diff --git a/fiat-c/src/curve25519_32.c b/fiat-c/src/curve25519_32.c index 6ad410da26..0af1aa64ee 100644 --- a/fiat-c/src/curve25519_32.c +++ b/fiat-c/src/curve25519_32.c @@ -49,8 +49,8 @@ static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fia uint32_t x1; uint32_t x2; fiat_25519_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT32_C(0x3ffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT32_C(0x3ffffff); x3 = (fiat_25519_uint1)(x1 >> 26); *out1 = x2; *out2 = x3; @@ -75,9 +75,9 @@ static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fi int32_t x1; fiat_25519_int1 x2; uint32_t x3; - x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); + x1 = (int32_t)(arg2 - arg1) - (int32_t)arg3; x2 = (fiat_25519_int1)(x1 >> 26); - x3 = (x1 & UINT32_C(0x3ffffff)); + x3 = x1 & UINT32_C(0x3ffffff); *out1 = x3; *out2 = (fiat_25519_uint1)(0x0 - x2); } @@ -101,8 +101,8 @@ static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fia uint32_t x1; uint32_t x2; fiat_25519_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT32_C(0x1ffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT32_C(0x1ffffff); x3 = (fiat_25519_uint1)(x1 >> 25); *out1 = x2; *out2 = x3; @@ -127,9 +127,9 @@ static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fi int32_t x1; fiat_25519_int1 x2; uint32_t x3; - x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); + x1 = (int32_t)(arg2 - arg1) - (int32_t)arg3; x2 = (fiat_25519_int1)(x1 >> 25); - x3 = (x1 & UINT32_C(0x1ffffff)); + x3 = x1 & UINT32_C(0x1ffffff); *out1 = x3; *out2 = (fiat_25519_uint1)(0x0 - x2); } @@ -151,9 +151,9 @@ static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32 fiat_25519_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_25519_value_barrier_u32(x2) & arg3) | (fiat_25519_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_25519_value_barrier_u32(x2) & arg3 | fiat_25519_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -317,153 +317,153 @@ static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], con fiat_25519_uint1 x145; uint32_t x146; uint32_t x147; - x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * UINT8_C(0x26))); - x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * UINT8_C(0x13))); - x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * UINT8_C(0x26))); - x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * UINT8_C(0x13))); - x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * UINT8_C(0x26))); - x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * UINT8_C(0x13))); - x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * UINT8_C(0x26))); - x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * UINT8_C(0x13))); - x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * UINT8_C(0x26))); - x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * UINT8_C(0x13))); - x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * UINT8_C(0x13))); - x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * UINT8_C(0x13))); - x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * UINT8_C(0x13))); - x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * UINT8_C(0x13))); - x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * UINT8_C(0x13))); - x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * UINT8_C(0x13))); - x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * UINT8_C(0x13))); - x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * UINT8_C(0x26))); - x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * UINT8_C(0x13))); - x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * UINT8_C(0x26))); - x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * UINT8_C(0x13))); - x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * UINT8_C(0x26))); - x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * UINT8_C(0x13))); - x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * UINT8_C(0x26))); - x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * UINT8_C(0x13))); - x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * UINT8_C(0x13))); - x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * UINT8_C(0x13))); - x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * UINT8_C(0x13))); - x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * UINT8_C(0x13))); - x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * UINT8_C(0x13))); - x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * UINT8_C(0x26))); - x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * UINT8_C(0x13))); - x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * UINT8_C(0x26))); - x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * UINT8_C(0x13))); - x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * UINT8_C(0x26))); - x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * UINT8_C(0x13))); - x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * UINT8_C(0x13))); - x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * UINT8_C(0x13))); - x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * UINT8_C(0x13))); - x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * UINT8_C(0x26))); - x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * UINT8_C(0x13))); - x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * UINT8_C(0x26))); - x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * UINT8_C(0x13))); - x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * UINT8_C(0x13))); - x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * UINT8_C(0x26))); - x46 = ((uint64_t)(arg1[9]) * (arg2[0])); - x47 = ((uint64_t)(arg1[8]) * (arg2[1])); - x48 = ((uint64_t)(arg1[8]) * (arg2[0])); - x49 = ((uint64_t)(arg1[7]) * (arg2[2])); - x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * 0x2)); - x51 = ((uint64_t)(arg1[7]) * (arg2[0])); - x52 = ((uint64_t)(arg1[6]) * (arg2[3])); - x53 = ((uint64_t)(arg1[6]) * (arg2[2])); - x54 = ((uint64_t)(arg1[6]) * (arg2[1])); - x55 = ((uint64_t)(arg1[6]) * (arg2[0])); - x56 = ((uint64_t)(arg1[5]) * (arg2[4])); - x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * 0x2)); - x58 = ((uint64_t)(arg1[5]) * (arg2[2])); - x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * 0x2)); - x60 = ((uint64_t)(arg1[5]) * (arg2[0])); - x61 = ((uint64_t)(arg1[4]) * (arg2[5])); - x62 = ((uint64_t)(arg1[4]) * (arg2[4])); - x63 = ((uint64_t)(arg1[4]) * (arg2[3])); - x64 = ((uint64_t)(arg1[4]) * (arg2[2])); - x65 = ((uint64_t)(arg1[4]) * (arg2[1])); - x66 = ((uint64_t)(arg1[4]) * (arg2[0])); - x67 = ((uint64_t)(arg1[3]) * (arg2[6])); - x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * 0x2)); - x69 = ((uint64_t)(arg1[3]) * (arg2[4])); - x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * 0x2)); - x71 = ((uint64_t)(arg1[3]) * (arg2[2])); - x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * 0x2)); - x73 = ((uint64_t)(arg1[3]) * (arg2[0])); - x74 = ((uint64_t)(arg1[2]) * (arg2[7])); - x75 = ((uint64_t)(arg1[2]) * (arg2[6])); - x76 = ((uint64_t)(arg1[2]) * (arg2[5])); - x77 = ((uint64_t)(arg1[2]) * (arg2[4])); - x78 = ((uint64_t)(arg1[2]) * (arg2[3])); - x79 = ((uint64_t)(arg1[2]) * (arg2[2])); - x80 = ((uint64_t)(arg1[2]) * (arg2[1])); - x81 = ((uint64_t)(arg1[2]) * (arg2[0])); - x82 = ((uint64_t)(arg1[1]) * (arg2[8])); - x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * 0x2)); - x84 = ((uint64_t)(arg1[1]) * (arg2[6])); - x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * 0x2)); - x86 = ((uint64_t)(arg1[1]) * (arg2[4])); - x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * 0x2)); - x88 = ((uint64_t)(arg1[1]) * (arg2[2])); - x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * 0x2)); - x90 = ((uint64_t)(arg1[1]) * (arg2[0])); - x91 = ((uint64_t)(arg1[0]) * (arg2[9])); - x92 = ((uint64_t)(arg1[0]) * (arg2[8])); - x93 = ((uint64_t)(arg1[0]) * (arg2[7])); - x94 = ((uint64_t)(arg1[0]) * (arg2[6])); - x95 = ((uint64_t)(arg1[0]) * (arg2[5])); - x96 = ((uint64_t)(arg1[0]) * (arg2[4])); - x97 = ((uint64_t)(arg1[0]) * (arg2[3])); - x98 = ((uint64_t)(arg1[0]) * (arg2[2])); - x99 = ((uint64_t)(arg1[0]) * (arg2[1])); - x100 = ((uint64_t)(arg1[0]) * (arg2[0])); - x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9))))))))); - x102 = (x101 >> 26); + x1 = (uint64_t)arg1[9] * (arg2[9] * UINT8_C(0x26)); + x2 = (uint64_t)arg1[9] * (arg2[8] * UINT8_C(0x13)); + x3 = (uint64_t)arg1[9] * (arg2[7] * UINT8_C(0x26)); + x4 = (uint64_t)arg1[9] * (arg2[6] * UINT8_C(0x13)); + x5 = (uint64_t)arg1[9] * (arg2[5] * UINT8_C(0x26)); + x6 = (uint64_t)arg1[9] * (arg2[4] * UINT8_C(0x13)); + x7 = (uint64_t)arg1[9] * (arg2[3] * UINT8_C(0x26)); + x8 = (uint64_t)arg1[9] * (arg2[2] * UINT8_C(0x13)); + x9 = (uint64_t)arg1[9] * (arg2[1] * UINT8_C(0x26)); + x10 = (uint64_t)arg1[8] * (arg2[9] * UINT8_C(0x13)); + x11 = (uint64_t)arg1[8] * (arg2[8] * UINT8_C(0x13)); + x12 = (uint64_t)arg1[8] * (arg2[7] * UINT8_C(0x13)); + x13 = (uint64_t)arg1[8] * (arg2[6] * UINT8_C(0x13)); + x14 = (uint64_t)arg1[8] * (arg2[5] * UINT8_C(0x13)); + x15 = (uint64_t)arg1[8] * (arg2[4] * UINT8_C(0x13)); + x16 = (uint64_t)arg1[8] * (arg2[3] * UINT8_C(0x13)); + x17 = (uint64_t)arg1[8] * (arg2[2] * UINT8_C(0x13)); + x18 = (uint64_t)arg1[7] * (arg2[9] * UINT8_C(0x26)); + x19 = (uint64_t)arg1[7] * (arg2[8] * UINT8_C(0x13)); + x20 = (uint64_t)arg1[7] * (arg2[7] * UINT8_C(0x26)); + x21 = (uint64_t)arg1[7] * (arg2[6] * UINT8_C(0x13)); + x22 = (uint64_t)arg1[7] * (arg2[5] * UINT8_C(0x26)); + x23 = (uint64_t)arg1[7] * (arg2[4] * UINT8_C(0x13)); + x24 = (uint64_t)arg1[7] * (arg2[3] * UINT8_C(0x26)); + x25 = (uint64_t)arg1[6] * (arg2[9] * UINT8_C(0x13)); + x26 = (uint64_t)arg1[6] * (arg2[8] * UINT8_C(0x13)); + x27 = (uint64_t)arg1[6] * (arg2[7] * UINT8_C(0x13)); + x28 = (uint64_t)arg1[6] * (arg2[6] * UINT8_C(0x13)); + x29 = (uint64_t)arg1[6] * (arg2[5] * UINT8_C(0x13)); + x30 = (uint64_t)arg1[6] * (arg2[4] * UINT8_C(0x13)); + x31 = (uint64_t)arg1[5] * (arg2[9] * UINT8_C(0x26)); + x32 = (uint64_t)arg1[5] * (arg2[8] * UINT8_C(0x13)); + x33 = (uint64_t)arg1[5] * (arg2[7] * UINT8_C(0x26)); + x34 = (uint64_t)arg1[5] * (arg2[6] * UINT8_C(0x13)); + x35 = (uint64_t)arg1[5] * (arg2[5] * UINT8_C(0x26)); + x36 = (uint64_t)arg1[4] * (arg2[9] * UINT8_C(0x13)); + x37 = (uint64_t)arg1[4] * (arg2[8] * UINT8_C(0x13)); + x38 = (uint64_t)arg1[4] * (arg2[7] * UINT8_C(0x13)); + x39 = (uint64_t)arg1[4] * (arg2[6] * UINT8_C(0x13)); + x40 = (uint64_t)arg1[3] * (arg2[9] * UINT8_C(0x26)); + x41 = (uint64_t)arg1[3] * (arg2[8] * UINT8_C(0x13)); + x42 = (uint64_t)arg1[3] * (arg2[7] * UINT8_C(0x26)); + x43 = (uint64_t)arg1[2] * (arg2[9] * UINT8_C(0x13)); + x44 = (uint64_t)arg1[2] * (arg2[8] * UINT8_C(0x13)); + x45 = (uint64_t)arg1[1] * (arg2[9] * UINT8_C(0x26)); + x46 = (uint64_t)arg1[9] * arg2[0]; + x47 = (uint64_t)arg1[8] * arg2[1]; + x48 = (uint64_t)arg1[8] * arg2[0]; + x49 = (uint64_t)arg1[7] * arg2[2]; + x50 = (uint64_t)arg1[7] * (arg2[1] * 0x2); + x51 = (uint64_t)arg1[7] * arg2[0]; + x52 = (uint64_t)arg1[6] * arg2[3]; + x53 = (uint64_t)arg1[6] * arg2[2]; + x54 = (uint64_t)arg1[6] * arg2[1]; + x55 = (uint64_t)arg1[6] * arg2[0]; + x56 = (uint64_t)arg1[5] * arg2[4]; + x57 = (uint64_t)arg1[5] * (arg2[3] * 0x2); + x58 = (uint64_t)arg1[5] * arg2[2]; + x59 = (uint64_t)arg1[5] * (arg2[1] * 0x2); + x60 = (uint64_t)arg1[5] * arg2[0]; + x61 = (uint64_t)arg1[4] * arg2[5]; + x62 = (uint64_t)arg1[4] * arg2[4]; + x63 = (uint64_t)arg1[4] * arg2[3]; + x64 = (uint64_t)arg1[4] * arg2[2]; + x65 = (uint64_t)arg1[4] * arg2[1]; + x66 = (uint64_t)arg1[4] * arg2[0]; + x67 = (uint64_t)arg1[3] * arg2[6]; + x68 = (uint64_t)arg1[3] * (arg2[5] * 0x2); + x69 = (uint64_t)arg1[3] * arg2[4]; + x70 = (uint64_t)arg1[3] * (arg2[3] * 0x2); + x71 = (uint64_t)arg1[3] * arg2[2]; + x72 = (uint64_t)arg1[3] * (arg2[1] * 0x2); + x73 = (uint64_t)arg1[3] * arg2[0]; + x74 = (uint64_t)arg1[2] * arg2[7]; + x75 = (uint64_t)arg1[2] * arg2[6]; + x76 = (uint64_t)arg1[2] * arg2[5]; + x77 = (uint64_t)arg1[2] * arg2[4]; + x78 = (uint64_t)arg1[2] * arg2[3]; + x79 = (uint64_t)arg1[2] * arg2[2]; + x80 = (uint64_t)arg1[2] * arg2[1]; + x81 = (uint64_t)arg1[2] * arg2[0]; + x82 = (uint64_t)arg1[1] * arg2[8]; + x83 = (uint64_t)arg1[1] * (arg2[7] * 0x2); + x84 = (uint64_t)arg1[1] * arg2[6]; + x85 = (uint64_t)arg1[1] * (arg2[5] * 0x2); + x86 = (uint64_t)arg1[1] * arg2[4]; + x87 = (uint64_t)arg1[1] * (arg2[3] * 0x2); + x88 = (uint64_t)arg1[1] * arg2[2]; + x89 = (uint64_t)arg1[1] * (arg2[1] * 0x2); + x90 = (uint64_t)arg1[1] * arg2[0]; + x91 = (uint64_t)arg1[0] * arg2[9]; + x92 = (uint64_t)arg1[0] * arg2[8]; + x93 = (uint64_t)arg1[0] * arg2[7]; + x94 = (uint64_t)arg1[0] * arg2[6]; + x95 = (uint64_t)arg1[0] * arg2[5]; + x96 = (uint64_t)arg1[0] * arg2[4]; + x97 = (uint64_t)arg1[0] * arg2[3]; + x98 = (uint64_t)arg1[0] * arg2[2]; + x99 = (uint64_t)arg1[0] * arg2[1]; + x100 = (uint64_t)arg1[0] * arg2[0]; + x101 = x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9)))))))); + x102 = x101 >> 26; x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff)); - x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46))))))))); - x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1))))))))); - x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2))))))))); - x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3))))))))); - x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4))))))))); - x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5))))))))); - x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6))))))))); - x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7))))))))); - x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8))))))))); - x113 = (x102 + x112); - x114 = (x113 >> 25); + x104 = x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46)))))))); + x105 = x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1)))))))); + x106 = x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2)))))))); + x107 = x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3)))))))); + x108 = x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4)))))))); + x109 = x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5)))))))); + x110 = x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6)))))))); + x111 = x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7)))))))); + x112 = x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8)))))))); + x113 = x102 + x112; + x114 = x113 >> 25; x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff)); - x116 = (x114 + x111); - x117 = (x116 >> 26); + x116 = x114 + x111; + x117 = x116 >> 26; x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff)); - x119 = (x117 + x110); - x120 = (x119 >> 25); + x119 = x117 + x110; + x120 = x119 >> 25; x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff)); - x122 = (x120 + x109); - x123 = (x122 >> 26); + x122 = x120 + x109; + x123 = x122 >> 26; x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff)); - x125 = (x123 + x108); - x126 = (x125 >> 25); + x125 = x123 + x108; + x126 = x125 >> 25; x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff)); - x128 = (x126 + x107); - x129 = (x128 >> 26); + x128 = x126 + x107; + x129 = x128 >> 26; x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff)); - x131 = (x129 + x106); - x132 = (x131 >> 25); + x131 = x129 + x106; + x132 = x131 >> 25; x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff)); - x134 = (x132 + x105); - x135 = (x134 >> 26); + x134 = x132 + x105; + x135 = x134 >> 26; x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff)); - x137 = (x135 + x104); - x138 = (x137 >> 25); + x137 = x135 + x104; + x138 = x137 >> 25; x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff)); - x140 = (x138 * UINT8_C(0x13)); - x141 = (x103 + x140); + x140 = x138 * UINT8_C(0x13); + x141 = x103 + x140; x142 = (uint32_t)(x141 >> 26); x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff)); - x144 = (x142 + x115); + x144 = x142 + x115; x145 = (fiat_25519_uint1)(x144 >> 25); - x146 = (x144 & UINT32_C(0x1ffffff)); - x147 = (x145 + x118); + x146 = x144 & UINT32_C(0x1ffffff); + x147 = x145 + x118; out1[0] = x143; out1[1] = x146; out1[2] = x147; @@ -608,126 +608,126 @@ static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10]) fiat_25519_uint1 x118; uint32_t x119; uint32_t x120; - x1 = ((arg1[9]) * UINT8_C(0x13)); - x2 = (x1 * 0x2); - x3 = ((arg1[9]) * 0x2); - x4 = ((arg1[8]) * UINT8_C(0x13)); - x5 = ((uint64_t)x4 * 0x2); - x6 = ((arg1[8]) * 0x2); - x7 = ((arg1[7]) * UINT8_C(0x13)); - x8 = (x7 * 0x2); - x9 = ((arg1[7]) * 0x2); - x10 = ((arg1[6]) * UINT8_C(0x13)); - x11 = ((uint64_t)x10 * 0x2); - x12 = ((arg1[6]) * 0x2); - x13 = ((arg1[5]) * UINT8_C(0x13)); - x14 = ((arg1[5]) * 0x2); - x15 = ((arg1[4]) * 0x2); - x16 = ((arg1[3]) * 0x2); - x17 = ((arg1[2]) * 0x2); - x18 = ((arg1[1]) * 0x2); - x19 = ((uint64_t)(arg1[9]) * (x1 * 0x2)); - x20 = ((uint64_t)(arg1[8]) * x2); - x21 = ((uint64_t)(arg1[8]) * x4); - x22 = ((arg1[7]) * ((uint64_t)x2 * 0x2)); - x23 = ((arg1[7]) * x5); - x24 = ((uint64_t)(arg1[7]) * (x7 * 0x2)); - x25 = ((uint64_t)(arg1[6]) * x2); - x26 = ((arg1[6]) * x5); - x27 = ((uint64_t)(arg1[6]) * x8); - x28 = ((uint64_t)(arg1[6]) * x10); - x29 = ((arg1[5]) * ((uint64_t)x2 * 0x2)); - x30 = ((arg1[5]) * x5); - x31 = ((arg1[5]) * ((uint64_t)x8 * 0x2)); - x32 = ((arg1[5]) * x11); - x33 = ((uint64_t)(arg1[5]) * (x13 * 0x2)); - x34 = ((uint64_t)(arg1[4]) * x2); - x35 = ((arg1[4]) * x5); - x36 = ((uint64_t)(arg1[4]) * x8); - x37 = ((arg1[4]) * x11); - x38 = ((uint64_t)(arg1[4]) * x14); - x39 = ((uint64_t)(arg1[4]) * (arg1[4])); - x40 = ((arg1[3]) * ((uint64_t)x2 * 0x2)); - x41 = ((arg1[3]) * x5); - x42 = ((arg1[3]) * ((uint64_t)x8 * 0x2)); - x43 = ((uint64_t)(arg1[3]) * x12); - x44 = ((uint64_t)(arg1[3]) * (x14 * 0x2)); - x45 = ((uint64_t)(arg1[3]) * x15); - x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * 0x2)); - x47 = ((uint64_t)(arg1[2]) * x2); - x48 = ((arg1[2]) * x5); - x49 = ((uint64_t)(arg1[2]) * x9); - x50 = ((uint64_t)(arg1[2]) * x12); - x51 = ((uint64_t)(arg1[2]) * x14); - x52 = ((uint64_t)(arg1[2]) * x15); - x53 = ((uint64_t)(arg1[2]) * x16); - x54 = ((uint64_t)(arg1[2]) * (arg1[2])); - x55 = ((arg1[1]) * ((uint64_t)x2 * 0x2)); - x56 = ((uint64_t)(arg1[1]) * x6); - x57 = ((uint64_t)(arg1[1]) * (x9 * 0x2)); - x58 = ((uint64_t)(arg1[1]) * x12); - x59 = ((uint64_t)(arg1[1]) * (x14 * 0x2)); - x60 = ((uint64_t)(arg1[1]) * x15); - x61 = ((uint64_t)(arg1[1]) * (x16 * 0x2)); - x62 = ((uint64_t)(arg1[1]) * x17); - x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * 0x2)); - x64 = ((uint64_t)(arg1[0]) * x3); - x65 = ((uint64_t)(arg1[0]) * x6); - x66 = ((uint64_t)(arg1[0]) * x9); - x67 = ((uint64_t)(arg1[0]) * x12); - x68 = ((uint64_t)(arg1[0]) * x14); - x69 = ((uint64_t)(arg1[0]) * x15); - x70 = ((uint64_t)(arg1[0]) * x16); - x71 = ((uint64_t)(arg1[0]) * x17); - x72 = ((uint64_t)(arg1[0]) * x18); - x73 = ((uint64_t)(arg1[0]) * (arg1[0])); - x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33))))); - x75 = (x74 >> 26); + x1 = arg1[9] * UINT8_C(0x13); + x2 = x1 * 0x2; + x3 = arg1[9] * 0x2; + x4 = arg1[8] * UINT8_C(0x13); + x5 = (uint64_t)x4 * 0x2; + x6 = arg1[8] * 0x2; + x7 = arg1[7] * UINT8_C(0x13); + x8 = x7 * 0x2; + x9 = arg1[7] * 0x2; + x10 = arg1[6] * UINT8_C(0x13); + x11 = (uint64_t)x10 * 0x2; + x12 = arg1[6] * 0x2; + x13 = arg1[5] * UINT8_C(0x13); + x14 = arg1[5] * 0x2; + x15 = arg1[4] * 0x2; + x16 = arg1[3] * 0x2; + x17 = arg1[2] * 0x2; + x18 = arg1[1] * 0x2; + x19 = (uint64_t)arg1[9] * (x1 * 0x2); + x20 = (uint64_t)arg1[8] * x2; + x21 = (uint64_t)arg1[8] * x4; + x22 = arg1[7] * ((uint64_t)x2 * 0x2); + x23 = arg1[7] * x5; + x24 = (uint64_t)arg1[7] * (x7 * 0x2); + x25 = (uint64_t)arg1[6] * x2; + x26 = arg1[6] * x5; + x27 = (uint64_t)arg1[6] * x8; + x28 = (uint64_t)arg1[6] * x10; + x29 = arg1[5] * ((uint64_t)x2 * 0x2); + x30 = arg1[5] * x5; + x31 = arg1[5] * ((uint64_t)x8 * 0x2); + x32 = arg1[5] * x11; + x33 = (uint64_t)arg1[5] * (x13 * 0x2); + x34 = (uint64_t)arg1[4] * x2; + x35 = arg1[4] * x5; + x36 = (uint64_t)arg1[4] * x8; + x37 = arg1[4] * x11; + x38 = (uint64_t)arg1[4] * x14; + x39 = (uint64_t)arg1[4] * arg1[4]; + x40 = arg1[3] * ((uint64_t)x2 * 0x2); + x41 = arg1[3] * x5; + x42 = arg1[3] * ((uint64_t)x8 * 0x2); + x43 = (uint64_t)arg1[3] * x12; + x44 = (uint64_t)arg1[3] * (x14 * 0x2); + x45 = (uint64_t)arg1[3] * x15; + x46 = (uint64_t)arg1[3] * (arg1[3] * 0x2); + x47 = (uint64_t)arg1[2] * x2; + x48 = arg1[2] * x5; + x49 = (uint64_t)arg1[2] * x9; + x50 = (uint64_t)arg1[2] * x12; + x51 = (uint64_t)arg1[2] * x14; + x52 = (uint64_t)arg1[2] * x15; + x53 = (uint64_t)arg1[2] * x16; + x54 = (uint64_t)arg1[2] * arg1[2]; + x55 = arg1[1] * ((uint64_t)x2 * 0x2); + x56 = (uint64_t)arg1[1] * x6; + x57 = (uint64_t)arg1[1] * (x9 * 0x2); + x58 = (uint64_t)arg1[1] * x12; + x59 = (uint64_t)arg1[1] * (x14 * 0x2); + x60 = (uint64_t)arg1[1] * x15; + x61 = (uint64_t)arg1[1] * (x16 * 0x2); + x62 = (uint64_t)arg1[1] * x17; + x63 = (uint64_t)arg1[1] * (arg1[1] * 0x2); + x64 = (uint64_t)arg1[0] * x3; + x65 = (uint64_t)arg1[0] * x6; + x66 = (uint64_t)arg1[0] * x9; + x67 = (uint64_t)arg1[0] * x12; + x68 = (uint64_t)arg1[0] * x14; + x69 = (uint64_t)arg1[0] * x15; + x70 = (uint64_t)arg1[0] * x16; + x71 = (uint64_t)arg1[0] * x17; + x72 = (uint64_t)arg1[0] * x18; + x73 = (uint64_t)arg1[0] * arg1[0]; + x74 = x73 + (x55 + (x48 + (x42 + (x37 + x33)))); + x75 = x74 >> 26; x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff)); - x77 = (x64 + (x56 + (x49 + (x43 + x38)))); - x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19))))); - x79 = (x66 + (x58 + (x51 + (x45 + x20)))); - x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21))))); - x81 = (x68 + (x60 + (x53 + (x25 + x23)))); - x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24))))); - x83 = (x70 + (x62 + (x34 + (x30 + x27)))); - x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28))))); - x85 = (x72 + (x47 + (x41 + (x36 + x32)))); - x86 = (x75 + x85); - x87 = (x86 >> 25); + x77 = x64 + (x56 + (x49 + (x43 + x38))); + x78 = x65 + (x57 + (x50 + (x44 + (x39 + x19)))); + x79 = x66 + (x58 + (x51 + (x45 + x20))); + x80 = x67 + (x59 + (x52 + (x46 + (x22 + x21)))); + x81 = x68 + (x60 + (x53 + (x25 + x23))); + x82 = x69 + (x61 + (x54 + (x29 + (x26 + x24)))); + x83 = x70 + (x62 + (x34 + (x30 + x27))); + x84 = x71 + (x63 + (x40 + (x35 + (x31 + x28)))); + x85 = x72 + (x47 + (x41 + (x36 + x32))); + x86 = x75 + x85; + x87 = x86 >> 25; x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff)); - x89 = (x87 + x84); - x90 = (x89 >> 26); + x89 = x87 + x84; + x90 = x89 >> 26; x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff)); - x92 = (x90 + x83); - x93 = (x92 >> 25); + x92 = x90 + x83; + x93 = x92 >> 25; x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff)); - x95 = (x93 + x82); - x96 = (x95 >> 26); + x95 = x93 + x82; + x96 = x95 >> 26; x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff)); - x98 = (x96 + x81); - x99 = (x98 >> 25); + x98 = x96 + x81; + x99 = x98 >> 25; x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff)); - x101 = (x99 + x80); - x102 = (x101 >> 26); + x101 = x99 + x80; + x102 = x101 >> 26; x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff)); - x104 = (x102 + x79); - x105 = (x104 >> 25); + x104 = x102 + x79; + x105 = x104 >> 25; x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff)); - x107 = (x105 + x78); - x108 = (x107 >> 26); + x107 = x105 + x78; + x108 = x107 >> 26; x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff)); - x110 = (x108 + x77); - x111 = (x110 >> 25); + x110 = x108 + x77; + x111 = x110 >> 25; x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff)); - x113 = (x111 * UINT8_C(0x13)); - x114 = (x76 + x113); + x113 = x111 * UINT8_C(0x13); + x114 = x76 + x113; x115 = (uint32_t)(x114 >> 26); x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff)); - x117 = (x115 + x88); + x117 = x115 + x88; x118 = (fiat_25519_uint1)(x117 >> 25); - x119 = (x117 & UINT32_C(0x1ffffff)); - x120 = (x118 + x91); + x119 = x117 & UINT32_C(0x1ffffff); + x120 = x118 + x91; out1[0] = x116; out1[1] = x119; out1[2] = x120; @@ -774,28 +774,28 @@ static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) { uint32_t x20; uint32_t x21; uint32_t x22; - x1 = (arg1[0]); - x2 = ((x1 >> 26) + (arg1[1])); - x3 = ((x2 >> 25) + (arg1[2])); - x4 = ((x3 >> 26) + (arg1[3])); - x5 = ((x4 >> 25) + (arg1[4])); - x6 = ((x5 >> 26) + (arg1[5])); - x7 = ((x6 >> 25) + (arg1[6])); - x8 = ((x7 >> 26) + (arg1[7])); - x9 = ((x8 >> 25) + (arg1[8])); - x10 = ((x9 >> 26) + (arg1[9])); - x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * UINT8_C(0x13))); - x12 = ((fiat_25519_uint1)(x11 >> 26) + (x2 & UINT32_C(0x1ffffff))); - x13 = (x11 & UINT32_C(0x3ffffff)); - x14 = (x12 & UINT32_C(0x1ffffff)); - x15 = ((fiat_25519_uint1)(x12 >> 25) + (x3 & UINT32_C(0x3ffffff))); - x16 = (x4 & UINT32_C(0x1ffffff)); - x17 = (x5 & UINT32_C(0x3ffffff)); - x18 = (x6 & UINT32_C(0x1ffffff)); - x19 = (x7 & UINT32_C(0x3ffffff)); - x20 = (x8 & UINT32_C(0x1ffffff)); - x21 = (x9 & UINT32_C(0x3ffffff)); - x22 = (x10 & UINT32_C(0x1ffffff)); + x1 = arg1[0]; + x2 = (x1 >> 26) + arg1[1]; + x3 = (x2 >> 25) + arg1[2]; + x4 = (x3 >> 26) + arg1[3]; + x5 = (x4 >> 25) + arg1[4]; + x6 = (x5 >> 26) + arg1[5]; + x7 = (x6 >> 25) + arg1[6]; + x8 = (x7 >> 26) + arg1[7]; + x9 = (x8 >> 25) + arg1[8]; + x10 = (x9 >> 26) + arg1[9]; + x11 = (x1 & UINT32_C(0x3ffffff)) + (x10 >> 25) * UINT8_C(0x13); + x12 = (fiat_25519_uint1)(x11 >> 26) + (x2 & UINT32_C(0x1ffffff)); + x13 = x11 & UINT32_C(0x3ffffff); + x14 = x12 & UINT32_C(0x1ffffff); + x15 = (fiat_25519_uint1)(x12 >> 25) + (x3 & UINT32_C(0x3ffffff)); + x16 = x4 & UINT32_C(0x1ffffff); + x17 = x5 & UINT32_C(0x3ffffff); + x18 = x6 & UINT32_C(0x1ffffff); + x19 = x7 & UINT32_C(0x3ffffff); + x20 = x8 & UINT32_C(0x1ffffff); + x21 = x9 & UINT32_C(0x3ffffff); + x22 = x10 & UINT32_C(0x1ffffff); out1[0] = x13; out1[1] = x14; out1[2] = x15; @@ -831,16 +831,16 @@ static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uin uint32_t x8; uint32_t x9; uint32_t x10; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); - x4 = ((arg1[3]) + (arg2[3])); - x5 = ((arg1[4]) + (arg2[4])); - x6 = ((arg1[5]) + (arg2[5])); - x7 = ((arg1[6]) + (arg2[6])); - x8 = ((arg1[7]) + (arg2[7])); - x9 = ((arg1[8]) + (arg2[8])); - x10 = ((arg1[9]) + (arg2[9])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; + x4 = arg1[3] + arg2[3]; + x5 = arg1[4] + arg2[4]; + x6 = arg1[5] + arg2[5]; + x7 = arg1[6] + arg2[6]; + x8 = arg1[7] + arg2[7]; + x9 = arg1[8] + arg2[8]; + x10 = arg1[9] + arg2[9]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -876,16 +876,16 @@ static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uin uint32_t x8; uint32_t x9; uint32_t x10; - x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0])); - x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2])); - x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3])); - x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4])); - x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5])); - x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6])); - x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7])); - x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8])); - x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9])); + x1 = UINT32_C(0x7ffffda) + arg1[0] - arg2[0]; + x2 = UINT32_C(0x3fffffe) + arg1[1] - arg2[1]; + x3 = UINT32_C(0x7fffffe) + arg1[2] - arg2[2]; + x4 = UINT32_C(0x3fffffe) + arg1[3] - arg2[3]; + x5 = UINT32_C(0x7fffffe) + arg1[4] - arg2[4]; + x6 = UINT32_C(0x3fffffe) + arg1[5] - arg2[5]; + x7 = UINT32_C(0x7fffffe) + arg1[6] - arg2[6]; + x8 = UINT32_C(0x3fffffe) + arg1[7] - arg2[7]; + x9 = UINT32_C(0x7fffffe) + arg1[8] - arg2[8]; + x10 = UINT32_C(0x3fffffe) + arg1[9] - arg2[9]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -920,16 +920,16 @@ static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) { uint32_t x8; uint32_t x9; uint32_t x10; - x1 = (UINT32_C(0x7ffffda) - (arg1[0])); - x2 = (UINT32_C(0x3fffffe) - (arg1[1])); - x3 = (UINT32_C(0x7fffffe) - (arg1[2])); - x4 = (UINT32_C(0x3fffffe) - (arg1[3])); - x5 = (UINT32_C(0x7fffffe) - (arg1[4])); - x6 = (UINT32_C(0x3fffffe) - (arg1[5])); - x7 = (UINT32_C(0x7fffffe) - (arg1[6])); - x8 = (UINT32_C(0x3fffffe) - (arg1[7])); - x9 = (UINT32_C(0x7fffffe) - (arg1[8])); - x10 = (UINT32_C(0x3fffffe) - (arg1[9])); + x1 = UINT32_C(0x7ffffda) - arg1[0]; + x2 = UINT32_C(0x3fffffe) - arg1[1]; + x3 = UINT32_C(0x7fffffe) - arg1[2]; + x4 = UINT32_C(0x3fffffe) - arg1[3]; + x5 = UINT32_C(0x7fffffe) - arg1[4]; + x6 = UINT32_C(0x3fffffe) - arg1[5]; + x7 = UINT32_C(0x7fffffe) - arg1[6]; + x8 = UINT32_C(0x3fffffe) - arg1[7]; + x9 = UINT32_C(0x7fffffe) - arg1[8]; + x10 = UINT32_C(0x3fffffe) - arg1[9]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -966,16 +966,16 @@ static void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const uint32_t x8; uint32_t x9; uint32_t x10; - fiat_25519_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_25519_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_25519_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_25519_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_25519_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_25519_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_25519_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_25519_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); - fiat_25519_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); - fiat_25519_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); + fiat_25519_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_25519_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_25519_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_25519_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_25519_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); + fiat_25519_cmovznz_u32(&x6, arg1, arg2[5], arg3[5]); + fiat_25519_cmovznz_u32(&x7, arg1, arg2[6], arg3[6]); + fiat_25519_cmovznz_u32(&x8, arg1, arg2[7], arg3[7]); + fiat_25519_cmovznz_u32(&x9, arg1, arg2[8], arg3[8]); + fiat_25519_cmovznz_u32(&x10, arg1, arg2[9], arg3[9]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -1117,101 +1117,101 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { uint32_t x115; uint8_t x116; uint8_t x117; - fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed)); - fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff)); - fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff)); - fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff)); - fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff)); - fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff)); - fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff)); - fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff)); - fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff)); - fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff)); + fiat_25519_subborrowx_u26(&x1, &x2, 0x0, arg1[0], UINT32_C(0x3ffffed)); + fiat_25519_subborrowx_u25(&x3, &x4, x2, arg1[1], UINT32_C(0x1ffffff)); + fiat_25519_subborrowx_u26(&x5, &x6, x4, arg1[2], UINT32_C(0x3ffffff)); + fiat_25519_subborrowx_u25(&x7, &x8, x6, arg1[3], UINT32_C(0x1ffffff)); + fiat_25519_subborrowx_u26(&x9, &x10, x8, arg1[4], UINT32_C(0x3ffffff)); + fiat_25519_subborrowx_u25(&x11, &x12, x10, arg1[5], UINT32_C(0x1ffffff)); + fiat_25519_subborrowx_u26(&x13, &x14, x12, arg1[6], UINT32_C(0x3ffffff)); + fiat_25519_subborrowx_u25(&x15, &x16, x14, arg1[7], UINT32_C(0x1ffffff)); + fiat_25519_subborrowx_u26(&x17, &x18, x16, arg1[8], UINT32_C(0x3ffffff)); + fiat_25519_subborrowx_u25(&x19, &x20, x18, arg1[9], UINT32_C(0x1ffffff)); fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff)); - fiat_25519_addcarryx_u26(&x22, &x23, 0x0, x1, (x21 & UINT32_C(0x3ffffed))); - fiat_25519_addcarryx_u25(&x24, &x25, x23, x3, (x21 & UINT32_C(0x1ffffff))); - fiat_25519_addcarryx_u26(&x26, &x27, x25, x5, (x21 & UINT32_C(0x3ffffff))); - fiat_25519_addcarryx_u25(&x28, &x29, x27, x7, (x21 & UINT32_C(0x1ffffff))); - fiat_25519_addcarryx_u26(&x30, &x31, x29, x9, (x21 & UINT32_C(0x3ffffff))); - fiat_25519_addcarryx_u25(&x32, &x33, x31, x11, (x21 & UINT32_C(0x1ffffff))); - fiat_25519_addcarryx_u26(&x34, &x35, x33, x13, (x21 & UINT32_C(0x3ffffff))); - fiat_25519_addcarryx_u25(&x36, &x37, x35, x15, (x21 & UINT32_C(0x1ffffff))); - fiat_25519_addcarryx_u26(&x38, &x39, x37, x17, (x21 & UINT32_C(0x3ffffff))); - fiat_25519_addcarryx_u25(&x40, &x41, x39, x19, (x21 & UINT32_C(0x1ffffff))); - x42 = (x40 << 6); - x43 = (x38 << 4); - x44 = (x36 << 3); - x45 = (x34 * (uint32_t)0x2); - x46 = (x30 << 6); - x47 = (x28 << 5); - x48 = (x26 << 3); - x49 = (x24 << 2); + fiat_25519_addcarryx_u26(&x22, &x23, 0x0, x1, x21 & UINT32_C(0x3ffffed)); + fiat_25519_addcarryx_u25(&x24, &x25, x23, x3, x21 & UINT32_C(0x1ffffff)); + fiat_25519_addcarryx_u26(&x26, &x27, x25, x5, x21 & UINT32_C(0x3ffffff)); + fiat_25519_addcarryx_u25(&x28, &x29, x27, x7, x21 & UINT32_C(0x1ffffff)); + fiat_25519_addcarryx_u26(&x30, &x31, x29, x9, x21 & UINT32_C(0x3ffffff)); + fiat_25519_addcarryx_u25(&x32, &x33, x31, x11, x21 & UINT32_C(0x1ffffff)); + fiat_25519_addcarryx_u26(&x34, &x35, x33, x13, x21 & UINT32_C(0x3ffffff)); + fiat_25519_addcarryx_u25(&x36, &x37, x35, x15, x21 & UINT32_C(0x1ffffff)); + fiat_25519_addcarryx_u26(&x38, &x39, x37, x17, x21 & UINT32_C(0x3ffffff)); + fiat_25519_addcarryx_u25(&x40, &x41, x39, x19, x21 & UINT32_C(0x1ffffff)); + x42 = x40 << 6; + x43 = x38 << 4; + x44 = x36 << 3; + x45 = x34 * (uint32_t)0x2; + x46 = x30 << 6; + x47 = x28 << 5; + x48 = x26 << 3; + x49 = x24 << 2; x50 = (uint8_t)(x22 & UINT8_C(0xff)); - x51 = (x22 >> 8); + x51 = x22 >> 8; x52 = (uint8_t)(x51 & UINT8_C(0xff)); - x53 = (x51 >> 8); + x53 = x51 >> 8; x54 = (uint8_t)(x53 & UINT8_C(0xff)); x55 = (uint8_t)(x53 >> 8); - x56 = (x49 + (uint32_t)x55); + x56 = x49 + (uint32_t)x55; x57 = (uint8_t)(x56 & UINT8_C(0xff)); - x58 = (x56 >> 8); + x58 = x56 >> 8; x59 = (uint8_t)(x58 & UINT8_C(0xff)); - x60 = (x58 >> 8); + x60 = x58 >> 8; x61 = (uint8_t)(x60 & UINT8_C(0xff)); x62 = (uint8_t)(x60 >> 8); - x63 = (x48 + (uint32_t)x62); + x63 = x48 + (uint32_t)x62; x64 = (uint8_t)(x63 & UINT8_C(0xff)); - x65 = (x63 >> 8); + x65 = x63 >> 8; x66 = (uint8_t)(x65 & UINT8_C(0xff)); - x67 = (x65 >> 8); + x67 = x65 >> 8; x68 = (uint8_t)(x67 & UINT8_C(0xff)); x69 = (uint8_t)(x67 >> 8); - x70 = (x47 + (uint32_t)x69); + x70 = x47 + (uint32_t)x69; x71 = (uint8_t)(x70 & UINT8_C(0xff)); - x72 = (x70 >> 8); + x72 = x70 >> 8; x73 = (uint8_t)(x72 & UINT8_C(0xff)); - x74 = (x72 >> 8); + x74 = x72 >> 8; x75 = (uint8_t)(x74 & UINT8_C(0xff)); x76 = (uint8_t)(x74 >> 8); - x77 = (x46 + (uint32_t)x76); + x77 = x46 + (uint32_t)x76; x78 = (uint8_t)(x77 & UINT8_C(0xff)); - x79 = (x77 >> 8); + x79 = x77 >> 8; x80 = (uint8_t)(x79 & UINT8_C(0xff)); - x81 = (x79 >> 8); + x81 = x79 >> 8; x82 = (uint8_t)(x81 & UINT8_C(0xff)); x83 = (uint8_t)(x81 >> 8); x84 = (uint8_t)(x32 & UINT8_C(0xff)); - x85 = (x32 >> 8); + x85 = x32 >> 8; x86 = (uint8_t)(x85 & UINT8_C(0xff)); - x87 = (x85 >> 8); + x87 = x85 >> 8; x88 = (uint8_t)(x87 & UINT8_C(0xff)); x89 = (fiat_25519_uint1)(x87 >> 8); - x90 = (x45 + (uint32_t)x89); + x90 = x45 + (uint32_t)x89; x91 = (uint8_t)(x90 & UINT8_C(0xff)); - x92 = (x90 >> 8); + x92 = x90 >> 8; x93 = (uint8_t)(x92 & UINT8_C(0xff)); - x94 = (x92 >> 8); + x94 = x92 >> 8; x95 = (uint8_t)(x94 & UINT8_C(0xff)); x96 = (uint8_t)(x94 >> 8); - x97 = (x44 + (uint32_t)x96); + x97 = x44 + (uint32_t)x96; x98 = (uint8_t)(x97 & UINT8_C(0xff)); - x99 = (x97 >> 8); + x99 = x97 >> 8; x100 = (uint8_t)(x99 & UINT8_C(0xff)); - x101 = (x99 >> 8); + x101 = x99 >> 8; x102 = (uint8_t)(x101 & UINT8_C(0xff)); x103 = (uint8_t)(x101 >> 8); - x104 = (x43 + (uint32_t)x103); + x104 = x43 + (uint32_t)x103; x105 = (uint8_t)(x104 & UINT8_C(0xff)); - x106 = (x104 >> 8); + x106 = x104 >> 8; x107 = (uint8_t)(x106 & UINT8_C(0xff)); - x108 = (x106 >> 8); + x108 = x106 >> 8; x109 = (uint8_t)(x108 & UINT8_C(0xff)); x110 = (uint8_t)(x108 >> 8); - x111 = (x42 + (uint32_t)x110); + x111 = x42 + (uint32_t)x110; x112 = (uint8_t)(x111 & UINT8_C(0xff)); - x113 = (x111 >> 8); + x113 = x111 >> 8; x114 = (uint8_t)(x113 & UINT8_C(0xff)); - x115 = (x113 >> 8); + x115 = x113 >> 8; x116 = (uint8_t)(x115 & UINT8_C(0xff)); x117 = (uint8_t)(x115 >> 8); out1[0] = x50; @@ -1338,84 +1338,84 @@ static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) { uint32_t x76; uint32_t x77; uint32_t x78; - x1 = ((uint32_t)(arg1[31]) << 18); - x2 = ((uint32_t)(arg1[30]) << 10); - x3 = ((uint32_t)(arg1[29]) << 2); - x4 = ((uint32_t)(arg1[28]) << 20); - x5 = ((uint32_t)(arg1[27]) << 12); - x6 = ((uint32_t)(arg1[26]) << 4); - x7 = ((uint32_t)(arg1[25]) << 21); - x8 = ((uint32_t)(arg1[24]) << 13); - x9 = ((uint32_t)(arg1[23]) << 5); - x10 = ((uint32_t)(arg1[22]) << 23); - x11 = ((uint32_t)(arg1[21]) << 15); - x12 = ((uint32_t)(arg1[20]) << 7); - x13 = ((uint32_t)(arg1[19]) << 24); - x14 = ((uint32_t)(arg1[18]) << 16); - x15 = ((uint32_t)(arg1[17]) << 8); - x16 = (arg1[16]); - x17 = ((uint32_t)(arg1[15]) << 18); - x18 = ((uint32_t)(arg1[14]) << 10); - x19 = ((uint32_t)(arg1[13]) << 2); - x20 = ((uint32_t)(arg1[12]) << 19); - x21 = ((uint32_t)(arg1[11]) << 11); - x22 = ((uint32_t)(arg1[10]) << 3); - x23 = ((uint32_t)(arg1[9]) << 21); - x24 = ((uint32_t)(arg1[8]) << 13); - x25 = ((uint32_t)(arg1[7]) << 5); - x26 = ((uint32_t)(arg1[6]) << 22); - x27 = ((uint32_t)(arg1[5]) << 14); - x28 = ((uint32_t)(arg1[4]) << 6); - x29 = ((uint32_t)(arg1[3]) << 24); - x30 = ((uint32_t)(arg1[2]) << 16); - x31 = ((uint32_t)(arg1[1]) << 8); - x32 = (arg1[0]); - x33 = (x31 + (uint32_t)x32); - x34 = (x30 + x33); - x35 = (x29 + x34); - x36 = (x35 & UINT32_C(0x3ffffff)); + x1 = (uint32_t)arg1[31] << 18; + x2 = (uint32_t)arg1[30] << 10; + x3 = (uint32_t)arg1[29] << 2; + x4 = (uint32_t)arg1[28] << 20; + x5 = (uint32_t)arg1[27] << 12; + x6 = (uint32_t)arg1[26] << 4; + x7 = (uint32_t)arg1[25] << 21; + x8 = (uint32_t)arg1[24] << 13; + x9 = (uint32_t)arg1[23] << 5; + x10 = (uint32_t)arg1[22] << 23; + x11 = (uint32_t)arg1[21] << 15; + x12 = (uint32_t)arg1[20] << 7; + x13 = (uint32_t)arg1[19] << 24; + x14 = (uint32_t)arg1[18] << 16; + x15 = (uint32_t)arg1[17] << 8; + x16 = arg1[16]; + x17 = (uint32_t)arg1[15] << 18; + x18 = (uint32_t)arg1[14] << 10; + x19 = (uint32_t)arg1[13] << 2; + x20 = (uint32_t)arg1[12] << 19; + x21 = (uint32_t)arg1[11] << 11; + x22 = (uint32_t)arg1[10] << 3; + x23 = (uint32_t)arg1[9] << 21; + x24 = (uint32_t)arg1[8] << 13; + x25 = (uint32_t)arg1[7] << 5; + x26 = (uint32_t)arg1[6] << 22; + x27 = (uint32_t)arg1[5] << 14; + x28 = (uint32_t)arg1[4] << 6; + x29 = (uint32_t)arg1[3] << 24; + x30 = (uint32_t)arg1[2] << 16; + x31 = (uint32_t)arg1[1] << 8; + x32 = arg1[0]; + x33 = x31 + (uint32_t)x32; + x34 = x30 + x33; + x35 = x29 + x34; + x36 = x35 & UINT32_C(0x3ffffff); x37 = (uint8_t)(x35 >> 26); - x38 = (x28 + (uint32_t)x37); - x39 = (x27 + x38); - x40 = (x26 + x39); - x41 = (x40 & UINT32_C(0x1ffffff)); + x38 = x28 + (uint32_t)x37; + x39 = x27 + x38; + x40 = x26 + x39; + x41 = x40 & UINT32_C(0x1ffffff); x42 = (uint8_t)(x40 >> 25); - x43 = (x25 + (uint32_t)x42); - x44 = (x24 + x43); - x45 = (x23 + x44); - x46 = (x45 & UINT32_C(0x3ffffff)); + x43 = x25 + (uint32_t)x42; + x44 = x24 + x43; + x45 = x23 + x44; + x46 = x45 & UINT32_C(0x3ffffff); x47 = (uint8_t)(x45 >> 26); - x48 = (x22 + (uint32_t)x47); - x49 = (x21 + x48); - x50 = (x20 + x49); - x51 = (x50 & UINT32_C(0x1ffffff)); + x48 = x22 + (uint32_t)x47; + x49 = x21 + x48; + x50 = x20 + x49; + x51 = x50 & UINT32_C(0x1ffffff); x52 = (uint8_t)(x50 >> 25); - x53 = (x19 + (uint32_t)x52); - x54 = (x18 + x53); - x55 = (x17 + x54); - x56 = (x15 + (uint32_t)x16); - x57 = (x14 + x56); - x58 = (x13 + x57); - x59 = (x58 & UINT32_C(0x1ffffff)); + x53 = x19 + (uint32_t)x52; + x54 = x18 + x53; + x55 = x17 + x54; + x56 = x15 + (uint32_t)x16; + x57 = x14 + x56; + x58 = x13 + x57; + x59 = x58 & UINT32_C(0x1ffffff); x60 = (uint8_t)(x58 >> 25); - x61 = (x12 + (uint32_t)x60); - x62 = (x11 + x61); - x63 = (x10 + x62); - x64 = (x63 & UINT32_C(0x3ffffff)); + x61 = x12 + (uint32_t)x60; + x62 = x11 + x61; + x63 = x10 + x62; + x64 = x63 & UINT32_C(0x3ffffff); x65 = (uint8_t)(x63 >> 26); - x66 = (x9 + (uint32_t)x65); - x67 = (x8 + x66); - x68 = (x7 + x67); - x69 = (x68 & UINT32_C(0x1ffffff)); + x66 = x9 + (uint32_t)x65; + x67 = x8 + x66; + x68 = x7 + x67; + x69 = x68 & UINT32_C(0x1ffffff); x70 = (uint8_t)(x68 >> 25); - x71 = (x6 + (uint32_t)x70); - x72 = (x5 + x71); - x73 = (x4 + x72); - x74 = (x73 & UINT32_C(0x3ffffff)); + x71 = x6 + (uint32_t)x70; + x72 = x5 + x71; + x73 = x4 + x72; + x74 = x73 & UINT32_C(0x3ffffff); x75 = (uint8_t)(x73 >> 26); - x76 = (x3 + (uint32_t)x75); - x77 = (x2 + x76); - x78 = (x1 + x77); + x76 = x3 + (uint32_t)x75; + x77 = x2 + x76; + x78 = x1 + x77; out1[0] = x36; out1[1] = x41; out1[2] = x46; @@ -1487,53 +1487,53 @@ static void fiat_25519_carry_scmul_121666(uint32_t out1[10], const uint32_t arg1 fiat_25519_uint1 x45; uint32_t x46; uint32_t x47; - x1 = ((uint64_t)UINT32_C(0x1db42) * (arg1[9])); - x2 = ((uint64_t)UINT32_C(0x1db42) * (arg1[8])); - x3 = ((uint64_t)UINT32_C(0x1db42) * (arg1[7])); - x4 = ((uint64_t)UINT32_C(0x1db42) * (arg1[6])); - x5 = ((uint64_t)UINT32_C(0x1db42) * (arg1[5])); - x6 = ((uint64_t)UINT32_C(0x1db42) * (arg1[4])); - x7 = ((uint64_t)UINT32_C(0x1db42) * (arg1[3])); - x8 = ((uint64_t)UINT32_C(0x1db42) * (arg1[2])); - x9 = ((uint64_t)UINT32_C(0x1db42) * (arg1[1])); - x10 = ((uint64_t)UINT32_C(0x1db42) * (arg1[0])); + x1 = (uint64_t)UINT32_C(0x1db42) * arg1[9]; + x2 = (uint64_t)UINT32_C(0x1db42) * arg1[8]; + x3 = (uint64_t)UINT32_C(0x1db42) * arg1[7]; + x4 = (uint64_t)UINT32_C(0x1db42) * arg1[6]; + x5 = (uint64_t)UINT32_C(0x1db42) * arg1[5]; + x6 = (uint64_t)UINT32_C(0x1db42) * arg1[4]; + x7 = (uint64_t)UINT32_C(0x1db42) * arg1[3]; + x8 = (uint64_t)UINT32_C(0x1db42) * arg1[2]; + x9 = (uint64_t)UINT32_C(0x1db42) * arg1[1]; + x10 = (uint64_t)UINT32_C(0x1db42) * arg1[0]; x11 = (uint32_t)(x10 >> 26); x12 = (uint32_t)(x10 & UINT32_C(0x3ffffff)); - x13 = (x11 + x9); + x13 = x11 + x9; x14 = (uint32_t)(x13 >> 25); x15 = (uint32_t)(x13 & UINT32_C(0x1ffffff)); - x16 = (x14 + x8); + x16 = x14 + x8; x17 = (uint32_t)(x16 >> 26); x18 = (uint32_t)(x16 & UINT32_C(0x3ffffff)); - x19 = (x17 + x7); + x19 = x17 + x7; x20 = (uint32_t)(x19 >> 25); x21 = (uint32_t)(x19 & UINT32_C(0x1ffffff)); - x22 = (x20 + x6); + x22 = x20 + x6; x23 = (uint32_t)(x22 >> 26); x24 = (uint32_t)(x22 & UINT32_C(0x3ffffff)); - x25 = (x23 + x5); + x25 = x23 + x5; x26 = (uint32_t)(x25 >> 25); x27 = (uint32_t)(x25 & UINT32_C(0x1ffffff)); - x28 = (x26 + x4); + x28 = x26 + x4; x29 = (uint32_t)(x28 >> 26); x30 = (uint32_t)(x28 & UINT32_C(0x3ffffff)); - x31 = (x29 + x3); + x31 = x29 + x3; x32 = (uint32_t)(x31 >> 25); x33 = (uint32_t)(x31 & UINT32_C(0x1ffffff)); - x34 = (x32 + x2); + x34 = x32 + x2; x35 = (uint32_t)(x34 >> 26); x36 = (uint32_t)(x34 & UINT32_C(0x3ffffff)); - x37 = (x35 + x1); + x37 = x35 + x1; x38 = (uint32_t)(x37 >> 25); x39 = (uint32_t)(x37 & UINT32_C(0x1ffffff)); - x40 = (x38 * UINT8_C(0x13)); - x41 = (x12 + x40); + x40 = x38 * UINT8_C(0x13); + x41 = x12 + x40; x42 = (fiat_25519_uint1)(x41 >> 26); - x43 = (x41 & UINT32_C(0x3ffffff)); - x44 = (x42 + x15); + x43 = x41 & UINT32_C(0x3ffffff); + x44 = x42 + x15; x45 = (fiat_25519_uint1)(x44 >> 25); - x46 = (x44 & UINT32_C(0x1ffffff)); - x47 = (x45 + x18); + x46 = x44 & UINT32_C(0x1ffffff); + x47 = x45 + x18; out1[0] = x43; out1[1] = x46; out1[2] = x47; diff --git a/fiat-c/src/curve25519_64.c b/fiat-c/src/curve25519_64.c index 2c030ade10..c3e5b91b41 100644 --- a/fiat-c/src/curve25519_64.c +++ b/fiat-c/src/curve25519_64.c @@ -57,8 +57,8 @@ static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fia uint64_t x1; uint64_t x2; fiat_25519_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT64_C(0x7ffffffffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT64_C(0x7ffffffffffff); x3 = (fiat_25519_uint1)(x1 >> 51); *out1 = x2; *out2 = x3; @@ -83,9 +83,9 @@ static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fi int64_t x1; fiat_25519_int1 x2; uint64_t x3; - x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + x1 = (int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3; x2 = (fiat_25519_int1)(x1 >> 51); - x3 = (x1 & UINT64_C(0x7ffffffffffff)); + x3 = x1 & UINT64_C(0x7ffffffffffff); *out1 = x3; *out2 = (fiat_25519_uint1)(0x0 - x2); } @@ -107,9 +107,9 @@ static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64 fiat_25519_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_25519_value_barrier_u64(x2) & arg3) | (fiat_25519_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_25519_value_barrier_u64(x2) & arg3 | fiat_25519_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -178,58 +178,58 @@ static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const fiat_25519_uint1 x50; uint64_t x51; uint64_t x52; - x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) * UINT8_C(0x13))); - x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) * UINT8_C(0x13))); - x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) * UINT8_C(0x13))); - x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) * UINT8_C(0x13))); - x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) * UINT8_C(0x13))); - x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) * UINT8_C(0x13))); - x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) * UINT8_C(0x13))); - x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) * UINT8_C(0x13))); - x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) * UINT8_C(0x13))); - x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) * UINT8_C(0x13))); - x11 = ((fiat_25519_uint128)(arg1[4]) * (arg2[0])); - x12 = ((fiat_25519_uint128)(arg1[3]) * (arg2[1])); - x13 = ((fiat_25519_uint128)(arg1[3]) * (arg2[0])); - x14 = ((fiat_25519_uint128)(arg1[2]) * (arg2[2])); - x15 = ((fiat_25519_uint128)(arg1[2]) * (arg2[1])); - x16 = ((fiat_25519_uint128)(arg1[2]) * (arg2[0])); - x17 = ((fiat_25519_uint128)(arg1[1]) * (arg2[3])); - x18 = ((fiat_25519_uint128)(arg1[1]) * (arg2[2])); - x19 = ((fiat_25519_uint128)(arg1[1]) * (arg2[1])); - x20 = ((fiat_25519_uint128)(arg1[1]) * (arg2[0])); - x21 = ((fiat_25519_uint128)(arg1[0]) * (arg2[4])); - x22 = ((fiat_25519_uint128)(arg1[0]) * (arg2[3])); - x23 = ((fiat_25519_uint128)(arg1[0]) * (arg2[2])); - x24 = ((fiat_25519_uint128)(arg1[0]) * (arg2[1])); - x25 = ((fiat_25519_uint128)(arg1[0]) * (arg2[0])); - x26 = (x25 + (x10 + (x9 + (x7 + x4)))); + x1 = (fiat_25519_uint128)arg1[4] * (arg2[4] * UINT8_C(0x13)); + x2 = (fiat_25519_uint128)arg1[4] * (arg2[3] * UINT8_C(0x13)); + x3 = (fiat_25519_uint128)arg1[4] * (arg2[2] * UINT8_C(0x13)); + x4 = (fiat_25519_uint128)arg1[4] * (arg2[1] * UINT8_C(0x13)); + x5 = (fiat_25519_uint128)arg1[3] * (arg2[4] * UINT8_C(0x13)); + x6 = (fiat_25519_uint128)arg1[3] * (arg2[3] * UINT8_C(0x13)); + x7 = (fiat_25519_uint128)arg1[3] * (arg2[2] * UINT8_C(0x13)); + x8 = (fiat_25519_uint128)arg1[2] * (arg2[4] * UINT8_C(0x13)); + x9 = (fiat_25519_uint128)arg1[2] * (arg2[3] * UINT8_C(0x13)); + x10 = (fiat_25519_uint128)arg1[1] * (arg2[4] * UINT8_C(0x13)); + x11 = (fiat_25519_uint128)arg1[4] * arg2[0]; + x12 = (fiat_25519_uint128)arg1[3] * arg2[1]; + x13 = (fiat_25519_uint128)arg1[3] * arg2[0]; + x14 = (fiat_25519_uint128)arg1[2] * arg2[2]; + x15 = (fiat_25519_uint128)arg1[2] * arg2[1]; + x16 = (fiat_25519_uint128)arg1[2] * arg2[0]; + x17 = (fiat_25519_uint128)arg1[1] * arg2[3]; + x18 = (fiat_25519_uint128)arg1[1] * arg2[2]; + x19 = (fiat_25519_uint128)arg1[1] * arg2[1]; + x20 = (fiat_25519_uint128)arg1[1] * arg2[0]; + x21 = (fiat_25519_uint128)arg1[0] * arg2[4]; + x22 = (fiat_25519_uint128)arg1[0] * arg2[3]; + x23 = (fiat_25519_uint128)arg1[0] * arg2[2]; + x24 = (fiat_25519_uint128)arg1[0] * arg2[1]; + x25 = (fiat_25519_uint128)arg1[0] * arg2[0]; + x26 = x25 + (x10 + (x9 + (x7 + x4))); x27 = (uint64_t)(x26 >> 51); x28 = (uint64_t)(x26 & UINT64_C(0x7ffffffffffff)); - x29 = (x21 + (x17 + (x14 + (x12 + x11)))); - x30 = (x22 + (x18 + (x15 + (x13 + x1)))); - x31 = (x23 + (x19 + (x16 + (x5 + x2)))); - x32 = (x24 + (x20 + (x8 + (x6 + x3)))); - x33 = (x27 + x32); + x29 = x21 + (x17 + (x14 + (x12 + x11))); + x30 = x22 + (x18 + (x15 + (x13 + x1))); + x31 = x23 + (x19 + (x16 + (x5 + x2))); + x32 = x24 + (x20 + (x8 + (x6 + x3))); + x33 = x27 + x32; x34 = (uint64_t)(x33 >> 51); x35 = (uint64_t)(x33 & UINT64_C(0x7ffffffffffff)); - x36 = (x34 + x31); + x36 = x34 + x31; x37 = (uint64_t)(x36 >> 51); x38 = (uint64_t)(x36 & UINT64_C(0x7ffffffffffff)); - x39 = (x37 + x30); + x39 = x37 + x30; x40 = (uint64_t)(x39 >> 51); x41 = (uint64_t)(x39 & UINT64_C(0x7ffffffffffff)); - x42 = (x40 + x29); + x42 = x40 + x29; x43 = (uint64_t)(x42 >> 51); x44 = (uint64_t)(x42 & UINT64_C(0x7ffffffffffff)); - x45 = (x43 * UINT8_C(0x13)); - x46 = (x28 + x45); - x47 = (x46 >> 51); - x48 = (x46 & UINT64_C(0x7ffffffffffff)); - x49 = (x47 + x35); + x45 = x43 * UINT8_C(0x13); + x46 = x28 + x45; + x47 = x46 >> 51; + x48 = x46 & UINT64_C(0x7ffffffffffff); + x49 = x47 + x35; x50 = (fiat_25519_uint1)(x49 >> 51); - x51 = (x49 & UINT64_C(0x7ffffffffffff)); - x52 = (x50 + x38); + x51 = x49 & UINT64_C(0x7ffffffffffff); + x52 = x50 + x38; out1[0] = x48; out1[1] = x51; out1[2] = x52; @@ -299,56 +299,56 @@ static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) { fiat_25519_uint1 x48; uint64_t x49; uint64_t x50; - x1 = ((arg1[4]) * UINT8_C(0x13)); - x2 = (x1 * 0x2); - x3 = ((arg1[4]) * 0x2); - x4 = ((arg1[3]) * UINT8_C(0x13)); - x5 = (x4 * 0x2); - x6 = ((arg1[3]) * 0x2); - x7 = ((arg1[2]) * 0x2); - x8 = ((arg1[1]) * 0x2); - x9 = ((fiat_25519_uint128)(arg1[4]) * x1); - x10 = ((fiat_25519_uint128)(arg1[3]) * x2); - x11 = ((fiat_25519_uint128)(arg1[3]) * x4); - x12 = ((fiat_25519_uint128)(arg1[2]) * x2); - x13 = ((fiat_25519_uint128)(arg1[2]) * x5); - x14 = ((fiat_25519_uint128)(arg1[2]) * (arg1[2])); - x15 = ((fiat_25519_uint128)(arg1[1]) * x2); - x16 = ((fiat_25519_uint128)(arg1[1]) * x6); - x17 = ((fiat_25519_uint128)(arg1[1]) * x7); - x18 = ((fiat_25519_uint128)(arg1[1]) * (arg1[1])); - x19 = ((fiat_25519_uint128)(arg1[0]) * x3); - x20 = ((fiat_25519_uint128)(arg1[0]) * x6); - x21 = ((fiat_25519_uint128)(arg1[0]) * x7); - x22 = ((fiat_25519_uint128)(arg1[0]) * x8); - x23 = ((fiat_25519_uint128)(arg1[0]) * (arg1[0])); - x24 = (x23 + (x15 + x13)); + x1 = arg1[4] * UINT8_C(0x13); + x2 = x1 * 0x2; + x3 = arg1[4] * 0x2; + x4 = arg1[3] * UINT8_C(0x13); + x5 = x4 * 0x2; + x6 = arg1[3] * 0x2; + x7 = arg1[2] * 0x2; + x8 = arg1[1] * 0x2; + x9 = (fiat_25519_uint128)arg1[4] * x1; + x10 = (fiat_25519_uint128)arg1[3] * x2; + x11 = (fiat_25519_uint128)arg1[3] * x4; + x12 = (fiat_25519_uint128)arg1[2] * x2; + x13 = (fiat_25519_uint128)arg1[2] * x5; + x14 = (fiat_25519_uint128)arg1[2] * arg1[2]; + x15 = (fiat_25519_uint128)arg1[1] * x2; + x16 = (fiat_25519_uint128)arg1[1] * x6; + x17 = (fiat_25519_uint128)arg1[1] * x7; + x18 = (fiat_25519_uint128)arg1[1] * arg1[1]; + x19 = (fiat_25519_uint128)arg1[0] * x3; + x20 = (fiat_25519_uint128)arg1[0] * x6; + x21 = (fiat_25519_uint128)arg1[0] * x7; + x22 = (fiat_25519_uint128)arg1[0] * x8; + x23 = (fiat_25519_uint128)arg1[0] * arg1[0]; + x24 = x23 + (x15 + x13); x25 = (uint64_t)(x24 >> 51); x26 = (uint64_t)(x24 & UINT64_C(0x7ffffffffffff)); - x27 = (x19 + (x16 + x14)); - x28 = (x20 + (x17 + x9)); - x29 = (x21 + (x18 + x10)); - x30 = (x22 + (x12 + x11)); - x31 = (x25 + x30); + x27 = x19 + (x16 + x14); + x28 = x20 + (x17 + x9); + x29 = x21 + (x18 + x10); + x30 = x22 + (x12 + x11); + x31 = x25 + x30; x32 = (uint64_t)(x31 >> 51); x33 = (uint64_t)(x31 & UINT64_C(0x7ffffffffffff)); - x34 = (x32 + x29); + x34 = x32 + x29; x35 = (uint64_t)(x34 >> 51); x36 = (uint64_t)(x34 & UINT64_C(0x7ffffffffffff)); - x37 = (x35 + x28); + x37 = x35 + x28; x38 = (uint64_t)(x37 >> 51); x39 = (uint64_t)(x37 & UINT64_C(0x7ffffffffffff)); - x40 = (x38 + x27); + x40 = x38 + x27; x41 = (uint64_t)(x40 >> 51); x42 = (uint64_t)(x40 & UINT64_C(0x7ffffffffffff)); - x43 = (x41 * UINT8_C(0x13)); - x44 = (x26 + x43); - x45 = (x44 >> 51); - x46 = (x44 & UINT64_C(0x7ffffffffffff)); - x47 = (x45 + x33); + x43 = x41 * UINT8_C(0x13); + x44 = x26 + x43; + x45 = x44 >> 51; + x46 = x44 & UINT64_C(0x7ffffffffffff); + x47 = x45 + x33; x48 = (fiat_25519_uint1)(x47 >> 51); - x49 = (x47 & UINT64_C(0x7ffffffffffff)); - x50 = (x48 + x36); + x49 = x47 & UINT64_C(0x7ffffffffffff); + x50 = x48 + x36; out1[0] = x46; out1[1] = x49; out1[2] = x50; @@ -380,18 +380,18 @@ static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) { uint64_t x10; uint64_t x11; uint64_t x12; - x1 = (arg1[0]); - x2 = ((x1 >> 51) + (arg1[1])); - x3 = ((x2 >> 51) + (arg1[2])); - x4 = ((x3 >> 51) + (arg1[3])); - x5 = ((x4 >> 51) + (arg1[4])); - x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) * UINT8_C(0x13))); - x7 = ((fiat_25519_uint1)(x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff))); - x8 = (x6 & UINT64_C(0x7ffffffffffff)); - x9 = (x7 & UINT64_C(0x7ffffffffffff)); - x10 = ((fiat_25519_uint1)(x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff))); - x11 = (x4 & UINT64_C(0x7ffffffffffff)); - x12 = (x5 & UINT64_C(0x7ffffffffffff)); + x1 = arg1[0]; + x2 = (x1 >> 51) + arg1[1]; + x3 = (x2 >> 51) + arg1[2]; + x4 = (x3 >> 51) + arg1[3]; + x5 = (x4 >> 51) + arg1[4]; + x6 = (x1 & UINT64_C(0x7ffffffffffff)) + (x5 >> 51) * UINT8_C(0x13); + x7 = (fiat_25519_uint1)(x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff)); + x8 = x6 & UINT64_C(0x7ffffffffffff); + x9 = x7 & UINT64_C(0x7ffffffffffff); + x10 = (fiat_25519_uint1)(x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff)); + x11 = x4 & UINT64_C(0x7ffffffffffff); + x12 = x5 & UINT64_C(0x7ffffffffffff); out1[0] = x8; out1[1] = x9; out1[2] = x10; @@ -417,11 +417,11 @@ static void fiat_25519_add(uint64_t out1[5], const uint64_t arg1[5], const uint6 uint64_t x3; uint64_t x4; uint64_t x5; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); - x4 = ((arg1[3]) + (arg2[3])); - x5 = ((arg1[4]) + (arg2[4])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; + x4 = arg1[3] + arg2[3]; + x5 = arg1[4] + arg2[4]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -447,11 +447,11 @@ static void fiat_25519_sub(uint64_t out1[5], const uint64_t arg1[5], const uint6 uint64_t x3; uint64_t x4; uint64_t x5; - x1 = ((UINT64_C(0xfffffffffffda) + (arg1[0])) - (arg2[0])); - x2 = ((UINT64_C(0xffffffffffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT64_C(0xffffffffffffe) + (arg1[2])) - (arg2[2])); - x4 = ((UINT64_C(0xffffffffffffe) + (arg1[3])) - (arg2[3])); - x5 = ((UINT64_C(0xffffffffffffe) + (arg1[4])) - (arg2[4])); + x1 = UINT64_C(0xfffffffffffda) + arg1[0] - arg2[0]; + x2 = UINT64_C(0xffffffffffffe) + arg1[1] - arg2[1]; + x3 = UINT64_C(0xffffffffffffe) + arg1[2] - arg2[2]; + x4 = UINT64_C(0xffffffffffffe) + arg1[3] - arg2[3]; + x5 = UINT64_C(0xffffffffffffe) + arg1[4] - arg2[4]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -476,11 +476,11 @@ static void fiat_25519_opp(uint64_t out1[5], const uint64_t arg1[5]) { uint64_t x3; uint64_t x4; uint64_t x5; - x1 = (UINT64_C(0xfffffffffffda) - (arg1[0])); - x2 = (UINT64_C(0xffffffffffffe) - (arg1[1])); - x3 = (UINT64_C(0xffffffffffffe) - (arg1[2])); - x4 = (UINT64_C(0xffffffffffffe) - (arg1[3])); - x5 = (UINT64_C(0xffffffffffffe) - (arg1[4])); + x1 = UINT64_C(0xfffffffffffda) - arg1[0]; + x2 = UINT64_C(0xffffffffffffe) - arg1[1]; + x3 = UINT64_C(0xffffffffffffe) - arg1[2]; + x4 = UINT64_C(0xffffffffffffe) - arg1[3]; + x5 = UINT64_C(0xffffffffffffe) - arg1[4]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -507,11 +507,11 @@ static void fiat_25519_selectznz(uint64_t out1[5], fiat_25519_uint1 arg1, const uint64_t x3; uint64_t x4; uint64_t x5; - fiat_25519_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_25519_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_25519_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_25519_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_25519_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); + fiat_25519_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_25519_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_25519_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_25519_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); + fiat_25519_cmovznz_u64(&x5, arg1, arg2[4], arg3[4]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -622,85 +622,85 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) { uint64_t x89; uint8_t x90; uint8_t x91; - fiat_25519_subborrowx_u51(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0x7ffffffffffed)); - fiat_25519_subborrowx_u51(&x3, &x4, x2, (arg1[1]), UINT64_C(0x7ffffffffffff)); - fiat_25519_subborrowx_u51(&x5, &x6, x4, (arg1[2]), UINT64_C(0x7ffffffffffff)); - fiat_25519_subborrowx_u51(&x7, &x8, x6, (arg1[3]), UINT64_C(0x7ffffffffffff)); - fiat_25519_subborrowx_u51(&x9, &x10, x8, (arg1[4]), UINT64_C(0x7ffffffffffff)); + fiat_25519_subborrowx_u51(&x1, &x2, 0x0, arg1[0], UINT64_C(0x7ffffffffffed)); + fiat_25519_subborrowx_u51(&x3, &x4, x2, arg1[1], UINT64_C(0x7ffffffffffff)); + fiat_25519_subborrowx_u51(&x5, &x6, x4, arg1[2], UINT64_C(0x7ffffffffffff)); + fiat_25519_subborrowx_u51(&x7, &x8, x6, arg1[3], UINT64_C(0x7ffffffffffff)); + fiat_25519_subborrowx_u51(&x9, &x10, x8, arg1[4], UINT64_C(0x7ffffffffffff)); fiat_25519_cmovznz_u64(&x11, x10, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_25519_addcarryx_u51(&x12, &x13, 0x0, x1, (x11 & UINT64_C(0x7ffffffffffed))); - fiat_25519_addcarryx_u51(&x14, &x15, x13, x3, (x11 & UINT64_C(0x7ffffffffffff))); - fiat_25519_addcarryx_u51(&x16, &x17, x15, x5, (x11 & UINT64_C(0x7ffffffffffff))); - fiat_25519_addcarryx_u51(&x18, &x19, x17, x7, (x11 & UINT64_C(0x7ffffffffffff))); - fiat_25519_addcarryx_u51(&x20, &x21, x19, x9, (x11 & UINT64_C(0x7ffffffffffff))); - x22 = (x20 << 4); - x23 = (x18 * (uint64_t)0x2); - x24 = (x16 << 6); - x25 = (x14 << 3); + fiat_25519_addcarryx_u51(&x12, &x13, 0x0, x1, x11 & UINT64_C(0x7ffffffffffed)); + fiat_25519_addcarryx_u51(&x14, &x15, x13, x3, x11 & UINT64_C(0x7ffffffffffff)); + fiat_25519_addcarryx_u51(&x16, &x17, x15, x5, x11 & UINT64_C(0x7ffffffffffff)); + fiat_25519_addcarryx_u51(&x18, &x19, x17, x7, x11 & UINT64_C(0x7ffffffffffff)); + fiat_25519_addcarryx_u51(&x20, &x21, x19, x9, x11 & UINT64_C(0x7ffffffffffff)); + x22 = x20 << 4; + x23 = x18 * (uint64_t)0x2; + x24 = x16 << 6; + x25 = x14 << 3; x26 = (uint8_t)(x12 & UINT8_C(0xff)); - x27 = (x12 >> 8); + x27 = x12 >> 8; x28 = (uint8_t)(x27 & UINT8_C(0xff)); - x29 = (x27 >> 8); + x29 = x27 >> 8; x30 = (uint8_t)(x29 & UINT8_C(0xff)); - x31 = (x29 >> 8); + x31 = x29 >> 8; x32 = (uint8_t)(x31 & UINT8_C(0xff)); - x33 = (x31 >> 8); + x33 = x31 >> 8; x34 = (uint8_t)(x33 & UINT8_C(0xff)); - x35 = (x33 >> 8); + x35 = x33 >> 8; x36 = (uint8_t)(x35 & UINT8_C(0xff)); x37 = (uint8_t)(x35 >> 8); - x38 = (x25 + (uint64_t)x37); + x38 = x25 + (uint64_t)x37; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); - x44 = (x42 >> 8); + x44 = x42 >> 8; x45 = (uint8_t)(x44 & UINT8_C(0xff)); - x46 = (x44 >> 8); + x46 = x44 >> 8; x47 = (uint8_t)(x46 & UINT8_C(0xff)); - x48 = (x46 >> 8); + x48 = x46 >> 8; x49 = (uint8_t)(x48 & UINT8_C(0xff)); x50 = (uint8_t)(x48 >> 8); - x51 = (x24 + (uint64_t)x50); + x51 = x24 + (uint64_t)x50; x52 = (uint8_t)(x51 & UINT8_C(0xff)); - x53 = (x51 >> 8); + x53 = x51 >> 8; x54 = (uint8_t)(x53 & UINT8_C(0xff)); - x55 = (x53 >> 8); + x55 = x53 >> 8; x56 = (uint8_t)(x55 & UINT8_C(0xff)); - x57 = (x55 >> 8); + x57 = x55 >> 8; x58 = (uint8_t)(x57 & UINT8_C(0xff)); - x59 = (x57 >> 8); + x59 = x57 >> 8; x60 = (uint8_t)(x59 & UINT8_C(0xff)); - x61 = (x59 >> 8); + x61 = x59 >> 8; x62 = (uint8_t)(x61 & UINT8_C(0xff)); - x63 = (x61 >> 8); + x63 = x61 >> 8; x64 = (uint8_t)(x63 & UINT8_C(0xff)); x65 = (fiat_25519_uint1)(x63 >> 8); - x66 = (x23 + (uint64_t)x65); + x66 = x23 + (uint64_t)x65; x67 = (uint8_t)(x66 & UINT8_C(0xff)); - x68 = (x66 >> 8); + x68 = x66 >> 8; x69 = (uint8_t)(x68 & UINT8_C(0xff)); - x70 = (x68 >> 8); + x70 = x68 >> 8; x71 = (uint8_t)(x70 & UINT8_C(0xff)); - x72 = (x70 >> 8); + x72 = x70 >> 8; x73 = (uint8_t)(x72 & UINT8_C(0xff)); - x74 = (x72 >> 8); + x74 = x72 >> 8; x75 = (uint8_t)(x74 & UINT8_C(0xff)); - x76 = (x74 >> 8); + x76 = x74 >> 8; x77 = (uint8_t)(x76 & UINT8_C(0xff)); x78 = (uint8_t)(x76 >> 8); - x79 = (x22 + (uint64_t)x78); + x79 = x22 + (uint64_t)x78; x80 = (uint8_t)(x79 & UINT8_C(0xff)); - x81 = (x79 >> 8); + x81 = x79 >> 8; x82 = (uint8_t)(x81 & UINT8_C(0xff)); - x83 = (x81 >> 8); + x83 = x81 >> 8; x84 = (uint8_t)(x83 & UINT8_C(0xff)); - x85 = (x83 >> 8); + x85 = x83 >> 8; x86 = (uint8_t)(x85 & UINT8_C(0xff)); - x87 = (x85 >> 8); + x87 = x85 >> 8; x88 = (uint8_t)(x87 & UINT8_C(0xff)); - x89 = (x87 >> 8); + x89 = x87 >> 8; x90 = (uint8_t)(x89 & UINT8_C(0xff)); x91 = (uint8_t)(x89 >> 8); out1[0] = x26; @@ -820,77 +820,77 @@ static void fiat_25519_from_bytes(uint64_t out1[5], const uint8_t arg1[32]) { uint64_t x69; uint64_t x70; uint64_t x71; - x1 = ((uint64_t)(arg1[31]) << 44); - x2 = ((uint64_t)(arg1[30]) << 36); - x3 = ((uint64_t)(arg1[29]) << 28); - x4 = ((uint64_t)(arg1[28]) << 20); - x5 = ((uint64_t)(arg1[27]) << 12); - x6 = ((uint64_t)(arg1[26]) << 4); - x7 = ((uint64_t)(arg1[25]) << 47); - x8 = ((uint64_t)(arg1[24]) << 39); - x9 = ((uint64_t)(arg1[23]) << 31); - x10 = ((uint64_t)(arg1[22]) << 23); - x11 = ((uint64_t)(arg1[21]) << 15); - x12 = ((uint64_t)(arg1[20]) << 7); - x13 = ((uint64_t)(arg1[19]) << 50); - x14 = ((uint64_t)(arg1[18]) << 42); - x15 = ((uint64_t)(arg1[17]) << 34); - x16 = ((uint64_t)(arg1[16]) << 26); - x17 = ((uint64_t)(arg1[15]) << 18); - x18 = ((uint64_t)(arg1[14]) << 10); - x19 = ((uint64_t)(arg1[13]) << 2); - x20 = ((uint64_t)(arg1[12]) << 45); - x21 = ((uint64_t)(arg1[11]) << 37); - x22 = ((uint64_t)(arg1[10]) << 29); - x23 = ((uint64_t)(arg1[9]) << 21); - x24 = ((uint64_t)(arg1[8]) << 13); - x25 = ((uint64_t)(arg1[7]) << 5); - x26 = ((uint64_t)(arg1[6]) << 48); - x27 = ((uint64_t)(arg1[5]) << 40); - x28 = ((uint64_t)(arg1[4]) << 32); - x29 = ((uint64_t)(arg1[3]) << 24); - x30 = ((uint64_t)(arg1[2]) << 16); - x31 = ((uint64_t)(arg1[1]) << 8); - x32 = (arg1[0]); - x33 = (x31 + (uint64_t)x32); - x34 = (x30 + x33); - x35 = (x29 + x34); - x36 = (x28 + x35); - x37 = (x27 + x36); - x38 = (x26 + x37); - x39 = (x38 & UINT64_C(0x7ffffffffffff)); + x1 = (uint64_t)arg1[31] << 44; + x2 = (uint64_t)arg1[30] << 36; + x3 = (uint64_t)arg1[29] << 28; + x4 = (uint64_t)arg1[28] << 20; + x5 = (uint64_t)arg1[27] << 12; + x6 = (uint64_t)arg1[26] << 4; + x7 = (uint64_t)arg1[25] << 47; + x8 = (uint64_t)arg1[24] << 39; + x9 = (uint64_t)arg1[23] << 31; + x10 = (uint64_t)arg1[22] << 23; + x11 = (uint64_t)arg1[21] << 15; + x12 = (uint64_t)arg1[20] << 7; + x13 = (uint64_t)arg1[19] << 50; + x14 = (uint64_t)arg1[18] << 42; + x15 = (uint64_t)arg1[17] << 34; + x16 = (uint64_t)arg1[16] << 26; + x17 = (uint64_t)arg1[15] << 18; + x18 = (uint64_t)arg1[14] << 10; + x19 = (uint64_t)arg1[13] << 2; + x20 = (uint64_t)arg1[12] << 45; + x21 = (uint64_t)arg1[11] << 37; + x22 = (uint64_t)arg1[10] << 29; + x23 = (uint64_t)arg1[9] << 21; + x24 = (uint64_t)arg1[8] << 13; + x25 = (uint64_t)arg1[7] << 5; + x26 = (uint64_t)arg1[6] << 48; + x27 = (uint64_t)arg1[5] << 40; + x28 = (uint64_t)arg1[4] << 32; + x29 = (uint64_t)arg1[3] << 24; + x30 = (uint64_t)arg1[2] << 16; + x31 = (uint64_t)arg1[1] << 8; + x32 = arg1[0]; + x33 = x31 + (uint64_t)x32; + x34 = x30 + x33; + x35 = x29 + x34; + x36 = x28 + x35; + x37 = x27 + x36; + x38 = x26 + x37; + x39 = x38 & UINT64_C(0x7ffffffffffff); x40 = (uint8_t)(x38 >> 51); - x41 = (x25 + (uint64_t)x40); - x42 = (x24 + x41); - x43 = (x23 + x42); - x44 = (x22 + x43); - x45 = (x21 + x44); - x46 = (x20 + x45); - x47 = (x46 & UINT64_C(0x7ffffffffffff)); + x41 = x25 + (uint64_t)x40; + x42 = x24 + x41; + x43 = x23 + x42; + x44 = x22 + x43; + x45 = x21 + x44; + x46 = x20 + x45; + x47 = x46 & UINT64_C(0x7ffffffffffff); x48 = (uint8_t)(x46 >> 51); - x49 = (x19 + (uint64_t)x48); - x50 = (x18 + x49); - x51 = (x17 + x50); - x52 = (x16 + x51); - x53 = (x15 + x52); - x54 = (x14 + x53); - x55 = (x13 + x54); - x56 = (x55 & UINT64_C(0x7ffffffffffff)); + x49 = x19 + (uint64_t)x48; + x50 = x18 + x49; + x51 = x17 + x50; + x52 = x16 + x51; + x53 = x15 + x52; + x54 = x14 + x53; + x55 = x13 + x54; + x56 = x55 & UINT64_C(0x7ffffffffffff); x57 = (uint8_t)(x55 >> 51); - x58 = (x12 + (uint64_t)x57); - x59 = (x11 + x58); - x60 = (x10 + x59); - x61 = (x9 + x60); - x62 = (x8 + x61); - x63 = (x7 + x62); - x64 = (x63 & UINT64_C(0x7ffffffffffff)); + x58 = x12 + (uint64_t)x57; + x59 = x11 + x58; + x60 = x10 + x59; + x61 = x9 + x60; + x62 = x8 + x61; + x63 = x7 + x62; + x64 = x63 & UINT64_C(0x7ffffffffffff); x65 = (uint8_t)(x63 >> 51); - x66 = (x6 + (uint64_t)x65); - x67 = (x5 + x66); - x68 = (x4 + x67); - x69 = (x3 + x68); - x70 = (x2 + x69); - x71 = (x1 + x70); + x66 = x6 + (uint64_t)x65; + x67 = x5 + x66; + x68 = x4 + x67; + x69 = x3 + x68; + x70 = x2 + x69; + x71 = x1 + x70; out1[0] = x39; out1[1] = x47; out1[2] = x56; @@ -937,33 +937,33 @@ static void fiat_25519_carry_scmul_121666(uint64_t out1[5], const uint64_t arg1[ fiat_25519_uint1 x25; uint64_t x26; uint64_t x27; - x1 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[4])); - x2 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[3])); - x3 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[2])); - x4 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[1])); - x5 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[0])); + x1 = (fiat_25519_uint128)UINT32_C(0x1db42) * arg1[4]; + x2 = (fiat_25519_uint128)UINT32_C(0x1db42) * arg1[3]; + x3 = (fiat_25519_uint128)UINT32_C(0x1db42) * arg1[2]; + x4 = (fiat_25519_uint128)UINT32_C(0x1db42) * arg1[1]; + x5 = (fiat_25519_uint128)UINT32_C(0x1db42) * arg1[0]; x6 = (uint64_t)(x5 >> 51); x7 = (uint64_t)(x5 & UINT64_C(0x7ffffffffffff)); - x8 = (x6 + x4); + x8 = x6 + x4; x9 = (uint64_t)(x8 >> 51); x10 = (uint64_t)(x8 & UINT64_C(0x7ffffffffffff)); - x11 = (x9 + x3); + x11 = x9 + x3; x12 = (uint64_t)(x11 >> 51); x13 = (uint64_t)(x11 & UINT64_C(0x7ffffffffffff)); - x14 = (x12 + x2); + x14 = x12 + x2; x15 = (uint64_t)(x14 >> 51); x16 = (uint64_t)(x14 & UINT64_C(0x7ffffffffffff)); - x17 = (x15 + x1); + x17 = x15 + x1; x18 = (uint64_t)(x17 >> 51); x19 = (uint64_t)(x17 & UINT64_C(0x7ffffffffffff)); - x20 = (x18 * UINT8_C(0x13)); - x21 = (x7 + x20); + x20 = x18 * UINT8_C(0x13); + x21 = x7 + x20; x22 = (fiat_25519_uint1)(x21 >> 51); - x23 = (x21 & UINT64_C(0x7ffffffffffff)); - x24 = (x22 + x10); + x23 = x21 & UINT64_C(0x7ffffffffffff); + x24 = x22 + x10; x25 = (fiat_25519_uint1)(x24 >> 51); - x26 = (x24 & UINT64_C(0x7ffffffffffff)); - x27 = (x25 + x13); + x26 = x24 & UINT64_C(0x7ffffffffffff); + x27 = x25 + x13; out1[0] = x23; out1[1] = x26; out1[2] = x27; diff --git a/fiat-c/src/p224_32.c b/fiat-c/src/p224_32.c index 2dcf91ddb7..5d43709d51 100644 --- a/fiat-c/src/p224_32.c +++ b/fiat-c/src/p224_32.c @@ -54,7 +54,7 @@ static void fiat_p224_addcarryx_u32(uint32_t* out1, fiat_p224_uint1* out2, fiat_ uint64_t x1; uint32_t x2; fiat_p224_uint1 x3; - x1 = ((arg1 + (uint64_t)arg2) + arg3); + x1 = arg1 + (uint64_t)arg2 + arg3; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (fiat_p224_uint1)(x1 >> 32); *out1 = x2; @@ -80,7 +80,7 @@ static void fiat_p224_subborrowx_u32(uint32_t* out1, fiat_p224_uint1* out2, fiat int64_t x1; fiat_p224_int1 x2; uint32_t x3; - x1 = ((arg2 - (int64_t)arg1) - arg3); + x1 = arg2 - (int64_t)arg1 - arg3; x2 = (fiat_p224_int1)(x1 >> 32); x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); *out1 = x3; @@ -105,7 +105,7 @@ static void fiat_p224_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, ui uint64_t x1; uint32_t x2; uint32_t x3; - x1 = ((uint64_t)arg1 * arg2); + x1 = (uint64_t)arg1 * arg2; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (uint32_t)(x1 >> 32); *out1 = x2; @@ -129,9 +129,9 @@ static void fiat_p224_cmovznz_u32(uint32_t* out1, fiat_p224_uint1 arg1, uint32_t fiat_p224_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p224_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_p224_value_barrier_u32(x2) & arg3) | (fiat_p224_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p224_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_p224_value_barrier_u32(x2) & arg3 | fiat_p224_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -704,27 +704,27 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 uint32_t x550; uint32_t x551; uint32_t x552; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[0]); - fiat_p224_mulx_u32(&x8, &x9, x7, (arg2[6])); - fiat_p224_mulx_u32(&x10, &x11, x7, (arg2[5])); - fiat_p224_mulx_u32(&x12, &x13, x7, (arg2[4])); - fiat_p224_mulx_u32(&x14, &x15, x7, (arg2[3])); - fiat_p224_mulx_u32(&x16, &x17, x7, (arg2[2])); - fiat_p224_mulx_u32(&x18, &x19, x7, (arg2[1])); - fiat_p224_mulx_u32(&x20, &x21, x7, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[0]; + fiat_p224_mulx_u32(&x8, &x9, x7, arg2[6]); + fiat_p224_mulx_u32(&x10, &x11, x7, arg2[5]); + fiat_p224_mulx_u32(&x12, &x13, x7, arg2[4]); + fiat_p224_mulx_u32(&x14, &x15, x7, arg2[3]); + fiat_p224_mulx_u32(&x16, &x17, x7, arg2[2]); + fiat_p224_mulx_u32(&x18, &x19, x7, arg2[1]); + fiat_p224_mulx_u32(&x20, &x21, x7, arg2[0]); fiat_p224_addcarryx_u32(&x22, &x23, 0x0, x21, x18); fiat_p224_addcarryx_u32(&x24, &x25, x23, x19, x16); fiat_p224_addcarryx_u32(&x26, &x27, x25, x17, x14); fiat_p224_addcarryx_u32(&x28, &x29, x27, x15, x12); fiat_p224_addcarryx_u32(&x30, &x31, x29, x13, x10); fiat_p224_addcarryx_u32(&x32, &x33, x31, x11, x8); - x34 = (x33 + x9); + x34 = x33 + x9; fiat_p224_mulx_u32(&x35, &x36, x20, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x37, &x38, x35, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x39, &x40, x35, UINT32_C(0xffffffff)); @@ -733,7 +733,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x45, &x46, 0x0, x44, x41); fiat_p224_addcarryx_u32(&x47, &x48, x46, x42, x39); fiat_p224_addcarryx_u32(&x49, &x50, x48, x40, x37); - x51 = (x50 + x38); + x51 = x50 + x38; fiat_p224_addcarryx_u32(&x52, &x53, 0x0, x20, x35); fiat_p224_addcarryx_u32(&x54, &x55, x53, x22, 0x0); fiat_p224_addcarryx_u32(&x56, &x57, x55, x24, 0x0); @@ -742,20 +742,20 