1 /* Autogenerated */
2 /* curve description: p256 */
3 /* requested operations: (all) */
4 /* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */
5 /* machine_wordsize = 64 (from "64") */
6 /* */
7 /* NOTE: In addition to the bounds specified above each function, all */
8 /* functions synthesized for this Montgomery arithmetic require the */
9 /* input to be strictly less than the prime modulus (m), and also */
10 /* require the input to be in the unique saturated representation. */
11 /* All functions also ensure that these two properties are true of */
12 /* return values. */
13
14 #include <stdint.h>
15 typedef unsigned char fiat_p256_uint1;
16 typedef signed char fiat_p256_int1;
17 typedef signed __int128 fiat_p256_int128;
18 typedef unsigned __int128 fiat_p256_uint128;
19
20
21 /*
22 * Input Bounds:
23 * arg1: [0x0 ~> 0x1]
24 * arg2: [0x0 ~> 0xffffffffffffffff]
25 * arg3: [0x0 ~> 0xffffffffffffffff]
26 * Output Bounds:
27 * out1: [0x0 ~> 0xffffffffffffffff]
28 * out2: [0x0 ~> 0x1]
29 */
fiat_p256_addcarryx_u64(uint64_t * out1,fiat_p256_uint1 * out2,fiat_p256_uint1 arg1,uint64_t arg2,uint64_t arg3)30 static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
31 fiat_p256_uint128 x1 = ((arg1 + (fiat_p256_uint128)arg2) + arg3);
32 uint64_t x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
33 fiat_p256_uint1 x3 = (fiat_p256_uint1)(x1 >> 64);
34 *out1 = x2;
35 *out2 = x3;
36 }
37
38 /*
39 * Input Bounds:
40 * arg1: [0x0 ~> 0x1]
41 * arg2: [0x0 ~> 0xffffffffffffffff]
42 * arg3: [0x0 ~> 0xffffffffffffffff]
43 * Output Bounds:
44 * out1: [0x0 ~> 0xffffffffffffffff]
45 * out2: [0x0 ~> 0x1]
46 */
fiat_p256_subborrowx_u64(uint64_t * out1,fiat_p256_uint1 * out2,fiat_p256_uint1 arg1,uint64_t arg2,uint64_t arg3)47 static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
48 fiat_p256_int128 x1 = ((arg2 - (fiat_p256_int128)arg1) - arg3);
49 fiat_p256_int1 x2 = (fiat_p256_int1)(x1 >> 64);
50 uint64_t x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
51 *out1 = x3;
52 *out2 = (fiat_p256_uint1)(0x0 - x2);
53 }
54
55 /*
56 * Input Bounds:
57 * arg1: [0x0 ~> 0xffffffffffffffff]
58 * arg2: [0x0 ~> 0xffffffffffffffff]
59 * Output Bounds:
60 * out1: [0x0 ~> 0xffffffffffffffff]
61 * out2: [0x0 ~> 0xffffffffffffffff]
62 */
fiat_p256_mulx_u64(uint64_t * out1,uint64_t * out2,uint64_t arg1,uint64_t arg2)63 static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) {
64 fiat_p256_uint128 x1 = ((fiat_p256_uint128)arg1 * arg2);
65 uint64_t x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
66 uint64_t x3 = (uint64_t)(x1 >> 64);
67 *out1 = x2;
68 *out2 = x3;
69 }
70
71 /*
72 * Input Bounds:
73 * arg1: [0x0 ~> 0x1]
74 * arg2: [0x0 ~> 0xffffffffffffffff]
75 * arg3: [0x0 ~> 0xffffffffffffffff]
76 * Output Bounds:
77 * out1: [0x0 ~> 0xffffffffffffffff]
78 */
fiat_p256_cmovznz_u64(uint64_t * out1,fiat_p256_uint1 arg1,uint64_t arg2,uint64_t arg3)79 static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
80 fiat_p256_uint1 x1 = (!(!arg1));
81 uint64_t x2 = ((fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff));
82 uint64_t x3 = ((x2 & arg3) | ((~x2) & arg2));
83 *out1 = x3;
84 }
85
86 /*
87 * Input Bounds:
88 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
89 * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
90 * Output Bounds:
91 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
92 */
fiat_p256_mul(uint64_t out1[4],const uint64_t arg1[4],const uint64_t arg2[4])93 static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) {
94 uint64_t x1 = (arg1[1]);
95 uint64_t x2 = (arg1[2]);
96 uint64_t x3 = (arg1[3]);
97 uint64_t x4 = (arg1[0]);
98 uint64_t x5;
99 uint64_t x6;
100 fiat_p256_mulx_u64(&x5, &x6, x4, (arg2[3]));
101 uint64_t x7;
102 uint64_t x8;
103 fiat_p256_mulx_u64(&x7, &x8, x4, (arg2[2]));
104 uint64_t x9;
105 uint64_t x10;
106 fiat_p256_mulx_u64(&x9, &x10, x4, (arg2[1]));
107 uint64_t x11;
108 uint64_t x12;
109 fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0]));
110 uint64_t x13;
111 fiat_p256_uint1 x14;
112 fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x9, x12);
113 uint64_t x15;
114 fiat_p256_uint1 x16;
115 fiat_p256_addcarryx_u64(&x15, &x16, x14, x7, x10);
116 uint64_t x17;
117 fiat_p256_uint1 x18;
118 fiat_p256_addcarryx_u64(&x17, &x18, x16, x5, x8);
119 uint64_t x19;
120 fiat_p256_uint1 x20;
121 fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6);
122 uint64_t x21;
123 uint64_t x22;
124 fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001));
125 uint64_t x23;
126 uint64_t x24;
127 fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff));
128 uint64_t x25;
129 uint64_t x26;
130 fiat_p256_mulx_u64(&x25, &x26, x11, UINT64_C(0xffffffffffffffff));
131 uint64_t x27;
132 fiat_p256_uint1 x28;
133 fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26);
134 uint64_t x29;
135 fiat_p256_uint1 x30;
136 fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24);
137 uint64_t x31;
138 fiat_p256_uint1 x32;
139 fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11);
140 uint64_t x33;
141 fiat_p256_uint1 x34;
142 fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13);
143 uint64_t x35;
144 fiat_p256_uint1 x36;
145 fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15);
146 uint64_t x37;
147 fiat_p256_uint1 x38;
148 fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17);
149 uint64_t x39;
150 fiat_p256_uint1 x40;
