg1[3]) * ((uint64_t)x2 * 0x2));
|
|
655
|
+
x41 = ((arg1[3]) * x5);
|
|
656
|
+
x42 = ((arg1[3]) * ((uint64_t)x8 * 0x2));
|
|
657
|
+
x43 = ((uint64_t)(arg1[3]) * x12);
|
|
658
|
+
x44 = ((uint64_t)(arg1[3]) * (x14 * 0x2));
|
|
659
|
+
x45 = ((uint64_t)(arg1[3]) * x15);
|
|
660
|
+
x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * 0x2));
|
|
661
|
+
x47 = ((uint64_t)(arg1[2]) * x2);
|
|
662
|
+
x48 = ((arg1[2]) * x5);
|
|
663
|
+
x49 = ((uint64_t)(arg1[2]) * x9);
|
|
664
|
+
x50 = ((uint64_t)(arg1[2]) * x12);
|
|
665
|
+
x51 = ((uint64_t)(arg1[2]) * x14);
|
|
666
|
+
x52 = ((uint64_t)(arg1[2]) * x15);
|
|
667
|
+
x53 = ((uint64_t)(arg1[2]) * x16);
|
|
668
|
+
x54 = ((uint64_t)(arg1[2]) * (arg1[2]));
|
|
669
|
+
x55 = ((arg1[1]) * ((uint64_t)x2 * 0x2));
|
|
670
|
+
x56 = ((uint64_t)(arg1[1]) * x6);
|
|
671
|
+
x57 = ((uint64_t)(arg1[1]) * (x9 * 0x2));
|
|
672
|
+
x58 = ((uint64_t)(arg1[1]) * x12);
|
|
673
|
+
x59 = ((uint64_t)(arg1[1]) * (x14 * 0x2));
|
|
674
|
+
x60 = ((uint64_t)(arg1[1]) * x15);
|
|
675
|
+
x61 = ((uint64_t)(arg1[1]) * (x16 * 0x2));
|
|
676
|
+
x62 = ((uint64_t)(arg1[1]) * x17);
|
|
677
|
+
x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * 0x2));
|
|
678
|
+
x64 = ((uint64_t)(arg1[0]) * x3);
|
|
679
|
+
x65 = ((uint64_t)(arg1[0]) * x6);
|
|
680
|
+
x66 = ((uint64_t)(arg1[0]) * x9);
|
|
681
|
+
x67 = ((uint64_t)(arg1[0]) * x12);
|
|
682
|
+
x68 = ((uint64_t)(arg1[0]) * x14);
|
|
683
|
+
x69 = ((uint64_t)(arg1[0]) * x15);
|
|
684
|
+
x70 = ((uint64_t)(arg1[0]) * x16);
|
|
685
|
+
x71 = ((uint64_t)(arg1[0]) * x17);
|
|
686
|
+
x72 = ((uint64_t)(arg1[0]) * x18);
|
|
687
|
+
x73 = ((uint64_t)(arg1[0]) * (arg1[0]));
|
|
688
|
+
x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33)))));
|
|
689
|
+
x75 = (x74 >> 26);
|
|
690
|
+
x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff));
|
|
691
|
+
x77 = (x64 + (x56 + (x49 + (x43 + x38))));
|
|
692
|
+
x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19)))));
|
|
693
|
+
x79 = (x66 + (x58 + (x51 + (x45 + x20))));
|
|
694
|
+
x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21)))));
|
|
695
|
+
x81 = (x68 + (x60 + (x53 + (x25 + x23))));
|
|
696
|
+
x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24)))));
|
|
697
|
+
x83 = (x70 + (x62 + (x34 + (x30 + x27))));
|
|
698
|
+
x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28)))));
|
|
699
|
+
x85 = (x72 + (x47 + (x41 + (x36 + x32))));
|
|
700
|
+
x86 = (x75 + x85);
|
|
701
|
+
x87 = (x86 >> 25);
|
|
702
|
+
x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff));
|
|
703
|
+
x89 = (x87 + x84);
|
|
704
|
+
x90 = (x89 >> 26);
|
|
705
|
+
x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff));
|
|
706
|
+
x92 = (x90 + x83);
|
|
707
|
+
x93 = (x92 >> 25);
|
|
708
|
+
x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff));
|
|
709
|
+
x95 = (x93 + x82);
|
|
710
|
+
x96 = (x95 >> 26);
|
|
711
|
+
x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff));
|
|
712
|
+
x98 = (x96 + x81);
|
|
713
|
+
x99 = (x98 >> 25);
|
|
714
|
+
x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff));
|
|
715
|
+
x101 = (x99 + x80);
|
|
716
|
+
x102 = (x101 >> 26);
|
|
717
|
+
x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
|
|
718
|
+
x104 = (x102 + x79);
|
|
719
|
+
x105 = (x104 >> 25);
|
|
720
|
+
x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff));
|
|
721
|
+
x107 = (x105 + x78);
|
|
722
|
+
x108 = (x107 >> 26);
|
|
723
|
+
x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff));
|
|
724
|
+
x110 = (x108 + x77);
|
|
725
|
+
x111 = (x110 >> 25);
|
|
726
|
+
x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff));
|
|
727
|
+
x113 = (x111 * UINT8_C(0x13));
|
|
728
|
+
x114 = (x76 + x113);
|
|
729
|
+
x115 = (uint32_t)(x114 >> 26);
|
|
730
|
+
x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff));
|
|
731
|
+
x117 = (x115 + x88);
|
|
732
|
+
x118 = (fiat_25519_uint1)(x117 >> 25);
|
|
733
|
+
x119 = (x117 & UINT32_C(0x1ffffff));
|
|
734
|
+
x120 = (x118 + x91);
|
|
435
735
|
out1[0] = x116;
|
|
436
736
|
out1[1] = x119;
|
|
437
737
|
out1[2] = x120;
|
|
@@ -446,37 +746,56 @@ static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10])
|
|
|
446
746
|
|
|
447
747
|
/*
|
|
448
748
|
* The function fiat_25519_carry reduces a field element.