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x62, &x63, x61, x30, x47); fiat_p224_addcarryx_u32(&x64, &x65, x63, x32, x49); fiat_p224_addcarryx_u32(&x66, &x67, x65, x34, x51); - fiat_p224_mulx_u32(&x68, &x69, x1, (arg2[6])); - fiat_p224_mulx_u32(&x70, &x71, x1, (arg2[5])); - fiat_p224_mulx_u32(&x72, &x73, x1, (arg2[4])); - fiat_p224_mulx_u32(&x74, &x75, x1, (arg2[3])); - fiat_p224_mulx_u32(&x76, &x77, x1, (arg2[2])); - fiat_p224_mulx_u32(&x78, &x79, x1, (arg2[1])); - fiat_p224_mulx_u32(&x80, &x81, x1, (arg2[0])); + fiat_p224_mulx_u32(&x68, &x69, x1, arg2[6]); + fiat_p224_mulx_u32(&x70, &x71, x1, arg2[5]); + fiat_p224_mulx_u32(&x72, &x73, x1, arg2[4]); + fiat_p224_mulx_u32(&x74, &x75, x1, arg2[3]); + fiat_p224_mulx_u32(&x76, &x77, x1, arg2[2]); + fiat_p224_mulx_u32(&x78, &x79, x1, arg2[1]); + fiat_p224_mulx_u32(&x80, &x81, x1, arg2[0]); fiat_p224_addcarryx_u32(&x82, &x83, 0x0, x81, x78); fiat_p224_addcarryx_u32(&x84, &x85, x83, x79, x76); fiat_p224_addcarryx_u32(&x86, &x87, x85, x77, x74); fiat_p224_addcarryx_u32(&x88, &x89, x87, x75, x72); fiat_p224_addcarryx_u32(&x90, &x91, x89, x73, x70); fiat_p224_addcarryx_u32(&x92, &x93, x91, x71, x68); - x94 = (x93 + x69); + x94 = x93 + x69; fiat_p224_addcarryx_u32(&x95, &x96, 0x0, x54, x80); fiat_p224_addcarryx_u32(&x97, &x98, x96, x56, x82); fiat_p224_addcarryx_u32(&x99, &x100, x98, x58, x84); @@ -772,7 +772,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x121, &x122, 0x0, x120, x117); fiat_p224_addcarryx_u32(&x123, &x124, x122, x118, x115); fiat_p224_addcarryx_u32(&x125, &x126, x124, x116, x113); - x127 = (x126 + x114); + x127 = x126 + x114; fiat_p224_addcarryx_u32(&x128, &x129, 0x0, x95, x111); fiat_p224_addcarryx_u32(&x130, &x131, x129, x97, 0x0); fiat_p224_addcarryx_u32(&x132, &x133, x131, x99, 0x0); @@ -781,21 +781,21 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x138, &x139, x137, x105, x123); fiat_p224_addcarryx_u32(&x140, &x141, x139, x107, x125); fiat_p224_addcarryx_u32(&x142, &x143, x141, x109, x127); - x144 = ((uint32_t)x143 + x110); - fiat_p224_mulx_u32(&x145, &x146, x2, (arg2[6])); - fiat_p224_mulx_u32(&x147, &x148, x2, (arg2[5])); - fiat_p224_mulx_u32(&x149, &x150, x2, (arg2[4])); - fiat_p224_mulx_u32(&x151, &x152, x2, (arg2[3])); - fiat_p224_mulx_u32(&x153, &x154, x2, (arg2[2])); - fiat_p224_mulx_u32(&x155, &x156, x2, (arg2[1])); - fiat_p224_mulx_u32(&x157, &x158, x2, (arg2[0])); + x144 = (uint32_t)x143 + x110; + fiat_p224_mulx_u32(&x145, &x146, x2, arg2[6]); + fiat_p224_mulx_u32(&x147, &x148, x2, arg2[5]); + fiat_p224_mulx_u32(&x149, &x150, x2, arg2[4]); + fiat_p224_mulx_u32(&x151, &x152, x2, arg2[3]); + fiat_p224_mulx_u32(&x153, &x154, x2, arg2[2]); + fiat_p224_mulx_u32(&x155, &x156, x2, arg2[1]); + fiat_p224_mulx_u32(&x157, &x158, x2, arg2[0]); fiat_p224_addcarryx_u32(&x159, &x160, 0x0, x158, x155); fiat_p224_addcarryx_u32(&x161, &x162, x160, x156, x153); fiat_p224_addcarryx_u32(&x163, &x164, x162, x154, x151); fiat_p224_addcarryx_u32(&x165, &x166, x164, x152, x149); fiat_p224_addcarryx_u32(&x167, &x168, x166, x150, x147); fiat_p224_addcarryx_u32(&x169, &x170, x168, x148, x145); - x171 = (x170 + x146); + x171 = x170 + x146; fiat_p224_addcarryx_u32(&x172, &x173, 0x0, x130, x157); fiat_p224_addcarryx_u32(&x174, &x175, x173, x132, x159); fiat_p224_addcarryx_u32(&x176, &x177, x175, x134, x161); @@ -812,7 +812,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x198, &x199, 0x0, x197, x194); fiat_p224_addcarryx_u32(&x200, &x201, x199, x195, x192); fiat_p224_addcarryx_u32(&x202, &x203, x201, x193, x190); - x204 = (x203 + x191); + x204 = x203 + x191; fiat_p224_addcarryx_u32(&x205, &x206, 0x0, x172, x188); fiat_p224_addcarryx_u32(&x207, &x208, x206, x174, 0x0); fiat_p224_addcarryx_u32(&x209, &x210, x208, x176, 0x0); @@ -821,21 +821,21 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x215, &x216, x214, x182, x200); fiat_p224_addcarryx_u32(&x217, &x218, x216, x184, x202); fiat_p224_addcarryx_u32(&x219, &x220, x218, x186, x204); - x221 = ((uint32_t)x220 + x187); - fiat_p224_mulx_u32(&x222, &x223, x3, (arg2[6])); - fiat_p224_mulx_u32(&x224, &x225, x3, (arg2[5])); - fiat_p224_mulx_u32(&x226, &x227, x3, (arg2[4])); - fiat_p224_mulx_u32(&x228, &x229, x3, (arg2[3])); - fiat_p224_mulx_u32(&x230, &x231, x3, (arg2[2])); - fiat_p224_mulx_u32(&x232, &x233, x3, (arg2[1])); - fiat_p224_mulx_u32(&x234, &x235, x3, (arg2[0])); + x221 = (uint32_t)x220 + x187; + fiat_p224_mulx_u32(&x222, &x223, x3, arg2[6]); + fiat_p224_mulx_u32(&x224, &x225, x3, arg2[5]); + fiat_p224_mulx_u32(&x226, &x227, x3, arg2[4]); + fiat_p224_mulx_u32(&x228, &x229, x3, arg2[3]); + fiat_p224_mulx_u32(&x230, &x231, x3, arg2[2]); + fiat_p224_mulx_u32(&x232, &x233, x3, arg2[1]); + fiat_p224_mulx_u32(&x234, &x235, x3, arg2[0]); fiat_p224_addcarryx_u32(&x236, &x237, 0x0, x235, x232); fiat_p224_addcarryx_u32(&x238, &x239, x237, x233, x230); fiat_p224_addcarryx_u32(&x240, &x241, x239, x231, x228); fiat_p224_addcarryx_u32(&x242, &x243, x241, x229, x226); fiat_p224_addcarryx_u32(&x244, &x245, x243, x227, x224); fiat_p224_addcarryx_u32(&x246, &x247, x245, x225, x222); - x248 = (x247 + x223); + x248 = x247 + x223; fiat_p224_addcarryx_u32(&x249, &x250, 0x0, x207, x234); fiat_p224_addcarryx_u32(&x251, &x252, x250, x209, x236); fiat_p224_addcarryx_u32(&x253, &x254, x252, x211, x238); @@ -852,7 +852,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x275, &x276, 0x0, x274, x271); fiat_p224_addcarryx_u32(&x277, &x278, x276, x272, x269); fiat_p224_addcarryx_u32(&x279, &x280, x278, x270, x267); - x281 = (x280 + x268); + x281 = x280 + x268; fiat_p224_addcarryx_u32(&x282, &x283, 0x0, x249, x265); fiat_p224_addcarryx_u32(&x284, &x285, x283, x251, 0x0); fiat_p224_addcarryx_u32(&x286, &x287, x285, x253, 0x0); @@ -861,21 +861,21 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x292, &x293, x291, x259, x277); fiat_p224_addcarryx_u32(&x294, &x295, x293, x261, x279); fiat_p224_addcarryx_u32(&x296, &x297, x295, x263, x281); - x298 = ((uint32_t)x297 + x264); - fiat_p224_mulx_u32(&x299, &x300, x4, (arg2[6])); - fiat_p224_mulx_u32(&x301, &x302, x4, (arg2[5])); - fiat_p224_mulx_u32(&x303, &x304, x4, (arg2[4])); - fiat_p224_mulx_u32(&x305, &x306, x4, (arg2[3])); - fiat_p224_mulx_u32(&x307, &x308, x4, (arg2[2])); - fiat_p224_mulx_u32(&x309, &x310, x4, (arg2[1])); - fiat_p224_mulx_u32(&x311, &x312, x4, (arg2[0])); + x298 = (uint32_t)x297 + x264; + fiat_p224_mulx_u32(&x299, &x300, x4, arg2[6]); + fiat_p224_mulx_u32(&x301, &x302, x4, arg2[5]); + fiat_p224_mulx_u32(&x303, &x304, x4, arg2[4]); + fiat_p224_mulx_u32(&x305, &x306, x4, arg2[3]); + fiat_p224_mulx_u32(&x307, &x308, x4, arg2[2]); + fiat_p224_mulx_u32(&x309, &x310, x4, arg2[1]); + fiat_p224_mulx_u32(&x311, &x312, x4, arg2[0]); fiat_p224_addcarryx_u32(&x313, &x314, 0x0, x312, x309); fiat_p224_addcarryx_u32(&x315, &x316, x314, x310, x307); fiat_p224_addcarryx_u32(&x317, &x318, x316, x308, x305); fiat_p224_addcarryx_u32(&x319, &x320, x318, x306, x303); fiat_p224_addcarryx_u32(&x321, &x322, x320, x304, x301); fiat_p224_addcarryx_u32(&x323, &x324, x322, x302, x299); - x325 = (x324 + x300); + x325 = x324 + x300; fiat_p224_addcarryx_u32(&x326, &x327, 0x0, x284, x311); fiat_p224_addcarryx_u32(&x328, &x329, x327, x286, x313); fiat_p224_addcarryx_u32(&x330, &x331, x329, x288, x315); @@ -892,7 +892,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x352, &x353, 0x0, x351, x348); fiat_p224_addcarryx_u32(&x354, &x355, x353, x349, x346); fiat_p224_addcarryx_u32(&x356, &x357, x355, x347, x344); - x358 = (x357 + x345); + x358 = x357 + x345; fiat_p224_addcarryx_u32(&x359, &x360, 0x0, x326, x342); fiat_p224_addcarryx_u32(&x361, &x362, x360, x328, 0x0); fiat_p224_addcarryx_u32(&x363, &x364, x362, x330, 0x0); @@ -901,21 +901,21 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x369, &x370, x368, x336, x354); fiat_p224_addcarryx_u32(&x371, &x372, x370, x338, x356); fiat_p224_addcarryx_u32(&x373, &x374, x372, x340, x358); - x375 = ((uint32_t)x374 + x341); - fiat_p224_mulx_u32(&x376, &x377, x5, (arg2[6])); - fiat_p224_mulx_u32(&x378, &x379, x5, (arg2[5])); - fiat_p224_mulx_u32(&x380, &x381, x5, (arg2[4])); - fiat_p224_mulx_u32(&x382, &x383, x5, (arg2[3])); - fiat_p224_mulx_u32(&x384, &x385, x5, (arg2[2])); - fiat_p224_mulx_u32(&x386, &x387, x5, (arg2[1])); - fiat_p224_mulx_u32(&x388, &x389, x5, (arg2[0])); + x375 = (uint32_t)x374 + x341; + fiat_p224_mulx_u32(&x376, &x377, x5, arg2[6]); + fiat_p224_mulx_u32(&x378, &x379, x5, arg2[5]); + fiat_p224_mulx_u32(&x380, &x381, x5, arg2[4]); + fiat_p224_mulx_u32(&x382, &x383, x5, arg2[3]); + fiat_p224_mulx_u32(&x384, &x385, x5, arg2[2]); + fiat_p224_mulx_u32(&x386, &x387, x5, arg2[1]); + fiat_p224_mulx_u32(&x388, &x389, x5, arg2[0]); fiat_p224_addcarryx_u32(&x390, &x391, 0x0, x389, x386); fiat_p224_addcarryx_u32(&x392, &x393, x391, x387, x384); fiat_p224_addcarryx_u32(&x394, &x395, x393, x385, x382); fiat_p224_addcarryx_u32(&x396, &x397, x395, x383, x380); fiat_p224_addcarryx_u32(&x398, &x399, x397, x381, x378); fiat_p224_addcarryx_u32(&x400, &x401, x399, x379, x376); - x402 = (x401 + x377); + x402 = x401 + x377; fiat_p224_addcarryx_u32(&x403, &x404, 0x0, x361, x388); fiat_p224_addcarryx_u32(&x405, &x406, x404, x363, x390); fiat_p224_addcarryx_u32(&x407, &x408, x406, x365, x392); @@ -932,7 +932,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x429, &x430, 0x0, x428, x425); fiat_p224_addcarryx_u32(&x431, &x432, x430, x426, x423); fiat_p224_addcarryx_u32(&x433, &x434, x432, x424, x421); - x435 = (x434 + x422); + x435 = x434 + x422; fiat_p224_addcarryx_u32(&x436, &x437, 0x0, x403, x419); fiat_p224_addcarryx_u32(&x438, &x439, x437, x405, 0x0); fiat_p224_addcarryx_u32(&x440, &x441, x439, x407, 0x0); @@ -941,21 +941,21 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x446, &x447, x445, x413, x431); fiat_p224_addcarryx_u32(&x448, &x449, x447, x415, x433); fiat_p224_addcarryx_u32(&x450, &x451, x449, x417, x435); - x452 = ((uint32_t)x451 + x418); - fiat_p224_mulx_u32(&x453, &x454, x6, (arg2[6])); - fiat_p224_mulx_u32(&x455, &x456, x6, (arg2[5])); - fiat_p224_mulx_u32(&x457, &x458, x6, (arg2[4])); - fiat_p224_mulx_u32(&x459, &x460, x6, (arg2[3])); - fiat_p224_mulx_u32(&x461, &x462, x6, (arg2[2])); - fiat_p224_mulx_u32(&x463, &x464, x6, (arg2[1])); - fiat_p224_mulx_u32(&x465, &x466, x6, (arg2[0])); + x452 = (uint32_t)x451 + x418; + fiat_p224_mulx_u32(&x453, &x454, x6, arg2[6]); + fiat_p224_mulx_u32(&x455, &x456, x6, arg2[5]); + fiat_p224_mulx_u32(&x457, &x458, x6, arg2[4]); + fiat_p224_mulx_u32(&x459, &x460, x6, arg2[3]); + fiat_p224_mulx_u32(&x461, &x462, x6, arg2[2]); + fiat_p224_mulx_u32(&x463, &x464, x6, arg2[1]); + fiat_p224_mulx_u32(&x465, &x466, x6, arg2[0]); fiat_p224_addcarryx_u32(&x467, &x468, 0x0, x466, x463); fiat_p224_addcarryx_u32(&x469, &x470, x468, x464, x461); fiat_p224_addcarryx_u32(&x471, &x472, x470, x462, x459); fiat_p224_addcarryx_u32(&x473, &x474, x472, x460, x457); fiat_p224_addcarryx_u32(&x475, &x476, x474, x458, x455); fiat_p224_addcarryx_u32(&x477, &x478, x476, x456, x453); - x479 = (x478 + x454); + x479 = x478 + x454; fiat_p224_addcarryx_u32(&x480, &x481, 0x0, x438, x465); fiat_p224_addcarryx_u32(&x482, &x483, x481, x440, x467); fiat_p224_addcarryx_u32(&x484, &x485, x483, x442, x469); @@ -972,7 +972,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x506, &x507, 0x0, x505, x502); fiat_p224_addcarryx_u32(&x508, &x509, x507, x503, x500); fiat_p224_addcarryx_u32(&x510, &x511, x509, x501, x498); - x512 = (x511 + x499); + x512 = x511 + x499; fiat_p224_addcarryx_u32(&x513, &x514, 0x0, x480, x496); fiat_p224_addcarryx_u32(&x515, &x516, x514, x482, 0x0); fiat_p224_addcarryx_u32(&x517, &x518, x516, x484, 0x0); @@ -981,7 +981,7 @@ static void fiat_p224_mul(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_addcarryx_u32(&x523, &x524, x522, x490, x508); fiat_p224_addcarryx_u32(&x525, &x526, x524, x492, x510); fiat_p224_addcarryx_u32(&x527, &x528, x526, x494, x512); - x529 = ((uint32_t)x528 + x495); + x529 = (uint32_t)x528 + x495; fiat_p224_subborrowx_u32(&x530, &x531, 0x0, x515, 0x1); fiat_p224_subborrowx_u32(&x532, &x533, x531, x517, 0x0); fiat_p224_subborrowx_u32(&x534, &x535, x533, x519, 0x0); @@ -1573,27 +1573,27 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { uint32_t x550; uint32_t x551; uint32_t x552; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[0]); - fiat_p224_mulx_u32(&x8, &x9, x7, (arg1[6])); - fiat_p224_mulx_u32(&x10, &x11, x7, (arg1[5])); - fiat_p224_mulx_u32(&x12, &x13, x7, (arg1[4])); - fiat_p224_mulx_u32(&x14, &x15, x7, (arg1[3])); - fiat_p224_mulx_u32(&x16, &x17, x7, (arg1[2])); - fiat_p224_mulx_u32(&x18, &x19, x7, (arg1[1])); - fiat_p224_mulx_u32(&x20, &x21, x7, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[0]; + fiat_p224_mulx_u32(&x8, &x9, x7, arg1[6]); + fiat_p224_mulx_u32(&x10, &x11, x7, arg1[5]); + fiat_p224_mulx_u32(&x12, &x13, x7, arg1[4]); + fiat_p224_mulx_u32(&x14, &x15, x7, arg1[3]); + fiat_p224_mulx_u32(&x16, &x17, x7, arg1[2]); + fiat_p224_mulx_u32(&x18, &x19, x7, arg1[1]); + fiat_p224_mulx_u32(&x20, &x21, x7, arg1[0]); fiat_p224_addcarryx_u32(&x22, &x23, 0x0, x21, x18); fiat_p224_addcarryx_u32(&x24, &x25, x23, x19, x16); fiat_p224_addcarryx_u32(&x26, &x27, x25, x17, x14); fiat_p224_addcarryx_u32(&x28, &x29, x27, x15, x12); fiat_p224_addcarryx_u32(&x30, &x31, x29, x13, x10); fiat_p224_addcarryx_u32(&x32, &x33, x31, x11, x8); - x34 = (x33 + x9); + x34 = x33 + x9; fiat_p224_mulx_u32(&x35, &x36, x20, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x37, &x38, x35, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x39, &x40, x35, UINT32_C(0xffffffff)); @@ -1602,7 +1602,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x45, &x46, 0x0, x44, x41); fiat_p224_addcarryx_u32(&x47, &x48, x46, x42, x39); fiat_p224_addcarryx_u32(&x49, &x50, x48, x40, x37); - x51 = (x50 + x38); + x51 = x50 + x38; fiat_p224_addcarryx_u32(&x52, &x53, 0x0, x20, x35); fiat_p224_addcarryx_u32(&x54, &x55, x53, x22, 0x0); fiat_p224_addcarryx_u32(&x56, &x57, x55, x24, 0x0); @@ -1611,20 +1611,20 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x62, &x63, x61, x30, x47); fiat_p224_addcarryx_u32(&x64, &x65, x63, x32, x49); fiat_p224_addcarryx_u32(&x66, &x67, x65, x34, x51); - fiat_p224_mulx_u32(&x68, &x69, x1, (arg1[6])); - fiat_p224_mulx_u32(&x70, &x71, x1, (arg1[5])); - fiat_p224_mulx_u32(&x72, &x73, x1, (arg1[4])); - fiat_p224_mulx_u32(&x74, &x75, x1, (arg1[3])); - fiat_p224_mulx_u32(&x76, &x77, x1, (arg1[2])); - fiat_p224_mulx_u32(&x78, &x79, x1, (arg1[1])); - fiat_p224_mulx_u32(&x80, &x81, x1, (arg1[0])); + fiat_p224_mulx_u32(&x68, &x69, x1, arg1[6]); + fiat_p224_mulx_u32(&x70, &x71, x1, arg1[5]); + fiat_p224_mulx_u32(&x72, &x73, x1, arg1[4]); + fiat_p224_mulx_u32(&x74, &x75, x1, arg1[3]); + fiat_p224_mulx_u32(&x76, &x77, x1, arg1[2]); + fiat_p224_mulx_u32(&x78, &x79, x1, arg1[1]); + fiat_p224_mulx_u32(&x80, &x81, x1, arg1[0]); fiat_p224_addcarryx_u32(&x82, &x83, 0x0, x81, x78); fiat_p224_addcarryx_u32(&x84, &x85, x83, x79, x76); fiat_p224_addcarryx_u32(&x86, &x87, x85, x77, x74); fiat_p224_addcarryx_u32(&x88, &x89, x87, x75, x72); fiat_p224_addcarryx_u32(&x90, &x91, x89, x73, x70); fiat_p224_addcarryx_u32(&x92, &x93, x91, x71, x68); - x94 = (x93 + x69); + x94 = x93 + x69; fiat_p224_addcarryx_u32(&x95, &x96, 0x0, x54, x80); fiat_p224_addcarryx_u32(&x97, &x98, x96, x56, x82); fiat_p224_addcarryx_u32(&x99, &x100, x98, x58, x84); @@ -1641,7 +1641,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x121, &x122, 0x0, x120, x117); fiat_p224_addcarryx_u32(&x123, &x124, x122, x118, x115); fiat_p224_addcarryx_u32(&x125, &x126, x124, x116, x113); - x127 = (x126 + x114); + x127 = x126 + x114; fiat_p224_addcarryx_u32(&x128, &x129, 0x0, x95, x111); fiat_p224_addcarryx_u32(&x130, &x131, x129, x97, 0x0); fiat_p224_addcarryx_u32(&x132, &x133, x131, x99, 0x0); @@ -1650,21 +1650,21 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x138, &x139, x137, x105, x123); fiat_p224_addcarryx_u32(&x140, &x141, x139, x107, x125); fiat_p224_addcarryx_u32(&x142, &x143, x141, x109, x127); - x144 = ((uint32_t)x143 + x110); - fiat_p224_mulx_u32(&x145, &x146, x2, (arg1[6])); - fiat_p224_mulx_u32(&x147, &x148, x2, (arg1[5])); - fiat_p224_mulx_u32(&x149, &x150, x2, (arg1[4])); - fiat_p224_mulx_u32(&x151, &x152, x2, (arg1[3])); - fiat_p224_mulx_u32(&x153, &x154, x2, (arg1[2])); - fiat_p224_mulx_u32(&x155, &x156, x2, (arg1[1])); - fiat_p224_mulx_u32(&x157, &x158, x2, (arg1[0])); + x144 = (uint32_t)x143 + x110; + fiat_p224_mulx_u32(&x145, &x146, x2, arg1[6]); + fiat_p224_mulx_u32(&x147, &x148, x2, arg1[5]); + fiat_p224_mulx_u32(&x149, &x150, x2, arg1[4]); + fiat_p224_mulx_u32(&x151, &x152, x2, arg1[3]); + fiat_p224_mulx_u32(&x153, &x154, x2, arg1[2]); + fiat_p224_mulx_u32(&x155, &x156, x2, arg1[1]); + fiat_p224_mulx_u32(&x157, &x158, x2, arg1[0]); fiat_p224_addcarryx_u32(&x159, &x160, 0x0, x158, x155); fiat_p224_addcarryx_u32(&x161, &x162, x160, x156, x153); fiat_p224_addcarryx_u32(&x163, &x164, x162, x154, x151); fiat_p224_addcarryx_u32(&x165, &x166, x164, x152, x149); fiat_p224_addcarryx_u32(&x167, &x168, x166, x150, x147); fiat_p224_addcarryx_u32(&x169, &x170, x168, x148, x145); - x171 = (x170 + x146); + x171 = x170 + x146; fiat_p224_addcarryx_u32(&x172, &x173, 0x0, x130, x157); fiat_p224_addcarryx_u32(&x174, &x175, x173, x132, x159); fiat_p224_addcarryx_u32(&x176, &x177, x175, x134, x161); @@ -1681,7 +1681,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x198, &x199, 0x0, x197, x194); fiat_p224_addcarryx_u32(&x200, &x201, x199, x195, x192); fiat_p224_addcarryx_u32(&x202, &x203, x201, x193, x190); - x204 = (x203 + x191); + x204 = x203 + x191; fiat_p224_addcarryx_u32(&x205, &x206, 0x0, x172, x188); fiat_p224_addcarryx_u32(&x207, &x208, x206, x174, 0x0); fiat_p224_addcarryx_u32(&x209, &x210, x208, x176, 0x0); @@ -1690,21 +1690,21 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x215, &x216, x214, x182, x200); fiat_p224_addcarryx_u32(&x217, &x218, x216, x184, x202); fiat_p224_addcarryx_u32(&x219, &x220, x218, x186, x204); - x221 = ((uint32_t)x220 + x187); - fiat_p224_mulx_u32(&x222, &x223, x3, (arg1[6])); - fiat_p224_mulx_u32(&x224, &x225, x3, (arg1[5])); - fiat_p224_mulx_u32(&x226, &x227, x3, (arg1[4])); - fiat_p224_mulx_u32(&x228, &x229, x3, (arg1[3])); - fiat_p224_mulx_u32(&x230, &x231, x3, (arg1[2])); - fiat_p224_mulx_u32(&x232, &x233, x3, (arg1[1])); - fiat_p224_mulx_u32(&x234, &x235, x3, (arg1[0])); + x221 = (uint32_t)x220 + x187; + fiat_p224_mulx_u32(&x222, &x223, x3, arg1[6]); + fiat_p224_mulx_u32(&x224, &x225, x3, arg1[5]); + fiat_p224_mulx_u32(&x226, &x227, x3, arg1[4]); + fiat_p224_mulx_u32(&x228, &x229, x3, arg1[3]); + fiat_p224_mulx_u32(&x230, &x231, x3, arg1[2]); + fiat_p224_mulx_u32(&x232, &x233, x3, arg1[1]); + fiat_p224_mulx_u32(&x234, &x235, x3, arg1[0]); fiat_p224_addcarryx_u32(&x236, &x237, 0x0, x235, x232); fiat_p224_addcarryx_u32(&x238, &x239, x237, x233, x230); fiat_p224_addcarryx_u32(&x240, &x241, x239, x231, x228); fiat_p224_addcarryx_u32(&x242, &x243, x241, x229, x226); fiat_p224_addcarryx_u32(&x244, &x245, x243, x227, x224); fiat_p224_addcarryx_u32(&x246, &x247, x245, x225, x222); - x248 = (x247 + x223); + x248 = x247 + x223; fiat_p224_addcarryx_u32(&x249, &x250, 0x0, x207, x234); fiat_p224_addcarryx_u32(&x251, &x252, x250, x209, x236); fiat_p224_addcarryx_u32(&x253, &x254, x252, x211, x238); @@ -1721,7 +1721,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x275, &x276, 0x0, x274, x271); fiat_p224_addcarryx_u32(&x277, &x278, x276, x272, x269); fiat_p224_addcarryx_u32(&x279, &x280, x278, x270, x267); - x281 = (x280 + x268); + x281 = x280 + x268; fiat_p224_addcarryx_u32(&x282, &x283, 0x0, x249, x265); fiat_p224_addcarryx_u32(&x284, &x285, x283, x251, 0x0); fiat_p224_addcarryx_u32(&x286, &x287, x285, x253, 0x0); @@ -1730,21 +1730,21 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x292, &x293, x291, x259, x277); fiat_p224_addcarryx_u32(&x294, &x295, x293, x261, x279); fiat_p224_addcarryx_u32(&x296, &x297, x295, x263, x281); - x298 = ((uint32_t)x297 + x264); - fiat_p224_mulx_u32(&x299, &x300, x4, (arg1[6])); - fiat_p224_mulx_u32(&x301, &x302, x4, (arg1[5])); - fiat_p224_mulx_u32(&x303, &x304, x4, (arg1[4])); - fiat_p224_mulx_u32(&x305, &x306, x4, (arg1[3])); - fiat_p224_mulx_u32(&x307, &x308, x4, (arg1[2])); - fiat_p224_mulx_u32(&x309, &x310, x4, (arg1[1])); - fiat_p224_mulx_u32(&x311, &x312, x4, (arg1[0])); + x298 = (uint32_t)x297 + x264; + fiat_p224_mulx_u32(&x299, &x300, x4, arg1[6]); + fiat_p224_mulx_u32(&x301, &x302, x4, arg1[5]); + fiat_p224_mulx_u32(&x303, &x304, x4, arg1[4]); + fiat_p224_mulx_u32(&x305, &x306, x4, arg1[3]); + fiat_p224_mulx_u32(&x307, &x308, x4, arg1[2]); + fiat_p224_mulx_u32(&x309, &x310, x4, arg1[1]); + fiat_p224_mulx_u32(&x311, &x312, x4, arg1[0]); fiat_p224_addcarryx_u32(&x313, &x314, 0x0, x312, x309); fiat_p224_addcarryx_u32(&x315, &x316, x314, x310, x307); fiat_p224_addcarryx_u32(&x317, &x318, x316, x308, x305); fiat_p224_addcarryx_u32(&x319, &x320, x318, x306, x303); fiat_p224_addcarryx_u32(&x321, &x322, x320, x304, x301); fiat_p224_addcarryx_u32(&x323, &x324, x322, x302, x299); - x325 = (x324 + x300); + x325 = x324 + x300; fiat_p224_addcarryx_u32(&x326, &x327, 0x0, x284, x311); fiat_p224_addcarryx_u32(&x328, &x329, x327, x286, x313); fiat_p224_addcarryx_u32(&x330, &x331, x329, x288, x315); @@ -1761,7 +1761,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x352, &x353, 0x0, x351, x348); fiat_p224_addcarryx_u32(&x354, &x355, x353, x349, x346); fiat_p224_addcarryx_u32(&x356, &x357, x355, x347, x344); - x358 = (x357 + x345); + x358 = x357 + x345; fiat_p224_addcarryx_u32(&x359, &x360, 0x0, x326, x342); fiat_p224_addcarryx_u32(&x361, &x362, x360, x328, 0x0); fiat_p224_addcarryx_u32(&x363, &x364, x362, x330, 0x0); @@ -1770,21 +1770,21 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x369, &x370, x368, x336, x354); fiat_p224_addcarryx_u32(&x371, &x372, x370, x338, x356); fiat_p224_addcarryx_u32(&x373, &x374, x372, x340, x358); - x375 = ((uint32_t)x374 + x341); - fiat_p224_mulx_u32(&x376, &x377, x5, (arg1[6])); - fiat_p224_mulx_u32(&x378, &x379, x5, (arg1[5])); - fiat_p224_mulx_u32(&x380, &x381, x5, (arg1[4])); - fiat_p224_mulx_u32(&x382, &x383, x5, (arg1[3])); - fiat_p224_mulx_u32(&x384, &x385, x5, (arg1[2])); - fiat_p224_mulx_u32(&x386, &x387, x5, (arg1[1])); - fiat_p224_mulx_u32(&x388, &x389, x5, (arg1[0])); + x375 = (uint32_t)x374 + x341; + fiat_p224_mulx_u32(&x376, &x377, x5, arg1[6]); + fiat_p224_mulx_u32(&x378, &x379, x5, arg1[5]); + fiat_p224_mulx_u32(&x380, &x381, x5, arg1[4]); + fiat_p224_mulx_u32(&x382, &x383, x5, arg1[3]); + fiat_p224_mulx_u32(&x384, &x385, x5, arg1[2]); + fiat_p224_mulx_u32(&x386, &x387, x5, arg1[1]); + fiat_p224_mulx_u32(&x388, &x389, x5, arg1[0]); fiat_p224_addcarryx_u32(&x390, &x391, 0x0, x389, x386); fiat_p224_addcarryx_u32(&x392, &x393, x391, x387, x384); fiat_p224_addcarryx_u32(&x394, &x395, x393, x385, x382); fiat_p224_addcarryx_u32(&x396, &x397, x395, x383, x380); fiat_p224_addcarryx_u32(&x398, &x399, x397, x381, x378); fiat_p224_addcarryx_u32(&x400, &x401, x399, x379, x376); - x402 = (x401 + x377); + x402 = x401 + x377; fiat_p224_addcarryx_u32(&x403, &x404, 0x0, x361, x388); fiat_p224_addcarryx_u32(&x405, &x406, x404, x363, x390); fiat_p224_addcarryx_u32(&x407, &x408, x406, x365, x392); @@ -1801,7 +1801,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x429, &x430, 0x0, x428, x425); fiat_p224_addcarryx_u32(&x431, &x432, x430, x426, x423); fiat_p224_addcarryx_u32(&x433, &x434, x432, x424, x421); - x435 = (x434 + x422); + x435 = x434 + x422; fiat_p224_addcarryx_u32(&x436, &x437, 0x0, x403, x419); fiat_p224_addcarryx_u32(&x438, &x439, x437, x405, 0x0); fiat_p224_addcarryx_u32(&x440, &x441, x439, x407, 0x0); @@ -1810,21 +1810,21 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x446, &x447, x445, x413, x431); fiat_p224_addcarryx_u32(&x448, &x449, x447, x415, x433); fiat_p224_addcarryx_u32(&x450, &x451, x449, x417, x435); - x452 = ((uint32_t)x451 + x418); - fiat_p224_mulx_u32(&x453, &x454, x6, (arg1[6])); - fiat_p224_mulx_u32(&x455, &x456, x6, (arg1[5])); - fiat_p224_mulx_u32(&x457, &x458, x6, (arg1[4])); - fiat_p224_mulx_u32(&x459, &x460, x6, (arg1[3])); - fiat_p224_mulx_u32(&x461, &x462, x6, (arg1[2])); - fiat_p224_mulx_u32(&x463, &x464, x6, (arg1[1])); - fiat_p224_mulx_u32(&x465, &x466, x6, (arg1[0])); + x452 = (uint32_t)x451 + x418; + fiat_p224_mulx_u32(&x453, &x454, x6, arg1[6]); + fiat_p224_mulx_u32(&x455, &x456, x6, arg1[5]); + fiat_p224_mulx_u32(&x457, &x458, x6, arg1[4]); + fiat_p224_mulx_u32(&x459, &x460, x6, arg1[3]); + fiat_p224_mulx_u32(&x461, &x462, x6, arg1[2]); + fiat_p224_mulx_u32(&x463, &x464, x6, arg1[1]); + fiat_p224_mulx_u32(&x465, &x466, x6, arg1[0]); fiat_p224_addcarryx_u32(&x467, &x468, 0x0, x466, x463); fiat_p224_addcarryx_u32(&x469, &x470, x468, x464, x461); fiat_p224_addcarryx_u32(&x471, &x472, x470, x462, x459); fiat_p224_addcarryx_u32(&x473, &x474, x472, x460, x457); fiat_p224_addcarryx_u32(&x475, &x476, x474, x458, x455); fiat_p224_addcarryx_u32(&x477, &x478, x476, x456, x453); - x479 = (x478 + x454); + x479 = x478 + x454; fiat_p224_addcarryx_u32(&x480, &x481, 0x0, x438, x465); fiat_p224_addcarryx_u32(&x482, &x483, x481, x440, x467); fiat_p224_addcarryx_u32(&x484, &x485, x483, x442, x469); @@ -1841,7 +1841,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x506, &x507, 0x0, x505, x502); fiat_p224_addcarryx_u32(&x508, &x509, x507, x503, x500); fiat_p224_addcarryx_u32(&x510, &x511, x509, x501, x498); - x512 = (x511 + x499); + x512 = x511 + x499; fiat_p224_addcarryx_u32(&x513, &x514, 0x0, x480, x496); fiat_p224_addcarryx_u32(&x515, &x516, x514, x482, 0x0); fiat_p224_addcarryx_u32(&x517, &x518, x516, x484, 0x0); @@ -1850,7 +1850,7 @@ static void fiat_p224_square(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x523, &x524, x522, x490, x508); fiat_p224_addcarryx_u32(&x525, &x526, x524, x492, x510); fiat_p224_addcarryx_u32(&x527, &x528, x526, x494, x512); - x529 = ((uint32_t)x528 + x495); + x529 = (uint32_t)x528 + x495; fiat_p224_subborrowx_u32(&x530, &x531, 0x0, x515, 0x1); fiat_p224_subborrowx_u32(&x532, &x533, x531, x517, 0x0); fiat_p224_subborrowx_u32(&x534, &x535, x533, x519, 0x0); @@ -1929,13 +1929,13 @@ static void fiat_p224_add(uint32_t out1[7], const uint32_t arg1[7], const uint32 uint32_t x35; uint32_t x36; uint32_t x37; - fiat_p224_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p224_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p224_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p224_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p224_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p224_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p224_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_p224_addcarryx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p224_addcarryx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p224_addcarryx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p224_addcarryx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p224_addcarryx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p224_addcarryx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p224_addcarryx_u32(&x13, &x14, x12, arg1[6], arg2[6]); fiat_p224_subborrowx_u32(&x15, &x16, 0x0, x1, 0x1); fiat_p224_subborrowx_u32(&x17, &x18, x16, x3, 0x0); fiat_p224_subborrowx_u32(&x19, &x20, x18, x5, 0x0); @@ -2006,13 +2006,13 @@ static void fiat_p224_sub(uint32_t out1[7], const uint32_t arg1[7], const uint32 fiat_p224_uint1 x27; uint32_t x28; fiat_p224_uint1 x29; - fiat_p224_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p224_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p224_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p224_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p224_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p224_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p224_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_p224_subborrowx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p224_subborrowx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p224_subborrowx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p224_subborrowx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p224_subborrowx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p224_subborrowx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p224_subborrowx_u32(&x13, &x14, x12, arg1[6], arg2[6]); fiat_p224_cmovznz_u32(&x15, x14, 0x0, UINT32_C(0xffffffff)); fiat_p224_addcarryx_u32(&x16, &x17, 0x0, x1, (fiat_p224_uint1)(x15 & 0x1)); fiat_p224_addcarryx_u32(&x18, &x19, x17, x3, 0x0); @@ -2074,13 +2074,13 @@ static void fiat_p224_opp(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_uint1 x27; uint32_t x28; fiat_p224_uint1 x29; - fiat_p224_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p224_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p224_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p224_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); - fiat_p224_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); - fiat_p224_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); - fiat_p224_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); + fiat_p224_subborrowx_u32(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p224_subborrowx_u32(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p224_subborrowx_u32(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p224_subborrowx_u32(&x7, &x8, x6, 0x0, arg1[3]); + fiat_p224_subborrowx_u32(&x9, &x10, x8, 0x0, arg1[4]); + fiat_p224_subborrowx_u32(&x11, &x12, x10, 0x0, arg1[5]); + fiat_p224_subborrowx_u32(&x13, &x14, x12, 0x0, arg1[6]); fiat_p224_cmovznz_u32(&x15, x14, 0x0, UINT32_C(0xffffffff)); fiat_p224_addcarryx_u32(&x16, &x17, 0x0, x1, (fiat_p224_uint1)(x15 & 0x1)); fiat_p224_addcarryx_u32(&x18, &x19, x17, x3, 0x0); @@ -2415,7 +2415,7 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) uint32_t x300; uint32_t x301; uint32_t x302; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p224_mulx_u32(&x2, &x3, x1, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x4, &x5, x2, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x6, &x7, x2, UINT32_C(0xffffffff)); @@ -2425,7 +2425,7 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x14, &x15, x13, x9, x6); fiat_p224_addcarryx_u32(&x16, &x17, x15, x7, x4); fiat_p224_addcarryx_u32(&x18, &x19, 0x0, x1, x2); - fiat_p224_addcarryx_u32(&x20, &x21, 0x0, x19, (arg1[1])); + fiat_p224_addcarryx_u32(&x20, &x21, 0x0, x19, arg1[1]); fiat_p224_mulx_u32(&x22, &x23, x20, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x24, &x25, x22, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x26, &x27, x22, UINT32_C(0xffffffff)); @@ -2437,10 +2437,10 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x38, &x39, 0x0, x12, x30); fiat_p224_addcarryx_u32(&x40, &x41, x39, x14, x32); fiat_p224_addcarryx_u32(&x42, &x43, x41, x16, x34); - fiat_p224_addcarryx_u32(&x44, &x45, x43, (x17 + x5), x36); - fiat_p224_addcarryx_u32(&x46, &x47, x45, 0x0, (x37 + x25)); + fiat_p224_addcarryx_u32(&x44, &x45, x43, x17 + x5, x36); + fiat_p224_addcarryx_u32(&x46, &x47, x45, 0x0, x37 + x25); fiat_p224_addcarryx_u32(&x48, &x49, 0x0, x20, x22); - fiat_p224_addcarryx_u32(&x50, &x51, 0x0, ((uint32_t)x49 + x21), (arg1[2])); + fiat_p224_addcarryx_u32(&x50, &x51, 0x0, (uint32_t)x49 + x21, arg1[2]); fiat_p224_addcarryx_u32(&x52, &x53, x51, x10, 0x0); fiat_p224_addcarryx_u32(&x54, &x55, x53, x38, 0x0); fiat_p224_addcarryx_u32(&x56, &x57, x55, x40, 0x0); @@ -2462,8 +2462,8 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x88, &x89, x87, x58, x74); fiat_p224_addcarryx_u32(&x90, &x91, x89, x60, x76); fiat_p224_addcarryx_u32(&x92, &x93, x91, x62, x78); - fiat_p224_addcarryx_u32(&x94, &x95, x93, ((uint32_t)x63 + x47), (x79 + x67)); - fiat_p224_addcarryx_u32(&x96, &x97, 0x0, x82, (arg1[3])); + fiat_p224_addcarryx_u32(&x94, &x95, x93, (uint32_t)x63 + x47, x79 + x67); + fiat_p224_addcarryx_u32(&x96, &x97, 0x0, x82, arg1[3]); fiat_p224_addcarryx_u32(&x98, &x99, x97, x84, 0x0); fiat_p224_addcarryx_u32(&x100, &x101, x99, x86, 0x0); fiat_p224_addcarryx_u32(&x102, &x103, x101, x88, 0x0); @@ -2485,8 +2485,8 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x134, &x135, x133, x104, x120); fiat_p224_addcarryx_u32(&x136, &x137, x135, x106, x122); fiat_p224_addcarryx_u32(&x138, &x139, x137, x108, x124); - fiat_p224_addcarryx_u32(&x140, &x141, x139, ((uint32_t)x109 + x95), (x125 + x113)); - fiat_p224_addcarryx_u32(&x142, &x143, 0x0, x128, (arg1[4])); + fiat_p224_addcarryx_u32(&x140, &x141, x139, (uint32_t)x109 + x95, x125 + x113); + fiat_p224_addcarryx_u32(&x142, &x143, 0x0, x128, arg1[4]); fiat_p224_addcarryx_u32(&x144, &x145, x143, x130, 0x0); fiat_p224_addcarryx_u32(&x146, &x147, x145, x132, 0x0); fiat_p224_addcarryx_u32(&x148, &x149, x147, x134, 0x0); @@ -2508,8 +2508,8 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x180, &x181, x179, x150, x166); fiat_p224_addcarryx_u32(&x182, &x183, x181, x152, x168); fiat_p224_addcarryx_u32(&x184, &x185, x183, x154, x170); - fiat_p224_addcarryx_u32(&x186, &x187, x185, ((uint32_t)x155 + x141), (x171 + x159)); - fiat_p224_addcarryx_u32(&x188, &x189, 0x0, x174, (arg1[5])); + fiat_p224_addcarryx_u32(&x186, &x187, x185, (uint32_t)x155 + x141, x171 + x159); + fiat_p224_addcarryx_u32(&x188, &x189, 0x0, x174, arg1[5]); fiat_p224_addcarryx_u32(&x190, &x191, x189, x176, 0x0); fiat_p224_addcarryx_u32(&x192, &x193, x191, x178, 0x0); fiat_p224_addcarryx_u32(&x194, &x195, x193, x180, 0x0); @@ -2531,8 +2531,8 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x226, &x227, x225, x196, x212); fiat_p224_addcarryx_u32(&x228, &x229, x227, x198, x214); fiat_p224_addcarryx_u32(&x230, &x231, x229, x200, x216); - fiat_p224_addcarryx_u32(&x232, &x233, x231, ((uint32_t)x201 + x187), (x217 + x205)); - fiat_p224_addcarryx_u32(&x234, &x235, 0x0, x220, (arg1[6])); + fiat_p224_addcarryx_u32(&x232, &x233, x231, (uint32_t)x201 + x187, x217 + x205); + fiat_p224_addcarryx_u32(&x234, &x235, 0x0, x220, arg1[6]); fiat_p224_addcarryx_u32(&x236, &x237, x235, x222, 0x0); fiat_p224_addcarryx_u32(&x238, &x239, x237, x224, 0x0); fiat_p224_addcarryx_u32(&x240, &x241, x239, x226, 0x0); @@ -2554,7 +2554,7 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x272, &x273, x271, x242, x258); fiat_p224_addcarryx_u32(&x274, &x275, x273, x244, x260); fiat_p224_addcarryx_u32(&x276, &x277, x275, x246, x262); - fiat_p224_addcarryx_u32(&x278, &x279, x277, ((uint32_t)x247 + x233), (x263 + x251)); + fiat_p224_addcarryx_u32(&x278, &x279, x277, (uint32_t)x247 + x233, x263 + x251); fiat_p224_subborrowx_u32(&x280, &x281, 0x0, x266, 0x1); fiat_p224_subborrowx_u32(&x282, &x283, x281, x268, 0x0); fiat_p224_subborrowx_u32(&x284, &x285, x283, x270, 0x0); @@ -2990,13 +2990,13 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { uint32_t x394; uint32_t x395; uint32_t x396; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[0]; fiat_p224_mulx_u32(&x8, &x9, x7, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x10, &x11, x7, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x12, &x13, x7, UINT32_C(0xfffffffe)); @@ -3013,8 +3013,8 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x34, &x35, 