151 fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19);
152 uint64_t x41;
153 fiat_p256_uint1 x42;
154 fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0);
155 uint64_t x43;
156 uint64_t x44;
157 fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[3]));
158 uint64_t x45;
159 uint64_t x46;
160 fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[2]));
161 uint64_t x47;
162 uint64_t x48;
163 fiat_p256_mulx_u64(&x47, &x48, x1, (arg2[1]));
164 uint64_t x49;
165 uint64_t x50;
166 fiat_p256_mulx_u64(&x49, &x50, x1, (arg2[0]));
167 uint64_t x51;
168 fiat_p256_uint1 x52;
169 fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50);
170 uint64_t x53;
171 fiat_p256_uint1 x54;
172 fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48);
173 uint64_t x55;
174 fiat_p256_uint1 x56;
175 fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46);
176 uint64_t x57;
177 fiat_p256_uint1 x58;
178 fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44);
179 uint64_t x59;
180 fiat_p256_uint1 x60;
181 fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33);
182 uint64_t x61;
183 fiat_p256_uint1 x62;
184 fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35);
185 uint64_t x63;
186 fiat_p256_uint1 x64;
187 fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37);
188 uint64_t x65;
189 fiat_p256_uint1 x66;
190 fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39);
191 uint64_t x67;
192 fiat_p256_uint1 x68;
193 fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41);
194 uint64_t x69;
195 uint64_t x70;
196 fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001));
197 uint64_t x71;
198 uint64_t x72;
199 fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff));
200 uint64_t x73;
201 uint64_t x74;
202 fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff));
203 uint64_t x75;
204 fiat_p256_uint1 x76;
205 fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74);
206 uint64_t x77;
207 fiat_p256_uint1 x78;
208 fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72);
209 uint64_t x79;
210 fiat_p256_uint1 x80;
211 fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59);
212 uint64_t x81;
213 fiat_p256_uint1 x82;
214 fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61);
215 uint64_t x83;
216 fiat_p256_uint1 x84;
217 fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63);
218 uint64_t x85;
219 fiat_p256_uint1 x86;
220 fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65);
221 uint64_t x87;
222 fiat_p256_uint1 x88;
223 fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67);
224 uint64_t x89;
225 fiat_p256_uint1 x90;
226 fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68);
227 uint64_t x91;
228 uint64_t x92;
229 fiat_p256_mulx_u64(&x91, &x92, x2, (arg2[3]));
230 uint64_t x93;
231 uint64_t x94;
232 fiat_p256_mulx_u64(&x93, &x94, x2, (arg2[2]));
233 uint64_t x95;
234 uint64_t x96;
235 fiat_p256_mulx_u64(&x95, &x96, x2, (arg2[1]));
236 uint64_t x97;
237 uint64_t x98;
238 fiat_p256_mulx_u64(&x97, &x98, x2, (arg2[0]));
239 uint64_t x99;
240 fiat_p256_uint1 x100;
241 fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98);
242 uint64_t x101;
243 fiat_p256_uint1 x102;
244 fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96);
245 uint64_t x103;
246 fiat_p256_uint1 x104;
247 fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94);
248 uint64_t x105;
249 fiat_p256_uint1 x106;
250 fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92);
251 uint64_t x107;
252 fiat_p256_uint1 x108;
253 fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81);
254 uint64_t x109;
255 fiat_p256_uint1 x110;
256 fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83);
257 uint64_t x111;
258 fiat_p256_uint1 x112;
259 fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85);
260 uint64_t x113;
261 fiat_p256_uint1 x114;
262 fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87);
263 uint64_t x115;
264 fiat_p256_uint1 x116;
265 fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89);
266 uint64_t x117;
267 uint64_t x118;
268 fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001));
269 uint64_t x119;
270 uint64_t x120;
271 fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff));
272 uint64_t x121;
273 uint64_t x122;
274 fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff));
275 uint64_t x123;
276 fiat_p256_uint1 x124;
277 fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122);
278 uint64_t x125;
279 fiat_p256_uint1 x126;
280 fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120);
281 uint64_t x127;
282 fiat_p256_uint1 x128;
283 fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107);
284 uint64_t x129;
285 fiat_p256_uint1 x130;
286 fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109);
287 uint64_t x131;
288 fiat_p256_uint1 x132;
289 fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111);
290 uint64_t x133;
291 fiat_p256_uint1 x134;
292 fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113);
293 uint64_t x135;
294 fiat_p256_uint1 x136;
295 fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115);
296 uint64_t x137;
297 fiat_p256_uint1 x138;
298 fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116);
299 uint64_t x139;
300 uint64_t x140;
301 fiat_p256_mulx_u64(&x139, &x140, x3, (arg2[3]));
302 uint64_t x141;
303 uint64_t x142;
304 fiat_p256_mulx_u64(&x141, &x142, x3, (arg2[2]));
305 uint64_t x143;
306 uint64_t x144;