|
|
749
|
+
*
|
|
449
750
|
* Postconditions:
|
|
450
751
|
* eval out1 mod m = eval arg1 mod m
|
|
451
752
|
*
|
|
452
|
-
* Input Bounds:
|
|
453
|
-
* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
454
|
-
* Output Bounds:
|
|
455
|
-
* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
456
753
|
*/
|
|
457
|
-
static void fiat_25519_carry(
|
|
458
|
-
uint32_t x1
|
|
459
|
-
uint32_t x2
|
|
460
|
-
uint32_t x3
|
|
461
|
-
uint32_t x4
|
|
462
|
-
uint32_t x5
|
|
463
|
-
uint32_t x6
|
|
464
|
-
uint32_t x7
|
|
465
|
-
uint32_t x8
|
|
466
|
-
uint32_t x9
|
|
467
|
-
uint32_t x10
|
|
468
|
-
uint32_t x11
|
|
469
|
-
uint32_t x12
|
|
470
|
-
uint32_t x13
|
|
471
|
-
uint32_t x14
|
|
472
|
-
uint32_t x15
|
|
473
|
-
uint32_t x16
|
|
474
|
-
uint32_t x17
|
|
475
|
-
uint32_t x18
|
|
476
|
-
uint32_t x19
|
|
477
|
-
uint32_t x20
|
|
478
|
-
uint32_t x21
|
|
479
|
-
uint32_t x22
|
|
754
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_carry(fiat_25519_tight_field_element out1, const fiat_25519_loose_field_element arg1) {
|
|
755
|
+
uint32_t x1;
|
|
756
|
+
uint32_t x2;
|
|
757
|
+
uint32_t x3;
|
|
758
|
+
uint32_t x4;
|
|
759
|
+
uint32_t x5;
|
|
760
|
+
uint32_t x6;
|
|
761
|
+
uint32_t x7;
|
|
762
|
+
uint32_t x8;
|
|
763
|
+
uint32_t x9;
|
|
764
|
+
uint32_t x10;
|
|
765
|
+
uint32_t x11;
|
|
766
|
+
uint32_t x12;
|
|
767
|
+
uint32_t x13;
|
|
768
|
+
uint32_t x14;
|
|
769
|
+
uint32_t x15;
|
|
770
|
+
uint32_t x16;
|
|
771
|
+
uint32_t x17;
|
|
772
|
+
uint32_t x18;
|
|
773
|
+
uint32_t x19;
|
|
774
|
+
uint32_t x20;
|
|
775
|
+
uint32_t x21;
|
|
776
|
+
uint32_t x22;
|
|
777
|
+
x1 = (arg1[0]);
|
|
778
|
+
x2 = ((x1 >> 26) + (arg1[1]));
|
|
779
|
+
x3 = ((x2 >> 25) + (arg1[2]));
|
|
780
|
+
x4 = ((x3 >> 26) + (arg1[3]));
|
|
781
|
+
x5 = ((x4 >> 25) + (arg1[4]));
|
|
782
|
+
x6 = ((x5 >> 26) + (arg1[5]));
|
|
783
|
+
x7 = ((x6 >> 25) + (arg1[6]));
|
|
784
|
+
x8 = ((x7 >> 26) + (arg1[7]));
|
|
785
|
+
x9 = ((x8 >> 25) + (arg1[8]));
|
|
786
|
+
x10 = ((x9 >> 26) + (arg1[9]));
|
|
787
|
+
x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * UINT8_C(0x13)));
|
|
788
|
+
x12 = ((fiat_25519_uint1)(x11 >> 26) + (x2 & UINT32_C(0x1ffffff)));
|
|
789
|
+
x13 = (x11 & UINT32_C(0x3ffffff));
|
|
790
|
+
x14 = (x12 & UINT32_C(0x1ffffff));
|
|
791
|
+
x15 = ((fiat_25519_uint1)(x12 >> 25) + (x3 & UINT32_C(0x3ffffff)));
|
|
792
|
+
x16 = (x4 & UINT32_C(0x1ffffff));
|
|
793
|
+
x17 = (x5 & UINT32_C(0x3ffffff));
|
|
794
|
+
x18 = (x6 & UINT32_C(0x1ffffff));
|
|
795
|
+
x19 = (x7 & UINT32_C(0x3ffffff));
|
|
796
|
+
x20 = (x8 & UINT32_C(0x1ffffff));
|
|
797
|
+
x21 = (x9 & UINT32_C(0x3ffffff));
|
|
798
|
+
x22 = (x10 & UINT32_C(0x1ffffff));
|
|
480
799
|
out1[0] = x13;
|
|
481
800
|
out1[1] = x14;
|
|
482
801
|
out1[2] = x15;
|
|
@@ -491,26 +810,32 @@ static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) {
|
|
|
491
810
|
|
|
492
811
|
/*
|
|
493
812
|
* The function fiat_25519_add adds two field elements.
|
|
813
|
+
*
|
|
494
814
|
* Postconditions:
|
|
495
815
|
* eval out1 mod m = (eval arg1 + eval arg2) mod m
|
|
496
816
|
*
|
|
497
|
-
* Input Bounds:
|
|
498
|
-
* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
499
|
-
* arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
500
|
-
* Output Bounds:
|
|
501
|
-
* out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
502
817
|
*/
|
|
503
|
-
static void fiat_25519_add(
|
|
504
|
-
uint32_t x1
|
|
505
|
-
uint32_t x2
|
|
506
|
-
uint32_t x3
|
|
507
|
-
uint32_t x4
|
|
508
|
-
uint32_t x5
|
|
509
|
-
uint32_t x6
|
|
510
|
-
uint32_t x7
|
|
511
|
-
uint32_t x8
|
|
512
|
-
uint32_t x9
|
|
513
|
-
uint32_t x10
|
|
818
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_add(fiat_25519_loose_field_element out1, const fiat_25519_tight_field_element arg1, const fiat_25519_tight_field_element arg2) {
|
|
819
|
+
uint32_t x1;
|
|
820
|
+
uint32_t x2;
|
|
821
|
+
uint32_t x3;
|
|
822
|
+
uint32_t x4;
|
|
823
|
+
uint32_t x5;
|
|
824
|
+
uint32_t x6;
|
|
825
|
+
uint32_t x7;
|
|
826
|
+
uint32_t x8;
|
|
827
|
+
uint32_t x9;
|
|
828
|
+
uint32_t x10;
|
|
829
|
+
x1 = ((arg1[0]) + (arg2[0]));
|
|
830
|
+
x2 = ((arg1[1]) + (arg2[1]));
|
|
831
|
+
x3 = ((arg1[2]) + (arg2[2]));
|
|
832
|
+
x4 = ((arg1[3]) + (arg2[3]));
|
|
833
|
+
x5 = ((arg1[4]) + (arg2[4]));
|
|
834
|
+
x6 = ((arg1[5]) + (arg2[5]));
|
|
835
|
+
x7 = ((arg1[6]) + (arg2[6]));
|
|
836
|
+
x8 = ((arg1[7]) + (arg2[7]));
|
|
837
|
+
x9 = ((arg1[8]) + (arg2[8]));
|
|
838
|
+
x10 = ((arg1[9]) + (arg2[9]));
|
|
514
839
|
out1[0] = x1;
|
|
515
840
|
out1[1] = x2;
|
|
516
841
|
out1[2] = x3;
|
|
@@ -525,26 +850,32 @@ static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uin
|
|
|
525
850
|
|
|
526
851
|
/*
|
|
527
852
|
* The function fiat_25519_sub subtracts two field elements.
|
|
853
|
+
*
|
|
528
854
|
* Postconditions:
|
|
529
855
|
* eval out1 mod m = (eval arg1 - eval arg2) mod m
|
|
530
856
|
*
|
|
531
|
-
* Input Bounds:
|
|
532
|
-
* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
533
|
-
* arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
534
|
-
* Output Bounds:
|
|
535
|
-
* out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
536
857
|
*/
|
|
537
|
-
static void fiat_25519_sub(
|
|
538
|
-
uint32_t x1
|
|
539
|
-
uint32_t x2
|
|
540
|
-
uint32_t x3
|
|
541
|
-
uint32_t x4
|
|
542
|
-
uint32_t x5
|
|
543
|
-
uint32_t x6
|
|
544
|
-
uint32_t x7
|
|
545
|
-
uint32_t x8
|
|
546
|
-
uint32_t x9
|
|
547
|
-
uint32_t x10
|
|
858
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_sub(fiat_25519_loose_field_element out1, const fiat_25519_tight_field_element arg1, const fiat_25519_tight_field_element arg2) {
|
|
859
|
+
uint32_t x1;
|
|
860
|
+
uint32_t x2;
|
|
861
|
+
uint32_t x3;
|
|
862
|
+
uint32_t x4;
|
|
863
|
+
uint32_t x5;
|
|
864
|
+
uint32_t x6;
|
|
865
|
+
uint32_t x7;
|
|
866
|
+
uint32_t x8;
|
|
867
|
+
uint32_t x9;
|
|
868
|
+
uint32_t x10;
|
|
869
|
+
x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0]));
|
|
870
|
+
x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1]));
|
|
871
|
+
x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2]));
|
|
872
|
+
x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3]));
|
|
873
|
+
x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4]));
|
|
874
|
+
x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5]));
|
|
875
|
+
x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6]));
|
|
876
|
+
x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7]));
|
|
877
|
+
x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8]));
|
|
878
|
+
x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9]));
|
|
548
879
|
out1[0] = x1;
|
|
549
880
|
out1[1] = x2;
|
|
550
881
|
out1[2] = x3;
|
|
@@ -559,25 +890,32 @@ static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uin
|
|
|
559
890
|
|
|
560
891
|
/*
|
|
561
892
|
* The function fiat_25519_opp negates a field element.