0x0, x12, x26); fiat_p224_addcarryx_u32(&x36, &x37, x35, x14, x28); fiat_p224_addcarryx_u32(&x38, &x39, x37, x16, x30); - fiat_p224_addcarryx_u32(&x40, &x41, x39, (x17 + x9), x32); - fiat_p224_addcarryx_u32(&x42, &x43, x41, 0x0, (x33 + x21)); + fiat_p224_addcarryx_u32(&x40, &x41, x39, x17 + x9, x32); + fiat_p224_addcarryx_u32(&x42, &x43, x41, 0x0, x33 + x21); fiat_p224_mulx_u32(&x44, &x45, x1, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x46, &x47, x1, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x48, &x49, x1, UINT32_C(0xfffffffe)); @@ -3025,7 +3025,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x58, &x59, 0x0, x36, x48); fiat_p224_addcarryx_u32(&x60, &x61, x59, x38, x50); fiat_p224_addcarryx_u32(&x62, &x63, x61, x40, x52); - fiat_p224_addcarryx_u32(&x64, &x65, x63, x42, (x53 + x45)); + fiat_p224_addcarryx_u32(&x64, &x65, x63, x42, x53 + x45); fiat_p224_mulx_u32(&x66, &x67, x56, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x68, &x69, x66, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x70, &x71, x66, UINT32_C(0xffffffff)); @@ -3038,20 +3038,20 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x84, &x85, x83, x60, x76); fiat_p224_addcarryx_u32(&x86, &x87, x85, x62, x78); fiat_p224_addcarryx_u32(&x88, &x89, x87, x64, x80); - fiat_p224_addcarryx_u32(&x90, &x91, x89, ((uint32_t)x65 + x43), (x81 + x69)); + fiat_p224_addcarryx_u32(&x90, &x91, x89, (uint32_t)x65 + x43, x81 + x69); fiat_p224_mulx_u32(&x92, &x93, x2, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x94, &x95, x2, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x96, &x97, x2, UINT32_C(0xfffffffe)); fiat_p224_addcarryx_u32(&x98, &x99, 0x0, x97, x94); fiat_p224_addcarryx_u32(&x100, &x101, x99, x95, x92); fiat_p224_addcarryx_u32(&x102, &x103, 0x0, x56, x66); - fiat_p224_addcarryx_u32(&x104, &x105, 0x0, ((uint32_t)x103 + x57), x2); + fiat_p224_addcarryx_u32(&x104, &x105, 0x0, (uint32_t)x103 + x57, x2); fiat_p224_addcarryx_u32(&x106, &x107, x105, x34, 0x0); fiat_p224_addcarryx_u32(&x108, &x109, x107, x82, 0x0); fiat_p224_addcarryx_u32(&x110, &x111, x109, x84, x96); fiat_p224_addcarryx_u32(&x112, &x113, x111, x86, x98); fiat_p224_addcarryx_u32(&x114, &x115, x113, x88, x100); - fiat_p224_addcarryx_u32(&x116, &x117, x115, x90, (x101 + x93)); + fiat_p224_addcarryx_u32(&x116, &x117, x115, x90, x101 + x93); fiat_p224_mulx_u32(&x118, &x119, x104, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x120, &x121, x118, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x122, &x123, x118, UINT32_C(0xffffffff)); @@ -3067,7 +3067,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x142, &x143, x141, x112, x128); fiat_p224_addcarryx_u32(&x144, &x145, x143, x114, x130); fiat_p224_addcarryx_u32(&x146, &x147, x145, x116, x132); - fiat_p224_addcarryx_u32(&x148, &x149, x147, ((uint32_t)x117 + x91), (x133 + x121)); + fiat_p224_addcarryx_u32(&x148, &x149, x147, (uint32_t)x117 + x91, x133 + x121); fiat_p224_mulx_u32(&x150, &x151, x3, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x152, &x153, x3, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x154, &x155, x3, UINT32_C(0xfffffffe)); @@ -3079,7 +3079,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x166, &x167, x165, x142, x154); fiat_p224_addcarryx_u32(&x168, &x169, x167, x144, x156); fiat_p224_addcarryx_u32(&x170, &x171, x169, x146, x158); - fiat_p224_addcarryx_u32(&x172, &x173, x171, x148, (x159 + x151)); + fiat_p224_addcarryx_u32(&x172, &x173, x171, x148, x159 + x151); fiat_p224_mulx_u32(&x174, &x175, x160, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x176, &x177, x174, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x178, &x179, x174, UINT32_C(0xffffffff)); @@ -3095,7 +3095,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x198, &x199, x197, x168, x184); fiat_p224_addcarryx_u32(&x200, &x201, x199, x170, x186); fiat_p224_addcarryx_u32(&x202, &x203, x201, x172, x188); - fiat_p224_addcarryx_u32(&x204, &x205, x203, ((uint32_t)x173 + x149), (x189 + x177)); + fiat_p224_addcarryx_u32(&x204, &x205, x203, (uint32_t)x173 + x149, x189 + x177); fiat_p224_mulx_u32(&x206, &x207, x4, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x208, &x209, x4, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x210, &x211, x4, UINT32_C(0xfffffffe)); @@ -3107,7 +3107,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x222, &x223, x221, x198, x210); fiat_p224_addcarryx_u32(&x224, &x225, x223, x200, x212); fiat_p224_addcarryx_u32(&x226, &x227, x225, x202, x214); - fiat_p224_addcarryx_u32(&x228, &x229, x227, x204, (x215 + x207)); + fiat_p224_addcarryx_u32(&x228, &x229, x227, x204, x215 + x207); fiat_p224_mulx_u32(&x230, &x231, x216, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x232, &x233, x230, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x234, &x235, x230, UINT32_C(0xffffffff)); @@ -3123,7 +3123,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x254, &x255, x253, x224, x240); fiat_p224_addcarryx_u32(&x256, &x257, x255, x226, x242); fiat_p224_addcarryx_u32(&x258, &x259, x257, x228, x244); - fiat_p224_addcarryx_u32(&x260, &x261, x259, ((uint32_t)x229 + x205), (x245 + x233)); + fiat_p224_addcarryx_u32(&x260, &x261, x259, (uint32_t)x229 + x205, x245 + x233); fiat_p224_mulx_u32(&x262, &x263, x5, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x264, &x265, x5, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x266, &x267, x5, UINT32_C(0xfffffffe)); @@ -3135,7 +3135,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x278, &x279, x277, x254, x266); fiat_p224_addcarryx_u32(&x280, &x281, x279, x256, x268); fiat_p224_addcarryx_u32(&x282, &x283, x281, x258, x270); - fiat_p224_addcarryx_u32(&x284, &x285, x283, x260, (x271 + x263)); + fiat_p224_addcarryx_u32(&x284, &x285, x283, x260, x271 + x263); fiat_p224_mulx_u32(&x286, &x287, x272, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x288, &x289, x286, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x290, &x291, x286, UINT32_C(0xffffffff)); @@ -3151,7 +3151,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x310, &x311, x309, x280, x296); fiat_p224_addcarryx_u32(&x312, &x313, x311, x282, x298); fiat_p224_addcarryx_u32(&x314, &x315, x313, x284, x300); - fiat_p224_addcarryx_u32(&x316, &x317, x315, ((uint32_t)x285 + x261), (x301 + x289)); + fiat_p224_addcarryx_u32(&x316, &x317, x315, (uint32_t)x285 + x261, x301 + x289); fiat_p224_mulx_u32(&x318, &x319, x6, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x320, &x321, x6, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x322, &x323, x6, UINT32_C(0xfffffffe)); @@ -3163,7 +3163,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x334, &x335, x333, x310, x322); fiat_p224_addcarryx_u32(&x336, &x337, x335, x312, x324); fiat_p224_addcarryx_u32(&x338, &x339, x337, x314, x326); - fiat_p224_addcarryx_u32(&x340, &x341, x339, x316, (x327 + x319)); + fiat_p224_addcarryx_u32(&x340, &x341, x339, x316, x327 + x319); fiat_p224_mulx_u32(&x342, &x343, x328, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x344, &x345, x342, UINT32_C(0xffffffff)); fiat_p224_mulx_u32(&x346, &x347, x342, UINT32_C(0xffffffff)); @@ -3179,7 +3179,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { fiat_p224_addcarryx_u32(&x366, &x367, x365, x336, x352); fiat_p224_addcarryx_u32(&x368, &x369, x367, x338, x354); fiat_p224_addcarryx_u32(&x370, &x371, x369, x340, x356); - fiat_p224_addcarryx_u32(&x372, &x373, x371, ((uint32_t)x341 + x317), (x357 + x345)); + fiat_p224_addcarryx_u32(&x372, &x373, x371, (uint32_t)x341 + x317, x357 + x345); fiat_p224_subborrowx_u32(&x374, &x375, 0x0, x360, 0x1); fiat_p224_subborrowx_u32(&x376, &x377, x375, x362, 0x0); fiat_p224_subborrowx_u32(&x378, &x379, x377, x364, 0x0); @@ -3219,7 +3219,7 @@ static void fiat_p224_to_montgomery(uint32_t out1[7], const uint32_t arg1[7]) { */ static void fiat_p224_nonzero(uint32_t* out1, const uint32_t arg1[7]) { uint32_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (arg1[6]))))))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | (arg1[3] | (arg1[4] | (arg1[5] | arg1[6]))))); *out1 = x1; } @@ -3244,13 +3244,13 @@ static void fiat_p224_selectznz(uint32_t out1[7], fiat_p224_uint1 arg1, const ui uint32_t x5; uint32_t x6; uint32_t x7; - fiat_p224_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p224_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p224_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p224_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p224_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p224_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p224_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); + fiat_p224_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_p224_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_p224_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_p224_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_p224_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); + fiat_p224_cmovznz_u32(&x6, arg1, arg2[5], arg3[5]); + fiat_p224_cmovznz_u32(&x7, arg1, arg2[6], arg3[6]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -3323,53 +3323,53 @@ static void fiat_p224_to_bytes(uint8_t out1[28], const uint32_t arg1[7]) { uint32_t x47; uint8_t x48; uint8_t x49; - x1 = (arg1[6]); - x2 = (arg1[5]); - x3 = (arg1[4]); - x4 = (arg1[3]); - x5 = (arg1[2]); - x6 = (arg1[1]); - x7 = (arg1[0]); + x1 = arg1[6]; + x2 = arg1[5]; + x3 = arg1[4]; + x4 = arg1[3]; + x5 = arg1[2]; + x6 = arg1[1]; + x7 = arg1[0]; x8 = (uint8_t)(x7 & UINT8_C(0xff)); - x9 = (x7 >> 8); + x9 = x7 >> 8; x10 = (uint8_t)(x9 & UINT8_C(0xff)); - x11 = (x9 >> 8); + x11 = x9 >> 8; x12 = (uint8_t)(x11 & UINT8_C(0xff)); x13 = (uint8_t)(x11 >> 8); x14 = (uint8_t)(x6 & UINT8_C(0xff)); - x15 = (x6 >> 8); + x15 = x6 >> 8; x16 = (uint8_t)(x15 & UINT8_C(0xff)); - x17 = (x15 >> 8); + x17 = x15 >> 8; x18 = (uint8_t)(x17 & UINT8_C(0xff)); x19 = (uint8_t)(x17 >> 8); x20 = (uint8_t)(x5 & UINT8_C(0xff)); - x21 = (x5 >> 8); + x21 = x5 >> 8; x22 = (uint8_t)(x21 & UINT8_C(0xff)); - x23 = (x21 >> 8); + x23 = x21 >> 8; x24 = (uint8_t)(x23 & UINT8_C(0xff)); x25 = (uint8_t)(x23 >> 8); x26 = (uint8_t)(x4 & UINT8_C(0xff)); - x27 = (x4 >> 8); + x27 = x4 >> 8; x28 = (uint8_t)(x27 & UINT8_C(0xff)); - x29 = (x27 >> 8); + x29 = x27 >> 8; x30 = (uint8_t)(x29 & UINT8_C(0xff)); x31 = (uint8_t)(x29 >> 8); x32 = (uint8_t)(x3 & UINT8_C(0xff)); - x33 = (x3 >> 8); + x33 = x3 >> 8; x34 = (uint8_t)(x33 & UINT8_C(0xff)); - x35 = (x33 >> 8); + x35 = x33 >> 8; x36 = (uint8_t)(x35 & UINT8_C(0xff)); x37 = (uint8_t)(x35 >> 8); x38 = (uint8_t)(x2 & UINT8_C(0xff)); - x39 = (x2 >> 8); + x39 = x2 >> 8; x40 = (uint8_t)(x39 & UINT8_C(0xff)); - x41 = (x39 >> 8); + x41 = x39 >> 8; x42 = (uint8_t)(x41 & UINT8_C(0xff)); x43 = (uint8_t)(x41 >> 8); x44 = (uint8_t)(x1 & UINT8_C(0xff)); - x45 = (x1 >> 8); + x45 = x1 >> 8; x46 = (uint8_t)(x45 & UINT8_C(0xff)); - x47 = (x45 >> 8); + x47 = x45 >> 8; x48 = (uint8_t)(x47 & UINT8_C(0xff)); x49 = (uint8_t)(x47 >> 8); out1[0] = x8; @@ -3466,55 +3466,55 @@ static void fiat_p224_from_bytes(uint32_t out1[7], const uint8_t arg1[28]) { uint32_t x47; uint32_t x48; uint32_t x49; - x1 = ((uint32_t)(arg1[27]) << 24); - x2 = ((uint32_t)(arg1[26]) << 16); - x3 = ((uint32_t)(arg1[25]) << 8); - x4 = (arg1[24]); - x5 = ((uint32_t)(arg1[23]) << 24); - x6 = ((uint32_t)(arg1[22]) << 16); - x7 = ((uint32_t)(arg1[21]) << 8); - x8 = (arg1[20]); - x9 = ((uint32_t)(arg1[19]) << 24); - x10 = ((uint32_t)(arg1[18]) << 16); - x11 = ((uint32_t)(arg1[17]) << 8); - x12 = (arg1[16]); - x13 = ((uint32_t)(arg1[15]) << 24); - x14 = ((uint32_t)(arg1[14]) << 16); - x15 = ((uint32_t)(arg1[13]) << 8); - x16 = (arg1[12]); - x17 = ((uint32_t)(arg1[11]) << 24); - x18 = ((uint32_t)(arg1[10]) << 16); - x19 = ((uint32_t)(arg1[9]) << 8); - x20 = (arg1[8]); - x21 = ((uint32_t)(arg1[7]) << 24); - x22 = ((uint32_t)(arg1[6]) << 16); - x23 = ((uint32_t)(arg1[5]) << 8); - x24 = (arg1[4]); - x25 = ((uint32_t)(arg1[3]) << 24); - x26 = ((uint32_t)(arg1[2]) << 16); - x27 = ((uint32_t)(arg1[1]) << 8); - x28 = (arg1[0]); - x29 = (x27 + (uint32_t)x28); - x30 = (x26 + x29); - x31 = (x25 + x30); - x32 = (x23 + (uint32_t)x24); - x33 = (x22 + x32); - x34 = (x21 + x33); - x35 = (x19 + (uint32_t)x20); - x36 = (x18 + x35); - x37 = (x17 + x36); - x38 = (x15 + (uint32_t)x16); - x39 = (x14 + x38); - x40 = (x13 + x39); - x41 = (x11 + (uint32_t)x12); - x42 = (x10 + x41); - x43 = (x9 + x42); - x44 = (x7 + (uint32_t)x8); - x45 = (x6 + x44); - x46 = (x5 + x45); - x47 = (x3 + (uint32_t)x4); - x48 = (x2 + x47); - x49 = (x1 + x48); + x1 = (uint32_t)arg1[27] << 24; + x2 = (uint32_t)arg1[26] << 16; + x3 = (uint32_t)arg1[25] << 8; + x4 = arg1[24]; + x5 = (uint32_t)arg1[23] << 24; + x6 = (uint32_t)arg1[22] << 16; + x7 = (uint32_t)arg1[21] << 8; + x8 = arg1[20]; + x9 = (uint32_t)arg1[19] << 24; + x10 = (uint32_t)arg1[18] << 16; + x11 = (uint32_t)arg1[17] << 8; + x12 = arg1[16]; + x13 = (uint32_t)arg1[15] << 24; + x14 = (uint32_t)arg1[14] << 16; + x15 = (uint32_t)arg1[13] << 8; + x16 = arg1[12]; + x17 = (uint32_t)arg1[11] << 24; + x18 = (uint32_t)arg1[10] << 16; + x19 = (uint32_t)arg1[9] << 8; + x20 = arg1[8]; + x21 = (uint32_t)arg1[7] << 24; + x22 = (uint32_t)arg1[6] << 16; + x23 = (uint32_t)arg1[5] << 8; + x24 = arg1[4]; + x25 = (uint32_t)arg1[3] << 24; + x26 = (uint32_t)arg1[2] << 16; + x27 = (uint32_t)arg1[1] << 8; + x28 = arg1[0]; + x29 = x27 + (uint32_t)x28; + x30 = x26 + x29; + x31 = x25 + x30; + x32 = x23 + (uint32_t)x24; + x33 = x22 + x32; + x34 = x21 + x33; + x35 = x19 + (uint32_t)x20; + x36 = x18 + x35; + x37 = x17 + x36; + x38 = x15 + (uint32_t)x16; + x39 = x14 + x38; + x40 = x13 + x39; + x41 = x11 + (uint32_t)x12; + x42 = x10 + x41; + x43 = x9 + x42; + x44 = x7 + (uint32_t)x8; + x45 = x6 + x44; + x46 = x5 + x45; + x47 = x3 + (uint32_t)x4; + x48 = x2 + x47; + x49 = x1 + x48; out1[0] = x31; out1[1] = x34; out1[2] = x37; @@ -3802,41 +3802,41 @@ static void fiat_p224_divstep(uint32_t* out1, uint32_t out2[8], uint32_t out3[8] uint32_t x202; uint32_t x203; uint32_t x204; - fiat_p224_addcarryx_u32(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p224_uint1)((fiat_p224_uint1)(x1 >> 31) & (fiat_p224_uint1)((arg3[0]) & 0x1)); - fiat_p224_addcarryx_u32(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p224_addcarryx_u32(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p224_uint1)((fiat_p224_uint1)(x1 >> 31) & (fiat_p224_uint1)(arg3[0] & 0x1)); + fiat_p224_addcarryx_u32(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p224_cmovznz_u32(&x6, x3, arg1, x4); - fiat_p224_cmovznz_u32(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p224_cmovznz_u32(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p224_cmovznz_u32(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p224_cmovznz_u32(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p224_cmovznz_u32(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p224_cmovznz_u32(&x12, x3, (arg2[5]), (arg3[5])); - fiat_p224_cmovznz_u32(&x13, x3, (arg2[6]), (arg3[6])); - fiat_p224_cmovznz_u32(&x14, x3, (arg2[7]), (arg3[7])); - fiat_p224_addcarryx_u32(&x15, &x16, 0x0, 0x1, (~(arg2[0]))); - fiat_p224_addcarryx_u32(&x17, &x18, x16, 0x0, (~(arg2[1]))); - fiat_p224_addcarryx_u32(&x19, &x20, x18, 0x0, (~(arg2[2]))); - fiat_p224_addcarryx_u32(&x21, &x22, x20, 0x0, (~(arg2[3]))); - fiat_p224_addcarryx_u32(&x23, &x24, x22, 0x0, (~(arg2[4]))); - fiat_p224_addcarryx_u32(&x25, &x26, x24, 0x0, (~(arg2[5]))); - fiat_p224_addcarryx_u32(&x27, &x28, x26, 0x0, (~(arg2[6]))); - fiat_p224_addcarryx_u32(&x29, &x30, x28, 0x0, (~(arg2[7]))); - fiat_p224_cmovznz_u32(&x31, x3, (arg3[0]), x15); - fiat_p224_cmovznz_u32(&x32, x3, (arg3[1]), x17); - fiat_p224_cmovznz_u32(&x33, x3, (arg3[2]), x19); - fiat_p224_cmovznz_u32(&x34, x3, (arg3[3]), x21); - fiat_p224_cmovznz_u32(&x35, x3, (arg3[4]), x23); - fiat_p224_cmovznz_u32(&x36, x3, (arg3[5]), x25); - fiat_p224_cmovznz_u32(&x37, x3, (arg3[6]), x27); - fiat_p224_cmovznz_u32(&x38, x3, (arg3[7]), x29); - fiat_p224_cmovznz_u32(&x39, x3, (arg4[0]), (arg5[0])); - fiat_p224_cmovznz_u32(&x40, x3, (arg4[1]), (arg5[1])); - fiat_p224_cmovznz_u32(&x41, x3, (arg4[2]), (arg5[2])); - fiat_p224_cmovznz_u32(&x42, x3, (arg4[3]), (arg5[3])); - fiat_p224_cmovznz_u32(&x43, x3, (arg4[4]), (arg5[4])); - fiat_p224_cmovznz_u32(&x44, x3, (arg4[5]), (arg5[5])); - fiat_p224_cmovznz_u32(&x45, x3, (arg4[6]), (arg5[6])); + fiat_p224_cmovznz_u32(&x7, x3, arg2[0], arg3[0]); + fiat_p224_cmovznz_u32(&x8, x3, arg2[1], arg3[1]); + fiat_p224_cmovznz_u32(&x9, x3, arg2[2], arg3[2]); + fiat_p224_cmovznz_u32(&x10, x3, arg2[3], arg3[3]); + fiat_p224_cmovznz_u32(&x11, x3, arg2[4], arg3[4]); + fiat_p224_cmovznz_u32(&x12, x3, arg2[5], arg3[5]); + fiat_p224_cmovznz_u32(&x13, x3, arg2[6], arg3[6]); + fiat_p224_cmovznz_u32(&x14, x3, arg2[7], arg3[7]); + fiat_p224_addcarryx_u32(&x15, &x16, 0x0, 0x1, ~arg2[0]); + fiat_p224_addcarryx_u32(&x17, &x18, x16, 0x0, ~arg2[1]); + fiat_p224_addcarryx_u32(&x19, &x20, x18, 0x0, ~arg2[2]); + fiat_p224_addcarryx_u32(&x21, &x22, x20, 0x0, ~arg2[3]); + fiat_p224_addcarryx_u32(&x23, &x24, x22, 0x0, ~arg2[4]); + fiat_p224_addcarryx_u32(&x25, &x26, x24, 0x0, ~arg2[5]); + fiat_p224_addcarryx_u32(&x27, &x28, x26, 0x0, ~arg2[6]); + fiat_p224_addcarryx_u32(&x29, &x30, x28, 0x0, ~arg2[7]); + fiat_p224_cmovznz_u32(&x31, x3, arg3[0], x15); + fiat_p224_cmovznz_u32(&x32, x3, arg3[1], x17); + fiat_p224_cmovznz_u32(&x33, x3, arg3[2], x19); + fiat_p224_cmovznz_u32(&x34, x3, arg3[3], x21); + fiat_p224_cmovznz_u32(&x35, x3, arg3[4], x23); + fiat_p224_cmovznz_u32(&x36, x3, arg3[5], x25); + fiat_p224_cmovznz_u32(&x37, x3, arg3[6], x27); + fiat_p224_cmovznz_u32(&x38, x3, arg3[7], x29); + fiat_p224_cmovznz_u32(&x39, x3, arg4[0], arg5[0]); + fiat_p224_cmovznz_u32(&x40, x3, arg4[1], arg5[1]); + fiat_p224_cmovznz_u32(&x41, x3, arg4[2], arg5[2]); + fiat_p224_cmovznz_u32(&x42, x3, arg4[3], arg5[3]); + fiat_p224_cmovznz_u32(&x43, x3, arg4[4], arg5[4]); + fiat_p224_cmovznz_u32(&x44, x3, arg4[5], arg5[5]); + fiat_p224_cmovznz_u32(&x45, x3, arg4[6], arg5[6]); fiat_p224_addcarryx_u32(&x46, &x47, 0x0, x39, x39); fiat_p224_addcarryx_u32(&x48, &x49, x47, x40, x40); fiat_p224_addcarryx_u32(&x50, &x51, x49, x41, x41); @@ -3852,13 +3852,13 @@ static void fiat_p224_divstep(uint32_t* out1, uint32_t out2[8], uint32_t out3[8] fiat_p224_subborrowx_u32(&x70, &x71, x69, x56, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u32(&x72, &x73, x71, x58, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u32(&x74, &x75, x73, x59, 0x0); - x76 = (arg4[6]); - x77 = (arg4[5]); - x78 = (arg4[4]); - x79 = (arg4[3]); - x80 = (arg4[2]); - x81 = (arg4[1]); - x82 = (arg4[0]); + x76 = arg4[6]; + x77 = arg4[5]; + x78 = arg4[4]; + x79 = arg4[3]; + x80 = arg4[2]; + x81 = arg4[1]; + x82 = arg4[0]; fiat_p224_subborrowx_u32(&x83, &x84, 0x0, 0x0, x82); fiat_p224_subborrowx_u32(&x85, &x86, x84, 0x0, x81); fiat_p224_subborrowx_u32(&x87, &x88, x86, 0x0, x80); @@ -3874,13 +3874,13 @@ static void fiat_p224_divstep(uint32_t* out1, uint32_t out2[8], uint32_t out3[8] fiat_p224_addcarryx_u32(&x106, &x107, x105, x91, x97); fiat_p224_addcarryx_u32(&x108, &x109, x107, x93, x97); fiat_p224_addcarryx_u32(&x110, &x111, x109, x95, x97); - fiat_p224_cmovznz_u32(&x112, x3, (arg5[0]), x98); - fiat_p224_cmovznz_u32(&x113, x3, (arg5[1]), x100); - fiat_p224_cmovznz_u32(&x114, x3, (arg5[2]), x102); - fiat_p224_cmovznz_u32(&x115, x3, (arg5[3]), x104); - fiat_p224_cmovznz_u32(&x116, x3, (arg5[4]), x106); - fiat_p224_cmovznz_u32(&x117, x3, (arg5[5]), x108); - fiat_p224_cmovznz_u32(&x118, x3, (arg5[6]), x110); + fiat_p224_cmovznz_u32(&x112, x3, arg5[0], x98); + fiat_p224_cmovznz_u32(&x113, x3, arg5[1], x100); + fiat_p224_cmovznz_u32(&x114, x3, arg5[2], x102); + fiat_p224_cmovznz_u32(&x115, x3, arg5[3], x104); + fiat_p224_cmovznz_u32(&x116, x3, arg5[4], x106); + fiat_p224_cmovznz_u32(&x117, x3, arg5[5], x108); + fiat_p224_cmovznz_u32(&x118, x3, arg5[6], x110); x119 = (fiat_p224_uint1)(x31 & 0x1); fiat_p224_cmovznz_u32(&x120, x119, 0x0, x7); fiat_p224_cmovznz_u32(&x121, x119, 0x0, x8); @@ -3921,14 +3921,14 @@ static void fiat_p224_divstep(uint32_t* out1, uint32_t out2[8], uint32_t out3[8] fiat_p224_subborrowx_u32(&x177, &x178, x176, x163, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u32(&x179, &x180, x178, x164, 0x0); fiat_p224_addcarryx_u32(&x181, &x182, 0x0, x6, 0x1); - x183 = ((x128 >> 1) | ((x130 << 31) & UINT32_C(0xffffffff))); - x184 = ((x130 >> 1) | ((x132 << 31) & UINT32_C(0xffffffff))); - x185 = ((x132 >> 1) | ((x134 << 31) & UINT32_C(0xffffffff))); - x186 = ((x134 >> 1) | ((x136 << 31) & UINT32_C(0xffffffff))); - x187 = ((x136 >> 1) | ((x138 << 31) & UINT32_C(0xffffffff))); - x188 = ((x138 >> 1) | ((x140 << 31) & UINT32_C(0xffffffff))); - x189 = ((x140 >> 1) | ((x142 << 31) & UINT32_C(0xffffffff))); - x190 = ((x142 & UINT32_C(0x80000000)) | (x142 >> 1)); + x183 = x128 >> 1 | x130 << 31 & UINT32_C(0xffffffff); + x184 = x130 >> 1 | x132 << 31 & UINT32_C(0xffffffff); + x185 = x132 >> 1 | x134 << 31 & UINT32_C(0xffffffff); + x186 = x134 >> 1 | x136 << 31 & UINT32_C(0xffffffff); + x187 = x136 >> 1 | x138 << 31 & UINT32_C(0xffffffff); + x188 = x138 >> 1 | x140 << 31 & UINT32_C(0xffffffff); + x189 = x140 >> 1 | x142 << 31 & UINT32_C(0xffffffff); + x190 = x142 & UINT32_C(0x80000000) | x142 >> 1; fiat_p224_cmovznz_u32(&x191, x75, x60, x46); fiat_p224_cmovznz_u32(&x192, x75, x62, x48); fiat_p224_cmovznz_u32(&x193, x75, x64, x50); diff --git a/fiat-c/src/p224_64.c b/fiat-c/src/p224_64.c index 4ea0db46c8..7f991dcd34 100644 --- a/fiat-c/src/p224_64.c +++ b/fiat-c/src/p224_64.c @@ -62,7 +62,7 @@ static void fiat_p224_addcarryx_u64(uint64_t* out1, fiat_p224_uint1* out2, fiat_ fiat_p224_uint128 x1; uint64_t x2; fiat_p224_uint1 x3; - x1 = ((arg1 + (fiat_p224_uint128)arg2) + arg3); + x1 = arg1 + (fiat_p224_uint128)arg2 + arg3; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (fiat_p224_uint1)(x1 >> 64); *out1 = x2; @@ -88,7 +88,7 @@ static void fiat_p224_subborrowx_u64(uint64_t* out1, fiat_p224_uint1* out2, fiat fiat_p224_int128 x1; fiat_p224_int1 x2; uint64_t x3; - x1 = ((arg2 - (fiat_p224_int128)arg1) - arg3); + x1 = arg2 - (fiat_p224_int128)arg1 - arg3; x2 = (fiat_p224_int1)(x1 >> 64); x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); *out1 = x3; @@ -113,7 +113,7 @@ static void fiat_p224_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui fiat_p224_uint128 x1; uint64_t x2; uint64_t x3; - x1 = ((fiat_p224_uint128)arg1 * arg2); + x1 = (fiat_p224_uint128)arg1 * arg2; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (uint64_t)(x1 >> 64); *out1 = x2; @@ -137,9 +137,9 @@ static void fiat_p224_cmovznz_u64(uint64_t* out1, fiat_p224_uint1 arg1, uint64_t fiat_p224_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p224_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_p224_value_barrier_u64(x2) & arg3) | (fiat_p224_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p224_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_p224_value_barrier_u64(x2) & arg3 | fiat_p224_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -363,38 +363,38 @@ static void fiat_p224_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 uint64_t x201; uint64_t x202; uint64_t x203; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); - fiat_p224_mulx_u64(&x5, &x6, x4, (arg2[3])); - fiat_p224_mulx_u64(&x7, &x8, x4, (arg2[2])); - fiat_p224_mulx_u64(&x9, &x10, x4, (arg2[1])); - fiat_p224_mulx_u64(&x11, &x12, x4, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; + fiat_p224_mulx_u64(&x5, &x6, x4, arg2[3]); + fiat_p224_mulx_u64(&x7, &x8, x4, arg2[2]); + fiat_p224_mulx_u64(&x9, &x10, x4, arg2[1]); + fiat_p224_mulx_u64(&x11, &x12, x4, arg2[0]); fiat_p224_addcarryx_u64(&x13, &x14, 0x0, x12, x9); fiat_p224_addcarryx_u64(&x15, &x16, x14, x10, x7); fiat_p224_addcarryx_u64(&x17, &x18, x16, x8, x5); - x19 = (x18 + x6); + x19 = x18 + x6; fiat_p224_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x22, &x23, x20, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x24, &x25, x20, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x26, &x27, x20, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x28, &x29, 0x0, x27, x24); fiat_p224_addcarryx_u64(&x30, &x31, x29, x25, x22); - x32 = (x31 + x23); + x32 = x31 + x23; fiat_p224_addcarryx_u64(&x33, &x34, 0x0, x11, x20); fiat_p224_addcarryx_u64(&x35, &x36, x34, x13, x26); fiat_p224_addcarryx_u64(&x37, &x38, x36, x15, x28); fiat_p224_addcarryx_u64(&x39, &x40, x38, x17, x30); fiat_p224_addcarryx_u64(&x41, &x42, x40, x19, x32); - fiat_p224_mulx_u64(&x43, &x44, x1, (arg2[3])); - fiat_p224_mulx_u64(&x45, &x46, x1, (arg2[2])); - fiat_p224_mulx_u64(&x47, &x48, x1, (arg2[1])); - fiat_p224_mulx_u64(&x49, &x50, x1, (arg2[0])); + fiat_p224_mulx_u64(&x43, &x44, x1, arg2[3]); + fiat_p224_mulx_u64(&x45, &x46, x1, arg2[2]); + fiat_p224_mulx_u64(&x47, &x48, x1, arg2[1]); + fiat_p224_mulx_u64(&x49, &x50, x1, arg2[0]); fiat_p224_addcarryx_u64(&x51, &x52, 0x0, x50, x47); fiat_p224_addcarryx_u64(&x53, &x54, x52, x48, x45); fiat_p224_addcarryx_u64(&x55, &x56, x54, x46, x43); - x57 = (x56 + x44); + x57 = x56 + x44; fiat_p224_addcarryx_u64(&x58, &x59, 0x0, x35, x49); fiat_p224_addcarryx_u64(&x60, &x61, x59, x37, x51); fiat_p224_addcarryx_u64(&x62, &x63, x61, x39, x53); @@ -406,21 +406,21 @@ static void fiat_p224_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p224_mulx_u64(&x74, &x75, x68, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x76, &x77, 0x0, x75, x72); fiat_p224_addcarryx_u64(&x78, &x79, x77, x73, x70); - x80 = (x79 + x71); + x80 = x79 + x71; fiat_p224_addcarryx_u64(&x81, &x82, 0x0, x58, x68); fiat_p224_addcarryx_u64(&x83, &x84, x82, x60, x74); fiat_p224_addcarryx_u64(&x85, &x86, x84, x62, x76); fiat_p224_addcarryx_u64(&x87, &x88, x86, x64, x78); fiat_p224_addcarryx_u64(&x89, &x90, x88, x66, x80); - x91 = ((uint64_t)x90 + x67); - fiat_p224_mulx_u64(&x92, &x93, x2, (arg2[3])); - fiat_p224_mulx_u64(&x94, &x95, x2, (arg2[2])); - fiat_p224_mulx_u64(&x96, &x97, x2, (arg2[1])); - fiat_p224_mulx_u64(&x98, &x99, x2, (arg2[0])); + x91 = (uint64_t)x90 + x67; + fiat_p224_mulx_u64(&x92, &x93, x2, arg2[3]); + fiat_p224_mulx_u64(&x94, &x95, x2, arg2[2]); + fiat_p224_mulx_u64(&x96, &x97, x2, arg2[1]); + fiat_p224_mulx_u64(&x98, &x99, x2, arg2[0]); fiat_p224_addcarryx_u64(&x100, &x101, 0x0, x99, x96); fiat_p224_addcarryx_u64(&x102, &x103, x101, x97, x94); fiat_p224_addcarryx_u64(&x104, &x105, x103, x95, x92); - x106 = (x105 + x93); + x106 = x105 + x93; fiat_p224_addcarryx_u64(&x107, &x108, 0x0, x83, x98); fiat_p224_addcarryx_u64(&x109, &x110, x108, x85, x100); fiat_p224_addcarryx_u64(&x111, &x112, x110, x87, x102); @@ -432,21 +432,21 @@ static void fiat_p224_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p224_mulx_u64(&x123, &x124, x117, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x125, &x126, 0x0, x124, x121); fiat_p224_addcarryx_u64(&x127, &x128, x126, x122, x119); - x129 = (x128 + x120); + x129 = x128 + x120; fiat_p224_addcarryx_u64(&x130, &x131, 0x0, x107, x117); fiat_p224_addcarryx_u64(&x132, &x133, x131, x109, x123); fiat_p224_addcarryx_u64(&x134, &x135, x133, x111, x125); fiat_p224_addcarryx_u64(&x136, &x137, x135, x113, x127); fiat_p224_addcarryx_u64(&x138, &x139, x137, x115, x129); - x140 = ((uint64_t)x139 + x116); - fiat_p224_mulx_u64(&x141, &x142, x3, (arg2[3])); - fiat_p224_mulx_u64(&x143, &x144, x3, (arg2[2])); - fiat_p224_mulx_u64(&x145, &x146, x3, (arg2[1])); - fiat_p224_mulx_u64(&x147, &x148, x3, (arg2[0])); + x140 = (uint64_t)x139 + x116; + fiat_p224_mulx_u64(&x141, &x142, x3, arg2[3]); + fiat_p224_mulx_u64(&x143, &x144, x3, arg2[2]); + fiat_p224_mulx_u64(&x145, &x146, x3, arg2[1]); + fiat_p224_mulx_u64(&x147, &x148, x3, arg2[0]); fiat_p224_addcarryx_u64(&x149, &x150, 0x0, x148, x145); fiat_p224_addcarryx_u64(&x151, &x152, x150, x146, x143); fiat_p224_addcarryx_u64(&x153, &x154, x152, x144, x141); - x155 = (x154 + x142); + x155 = x154 + x142; fiat_p224_addcarryx_u64(&x156, &x157, 0x0, x132, x147); fiat_p224_addcarryx_u64(&x158, &x159, x157, x134, x149); fiat_p224_addcarryx_u64(&x160, &x161, x159, x136, x151); @@ -458,13 +458,13 @@ static void fiat_p224_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p224_mulx_u64(&x172, &x173, x166, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x174, &x175, 0x0, x173, x170); fiat_p224_addcarryx_u64(&x176, &x177, x175, x171, x168); - x178 = (x177 + x169); + x178 = x177 + x169; fiat_p224_addcarryx_u64(&x179, &x180, 0x0, x156, x166); fiat_p224_addcarryx_u64(&x181, &x182, x180, x158, x172); fiat_p224_addcarryx_u64(&x183, &x184, x182, x160, x174); fiat_p224_addcarryx_u64(&x185, &x186, x184, x162, x176); fiat_p224_addcarryx_u64(&x187, &x188, x186, x164, x178); - x189 = ((uint64_t)x188 + x165); + x189 = (uint64_t)x188 + x165; fiat_p224_subborrowx_u64(&x190, &x191, 0x0, x181, 0x1); fiat_p224_subborrowx_u64(&x192, &x193, x191, x183, UINT64_C(0xffffffff00000000)); fiat_p224_subborrowx_u64(&x194, &x195, x193, x185, UINT64_C(0xffffffffffffffff)); @@ -698,38 +698,38 @@ static void fiat_p224_square(uint64_t out1[4], const uint64_t arg1[4]) { uint64_t x201; uint64_t x202; uint64_t x203; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); - fiat_p224_mulx_u64(&x5, &x6, x4, (arg1[3])); - fiat_p224_mulx_u64(&x7, &x8, x4, (arg1[2])); - fiat_p224_mulx_u64(&x9, &x10, x4, (arg1[1])); - fiat_p224_mulx_u64(&x11, &x12, x4, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; + fiat_p224_mulx_u64(&x5, &x6, x4, arg1[3]); + fiat_p224_mulx_u64(&x7, &x8, x4, arg1[2]); + fiat_p224_mulx_u64(&x9, &x10, x4, arg1[1]); + fiat_p224_mulx_u64(&x11, &x12, x4, arg1[0]); fiat_p224_addcarryx_u64(&x13, &x14, 0x0, x12, x9); fiat_p224_addcarryx_u64(&x15, &x16, x14, x10, x7); fiat_p224_addcarryx_u64(&x17, &x18, x16, x8, x5); - x19 = (x18 + x6); + x19 = x18 + x6; fiat_p224_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x22, &x23, x20, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x24, &x25, x20, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x26, &x27, x20, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x28, &x29, 0x0, x27, x24); fiat_p224_addcarryx_u64(&x30, &x31, x29, x25, x22); - x32 = (x31 + x23); + x32 = x31 + x23; fiat_p224_addcarryx_u64(&x33, &x34, 0x0, x11, x20); fiat_p224_addcarryx_u64(&x35, &x36, x34, x13, x26); fiat_p224_addcarryx_u64(&x37, &x38, x36, x15, x28); fiat_p224_addcarryx_u64(&x39, &x40, x38, x17, x30); fiat_p224_addcarryx_u64(&x41, &x42, x40, x19, x32); - fiat_p224_mulx_u64(&x43, &x44, x1, (arg1[3])); - fiat_p224_mulx_u64(&x45, &x46, x1, (arg1[2])); - fiat_p224_mulx_u64(&x47, &x48, x1, (arg1[1])); - fiat_p224_mulx_u64(&x49, &x50, x1, (arg1[0])); + fiat_p224_mulx_u64(&x43, &x44, x1, arg1[3]); + fiat_p224_mulx_u64(&x45, &x46, x1, arg1[2]); + fiat_p224_mulx_u64(&x47, &x48, x1, arg1[1]); + fiat_p224_mulx_u64(&x49, &x50, x1, arg1[0]); fiat_p224_addcarryx_u64(&x51, &x52, 0x0, x50, x47); fiat_p224_addcarryx_u64(&x53, &x54, x52, x48, x45); fiat_p224_addcarryx_u64(&x55, &x56, x54, x46, x43); - x57 = (x56 + x44); + x57 = x56 + x44; fiat_p224_addcarryx_u64(&x58, &x59, 0x0, x35, x49); fiat_p224_addcarryx_u64(&x60, &x61, x59, x37, x51); fiat_p224_addcarryx_u64(&x62, &x63, x61, x39, x53); @@ -741,21 +741,21 @@ static void fiat_p224_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_mulx_u64(&x74, &x75, x68, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x76, &x77, 0x0, x75, x72); fiat_p224_addcarryx_u64(&x78, &x79, x77, x73, x70); - x80 = (x79 + x71); + x80 = x79 + x71; fiat_p224_addcarryx_u64(&x81, &x82, 0x0, x58, x68); fiat_p224_addcarryx_u64(&x83, &x84, x82, x60, x74); fiat_p224_addcarryx_u64(&x85, &x86, x84, x62, x76); fiat_p224_addcarryx_u64(&x87, &x88, x86, x64, x78); fiat_p224_addcarryx_u64(&x89, &x90, x88, x66, x80); - x91 = ((uint64_t)x90 + x67); - fiat_p224_mulx_u64(&x92, &x93, x2, (arg1[3])); - fiat_p224_mulx_u64(&x94, &x95, x2, (arg1[2])); - fiat_p224_mulx_u64(&x96, &x97, x2, (arg1[1])); - fiat_p224_mulx_u64(&x98, &x99, x2, (arg1[0])); + x91 = (uint64_t)x90 + x67; + fiat_p224_mulx_u64(&x92, &x93, x2, arg1[3]); + fiat_p224_mulx_u64(&x94, &x95, x2, arg1[2]); + fiat_p224_mulx_u64(&x96, &x97, x2, arg1[1]); + fiat_p224_mulx_u64(&x98, &x99, x2, arg1[0]); fiat_p224_addcarryx_u64(&x100, &x101, 0x0, x99, x96); fiat_p224_addcarryx_u64(&x102, &x103, x101, x97, x94); fiat_p224_addcarryx_u64(&x104, &x105, x103, x95, x92); - x106 = (x105 + x93); + x106 = x105 + x93; fiat_p224_addcarryx_u64(&x107, &x108, 0x0, x83, x98); fiat_p224_addcarryx_u64(&x109, &x110, x108, x85, x100); fiat_p224_addcarryx_u64(&x111, &x112, x110, x87, x102); @@ -767,21 +767,21 @@ static void fiat_p224_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_mulx_u64(&x123, &x124, x117, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x125, &x126, 0x0, x124, x121); fiat_p224_addcarryx_u64(&x127, &x128, x126, x122, x119); - x129 = (x128 + x120); + x129 = x128 + x120; fiat_p224_addcarryx_u64(&x130, &x131, 0x0, x107, x117); fiat_p224_addcarryx_u64(&x132, &x133, x131, x109, x123); fiat_p224_addcarryx_u64(&x134, &x135, x133, x111, x125); fiat_p224_addcarryx_u64(&x136, &x137, x135, x113, x127); fiat_p224_addcarryx_u64(&x138, &x139, x137, x115, x129); - x140 = ((uint64_t)x139 + x116); - fiat_p224_mulx_u64(&x141, &x142, x3, (arg1[3])); - fiat_p224_mulx_u64(&x143, &x144, x3, (arg1[2])); - fiat_p224_mulx_u64(&x145, &x146, x3, (arg1[1])); - fiat_p224_mulx_u64(&x147, &x148, x3, (arg1[0])); + x140 = (uint64_t)x139 + x116; + fiat_p224_mulx_u64(&x141, &x142, x3, arg1[3]); + fiat_p224_mulx_u64(&x143, &x144, x3, arg1[2]); + fiat_p224_mulx_u64(&x145, &x146, x3, arg1[1]); + fiat_p224_mulx_u64(&x147, &x148, x3, arg1[0]); fiat_p224_addcarryx_u64(&x149, &x150, 0x0, x148, x145); fiat_p224_addcarryx_u64(&x151, &x152, x150, x146, x143); fiat_p224_addcarryx_u64(&x153, &x154, x152, x144, x141); - x155 = (x154 + x142); + x155 = x154 + x142; fiat_p224_addcarryx_u64(&x156, &x157, 0x0, x132, x147); fiat_p224_addcarryx_u64(&x158, &x159, x157, x134, x149); fiat_p224_addcarryx_u64(&x160, &x161, x159, x136, x151); @@ -793,13 +793,13 @@ static void fiat_p224_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_mulx_u64(&x172, &x173, x166, UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x174, &x175, 0x0, x173, x170); fiat_p224_addcarryx_u64(&x176, &x177, x175, x171, x168); - x178 = (x177 + x169); + x178 = x177 + x169; fiat_p224_addcarryx_u64(&x179, &x180, 0x0, x156, x166); fiat_p224_addcarryx_u64(&x181, &x182, x180, x158, x172); fiat_p224_addcarryx_u64(&x183, &x184, x182, x160, x174); fiat_p224_addcarryx_u64(&x185, &x186, x184, x162, x176); fiat_p224_addcarryx_u64(&x187, &x188, x186, x164, x178); - x189 = ((uint64_t)x188 + x165); + x189 = (uint64_t)x188 + x165; fiat_p224_subborrowx_u64(&x190, &x191, 0x0, x181, 0x1); fiat_p224_subborrowx_u64(&x192, &x193, x191, x183, UINT64_C(0xffffffff00000000)); fiat_p224_subborrowx_u64(&x194, &x195, x193, x185, UINT64_C(0xffffffffffffffff)); @@ -854,10 +854,10 @@ static void fiat_p224_add(uint64_t out1[4], const uint64_t arg1[4], const uint64 uint64_t x20; uint64_t x21; uint64_t