307 fiat_p256_mulx_u64(&x143, &x144, x3, (arg2[1]));
308 uint64_t x145;
309 uint64_t x146;
310 fiat_p256_mulx_u64(&x145, &x146, x3, (arg2[0]));
311 uint64_t x147;
312 fiat_p256_uint1 x148;
313 fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146);
314 uint64_t x149;
315 fiat_p256_uint1 x150;
316 fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144);
317 uint64_t x151;
318 fiat_p256_uint1 x152;
319 fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142);
320 uint64_t x153;
321 fiat_p256_uint1 x154;
322 fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140);
323 uint64_t x155;
324 fiat_p256_uint1 x156;
325 fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129);
326 uint64_t x157;
327 fiat_p256_uint1 x158;
328 fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131);
329 uint64_t x159;
330 fiat_p256_uint1 x160;
331 fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133);
332 uint64_t x161;
333 fiat_p256_uint1 x162;
334 fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135);
335 uint64_t x163;
336 fiat_p256_uint1 x164;
337 fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137);
338 uint64_t x165;
339 uint64_t x166;
340 fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001));
341 uint64_t x167;
342 uint64_t x168;
343 fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff));
344 uint64_t x169;
345 uint64_t x170;
346 fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff));
347 uint64_t x171;
348 fiat_p256_uint1 x172;
349 fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170);
350 uint64_t x173;
351 fiat_p256_uint1 x174;
352 fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168);
353 uint64_t x175;
354 fiat_p256_uint1 x176;
355 fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155);
356 uint64_t x177;
357 fiat_p256_uint1 x178;
358 fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157);
359 uint64_t x179;
360 fiat_p256_uint1 x180;
361 fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159);
362 uint64_t x181;
363 fiat_p256_uint1 x182;
364 fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161);
365 uint64_t x183;
366 fiat_p256_uint1 x184;
367 fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163);
368 uint64_t x185;
369 fiat_p256_uint1 x186;
370 fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164);
371 uint64_t x187;
372 fiat_p256_uint1 x188;
373 fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff));
374 uint64_t x189;
375 fiat_p256_uint1 x190;
376 fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff));
377 uint64_t x191;
378 fiat_p256_uint1 x192;
379 fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0);
380 uint64_t x193;
381 fiat_p256_uint1 x194;
382 fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001));
383 uint64_t x195;
384 fiat_p256_uint1 x196;
385 fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0);
386 uint64_t x197;
387 fiat_p256_cmovznz_u64(&x197, x196, x187, x177);
388 uint64_t x198;
389 fiat_p256_cmovznz_u64(&x198, x196, x189, x179);
390 uint64_t x199;
391 fiat_p256_cmovznz_u64(&x199, x196, x191, x181);
392 uint64_t x200;
393 fiat_p256_cmovznz_u64(&x200, x196, x193, x183);
394 out1[0] = x197;
395 out1[1] = x198;
396 out1[2] = x199;
397 out1[3] = x200;
398 }
399
400 /*
401 * Input Bounds:
402 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
403 * Output Bounds:
404 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
405 */
fiat_p256_square(uint64_t out1[4],const uint64_t arg1[4])406 static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) {
407 uint64_t x1 = (arg1[1]);
408 uint64_t x2 = (arg1[2]);
409 uint64_t x3 = (arg1[3]);
410 uint64_t x4 = (arg1[0]);
411 uint64_t x5;
412 uint64_t x6;
413 fiat_p256_mulx_u64(&x5, &x6, x4, (arg1[3]));
414 uint64_t x7;
415 uint64_t x8;
416 fiat_p256_mulx_u64(&x7, &x8, x4, (arg1[2]));
417 uint64_t x9;
418 uint64_t x10;
419 fiat_p256_mulx_u64(&x9, &x10, x4, (arg1[1]));
420 uint64_t x11;
421 uint64_t x12;
422 fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0]));
423 uint64_t x13;
424 fiat_p256_uint1 x14;
425 fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x9, x12);
426 uint64_t x15;
427 fiat_p256_uint1 x16;
428 fiat_p256_addcarryx_u64(&x15, &x16, x14, x7, x10);
429 uint64_t x17;
430 fiat_p256_uint1 x18;
431 fiat_p256_addcarryx_u64(&x17, &x18, x16, x5, x8);
432 uint64_t x19;
433 fiat_p256_uint1 x20;
434 fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6);
435 uint64_t x21;
436 uint64_t x22;
437 fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001));
438 uint64_t x23;
439 uint64_t x24;
440 fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff));
441 uint64_t x25;
442 uint64_t x26;
443 fiat_p256_mulx_u64(&x25, &x26, x11, UINT64_C(0xffffffffffffffff));
444 uint64_t x27;
445 fiat_p256_uint1 x28;
446 fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26);
447 uint64_t x29;
448 fiat_p256_uint1 x30;
449 fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24);
450 uint64_t x31;
451 fiat_p256_uint1 x32;
452 fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11);
453 uint64_t x33;
454 fiat_p256_uint1 x34;
455 fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13);
456 uint64_t x35;
457 fiat_p256_uint1 x36;
458 fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15);
459 uint64_t x37;
460 fiat_p256_uint1 x38;
461 fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17);
462 uint64_t x39;
463 fiat_p256_uint1 x40;