|
|
893
|
+
*
|
|
562
894
|
* Postconditions:
|
|
563
895
|
* eval out1 mod m = -eval arg1 mod m
|
|
564
896
|
*
|
|
565
|
-
* Input Bounds:
|
|
566
|
-
* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
567
|
-
* Output Bounds:
|
|
568
|
-
* out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
569
897
|
*/
|
|
570
|
-
static void fiat_25519_opp(
|
|
571
|
-
uint32_t x1
|
|
572
|
-
uint32_t x2
|
|
573
|
-
uint32_t x3
|
|
574
|
-
uint32_t x4
|
|
575
|
-
uint32_t x5
|
|
576
|
-
uint32_t x6
|
|
577
|
-
uint32_t x7
|
|
578
|
-
uint32_t x8
|
|
579
|
-
uint32_t x9
|
|
580
|
-
uint32_t x10
|
|
898
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_opp(fiat_25519_loose_field_element out1, const fiat_25519_tight_field_element arg1) {
|
|
899
|
+
uint32_t x1;
|
|
900
|
+
uint32_t x2;
|
|
901
|
+
uint32_t x3;
|
|
902
|
+
uint32_t x4;
|
|
903
|
+
uint32_t x5;
|
|
904
|
+
uint32_t x6;
|
|
905
|
+
uint32_t x7;
|
|
906
|
+
uint32_t x8;
|
|
907
|
+
uint32_t x9;
|
|
908
|
+
uint32_t x10;
|
|
909
|
+
x1 = (UINT32_C(0x7ffffda) - (arg1[0]));
|
|
910
|
+
x2 = (UINT32_C(0x3fffffe) - (arg1[1]));
|
|
911
|
+
x3 = (UINT32_C(0x7fffffe) - (arg1[2]));
|
|
912
|
+
x4 = (UINT32_C(0x3fffffe) - (arg1[3]));
|
|
913
|
+
x5 = (UINT32_C(0x7fffffe) - (arg1[4]));
|
|
914
|
+
x6 = (UINT32_C(0x3fffffe) - (arg1[5]));
|
|
915
|
+
x7 = (UINT32_C(0x7fffffe) - (arg1[6]));
|
|
916
|
+
x8 = (UINT32_C(0x3fffffe) - (arg1[7]));
|
|
917
|
+
x9 = (UINT32_C(0x7fffffe) - (arg1[8]));
|
|
918
|
+
x10 = (UINT32_C(0x3fffffe) - (arg1[9]));
|
|
581
919
|
out1[0] = x1;
|
|
582
920
|
out1[1] = x2;
|
|
583
921
|
out1[2] = x3;
|
|
@@ -592,6 +930,7 @@ static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) {
|
|
|
592
930
|
|
|
593
931
|
/*
|
|
594
932
|
* The function fiat_25519_selectznz is a multi-limb conditional select.
|
|
933
|
+
*
|
|
595
934
|
* Postconditions:
|
|
596
935
|
* eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
|
|
597
936
|
*
|
|
@@ -602,26 +941,26 @@ static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) {
|
|
|
602
941
|
* Output Bounds:
|
|
603
942
|
* out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
|
|
604
943
|
*/
|
|
605
|
-
static void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const uint32_t arg2[10], const uint32_t arg3[10]) {
|
|
944
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const uint32_t arg2[10], const uint32_t arg3[10]) {
|
|
606
945
|
uint32_t x1;
|
|
607
|
-
fiat_25519_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0]));
|
|
608
946
|
uint32_t x2;
|
|
609
|
-
fiat_25519_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1]));
|
|
610
947
|
uint32_t x3;
|
|
611
|
-
fiat_25519_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2]));
|
|
612
948
|
uint32_t x4;
|
|
613
|
-
fiat_25519_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3]));
|
|
614
949
|
uint32_t x5;
|
|
615
|
-
fiat_25519_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4]));
|
|
616
950
|
uint32_t x6;
|
|
617
|
-
fiat_25519_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5]));
|
|
618
951
|
uint32_t x7;
|
|
619
|
-
fiat_25519_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6]));
|
|
620
952
|
uint32_t x8;
|
|
621
|
-
fiat_25519_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7]));
|
|
622
953
|
uint32_t x9;
|
|
623
|
-
fiat_25519_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8]));
|
|
624
954
|
uint32_t x10;
|
|
955
|
+
fiat_25519_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0]));
|
|
956
|
+
fiat_25519_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1]));
|
|
957
|
+
fiat_25519_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2]));
|
|
958
|
+
fiat_25519_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3]));
|
|
959
|
+
fiat_25519_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4]));
|
|
960
|
+
fiat_25519_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5]));
|
|
961
|
+
fiat_25519_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6]));
|
|
962
|
+
fiat_25519_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7]));
|
|
963
|
+
fiat_25519_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8]));
|
|
625
964
|
fiat_25519_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9]));
|
|
626
965
|
out1[0] = x1;
|
|
627
966
|
out1[1] = x2;
|
|
@@ -637,336 +976,582 @@ static void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const
|
|
|
637
976
|
|
|
638
977
|
/*
|
|
639
978
|
* The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order.
|
|
979
|
+
*
|
|
640
980
|
* Postconditions:
|
|
641
981
|
* out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31]
|
|
642
982
|
*
|
|
643
|
-
* Input Bounds:
|
|
644
|
-
* arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
645
983
|
* Output Bounds:
|
|
646
984
|
* out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
|
|
647
985
|
*/
|
|
648
|
-
static void fiat_25519_to_bytes(uint8_t out1[32], const
|
|
986
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_to_bytes(uint8_t out1[32], const fiat_25519_tight_field_element arg1) {
|
|
649
987
|
uint32_t x1;
|
|
650
988
|
fiat_25519_uint1 x2;
|
|
651
|
-
fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed));
|
|
652
989
|
uint32_t x3;
|
|
653
990
|
fiat_25519_uint1 x4;
|
|
654
|
-
fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff));
|
|
655
991
|
uint32_t x5;
|
|
656
992
|
fiat_25519_uint1 x6;
|
|
657
|
-
fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff));
|
|
658
993
|
uint32_t x7;
|
|
659
994
|
fiat_25519_uint1 x8;
|
|
660
|
-
fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff));
|
|
661
995
|
uint32_t x9;
|
|
662
996
|
fiat_25519_uint1 x10;
|
|
663
|
-
fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff));
|
|
664
997
|
uint32_t x11;
|
|
665
998
|
fiat_25519_uint1 x12;
|
|
666
|
-
fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff));
|
|
667
999
|
uint32_t x13;
|
|
668
1000
|
fiat_25519_uint1 x14;
|
|
669
|
-
fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff));
|
|
670
1001
|
uint32_t x15;
|
|
671
1002
|
fiat_25519_uint1 x16;
|
|
672
|
-
fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff));
|
|
673
1003
|
uint32_t x17;
|
|
674
1004
|
fiat_25519_uint1 x18;
|
|
675
|
-
fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff));
|
|
676
1005
|
uint32_t x19;
|
|
677
1006
|
fiat_25519_uint1 x20;
|
|
678
|
-
fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff));
|
|
679
1007
|
uint32_t x21;
|
|
680
|
-
fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff));
|
|
681
1008
|
uint32_t x22;
|
|
682
1009
|
fiat_25519_uint1 x23;
|
|
683
|
-
fiat_25519_addcarryx_u26(&x22, &x23, 0x0, x1, (x21 & UINT32_C(0x3ffffed)));
|
|
684
1010
|
uint32_t x24;
|
|
685
1011
|
fiat_25519_uint1 x25;
|
|
686
|
-
fiat_25519_addcarryx_u25(&x24, &x25, x23, x3, (x21 & UINT32_C(0x1ffffff)));
|
|
687
1012
|
uint32_t x26;
|
|
688
1013
|
fiat_25519_uint1 x27;
|
|
689
|
-
fiat_25519_addcarryx_u26(&x26, &x27, x25, x5, (x21 & UINT32_C(0x3ffffff)));
|
|
690
1014
|
uint32_t x28;
|
|
691
1015
|
fiat_25519_uint1 x29;
|
|
692
|
-
fiat_25519_addcarryx_u25(&x28, &x29, x27, x7, (x21 & UINT32_C(0x1ffffff)));
|
|
693
1016
|
uint32_t x30;
|
|
694
1017
|
fiat_25519_uint1 x31;
|
|
695
|
-
fiat_25519_addcarryx_u26(&x30, &x31, x29, x9, (x21 & UINT32_C(0x3ffffff)));
|
|
696
1018
|
uint32_t x32;
|
|
697
1019
|
fiat_25519_uint1 x33;
|
|
698
|
-
fiat_25519_addcarryx_u25(&x32, &x33, x31, x11, (x21 & UINT32_C(0x1ffffff)));
|
|
699
1020
|
uint32_t x34;
|
|
700
1021
|
fiat_25519_uint1 x35;
|
|
701
|
-
fiat_25519_addcarryx_u26(&x34, &x35, x33, x13, (x21 & UINT32_C(0x3ffffff)));
|
|
702
1022
|
uint32_t x36;
|
|
703
1023
|
fiat_25519_uint1 x37;
|
|
704
|
-
fiat_25519_addcarryx_u25(&x36, &x37, x35, x15, (x21 & UINT32_C(0x1ffffff)));
|
|
705
1024
|
uint32_t x38;
|
|
706
1025
|
fiat_25519_uint1 x39;
|
|
707
|
-
fiat_25519_addcarryx_u26(&x38, &x39, x37, x17, (x21 & UINT32_C(0x3ffffff)));
|
|
708
1026
|
uint32_t x40;
|
|
709
1027
|
fiat_25519_uint1 x41;
|
|
1028
|
+
uint32_t x42;
|
|
1029
|
+
uint32_t x43;
|
|
1030
|
+
uint32_t x44;
|
|
1031
|
+
uint32_t x45;
|
|
1032
|
+
uint32_t x46;
|
|
1033
|
+
uint32_t x47;
|
|
1034
|
+
uint32_t x48;
|
|
1035
|
+
uint32_t x49;
|
|
1036
|
+
uint8_t x50;
|
|
1037
|
+
uint32_t x51;
|
|
1038
|
+
uint8_t x52;
|
|
1039
|
+
uint32_t x53;
|
|
1040
|
+
uint8_t x54;
|
|
1041
|
+
uint8_t x55;
|
|
1042
|
+
uint32_t x56;
|
|
1043
|
+
uint8_t x57;
|
|
1044
|
+
uint32_t x58;
|
|
1045
|
+
uint8_t x59;
|
|
1046
|
+
uint32_t x60;
|
|
1047
|
+
uint8_t x61;
|
|
1048
|
+
uint8_t x62;
|
|
1049
|
+
uint32_t x63;
|
|
1050
|
+
uint8_t x64;
|
|
1051
|
+
uint32_t x65;
|
|
1052
|
+
uint8_t x66;
|
|
1053
|
+
uint32_t x67;
|
|
1054
|
+
uint8_t x68;
|
|
1055
|
+
uint8_t x69;
|
|
1056
|
+
uint32_t x70;
|
|
1057
|
+
uint8_t x71;
|
|
1058
|
+
uint32_t x72;
|
|
1059
|
+
uint8_t x73;
|
|
1060
|
+
uint32_t x74;
|
|
1061
|
+
uint8_t x75;
|
|
1062
|
+
uint8_t x76;
|
|
1063
|
+
uint32_t x77;
|
|
1064
|
+
uint8_t x78;
|
|
1065
|
+
uint32_t x79;
|
|
1066
|
+
uint8_t x80;
|
|
1067
|
+
uint32_t x81;
|
|
1068
|
+
uint8_t x82;
|
|
1069
|
+
uint8_t x83;
|
|
1070
|
+
uint8_t x84;
|
|
1071
|
+
uint32_t x85;
|
|
1072
|
+
uint8_t x86;
|
|
1073
|
+
uint32_t x87;
|
|
1074
|
+
uint8_t x88;
|
|
1075
|
+
fiat_25519_uint1 x89;
|
|
1076
|
+
uint32_t x90;
|
|
1077
|
+
uint8_t x91;
|
|
1078
|
+
uint32_t x92;
|
|
1079
|
+
uint8_t x93;
|
|
1080
|
+
uint32_t x94;
|
|
1081
|
+
uint8_t x95;
|
|
1082
|
+
uint8_t x96;
|
|
1083
|
+
uint32_t x97;
|
|
1084
|
+
uint8_t x98;
|
|
1085
|
+
uint32_t x99;
|
|
1086
|
+
uint8_t x100;
|
|
1087
|
+
uint32_t x101;
|
|
1088
|
+
uint8_t x102;
|
|
1089
|
+
uint8_t x103;
|
|
1090
|
+
uint32_t x104;
|
|
1091
|
+
uint8_t x105;
|
|
1092
|
+
uint32_t x106;
|
|
1093
|
+
uint8_t x107;
|
|
1094
|
+
uint32_t x108;
|
|
1095
|
+
uint8_t x109;
|
|
1096
|
+
uint8_t x110;
|
|
1097
|
+
uint32_t x111;
|
|
1098
|
+
uint8_t x112;
|
|
1099
|
+
uint32_t x113;
|
|
1100
|
+
uint8_t x114;
|
|
1101
|
+
uint32_t x115;
|
|
1102
|
+
uint8_t x116;
|
|
1103
|
+
uint8_t x117;
|
|
1104
|
+
fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed));
|
|
1105
|
+
fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff));
|
|
1106
|
+
fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff));
|
|
1107
|
+
fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff));
|
|
1108
|
+
fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff));
|
|
1109
|
+
fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff));
|
|
1110
|
+
fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff));
|
|
1111
|
+
fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff));
|
|
1112
|
+
fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff));
|
|
1113
|
+
fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff));
|
|
1114
|
+
fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff));
|
|
1115
|
+
fiat_25519_addcarryx_u26(&x22, &x23, 0x0, x1, (x21 & UINT32_C(0x3ffffed)));
|
|
1116
|
+
fiat_25519_addcarryx_u25(&x24, &x25, x23, x3, (x21 & UINT32_C(0x1ffffff)));
|
|
1117
|
+
fiat_25519_addcarryx_u26(&x26, &x27, x25, x5, (x21 & UINT32_C(0x3ffffff)));
|
|
1118
|
+