x22; - fiat_p224_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p224_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p224_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p224_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_p224_addcarryx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p224_addcarryx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p224_addcarryx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p224_addcarryx_u64(&x7, &x8, x6, arg1[3], arg2[3]); fiat_p224_subborrowx_u64(&x9, &x10, 0x0, x1, 0x1); fiat_p224_subborrowx_u64(&x11, &x12, x10, x3, UINT64_C(0xffffffff00000000)); fiat_p224_subborrowx_u64(&x13, &x14, x12, x5, UINT64_C(0xffffffffffffffff)); @@ -907,15 +907,15 @@ static void fiat_p224_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p224_uint1 x15; uint64_t x16; fiat_p224_uint1 x17; - fiat_p224_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p224_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p224_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p224_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_p224_subborrowx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p224_subborrowx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p224_subborrowx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p224_subborrowx_u64(&x7, &x8, x6, arg1[3], arg2[3]); fiat_p224_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p224_addcarryx_u64(&x10, &x11, 0x0, x1, (fiat_p224_uint1)(x9 & 0x1)); - fiat_p224_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT64_C(0xffffffff00000000))); + fiat_p224_addcarryx_u64(&x12, &x13, x11, x3, x9 & UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x14, &x15, x13, x5, x9); - fiat_p224_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT32_C(0xffffffff))); + fiat_p224_addcarryx_u64(&x16, &x17, x15, x7, x9 & UINT32_C(0xffffffff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; @@ -954,15 +954,15 @@ static void fiat_p224_opp(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_uint1 x15; uint64_t x16; fiat_p224_uint1 x17; - fiat_p224_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p224_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p224_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p224_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_p224_subborrowx_u64(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p224_subborrowx_u64(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p224_subborrowx_u64(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p224_subborrowx_u64(&x7, &x8, x6, 0x0, arg1[3]); fiat_p224_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p224_addcarryx_u64(&x10, &x11, 0x0, x1, (fiat_p224_uint1)(x9 & 0x1)); - fiat_p224_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT64_C(0xffffffff00000000))); + fiat_p224_addcarryx_u64(&x12, &x13, x11, x3, x9 & UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x14, &x15, x13, x5, x9); - fiat_p224_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT32_C(0xffffffff))); + fiat_p224_addcarryx_u64(&x16, &x17, x15, x7, x9 & UINT32_C(0xffffffff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; @@ -1098,7 +1098,7 @@ static void fiat_p224_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) uint64_t x112; uint64_t x113; uint64_t x114; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p224_mulx_u64(&x2, &x3, x1, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x4, &x5, x2, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x6, &x7, x2, UINT64_C(0xffffffffffffffff)); @@ -1109,7 +1109,7 @@ static void fiat_p224_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p224_addcarryx_u64(&x16, &x17, x15, 0x0, x8); fiat_p224_addcarryx_u64(&x18, &x19, x17, 0x0, x10); fiat_p224_addcarryx_u64(&x20, &x21, x19, 0x0, x12); - fiat_p224_addcarryx_u64(&x22, &x23, 0x0, x16, (arg1[1])); + fiat_p224_addcarryx_u64(&x22, &x23, 0x0, x16, arg1[1]); fiat_p224_addcarryx_u64(&x24, &x25, x23, x18, 0x0); fiat_p224_addcarryx_u64(&x26, &x27, x25, x20, 0x0); fiat_p224_mulx_u64(&x28, &x29, x22, UINT64_C(0xffffffffffffffff)); @@ -1121,8 +1121,8 @@ static void fiat_p224_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p224_addcarryx_u64(&x40, &x41, 0x0, x22, x28); fiat_p224_addcarryx_u64(&x42, &x43, x41, x24, x34); fiat_p224_addcarryx_u64(&x44, &x45, x43, x26, x36); - fiat_p224_addcarryx_u64(&x46, &x47, x45, (x27 + (x21 + (x13 + x5))), x38); - fiat_p224_addcarryx_u64(&x48, &x49, 0x0, x42, (arg1[2])); + fiat_p224_addcarryx_u64(&x46, &x47, x45, x27 + (x21 + (x13 + x5)), x38); + fiat_p224_addcarryx_u64(&x48, &x49, 0x0, x42, arg1[2]); fiat_p224_addcarryx_u64(&x50, &x51, x49, x44, 0x0); fiat_p224_addcarryx_u64(&x52, &x53, x51, x46, 0x0); fiat_p224_mulx_u64(&x54, &x55, x48, UINT64_C(0xffffffffffffffff)); @@ -1134,8 +1134,8 @@ static void fiat_p224_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p224_addcarryx_u64(&x66, &x67, 0x0, x48, x54); fiat_p224_addcarryx_u64(&x68, &x69, x67, x50, x60); fiat_p224_addcarryx_u64(&x70, &x71, x69, x52, x62); - fiat_p224_addcarryx_u64(&x72, &x73, x71, (x53 + (x47 + (x39 + x31))), x64); - fiat_p224_addcarryx_u64(&x74, &x75, 0x0, x68, (arg1[3])); + fiat_p224_addcarryx_u64(&x72, &x73, x71, x53 + (x47 + (x39 + x31)), x64); + fiat_p224_addcarryx_u64(&x74, &x75, 0x0, x68, arg1[3]); fiat_p224_addcarryx_u64(&x76, &x77, x75, x70, 0x0); fiat_p224_addcarryx_u64(&x78, &x79, x77, x72, 0x0); fiat_p224_mulx_u64(&x80, &x81, x74, UINT64_C(0xffffffffffffffff)); @@ -1147,8 +1147,8 @@ static void fiat_p224_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p224_addcarryx_u64(&x92, &x93, 0x0, x74, x80); fiat_p224_addcarryx_u64(&x94, &x95, x93, x76, x86); fiat_p224_addcarryx_u64(&x96, &x97, x95, x78, x88); - fiat_p224_addcarryx_u64(&x98, &x99, x97, (x79 + (x73 + (x65 + x57))), x90); - x100 = (x99 + (x91 + x83)); + fiat_p224_addcarryx_u64(&x98, &x99, x97, x79 + (x73 + (x65 + x57)), x90); + x100 = x99 + (x91 + x83); fiat_p224_subborrowx_u64(&x101, &x102, 0x0, x94, 0x1); fiat_p224_subborrowx_u64(&x103, &x104, x102, x96, UINT64_C(0xffffffff00000000)); fiat_p224_subborrowx_u64(&x105, &x106, x104, x98, UINT64_C(0xffffffffffffffff)); @@ -1358,10 +1358,10 @@ static void fiat_p224_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { uint64_t x177; uint64_t x178; uint64_t x179; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; fiat_p224_mulx_u64(&x5, &x6, x4, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x7, &x8, x4, UINT64_C(0xfffffffe00000000)); fiat_p224_mulx_u64(&x9, &x10, x4, UINT64_C(0xffffffff00000000)); @@ -1389,7 +1389,7 @@ static void fiat_p224_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_addcarryx_u64(&x53, &x54, 0x0, x33, x45); fiat_p224_addcarryx_u64(&x55, &x56, x54, x35, x47); fiat_p224_addcarryx_u64(&x57, &x58, x56, x37, x49); - fiat_p224_addcarryx_u64(&x59, &x60, x58, ((x38 + (x18 + x6)) + (x30 + x22)), x51); + fiat_p224_addcarryx_u64(&x59, &x60, x58, x38 + (x18 + x6) + (x30 + x22), x51); fiat_p224_mulx_u64(&x61, &x62, x53, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x63, &x64, x61, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x65, &x66, x61, UINT64_C(0xffffffffffffffff)); @@ -1410,7 +1410,7 @@ static void fiat_p224_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_addcarryx_u64(&x95, &x96, 0x0, x75, x87); fiat_p224_addcarryx_u64(&x97, &x98, x96, x77, x89); fiat_p224_addcarryx_u64(&x99, &x100, x98, x79, x91); - fiat_p224_addcarryx_u64(&x101, &x102, x100, ((x80 + (x60 + (x52 + x40))) + (x72 + x64)), x93); + fiat_p224_addcarryx_u64(&x101, &x102, x100, x80 + (x60 + (x52 + x40)) + (x72 + x64), x93); fiat_p224_mulx_u64(&x103, &x104, x95, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x105, &x106, x103, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x107, &x108, x103, UINT64_C(0xffffffffffffffff)); @@ -1431,7 +1431,7 @@ static void fiat_p224_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_addcarryx_u64(&x137, &x138, 0x0, x117, x129); fiat_p224_addcarryx_u64(&x139, &x140, x138, x119, x131); fiat_p224_addcarryx_u64(&x141, &x142, x140, x121, x133); - fiat_p224_addcarryx_u64(&x143, &x144, x142, ((x122 + (x102 + (x94 + x82))) + (x114 + x106)), x135); + fiat_p224_addcarryx_u64(&x143, &x144, x142, x122 + (x102 + (x94 + x82)) + (x114 + x106), x135); fiat_p224_mulx_u64(&x145, &x146, x137, UINT64_C(0xffffffffffffffff)); fiat_p224_mulx_u64(&x147, &x148, x145, UINT32_C(0xffffffff)); fiat_p224_mulx_u64(&x149, &x150, x145, UINT64_C(0xffffffffffffffff)); @@ -1442,7 +1442,7 @@ static void fiat_p224_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p224_addcarryx_u64(&x159, &x160, x158, x139, x151); fiat_p224_addcarryx_u64(&x161, &x162, x160, x141, x153); fiat_p224_addcarryx_u64(&x163, &x164, x162, x143, x155); - x165 = ((x164 + (x144 + (x136 + x124))) + (x156 + x148)); + x165 = x164 + (x144 + (x136 + x124)) + (x156 + x148); fiat_p224_subborrowx_u64(&x166, &x167, 0x0, x159, 0x1); fiat_p224_subborrowx_u64(&x168, &x169, x167, x161, UINT64_C(0xffffffff00000000)); fiat_p224_subborrowx_u64(&x170, &x171, x169, x163, UINT64_C(0xffffffffffffffff)); @@ -1473,7 +1473,7 @@ static void fiat_p224_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { */ static void fiat_p224_nonzero(uint64_t* out1, const uint64_t arg1[4]) { uint64_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | arg1[3])); *out1 = x1; } @@ -1495,10 +1495,10 @@ static void fiat_p224_selectznz(uint64_t out1[4], fiat_p224_uint1 arg1, const ui uint64_t x2; uint64_t x3; uint64_t x4; - fiat_p224_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p224_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p224_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p224_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + fiat_p224_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_p224_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_p224_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_p224_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -1571,56 +1571,56 @@ static void fiat_p224_to_bytes(uint8_t out1[28], const uint64_t arg1[4]) { uint64_t x50; uint8_t x51; uint8_t x52; - x1 = (arg1[3]); - x2 = (arg1[2]); - x3 = (arg1[1]); - x4 = (arg1[0]); + x1 = arg1[3]; + x2 = arg1[2]; + x3 = arg1[1]; + x4 = arg1[0]; x5 = (uint8_t)(x4 & UINT8_C(0xff)); - x6 = (x4 >> 8); + x6 = x4 >> 8; x7 = (uint8_t)(x6 & UINT8_C(0xff)); - x8 = (x6 >> 8); + x8 = x6 >> 8; x9 = (uint8_t)(x8 & UINT8_C(0xff)); - x10 = (x8 >> 8); + x10 = x8 >> 8; x11 = (uint8_t)(x10 & UINT8_C(0xff)); - x12 = (x10 >> 8); + x12 = x10 >> 8; x13 = (uint8_t)(x12 & UINT8_C(0xff)); - x14 = (x12 >> 8); + x14 = x12 >> 8; x15 = (uint8_t)(x14 & UINT8_C(0xff)); - x16 = (x14 >> 8); + x16 = x14 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); x18 = (uint8_t)(x16 >> 8); x19 = (uint8_t)(x3 & UINT8_C(0xff)); - x20 = (x3 >> 8); + x20 = x3 >> 8; x21 = (uint8_t)(x20 & UINT8_C(0xff)); - x22 = (x20 >> 8); + x22 = x20 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); - x24 = (x22 >> 8); + x24 = x22 >> 8; x25 = (uint8_t)(x24 & UINT8_C(0xff)); - x26 = (x24 >> 8); + x26 = x24 >> 8; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); x32 = (uint8_t)(x30 >> 8); x33 = (uint8_t)(x2 & UINT8_C(0xff)); - x34 = (x2 >> 8); + x34 = x2 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); - x36 = (x34 >> 8); + x36 = x34 >> 8; x37 = (uint8_t)(x36 & UINT8_C(0xff)); - x38 = (x36 >> 8); + x38 = x36 >> 8; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); - x44 = (x42 >> 8); + x44 = x42 >> 8; x45 = (uint8_t)(x44 & UINT8_C(0xff)); x46 = (uint8_t)(x44 >> 8); x47 = (uint8_t)(x1 & UINT8_C(0xff)); - x48 = (x1 >> 8); + x48 = x1 >> 8; x49 = (uint8_t)(x48 & UINT8_C(0xff)); - x50 = (x48 >> 8); + x50 = x48 >> 8; x51 = (uint8_t)(x50 & UINT8_C(0xff)); x52 = (uint8_t)(x50 >> 8); out1[0] = x5; @@ -1720,58 +1720,58 @@ static void fiat_p224_from_bytes(uint64_t out1[4], const uint8_t arg1[28]) { uint64_t x50; uint64_t x51; uint64_t x52; - x1 = ((uint64_t)(arg1[27]) << 24); - x2 = ((uint64_t)(arg1[26]) << 16); - x3 = ((uint64_t)(arg1[25]) << 8); - x4 = (arg1[24]); - x5 = ((uint64_t)(arg1[23]) << 56); - x6 = ((uint64_t)(arg1[22]) << 48); - x7 = ((uint64_t)(arg1[21]) << 40); - x8 = ((uint64_t)(arg1[20]) << 32); - x9 = ((uint64_t)(arg1[19]) << 24); - x10 = ((uint64_t)(arg1[18]) << 16); - x11 = ((uint64_t)(arg1[17]) << 8); - x12 = (arg1[16]); - x13 = ((uint64_t)(arg1[15]) << 56); - x14 = ((uint64_t)(arg1[14]) << 48); - x15 = ((uint64_t)(arg1[13]) << 40); - x16 = ((uint64_t)(arg1[12]) << 32); - x17 = ((uint64_t)(arg1[11]) << 24); - x18 = ((uint64_t)(arg1[10]) << 16); - x19 = ((uint64_t)(arg1[9]) << 8); - x20 = (arg1[8]); - x21 = ((uint64_t)(arg1[7]) << 56); - x22 = ((uint64_t)(arg1[6]) << 48); - x23 = ((uint64_t)(arg1[5]) << 40); - x24 = ((uint64_t)(arg1[4]) << 32); - x25 = ((uint64_t)(arg1[3]) << 24); - x26 = ((uint64_t)(arg1[2]) << 16); - x27 = ((uint64_t)(arg1[1]) << 8); - x28 = (arg1[0]); - x29 = (x27 + (uint64_t)x28); - x30 = (x26 + x29); - x31 = (x25 + x30); - x32 = (x24 + x31); - x33 = (x23 + x32); - x34 = (x22 + x33); - x35 = (x21 + x34); - x36 = (x19 + (uint64_t)x20); - x37 = (x18 + x36); - x38 = (x17 + x37); - x39 = (x16 + x38); - x40 = (x15 + x39); - x41 = (x14 + x40); - x42 = (x13 + x41); - x43 = (x11 + (uint64_t)x12); - x44 = (x10 + x43); - x45 = (x9 + x44); - x46 = (x8 + x45); - x47 = (x7 + x46); - x48 = (x6 + x47); - x49 = (x5 + x48); - x50 = (x3 + (uint64_t)x4); - x51 = (x2 + x50); - x52 = (x1 + x51); + x1 = (uint64_t)arg1[27] << 24; + x2 = (uint64_t)arg1[26] << 16; + x3 = (uint64_t)arg1[25] << 8; + x4 = arg1[24]; + x5 = (uint64_t)arg1[23] << 56; + x6 = (uint64_t)arg1[22] << 48; + x7 = (uint64_t)arg1[21] << 40; + x8 = (uint64_t)arg1[20] << 32; + x9 = (uint64_t)arg1[19] << 24; + x10 = (uint64_t)arg1[18] << 16; + x11 = (uint64_t)arg1[17] << 8; + x12 = arg1[16]; + x13 = (uint64_t)arg1[15] << 56; + x14 = (uint64_t)arg1[14] << 48; + x15 = (uint64_t)arg1[13] << 40; + x16 = (uint64_t)arg1[12] << 32; + x17 = (uint64_t)arg1[11] << 24; + x18 = (uint64_t)arg1[10] << 16; + x19 = (uint64_t)arg1[9] << 8; + x20 = arg1[8]; + x21 = (uint64_t)arg1[7] << 56; + x22 = (uint64_t)arg1[6] << 48; + x23 = (uint64_t)arg1[5] << 40; + x24 = (uint64_t)arg1[4] << 32; + x25 = (uint64_t)arg1[3] << 24; + x26 = (uint64_t)arg1[2] << 16; + x27 = (uint64_t)arg1[1] << 8; + x28 = arg1[0]; + x29 = x27 + (uint64_t)x28; + x30 = x26 + x29; + x31 = x25 + x30; + x32 = x24 + x31; + x33 = x23 + x32; + x34 = x22 + x33; + x35 = x21 + x34; + x36 = x19 + (uint64_t)x20; + x37 = x18 + x36; + x38 = x17 + x37; + x39 = x16 + x38; + x40 = x15 + x39; + x41 = x14 + x40; + x42 = x13 + x41; + x43 = x11 + (uint64_t)x12; + x44 = x10 + x43; + x45 = x9 + x44; + x46 = x8 + x45; + x47 = x7 + x46; + x48 = x6 + x47; + x49 = x5 + x48; + x50 = x3 + (uint64_t)x4; + x51 = x2 + x50; + x52 = x1 + x51; out1[0] = x35; out1[1] = x42; out1[2] = x49; @@ -1972,29 +1972,29 @@ static void fiat_p224_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5] uint64_t x124; uint64_t x125; uint64_t x126; - fiat_p224_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p224_uint1)((fiat_p224_uint1)(x1 >> 63) & (fiat_p224_uint1)((arg3[0]) & 0x1)); - fiat_p224_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p224_addcarryx_u64(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p224_uint1)((fiat_p224_uint1)(x1 >> 63) & (fiat_p224_uint1)(arg3[0] & 0x1)); + fiat_p224_addcarryx_u64(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p224_cmovznz_u64(&x6, x3, arg1, x4); - fiat_p224_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p224_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p224_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p224_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p224_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p224_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0]))); - fiat_p224_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1]))); - fiat_p224_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2]))); - fiat_p224_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3]))); - fiat_p224_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4]))); - fiat_p224_cmovznz_u64(&x22, x3, (arg3[0]), x12); - fiat_p224_cmovznz_u64(&x23, x3, (arg3[1]), x14); - fiat_p224_cmovznz_u64(&x24, x3, (arg3[2]), x16); - fiat_p224_cmovznz_u64(&x25, x3, (arg3[3]), x18); - fiat_p224_cmovznz_u64(&x26, x3, (arg3[4]), x20); - fiat_p224_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0])); - fiat_p224_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1])); - fiat_p224_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2])); - fiat_p224_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3])); + fiat_p224_cmovznz_u64(&x7, x3, arg2[0], arg3[0]); + fiat_p224_cmovznz_u64(&x8, x3, arg2[1], arg3[1]); + fiat_p224_cmovznz_u64(&x9, x3, arg2[2], arg3[2]); + fiat_p224_cmovznz_u64(&x10, x3, arg2[3], arg3[3]); + fiat_p224_cmovznz_u64(&x11, x3, arg2[4], arg3[4]); + fiat_p224_addcarryx_u64(&x12, &x13, 0x0, 0x1, ~arg2[0]); + fiat_p224_addcarryx_u64(&x14, &x15, x13, 0x0, ~arg2[1]); + fiat_p224_addcarryx_u64(&x16, &x17, x15, 0x0, ~arg2[2]); + fiat_p224_addcarryx_u64(&x18, &x19, x17, 0x0, ~arg2[3]); + fiat_p224_addcarryx_u64(&x20, &x21, x19, 0x0, ~arg2[4]); + fiat_p224_cmovznz_u64(&x22, x3, arg3[0], x12); + fiat_p224_cmovznz_u64(&x23, x3, arg3[1], x14); + fiat_p224_cmovznz_u64(&x24, x3, arg3[2], x16); + fiat_p224_cmovznz_u64(&x25, x3, arg3[3], x18); + fiat_p224_cmovznz_u64(&x26, x3, arg3[4], x20); + fiat_p224_cmovznz_u64(&x27, x3, arg4[0], arg5[0]); + fiat_p224_cmovznz_u64(&x28, x3, arg4[1], arg5[1]); + fiat_p224_cmovznz_u64(&x29, x3, arg4[2], arg5[2]); + fiat_p224_cmovznz_u64(&x30, x3, arg4[3], arg5[3]); fiat_p224_addcarryx_u64(&x31, &x32, 0x0, x27, x27); fiat_p224_addcarryx_u64(&x33, &x34, x32, x28, x28); fiat_p224_addcarryx_u64(&x35, &x36, x34, x29, x29); @@ -2004,23 +2004,23 @@ static void fiat_p224_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5] fiat_p224_subborrowx_u64(&x43, &x44, x42, x35, UINT64_C(0xffffffffffffffff)); fiat_p224_subborrowx_u64(&x45, &x46, x44, x37, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u64(&x47, &x48, x46, x38, 0x0); - x49 = (arg4[3]); - x50 = (arg4[2]); - x51 = (arg4[1]); - x52 = (arg4[0]); + x49 = arg4[3]; + x50 = arg4[2]; + x51 = arg4[1]; + x52 = arg4[0]; fiat_p224_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52); fiat_p224_subborrowx_u64(&x55, &x56, x54, 0x0, x51); fiat_p224_subborrowx_u64(&x57, &x58, x56, 0x0, x50); fiat_p224_subborrowx_u64(&x59, &x60, x58, 0x0, x49); fiat_p224_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p224_addcarryx_u64(&x62, &x63, 0x0, x53, (fiat_p224_uint1)(x61 & 0x1)); - fiat_p224_addcarryx_u64(&x64, &x65, x63, x55, (x61 & UINT64_C(0xffffffff00000000))); + fiat_p224_addcarryx_u64(&x64, &x65, x63, x55, x61 & UINT64_C(0xffffffff00000000)); fiat_p224_addcarryx_u64(&x66, &x67, x65, x57, x61); - fiat_p224_addcarryx_u64(&x68, &x69, x67, x59, (x61 & UINT32_C(0xffffffff))); - fiat_p224_cmovznz_u64(&x70, x3, (arg5[0]), x62); - fiat_p224_cmovznz_u64(&x71, x3, (arg5[1]), x64); - fiat_p224_cmovznz_u64(&x72, x3, (arg5[2]), x66); - fiat_p224_cmovznz_u64(&x73, x3, (arg5[3]), x68); + fiat_p224_addcarryx_u64(&x68, &x69, x67, x59, x61 & UINT32_C(0xffffffff)); + fiat_p224_cmovznz_u64(&x70, x3, arg5[0], x62); + fiat_p224_cmovznz_u64(&x71, x3, arg5[1], x64); + fiat_p224_cmovznz_u64(&x72, x3, arg5[2], x66); + fiat_p224_cmovznz_u64(&x73, x3, arg5[3], x68); x74 = (fiat_p224_uint1)(x22 & 0x1); fiat_p224_cmovznz_u64(&x75, x74, 0x0, x7); fiat_p224_cmovznz_u64(&x76, x74, 0x0, x8); @@ -2046,11 +2046,11 @@ static void fiat_p224_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5] fiat_p224_subborrowx_u64(&x108, &x109, x107, x100, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u64(&x110, &x111, x109, x101, 0x0); fiat_p224_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); - x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff))); - x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff))); - x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff))); - x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff))); - x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1)); + x114 = x80 >> 1 | x82 << 63 & UINT64_C(0xffffffffffffffff); + x115 = x82 >> 1 | x84 << 63 & UINT64_C(0xffffffffffffffff); + x116 = x84 >> 1 | x86 << 63 & UINT64_C(0xffffffffffffffff); + x117 = x86 >> 1 | x88 << 63 & UINT64_C(0xffffffffffffffff); + x118 = x88 & UINT64_C(0x8000000000000000) | x88 >> 1; fiat_p224_cmovznz_u64(&x119, x48, x39, x31); fiat_p224_cmovznz_u64(&x120, x48, x41, x33); fiat_p224_cmovznz_u64(&x121, x48, x43, x35); diff --git a/fiat-c/src/p256_32.c b/fiat-c/src/p256_32.c index 28d16a8eb5..b5d3cd022c 100644 --- a/fiat-c/src/p256_32.c +++ b/fiat-c/src/p256_32.c @@ -54,7 +54,7 @@ static void fiat_p256_addcarryx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat_ uint64_t x1; uint32_t x2; fiat_p256_uint1 x3; - x1 = ((arg1 + (uint64_t)arg2) + arg3); + x1 = arg1 + (uint64_t)arg2 + arg3; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (fiat_p256_uint1)(x1 >> 32); *out1 = x2; @@ -80,7 +80,7 @@ static void fiat_p256_subborrowx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat int64_t x1; fiat_p256_int1 x2; uint32_t x3; - x1 = ((arg2 - (int64_t)arg1) - arg3); + x1 = arg2 - (int64_t)arg1 - arg3; x2 = (fiat_p256_int1)(x1 >> 32); x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); *out1 = x3; @@ -105,7 +105,7 @@ static void fiat_p256_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, ui uint64_t x1; uint32_t x2; uint32_t x3; - x1 = ((uint64_t)arg1 * arg2); + x1 = (uint64_t)arg1 * arg2; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (uint32_t)(x1 >> 32); *out1 = x2; @@ -129,9 +129,9 @@ static void fiat_p256_cmovznz_u32(uint32_t* out1, fiat_p256_uint1 arg1, uint32_t fiat_p256_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p256_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_p256_value_barrier_u32(x2) & arg3) | (fiat_p256_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p256_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_p256_value_barrier_u32(x2) & arg3 | fiat_p256_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -815,22 +815,22 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 uint32_t x661; uint32_t x662; uint32_t x663; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[0]); - fiat_p256_mulx_u32(&x9, &x10, x8, (arg2[7])); - fiat_p256_mulx_u32(&x11, &x12, x8, (arg2[6])); - fiat_p256_mulx_u32(&x13, &x14, x8, (arg2[5])); - fiat_p256_mulx_u32(&x15, &x16, x8, (arg2[4])); - fiat_p256_mulx_u32(&x17, &x18, x8, (arg2[3])); - fiat_p256_mulx_u32(&x19, &x20, x8, (arg2[2])); - fiat_p256_mulx_u32(&x21, &x22, x8, (arg2[1])); - fiat_p256_mulx_u32(&x23, &x24, x8, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[0]; + fiat_p256_mulx_u32(&x9, &x10, x8, arg2[7]); + fiat_p256_mulx_u32(&x11, &x12, x8, arg2[6]); + fiat_p256_mulx_u32(&x13, &x14, x8, arg2[5]); + fiat_p256_mulx_u32(&x15, &x16, x8, arg2[4]); + fiat_p256_mulx_u32(&x17, &x18, x8, arg2[3]); + fiat_p256_mulx_u32(&x19, &x20, x8, arg2[2]); + fiat_p256_mulx_u32(&x21, &x22, x8, arg2[1]); + fiat_p256_mulx_u32(&x23, &x24, x8, arg2[0]); fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x24, x21); fiat_p256_addcarryx_u32(&x27, &x28, x26, x22, x19); fiat_p256_addcarryx_u32(&x29, &x30, x28, x20, x17); @@ -838,14 +838,14 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x33, &x34, x32, x16, x13); fiat_p256_addcarryx_u32(&x35, &x36, x34, x14, x11); fiat_p256_addcarryx_u32(&x37, &x38, x36, x12, x9); - x39 = (x38 + x10); + x39 = x38 + x10; fiat_p256_mulx_u32(&x40, &x41, x23, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x42, &x43, x23, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x44, &x45, x23, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x46, &x47, x23, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x47, x44); fiat_p256_addcarryx_u32(&x50, &x51, x49, x45, x42); - x52 = (x51 + x43); + x52 = x51 + x43; fiat_p256_addcarryx_u32(&x53, &x54, 0x0, x23, x46); fiat_p256_addcarryx_u32(&x55, &x56, x54, x25, x48); fiat_p256_addcarryx_u32(&x57, &x58, x56, x27, x50); @@ -855,14 +855,14 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x65, &x66, x64, x35, x23); fiat_p256_addcarryx_u32(&x67, &x68, x66, x37, x40); fiat_p256_addcarryx_u32(&x69, &x70, x68, x39, x41); - fiat_p256_mulx_u32(&x71, &x72, x1, (arg2[7])); - fiat_p256_mulx_u32(&x73, &x74, x1, (arg2[6])); - fiat_p256_mulx_u32(&x75, &x76, x1, (arg2[5])); - fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[4])); - fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[3])); - fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[2])); - fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[1])); - fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[0])); + fiat_p256_mulx_u32(&x71, &x72, x1, arg2[7]); + fiat_p256_mulx_u32(&x73, &x74, x1, arg2[6]); + fiat_p256_mulx_u32(&x75, &x76, x1, arg2[5]); + fiat_p256_mulx_u32(&x77, &x78, x1, arg2[4]); + fiat_p256_mulx_u32(&x79, &x80, x1, arg2[3]); + fiat_p256_mulx_u32(&x81, &x82, x1, arg2[2]); + fiat_p256_mulx_u32(&x83, &x84, x1, arg2[1]); + fiat_p256_mulx_u32(&x85, &x86, x1, arg2[0]); fiat_p256_addcarryx_u32(&x87, &x88, 0x0, x86, x83); fiat_p256_addcarryx_u32(&x89, &x90, x88, x84, x81); fiat_p256_addcarryx_u32(&x91, &x92, x90, x82, x79); @@ -870,7 +870,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x95, &x96, x94, x78, x75); fiat_p256_addcarryx_u32(&x97, &x98, x96, x76, x73); fiat_p256_addcarryx_u32(&x99, &x100, x98, x74, x71); - x101 = (x100 + x72); + x101 = x100 + x72; fiat_p256_addcarryx_u32(&x102, &x103, 0x0, x55, x85); fiat_p256_addcarryx_u32(&x104, &x105, x103, x57, x87); fiat_p256_addcarryx_u32(&x106, &x107, x105, x59, x89); @@ -886,7 +886,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x127, x124); fiat_p256_addcarryx_u32(&x130, &x131, x129, x125, x122); - x132 = (x131 + x123); + x132 = x131 + x123; fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x102, x126); fiat_p256_addcarryx_u32(&x135, &x136, x134, x104, x128); fiat_p256_addcarryx_u32(&x137, &x138, x136, x106, x130); @@ -896,15 +896,15 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x145, &x146, x144, x114, x102); fiat_p256_addcarryx_u32(&x147, &x148, x146, x116, x120); fiat_p256_addcarryx_u32(&x149, &x150, x148, x118, x121); - x151 = ((uint32_t)x150 + x119); - fiat_p256_mulx_u32(&x152, &x153, x2, (arg2[7])); - fiat_p256_mulx_u32(&x154, &x155, x2, (arg2[6])); - fiat_p256_mulx_u32(&x156, &x157, x2, (arg2[5])); - fiat_p256_mulx_u32(&x158, &x159, x2, (arg2[4])); - fiat_p256_mulx_u32(&x160, &x161, x2, (arg2[3])); - fiat_p256_mulx_u32(&x162, &x163, x2, (arg2[2])); - fiat_p256_mulx_u32(&x164, &x165, x2, (arg2[1])); - fiat_p256_mulx_u32(&x166, &x167, x2, (arg2[0])); + x151 = (uint32_t)x150 + x119; + fiat_p256_mulx_u32(&x152, &x153, x2, arg2[7]); + fiat_p256_mulx_u32(&x154, &x155, x2, arg2[6]); + fiat_p256_mulx_u32(&x156, &x157, x2, arg2[5]); + fiat_p256_mulx_u32(&x158, &x159, x2, arg2[4]); + fiat_p256_mulx_u32(&x160, &x161, x2, arg2[3]); + fiat_p256_mulx_u32(&x162, &x163, x2, arg2[2]); + fiat_p256_mulx_u32(&x164, &x165, x2, arg2[1]); + fiat_p256_mulx_u32(&x166, &x167, x2, arg2[0]); fiat_p256_addcarryx_u32(&x168, &x169, 0x0, x167, x164); fiat_p256_addcarryx_u32(&x170, &x171, x169, x165, x162); fiat_p256_addcarryx_u32(&x172, &x173, x171, x163, x160); @@ -912,7 +912,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x176, &x177, x175, x159, x156); fiat_p256_addcarryx_u32(&x178, &x179, x177, x157, x154); fiat_p256_addcarryx_u32(&x180, &x181, x179, x155, x152); - x182 = (x181 + x153); + x182 = x181 + x153; fiat_p256_addcarryx_u32(&x183, &x184, 0x0, x135, x166); fiat_p256_addcarryx_u32(&x185, &x186, x184, x137, x168); fiat_p256_addcarryx_u32(&x187, &x188, x186, x139, x170); @@ -928,7 +928,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x207, &x208, x183, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x209, &x210, 0x0, x208, x205); fiat_p256_addcarryx_u32(&x211, &x212, x210, x206, x203); - x213 = (x212 + x204); + x213 = x212 + x204; fiat_p256_addcarryx_u32(&x214, &x215, 0x0, x183, x207); fiat_p256_addcarryx_u32(&x216, &x217, x215, x185, x209); fiat_p256_addcarryx_u32(&x218, &x219, x217, x187, x211); @@ -938,15 +938,15 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x226, &x227, x225, x195, x183); fiat_p256_addcarryx_u32(&x228, &x229, x227, x197, x201); fiat_p256_addcarryx_u32(&x230, &x231, x229, x199, x202); - x232 = ((uint32_t)x231 + x200); - fiat_p256_mulx_u32(&x233, &x234, x3, (arg2[7])); - fiat_p256_mulx_u32(&x235, &x236, x3, (arg2[6])); - fiat_p256_mulx_u32(&x237, &x238, x3, (arg2[5])); - fiat_p256_mulx_u32(&x239, &x240, x3, (arg2[4])); - fiat_p256_mulx_u32(&x241, &x242, x3, (arg2[3])); - fiat_p256_mulx_u32(&x243, &x244, x3, (arg2[2])); - fiat_p256_mulx_u32(&x245, &x246, x3, (arg2[1])); - fiat_p256_mulx_u32(&x247, &x248, x3, (arg2[0])); + x232 = (uint32_t)x231 + x200; + fiat_p256_mulx_u32(&x233, &x234, x3, arg2[7]); + fiat_p256_mulx_u32(&x235, &x236, x3, arg2[6]); + fiat_p256_mulx_u32(&x237, &x238, x3, arg2[5]); + fiat_p256_mulx_u32(&x239, &x240, x3, arg2[4]); + fiat_p256_mulx_u32(&x241, &x242, x3, arg2[3]); + fiat_p256_mulx_u32(&x243, &x244, x3, arg2[2]); + fiat_p256_mulx_u32(&x245, &x246, x3, arg2[1]); + fiat_p256_mulx_u32(&x247, &x248, x3, arg2[0]); fiat_p256_addcarryx_u32(&x249, &x250, 0x0, x248, x245); fiat_p256_addcarryx_u32(&x251, &x252, x250, x246, x243); fiat_p256_addcarryx_u32(&x253, &x254, x252, x244, x241); @@ -954,7 +954,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x257, &x258, x256, x240, x237); fiat_p256_addcarryx_u32(&x259, &x260, x258, x238, x235); fiat_p256_addcarryx_u32(&x261, &x262, x260, x236, x233); - x263 = (x262 + x234); + x263 = x262 + x234; fiat_p256_addcarryx_u32(&x264, &x265, 0x0, x216, x247); fiat_p256_addcarryx_u32(&x266, &x267, x265, x218, x249); fiat_p256_addcarryx_u32(&x268, &x269, x267, x220, x251); @@ -970,7 +970,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x288, &x289, x264, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x290, &x291, 0x0, x289, x286); fiat_p256_addcarryx_u32(&x292, &x293, x291, x287, x284); - x294 = (x293 + x285); + x294 = x293 + x285; fiat_p256_addcarryx_u32(&x295, &x296, 0x0, x264, x288); fiat_p256_addcarryx_u32(&x297, &x298, x296, x266, x290); fiat_p256_addcarryx_u32(&x299, &x300, x298, x268, x292); @@ -980,15 +980,15 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x307, &x308, x306, x276, x264); fiat_p256_addcarryx_u32(&x309, &x310, x308, x278, x282); fiat_p256_addcarryx_u32(&x311, &x312, x310, x280, x283); - x313 = ((uint32_t)x312 + x281); - fiat_p256_mulx_u32(&x314, &x315, x4, (arg2[7])); - fiat_p256_mulx_u32(&x316, &x317, x4, (arg2[6])); - fiat_p256_mulx_u32(&x318, &x319, x4, (arg2[5])); - fiat_p256_mulx_u32(&x320, &x321, x4, (arg2[4])); - fiat_p256_mulx_u32(&x322, &x323, x4, (arg2[3])); - fiat_p256_mulx_u32(&x324, &x325, x4, (arg2[2])); - fiat_p256_mulx_u32(&x326, &x327, x4, (arg2[1])); - fiat_p256_mulx_u32(&x328, &x329, x4, (arg2[0])); + x313 = (uint32_t)x312 + x281; + fiat_p256_mulx_u32(&x314, &x315, x4, arg2[7]); + fiat_p256_mulx_u32(&x316, &x317, x4, arg2[6]); + fiat_p256_mulx_u32(&x318, &x319, x4, arg2[5]); + fiat_p256_mulx_u32(&x320, &x321, x4, arg2[4]); + fiat_p256_mulx_u32(&x322, &x323, x4, arg2[3]); + fiat_p256_mulx_u32(&x324, &x325, x4, arg2[2]); + fiat_p256_mulx_u32(&x326, &x327, x4, arg2[1]); + fiat_p256_mulx_u32(&x328, &x329, x4, arg2[0]); fiat_p256_addcarryx_u32(&x330, &x331, 0x0, x329, x326); fiat_p256_addcarryx_u32(&x332, &x333, x331, x327, x324); fiat_p256_addcarryx_u32(&x334, &x335, x333, x325, x322); @@ -996,7 +996,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x338, &x339, x337, x321, x318); fiat_p256_addcarryx_u32(&x340, &x341, x339, x319, x316); fiat_p256_addcarryx_u32(&x342, &x343, x341, x317, x314); - x344 = (x343 + x315); + x344 = x343 + x315; fiat_p256_addcarryx_u32(&x345, &x346, 0x0, x297, x328); fiat_p256_addcarryx_u32(&x347, &x348, x346, x299, x330); fiat_p256_addcarryx_u32(&x349, &x350, x348, x301, x332); @@ -1012,7 +1012,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x369, &x370, x345, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x371, &x372, 0x0, x370, x367); fiat_p256_addcarryx_u32(&x373, &x374, x372, x368, x365); - x375 = (x374 + x366); + x375 = x374 + x366; fiat_p256_addcarryx_u32(&x376, &x377, 0x0, x345, x369); fiat_p256_addcarryx_u32(&x378, &x379, x377, x347, x371); fiat_p256_addcarryx_u32(&x380, &x381, x379, x349, x373); @@ -1022,15 +1022,15 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x388, &x389, x387, x357, x345); fiat_p256_addcarryx_u32(&x390, &x391, x389, x359, x363); fiat_p256_addcarryx_u32(&x392, &x393, x391, x361, x364); - x394 = ((uint32_t)x393 + x362); - fiat_p256_mulx_u32(&x395, &x396, x5, (arg2[7])); - fiat_p256_mulx_u32(&x397, &x398, x5, (arg2[6])); - fiat_p256_mulx_u32(&x399, &x400, x5, (arg2[5])); - fiat_p256_mulx_u32(&x401, &x402, x5, (arg2[4])); - fiat_p256_mulx_u32(&x403, &x404, x5, (arg2[3])); - fiat_p256_mulx_u32(&x405, &x406, x5, (arg2[2])); - fiat_p256_mulx_u32(&x407, &x408, x5, (arg2[1])); - fiat_p256_mulx_u32(&x409, &x410, x5, (arg2[0])); + x394 = (uint32_t)x393 + x362; + fiat_p256_mulx_u32(&x395, &x396, x5, arg2[7]); + fiat_p256_mulx_u32(&x397, &x398, x5, arg2[6]); + fiat_p256_mulx_u32(&x399, &x400, x5, arg2[5]); + fiat_p256_mulx_u32(&x401, &x402, x5, arg2[4]); + fiat_p256_mulx_u32(&x403, &x404, x5, arg2[3]); + fiat_p256_mulx_u32(&x405, &x406, x5, arg2[2]); + fiat_p256_mulx_u32(&x407, &x408, x5, arg2[1]); + fiat_p256_mulx_u32(&x409, &x410, x5, arg2[0]); fiat_p256_addcarryx_u32(&x411, &x412, 0x0, x410, x407); fiat_p256_addcarryx_u32(&x413, &x414, x412, x408, x405); fiat_p256_addcarryx_u32(&x415, &x416, x414, x406, x403); @@ -1038,7 +1038,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x419, &x420, x418, x402, x399); fiat_p256_addcarryx_u32(&x421, &x422, x420, x400, x397); fiat_p256_addcarryx_u32(&x423, &x424, x422, x398, x395); - x425 = (x424 + x396); + x425 = x424 + x396; fiat_p256_addcarryx_u32(&x426, &x427, 0x0, x378, x409); fiat_p256_addcarryx_u32(&x428, &x429, x427, x380, x411); fiat_p256_addcarryx_u32(&x430, &x431, x429, x382, x413); @@ -1054,7 +1054,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x450, &x451, x426, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x452, &x453, 0x0, x451, x448); fiat_p256_addcarryx_u32(&x454, &x455, x453, x449, x446); - x456 = (x455 + x447); + x456 = x455 + x447; fiat_p256_addcarryx_u32(&x457, &x458, 0x0, x426, x450); fiat_p256_addcarryx_u32(&x459, &x460, x458, x428, x452); fiat_p256_addcarryx_u32(&x461, &x462, x460, x430, x454); @@ -1064,15 +1064,15 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x469, &x470, x468, x438, x426); fiat_p256_addcarryx_u32(&x471, &x472, x470, x440, x444); fiat_p256_addcarryx_u32(&x473, &x474, x472, x442, x445); - x475 = ((uint32_t)x474 + x443); - fiat_p256_mulx_u32(&x476, &x477, x6, (arg2[7])); - fiat_p256_mulx_u32(&x478, &x479, x6, (arg2[6])); - fiat_p256_mulx_u32(&x480, &x481, x6, (arg2[5])); - fiat_p256_mulx_u32(&x482, &x483, x6, (arg2[4])); - fiat_p256_mulx_u32(&x484, &x485, x6, (arg2[3])); - fiat_p256_mulx_u32(&x486, &x487, x6, (arg2[2])); - fiat_p256_mulx_u32(&x488, &x489, x6, (arg2[1])); - fiat_p256_mulx_u32(&x490, &x491, x6, (arg2[0])); + x475 = (uint32_t)x474 + x443; + fiat_p256_mulx_u32(&x476, &x477, x6, arg2[7]); + fiat_p256_mulx_u32(&x478, &x479, x6, arg2[6]); + fiat_p256_mulx_u32(&x480, &x481, x6, arg2[5]); + fiat_p256_mulx_u32(&x482, &x483, x6, arg2[4]); + fiat_p256_mulx_u32(&x484, &x485, x6, arg2[3]); + fiat_p256_mulx_u32(&x486, &x487, x6, arg2[2]); + fiat_p256_mulx_u32(&x488, &x489, x6, arg2[1]); + fiat_p256_mulx_u32(&x490, &x491, x6, arg2[0]); fiat_p256_addcarryx_u32(&x492, &x493, 0x0, x491, x488); fiat_p256_addcarryx_u32(&x494, &x495, x493, x489, x486); fiat_p256_addcarryx_u32(&x496, &x497, x495, x487, x484); @@ -1080,7 +1080,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x500, &x501, x499, x483, x480); fiat_p256_addcarryx_u32(&x502, &x503, x501, x481, x478); fiat_p256_addcarryx_u32(&x504, &x505, x503, x479, x476); - x506 = (x505 + x477); + x506 = x505 + x477; fiat_p256_addcarryx_u32(&x507, &x508, 0x0, x459, x490); fiat_p256_addcarryx_u32(&x509, &x510, x508, x461, x492); fiat_p256_addcarryx_u32(&x511, &x512, x510, x463, x494); @@ -1096,7 +1096,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x531, &x532, x507, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x533, &x534, 0x0, x532, x529); fiat_p256_addcarryx_u32(&x535, &x536, x534, x530, x527); - x537 = (x536 + x528); + x537 = x536 + x528; fiat_p256_addcarryx_u32(&x538, &x539, 0x0, x507, x531); fiat_p256_addcarryx_u32(&x540, &x541, x539, x509, x533); fiat_p256_addcarryx_u32(&x542, &x543, x541, x511, x535); @@ -1106,15 +1106,15 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x550, &x551, x549, x519, x507); fiat_p256_addcarryx_u32(&x552, &x553, x551, x521, x525); fiat_p256_addcarryx_u32(&x554, &x555, x553, x523, x526); - x556 = ((uint32_t)x555 + x524); - fiat_p256_mulx_u32(&x557, &x558, x7, (arg2[7])); - fiat_p256_mulx_u32(&x559, &x560, x7, (arg2[6])); - fiat_p256_mulx_u32(&x561, &x562, x7, (arg2[5])); - fiat_p256_mulx_u32(&x563, &x564, x7, (arg2[4])); - fiat_p256_mulx_u32(&x565, &x566, x7, (arg2[3])); - fiat_p256_mulx_u32(&x567, &x568, x7, (arg2[2])); - fiat_p256_mulx_u32(&x569, &x570, x7, (arg2[1])); - fiat_p256_mulx_u32(&x571, &x572, x7, (arg2[0])); + x556 = (uint32_t)x555 + x524; + fiat_p256_mulx_u32(&x557, &x558, x7, arg2[7]); + fiat_p256_mulx_u32(&x559, &x560, x7, arg2[6]); + fiat_p256_mulx_u32(&x561, &x562, x7, arg2[5]); + fiat_p256_mulx_u32(&x563, &x564, x7, arg2[4]); + fiat_p256_mulx_u32(&x565, &x566, x7, arg2[3]); + fiat_p256_mulx_u32(&x567, &x568, x7, arg2[2]); + fiat_p256_mulx_u32(&x569, &x570, x7, arg2[1]); + fiat_p256_mulx_u32(&x571, &x572, x7, arg2[0]); fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x572, x569); fiat_p256_addcarryx_u32(&x575, &x576, x574, x570, x567); fiat_p256_addcarryx_u32(&x577, &x578, x576, x568, x565); @@ -1122,7 +1122,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x581, &x582, x580, x564, x561); fiat_p256_addcarryx_u32(&x583, &x584, x582, x562, x559); fiat_p256_addcarryx_u32(&x585, &x586, x584, x560, x557); - x587 = (x586 + x558); + x587 = x586 + x558; fiat_p256_addcarryx_u32(&x588, &x589, 0x0, x540, x571); fiat_p256_addcarryx_u32(&x590, &x591, x589, x542, x573); fiat_p256_addcarryx_u32(&x592, &x593, x591, x544, x575); @@ -1138,7 +1138,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_mulx_u32(&x612, &x613, x588, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x614, &x615, 0x0, x613, x610); fiat_p256_addcarryx_u32(&x616, &x617, x615, x611, x608); - x618 = (x617 + x609); + x618 = x617 + x609; fiat_p256_addcarryx_u32(&x619, &x620, 0x0, x588, x612); fiat_p256_addcarryx_u32(&x621, &x622, x620, x590, x614); fiat_p256_addcarryx_u32(&x623, &x624, x622, x592, x616); @@ -1148,7 +1148,7 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x631, &x632, x630, x600, x588); fiat_p256_addcarryx_u32(&x633, &x634, x632, x602, x606); fiat_p256_addcarryx_u32(&x635, &x636, x634, x604, x607); - x637 = ((uint32_t)x636 + x605); + x637 = (uint32_t)x636 + x605; fiat_p256_subborrowx_u32(&x638, &x639, 0x0, x621, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x640, &x641, x639, x623, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x642, &x643, x641, x625, UINT32_C(0xffffffff)); @@ -1854,22 +1854,22 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { uint32_t x661; uint32_t x662; uint32_t x663; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[0]); - fiat_p256_mulx_u32(&x9, &x10, x8, (arg1[7])); - fiat_p256_mulx_u32(&x11, &x12, x8, (arg1[6])); - fiat_p256_mulx_u32(&x13, &x14, x8, (arg1[5])); - fiat_p256_mulx_u32(&x15, &x16, x8, (arg1[4])); - fiat_p256_mulx_u32(&x17, &x18, x8, (arg1[3])); - fiat_p256_mulx_u32(&x19, &x20, x8, (arg1[2])); - fiat_p256_mulx_u32(&x21, &x22, x8, (arg1[1])); - fiat_p256_mulx_u32(&x23, &x24, x8, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[0]; + fiat_p256_mulx_u32(&x9, &x10, x8, arg1[7]); + fiat_p256_mulx_u32(&x11, &x12, x8, arg1[6]); + fiat_p256_mulx_u32(&x13, &x14, x8, arg1[5]); + fiat_p256_mulx_u32(&x15, &x16, x8, arg1[4]); + fiat_p256_mulx_u32(&x17, &x18, x8, arg1[3]); + fiat_p256_mulx_u32(&x19, &x20, x8, arg1[2]); + fiat_p256_mulx_u32(&x21, &x22, x8, arg1[1]); + fiat_p256_mulx_u32(&x23, &x24, x8, arg1[0]); fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x24, x21); fiat_p256_addcarryx_u32(&x27, &x28, x26, x22, x19); fiat_p256_addcarryx_u32(&x29, &x30, x28, x20, x17); @@ -1877,14 +1877,14 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x33, &x34, x32, x16, x13); fiat_p256_addcarryx_u32(&x35, &x36, x34, x14, x11); fiat_p256_addcarryx_u32(&x37, &x38, x36, x12, x9); - x39 = (x38 + x10); + x39 = x38 + x10; fiat_p256_mulx_u32(&x40, &x41, x23, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x42, &x43, x23, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x44, &x45, x23, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x46, &x47, x23, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x47, x44); fiat_p256_addcarryx_u32(&x50, &x51, x49, x45, x42); - x52 = (x51 + x43); + x52 = x51 + x43; fiat_p256_addcarryx_u32(&x53, &x54, 0x0, x23, x46); fiat_p256_addcarryx_u32(&x55, &x56, x54, x25, x48); fiat_p256_addcarryx_u32(&x57, &x58, x56, x27, x50); @@ -1894,14 +1894,14 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x65, &x66, x64, x35, x23); fiat_p256_addcarryx_u32(&x67, &x68, x66, x37, x40); fiat_p256_addcarryx_u32(&x69, &x70, x68, x39, x41); - fiat_p256_mulx_u32(&x71, &x72, x1, (arg1[7])); - fiat_p256_mulx_u32(&x73, &x74, x1, (arg1[6])); - fiat_p256_mulx_u32(&x75, &x76, x1, (arg1[5])); - fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[4])); - fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[3])); - fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[2])); - fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[1])); - fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[0])); + fiat_p256_mulx_u32(&x71, &x72, x1, arg1[7]); + fiat_p256_mulx_u32(&x73, &x74, x1, arg1[6]); + fiat_p256_mulx_u32(&x75, &x76, x1, arg1[5]); + fiat_p256_mulx_u32(&x77, &x78, x1, arg1[4]); + fiat_p256_mulx_u32(&x79, &x80, x1, arg1[3]); + fiat_p256_mulx_u32(&x81, &x82, x1, arg1[2]); + fiat_p256_mulx_u32(&x83, &x84, x1, arg1[1]); + fiat_p256_mulx_u32(&x85, &x86, x1, arg1[0]); fiat_p256_addcarryx_u32(&x87, &x88, 0x0, x86, x83); fiat_p256_addcarryx_u32(&x89, &x90, x88, x84, x81); fiat_p256_addcarryx_u32(&x91, &x92, x90, x82, x79); @@ -1909,7 +1909,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x95, &x96, x94, x78, x75); fiat_p256_addcarryx_u32(&x97, &x98, x96, x76, x73); fiat_p256_addcarryx_u32(&x99, &x100, x98, x74, x71); - x101 = (x100 + x72); + x101 = x100 + x72; fiat_p256_addcarryx_u32(&x102, &x103, 0x0, x55, x85); fiat_p256_addcarryx_u32(&x104, &x105, x103, x57, x87); fiat_p256_addcarryx_u32(&x106, &x107, x105, x59, x89); @@ -1925,7 +1925,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x127, x124); fiat_p256_addcarryx_u32(&x130, &x131, x129, x125, x122); - x132 = (x131 + x123); + x132 = x131 + x123; fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x102, x126); fiat_p256_addcarryx_u32(&x135, &x136, x134, x104, x128); fiat_p256_addcarryx_u32(&x137, &x138, x136, x106, x130); @@ -1935,15 +1935,15 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x145, &x146, x144, x114, x102); fiat_p256_addcarryx_u32(&x147, &x148, x146, x116, x120); fiat_p256_addcarryx_u32(&x149, &x150, x148, x118, x121); - x151 = ((uint32_t)x150 + x119); - fiat_p256_mulx_u32(&x152, &x153, x2, (arg1[7])); - fiat_p256_mulx_u32(&x154, &x155, x2, (arg1[6])); - fiat_p256_mulx_u32(&x156, &x157, x2, (arg1[5])); - fiat_p256_mulx_u32(&x158, &x159, x2, (arg1[4])); - fiat_p256_mulx_u32(&x160, &x161, x2, (arg1[3])); - fiat_p256_mulx_u32(&x162, &x163, x2, (arg1[2])); - fiat_p256_mulx_u32(&x164, &x165, x2, (arg1[1])); - fiat_p256_mulx_u32(&x166, &x167, x2, (arg1[0])); + x151 = (uint32_t)x150 + x119; + fiat_p256_mulx_u32(&x152, &x153, x2, arg1[7]); + fiat_p256_mulx_u32(&x154, &x155, x2, arg1[6]); + fiat_p256_mulx_u32(&x156, &x157, x2, arg1[5]); + fiat_p256_mulx_u32(&x158, &x159, x2, arg1[4]); + fiat_p256_mulx_u32(&x160, &x161, x2, arg1[3]); + fiat_p256_mulx_u32(&x162, &x163, x2, arg1[2]); + fiat_p256_mulx_u32(&x164, &x165, x2, arg1[1]); + fiat_p256_mulx_u32(&x166, &x167, x2, arg1[0]); fiat_p256_addcarryx_u32(&x168, &x169, 0x0, x167, x164); fiat_p256_addcarryx_u32(&x170, &x171, x169, x165, x162); fiat_p256_addcarryx_u32(&x172, &x173, x171, x163, x160); @@ -1951,7 +1951,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x176, &x177, x175, x159, x156); fiat_p256_addcarryx_u32(&x178, &x179, x177, x157, x154); fiat_p256_addcarryx_u32(&x180, &x181, x179, x155, x152); - x182 = (x181 + x153); + x182 = x181 + x153; fiat_p256_addcarryx_u32(&x183, &x184, 0x0, x135, x166); fiat_p256_addcarryx_u32(&x185, &x186, x184, x137, x168); fiat_p256_addcarryx_u32(&x187, &x188, x186, x139, x170); @@ -1967,7 +1967,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x207, &x208, x183, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x209, &x210, 0x0, x208, x205); fiat_p256_addcarryx_u32(&x211, &x212, x210, x206, x203); - x213 = (x212 + x204); + x213 = x212 + x204; fiat_p256_addcarryx_u32(&x214, &x215, 0x0, x183, x207); fiat_p256_addcarryx_u32(&x216, &x217, x215, x185, x209); fiat_p256_addcarryx_u32(&x218, &x219, x217, x187, x211); @@ -1977,15 +1977,15 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x226, &x227, x225, x195, x183); fiat_p256_addcarryx_u32(&x228, &x229, x227, x197, x201); fiat_p256_addcarryx_u32(&x230, &x231, x229, x199, x202); - x232 = ((uint32_t)x231 + x200); - fiat_p256_mulx_u32(&x233, &x234, x3, (arg1[7])); - fiat_p256_mulx_u32(&x235, &x236, x3, (arg1[6])); - fiat_p256_mulx_u32(&x237, &x238, x3, (arg1[5])); - fiat_p256_mulx_u32(&x239, &x240, x3, (arg1[4])); - fiat_p256_mulx_u32(&x241, &x242, x3, (arg1[3])); - fiat_p256_mulx_u32(&x243, &x244, x3, (arg1[2])); - fiat_p256_mulx_u32(&x245, &x246, x3, (arg1[1])); - fiat_p256_mulx_u32(&x247, &x248, x3, (arg1[0])); + x232 = (uint32_t)x231 + x200; + fiat_p256_mulx_u32(&x233, &x234, x3, arg1[7]); + fiat_p256_mulx_u32(&x235, &x236, x3, arg1[6]); + fiat_p256_mulx_u32(&x237, &x238, x3, arg1[5]); + fiat_p256_mulx_u32(&x239, &x240, x3, arg1[4]); + fiat_p256_mulx_u32(&x241, &x242, x3, arg1[3]); + fiat_p256_mulx_u32(&x243, &x244, x3, arg1[2]); + fiat_p256_mulx_u32(&x245, &x246, x3, arg1[1]); + fiat_p256_mulx_u32(&x247, &x248, x3, arg1[0]); fiat_p256_addcarryx_u32(&x249, &x250, 0x0, x248, x245); fiat_p256_addcarryx_u32(&x251, &x252, x250, x246, x243); fiat_p256_addcarryx_u32(&x253, &x254, x252, x244, x241); @@ -1993,7 +1993,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x257, &x258, x256, x240, x237); fiat_p256_addcarryx_u32(&x259, &x260, x258, x238, x235); fiat_p256_addcarryx_u32(&x261, &x262, x260, x236, x233); - x263 = (x262 + x234); + x263 = x262 + x234; fiat_p256_addcarryx_u32(&x264, &x265, 0x0, x216, x247); fiat_p256_addcarryx_u32(&x266, &x267, x265, x218, x249); fiat_p256_addcarryx_u32(&x268, &x269, x267, x220, x251); @@ -2009,7 +2009,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x288, &x289, x264, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x290, &x291, 0x0, x289, x286); fiat_p256_addcarryx_u32(&x292, &x293, x291, x287, x284); - x294 = (x293 + x285); + x294 = x293 + x285; fiat_p256_addcarryx_u32(&x295, &x296, 0x0, x264, x288); fiat_p256_addcarryx_u32(&x297, &x298, x296, x266, x290); fiat_p256_addcarryx_u32(&x299, &x300, x298, x268, x292); @@ -2019,15 +2019,15 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x307, &x308, x306, x276, x264); fiat_p256_addcarryx_u32(&x309, &x310, x308, x278, x282); fiat_p256_addcarryx_u32(&x311, &x312, x310, x280, x283); - x313 = ((uint32_t)x312 + x281); - fiat_p256_mulx_u32(&x314, &x315, x4, (arg1[7])); - fiat_p256_mulx_u32(&x316, &x317, x4, (arg1[6])); - fiat_p256_mulx_u32(&x318, &x319, x4, (arg1[5])); - fiat_p256_mulx_u32(&x320, &x321, x4, (arg1[4])); - fiat_p256_mulx_u32(&x322, &x323, x4, (arg1[3])); - fiat_p256_mulx_u32(&x324, &x325, x4, (arg1[2])); - fiat_p256_mulx_u32(&x326, &x327, x4, (arg1[1])); - fiat_p256_mulx_u32(&x328, &x329, x4, (arg1[0])); + x313 = (uint32_t)x312 + x281; + fiat_p256_mulx_u32(&x314, &x315, x4, arg1[7]); + fiat_p256_mulx_u32(&x316, &x317, x4, arg1[6]); + fiat_p256_mulx_u32(&x318, &x319, x4, arg1[5]); + fiat_p256_mulx_u32(&x320, &x321, x4, arg1[4]); + fiat_p256_mulx_u32(&x322, &x323, x4, arg1[3]); + fiat_p256_mulx_u32(&x324, &x325, x4, arg1[2]); + fiat_p256_mulx_u32(&x326, &x327, x4, arg1[1]); + fiat_p256_mulx_u32(&x328, &x329, x4, arg1[0]); fiat_p256_addcarryx_u32(&x330, &x331, 0x0, x329, x326); fiat_p256_addcarryx_u32(&x332, &x333, x331, x327, x324); fiat_p256_addcarryx_u32(&x334, &x335, x333, x325, x322); @@ -2035,7 +2035,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x338, &x339, x337, x321, x318); fiat_p256_addcarryx_u32(&x340, &x341, x339, x319, x316); fiat_p256_addcarryx_u32(&x342, &x343, x341, x317, x314); - x344 = (x343 + x315); + x344 = x343 + x315; fiat_p256_addcarryx_u32(&x345, &x346, 0x0, x297, x328); fiat_p256_addcarryx_u32(&x347, &x348, x346, x299, x330); fiat_p256_addcarryx_u32(&x349, &x350, x348, x301, x332); @@ -2051,7 +2051,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x369, &x370, x345, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x371, &x372, 0x0, x370, x367); fiat_p256_addcarryx_u32(&x373, &x374, x372, x368, x365); - x375 = (x374 + x366); + x375 = x374 + x366; fiat_p256_addcarryx_u32(&x376, &x377, 0x0, x345, x369); fiat_p256_addcarryx_u32(&x378, &x379, x377, x347, x371); fiat_p256_addcarryx_u32(&x380, &x381, x379, x349, x373); @@ -2061,15 +2061,15 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x388, &x389, x387, x357, x345); fiat_p256_addcarryx_u32(&x390, &x391, x389, x359, x363); fiat_p256_addcarryx_u32(&x392, &x393, x391, x361, x364); - x394 = ((uint32_t)x393 + x362); - fiat_p256_mulx_u32(&x395, &x396, x5, (arg1[7])); - fiat_p256_mulx_u32(&x397, &x398, x5, (arg1[6])); - fiat_p256_mulx_u32(&x399, &x400, x5, (arg1[5])); - fiat_p256_mulx_u32(&x401, &x402, x5, (arg1[4])); - fiat_p256_mulx_u32(&x403, &x404, x5, (arg1[3])); - fiat_p256_mulx_u32(&x405, &x406, x5, (arg1[2])); - fiat_p256_mulx_u32(&x407, &x408, x5, (arg1[1])); - fiat_p256_mulx_u32(&x409, &x410, x5, (arg1[0])); + x394 = (uint32_t)x393 + x362; + fiat_p256_mulx_u32(&x395, &x396, x5, arg1[7]); + fiat_p256_mulx_u32(&x397, &x398, x5, arg1[6]); + fiat_p256_mulx_u32(&x399, &x400, x5, arg1[5]); + fiat_p256_mulx_u32(&x401, &x402, x5, arg1[4]); + fiat_p256_mulx_u32(&x403, &x404, x5, arg1[3]); + fiat_p256_mulx_u32(&x405, &x406, x5, arg1[2]); + fiat_p256_mulx_u32(&x407, &x408, x5, arg1[1]); + fiat_p256_mulx_u32(&x409, &x410, x5, arg1[0]); fiat_p256_addcarryx_u32(&x411, &x412, 0x0, x410, x407); fiat_p256_addcarryx_u32(&x413, &x414, x412, x408, x405); fiat_p256_addcarryx_u32(&x415, &x416, x414, x406, x403); @@ -2077,7 +2077,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x419, &x420, x418, x402, x399); fiat_p256_addcarryx_u32(&x421, &x422, x420, x400, x397); fiat_p256_addcarryx_u32(&x423, &x424, x422, x398, x395); - x425 = (x424 + x396); + x425 = x424 + x396; fiat_p256_addcarryx_u32(&x426, &x427, 0x0, x378, x409); fiat_p256_addcarryx_u32(&x428, &x429, x427, x380, x411); fiat_p256_addcarryx_u32(&x430, &x431, x429, x382, x413); @@ -2093,7 +2093,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x450, &x451, x426, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x452, &x453, 0x0, x451, x448); fiat_p256_addcarryx_u32(&x454, &x455, x453, x449, x446); - x456 = (x455 + x447); + x456 = x455 + x447; fiat_p256_addcarryx_u32(&x457, &x458, 0x0, x426, x450); fiat_p256_addcarryx_u32(&x459, &x460, x458, x428, x452); fiat_p256_addcarryx_u32(&x461, &x462, x460, x430, x454); @@ -2103,15 +2103,15 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x469, &x470, x468, x438, x426); fiat_p256_addcarryx_u32(&x471, &x472, x470, x440, x444); fiat_p256_addcarryx_u32(&x473, &x474, x472, x442, x445); - x475 = ((uint32_t)x474 + x443); - fiat_p256_mulx_u32(&x476, &x477, x6, (arg1[7])); - fiat_p256_mulx_u32(&x478, &x479, x6, (arg1[6])); - fiat_p256_mulx_u32(&x480, &x481, x6, (arg1[5])); - fiat_p256_mulx_u32(&x482, &x483, x6, (arg1[4])); - fiat_p256_mulx_u32(&x484, &x485, x6, (arg1[3])); - fiat_p256_mulx_u32(&x486, &x487, x6, (arg1[2])); - fiat_p256_mulx_u32(&x488, &x489, x6, (arg1[1])); - fiat_p256_mulx_u32(&x490, &x491, x6, (arg1[0])); + x475 = (uint32_t)x474 + x443; + fiat_p256_mulx_u32(&x476, &x477, x6, arg1[7]); + fiat_p256_mulx_u32(&x478, &x479, x6, arg1[6]); + fiat_p256_mulx_u32(&x480, &x481, x6, arg1[5]); + fiat_p256_mulx_u32(&x482, &x483, x6, arg1[4]); + fiat_p256_mulx_u32(&x484, &x485, x6, arg1[3]); + fiat_p256_mulx_u32(&x486, &x487, x6, arg1[2]); + fiat_p256_mulx_u32(&x488, &x489, x6, arg1[1]); + fiat_p256_mulx_u32(&x490, &x491, x6, arg1[0]); fiat_p256_addcarryx_u32(&x492, &x493, 0x0, x491, x488); fiat_p256_addcarryx_u32(&x494, &x495, x493, x489, x486); fiat_p256_addcarryx_u32(&x496, &x497, x495, x487, x484); @@ -2119,7 +2119,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x500, &x501, x499, x483, x480); fiat_p256_addcarryx_u32(&x502, &x503, x501, x481, x478); fiat_p256_addcarryx_u32(&x504, &x505, x503, x479, x476); - x506 = (x505 + x477); + x506 = x505 + x477; fiat_p256_addcarryx_u32(&x507, &x508, 0x0, x459, x490); fiat_p256_addcarryx_u32(&x509, &x510, x508, x461, x492); fiat_p256_addcarryx_u32(&x511, &x512, x510, x463, x494); @@ -2135,7 +2135,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x531, &x532, x507, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x533, &x534, 0x0, x532, x529); fiat_p256_addcarryx_u32(&x535, &x536, x534, x530, x527); - x537 = (x536 + x528); + x537 = x536 + x528; fiat_p256_addcarryx_u32(&x538, &x539, 0x0, x507, x531); fiat_p256_addcarryx_u32(&x540, &x541, x539, x509, x533); fiat_p256_addcarryx_u32(&x542, &x543, x541, x511, x535); @@ -2145,15 +2145,15 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x550, &x551, x549, x519, x507); fiat_p256_addcarryx_u32(&x552, &x553, x551, x521, x525); fiat_p256_addcarryx_u32(&x554, &x555, x553, x523, x526); - x556 = ((uint32_t)x555 + x524); - fiat_p256_mulx_u32(&x557, &x558, x7, (arg1[7])); - fiat_p256_mulx_u32(&x559, &x560, x7, (arg1[6])); - fiat_p256_mulx_u32(&x561, &x562, x7, (arg1[5])); - fiat_p256_mulx_u32(&x563, &x564, x7, (arg1[4])); - fiat_p256_mulx_u32(&x565, &x566, x7, (arg1[3])); - fiat_p256_mulx_u32(&x567, &x568, x7, (arg1[2])); - fiat_p256_mulx_u32(&x569, &x570, x7, (arg1[1])); - fiat_p256_mulx_u32(&x571, &x572, x7, (arg1[0])); + x556 = (uint32_t)x555 + x524; + fiat_p256_mulx_u32(&x557, &x558, x7, arg1[7]); + fiat_p256_mulx_u32(&x559, &x560, x7, arg1[6]); + fiat_p256_mulx_u32(&x561, &x562, x7, arg1[5]); + fiat_p256_mulx_u32(&x563, &x564, x7, arg1[4]); + fiat_p256_mulx_u32(&x565, &x566, x7, arg1[3]); + fiat_p256_mulx_u32(&x567, &x568, x7, arg1[2]); + fiat_p256_mulx_u32(&x569, &x570, x7, arg1[1]); + fiat_p256_mulx_u32(&x571, &x572, x7, arg1[0]); fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x572, x569); fiat_p256_addcarryx_u32(&x575, &x576, x574, x570, x567); fiat_p256_addcarryx_u32(&x577, &x578, x576, x568, x565); @@ -2161,7 +2161,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x581, &x582, x580, x564, x561); fiat_p256_addcarryx_u32(&x583, &x584, x582, x562, x559); fiat_p256_addcarryx_u32(&x585, &x586, x584, x560, x557); - x587 = (x586 + x558); + x587 = x586 + x558; fiat_p256_addcarryx_u32(&x588, &x589, 0x0, x540, x571); fiat_p256_addcarryx_u32(&x590, &x591, x589, x542, x573); fiat_p256_addcarryx_u32(&x592, &x593, x591, x544, x575); @@ -2177,7 +2177,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_mulx_u32(&x612, &x613, x588, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x614, &x615, 0x0, x613, x610); fiat_p256_addcarryx_u32(&x616, &x617, x615, x611, x608); - x618 = (x617 + x609); + x618 = x617 + x609; fiat_p256_addcarryx_u32(&x619, &x620, 0x0, x588, x612); fiat_p256_addcarryx_u32(&x621, &x622, x620, x590, x614); fiat_p256_addcarryx_u32(&x623, &x624, x622, x592, x616); @@ -2187,7 +2187,7 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x631, &x632, x630, x600, x588); fiat_p256_addcarryx_u32(&x633, &x634, x632, x602, x606); fiat_p256_addcarryx_u32(&x635, &x636, x634, x604, x607); - x637 = ((uint32_t)x636 + x605); + x637 = (uint32_t)x636 + x605; fiat_p256_subborrowx_u32(&x638, &x639, 0x0, x621, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x640, &x641, x639, x623, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x642, &x643, x641, x625, UINT32_C(0xffffffff)); @@ -2274,14 +2274,14 @@ static void fiat_p256_add(uint32_t out1[8], const uint32_t arg1[8], const uint32 uint32_t x40; uint32_t x41; uint32_t x42; - fiat_p256_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p256_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p256_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p256_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p256_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p256_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p256_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); - fiat_p256_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_p256_addcarryx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p256_addcarryx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p256_addcarryx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p256_addcarryx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p256_addcarryx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p256_addcarryx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p256_addcarryx_u32(&x13, &x14, x12, arg1[6], arg2[6]); + fiat_p256_addcarryx_u32(&x15, &x16, x14, arg1[7], arg2[7]); fiat_p256_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x19, &x20, x18, x3, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x21, &x22, x20, x5, UINT32_C(0xffffffff)); @@ -2359,14 +2359,14 @@ static void fiat_p256_sub(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_uint1 x31; uint32_t x32; fiat_p256_uint1 x33; - fiat_p256_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p256_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p256_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p256_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p256_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p256_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p256_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); - fiat_p256_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_p256_subborrowx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p256_subborrowx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p256_subborrowx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p256_subborrowx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p256_subborrowx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p256_subborrowx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p256_subborrowx_u32(&x13, &x14, x12, arg1[6], arg2[6]); + fiat_p256_subborrowx_u32(&x15, &x16, x14, arg1[7], arg2[7]); fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x18, &x19, 0x0, x1, x17); fiat_p256_addcarryx_u32(&x20, &x21, x19, x3, x17); @@ -2434,14 +2434,14 @@ static void fiat_p256_opp(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_uint1 x31; uint32_t x32; fiat_p256_uint1 x33; - fiat_p256_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p256_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p256_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p256_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); - fiat_p256_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); - fiat_p256_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); - fiat_p256_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); - fiat_p256_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); + fiat_p256_subborrowx_u32(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p256_subborrowx_u32(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p256_subborrowx_u32(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p256_subborrowx_u32(&x7, &x8, x6, 0x0, arg1[3]); + fiat_p256_subborrowx_u32(&x9, &x10, x8, 0x0, arg1[4]); + fiat_p256_subborrowx_u32(&x11, &x12, x10, 0x0, arg1[5]); + fiat_p256_subborrowx_u32(&x13, &x14, x12, 0x0, arg1[6]); + fiat_p256_subborrowx_u32(&x15, &x16, x14, 0x0, arg1[7]); fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); fiat_p256_addcarryx_u32(&x18, &x19, 0x0, x1, x17); fiat_p256_addcarryx_u32(&x20, &x21, x19, x3, x17); @@ -2817,7 +2817,7 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) uint32_t x339; uint32_t x340; uint32_t x341; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p256_mulx_u32(&x2, &x3, x1, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x4, &x5, x1, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x6, &x7, x1, UINT32_C(0xffffffff)); @@ -2827,8 +2827,8 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x14, &x15, 0x0, x1, x8); fiat_p256_addcarryx_u32(&x16, &x17, x15, 0x0, x10); fiat_p256_addcarryx_u32(&x18, &x19, x17, 0x0, x12); - fiat_p256_addcarryx_u32(&x20, &x21, x19, 0x0, (x13 + x5)); - fiat_p256_addcarryx_u32(&x22, &x23, 0x0, x16, (arg1[1])); + fiat_p256_addcarryx_u32(&x20, &x21, x19, 0x0, x13 + x5); + fiat_p256_addcarryx_u32(&x22, &x23, 0x0, x16, arg1[1]); fiat_p256_addcarryx_u32(&x24, &x25, x23, x18, 0x0); fiat_p256_addcarryx_u32(&x26, &x27, x25, x20, 0x0); fiat_p256_mulx_u32(&x28, &x29, x22, UINT32_C(0xffffffff)); @@ -2840,10 +2840,10 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x40, &x41, 0x0, x22, x34); fiat_p256_addcarryx_u32(&x42, &x43, x41, x24, x36); fiat_p256_addcarryx_u32(&x44, &x45, x43, x26, x38); - fiat_p256_addcarryx_u32(&x46, &x47, x45, ((uint32_t)x27 + x21), (x39 + x31)); + fiat_p256_addcarryx_u32(&x46, &x47, x45, (uint32_t)x27 + x21, x39 + x31); fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x2, x22); fiat_p256_addcarryx_u32(&x50, &x51, x49, x3, x28); - fiat_p256_addcarryx_u32(&x52, &x53, 0x0, x42, (arg1[2])); + fiat_p256_addcarryx_u32(&x52, &x53, 0x0, x42, arg1[2]); fiat_p256_addcarryx_u32(&x54, &x55, x53, x44, 0x0); fiat_p256_addcarryx_u32(&x56, &x57, x55, x46, 0x0); fiat_p256_mulx_u32(&x58, &x59, x52, UINT32_C(0xffffffff)); @@ -2855,19 +2855,19 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x70, &x71, 0x0, x52, x64); fiat_p256_addcarryx_u32(&x72, &x73, x71, x54, x66); fiat_p256_addcarryx_u32(&x74, &x75, x73, x56, x68); - fiat_p256_addcarryx_u32(&x76, &x77, x75, ((uint32_t)x57 + x47), (x69 + x61)); + fiat_p256_addcarryx_u32(&x76, &x77, x75, (uint32_t)x57 + x47, x69 + x61); fiat_p256_addcarryx_u32(&x78, &x79, x77, x1, 0x0); fiat_p256_addcarryx_u32(&x80, &x81, x79, x48, 0x0); fiat_p256_addcarryx_u32(&x82, &x83, x81, x50, x52); - fiat_p256_addcarryx_u32(&x84, &x85, x83, (x51 + x29), x58); - fiat_p256_addcarryx_u32(&x86, &x87, 0x0, x72, (arg1[3])); + fiat_p256_addcarryx_u32(&x84, &x85, x83, x51 + x29, x58); + fiat_p256_addcarryx_u32(&x86, &x87, 0x0, x72, arg1[3]); fiat_p256_addcarryx_u32(&x88, &x89, x87, x74, 0x0); fiat_p256_addcarryx_u32(&x90, &x91, x89, x76, 0x0); fiat_p256_addcarryx_u32(&x92, &x93, x91, x78, 0x0); fiat_p256_addcarryx_u32(&x94, &x95, x93, x80, 0x0); fiat_p256_addcarryx_u32(&x96, &x97, x95, x82, 0x0); fiat_p256_addcarryx_u32(&x98, &x99, x97, x84, 0x0); - fiat_p256_addcarryx_u32(&x100, &x101, x99, (x85 + x59), 0x0); + fiat_p256_addcarryx_u32(&x100, &x101, x99, x85 + x59, 0x0); fiat_p256_mulx_u32(&x102, &x103, x86, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x104, &x105, x86, UINT32_C(0xffffffff)); fiat_p256_mulx_u32(&x106, &x107, x86, UINT32_C(0xffffffff)); @@ -2877,13 +2877,13 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x114, &x115, 0x0, x86, x108); fiat_p256_addcarryx_u32(&x116, &x117, x115, x88, x110); fiat_p256_addcarryx_u32(&x118, &x119, x117, x90, x112); - fiat_p256_addcarryx_u32(&x120, &x121, x119, x92, (x113 + x105)); + fiat_p256_addcarryx_u32(&x120, &x121, x119, x92, x113 + x105); fiat_p256_addcarryx_u32(&x122, &x123, x121, x94, 0x0); fiat_p256_addcarryx_u32(&x124, &x125, x123, x96, 0x0); fiat_p256_addcarryx_u32(&x126, &x127, x125, x98, x86); fiat_p256_addcarryx_u32(&x128, &x129, x127, x100, x102); fiat_p256_addcarryx_u32(&x130, &x131, x129, x101, x103); - fiat_p256_addcarryx_u32(&x132, &x133, 0x0, x116, (arg1[4])); + fiat_p256_addcarryx_u32(&x132, &x133, 0x0, x116, arg1[4]); fiat_p256_addcarryx_u32(&x134, &x135, x133, x118, 0x0); fiat_p256_addcarryx_u32(&x136, &x137, x135, x120, 0x0); fiat_p256_addcarryx_u32(&x138, &x139, x137, x122, 0x0); @@ -2900,13 +2900,13 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x160, &x161, 0x0, x132, x154); fiat_p256_addcarryx_u32(&x162, &x163, x161, x134, x156); fiat_p256_addcarryx_u32(&x164, &x165, x163, x136, x158); - fiat_p256_addcarryx_u32(&x166, &x167, x165, x138, (x159 + x151)); + fiat_p256_addcarryx_u32(&x166, &x167, x165, x138, x159 + x151); fiat_p256_addcarryx_u32(&x168, &x169, x167, x140, 0x0); fiat_p256_addcarryx_u32(&x170, &x171, x169, x142, 0x0); fiat_p256_addcarryx_u32(&x172, &x173, x171, x144, x132); fiat_p256_addcarryx_u32(&x174, &x175, x173, x146, x148); - fiat_p256_addcarryx_u32(&x176, &x177, x175, ((uint32_t)x147 + x131), x149); - fiat_p256_addcarryx_u32(&x178, &x179, 0x0, x162, (arg1[5])); + fiat_p256_addcarryx_u32(&x176, &x177, x175, (uint32_t)x147 + x131, x149); + fiat_p256_addcarryx_u32(&x178, &x179, 0x0, x162, arg1[5]); fiat_p256_addcarryx_u32(&x180, &x181, x179, x164, 0x0); fiat_p256_addcarryx_u32(&x182, &x183, x181, x166, 0x0); fiat_p256_addcarryx_u32(&x184, &x185, x183, x168, 0x0); @@ -2923,13 +2923,13 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x206, &x207, 0x0, x178, x200); fiat_p256_addcarryx_u32(&x208, &x209, x207, x180, x202); fiat_p256_addcarryx_u32(&x210, &x211, x209, x182, x204); - fiat_p256_addcarryx_u32(&x212, &x213, x211, x184, (x205 + x197)); + fiat_p256_addcarryx_u32(&x212, &x213, x211, x184, x205 + x197); fiat_p256_addcarryx_u32(&x214, &x215, x213, x186, 0x0); fiat_p256_addcarryx_u32(&x216, &x217, x215, x188, 0x0); fiat_p256_addcarryx_u32(&x218, &x219, x217, x190, x178); fiat_p256_addcarryx_u32(&x220, &x221, x219, x192, x194); - fiat_p256_addcarryx_u32(&x222, &x223, x221, ((uint32_t)x193 + x177), x195); - fiat_p256_addcarryx_u32(&x224, &x225, 0x0, x208, (arg1[6])); + fiat_p256_addcarryx_u32(&x222, &x223, x221, (uint32_t)x193 + x177, x195); + fiat_p256_addcarryx_u32(&x224, &x225, 0x0, x208, arg1[6]); fiat_p256_addcarryx_u32(&x226, &x227, x225, x210, 0x0); fiat_p256_addcarryx_u32(&x228, &x229, x227, x212, 0x0); fiat_p256_addcarryx_u32(&x230, &x231, x229, x214, 0x0); @@ -2946,13 +2946,13 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x252, &x253, 0x0, x224, x246); fiat_p256_addcarryx_u32(&x254, &x255, x253, x226, x248); fiat_p256_addcarryx_u32(&x256, &x257, x255, x228, x250); - fiat_p256_addcarryx_u32(&x258, &x259, x257, x230, (x251 + x243)); + fiat_p256_addcarryx_u32(&x258, &x259, x257, x230, x251 + x243); fiat_p256_addcarryx_u32(&x260, &x261, x259, x232, 0x0); fiat_p256_addcarryx_u32(&x262, &x263, x261, x234, 0x0); fiat_p256_addcarryx_u32(&x264, &x265, x263, x236, x224); fiat_p256_addcarryx_u32(&x266, &x267, x265, x238, x240); - fiat_p256_addcarryx_u32(&x268, &x269, x267, ((uint32_t)x239 + x223), x241); - fiat_p256_addcarryx_u32(&x270, &x271, 0x0, x254, (arg1[7])); + fiat_p256_addcarryx_u32(&x268, &x269, x267, (uint32_t)x239 + x223, x241); + fiat_p256_addcarryx_u32(&x270, &x271, 0x0, x254, arg1[7]); fiat_p256_addcarryx_u32(&x272, &x273, x271, x256, 0x0); fiat_p256_addcarryx_u32(&x274, &x275, x273, x258, 0x0); fiat_p256_addcarryx_u32(&x276, &x277, x275, x260, 0x0); @@ -2969,12 +2969,12 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x298, &x299, 0x0, x270, x292); fiat_p256_addcarryx_u32(&x300, &x301, x299, x272, x294); fiat_p256_addcarryx_u32(&x302, &x303, x301, x274, x296); - fiat_p256_addcarryx_u32(&x304, &x305, x303, x276, (x297 + x289)); + fiat_p256_addcarryx_u32(&x304, &x305, x303, x276, x297 + x289); fiat_p256_addcarryx_u32(&x306, &x307, x305, x278, 0x0); fiat_p256_addcarryx_u32(&x308, &x309, x307, x280, 0x0); fiat_p256_addcarryx_u32(&x310, &x311, x309, x282, x270); fiat_p256_addcarryx_u32(&x312, &x313, x311, x284, x286); - fiat_p256_addcarryx_u32(&x314, &x315, x313, ((uint32_t)x285 + x269), x287); + fiat_p256_addcarryx_u32(&x314, &x315, x313, (uint32_t)x285 + x269, x287); fiat_p256_subborrowx_u32(&x316, &x317, 0x0, x300, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x318, &x319, x317, x302, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x320, &x321, x319, x304, UINT32_C(0xffffffff)); @@ -3595,14 +3595,14 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { uint32_t x576; uint32_t x577; uint32_t x578; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[0]; fiat_p256_mulx_u32(&x9, &x10, x8, 0x4); fiat_p256_mulx_u32(&x11, &x12, x8, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x13, &x14, x8, UINT32_C(0xffffffff)); @@ -3624,12 +3624,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x45, &x46, 0x0, x21, x39); fiat_p256_addcarryx_u32(&x47, &x48, x46, x22, x41); fiat_p256_addcarryx_u32(&x49, &x50, x48, x19, x43); - fiat_p256_addcarryx_u32(&x51, &x52, x50, x23, (x44 + x36)); + fiat_p256_addcarryx_u32(&x51, &x52, x50, x23, x44 + x36); fiat_p256_addcarryx_u32(&x53, &x54, x52, x25, 0x0); fiat_p256_addcarryx_u32(&x55, &x56, x54, x27, 0x0); fiat_p256_addcarryx_u32(&x57, &x58, x56, x29, x21); fiat_p256_addcarryx_u32(&x59, &x60, x58, x31, x33); - fiat_p256_addcarryx_u32(&x61, &x62, x60, (x32 + x10), x34); + fiat_p256_addcarryx_u32(&x61, &x62, x60, x32 + x10, x34); fiat_p256_mulx_u32(&x63, &x64, x1, 0x4); fiat_p256_mulx_u32(&x65, &x66, x1, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x67, &x68, x1, UINT32_C(0xffffffff)); @@ -3659,12 +3659,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x115, &x116, 0x0, x87, x109); fiat_p256_addcarryx_u32(&x117, &x118, x116, x89, x111); fiat_p256_addcarryx_u32(&x119, &x120, x118, x91, x113); - fiat_p256_addcarryx_u32(&x121, &x122, x120, x93, (x114 + x106)); + fiat_p256_addcarryx_u32(&x121, &x122, x120, x93, x114 + x106); fiat_p256_addcarryx_u32(&x123, &x124, x122, x95, 0x0); fiat_p256_addcarryx_u32(&x125, &x126, x124, x97, 