464 fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19);
465 uint64_t x41;
466 fiat_p256_uint1 x42;
467 fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0);
468 uint64_t x43;
469 uint64_t x44;
470 fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[3]));
471 uint64_t x45;
472 uint64_t x46;
473 fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[2]));
474 uint64_t x47;
475 uint64_t x48;
476 fiat_p256_mulx_u64(&x47, &x48, x1, (arg1[1]));
477 uint64_t x49;
478 uint64_t x50;
479 fiat_p256_mulx_u64(&x49, &x50, x1, (arg1[0]));
480 uint64_t x51;
481 fiat_p256_uint1 x52;
482 fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50);
483 uint64_t x53;
484 fiat_p256_uint1 x54;
485 fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48);
486 uint64_t x55;
487 fiat_p256_uint1 x56;
488 fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46);
489 uint64_t x57;
490 fiat_p256_uint1 x58;
491 fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44);
492 uint64_t x59;
493 fiat_p256_uint1 x60;
494 fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33);
495 uint64_t x61;
496 fiat_p256_uint1 x62;
497 fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35);
498 uint64_t x63;
499 fiat_p256_uint1 x64;
500 fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37);
501 uint64_t x65;
502 fiat_p256_uint1 x66;
503 fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39);
504 uint64_t x67;
505 fiat_p256_uint1 x68;
506 fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41);
507 uint64_t x69;
508 uint64_t x70;
509 fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001));
510 uint64_t x71;
511 uint64_t x72;
512 fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff));
513 uint64_t x73;
514 uint64_t x74;
515 fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff));
516 uint64_t x75;
517 fiat_p256_uint1 x76;
518 fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74);
519 uint64_t x77;
520 fiat_p256_uint1 x78;
521 fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72);
522 uint64_t x79;
523 fiat_p256_uint1 x80;
524 fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59);
525 uint64_t x81;
526 fiat_p256_uint1 x82;
527 fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61);
528 uint64_t x83;
529 fiat_p256_uint1 x84;
530 fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63);
531 uint64_t x85;
532 fiat_p256_uint1 x86;
533 fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65);
534 uint64_t x87;
535 fiat_p256_uint1 x88;
536 fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67);
537 uint64_t x89;
538 fiat_p256_uint1 x90;
539 fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68);
540 uint64_t x91;
541 uint64_t x92;
542 fiat_p256_mulx_u64(&x91, &x92, x2, (arg1[3]));
543 uint64_t x93;
544 uint64_t x94;
545 fiat_p256_mulx_u64(&x93, &x94, x2, (arg1[2]));
546 uint64_t x95;
547 uint64_t x96;
548 fiat_p256_mulx_u64(&x95, &x96, x2, (arg1[1]));
549 uint64_t x97;
550 uint64_t x98;
551 fiat_p256_mulx_u64(&x97, &x98, x2, (arg1[0]));
552 uint64_t x99;
553 fiat_p256_uint1 x100;
554 fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98);
555 uint64_t x101;
556 fiat_p256_uint1 x102;
557 fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96);
558 uint64_t x103;
559 fiat_p256_uint1 x104;
560 fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94);
561 uint64_t x105;
562 fiat_p256_uint1 x106;
563 fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92);
564 uint64_t x107;
565 fiat_p256_uint1 x108;
566 fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81);
567 uint64_t x109;
568 fiat_p256_uint1 x110;
569 fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83);
570 uint64_t x111;
571 fiat_p256_uint1 x112;
572 fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85);
573 uint64_t x113;
574 fiat_p256_uint1 x114;
575 fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87);
576 uint64_t x115;
577 fiat_p256_uint1 x116;
578 fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89);
579 uint64_t x117;
580 uint64_t x118;
581 fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001));
582 uint64_t x119;
583 uint64_t x120;
584 fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff));
585 uint64_t x121;
586 uint64_t x122;
587 fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff));
588 uint64_t x123;
589 fiat_p256_uint1 x124;
590 fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122);
591 uint64_t x125;
592 fiat_p256_uint1 x126;
593 fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120);
594 uint64_t x127;
595 fiat_p256_uint1 x128;
596 fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107);
597 uint64_t x129;
598 fiat_p256_uint1 x130;
599 fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109);
600 uint64_t x131;
601 fiat_p256_uint1 x132;
602 fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111);
603 uint64_t x133;
604 fiat_p256_uint1 x134;
605 fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113);
606 uint64_t x135;
607 fiat_p256_uint1 x136;
608 fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115);
609 uint64_t x137;
610 fiat_p256_uint1 x138;
611 fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116);
612 uint64_t x139;
613 uint64_t x140;
614 fiat_p256_mulx_u64(&x139, &x140, x3, (arg1[3]));
615 uint64_t x141;
616 uint64_t x142;
617 fiat_p256_mulx_u64(&x141, &x142, x3, (arg1[2]));
618 uint64_t x143;
619 uint64_t x144;