fiat_25519_addcarryx_u25(&x28, &x29, x27, x7, (x21 & UINT32_C(0x1ffffff)));
|
|
1119
|
+
fiat_25519_addcarryx_u26(&x30, &x31, x29, x9, (x21 & UINT32_C(0x3ffffff)));
|
|
1120
|
+
fiat_25519_addcarryx_u25(&x32, &x33, x31, x11, (x21 & UINT32_C(0x1ffffff)));
|
|
1121
|
+
fiat_25519_addcarryx_u26(&x34, &x35, x33, x13, (x21 & UINT32_C(0x3ffffff)));
|
|
1122
|
+
fiat_25519_addcarryx_u25(&x36, &x37, x35, x15, (x21 & UINT32_C(0x1ffffff)));
|
|
1123
|
+
fiat_25519_addcarryx_u26(&x38, &x39, x37, x17, (x21 & UINT32_C(0x3ffffff)));
|
|
710
1124
|
fiat_25519_addcarryx_u25(&x40, &x41, x39, x19, (x21 & UINT32_C(0x1ffffff)));
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
728
|
-
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
out1[
|
|
789
|
-
out1[
|
|
790
|
-
out1[
|
|
791
|
-
out1[
|
|
792
|
-
out1[
|
|
793
|
-
out1[
|
|
794
|
-
out1[
|
|
795
|
-
out1[
|
|
796
|
-
out1[
|
|
797
|
-
out1[
|
|
798
|
-
out1[
|
|
799
|
-
out1[
|
|
800
|
-
out1[
|
|
801
|
-
out1[
|
|
802
|
-
out1[
|
|
803
|
-
out1[
|
|
804
|
-
out1[
|
|
805
|
-
out1[
|
|
806
|
-
out1[
|
|
807
|
-
out1[
|
|
808
|
-
out1[
|
|
809
|
-
out1[
|
|
810
|
-
out1[
|
|
811
|
-
out1[
|
|
812
|
-
out1[
|
|
813
|
-
out1[
|
|
814
|
-
out1[
|
|
815
|
-
out1[
|
|
816
|
-
out1[
|
|
817
|
-
out1[
|
|
818
|
-
out1[30] = x118;
|
|
1125
|
+
x42 = (x40 << 6);
|
|
1126
|
+
x43 = (x38 << 4);
|
|
1127
|
+
x44 = (x36 << 3);
|
|
1128
|
+
x45 = (x34 * (uint32_t)0x2);
|
|
1129
|
+
x46 = (x30 << 6);
|
|
1130
|
+
x47 = (x28 << 5);
|
|
1131
|
+
x48 = (x26 << 3);
|
|
1132
|
+
x49 = (x24 << 2);
|
|
1133
|
+
x50 = (uint8_t)(x22 & UINT8_C(0xff));
|
|
1134
|
+
x51 = (x22 >> 8);
|
|
1135
|
+
x52 = (uint8_t)(x51 & UINT8_C(0xff));
|
|
1136
|
+
x53 = (x51 >> 8);
|
|
1137
|
+
x54 = (uint8_t)(x53 & UINT8_C(0xff));
|
|
1138
|
+
x55 = (uint8_t)(x53 >> 8);
|
|
1139
|
+
x56 = (x49 + (uint32_t)x55);
|
|
1140
|
+
x57 = (uint8_t)(x56 & UINT8_C(0xff));
|
|
1141
|
+
x58 = (x56 >> 8);
|
|
1142
|
+
x59 = (uint8_t)(x58 & UINT8_C(0xff));
|
|
1143
|
+
x60 = (x58 >> 8);
|
|
1144
|
+
x61 = (uint8_t)(x60 & UINT8_C(0xff));
|
|
1145
|
+
x62 = (uint8_t)(x60 >> 8);
|
|
1146
|
+
x63 = (x48 + (uint32_t)x62);
|
|
1147
|
+
x64 = (uint8_t)(x63 & UINT8_C(0xff));
|
|
1148
|
+
x65 = (x63 >> 8);
|
|
1149
|
+
x66 = (uint8_t)(x65 & UINT8_C(0xff));
|
|
1150
|
+
x67 = (x65 >> 8);
|
|
1151
|
+
x68 = (uint8_t)(x67 & UINT8_C(0xff));
|
|
1152
|
+
x69 = (uint8_t)(x67 >> 8);
|
|
1153
|
+
x70 = (x47 + (uint32_t)x69);
|
|
1154
|
+
x71 = (uint8_t)(x70 & UINT8_C(0xff));
|
|
1155
|
+
x72 = (x70 >> 8);
|
|
1156
|
+
x73 = (uint8_t)(x72 & UINT8_C(0xff));
|
|
1157
|
+
x74 = (x72 >> 8);
|
|
1158
|
+
x75 = (uint8_t)(x74 & UINT8_C(0xff));
|
|
1159
|
+
x76 = (uint8_t)(x74 >> 8);
|
|
1160
|
+
x77 = (x46 + (uint32_t)x76);
|
|
1161
|
+
x78 = (uint8_t)(x77 & UINT8_C(0xff));
|
|
1162
|
+
x79 = (x77 >> 8);
|
|
1163
|
+
x80 = (uint8_t)(x79 & UINT8_C(0xff));
|
|
1164
|
+
x81 = (x79 >> 8);
|
|
1165
|
+
x82 = (uint8_t)(x81 & UINT8_C(0xff));
|
|
1166
|
+
x83 = (uint8_t)(x81 >> 8);
|
|
1167
|
+
x84 = (uint8_t)(x32 & UINT8_C(0xff));
|
|
1168
|
+
x85 = (x32 >> 8);
|
|
1169
|
+
x86 = (uint8_t)(x85 & UINT8_C(0xff));
|
|
1170
|
+
x87 = (x85 >> 8);
|
|
1171
|
+
x88 = (uint8_t)(x87 & UINT8_C(0xff));
|
|
1172
|
+
x89 = (fiat_25519_uint1)(x87 >> 8);
|
|
1173
|
+
x90 = (x45 + (uint32_t)x89);
|
|
1174
|
+
x91 = (uint8_t)(x90 & UINT8_C(0xff));
|
|
1175
|
+
x92 = (x90 >> 8);
|
|
1176
|
+
x93 = (uint8_t)(x92 & UINT8_C(0xff));
|
|
1177
|
+
x94 = (x92 >> 8);
|
|
1178
|
+
x95 = (uint8_t)(x94 & UINT8_C(0xff));
|
|
1179
|
+
x96 = (uint8_t)(x94 >> 8);
|
|
1180
|
+
x97 = (x44 + (uint32_t)x96);
|
|
1181
|
+
x98 = (uint8_t)(x97 & UINT8_C(0xff));
|
|
1182
|
+
x99 = (x97 >> 8);
|
|
1183
|
+
x100 = (uint8_t)(x99 & UINT8_C(0xff));
|
|
1184
|
+
x101 = (x99 >> 8);
|
|
1185
|
+
x102 = (uint8_t)(x101 & UINT8_C(0xff));
|
|
1186
|
+
x103 = (uint8_t)(x101 >> 8);
|
|
1187
|
+
x104 = (x43 + (uint32_t)x103);
|
|
1188
|
+
x105 = (uint8_t)(x104 & UINT8_C(0xff));
|
|
1189
|
+
x106 = (x104 >> 8);
|
|
1190
|
+
x107 = (uint8_t)(x106 & UINT8_C(0xff));
|
|
1191
|
+
x108 = (x106 >> 8);
|
|
1192
|
+
x109 = (uint8_t)(x108 & UINT8_C(0xff));
|
|
1193
|
+
x110 = (uint8_t)(x108 >> 8);
|
|
1194
|
+
x111 = (x42 + (uint32_t)x110);
|
|
1195
|
+
x112 = (uint8_t)(x111 & UINT8_C(0xff));
|
|
1196
|
+
x113 = (x111 >> 8);
|
|
1197
|
+
x114 = (uint8_t)(x113 & UINT8_C(0xff));
|
|
1198
|
+
x115 = (x113 >> 8);
|
|
1199
|
+
x116 = (uint8_t)(x115 & UINT8_C(0xff));
|
|
1200
|
+
x117 = (uint8_t)(x115 >> 8);
|
|
1201
|
+
out1[0] = x50;
|
|
1202
|
+
out1[1] = x52;
|
|
1203
|
+
out1[2] = x54;
|
|
1204
|
+
out1[3] = x57;
|
|
1205
|
+
out1[4] = x59;
|
|
1206
|
+
out1[5] = x61;
|
|
1207
|
+
out1[6] = x64;
|
|
1208
|
+
out1[7] = x66;
|
|
1209
|
+
out1[8] = x68;
|
|
1210
|
+
out1[9] = x71;
|
|
1211
|
+
out1[10] = x73;
|
|
1212
|
+
out1[11] = x75;
|
|
1213
|
+
out1[12] = x78;
|
|
1214
|
+
out1[13] = x80;
|
|
1215
|
+
out1[14] = x82;
|
|
1216
|
+
out1[15] = x83;
|
|
1217
|
+
out1[16] = x84;
|
|
1218
|
+
out1[17] = x86;
|
|
1219
|
+
out1[18] = x88;
|
|
1220
|
+
out1[19] = x91;
|
|
1221
|
+
out1[20] = x93;
|
|
1222
|
+
out1[21] = x95;
|
|
1223
|
+
out1[22] = x98;
|
|
1224
|
+
out1[23] = x100;
|
|
1225
|
+
out1[24] = x102;
|
|
1226
|
+
out1[25] = x105;
|
|
1227
|
+
out1[26] = x107;
|
|
1228
|
+
out1[27] = x109;
|
|
1229
|
+
out1[28] = x112;
|
|
1230
|
+
out1[29] = x114;
|
|
1231
|
+
out1[30] = x116;
|
|
819
1232
|
out1[31] = x117;
|
|
820
1233
|
}
|
|
821
1234
|
|
|
822
1235
|
/*
|
|
823
1236
|
* The function fiat_25519_from_bytes deserializes a field element from bytes in little-endian order.
|
|
1237
|
+
*
|
|
824
1238
|
* Postconditions:
|
|
825
1239
|
* eval out1 mod m = bytes_eval arg1 mod m
|
|
826
1240
|
*
|
|
827
1241
|
* Input Bounds:
|
|
828
1242
|
* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
|
|
829
|
-
* Output Bounds:
|
|
830
|
-
* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
831
1243
|
*/
|
|
832
|
-
static void fiat_25519_from_bytes(
|
|
833
|
-
uint32_t x1
|
|
834
|
-
uint32_t x2
|
|
835
|
-
uint32_t x3
|
|
836
|
-
uint32_t x4
|
|
837
|
-
uint32_t x5
|
|
838
|
-
uint32_t x6
|
|
839
|
-
uint32_t x7
|
|
840
|
-
uint32_t x8
|
|
841
|
-
uint32_t x9
|
|
842
|
-
uint32_t x10
|
|
843
|
-
uint32_t x11
|
|
844
|
-
uint32_t x12
|
|
845
|
-
uint32_t x13
|
|
846
|
-
uint32_t x14
|
|
847
|
-
uint32_t x15
|
|
848
|
-
uint8_t x16
|
|
849
|
-
uint32_t x17
|
|
850
|
-
uint32_t x18
|
|
851
|
-
uint32_t x19
|
|
852
|
-
uint32_t x20
|
|
853
|
-
uint32_t x21
|
|
854
|
-
uint32_t x22
|
|
855
|
-
uint32_t x23
|
|
856
|
-
uint32_t x24
|
|
857
|
-
uint32_t x25
|
|
858
|
-
uint32_t x26
|
|
859
|
-
uint32_t x27
|
|
860
|
-
uint32_t x28
|
|
861
|
-
uint32_t x29
|
|
862
|
-
uint32_t x30
|
|
863
|
-
uint32_t x31
|
|
864
|
-
uint8_t x32
|
|
865
|
-
uint32_t x33
|
|
866
|
-
|
|
867
|
-
uint32_t x35
|
|
868
|
-
uint32_t x36
|
|
869
|
-
|
|
870
|
-
uint32_t x38
|
|
871
|
-
uint32_t x39
|
|
872
|
-
uint32_t x40
|
|
873
|
-
uint32_t x41
|
|
874
|
-
|
|
875
|
-
uint32_t x43
|
|
876
|
-
uint32_t x44
|
|
877
|
-
uint32_t x45
|
|
878
|
-
|
|
879
|
-
|
|
880
|
-
uint32_t x48
|
|
881
|
-
|
|
882
|
-
uint32_t x50
|
|
883
|
-
uint32_t x51
|
|
884
|
-
uint8_t x52
|
|
885
|
-
uint32_t x53
|
|
886
|
-
uint32_t x54
|
|
887
|
-
uint32_t x55
|
|
888
|
-
|
|
889
|
-
uint32_t x57
|
|
890
|
-
uint32_t x58
|
|
891
|
-
|
|
892
|
-
|
|
893
|
-
uint32_t x61
|
|
894
|
-
|
|
895
|
-
uint32_t x63
|
|
896
|
-
uint32_t x64
|
|
897
|
-
uint8_t x65
|
|
898
|
-
uint32_t x66
|
|
899
|
-
uint32_t x67
|
|
900
|
-
|
|
901
|
-
|
|
902
|
-
|
|
903
|
-
|
|
1244
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_from_bytes(fiat_25519_tight_field_element out1, const uint8_t arg1[32]) {
|
|
1245
|
+
uint32_t x1;
|
|
1246
|
+
uint32_t x2;
|
|
1247
|
+
uint32_t x3;
|
|
1248
|
+
uint32_t x4;
|
|
1249
|
+
uint32_t x5;
|
|
1250
|
+
uint32_t x6;
|
|
1251
|
+
uint32_t x7;
|
|
1252
|
+
uint32_t x8;
|
|
1253
|
+
uint32_t x9;
|
|
1254
|
+
uint32_t x10;
|
|
1255
|
+
uint32_t x11;
|
|
1256
|
+
uint32_t x12;
|
|
1257
|
+
uint32_t x13;
|
|
1258
|
+
uint32_t x14;
|
|
1259
|
+
uint32_t x15;
|
|
1260
|
+
uint8_t x16;
|
|
1261
|
+
uint32_t x17;
|
|
1262
|
+
uint32_t x18;
|
|
1263
|
+
uint32_t x19;
|
|
1264
|
+
uint32_t x20;
|
|
1265
|
+
uint32_t x21;
|
|
1266
|
+
uint32_t x22;
|
|
1267
|
+
uint32_t x23;
|
|
1268
|
+
uint32_t x24;
|
|
1269
|
+
uint32_t x25;
|
|
1270
|
+
uint32_t x26;
|
|
1271
|
+
uint32_t x27;
|
|
1272
|
+
uint32_t x28;
|
|
1273
|
+
uint32_t x29;
|
|
1274
|
+
uint32_t x30;
|
|
1275
|
+
uint32_t x31;
|
|
1276
|
+
uint8_t x32;
|
|
1277
|
+
uint32_t x33;
|
|
1278
|
+
uint32_t x34;
|
|
1279
|
+
uint32_t x35;
|
|
1280
|
+
uint32_t x36;
|
|
1281
|
+
uint8_t x37;
|
|
1282
|
+
uint32_t x38;
|
|
1283
|
+
uint32_t x39;
|
|
1284
|
+
uint32_t x40;
|
|
1285
|
+
uint32_t x41;
|
|
1286
|
+
uint8_t x42;
|
|
1287
|
+
uint32_t x43;
|
|
1288
|
+
uint32_t x44;
|
|
1289
|
+
uint32_t x45;
|
|
1290
|
+
uint32_t x46;
|
|
1291
|
+
uint8_t x47;
|
|
1292
|
+
uint32_t x48;
|
|
1293
|
+
uint32_t x49;
|
|
1294
|
+
uint32_t x50;
|
|
1295
|
+
uint32_t x51;
|
|
1296
|
+
uint8_t x52;
|
|
1297
|
+
uint32_t x53;
|
|
1298
|
+
uint32_t x54;
|
|
1299
|
+
uint32_t x55;
|
|
1300
|
+
uint32_t x56;
|
|
1301
|
+
uint32_t x57;
|
|
1302
|
+
uint32_t x58;
|
|
1303
|
+
uint32_t x59;
|
|
1304
|
+
uint8_t x60;
|
|
1305
|
+
uint32_t x61;
|
|
1306
|
+
uint32_t x62;
|
|
1307
|
+
uint32_t x63;
|
|
1308
|
+
uint32_t x64;
|
|
1309
|
+
uint8_t x65;
|
|
1310
|
+
uint32_t x66;
|
|
1311
|
+
uint32_t x67;
|
|
1312
|
+
uint32_t x68;
|
|
1313
|
+
uint32_t x69;
|
|
1314
|
+
uint8_t x70;
|
|
1315
|
+
uint32_t x71;
|
|
1316
|
+
uint32_t x72;
|
|
1317
|
+
uint32_t x73;
|
|
1318
|
+
uint32_t x74;
|
|
1319
|
+
uint8_t x75;
|
|
1320
|
+
uint32_t x76;
|
|
1321
|
+
uint32_t x77;
|
|
1322
|
+
uint32_t x78;
|
|
1323
|
+
x1 = ((uint32_t)(arg1[31]) << 18);
|
|
1324
|
+
x2 = ((uint32_t)(arg1[30]) << 10);
|
|
1325
|
+
x3 = ((uint32_t)(arg1[29]) << 2);
|
|
1326
|
+
x4 = ((uint32_t)(arg1[28]) << 20);
|
|
1327
|
+
x5 = ((uint32_t)(arg1[27]) << 12);
|
|
1328
|
+
x6 = ((uint32_t)(arg1[26]) << 4);
|
|
1329
|
+
x7 = ((uint32_t)(arg1[25]) << 21);
|
|
1330
|
+
x8 = ((uint32_t)(arg1[24]) << 13);
|
|
1331
|
+