620 fiat_p256_mulx_u64(&x143, &x144, x3, (arg1[1]));
621 uint64_t x145;
622 uint64_t x146;
623 fiat_p256_mulx_u64(&x145, &x146, x3, (arg1[0]));
624 uint64_t x147;
625 fiat_p256_uint1 x148;
626 fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146);
627 uint64_t x149;
628 fiat_p256_uint1 x150;
629 fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144);
630 uint64_t x151;
631 fiat_p256_uint1 x152;
632 fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142);
633 uint64_t x153;
634 fiat_p256_uint1 x154;
635 fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140);
636 uint64_t x155;
637 fiat_p256_uint1 x156;
638 fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129);
639 uint64_t x157;
640 fiat_p256_uint1 x158;
641 fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131);
642 uint64_t x159;
643 fiat_p256_uint1 x160;
644 fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133);
645 uint64_t x161;
646 fiat_p256_uint1 x162;
647 fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135);
648 uint64_t x163;
649 fiat_p256_uint1 x164;
650 fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137);
651 uint64_t x165;
652 uint64_t x166;
653 fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001));
654 uint64_t x167;
655 uint64_t x168;
656 fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff));
657 uint64_t x169;
658 uint64_t x170;
659 fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff));
660 uint64_t x171;
661 fiat_p256_uint1 x172;
662 fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170);
663 uint64_t x173;
664 fiat_p256_uint1 x174;
665 fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168);
666 uint64_t x175;
667 fiat_p256_uint1 x176;
668 fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155);
669 uint64_t x177;
670 fiat_p256_uint1 x178;
671 fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157);
672 uint64_t x179;
673 fiat_p256_uint1 x180;
674 fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159);
675 uint64_t x181;
676 fiat_p256_uint1 x182;
677 fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161);
678 uint64_t x183;
679 fiat_p256_uint1 x184;
680 fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163);
681 uint64_t x185;
682 fiat_p256_uint1 x186;
683 fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164);
684 uint64_t x187;
685 fiat_p256_uint1 x188;
686 fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff));
687 uint64_t x189;
688 fiat_p256_uint1 x190;
689 fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff));
690 uint64_t x191;
691 fiat_p256_uint1 x192;
692 fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0);
693 uint64_t x193;
694 fiat_p256_uint1 x194;
695 fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001));
696 uint64_t x195;
697 fiat_p256_uint1 x196;
698 fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0);
699 uint64_t x197;
700 fiat_p256_cmovznz_u64(&x197, x196, x187, x177);
701 uint64_t x198;
702 fiat_p256_cmovznz_u64(&x198, x196, x189, x179);
703 uint64_t x199;
704 fiat_p256_cmovznz_u64(&x199, x196, x191, x181);
705 uint64_t x200;
706 fiat_p256_cmovznz_u64(&x200, x196, x193, x183);
707 out1[0] = x197;
708 out1[1] = x198;
709 out1[2] = x199;
710 out1[3] = x200;
711 }
712
713 /*
714 * Input Bounds:
715 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
716 * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
717 * Output Bounds:
718 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
719 */
fiat_p256_add(uint64_t out1[4],const uint64_t arg1[4],const uint64_t arg2[4])720 static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) {
721 uint64_t x1;
722 fiat_p256_uint1 x2;
723 fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg2[0]), (arg1[0]));
724 uint64_t x3;
725 fiat_p256_uint1 x4;
726 fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg2[1]), (arg1[1]));
727 uint64_t x5;
728 fiat_p256_uint1 x6;
729 fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg2[2]), (arg1[2]));
730 uint64_t x7;
731 fiat_p256_uint1 x8;
732 fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg2[3]), (arg1[3]));
733 uint64_t x9;
734 fiat_p256_uint1 x10;
735 fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff));
736 uint64_t x11;
737 fiat_p256_uint1 x12;
738 fiat_p256_subborrowx_u64(&x11, &x12, x10, x3, UINT32_C(0xffffffff));
739 uint64_t x13;
740 fiat_p256_uint1 x14;
741 fiat_p256_subborrowx_u64(&x13, &x14, x12, x5, 0x0);
742 uint64_t x15;
743 fiat_p256_uint1 x16;
744 fiat_p256_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffff00000001));
745 uint64_t x17;
746 fiat_p256_uint1 x18;
747 fiat_p256_subborrowx_u64(&x17, &x18, x16, x8, 0x0);
748 uint64_t x19;
749 fiat_p256_cmovznz_u64(&x19, x18, x9, x1);
750 uint64_t x20;
751 fiat_p256_cmovznz_u64(&x20, x18, x11, x3);
752 uint64_t x21;
753 fiat_p256_cmovznz_u64(&x21, x18, x13, x5);
754 uint64_t x22;
755 fiat_p256_cmovznz_u64(&x22, x18, x15, x7);
756 out1[0] = x19;
757 out1[1] = x20;
758 out1[2] = x21;
759 out1[3] = x22;
760 }
761
762 /*
763 * Input Bounds:
764 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
765 * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
766 * Output Bounds:
767 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
768 */
fiat_p256_sub(uint64_t out1[4],const uint64_t arg1[4],const uint64_t arg2[4])769 static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) {
770 uint64_t x1;
771 fiat_p256_uint1 x2;
772 fiat_p256_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
773 uint64_t x3;
774 fiat_p256_uint1 x4;
775 fiat_p256_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
776 uint64_t x5;
777 fiat_p256_uint1 x6;
778 fiat_p256_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
779 uint64_t x7;
780 fiat_p256_uint1 x8;
781 fiat_p256_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
782 uint64_t x9;
783 fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
784 uint64_t x10;
785 fiat_p256_uint1 x11;
786 fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff)), x1);
787 uint64_t x12;
788 fiat_p256_uint1 x13;
789 fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff)), x3);
790 uint64_t x14;
791 fiat_p256_uint1 x15;
792 fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, x5);
793 uint64_t x16;
794 fiat_p256_uint1 x17;
795 fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001)), x7);
796 out1[0] = x10;
797 out1[1] = x12;
798 out1[2] = x14;
799 out1[3] = x16;
800 }
801
802 /*
803 * Input Bounds:
804 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
805 * Output Bounds:
806 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
807 */
fiat_p256_opp(uint64_t out1[4],const uint64_t arg1[4])808 static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) {
809 uint64_t x1;
810 fiat_p256_uint1 x2;
811 fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0]));
812 uint64_t x3;
813 fiat_p256_uint1 x4;
814 fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1]));
815 uint64_t x5;
816 fiat_p256_uint1 x6;
817 fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2]));
818 uint64_t x7;
819 fiat_p256_uint1 x8;
820 fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3]));
821 uint64_t x9;
822 fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
823 uint64_t x10;
824 fiat_p256_uint1 x11;
825 fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff)), x1);
826 uint64_t x12;
827 fiat_p256_uint1 x13;
828 fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff)), x3);
829 uint64_t x14;
830 fiat_p256_uint1 x15;
831 fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, x5);
832 uint64_t x16;
833 fiat_p256_uint1 x17;
834 fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001)), x7);
835 out1[0] = x10;
836 out1[1] = x12;
837 out1[2] = x14;
838 out1[3] = x16;
839 }
840
841 /*
842 * Input Bounds:
843 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
844 * Output Bounds:
845 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
846 */
fiat_p256_from_montgomery(uint64_t out1[4],const uint64_t arg1[4])847 static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) {
848 uint64_t x1 = (arg1[0]);
849 uint64_t x2;
850 uint64_t x3;
851 fiat_p256_mulx_u64(&x2, &x3, x1, UINT64_C(0xffffffff00000001));
852 uint64_t x4;
853 uint64_t x5;
854 fiat_p256_mulx_u64(&x4, &x5, x1, UINT32_C(0xffffffff));
855 uint64_t x6;
856 uint64_t x7;
857 fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff));
858 uint64_t x8;
859 fiat_p256_uint1 x9;
860 fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x4, x7);
861 uint64_t x10;
862 fiat_p256_uint1 x11;
863 fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x6, x1);
864 uint64_t x12;
865 fiat_p256_uint1 x13;
866 fiat_p256_addcarryx_u64(&x12, &x13, x11, x8, 0x0);
867 uint64_t x14;
868 fiat_p256_uint1 x15;
869 fiat_p256_addcarryx_u64(&x14, &x15, 0x0, (arg1[1]), x12);
870 uint64_t x16;
871 uint64_t x17;
872 fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001));
873 uint64_t x18;
874 uint64_t x19;
875 fiat_p256_mulx_u64(&x18, &x19, x14, UINT32_C(0xffffffff));
876 uint64_t x20;
877 uint64_t x21;
878 fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff));
879 uint64_t x22;
880 fiat_p256_uint1 x23;
881 fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x18, x21);
882 uint64_t x24;
883 fiat_p256_uint1 x25;
884 fiat_p256_addcarryx_u64(&x24, &x25, x9, 0x0, x5);
885 uint64_t x26;
886 fiat_p256_uint1 x27;
887 fiat_p256_addcarryx_u64(&x26, &x27, x13, x24, 0x0);
888 uint64_t x28;
889 fiat_p256_uint1 x29;
890 fiat_p256_addcarryx_u64(&x28, &x29, x15, 0x0, x26);
891 uint64_t x30;
892 fiat_p256_uint1 x31;
893 fiat_p256_addcarryx_u64(&x30, &x31, 0x0, x20, x14);
894 uint64_t x32;
895 fiat_p256_uint1 x33;
896 fiat_p256_addcarryx_u64(&x32, &x33, x31, x22, x28);
897 uint64_t x34;
898 fiat_p256_uint1 x35;
899 fiat_p256_addcarryx_u64(&x34, &x35, x23, 0x0, x19);
900 uint64_t x36;
901 fiat_p256_uint1 x37;
902 fiat_p256_addcarryx_u64(&x36, &x37, x33, x34, x2);
903 uint64_t x38;
904 fiat_p256_uint1 x39;
905 fiat_p256_addcarryx_u64(&x38, &x39, x37, x16, x3);
906 uint64_t x40;
907 fiat_p256_uint1 x41;
908 fiat_p256_addcarryx_u64(&x40, &x41, 0x0, (arg1[2]), x32);
909 uint64_t x42;
910 fiat_p256_uint1 x43;
911 fiat_p256_addcarryx_u64(&x42, &x43, x41, 0x0, x36);
912 uint64_t x44;
913 fiat_p256_uint1 x45;
914 fiat_p256_addcarryx_u64(&x44, &x45, x43, 0x0, x38);
915 uint64_t x46;
916 uint64_t x47;
917 fiat_p256_mulx_u64(&x46, &x47, x40, UINT64_C(0xffffffff00000001));
918 uint64_t x48;
919 uint64_t x49;
920 fiat_p256_mulx_u64(&x48, &x49, x40, UINT32_C(0xffffffff));
921 uint64_t x50;
922 uint64_t x51;
923 fiat_p256_mulx_u64(&x50, &x51, x40, UINT64_C(0xffffffffffffffff));
924 uint64_t x52;
925 fiat_p256_uint1 x53;
926 fiat_p256_addcarryx_u64(&x52, &x53, 0x0, x48, x51);
927 uint64_t x54;
928 fiat_p256_uint1 x55;