x9 = ((uint32_t)(arg1[23]) << 5);
|
|
1332
|
+
x10 = ((uint32_t)(arg1[22]) << 23);
|
|
1333
|
+
x11 = ((uint32_t)(arg1[21]) << 15);
|
|
1334
|
+
x12 = ((uint32_t)(arg1[20]) << 7);
|
|
1335
|
+
x13 = ((uint32_t)(arg1[19]) << 24);
|
|
1336
|
+
x14 = ((uint32_t)(arg1[18]) << 16);
|
|
1337
|
+
x15 = ((uint32_t)(arg1[17]) << 8);
|
|
1338
|
+
x16 = (arg1[16]);
|
|
1339
|
+
x17 = ((uint32_t)(arg1[15]) << 18);
|
|
1340
|
+
x18 = ((uint32_t)(arg1[14]) << 10);
|
|
1341
|
+
x19 = ((uint32_t)(arg1[13]) << 2);
|
|
1342
|
+
x20 = ((uint32_t)(arg1[12]) << 19);
|
|
1343
|
+
x21 = ((uint32_t)(arg1[11]) << 11);
|
|
1344
|
+
x22 = ((uint32_t)(arg1[10]) << 3);
|
|
1345
|
+
x23 = ((uint32_t)(arg1[9]) << 21);
|
|
1346
|
+
x24 = ((uint32_t)(arg1[8]) << 13);
|
|
1347
|
+
x25 = ((uint32_t)(arg1[7]) << 5);
|
|
1348
|
+
x26 = ((uint32_t)(arg1[6]) << 22);
|
|
1349
|
+
x27 = ((uint32_t)(arg1[5]) << 14);
|
|
1350
|
+
x28 = ((uint32_t)(arg1[4]) << 6);
|
|
1351
|
+
x29 = ((uint32_t)(arg1[3]) << 24);
|
|
1352
|
+
x30 = ((uint32_t)(arg1[2]) << 16);
|
|
1353
|
+
x31 = ((uint32_t)(arg1[1]) << 8);
|
|
1354
|
+
x32 = (arg1[0]);
|
|
1355
|
+
x33 = (x31 + (uint32_t)x32);
|
|
1356
|
+
x34 = (x30 + x33);
|
|
1357
|
+
x35 = (x29 + x34);
|
|
1358
|
+
x36 = (x35 & UINT32_C(0x3ffffff));
|
|
1359
|
+
x37 = (uint8_t)(x35 >> 26);
|
|
1360
|
+
x38 = (x28 + (uint32_t)x37);
|
|
1361
|
+
x39 = (x27 + x38);
|
|
1362
|
+
x40 = (x26 + x39);
|
|
1363
|
+
x41 = (x40 & UINT32_C(0x1ffffff));
|
|
1364
|
+
x42 = (uint8_t)(x40 >> 25);
|
|
1365
|
+
x43 = (x25 + (uint32_t)x42);
|
|
1366
|
+
x44 = (x24 + x43);
|
|
1367
|
+
x45 = (x23 + x44);
|
|
1368
|
+
x46 = (x45 & UINT32_C(0x3ffffff));
|
|
1369
|
+
x47 = (uint8_t)(x45 >> 26);
|
|
1370
|
+
x48 = (x22 + (uint32_t)x47);
|
|
1371
|
+
x49 = (x21 + x48);
|
|
1372
|
+
x50 = (x20 + x49);
|
|
1373
|
+
x51 = (x50 & UINT32_C(0x1ffffff));
|
|
1374
|
+
x52 = (uint8_t)(x50 >> 25);
|
|
1375
|
+
x53 = (x19 + (uint32_t)x52);
|
|
1376
|
+
x54 = (x18 + x53);
|
|
1377
|
+
x55 = (x17 + x54);
|
|
1378
|
+
x56 = (x15 + (uint32_t)x16);
|
|
1379
|
+
x57 = (x14 + x56);
|
|
1380
|
+
x58 = (x13 + x57);
|
|
1381
|
+
x59 = (x58 & UINT32_C(0x1ffffff));
|
|
1382
|
+
x60 = (uint8_t)(x58 >> 25);
|
|
1383
|
+
x61 = (x12 + (uint32_t)x60);
|
|
1384
|
+
x62 = (x11 + x61);
|
|
1385
|
+
x63 = (x10 + x62);
|
|
1386
|
+
x64 = (x63 & UINT32_C(0x3ffffff));
|
|
1387
|
+
x65 = (uint8_t)(x63 >> 26);
|
|
1388
|
+
x66 = (x9 + (uint32_t)x65);
|
|
1389
|
+
x67 = (x8 + x66);
|
|
1390
|
+
x68 = (x7 + x67);
|
|
1391
|
+
x69 = (x68 & UINT32_C(0x1ffffff));
|
|
1392
|
+
x70 = (uint8_t)(x68 >> 25);
|
|
1393
|
+
x71 = (x6 + (uint32_t)x70);
|
|
1394
|
+
x72 = (x5 + x71);
|
|
1395
|
+
x73 = (x4 + x72);
|
|
1396
|
+
x74 = (x73 & UINT32_C(0x3ffffff));
|
|
1397
|
+
x75 = (uint8_t)(x73 >> 26);
|
|
1398
|
+
x76 = (x3 + (uint32_t)x75);
|
|
1399
|
+
x77 = (x2 + x76);
|
|
1400
|
+
x78 = (x1 + x77);
|
|
1401
|
+
out1[0] = x36;
|
|
1402
|
+
out1[1] = x41;
|
|
1403
|
+
out1[2] = x46;
|
|
1404
|
+
out1[3] = x51;
|
|
904
1405
|
out1[4] = x55;
|
|
905
|
-
out1[5] =
|
|
906
|
-
out1[6] =
|
|
907
|
-
out1[7] =
|
|
908
|
-
out1[8] =
|
|
909
|
-
out1[9] =
|
|
1406
|
+
out1[5] = x59;
|
|
1407
|
+
out1[6] = x64;
|
|
1408
|
+
out1[7] = x69;
|
|
1409
|
+
out1[8] = x74;
|
|
1410
|
+
out1[9] = x78;
|
|
1411
|
+
}
|
|
1412
|
+
|
|
1413
|
+
/*
|
|
1414
|
+
* The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements.
|
|
1415
|
+
*
|
|
1416
|
+
* Postconditions:
|
|
1417
|
+
* out1 = arg1
|
|
1418
|
+
*
|
|
1419
|
+
*/
|
|
1420
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_relax(fiat_25519_loose_field_element out1, const fiat_25519_tight_field_element arg1) {
|
|
1421
|
+
uint32_t x1;
|
|
1422
|
+
uint32_t x2;
|
|
1423
|
+
uint32_t x3;
|
|
1424
|
+
uint32_t x4;
|
|
1425
|
+
uint32_t x5;
|
|
1426
|
+
uint32_t x6;
|
|
1427
|
+
uint32_t x7;
|
|
1428
|
+
uint32_t x8;
|
|
1429
|
+
uint32_t x9;
|
|
1430
|
+
uint32_t x10;
|
|
1431
|
+
x1 = (arg1[0]);
|
|
1432
|
+
x2 = (arg1[1]);
|
|
1433
|
+
x3 = (arg1[2]);
|
|
1434
|
+
x4 = (arg1[3]);
|
|
1435
|
+
x5 = (arg1[4]);
|
|
1436
|
+
x6 = (arg1[5]);
|
|
1437
|
+
x7 = (arg1[6]);
|
|
1438
|
+
x8 = (arg1[7]);
|
|
1439
|
+
x9 = (arg1[8]);
|
|
1440
|
+
x10 = (arg1[9]);
|
|
1441
|
+
out1[0] = x1;
|
|
1442
|
+
out1[1] = x2;
|
|
1443
|
+
out1[2] = x3;
|
|
1444
|
+
out1[3] = x4;
|
|
1445
|
+
out1[4] = x5;
|
|
1446
|
+
out1[5] = x6;
|
|
1447
|
+
out1[6] = x7;
|
|
1448
|
+
out1[7] = x8;
|
|
1449
|
+
out1[8] = x9;
|
|
1450
|
+
out1[9] = x10;
|
|
910
1451
|
}
|
|
911
1452
|
|
|
912
1453
|
/*
|
|
913
1454
|
* The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result.
|
|
1455
|
+
*
|
|
914
1456
|
* Postconditions:
|
|
915
1457
|
* eval out1 mod m = (121666 * eval arg1) mod m
|
|
916
1458
|
*
|
|
917
|
-
* Input Bounds:
|
|
918
|
-
* arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
|
|
919
|
-
* Output Bounds:
|
|
920
|
-
* out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
|
|
921
1459
|
*/
|
|
922
|
-
static void fiat_25519_carry_scmul_121666(
|
|
923
|
-
uint64_t x1
|
|
924
|
-
uint64_t x2
|
|
925
|
-
uint64_t x3
|
|
926
|
-
uint64_t x4
|
|
927
|
-
uint64_t x5
|
|
928
|
-
uint64_t x6
|
|
929
|
-
uint64_t x7
|
|
930
|
-
uint64_t x8
|
|
931
|
-
uint64_t x9
|
|
932
|
-
uint64_t x10
|
|
933
|
-
uint32_t x11
|
|
934
|
-
uint32_t x12
|
|
935
|
-
uint64_t x13
|
|
936
|
-
uint32_t x14
|
|
937
|
-
uint32_t x15
|
|
938
|
-
uint64_t x16
|
|
939
|
-
uint32_t x17
|
|
940
|
-
uint32_t x18
|
|
941
|
-
uint64_t x19
|
|
942
|
-
uint32_t x20
|
|
943
|
-
uint32_t x21
|
|
944
|
-
uint64_t x22
|
|
945
|
-
uint32_t x23
|
|
946
|
-
uint32_t x24
|
|
947
|
-
uint64_t x25
|
|
948
|
-
uint32_t x26
|
|
949
|
-
uint32_t x27
|
|
950
|
-
uint64_t x28
|
|
951
|
-
uint32_t x29
|
|
952
|
-
uint32_t x30
|
|
953
|
-
uint64_t x31
|
|
954
|
-
uint32_t x32
|
|
955
|
-
uint32_t x33
|
|
956
|
-
uint64_t x34
|
|
957
|
-
uint32_t x35
|
|
958
|
-
uint32_t x36
|
|
959
|
-
uint64_t x37
|
|
960
|
-
uint32_t x38
|
|
961
|
-
uint32_t x39
|
|
962
|
-
uint32_t x40
|
|
963
|
-
uint32_t x41
|
|
964
|
-
fiat_25519_uint1 x42
|
|
965
|
-
uint32_t x43
|
|
966
|
-
uint32_t x44
|
|
967
|
-
fiat_25519_uint1 x45
|
|
968
|
-
uint32_t x46
|
|
969
|
-
uint32_t x47
|
|
1460
|
+
static FIAT_25519_FIAT_INLINE void fiat_25519_carry_scmul_121666(fiat_25519_tight_field_element out1, const fiat_25519_loose_field_element arg1) {
|
|
1461
|
+
uint64_t x1;
|
|
1462
|
+
uint64_t x2;
|
|
1463
|
+
uint64_t x3;
|
|
1464
|
+
uint64_t x4;
|
|
1465
|
+
uint64_t x5;
|
|
1466
|
+
uint64_t x6;
|
|
1467
|
+
uint64_t x7;
|
|
1468
|
+
uint64_t x8;
|
|
1469
|
+
uint64_t x9;
|
|
1470
|
+
uint64_t x10;
|
|
1471
|
+
uint32_t x11;
|
|
1472
|
+
uint32_t x12;
|
|
1473
|
+
uint64_t x13;
|
|
1474
|
+
uint32_t x14;
|
|
1475
|
+
uint32_t x15;
|
|
1476
|
+
uint64_t x16;
|
|
1477
|
+
uint32_t x17;
|
|
1478
|
+
uint32_t x18;
|
|
1479
|
+
uint64_t x19;
|
|
1480
|
+
uint32_t x20;
|
|
1481
|
+
uint32_t x21;
|
|
1482
|
+
uint64_t x22;
|
|
1483
|
+
uint32_t x23;
|
|
1484
|
+
uint32_t x24;
|
|
1485
|
+
uint64_t x25;
|
|
1486
|
+
uint32_t x26;
|
|
1487
|
+
uint32_t x27;
|
|
1488
|
+
uint64_t x28;
|
|
1489
|
+
uint32_t x29;
|
|
1490
|
+
uint32_t x30;
|
|
1491
|
+
uint64_t x31;
|
|
1492
|
+
uint32_t x32;
|
|
1493
|
+
uint32_t x33;
|
|
1494
|
+
uint64_t x34;
|
|
1495
|
+
uint32_t x35;
|
|
1496
|
+
uint32_t x36;
|
|
1497
|
+
uint64_t x37;
|
|
1498
|
+
uint32_t x38;
|
|
1499
|
+
uint32_t x39;
|
|
1500
|
+
uint32_t x40;
|
|
1501
|
+
uint32_t x41;
|
|
1502
|
+
fiat_25519_uint1 x42;
|
|
1503
|
+
uint32_t x43;
|
|
1504
|
+
uint32_t x44;
|
|
1505
|
+
fiat_25519_uint1 x45;
|
|
1506
|
+
uint32_t x46;
|
|
1507
|
+
uint32_t x47;
|
|
1508
|
+
x1 = ((uint64_t)UINT32_C(0x1db42) * (arg1[9]));
|
|
1509
|
+
x2 = ((uint64_t)UINT32_C(0x1db42) * (arg1[8]));
|
|
1510
|
+
x3 = ((uint64_t)UINT32_C(0x1db42) * (arg1[7]));
|
|
1511
|
+
x4 = ((uint64_t)UINT32_C(0x1db42) * (arg1[6]));
|
|
1512
|
+
x5 = ((uint64_t)UINT32_C(0x1db42) * (arg1[5]));
|
|
1513
|
+
x6 = ((uint64_t)UINT32_C(0x1db42) * (arg1[4]));
|
|
1514
|
+
x7 = ((uint64_t)UINT32_C(0x1db42) * (arg1[3]));
|
|
1515
|
+
x8 = ((uint64_t)UINT32_C(0x1db42) * (arg1[2]));
|
|
1516
|
+
x9 = ((uint64_t)UINT32_C(0x1db42) * (arg1[1]));
|
|
1517
|
+
x10 = ((uint64_t)UINT32_C(0x1db42) * (arg1[0]));
|
|
1518
|
+
x11 = (uint32_t)(x10 >> 26);
|
|
1519
|
+
x12 = (uint32_t)(x10 & UINT32_C(0x3ffffff));
|
|
1520
|
+
x13 = (x11 + x9);
|
|
1521
|
+
x14 = (uint32_t)(x13 >> 25);
|
|
1522
|
+
x15 = (uint32_t)(x13 & UINT32_C(0x1ffffff));
|
|
1523
|
+
x16 = (x14 + x8);
|
|
1524
|
+
x17 = (uint32_t)(x16 >> 26);
|
|
1525
|
+
x18 = (uint32_t)(x16 & UINT32_C(0x3ffffff));
|
|
1526
|
+
x19 = (x17 + x7);
|
|
1527
|
+
x20 = (uint32_t)(x19 >> 25);
|
|
1528
|
+
x21 = (uint32_t)(x19 & UINT32_C(0x1ffffff));
|
|
1529
|
+
x22 = (x20 + x6);
|
|
1530
|
+
x23 = (uint32_t)(x22 >> 26);
|
|
1531
|
+
x24 = (uint32_t)(x22 & UINT32_C(0x3ffffff));
|
|
1532
|
+
x25 = (x23 + x5);
|
|
1533
|
+
x26 = (uint32_t)(x25 >> 25);
|
|
1534
|
+
x27 = (uint32_t)(x25 & UINT32_C(0x1ffffff));
|
|
1535
|
+
x28 = (x26 + x4);
|
|
1536
|
+
x29 = (uint32_t)(x28 >> 26);
|
|
1537
|
+
x30 = (uint32_t)(x28 & UINT32_C(0x3ffffff));
|
|
1538
|
+
x31 = (x29 + x3);
|
|
1539
|
+
x32 = (uint32_t)(x31 >> 25);
|
|
1540
|
+
x33 = (uint32_t)(x31 & UINT32_C(0x1ffffff));
|
|
1541
|
+
x34 = (x32 + x2);
|
|
1542
|
+
x35 = (uint32_t)(x34 >> 26);
|
|
1543
|
+
x36 = (uint32_t)(x34 & UINT32_C(0x3ffffff));
|
|
1544
|
+
x37 = (x35 + x1);
|
|
1545
|
+
x38 = (uint32_t)(x37 >> 25);
|
|
1546
|
+
x39 = (uint32_t)(x37 & UINT32_C(0x1ffffff));
|
|
1547
|
+
x40 = (x38 * UINT8_C(0x13));
|
|
1548
|
+
x41 = (x12 + x40);
|
|
1549
|
+
x42 = (fiat_25519_uint1)(x41 >> 26);
|
|
1550
|
+
x43 = (x41 & UINT32_C(0x3ffffff));
|
|
1551
|
+
x44 = (x42 + x15);
|
|
1552
|
+
x45 = (fiat_25519_uint1)(x44 >> 25);
|
|
1553
|
+
x46 = (x44 & UINT32_C(0x1ffffff));
|
|
1554
|
+
x47 = (x45 + x18);
|
|
970
1555
|
out1[0] = x43;
|
|
971
1556
|
out1[1] = x46;
|
|
972
1557
|
out1[2] = x47;
|
|
@@ -978,4 +1563,3 @@ static void fiat_25519_carry_scmul_121666(uint32_t out1[10], const uint32_t arg1
|
|
|
978
1563
|
out1[8] = x36;
|
|
979
1564
|
out1[9] = x39;
|
|
980
1565
|
}
|
|
981
|
-
|