929 fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x50, x40);
930 uint64_t x56;
931 fiat_p256_uint1 x57;
932 fiat_p256_addcarryx_u64(&x56, &x57, x55, x52, x42);
933 uint64_t x58;
934 fiat_p256_uint1 x59;
935 fiat_p256_addcarryx_u64(&x58, &x59, x53, 0x0, x49);
936 uint64_t x60;
937 fiat_p256_uint1 x61;
938 fiat_p256_addcarryx_u64(&x60, &x61, x57, x58, x44);
939 uint64_t x62;
940 fiat_p256_uint1 x63;
941 fiat_p256_addcarryx_u64(&x62, &x63, x39, x17, 0x0);
942 uint64_t x64;
943 fiat_p256_uint1 x65;
944 fiat_p256_addcarryx_u64(&x64, &x65, x45, 0x0, x62);
945 uint64_t x66;
946 fiat_p256_uint1 x67;
947 fiat_p256_addcarryx_u64(&x66, &x67, x61, x46, x64);
948 uint64_t x68;
949 fiat_p256_uint1 x69;
950 fiat_p256_addcarryx_u64(&x68, &x69, 0x0, (arg1[3]), x56);
951 uint64_t x70;
952 fiat_p256_uint1 x71;
953 fiat_p256_addcarryx_u64(&x70, &x71, x69, 0x0, x60);
954 uint64_t x72;
955 fiat_p256_uint1 x73;
956 fiat_p256_addcarryx_u64(&x72, &x73, x71, 0x0, x66);
957 uint64_t x74;
958 uint64_t x75;
959 fiat_p256_mulx_u64(&x74, &x75, x68, UINT64_C(0xffffffff00000001));
960 uint64_t x76;
961 uint64_t x77;
962 fiat_p256_mulx_u64(&x76, &x77, x68, UINT32_C(0xffffffff));
963 uint64_t x78;
964 uint64_t x79;
965 fiat_p256_mulx_u64(&x78, &x79, x68, UINT64_C(0xffffffffffffffff));
966 uint64_t x80;
967 fiat_p256_uint1 x81;
968 fiat_p256_addcarryx_u64(&x80, &x81, 0x0, x76, x79);
969 uint64_t x82;
970 fiat_p256_uint1 x83;
971 fiat_p256_addcarryx_u64(&x82, &x83, 0x0, x78, x68);
972 uint64_t x84;
973 fiat_p256_uint1 x85;
974 fiat_p256_addcarryx_u64(&x84, &x85, x83, x80, x70);
975 uint64_t x86;
976 fiat_p256_uint1 x87;
977 fiat_p256_addcarryx_u64(&x86, &x87, x81, 0x0, x77);
978 uint64_t x88;
979 fiat_p256_uint1 x89;
980 fiat_p256_addcarryx_u64(&x88, &x89, x85, x86, x72);
981 uint64_t x90;
982 fiat_p256_uint1 x91;
983 fiat_p256_addcarryx_u64(&x90, &x91, x67, x47, 0x0);
984 uint64_t x92;
985 fiat_p256_uint1 x93;
986 fiat_p256_addcarryx_u64(&x92, &x93, x73, 0x0, x90);
987 uint64_t x94;
988 fiat_p256_uint1 x95;
989 fiat_p256_addcarryx_u64(&x94, &x95, x89, x74, x92);
990 uint64_t x96;
991 fiat_p256_uint1 x97;
992 fiat_p256_addcarryx_u64(&x96, &x97, x95, x75, 0x0);
993 uint64_t x98;
994 fiat_p256_uint1 x99;
995 fiat_p256_subborrowx_u64(&x98, &x99, 0x0, x84, UINT64_C(0xffffffffffffffff));
996 uint64_t x100;
997 fiat_p256_uint1 x101;
998 fiat_p256_subborrowx_u64(&x100, &x101, x99, x88, UINT32_C(0xffffffff));
999 uint64_t x102;
1000 fiat_p256_uint1 x103;
1001 fiat_p256_subborrowx_u64(&x102, &x103, x101, x94, 0x0);
1002 uint64_t x104;
1003 fiat_p256_uint1 x105;
1004 fiat_p256_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xffffffff00000001));
1005 uint64_t x106;
1006 fiat_p256_uint1 x107;
1007 fiat_p256_subborrowx_u64(&x106, &x107, x105, 0x0, 0x0);
1008 uint64_t x108;
1009 fiat_p256_cmovznz_u64(&x108, x107, x98, x84);
1010 uint64_t x109;
1011 fiat_p256_cmovznz_u64(&x109, x107, x100, x88);
1012 uint64_t x110;
1013 fiat_p256_cmovznz_u64(&x110, x107, x102, x94);
1014 uint64_t x111;
1015 fiat_p256_cmovznz_u64(&x111, x107, x104, x96);
1016 out1[0] = x108;
1017 out1[1] = x109;
1018 out1[2] = x110;
1019 out1[3] = x111;
1020 }
1021
1022 /*
1023 * Input Bounds:
1024 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1025 * Output Bounds:
1026 * out1: [0x0 ~> 0xffffffffffffffff]
1027 */
fiat_p256_nonzero(uint64_t * out1,const uint64_t arg1[4])1028 static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
1029 uint64_t x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | (uint64_t)0x0))));
1030 *out1 = x1;
1031 }
1032
1033 /*
1034 * Input Bounds:
1035 * arg1: [0x0 ~> 0x1]
1036 * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1037 * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1038 * Output Bounds:
1039 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1040 */
fiat_p256_selectznz(uint64_t out1[4],fiat_p256_uint1 arg1,const uint64_t arg2[4],const uint64_t arg3[4])1041 static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) {
1042 uint64_t x1;
1043 fiat_p256_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0]));
1044 uint64_t x2;
1045 fiat_p256_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1]));
1046 uint64_t x3;
1047 fiat_p256_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2]));
1048 uint64_t x4;
1049 fiat_p256_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3]));
1050 out1[0] = x1;
1051 out1[1] = x2;
1052 out1[2] = x3;
1053 out1[3] = x4;
1054 }
1055
1056 /*
1057 * Input Bounds:
1058 * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1059 * Output Bounds:
1060 * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
1061 */
fiat_p256_to_bytes(uint8_t out1[32],const uint64_t arg1[4])1062 static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
1063 uint64_t x1 = (arg1[3]);
1064 uint64_t x2 = (arg1[2]);
1065 uint64_t x3 = (arg1[1]);
1066 uint64_t x4 = (arg1[0]);
1067 uint64_t x5 = (x4 >> 8);
1068 uint8_t x6 = (uint8_t)(x4 & UINT8_C(0xff));
1069 uint64_t x7 = (x5 >> 8);
1070 uint8_t x8 = (uint8_t)(x5 & UINT8_C(0xff));
1071 uint64_t x9 = (x7 >> 8);
1072 uint8_t x10 = (uint8_t)(x7 & UINT8_C(0xff));
1073 uint64_t x11 = (x9 >> 8);
1074 uint8_t x12 = (uint8_t)(x9 & UINT8_C(0xff));
1075 uint64_t x13 = (x11 >> 8);
1076 uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff));
1077 uint64_t x15 = (x13 >> 8);
1078 uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff));
1079 uint8_t x17 = (uint8_t)(x15 >> 8);
1080 uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff));
1081 uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff));
1082 uint64_t x20 = (x3 >> 8);
1083 uint8_t x21 = (uint8_t)(x3 & UINT8_C(0xff));
1084 uint64_t x22 = (x20 >> 8);
1085 uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff));
1086 uint64_t x24 = (x22 >> 8);
1087 uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff));
1088 uint64_t x26 = (x24 >> 8);
1089 uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff));
1090 uint64_t x28 = (x26 >> 8);
1091 uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff));
1092 uint64_t x30 = (x28 >> 8);
1093 uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff));
1094 uint8_t x32 = (uint8_t)(x30 >> 8);
1095 uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff));
1096 uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff));
1097 uint64_t x35 = (x2 >> 8);
1098 uint8_t x36 = (uint8_t)(x2 & UINT8_C(0xff));
1099 uint64_t x37 = (x35 >> 8);
1100 uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff));
1101 uint64_t x39 = (x37 >> 8);
1102 uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff));
1103 uint64_t x41 = (x39 >> 8);
1104 uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff));
1105 uint64_t x43 = (x41 >> 8);
1106 uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff));
1107 uint64_t x45 = (x43 >> 8);
1108 uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff));
1109 uint8_t x47 = (uint8_t)(x45 >> 8);
1110 uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff));
1111 uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff));
1112 uint64_t x50 = (x1 >> 8);
1113 uint8_t x51 = (uint8_t)(x1 & UINT8_C(0xff));
1114 uint64_t x52 = (x50 >> 8);
1115 uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff));
1116 uint64_t x54 = (x52 >> 8);
1117 uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff));
1118 uint64_t x56 = (x54 >> 8);
1119 uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff));
1120 uint64_t x58 = (x56 >> 8);
1121 uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff));
1122 uint64_t x60 = (x58 >> 8);
1123 uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff));
1124 uint8_t x62 = (uint8_t)(x60 >> 8);
1125 uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff));
1126 out1[0] = x6;
1127 out1[1] = x8;
1128 out1[2] = x10;
1129 out1[3] = x12;
1130 out1[4] = x14;
1131 out1[5] = x16;
1132 out1[6] = x18;
1133 out1[7] = x19;
1134 out1[8] = x21;
1135 out1[9] = x23;
1136 out1[10] = x25;
1137 out1[11] = x27;
1138 out1[12] = x29;
1139 out1[13] = x31;
1140 out1[14] = x33;
1141 out1[15] = x34;
1142 out1[16] = x36;
1143 out1[17] = x38;
1144 out1[18] = x40;
1145 out1[19] = x42;
1146 out1[20] = x44;
1147 out1[21] = x46;
1148 out1[22] = x48;
1149 out1[23] = x49;
1150 out1[24] = x51;
1151 out1[25] = x53;
1152 out1[26] = x55;
1153 out1[27] = x57;
1154 out1[28] = x59;
1155 out1[29] = x61;
1156 out1[30] = x63;
1157 out1[31] = x62;
1158 }
1159
1160 /*
1161 * Input Bounds:
1162 * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
1163 * Output Bounds:
1164 * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1165 */
fiat_p256_from_bytes(uint64_t out1[4],const uint8_t arg1[32])1166 static void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) {
1167 uint64_t x1 = ((uint64_t)(arg1[31]) << 56);
1168 uint64_t x2 = ((uint64_t)(arg1[30]) << 48);
1169 uint64_t x3 = ((uint64_t)(arg1[29]) << 40);
1170 uint64_t x4 = ((uint64_t)(arg1[28]) << 32);
1171 uint64_t x5 = ((uint64_t)(arg1[27]) << 24);
1172 uint64_t x6 = ((uint64_t)(arg1[26]) << 16);
1173 uint64_t x7 = ((uint64_t)(arg1[25]) << 8);
1174 uint8_t x8 = (arg1[24]);
1175 uint64_t x9 = ((uint64_t)(arg1[23]) << 56);
1176 uint64_t x10 = ((uint64_t)(arg1[22]) << 48);
1177 uint64_t x11 = ((uint64_t)(arg1[21]) << 40);
1178 uint64_t x12 = ((uint64_t)(arg1[20]) << 32);
1179 uint64_t x13 = ((uint64_t)(arg1[19]) << 24);
1180 uint64_t x14 = ((uint64_t)(arg1[18]) << 16);
1181 uint64_t x15 = ((uint64_t)(arg1[17]) << 8);
1182 uint8_t x16 = (arg1[16]);
1183 uint64_t x17 = ((uint64_t)(arg1[15]) << 56);
1184 uint64_t x18 = ((uint64_t)(arg1[14]) << 48);
1185 uint64_t x19 = ((uint64_t)(arg1[13]) << 40);
1186 uint64_t x20 = ((uint64_t)(arg1[12]) << 32);
1187 uint64_t x21 = ((uint64_t)(arg1[11]) << 24);
1188 uint64_t x22 = ((uint64_t)(arg1[10]) << 16);
1189 uint64_t x23 = ((uint64_t)(arg1[9]) << 8);
1190 uint8_t x24 = (arg1[8]);
1191 uint64_t x25 = ((uint64_t)(arg1[7]) << 56);
1192 uint64_t x26 = ((uint64_t)(arg1[6]) << 48);
1193 uint64_t x27 = ((uint64_t)(arg1[5]) << 40);
1194 uint64_t x28 = ((uint64_t)(arg1[4]) << 32);
1195 uint64_t x29 = ((uint64_t)(arg1[3]) << 24);
1196 uint64_t x30 = ((uint64_t)(arg1[2]) << 16);
1197 uint64_t x31 = ((uint64_t)(arg1[1]) << 8);
1198 uint8_t x32 = (arg1[0]);
1199 uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25)))))));
1200 uint64_t x34 = (x33 & UINT64_C(0xffffffffffffffff));
1201 uint64_t x35 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1)))))));
1202 uint64_t x36 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9)))))));
1203 uint64_t x37 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17)))))));
1204 uint64_t x38 = (x37 & UINT64_C(0xffffffffffffffff));
1205 uint64_t x39 = (x36 & UINT64_C(0xffffffffffffffff));
1206 out1[0] = x34;
1207 out1[1] = x38;
1208 out1[2] = x39;
1209 out1[3] = x35;
1210 }
1211
1212