0x0); fiat_p256_addcarryx_u32(&x127, &x128, x126, x99, x87); fiat_p256_addcarryx_u32(&x129, &x130, x128, x101, x103); - fiat_p256_addcarryx_u32(&x131, &x132, x130, (((uint32_t)x102 + x62) + (x86 + x64)), x104); + fiat_p256_addcarryx_u32(&x131, &x132, x130, (uint32_t)x102 + x62 + (x86 + x64), x104); fiat_p256_mulx_u32(&x133, &x134, x2, 0x4); fiat_p256_mulx_u32(&x135, &x136, x2, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x137, &x138, x2, UINT32_C(0xffffffff)); @@ -3694,12 +3694,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x185, &x186, 0x0, x157, x179); fiat_p256_addcarryx_u32(&x187, &x188, x186, x159, x181); fiat_p256_addcarryx_u32(&x189, &x190, x188, x161, x183); - fiat_p256_addcarryx_u32(&x191, &x192, x190, x163, (x184 + x176)); + fiat_p256_addcarryx_u32(&x191, &x192, x190, x163, x184 + x176); fiat_p256_addcarryx_u32(&x193, &x194, x192, x165, 0x0); fiat_p256_addcarryx_u32(&x195, &x196, x194, x167, 0x0); fiat_p256_addcarryx_u32(&x197, &x198, x196, x169, x157); fiat_p256_addcarryx_u32(&x199, &x200, x198, x171, x173); - fiat_p256_addcarryx_u32(&x201, &x202, x200, (((uint32_t)x172 + x132) + (x156 + x134)), x174); + fiat_p256_addcarryx_u32(&x201, &x202, x200, (uint32_t)x172 + x132 + (x156 + x134), x174); fiat_p256_mulx_u32(&x203, &x204, x3, 0x4); fiat_p256_mulx_u32(&x205, &x206, x3, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x207, &x208, x3, UINT32_C(0xffffffff)); @@ -3729,12 +3729,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x255, &x256, 0x0, x227, x249); fiat_p256_addcarryx_u32(&x257, &x258, x256, x229, x251); fiat_p256_addcarryx_u32(&x259, &x260, x258, x231, x253); - fiat_p256_addcarryx_u32(&x261, &x262, x260, x233, (x254 + x246)); + fiat_p256_addcarryx_u32(&x261, &x262, x260, x233, x254 + x246); fiat_p256_addcarryx_u32(&x263, &x264, x262, x235, 0x0); fiat_p256_addcarryx_u32(&x265, &x266, x264, x237, 0x0); fiat_p256_addcarryx_u32(&x267, &x268, x266, x239, x227); fiat_p256_addcarryx_u32(&x269, &x270, x268, x241, x243); - fiat_p256_addcarryx_u32(&x271, &x272, x270, (((uint32_t)x242 + x202) + (x226 + x204)), x244); + fiat_p256_addcarryx_u32(&x271, &x272, x270, (uint32_t)x242 + x202 + (x226 + x204), x244); fiat_p256_mulx_u32(&x273, &x274, x4, 0x4); fiat_p256_mulx_u32(&x275, &x276, x4, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x277, &x278, x4, UINT32_C(0xffffffff)); @@ -3764,12 +3764,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x325, &x326, 0x0, x297, x319); fiat_p256_addcarryx_u32(&x327, &x328, x326, x299, x321); fiat_p256_addcarryx_u32(&x329, &x330, x328, x301, x323); - fiat_p256_addcarryx_u32(&x331, &x332, x330, x303, (x324 + x316)); + fiat_p256_addcarryx_u32(&x331, &x332, x330, x303, x324 + x316); fiat_p256_addcarryx_u32(&x333, &x334, x332, x305, 0x0); fiat_p256_addcarryx_u32(&x335, &x336, x334, x307, 0x0); fiat_p256_addcarryx_u32(&x337, &x338, x336, x309, x297); fiat_p256_addcarryx_u32(&x339, &x340, x338, x311, x313); - fiat_p256_addcarryx_u32(&x341, &x342, x340, (((uint32_t)x312 + x272) + (x296 + x274)), x314); + fiat_p256_addcarryx_u32(&x341, &x342, x340, (uint32_t)x312 + x272 + (x296 + x274), x314); fiat_p256_mulx_u32(&x343, &x344, x5, 0x4); fiat_p256_mulx_u32(&x345, &x346, x5, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x347, &x348, x5, UINT32_C(0xffffffff)); @@ -3799,12 +3799,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x395, &x396, 0x0, x367, x389); fiat_p256_addcarryx_u32(&x397, &x398, x396, x369, x391); fiat_p256_addcarryx_u32(&x399, &x400, x398, x371, x393); - fiat_p256_addcarryx_u32(&x401, &x402, x400, x373, (x394 + x386)); + fiat_p256_addcarryx_u32(&x401, &x402, x400, x373, x394 + x386); fiat_p256_addcarryx_u32(&x403, &x404, x402, x375, 0x0); fiat_p256_addcarryx_u32(&x405, &x406, x404, x377, 0x0); fiat_p256_addcarryx_u32(&x407, &x408, x406, x379, x367); fiat_p256_addcarryx_u32(&x409, &x410, x408, x381, x383); - fiat_p256_addcarryx_u32(&x411, &x412, x410, (((uint32_t)x382 + x342) + (x366 + x344)), x384); + fiat_p256_addcarryx_u32(&x411, &x412, x410, (uint32_t)x382 + x342 + (x366 + x344), x384); fiat_p256_mulx_u32(&x413, &x414, x6, 0x4); fiat_p256_mulx_u32(&x415, &x416, x6, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x417, &x418, x6, UINT32_C(0xffffffff)); @@ -3834,12 +3834,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x465, &x466, 0x0, x437, x459); fiat_p256_addcarryx_u32(&x467, &x468, x466, x439, x461); fiat_p256_addcarryx_u32(&x469, &x470, x468, x441, x463); - fiat_p256_addcarryx_u32(&x471, &x472, x470, x443, (x464 + x456)); + fiat_p256_addcarryx_u32(&x471, &x472, x470, x443, x464 + x456); fiat_p256_addcarryx_u32(&x473, &x474, x472, x445, 0x0); fiat_p256_addcarryx_u32(&x475, &x476, x474, x447, 0x0); fiat_p256_addcarryx_u32(&x477, &x478, x476, x449, x437); fiat_p256_addcarryx_u32(&x479, &x480, x478, x451, x453); - fiat_p256_addcarryx_u32(&x481, &x482, x480, (((uint32_t)x452 + x412) + (x436 + x414)), x454); + fiat_p256_addcarryx_u32(&x481, &x482, x480, (uint32_t)x452 + x412 + (x436 + x414), x454); fiat_p256_mulx_u32(&x483, &x484, x7, 0x4); fiat_p256_mulx_u32(&x485, &x486, x7, UINT32_C(0xfffffffd)); fiat_p256_mulx_u32(&x487, &x488, x7, UINT32_C(0xffffffff)); @@ -3869,12 +3869,12 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x535, &x536, 0x0, x507, x529); fiat_p256_addcarryx_u32(&x537, &x538, x536, x509, x531); fiat_p256_addcarryx_u32(&x539, &x540, x538, x511, x533); - fiat_p256_addcarryx_u32(&x541, &x542, x540, x513, (x534 + x526)); + fiat_p256_addcarryx_u32(&x541, &x542, x540, x513, x534 + x526); fiat_p256_addcarryx_u32(&x543, &x544, x542, x515, 0x0); fiat_p256_addcarryx_u32(&x545, &x546, x544, x517, 0x0); fiat_p256_addcarryx_u32(&x547, &x548, x546, x519, x507); fiat_p256_addcarryx_u32(&x549, &x550, x548, x521, x523); - fiat_p256_addcarryx_u32(&x551, &x552, x550, (((uint32_t)x522 + x482) + (x506 + x484)), x524); + fiat_p256_addcarryx_u32(&x551, &x552, x550, (uint32_t)x522 + x482 + (x506 + x484), x524); fiat_p256_subborrowx_u32(&x553, &x554, 0x0, x537, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x555, &x556, x554, x539, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x557, &x558, x556, x541, UINT32_C(0xffffffff)); @@ -3917,7 +3917,7 @@ static void fiat_p256_to_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { */ static void fiat_p256_nonzero(uint32_t* out1, const uint32_t arg1[8]) { uint32_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | (arg1[3] | (arg1[4] | (arg1[5] | (arg1[6] | arg1[7])))))); *out1 = x1; } @@ -3943,14 +3943,14 @@ static void fiat_p256_selectznz(uint32_t out1[8], fiat_p256_uint1 arg1, const ui uint32_t x6; uint32_t x7; uint32_t x8; - fiat_p256_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p256_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p256_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p256_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p256_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p256_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p256_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_p256_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + fiat_p256_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_p256_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_p256_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_p256_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_p256_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); + fiat_p256_cmovznz_u32(&x6, arg1, arg2[5], arg3[5]); + fiat_p256_cmovznz_u32(&x7, arg1, arg2[6], arg3[6]); + fiat_p256_cmovznz_u32(&x8, arg1, arg2[7], arg3[7]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -4031,60 +4031,60 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { uint32_t x54; uint8_t x55; uint8_t x56; - x1 = (arg1[7]); - x2 = (arg1[6]); - x3 = (arg1[5]); - x4 = (arg1[4]); - x5 = (arg1[3]); - x6 = (arg1[2]); - x7 = (arg1[1]); - x8 = (arg1[0]); + x1 = arg1[7]; + x2 = arg1[6]; + x3 = arg1[5]; + x4 = arg1[4]; + x5 = arg1[3]; + x6 = arg1[2]; + x7 = arg1[1]; + x8 = arg1[0]; x9 = (uint8_t)(x8 & UINT8_C(0xff)); - x10 = (x8 >> 8); + x10 = x8 >> 8; x11 = (uint8_t)(x10 & UINT8_C(0xff)); - x12 = (x10 >> 8); + x12 = x10 >> 8; x13 = (uint8_t)(x12 & UINT8_C(0xff)); x14 = (uint8_t)(x12 >> 8); x15 = (uint8_t)(x7 & UINT8_C(0xff)); - x16 = (x7 >> 8); + x16 = x7 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); - x18 = (x16 >> 8); + x18 = x16 >> 8; x19 = (uint8_t)(x18 & UINT8_C(0xff)); x20 = (uint8_t)(x18 >> 8); x21 = (uint8_t)(x6 & UINT8_C(0xff)); - x22 = (x6 >> 8); + x22 = x6 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); - x24 = (x22 >> 8); + x24 = x22 >> 8; x25 = (uint8_t)(x24 & UINT8_C(0xff)); x26 = (uint8_t)(x24 >> 8); x27 = (uint8_t)(x5 & UINT8_C(0xff)); - x28 = (x5 >> 8); + x28 = x5 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); x32 = (uint8_t)(x30 >> 8); x33 = (uint8_t)(x4 & UINT8_C(0xff)); - x34 = (x4 >> 8); + x34 = x4 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); - x36 = (x34 >> 8); + x36 = x34 >> 8; x37 = (uint8_t)(x36 & UINT8_C(0xff)); x38 = (uint8_t)(x36 >> 8); x39 = (uint8_t)(x3 & UINT8_C(0xff)); - x40 = (x3 >> 8); + x40 = x3 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); x44 = (uint8_t)(x42 >> 8); x45 = (uint8_t)(x2 & UINT8_C(0xff)); - x46 = (x2 >> 8); + x46 = x2 >> 8; x47 = (uint8_t)(x46 & UINT8_C(0xff)); - x48 = (x46 >> 8); + x48 = x46 >> 8; x49 = (uint8_t)(x48 & UINT8_C(0xff)); x50 = (uint8_t)(x48 >> 8); x51 = (uint8_t)(x1 & UINT8_C(0xff)); - x52 = (x1 >> 8); + x52 = x1 >> 8; x53 = (uint8_t)(x52 & UINT8_C(0xff)); - x54 = (x52 >> 8); + x54 = x52 >> 8; x55 = (uint8_t)(x54 & UINT8_C(0xff)); x56 = (uint8_t)(x54 >> 8); out1[0] = x9; @@ -4192,62 +4192,62 @@ static void fiat_p256_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) { uint32_t x54; uint32_t x55; uint32_t x56; - x1 = ((uint32_t)(arg1[31]) << 24); - x2 = ((uint32_t)(arg1[30]) << 16); - x3 = ((uint32_t)(arg1[29]) << 8); - x4 = (arg1[28]); - x5 = ((uint32_t)(arg1[27]) << 24); - x6 = ((uint32_t)(arg1[26]) << 16); - x7 = ((uint32_t)(arg1[25]) << 8); - x8 = (arg1[24]); - x9 = ((uint32_t)(arg1[23]) << 24); - x10 = ((uint32_t)(arg1[22]) << 16); - x11 = ((uint32_t)(arg1[21]) << 8); - x12 = (arg1[20]); - x13 = ((uint32_t)(arg1[19]) << 24); - x14 = ((uint32_t)(arg1[18]) << 16); - x15 = ((uint32_t)(arg1[17]) << 8); - x16 = (arg1[16]); - x17 = ((uint32_t)(arg1[15]) << 24); - x18 = ((uint32_t)(arg1[14]) << 16); - x19 = ((uint32_t)(arg1[13]) << 8); - x20 = (arg1[12]); - x21 = ((uint32_t)(arg1[11]) << 24); - x22 = ((uint32_t)(arg1[10]) << 16); - x23 = ((uint32_t)(arg1[9]) << 8); - x24 = (arg1[8]); - x25 = ((uint32_t)(arg1[7]) << 24); - x26 = ((uint32_t)(arg1[6]) << 16); - x27 = ((uint32_t)(arg1[5]) << 8); - x28 = (arg1[4]); - x29 = ((uint32_t)(arg1[3]) << 24); - x30 = ((uint32_t)(arg1[2]) << 16); - x31 = ((uint32_t)(arg1[1]) << 8); - x32 = (arg1[0]); - x33 = (x31 + (uint32_t)x32); - x34 = (x30 + x33); - x35 = (x29 + x34); - x36 = (x27 + (uint32_t)x28); - x37 = (x26 + x36); - x38 = (x25 + x37); - x39 = (x23 + (uint32_t)x24); - x40 = (x22 + x39); - x41 = (x21 + x40); - x42 = (x19 + (uint32_t)x20); - x43 = (x18 + x42); - x44 = (x17 + x43); - x45 = (x15 + (uint32_t)x16); - x46 = (x14 + x45); - x47 = (x13 + x46); - x48 = (x11 + (uint32_t)x12); - x49 = (x10 + x48); - x50 = (x9 + x49); - x51 = (x7 + (uint32_t)x8); - x52 = (x6 + x51); - x53 = (x5 + x52); - x54 = (x3 + (uint32_t)x4); - x55 = (x2 + x54); - x56 = (x1 + x55); + x1 = (uint32_t)arg1[31] << 24; + x2 = (uint32_t)arg1[30] << 16; + x3 = (uint32_t)arg1[29] << 8; + x4 = arg1[28]; + x5 = (uint32_t)arg1[27] << 24; + x6 = (uint32_t)arg1[26] << 16; + x7 = (uint32_t)arg1[25] << 8; + x8 = arg1[24]; + x9 = (uint32_t)arg1[23] << 24; + x10 = (uint32_t)arg1[22] << 16; + x11 = (uint32_t)arg1[21] << 8; + x12 = arg1[20]; + x13 = (uint32_t)arg1[19] << 24; + x14 = (uint32_t)arg1[18] << 16; + x15 = (uint32_t)arg1[17] << 8; + x16 = arg1[16]; + x17 = (uint32_t)arg1[15] << 24; + x18 = (uint32_t)arg1[14] << 16; + x19 = (uint32_t)arg1[13] << 8; + x20 = arg1[12]; + x21 = (uint32_t)arg1[11] << 24; + x22 = (uint32_t)arg1[10] << 16; + x23 = (uint32_t)arg1[9] << 8; + x24 = arg1[8]; + x25 = (uint32_t)arg1[7] << 24; + x26 = (uint32_t)arg1[6] << 16; + x27 = (uint32_t)arg1[5] << 8; + x28 = arg1[4]; + x29 = (uint32_t)arg1[3] << 24; + x30 = (uint32_t)arg1[2] << 16; + x31 = (uint32_t)arg1[1] << 8; + x32 = arg1[0]; + x33 = x31 + (uint32_t)x32; + x34 = x30 + x33; + x35 = x29 + x34; + x36 = x27 + (uint32_t)x28; + x37 = x26 + x36; + x38 = x25 + x37; + x39 = x23 + (uint32_t)x24; + x40 = x22 + x39; + x41 = x21 + x40; + x42 = x19 + (uint32_t)x20; + x43 = x18 + x42; + x44 = x17 + x43; + x45 = x15 + (uint32_t)x16; + x46 = x14 + x45; + x47 = x13 + x46; + x48 = x11 + (uint32_t)x12; + x49 = x10 + x48; + x50 = x9 + x49; + x51 = x7 + (uint32_t)x8; + x52 = x6 + x51; + x53 = x5 + x52; + x54 = x3 + (uint32_t)x4; + x55 = x2 + x54; + x56 = x1 + x55; out1[0] = x35; out1[1] = x38; out1[2] = x41; @@ -4564,45 +4564,45 @@ static void fiat_p256_divstep(uint32_t* out1, uint32_t out2[9], uint32_t out3[9] uint32_t x228; uint32_t x229; uint32_t x230; - fiat_p256_addcarryx_u32(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p256_uint1)((fiat_p256_uint1)(x1 >> 31) & (fiat_p256_uint1)((arg3[0]) & 0x1)); - fiat_p256_addcarryx_u32(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p256_addcarryx_u32(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p256_uint1)((fiat_p256_uint1)(x1 >> 31) & (fiat_p256_uint1)(arg3[0] & 0x1)); + fiat_p256_addcarryx_u32(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p256_cmovznz_u32(&x6, x3, arg1, x4); - fiat_p256_cmovznz_u32(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p256_cmovznz_u32(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p256_cmovznz_u32(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p256_cmovznz_u32(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p256_cmovznz_u32(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p256_cmovznz_u32(&x12, x3, (arg2[5]), (arg3[5])); - fiat_p256_cmovznz_u32(&x13, x3, (arg2[6]), (arg3[6])); - fiat_p256_cmovznz_u32(&x14, x3, (arg2[7]), (arg3[7])); - fiat_p256_cmovznz_u32(&x15, x3, (arg2[8]), (arg3[8])); - fiat_p256_addcarryx_u32(&x16, &x17, 0x0, 0x1, (~(arg2[0]))); - fiat_p256_addcarryx_u32(&x18, &x19, x17, 0x0, (~(arg2[1]))); - fiat_p256_addcarryx_u32(&x20, &x21, x19, 0x0, (~(arg2[2]))); - fiat_p256_addcarryx_u32(&x22, &x23, x21, 0x0, (~(arg2[3]))); - fiat_p256_addcarryx_u32(&x24, &x25, x23, 0x0, (~(arg2[4]))); - fiat_p256_addcarryx_u32(&x26, &x27, x25, 0x0, (~(arg2[5]))); - fiat_p256_addcarryx_u32(&x28, &x29, x27, 0x0, (~(arg2[6]))); - fiat_p256_addcarryx_u32(&x30, &x31, x29, 0x0, (~(arg2[7]))); - fiat_p256_addcarryx_u32(&x32, &x33, x31, 0x0, (~(arg2[8]))); - fiat_p256_cmovznz_u32(&x34, x3, (arg3[0]), x16); - fiat_p256_cmovznz_u32(&x35, x3, (arg3[1]), x18); - fiat_p256_cmovznz_u32(&x36, x3, (arg3[2]), x20); - fiat_p256_cmovznz_u32(&x37, x3, (arg3[3]), x22); - fiat_p256_cmovznz_u32(&x38, x3, (arg3[4]), x24); - fiat_p256_cmovznz_u32(&x39, x3, (arg3[5]), x26); - fiat_p256_cmovznz_u32(&x40, x3, (arg3[6]), x28); - fiat_p256_cmovznz_u32(&x41, x3, (arg3[7]), x30); - fiat_p256_cmovznz_u32(&x42, x3, (arg3[8]), x32); - fiat_p256_cmovznz_u32(&x43, x3, (arg4[0]), (arg5[0])); - fiat_p256_cmovznz_u32(&x44, x3, (arg4[1]), (arg5[1])); - fiat_p256_cmovznz_u32(&x45, x3, (arg4[2]), (arg5[2])); - fiat_p256_cmovznz_u32(&x46, x3, (arg4[3]), (arg5[3])); - fiat_p256_cmovznz_u32(&x47, x3, (arg4[4]), (arg5[4])); - fiat_p256_cmovznz_u32(&x48, x3, (arg4[5]), (arg5[5])); - fiat_p256_cmovznz_u32(&x49, x3, (arg4[6]), (arg5[6])); - fiat_p256_cmovznz_u32(&x50, x3, (arg4[7]), (arg5[7])); + fiat_p256_cmovznz_u32(&x7, x3, arg2[0], arg3[0]); + fiat_p256_cmovznz_u32(&x8, x3, arg2[1], arg3[1]); + fiat_p256_cmovznz_u32(&x9, x3, arg2[2], arg3[2]); + fiat_p256_cmovznz_u32(&x10, x3, arg2[3], arg3[3]); + fiat_p256_cmovznz_u32(&x11, x3, arg2[4], arg3[4]); + fiat_p256_cmovznz_u32(&x12, x3, arg2[5], arg3[5]); + fiat_p256_cmovznz_u32(&x13, x3, arg2[6], arg3[6]); + fiat_p256_cmovznz_u32(&x14, x3, arg2[7], arg3[7]); + fiat_p256_cmovznz_u32(&x15, x3, arg2[8], arg3[8]); + fiat_p256_addcarryx_u32(&x16, &x17, 0x0, 0x1, ~arg2[0]); + fiat_p256_addcarryx_u32(&x18, &x19, x17, 0x0, ~arg2[1]); + fiat_p256_addcarryx_u32(&x20, &x21, x19, 0x0, ~arg2[2]); + fiat_p256_addcarryx_u32(&x22, &x23, x21, 0x0, ~arg2[3]); + fiat_p256_addcarryx_u32(&x24, &x25, x23, 0x0, ~arg2[4]); + fiat_p256_addcarryx_u32(&x26, &x27, x25, 0x0, ~arg2[5]); + fiat_p256_addcarryx_u32(&x28, &x29, x27, 0x0, ~arg2[6]); + fiat_p256_addcarryx_u32(&x30, &x31, x29, 0x0, ~arg2[7]); + fiat_p256_addcarryx_u32(&x32, &x33, x31, 0x0, ~arg2[8]); + fiat_p256_cmovznz_u32(&x34, x3, arg3[0], x16); + fiat_p256_cmovznz_u32(&x35, x3, arg3[1], x18); + fiat_p256_cmovznz_u32(&x36, x3, arg3[2], x20); + fiat_p256_cmovznz_u32(&x37, x3, arg3[3], x22); + fiat_p256_cmovznz_u32(&x38, x3, arg3[4], x24); + fiat_p256_cmovznz_u32(&x39, x3, arg3[5], x26); + fiat_p256_cmovznz_u32(&x40, x3, arg3[6], x28); + fiat_p256_cmovznz_u32(&x41, x3, arg3[7], x30); + fiat_p256_cmovznz_u32(&x42, x3, arg3[8], x32); + fiat_p256_cmovznz_u32(&x43, x3, arg4[0], arg5[0]); + fiat_p256_cmovznz_u32(&x44, x3, arg4[1], arg5[1]); + fiat_p256_cmovznz_u32(&x45, x3, arg4[2], arg5[2]); + fiat_p256_cmovznz_u32(&x46, x3, arg4[3], arg5[3]); + fiat_p256_cmovznz_u32(&x47, x3, arg4[4], arg5[4]); + fiat_p256_cmovznz_u32(&x48, x3, arg4[5], arg5[5]); + fiat_p256_cmovznz_u32(&x49, x3, arg4[6], arg5[6]); + fiat_p256_cmovznz_u32(&x50, x3, arg4[7], arg5[7]); fiat_p256_addcarryx_u32(&x51, &x52, 0x0, x43, x43); fiat_p256_addcarryx_u32(&x53, &x54, x52, x44, x44); fiat_p256_addcarryx_u32(&x55, &x56, x54, x45, x45); @@ -4620,14 +4620,14 @@ static void fiat_p256_divstep(uint32_t* out1, uint32_t out2[9], uint32_t out3[9] fiat_p256_subborrowx_u32(&x79, &x80, x78, x63, 0x1); fiat_p256_subborrowx_u32(&x81, &x82, x80, x65, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x83, &x84, x82, x66, 0x0); - x85 = (arg4[7]); - x86 = (arg4[6]); - x87 = (arg4[5]); - x88 = (arg4[4]); - x89 = (arg4[3]); - x90 = (arg4[2]); - x91 = (arg4[1]); - x92 = (arg4[0]); + x85 = arg4[7]; + x86 = arg4[6]; + x87 = arg4[5]; + x88 = arg4[4]; + x89 = arg4[3]; + x90 = arg4[2]; + x91 = arg4[1]; + x92 = arg4[0]; fiat_p256_subborrowx_u32(&x93, &x94, 0x0, 0x0, x92); fiat_p256_subborrowx_u32(&x95, &x96, x94, 0x0, x91); fiat_p256_subborrowx_u32(&x97, &x98, x96, 0x0, x90); @@ -4645,14 +4645,14 @@ static void fiat_p256_divstep(uint32_t* out1, uint32_t out2[9], uint32_t out3[9] fiat_p256_addcarryx_u32(&x120, &x121, x119, x103, 0x0); fiat_p256_addcarryx_u32(&x122, &x123, x121, x105, (fiat_p256_uint1)(x109 & 0x1)); fiat_p256_addcarryx_u32(&x124, &x125, x123, x107, x109); - fiat_p256_cmovznz_u32(&x126, x3, (arg5[0]), x110); - fiat_p256_cmovznz_u32(&x127, x3, (arg5[1]), x112); - fiat_p256_cmovznz_u32(&x128, x3, (arg5[2]), x114); - fiat_p256_cmovznz_u32(&x129, x3, (arg5[3]), x116); - fiat_p256_cmovznz_u32(&x130, x3, (arg5[4]), x118); - fiat_p256_cmovznz_u32(&x131, x3, (arg5[5]), x120); - fiat_p256_cmovznz_u32(&x132, x3, (arg5[6]), x122); - fiat_p256_cmovznz_u32(&x133, x3, (arg5[7]), x124); + fiat_p256_cmovznz_u32(&x126, x3, arg5[0], x110); + fiat_p256_cmovznz_u32(&x127, x3, arg5[1], x112); + fiat_p256_cmovznz_u32(&x128, x3, arg5[2], x114); + fiat_p256_cmovznz_u32(&x129, x3, arg5[3], x116); + fiat_p256_cmovznz_u32(&x130, x3, arg5[4], x118); + fiat_p256_cmovznz_u32(&x131, x3, arg5[5], x120); + fiat_p256_cmovznz_u32(&x132, x3, arg5[6], x122); + fiat_p256_cmovznz_u32(&x133, x3, arg5[7], x124); x134 = (fiat_p256_uint1)(x34 & 0x1); fiat_p256_cmovznz_u32(&x135, x134, 0x0, x7); fiat_p256_cmovznz_u32(&x136, x134, 0x0, x8); @@ -4698,15 +4698,15 @@ static void fiat_p256_divstep(uint32_t* out1, uint32_t out2[9], uint32_t out3[9] fiat_p256_subborrowx_u32(&x200, &x201, x199, x184, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x202, &x203, x201, x185, 0x0); fiat_p256_addcarryx_u32(&x204, &x205, 0x0, x6, 0x1); - x206 = ((x144 >> 1) | ((x146 << 31) & UINT32_C(0xffffffff))); - x207 = ((x146 >> 1) | ((x148 << 31) & UINT32_C(0xffffffff))); - x208 = ((x148 >> 1) | ((x150 << 31) & UINT32_C(0xffffffff))); - x209 = ((x150 >> 1) | ((x152 << 31) & UINT32_C(0xffffffff))); - x210 = ((x152 >> 1) | ((x154 << 31) & UINT32_C(0xffffffff))); - x211 = ((x154 >> 1) | ((x156 << 31) & UINT32_C(0xffffffff))); - x212 = ((x156 >> 1) | ((x158 << 31) & UINT32_C(0xffffffff))); - x213 = ((x158 >> 1) | ((x160 << 31) & UINT32_C(0xffffffff))); - x214 = ((x160 & UINT32_C(0x80000000)) | (x160 >> 1)); + x206 = x144 >> 1 | x146 << 31 & UINT32_C(0xffffffff); + x207 = x146 >> 1 | x148 << 31 & UINT32_C(0xffffffff); + x208 = x148 >> 1 | x150 << 31 & UINT32_C(0xffffffff); + x209 = x150 >> 1 | x152 << 31 & UINT32_C(0xffffffff); + x210 = x152 >> 1 | x154 << 31 & UINT32_C(0xffffffff); + x211 = x154 >> 1 | x156 << 31 & UINT32_C(0xffffffff); + x212 = x156 >> 1 | x158 << 31 & UINT32_C(0xffffffff); + x213 = x158 >> 1 | x160 << 31 & UINT32_C(0xffffffff); + x214 = x160 & UINT32_C(0x80000000) | x160 >> 1; fiat_p256_cmovznz_u32(&x215, x84, x67, x51); fiat_p256_cmovznz_u32(&x216, x84, x69, x53); fiat_p256_cmovznz_u32(&x217, x84, x71, x55); diff --git a/fiat-c/src/p256_64.c b/fiat-c/src/p256_64.c index e3b84e7489..f56c9824eb 100644 --- a/fiat-c/src/p256_64.c +++ b/fiat-c/src/p256_64.c @@ -62,7 +62,7 @@ static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_ fiat_p256_uint128 x1; uint64_t x2; fiat_p256_uint1 x3; - x1 = ((arg1 + (fiat_p256_uint128)arg2) + arg3); + x1 = arg1 + (fiat_p256_uint128)arg2 + arg3; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (fiat_p256_uint1)(x1 >> 64); *out1 = x2; @@ -88,7 +88,7 @@ static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat fiat_p256_int128 x1; fiat_p256_int1 x2; uint64_t x3; - x1 = ((arg2 - (fiat_p256_int128)arg1) - arg3); + x1 = arg2 - (fiat_p256_int128)arg1 - arg3; x2 = (fiat_p256_int1)(x1 >> 64); x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); *out1 = x3; @@ -113,7 +113,7 @@ static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui fiat_p256_uint128 x1; uint64_t x2; uint64_t x3; - x1 = ((fiat_p256_uint128)arg1 * arg2); + x1 = (fiat_p256_uint128)arg1 * arg2; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (uint64_t)(x1 >> 64); *out1 = x2; @@ -137,9 +137,9 @@ static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t fiat_p256_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_p256_value_barrier_u64(x2) & arg3) | (fiat_p256_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_p256_value_barrier_u64(x2) & arg3 | fiat_p256_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -347,36 +347,36 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 uint64_t x185; uint64_t x186; uint64_t x187; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); - fiat_p256_mulx_u64(&x5, &x6, x4, (arg2[3])); - fiat_p256_mulx_u64(&x7, &x8, x4, (arg2[2])); - fiat_p256_mulx_u64(&x9, &x10, x4, (arg2[1])); - fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; + fiat_p256_mulx_u64(&x5, &x6, x4, arg2[3]); + fiat_p256_mulx_u64(&x7, &x8, x4, arg2[2]); + fiat_p256_mulx_u64(&x9, &x10, x4, arg2[1]); + fiat_p256_mulx_u64(&x11, &x12, x4, arg2[0]); fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9); fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7); fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5); - x19 = (x18 + x6); + x19 = x18 + x6; fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001)); fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22); - x28 = (x27 + x23); + x28 = x27 + x23; fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24); fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26); fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28); fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20); fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21); - fiat_p256_mulx_u64(&x39, &x40, x1, (arg2[3])); - fiat_p256_mulx_u64(&x41, &x42, x1, (arg2[2])); - fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[1])); - fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[0])); + fiat_p256_mulx_u64(&x39, &x40, x1, arg2[3]); + fiat_p256_mulx_u64(&x41, &x42, x1, arg2[2]); + fiat_p256_mulx_u64(&x43, &x44, x1, arg2[1]); + fiat_p256_mulx_u64(&x45, &x46, x1, arg2[0]); fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43); fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41); fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39); - x53 = (x52 + x40); + x53 = x52 + x40; fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45); fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47); fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49); @@ -386,21 +386,21 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66); - x72 = (x71 + x67); + x72 = x71 + x67; fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68); fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70); fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72); fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64); fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65); - x83 = ((uint64_t)x82 + x63); - fiat_p256_mulx_u64(&x84, &x85, x2, (arg2[3])); - fiat_p256_mulx_u64(&x86, &x87, x2, (arg2[2])); - fiat_p256_mulx_u64(&x88, &x89, x2, (arg2[1])); - fiat_p256_mulx_u64(&x90, &x91, x2, (arg2[0])); + x83 = (uint64_t)x82 + x63; + fiat_p256_mulx_u64(&x84, &x85, x2, arg2[3]); + fiat_p256_mulx_u64(&x86, &x87, x2, arg2[2]); + fiat_p256_mulx_u64(&x88, &x89, x2, arg2[1]); + fiat_p256_mulx_u64(&x90, &x91, x2, arg2[0]); fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88); fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86); fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84); - x98 = (x97 + x85); + x98 = x97 + x85; fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90); fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92); fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94); @@ -410,21 +410,21 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111); - x117 = (x116 + x112); + x117 = x116 + x112; fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113); fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115); fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117); fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109); fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110); - x128 = ((uint64_t)x127 + x108); - fiat_p256_mulx_u64(&x129, &x130, x3, (arg2[3])); - fiat_p256_mulx_u64(&x131, &x132, x3, (arg2[2])); - fiat_p256_mulx_u64(&x133, &x134, x3, (arg2[1])); - fiat_p256_mulx_u64(&x135, &x136, x3, (arg2[0])); + x128 = (uint64_t)x127 + x108; + fiat_p256_mulx_u64(&x129, &x130, x3, arg2[3]); + fiat_p256_mulx_u64(&x131, &x132, x3, arg2[2]); + fiat_p256_mulx_u64(&x133, &x134, x3, arg2[1]); + fiat_p256_mulx_u64(&x135, &x136, x3, arg2[0]); fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133); fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131); fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129); - x143 = (x142 + x130); + x143 = x142 + x130; fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135); fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137); fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139); @@ -434,13 +434,13 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156); - x162 = (x161 + x157); + x162 = x161 + x157; fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158); fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160); fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162); fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154); fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155); - x173 = ((uint64_t)x172 + x153); + x173 = (uint64_t)x172 + x153; fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff)); fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0); @@ -658,36 +658,36 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { uint64_t x185; uint64_t x186; uint64_t x187; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); - fiat_p256_mulx_u64(&x5, &x6, x4, (arg1[3])); - fiat_p256_mulx_u64(&x7, &x8, x4, (arg1[2])); - fiat_p256_mulx_u64(&x9, &x10, x4, (arg1[1])); - fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; + fiat_p256_mulx_u64(&x5, &x6, x4, arg1[3]); + fiat_p256_mulx_u64(&x7, &x8, x4, arg1[2]); + fiat_p256_mulx_u64(&x9, &x10, x4, arg1[1]); + fiat_p256_mulx_u64(&x11, &x12, x4, arg1[0]); fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9); fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7); fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5); - x19 = (x18 + x6); + x19 = x18 + x6; fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001)); fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22); - x28 = (x27 + x23); + x28 = x27 + x23; fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24); fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26); fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28); fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20); fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21); - fiat_p256_mulx_u64(&x39, &x40, x1, (arg1[3])); - fiat_p256_mulx_u64(&x41, &x42, x1, (arg1[2])); - fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[1])); - fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[0])); + fiat_p256_mulx_u64(&x39, &x40, x1, arg1[3]); + fiat_p256_mulx_u64(&x41, &x42, x1, arg1[2]); + fiat_p256_mulx_u64(&x43, &x44, x1, arg1[1]); + fiat_p256_mulx_u64(&x45, &x46, x1, arg1[0]); fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43); fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41); fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39); - x53 = (x52 + x40); + x53 = x52 + x40; fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45); fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47); fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49); @@ -697,21 +697,21 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66); - x72 = (x71 + x67); + x72 = x71 + x67; fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68); fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70); fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72); fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64); fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65); - x83 = ((uint64_t)x82 + x63); - fiat_p256_mulx_u64(&x84, &x85, x2, (arg1[3])); - fiat_p256_mulx_u64(&x86, &x87, x2, (arg1[2])); - fiat_p256_mulx_u64(&x88, &x89, x2, (arg1[1])); - fiat_p256_mulx_u64(&x90, &x91, x2, (arg1[0])); + x83 = (uint64_t)x82 + x63; + fiat_p256_mulx_u64(&x84, &x85, x2, arg1[3]); + fiat_p256_mulx_u64(&x86, &x87, x2, arg1[2]); + fiat_p256_mulx_u64(&x88, &x89, x2, arg1[1]); + fiat_p256_mulx_u64(&x90, &x91, x2, arg1[0]); fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88); fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86); fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84); - x98 = (x97 + x85); + x98 = x97 + x85; fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90); fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92); fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94); @@ -721,21 +721,21 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111); - x117 = (x116 + x112); + x117 = x116 + x112; fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113); fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115); fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117); fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109); fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110); - x128 = ((uint64_t)x127 + x108); - fiat_p256_mulx_u64(&x129, &x130, x3, (arg1[3])); - fiat_p256_mulx_u64(&x131, &x132, x3, (arg1[2])); - fiat_p256_mulx_u64(&x133, &x134, x3, (arg1[1])); - fiat_p256_mulx_u64(&x135, &x136, x3, (arg1[0])); + x128 = (uint64_t)x127 + x108; + fiat_p256_mulx_u64(&x129, &x130, x3, arg1[3]); + fiat_p256_mulx_u64(&x131, &x132, x3, arg1[2]); + fiat_p256_mulx_u64(&x133, &x134, x3, arg1[1]); + fiat_p256_mulx_u64(&x135, &x136, x3, arg1[0]); fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133); fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131); fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129); - x143 = (x142 + x130); + x143 = x142 + x130; fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135); fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137); fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139); @@ -745,13 +745,13 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156); - x162 = (x161 + x157); + x162 = x161 + x157; fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158); fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160); fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162); fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154); fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155); - x173 = ((uint64_t)x172 + x153); + x173 = (uint64_t)x172 + x153; fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff)); fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0); @@ -806,10 +806,10 @@ static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64 uint64_t x20; uint64_t x21; uint64_t x22; - fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_p256_addcarryx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p256_addcarryx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p256_addcarryx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p256_addcarryx_u64(&x7, &x8, x6, arg1[3], arg2[3]); fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff)); fiat_p256_subborrowx_u64(&x11, &x12, x10, x3, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u64(&x13, &x14, x12, x5, 0x0); @@ -859,15 +859,15 @@ static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p256_uint1 x15; uint64_t x16; fiat_p256_uint1 x17; - fiat_p256_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p256_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p256_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p256_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_p256_subborrowx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p256_subborrowx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p256_subborrowx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p256_subborrowx_u64(&x7, &x8, x6, arg1[3], arg2[3]); fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x9); - fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff))); + fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, x9 & UINT32_C(0xffffffff)); fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0); - fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001))); + fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, x9 & UINT64_C(0xffffffff00000001)); out1[0] = x10; out1[1] = x12; out1[2] = x14; @@ -906,15 +906,15 @@ static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_uint1 x15; uint64_t x16; fiat_p256_uint1 x17; - fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, arg1[3]); fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x9); - fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff))); + fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, x9 & UINT32_C(0xffffffff)); fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0); - fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001))); + fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, x9 & UINT64_C(0xffffffff00000001)); out1[0] = x10; out1[1] = x12; out1[2] = x14; @@ -1026,23 +1026,23 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) uint64_t x88; uint64_t x89; uint64_t x90; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p256_mulx_u64(&x2, &x3, x1, UINT64_C(0xffffffff00000001)); fiat_p256_mulx_u64(&x4, &x5, x1, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x7, x4); fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, x6); fiat_p256_addcarryx_u64(&x12, &x13, x11, 0x0, x8); - fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x12, (arg1[1])); + fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x12, arg1[1]); fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001)); fiat_p256_mulx_u64(&x18, &x19, x14, UINT32_C(0xffffffff)); fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x21, x18); fiat_p256_addcarryx_u64(&x24, &x25, 0x0, x14, x20); - fiat_p256_addcarryx_u64(&x26, &x27, x25, (x15 + (x13 + (x9 + x5))), x22); - fiat_p256_addcarryx_u64(&x28, &x29, x27, x2, (x23 + x19)); + fiat_p256_addcarryx_u64(&x26, &x27, x25, x15 + (x13 + (x9 + x5)), x22); + fiat_p256_addcarryx_u64(&x28, &x29, x27, x2, x23 + x19); fiat_p256_addcarryx_u64(&x30, &x31, x29, x3, x16); - fiat_p256_addcarryx_u64(&x32, &x33, 0x0, x26, (arg1[2])); + fiat_p256_addcarryx_u64(&x32, &x33, 0x0, x26, arg1[2]); fiat_p256_addcarryx_u64(&x34, &x35, x33, x28, 0x0); fiat_p256_addcarryx_u64(&x36, &x37, x35, x30, 0x0); fiat_p256_mulx_u64(&x38, &x39, x32, UINT64_C(0xffffffff00000001)); @@ -1051,9 +1051,9 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p256_addcarryx_u64(&x44, &x45, 0x0, x43, x40); fiat_p256_addcarryx_u64(&x46, &x47, 0x0, x32, x42); fiat_p256_addcarryx_u64(&x48, &x49, x47, x34, x44); - fiat_p256_addcarryx_u64(&x50, &x51, x49, x36, (x45 + x41)); - fiat_p256_addcarryx_u64(&x52, &x53, x51, (x37 + (x31 + x17)), x38); - fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x48, (arg1[3])); + fiat_p256_addcarryx_u64(&x50, &x51, x49, x36, x45 + x41); + fiat_p256_addcarryx_u64(&x52, &x53, x51, x37 + (x31 + x17), x38); + fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x48, arg1[3]); fiat_p256_addcarryx_u64(&x56, &x57, x55, x50, 0x0); fiat_p256_addcarryx_u64(&x58, &x59, x57, x52, 0x0); fiat_p256_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffff00000001)); @@ -1062,9 +1062,9 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p256_addcarryx_u64(&x66, &x67, 0x0, x65, x62); fiat_p256_addcarryx_u64(&x68, &x69, 0x0, x54, x64); fiat_p256_addcarryx_u64(&x70, &x71, x69, x56, x66); - fiat_p256_addcarryx_u64(&x72, &x73, x71, x58, (x67 + x63)); - fiat_p256_addcarryx_u64(&x74, &x75, x73, (x59 + (x53 + x39)), x60); - x76 = (x75 + x61); + fiat_p256_addcarryx_u64(&x72, &x73, x71, x58, x67 + x63); + fiat_p256_addcarryx_u64(&x74, &x75, x73, x59 + (x53 + x39), x60); + x76 = x75 + x61; fiat_p256_subborrowx_u64(&x77, &x78, 0x0, x70, UINT64_C(0xffffffffffffffff)); fiat_p256_subborrowx_u64(&x79, &x80, x78, x72, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u64(&x81, &x82, x80, x74, 0x0); @@ -1265,10 +1265,10 @@ static void fiat_p256_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { uint64_t x168; uint64_t x169; uint64_t x170; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; fiat_p256_mulx_u64(&x5, &x6, x4, UINT64_C(0x4fffffffd)); fiat_p256_mulx_u64(&x7, &x8, x4, UINT64_C(0xfffffffffffffffe)); fiat_p256_mulx_u64(&x9, &x10, x4, UINT64_C(0xfffffffbffffffff)); @@ -1282,9 +1282,9 @@ static void fiat_p256_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_addcarryx_u64(&x25, &x26, 0x0, x24, x21); fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x11, x23); fiat_p256_addcarryx_u64(&x29, &x30, x28, x13, x25); - fiat_p256_addcarryx_u64(&x31, &x32, x30, x15, (x26 + x22)); + fiat_p256_addcarryx_u64(&x31, &x32, x30, x15, x26 + x22); fiat_p256_addcarryx_u64(&x33, &x34, x32, x17, x19); - fiat_p256_addcarryx_u64(&x35, &x36, x34, (x18 + x6), x20); + fiat_p256_addcarryx_u64(&x35, &x36, x34, x18 + x6, x20); fiat_p256_mulx_u64(&x37, &x38, x1, UINT64_C(0x4fffffffd)); fiat_p256_mulx_u64(&x39, &x40, x1, UINT64_C(0xfffffffffffffffe)); fiat_p256_mulx_u64(&x41, &x42, x1, UINT64_C(0xfffffffbffffffff)); @@ -1302,9 +1302,9 @@ static void fiat_p256_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_addcarryx_u64(&x65, &x66, 0x0, x64, x61); fiat_p256_addcarryx_u64(&x67, &x68, 0x0, x51, x63); fiat_p256_addcarryx_u64(&x69, &x70, x68, x53, x65); - fiat_p256_addcarryx_u64(&x71, &x72, x70, x55, (x66 + x62)); + fiat_p256_addcarryx_u64(&x71, &x72, x70, x55, x66 + x62); fiat_p256_addcarryx_u64(&x73, &x74, x72, x57, x59); - fiat_p256_addcarryx_u64(&x75, &x76, x74, (((uint64_t)x58 + x36) + (x50 + x38)), x60); + fiat_p256_addcarryx_u64(&x75, &x76, x74, (uint64_t)x58 + x36 + (x50 + x38), x60); fiat_p256_mulx_u64(&x77, &x78, x2, UINT64_C(0x4fffffffd)); fiat_p256_mulx_u64(&x79, &x80, x2, UINT64_C(0xfffffffffffffffe)); fiat_p256_mulx_u64(&x81, &x82, x2, UINT64_C(0xfffffffbffffffff)); @@ -1322,9 +1322,9 @@ static void fiat_p256_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_addcarryx_u64(&x105, &x106, 0x0, x104, x101); fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x91, x103); fiat_p256_addcarryx_u64(&x109, &x110, x108, x93, x105); - fiat_p256_addcarryx_u64(&x111, &x112, x110, x95, (x106 + x102)); + fiat_p256_addcarryx_u64(&x111, &x112, x110, x95, x106 + x102); fiat_p256_addcarryx_u64(&x113, &x114, x112, x97, x99); - fiat_p256_addcarryx_u64(&x115, &x116, x114, (((uint64_t)x98 + x76) + (x90 + x78)), x100); + fiat_p256_addcarryx_u64(&x115, &x116, x114, (uint64_t)x98 + x76 + (x90 + x78), x100); fiat_p256_mulx_u64(&x117, &x118, x3, UINT64_C(0x4fffffffd)); fiat_p256_mulx_u64(&x119, &x120, x3, UINT64_C(0xfffffffffffffffe)); fiat_p256_mulx_u64(&x121, &x122, x3, UINT64_C(0xfffffffbffffffff)); @@ -1342,9 +1342,9 @@ static void fiat_p256_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_addcarryx_u64(&x145, &x146, 0x0, x144, x141); fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x131, x143); fiat_p256_addcarryx_u64(&x149, &x150, x148, x133, x145); - fiat_p256_addcarryx_u64(&x151, &x152, x150, x135, (x146 + x142)); + fiat_p256_addcarryx_u64(&x151, &x152, x150, x135, x146 + x142); fiat_p256_addcarryx_u64(&x153, &x154, x152, x137, x139); - fiat_p256_addcarryx_u64(&x155, &x156, x154, (((uint64_t)x138 + x116) + (x130 + x118)), x140); + fiat_p256_addcarryx_u64(&x155, &x156, x154, (uint64_t)x138 + x116 + (x130 + x118), x140); fiat_p256_subborrowx_u64(&x157, &x158, 0x0, x149, UINT64_C(0xffffffffffffffff)); fiat_p256_subborrowx_u64(&x159, &x160, x158, x151, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u64(&x161, &x162, x160, x153, 0x0); @@ -1375,7 +1375,7 @@ static void fiat_p256_to_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { */ static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) { uint64_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | arg1[3])); *out1 = x1; } @@ -1397,10 +1397,10 @@ static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const ui uint64_t x2; uint64_t x3; uint64_t x4; - fiat_p256_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p256_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p256_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p256_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + fiat_p256_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_p256_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_p256_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_p256_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -1481,64 +1481,64 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint64_t x58; uint8_t x59; uint8_t x60; - x1 = (arg1[3]); - x2 = (arg1[2]); - x3 = (arg1[1]); - x4 = (arg1[0]); + x1 = arg1[3]; + x2 = arg1[2]; + x3 = arg1[1]; + x4 = arg1[0]; x5 = (uint8_t)(x4 & UINT8_C(0xff)); - x6 = (x4 >> 8); + x6 = x4 >> 8; x7 = (uint8_t)(x6 & UINT8_C(0xff)); - x8 = (x6 >> 8); + x8 = x6 >> 8; x9 = (uint8_t)(x8 & UINT8_C(0xff)); - x10 = (x8 >> 8); + x10 = x8 >> 8; x11 = (uint8_t)(x10 & UINT8_C(0xff)); - x12 = (x10 >> 8); + x12 = x10 >> 8; x13 = (uint8_t)(x12 & UINT8_C(0xff)); - x14 = (x12 >> 8); + x14 = x12 >> 8; x15 = (uint8_t)(x14 & UINT8_C(0xff)); - x16 = (x14 >> 8); + x16 = x14 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); x18 = (uint8_t)(x16 >> 8); x19 = (uint8_t)(x3 & UINT8_C(0xff)); - x20 = (x3 >> 8); + x20 = x3 >> 8; x21 = (uint8_t)(x20 & UINT8_C(0xff)); - x22 = (x20 >> 8); + x22 = x20 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); - x24 = (x22 >> 8); + x24 = x22 >> 8; x25 = (uint8_t)(x24 & UINT8_C(0xff)); - x26 = (x24 >> 8); + x26 = x24 >> 8; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); x32 = (uint8_t)(x30 >> 8); x33 = (uint8_t)(x2 & UINT8_C(0xff)); - x34 = (x2 >> 8); + x34 = x2 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); - x36 = (x34 >> 8); + x36 = x34 >> 8; x37 = (uint8_t)(x36 & UINT8_C(0xff)); - x38 = (x36 >> 8); + x38 = x36 >> 8; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); - x44 = (x42 >> 8); + x44 = x42 >> 8; x45 = (uint8_t)(x44 & UINT8_C(0xff)); x46 = (uint8_t)(x44 >> 8); x47 = (uint8_t)(x1 & UINT8_C(0xff)); - x48 = (x1 >> 8); + x48 = x1 >> 8; x49 = (uint8_t)(x48 & UINT8_C(0xff)); - x50 = (x48 >> 8); + x50 = x48 >> 8; x51 = (uint8_t)(x50 & UINT8_C(0xff)); - x52 = (x50 >> 8); + x52 = x50 >> 8; x53 = (uint8_t)(x52 & UINT8_C(0xff)); - x54 = (x52 >> 8); + x54 = x52 >> 8; x55 = (uint8_t)(x54 & UINT8_C(0xff)); - x56 = (x54 >> 8); + x56 = x54 >> 8; x57 = (uint8_t)(x56 & UINT8_C(0xff)); - x58 = (x56 >> 8); + x58 = x56 >> 8; x59 = (uint8_t)(x58 & UINT8_C(0xff)); x60 = (uint8_t)(x58 >> 8); out1[0] = x5; @@ -1650,66 +1650,66 @@ static void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { uint64_t x58; uint64_t x59; uint64_t x60; - x1 = ((uint64_t)(arg1[31]) << 56); - x2 = ((uint64_t)(arg1[30]) << 48); - x3 = ((uint64_t)(arg1[29]) << 40); - x4 = ((uint64_t)(arg1[28]) << 32); - x5 = ((uint64_t)(arg1[27]) << 24); - x6 = ((uint64_t)(arg1[26]) << 16); - x7 = ((uint64_t)(arg1[25]) << 8); - x8 = (arg1[24]); - x9 = ((uint64_t)(arg1[23]) << 56); - x10 = ((uint64_t)(arg1[22]) << 48); - x11 = ((uint64_t)(arg1[21]) << 40); - x12 = ((uint64_t)(arg1[20]) << 32); - x13 = ((uint64_t)(arg1[19]) << 24); - x14 = ((uint64_t)(arg1[18]) << 16); - x15 = ((uint64_t)(arg1[17]) << 8); - x16 = (arg1[16]); - x17 = ((uint64_t)(arg1[15]) << 56); - x18 = ((uint64_t)(arg1[14]) << 48); - x19 = ((uint64_t)(arg1[13]) << 40); - x20 = ((uint64_t)(arg1[12]) << 32); - x21 = ((uint64_t)(arg1[11]) << 24); - x22 = ((uint64_t)(arg1[10]) << 16); - x23 = ((uint64_t)(arg1[9]) << 8); - x24 = (arg1[8]); - x25 = ((uint64_t)(arg1[7]) << 56); - x26 = ((uint64_t)(arg1[6]) << 48); - x27 = ((uint64_t)(arg1[5]) << 40); - x28 = ((uint64_t)(arg1[4]) << 32); - x29 = ((uint64_t)(arg1[3]) << 24); - x30 = ((uint64_t)(arg1[2]) << 16); - x31 = ((uint64_t)(arg1[1]) << 8); - x32 = (arg1[0]); - x33 = (x31 + (uint64_t)x32); - x34 = (x30 + x33); - x35 = (x29 + x34); - x36 = (x28 + x35); - x37 = (x27 + x36); - x38 = (x26 + x37); - x39 = (x25 + x38); - x40 = (x23 + (uint64_t)x24); - x41 = (x22 + x40); - x42 = (x21 + x41); - x43 = (x20 + x42); - x44 = (x19 + x43); - x45 = (x18 + x44); - x46 = (x17 + x45); - x47 = (x15 + (uint64_t)x16); - x48 = (x14 + x47); - x49 = (x13 + x48); - x50 = (x12 + x49); - x51 = (x11 + x50); - x52 = (x10 + x51); - x53 = (x9 + x52); - x54 = (x7 + (uint64_t)x8); - x55 = (x6 + x54); - x56 = (x5 + x55); - x57 = (x4 + x56); - x58 = (x3 + x57); - x59 = (x2 + x58); - x60 = (x1 + x59); + x1 = (uint64_t)arg1[31] << 56; + x2 = (uint64_t)arg1[30] << 48; + x3 = (uint64_t)arg1[29] << 40; + x4 = (uint64_t)arg1[28] << 32; + x5 = (uint64_t)arg1[27] << 24; + x6 = (uint64_t)arg1[26] << 16; + x7 = (uint64_t)arg1[25] << 8; + x8 = arg1[24]; + x9 = (uint64_t)arg1[23] << 56; + x10 = (uint64_t)arg1[22] << 48; + x11 = (uint64_t)arg1[21] << 40; + x12 = (uint64_t)arg1[20] << 32; + x13 = (uint64_t)arg1[19] << 24; + x14 = (uint64_t)arg1[18] << 16; + x15 = (uint64_t)arg1[17] << 8; + x16 = arg1[16]; + x17 = (uint64_t)arg1[15] << 56; + x18 = (uint64_t)arg1[14] << 48; + x19 = (uint64_t)arg1[13] << 40; + x20 = (uint64_t)arg1[12] << 32; + x21 = (uint64_t)arg1[11] << 24; + x22 = (uint64_t)arg1[10] << 16; + x23 = (uint64_t)arg1[9] << 8; + x24 = arg1[8]; + x25 = (uint64_t)arg1[7] << 56; + x26 = (uint64_t)arg1[6] << 48; + x27 = (uint64_t)arg1[5] << 40; + x28 = (uint64_t)arg1[4] << 32; + x29 = (uint64_t)arg1[3] << 24; + x30 = (uint64_t)arg1[2] << 16; + x31 = (uint64_t)arg1[1] << 8; + x32 = arg1[0]; + x33 = x31 + (uint64_t)x32; + x34 = x30 + x33; + x35 = x29 + x34; + x36 = x28 + x35; + x37 = x27 + x36; + x38 = x26 + x37; + x39 = x25 + x38; + x40 = x23 + (uint64_t)x24; + x41 = x22 + x40; + x42 = x21 + x41; + x43 = x20 + x42; + x44 = x19 + x43; + x45 = x18 + x44; + x46 = x17 + x45; + x47 = x15 + (uint64_t)x16; + x48 = x14 + x47; + x49 = x13 + x48; + x50 = x12 + x49; + x51 = x11 + x50; + x52 = x10 + x51; + x53 = x9 + x52; + x54 = x7 + (uint64_t)x8; + x55 = x6 + x54; + x56 = x5 + x55; + x57 = x4 + x56; + x58 = x3 + x57; + x59 = x2 + x58; + x60 = x1 + x59; out1[0] = x39; out1[1] = x46; out1[2] = x53; @@ -1910,29 +1910,29 @@ static void fiat_p256_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5] uint64_t x124; uint64_t x125; uint64_t x126; - fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p256_uint1)((fiat_p256_uint1)(x1 >> 63) & (fiat_p256_uint1)((arg3[0]) & 0x1)); - fiat_p256_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p256_addcarryx_u64(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p256_uint1)((fiat_p256_uint1)(x1 >> 63) & (fiat_p256_uint1)(arg3[0] & 0x1)); + fiat_p256_addcarryx_u64(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p256_cmovznz_u64(&x6, x3, arg1, x4); - fiat_p256_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p256_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p256_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p256_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p256_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p256_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0]))); - fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1]))); - fiat_p256_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2]))); - fiat_p256_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3]))); - fiat_p256_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4]))); - fiat_p256_cmovznz_u64(&x22, x3, (arg3[0]), x12); - fiat_p256_cmovznz_u64(&x23, x3, (arg3[1]), x14); - fiat_p256_cmovznz_u64(&x24, x3, (arg3[2]), x16); - fiat_p256_cmovznz_u64(&x25, x3, (arg3[3]), x18); - fiat_p256_cmovznz_u64(&x26, x3, (arg3[4]), x20); - fiat_p256_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0])); - fiat_p256_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1])); - fiat_p256_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2])); - fiat_p256_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3])); + fiat_p256_cmovznz_u64(&x7, x3, arg2[0], arg3[0]); + fiat_p256_cmovznz_u64(&x8, x3, arg2[1], arg3[1]); + fiat_p256_cmovznz_u64(&x9, x3, arg2[2], arg3[2]); + fiat_p256_cmovznz_u64(&x10, x3, arg2[3], arg3[3]); + fiat_p256_cmovznz_u64(&x11, x3, arg2[4], arg3[4]); + fiat_p256_addcarryx_u64(&x12, &x13, 0x0, 0x1, ~arg2[0]); + fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, ~arg2[1]); + fiat_p256_addcarryx_u64(&x16, &x17, x15, 0x0, ~arg2[2]); + fiat_p256_addcarryx_u64(&x18, &x19, x17, 0x0, ~arg2[3]); + fiat_p256_addcarryx_u64(&x20, &x21, x19, 0x0, ~arg2[4]); + fiat_p256_cmovznz_u64(&x22, x3, arg3[0], x12); + fiat_p256_cmovznz_u64(&x23, x3, arg3[1], x14); + fiat_p256_cmovznz_u64(&x24, x3, arg3[2], x16); + fiat_p256_cmovznz_u64(&x25, x3, arg3[3], x18); + fiat_p256_cmovznz_u64(&x26, x3, arg3[4], x20); + fiat_p256_cmovznz_u64(&x27, x3, arg4[0], arg5[0]); + fiat_p256_cmovznz_u64(&x28, x3, arg4[1], arg5[1]); + fiat_p256_cmovznz_u64(&x29, x3, arg4[2], arg5[2]); + fiat_p256_cmovznz_u64(&x30, x3, arg4[3], arg5[3]); fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x27, x27); fiat_p256_addcarryx_u64(&x33, &x34, x32, x28, x28); fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x29); @@ -1942,23 +1942,23 @@ static void fiat_p256_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5] fiat_p256_subborrowx_u64(&x43, &x44, x42, x35, 0x0); fiat_p256_subborrowx_u64(&x45, &x46, x44, x37, UINT64_C(0xffffffff00000001)); fiat_p256_subborrowx_u64(&x47, &x48, x46, x38, 0x0); - x49 = (arg4[3]); - x50 = (arg4[2]); - x51 = (arg4[1]); - x52 = (arg4[0]); + x49 = arg4[3]; + x50 = arg4[2]; + x51 = arg4[1]; + x52 = arg4[0]; fiat_p256_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52); fiat_p256_subborrowx_u64(&x55, &x56, x54, 0x0, x51); fiat_p256_subborrowx_u64(&x57, &x58, x56, 0x0, x50); fiat_p256_subborrowx_u64(&x59, &x60, x58, 0x0, x49); fiat_p256_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p256_addcarryx_u64(&x62, &x63, 0x0, x53, x61); - fiat_p256_addcarryx_u64(&x64, &x65, x63, x55, (x61 & UINT32_C(0xffffffff))); + fiat_p256_addcarryx_u64(&x64, &x65, x63, x55, x61 & UINT32_C(0xffffffff)); fiat_p256_addcarryx_u64(&x66, &x67, x65, x57, 0x0); - fiat_p256_addcarryx_u64(&x68, &x69, x67, x59, (x61 & UINT64_C(0xffffffff00000001))); - fiat_p256_cmovznz_u64(&x70, x3, (arg5[0]), x62); - fiat_p256_cmovznz_u64(&x71, x3, (arg5[1]), x64); - fiat_p256_cmovznz_u64(&x72, x3, (arg5[2]), x66); - fiat_p256_cmovznz_u64(&x73, x3, (arg5[3]), x68); + fiat_p256_addcarryx_u64(&x68, &x69, x67, x59, x61 & UINT64_C(0xffffffff00000001)); + fiat_p256_cmovznz_u64(&x70, x3, arg5[0], x62); + fiat_p256_cmovznz_u64(&x71, x3, arg5[1], x64); + fiat_p256_cmovznz_u64(&x72, x3, arg5[2], x66); + fiat_p256_cmovznz_u64(&x73, x3, arg5[3], x68); x74 = (fiat_p256_uint1)(x22 & 0x1); fiat_p256_cmovznz_u64(&x75, x74, 0x0, x7); fiat_p256_cmovznz_u64(&x76, x74, 0x0, x8); @@ -1984,11 +1984,11 @@ static void fiat_p256_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5] fiat_p256_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffff00000001)); fiat_p256_subborrowx_u64(&x110, &x111, x109, x101, 0x0); fiat_p256_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); - x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff))); - x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff))); - x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff))); - x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff))); - x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1)); + x114 = x80 >> 1 | x82 << 63 & UINT64_C(0xffffffffffffffff); + x115 = x82 >> 1 | x84 << 63 & UINT64_C(0xffffffffffffffff); + x116 = x84 >> 1 | x86 << 63 & UINT64_C(0xffffffffffffffff); + x117 = x86 >> 1 | x88 << 63 & UINT64_C(0xffffffffffffffff); + x118 = x88 & UINT64_C(0x8000000000000000) | x88 >> 1; fiat_p256_cmovznz_u64(&x119, x48, x39, x31); fiat_p256_cmovznz_u64(&x120, x48, x41, x33); fiat_p256_cmovznz_u64(&x121, x48, x43, x35); diff --git a/fiat-c/src/p384_32.c b/fiat-c/src/p384_32.c index 8859a1af66..4ec32371bb 100644 --- a/fiat-c/src/p384_32.c +++ b/fiat-c/src/p384_32.c @@ -54,7 +54,7 @@ static void fiat_p384_addcarryx_u32(uint32_t* out1, fiat_p384_uint1* out2, fiat_ uint64_t x1; uint32_t x2; fiat_p384_uint1 x3; - x1 = ((arg1 + (uint64_t)arg2) + arg3); + x1 = arg1 + (uint64_t)arg2 + arg3; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (fiat_p384_uint1)(x1 >> 32); *out1 = x2; @@ -80,7 +80,7 @@ static void fiat_p384_subborrowx_u32(uint32_t* out1, fiat_p384_uint1* out2, fiat int64_t x1; fiat_p384_int1 x2; uint32_t x3; - x1 = ((arg2 - (int64_t)arg1) - arg3); + x1 = arg2 - (int64_t)arg1 - arg3; x2 = (fiat_p384_int1)(x1 >> 32); x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); *out1 = x3; @@ -105,7 +105,7 @@ static void fiat_p384_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, ui uint64_t x1; uint32_t x2; uint32_t x3; - x1 = ((uint64_t)arg1 * arg2); + x1 = (uint64_t)arg1 * arg2; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (uint32_t)(x1 >> 32); *out1 = x2; @@ -129,9 +129,9 @@ static void fiat_p384_cmovznz_u32(uint32_t* out1, fiat_p384_uint1 arg1, uint32_t fiat_p384_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p384_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_p384_value_barrier_u32(x2) & arg3) | (fiat_p384_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p384_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_p384_value_barrier_u32(x2) & arg3 | fiat_p384_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -1819,30 +1819,30 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint uint32_t x1665; uint32_t x1666; uint32_t x1667; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[8]); - x9 = (arg1[9]); - x10 = (arg1[10]); - x11 = (arg1[11]); - x12 = (arg1[0]); - fiat_p384_mulx_u32(&x13, &x14, x12, (arg2[11])); - fiat_p384_mulx_u32(&x15, &x16, x12, (arg2[10])); - fiat_p384_mulx_u32(&x17, &x18, x12, (arg2[9])); - fiat_p384_mulx_u32(&x19, &x20, x12, (arg2[8])); - fiat_p384_mulx_u32(&x21, &x22, x12, (arg2[7])); - fiat_p384_mulx_u32(&x23, &x24, x12, (arg2[6])); - fiat_p384_mulx_u32(&x25, &x26, x12, (arg2[5])); - fiat_p384_mulx_u32(&x27, &x28, x12, (arg2[4])); - fiat_p384_mulx_u32(&x29, &x30, x12, (arg2[3])); - fiat_p384_mulx_u32(&x31, &x32, x12, (arg2[2])); - fiat_p384_mulx_u32(&x33, &x34, x12, (arg2[1])); - fiat_p384_mulx_u32(&x35, &x36, x12, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[8]; + x9 = arg1[9]; + x10 = arg1[10]; + x11 = arg1[11]; + x12 = arg1[0]; + fiat_p384_mulx_u32(&x13, &x14, x12, arg2[11]); + fiat_p384_mulx_u32(&x15, &x16, x12, arg2[10]); + fiat_p384_mulx_u32(&x17, &x18, x12, arg2[9]); + fiat_p384_mulx_u32(&x19, &x20, x12, arg2[8]); + fiat_p384_mulx_u32(&x21, &x22, x12, arg2[7]); + fiat_p384_mulx_u32(&x23, &x24, x12, arg2[6]); + fiat_p384_mulx_u32(&x25, &x26, x12, arg2[5]); + fiat_p384_mulx_u32(&x27, &x28, x12, arg2[4]); + fiat_p384_mulx_u32(&x29, &x30, x12, arg2[3]); + fiat_p384_mulx_u32(&x31, &x32, x12, arg2[2]); + fiat_p384_mulx_u32(&x33, &x34, x12, arg2[1]); + fiat_p384_mulx_u32(&x35, &x36, x12, arg2[0]); fiat_p384_addcarryx_u32(&x37, &x38, 0x0, x36, x33); fiat_p384_addcarryx_u32(&x39, &x40, x38, x34, x31); fiat_p384_addcarryx_u32(&x41, &x42, x40, x32, x29); @@ -1854,7 +1854,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x53, &x54, x52, x20, x17); fiat_p384_addcarryx_u32(&x55, &x56, x54, x18, x15); fiat_p384_addcarryx_u32(&x57, &x58, x56, x16, x13); - x59 = (x58 + x14); + x59 = x58 + x14; fiat_p384_mulx_u32(&x60, &x61, x35, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x62, &x63, x35, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x64, &x65, x35, UINT32_C(0xffffffff)); @@ -1873,7 +1873,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x90, &x91, x89, x67, x64); fiat_p384_addcarryx_u32(&x92, &x93, x91, x65, x62); fiat_p384_addcarryx_u32(&x94, &x95, x93, x63, x60); - x96 = (x95 + x61); + x96 = x95 + x61; fiat_p384_addcarryx_u32(&x97, &x98, 0x0, x35, x78); fiat_p384_addcarryx_u32(&x99, &x100, x98, x37, x79); fiat_p384_addcarryx_u32(&x101, &x102, x100, x39, 0x0); @@ -1887,18 +1887,18 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x117, &x118, x116, x55, x92); fiat_p384_addcarryx_u32(&x119, &x120, x118, x57, x94); fiat_p384_addcarryx_u32(&x121, &x122, x120, x59, x96); - fiat_p384_mulx_u32(&x123, &x124, x1, (arg2[11])); - fiat_p384_mulx_u32(&x125, &x126, x1, (arg2[10])); - fiat_p384_mulx_u32(&x127, &x128, x1, (arg2[9])); - fiat_p384_mulx_u32(&x129, &x130, x1, (arg2[8])); - fiat_p384_mulx_u32(&x131, &x132, x1, (arg2[7])); - fiat_p384_mulx_u32(&x133, &x134, x1, (arg2[6])); - fiat_p384_mulx_u32(&x135, &x136, x1, (arg2[5])); - fiat_p384_mulx_u32(&x137, &x138, x1, (arg2[4])); - fiat_p384_mulx_u32(&x139, &x140, x1, (arg2[3])); - fiat_p384_mulx_u32(&x141, &x142, x1, (arg2[2])); - fiat_p384_mulx_u32(&x143, &x144, x1, (arg2[1])); - fiat_p384_mulx_u32(&x145, &x146, x1, (arg2[0])); + fiat_p384_mulx_u32(&x123, &x124, x1, arg2[11]); + fiat_p384_mulx_u32(&x125, &x126, x1, arg2[10]); + fiat_p384_mulx_u32(&x127, &x128, x1, arg2[9]); + fiat_p384_mulx_u32(&x129, &x130, x1, arg2[8]); + fiat_p384_mulx_u32(&x131, &x132, x1, arg2[7]); + fiat_p384_mulx_u32(&x133, &x134, x1, arg2[6]); + fiat_p384_mulx_u32(&x135, &x136, x1, arg2[5]); + fiat_p384_mulx_u32(&x137, &x138, x1, arg2[4]); + fiat_p384_mulx_u32(&x139, &x140, x1, arg2[3]); + fiat_p384_mulx_u32(&x141, &x142, x1, arg2[2]); + fiat_p384_mulx_u32(&x143, &x144, x1, arg2[1]); + fiat_p384_mulx_u32(&x145, &x146, x1, arg2[0]); fiat_p384_addcarryx_u32(&x147, &x148, 0x0, x146, x143); fiat_p384_addcarryx_u32(&x149, &x150, x148, x144, x141); fiat_p384_addcarryx_u32(&x151, &x152, x150, x142, x139); @@ -1910,7 +1910,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x163, &x164, x162, x130, x127); fiat_p384_addcarryx_u32(&x165, &x166, x164, x128, x125); fiat_p384_addcarryx_u32(&x167, &x168, x166, x126, x123); - x169 = (x168 + x124); + x169 = x168 + x124; fiat_p384_addcarryx_u32(&x170, &x171, 0x0, x99, x145); fiat_p384_addcarryx_u32(&x172, &x173, x171, x101, x147); fiat_p384_addcarryx_u32(&x174, &x175, x173, x103, x149); @@ -1942,7 +1942,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x226, &x227, x225, x203, x200); fiat_p384_addcarryx_u32(&x228, &x229, x227, x201, x198); fiat_p384_addcarryx_u32(&x230, &x231, x229, x199, x196); - x232 = (x231 + x197); + x232 = x231 + x197; fiat_p384_addcarryx_u32(&x233, &x234, 0x0, x170, x214); fiat_p384_addcarryx_u32(&x235, &x236, x234, x172, x215); fiat_p384_addcarryx_u32(&x237, &x238, x236, x174, 0x0); @@ -1956,19 +1956,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x253, &x254, x252, x190, x228); fiat_p384_addcarryx_u32(&x255, &x256, x254, x192, x230); fiat_p384_addcarryx_u32(&x257, &x258, x256, x194, x232); - x259 = ((uint32_t)x258 + x195); - fiat_p384_mulx_u32(&x260, &x261, x2, (arg2[11])); - fiat_p384_mulx_u32(&x262, &x263, x2, (arg2[10])); - fiat_p384_mulx_u32(&x264, &x265, x2, (arg2[9])); - fiat_p384_mulx_u32(&x266, &x267, x2, (arg2[8])); - fiat_p384_mulx_u32(&x268, &x269, x2, (arg2[7])); - fiat_p384_mulx_u32(&x270, &x271, x2, (arg2[6])); - fiat_p384_mulx_u32(&x272, &x273, x2, (arg2[5])); - fiat_p384_mulx_u32(&x274, &x275, x2, (arg2[4])); - fiat_p384_mulx_u32(&x276, &x277, x2, (arg2[3])); - fiat_p384_mulx_u32(&x278, &x279, x2, (arg2[2])); - fiat_p384_mulx_u32(&x280, &x281, x2, (arg2[1])); - fiat_p384_mulx_u32(&x282, &x283, x2, (arg2[0])); + x259 = (uint32_t)x258 + x195; + fiat_p384_mulx_u32(&x260, &x261, x2, arg2[11]); + fiat_p384_mulx_u32(&x262, &x263, x2, arg2[10]); + fiat_p384_mulx_u32(&x264, &x265, x2, arg2[9]); + fiat_p384_mulx_u32(&x266, &x267, x2, arg2[8]); + fiat_p384_mulx_u32(&x268, &x269, x2, arg2[7]); + fiat_p384_mulx_u32(&x270, &x271, x2, arg2[6]); + fiat_p384_mulx_u32(&x272, &x273, x2, arg2[5]); + fiat_p384_mulx_u32(&x274, &x275, x2, arg2[4]); + fiat_p384_mulx_u32(&x276, &x277, x2, arg2[3]); + fiat_p384_mulx_u32(&x278, &x279, x2, arg2[2]); + fiat_p384_mulx_u32(&x280, &x281, x2, arg2[1]); + fiat_p384_mulx_u32(&x282, &x283, x2, arg2[0]); fiat_p384_addcarryx_u32(&x284, &x285, 0x0, x283, x280); fiat_p384_addcarryx_u32(&x286, &x287, x285, x281, x278); fiat_p384_addcarryx_u32(&x288, &x289, x287, x279, x276); @@ -1980,7 +1980,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x300, &x301, x299, x267, x264); fiat_p384_addcarryx_u32(&x302, &x303, x301, x265, x262); fiat_p384_addcarryx_u32(&x304, &x305, x303, x263, x260); - x306 = (x305 + x261); + x306 = x305 + x261; fiat_p384_addcarryx_u32(&x307, &x308, 0x0, x235, x282); fiat_p384_addcarryx_u32(&x309, &x310, x308, x237, x284); fiat_p384_addcarryx_u32(&x311, &x312, x310, x239, x286); @@ -2012,7 +2012,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x363, &x364, x362, x340, x337); fiat_p384_addcarryx_u32(&x365, &x366, x364, x338, x335); fiat_p384_addcarryx_u32(&x367, &x368, x366, x336, x333); - x369 = (x368 + x334); + x369 = x368 + x334; fiat_p384_addcarryx_u32(&x370, &x371, 0x0, x307, x351); fiat_p384_addcarryx_u32(&x372, &x373, x371, x309, x352); fiat_p384_addcarryx_u32(&x374, &x375, x373, x311, 0x0); @@ -2026,19 +2026,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x390, &x391, x389, x327, x365); fiat_p384_addcarryx_u32(&x392, &x393, x391, x329, x367); fiat_p384_addcarryx_u32(&x394, &x395, x393, x331, x369); - x396 = ((uint32_t)x395 + x332); - fiat_p384_mulx_u32(&x397, &x398, x3, (arg2[11])); - fiat_p384_mulx_u32(&x399, &x400, x3, (arg2[10])); - fiat_p384_mulx_u32(&x401, &x402, x3, (arg2[9])); - fiat_p384_mulx_u32(&x403, &x404, x3, (arg2[8])); - fiat_p384_mulx_u32(&x405, &x406, x3, (arg2[7])); - fiat_p384_mulx_u32(&x407, &x408, x3, (arg2[6])); - fiat_p384_mulx_u32(&x409, &x410, x3, (arg2[5])); - fiat_p384_mulx_u32(&x411, &x412, x3, (arg2[4])); - fiat_p384_mulx_u32(&x413, &x414, x3, (arg2[3])); - fiat_p384_mulx_u32(&x415, &x416, x3, (arg2[2])); - fiat_p384_mulx_u32(&x417, &x418, x3, (arg2[1])); - fiat_p384_mulx_u32(&x419, &x420, x3, (arg2[0])); + x396 = (uint32_t)x395 + x332; + fiat_p384_mulx_u32(&x397, &x398, x3, arg2[11]); + fiat_p384_mulx_u32(&x399, &x400, x3, arg2[10]); + fiat_p384_mulx_u32(&x401, &x402, x3, arg2[9]); + fiat_p384_mulx_u32(&x403, &x404, x3, arg2[8]); + fiat_p384_mulx_u32(&x405, &x406, x3, arg2[7]); + fiat_p384_mulx_u32(&x407, &x408, x3, arg2[6]); + fiat_p384_mulx_u32(&x409, &x410, x3, arg2[5]); + fiat_p384_mulx_u32(&x411, &x412, x3, arg2[4]); + fiat_p384_mulx_u32(&x413, &x414, x3, arg2[3]); + fiat_p384_mulx_u32(&x415, &x416, x3, arg2[2]); + fiat_p384_mulx_u32(&x417, &x418, x3, arg2[1]); + fiat_p384_mulx_u32(&x419, &x420, x3, arg2[0]); fiat_p384_addcarryx_u32(&x421, &x422, 0x0, x420, x417); fiat_p384_addcarryx_u32(&x423, &x424, x422, x418, x415); fiat_p384_addcarryx_u32(&x425, &x426, x424, x416, x413); @@ -2050,7 +2050,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x437, &x438, x436, x404, x401); fiat_p384_addcarryx_u32(&x439, &x440, x438, x402, x399); fiat_p384_addcarryx_u32(&x441, &x442, x440, x400, x397); - x443 = (x442 + x398); + x443 = x442 + x398; fiat_p384_addcarryx_u32(&x444, &x445, 0x0, x372, x419); fiat_p384_addcarryx_u32(&x446, &x447, x445, x374, x421); fiat_p384_addcarryx_u32(&x448, &x449, x447, x376, x423); @@ -2082,7 +2082,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x500, &x501, x499, x477, x474); fiat_p384_addcarryx_u32(&x502, &x503, x501, x475, x472); fiat_p384_addcarryx_u32(&x504, &x505, x503, x473, x470); - x506 = (x505 + x471); + x506 = x505 + x471; fiat_p384_addcarryx_u32(&x507, &x508, 0x0, x444, x488); fiat_p384_addcarryx_u32(&x509, &x510, x508, x446, x489); fiat_p384_addcarryx_u32(&x511, &x512, x510, x448, 0x0); @@ -2096,19 +2096,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x527, &x528, x526, x464, x502); fiat_p384_addcarryx_u32(&x529, &x530, x528, x466, x504); fiat_p384_addcarryx_u32(&x531, &x532, x530, x468, x506); - x533 = ((uint32_t)x532 + x469); - fiat_p384_mulx_u32(&x534, &x535, x4, (arg2[11])); - fiat_p384_mulx_u32(&x536, &x537, x4, (arg2[10])); - fiat_p384_mulx_u32(&x538, &x539, x4, (arg2[9])); - fiat_p384_mulx_u32(&x540, &x541, x4, (arg2[8])); - fiat_p384_mulx_u32(&x542, &x543, x4, (arg2[7])); - fiat_p384_mulx_u32(&x544, &x545, x4, (arg2[6])); - fiat_p384_mulx_u32(&x546, &x547, x4, (arg2[5])); - fiat_p384_mulx_u32(&x548, &x549, x4, (arg2[4])); - fiat_p384_mulx_u32(&x550, &x551, x4, (arg2[3])); - fiat_p384_mulx_u32(&x552, &x553, x4, (arg2[2])); - fiat_p384_mulx_u32(&x554, &x555, x4, (arg2[1])); - fiat_p384_mulx_u32(&x556, &x557, x4, (arg2[0])); + x533 = (uint32_t)x532 + x469; + fiat_p384_mulx_u32(&x534, &x535, x4, arg2[11]); + fiat_p384_mulx_u32(&x536, &x537, x4, arg2[10]); + fiat_p384_mulx_u32(&x538, &x539, x4, arg2[9]); + fiat_p384_mulx_u32(&x540, &x541, x4, arg2[8]); + fiat_p384_mulx_u32(&x542, &x543, x4, arg2[7]); + fiat_p384_mulx_u32(&x544, &x545, x4, arg2[6]); + fiat_p384_mulx_u32(&x546, &x547, x4, arg2[5]); + fiat_p384_mulx_u32(&x548, &x549, x4, arg2[4]); + fiat_p384_mulx_u32(&x550, &x551, x4, arg2[3]); + fiat_p384_mulx_u32(&x552, &x553, x4, arg2[2]); + fiat_p384_mulx_u32(&x554, &x555, x4, arg2[1]); + fiat_p384_mulx_u32(&x556, &x557, x4, arg2[0]); fiat_p384_addcarryx_u32(&x558, &x559, 0x0, x557, x554); fiat_p384_addcarryx_u32(&x560, &x561, x559, x555, x552); fiat_p384_addcarryx_u32(&x562, &x563, x561, x553, x550); @@ -2120,7 +2120,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x574, &x575, x573, x541, x538); fiat_p384_addcarryx_u32(&x576, &x577, x575, x539, x536); fiat_p384_addcarryx_u32(&x578, &x579, x577, x537, x534); - x580 = (x579 + x535); + x580 = x579 + x535; fiat_p384_addcarryx_u32(&x581, &x582, 0x0, x509, x556); fiat_p384_addcarryx_u32(&x583, &x584, x582, x511, x558); fiat_p384_addcarryx_u32(&x585, &x586, x584, x513, x560); @@ -2152,7 +2152,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x637, &x638, x636, x614, x611); fiat_p384_addcarryx_u32(&x639, &x640, x638, x612, x609); fiat_p384_addcarryx_u32(&x641, &x642, x640, x610, x607); - x643 = (x642 + x608); + x643 = x642 + x608; fiat_p384_addcarryx_u32(&x644, &x645, 0x0, x581, x625); fiat_p384_addcarryx_u32(&x646, &x647, x645, x583, x626); fiat_p384_addcarryx_u32(&x648, &x649, x647, x585, 0x0); @@ -2166,19 +2166,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x664, &x665, x663, x601, x639); fiat_p384_addcarryx_u32(&x666, &x667, x665, x603, x641); fiat_p384_addcarryx_u32(&x668, &x669, x667, x605, x643); - x670 = ((uint32_t)x669 + x606); - fiat_p384_mulx_u32(&x671, &x672, x5, (arg2[11])); - fiat_p384_mulx_u32(&x673, &x674, x5, (arg2[10])); - fiat_p384_mulx_u32(&x675, &x676, x5, (arg2[9])); - fiat_p384_mulx_u32(&x677, &x678, x5, (arg2[8])); - fiat_p384_mulx_u32(&x679, &x680, x5, (arg2[7])); - fiat_p384_mulx_u32(&x681, &x682, x5, (arg2[6])); - fiat_p384_mulx_u32(&x683, &x684, x5, (arg2[5])); - fiat_p384_mulx_u32(&x685, &x686, x5, (arg2[4])); - fiat_p384_mulx_u32(&x687, &x688, x5, (arg2[3])); - fiat_p384_mulx_u32(&x689, &x690, x5, (arg2[2])); - fiat_p384_mulx_u32(&x691, &x692, x5, (arg2[1])); - fiat_p384_mulx_u32(&x693, &x694, x5, (arg2[0])); + x670 = (uint32_t)x669 + x606; + fiat_p384_mulx_u32(&x671, &x672, x5, arg2[11]); + fiat_p384_mulx_u32(&x673, &x674, x5, arg2[10]); + fiat_p384_mulx_u32(&x675, &x676, x5, arg2[9]); + fiat_p384_mulx_u32(&x677, &x678, x5, arg2[8]); + fiat_p384_mulx_u32(&x679, &x680, x5, arg2[7]); + fiat_p384_mulx_u32(&x681, &x682, x5, arg2[6]); + fiat_p384_mulx_u32(&x683, &x684, x5, arg2[5]); + fiat_p384_mulx_u32(&x685, &x686, x5, arg2[4]); + fiat_p384_mulx_u32(&x687, &x688, x5, arg2[3]); + fiat_p384_mulx_u32(&x689, &x690, x5, arg2[2]); + fiat_p384_mulx_u32(&x691, &x692, x5, arg2[1]); + fiat_p384_mulx_u32(&x693, &x694, x5, arg2[0]); fiat_p384_addcarryx_u32(&x695, &x696, 0x0, x694, x691); fiat_p384_addcarryx_u32(&x697, &x698, x696, x692, x689); fiat_p384_addcarryx_u32(&x699, &x700, x698, x690, x687); @@ -2190,7 +2190,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x711, &x712, x710, x678, x675); fiat_p384_addcarryx_u32(&x713, &x714, x712, x676, x673); fiat_p384_addcarryx_u32(&x715, &x716, x714, x674, x671); - x717 = (x716 + x672); + x717 = x716 + x672; fiat_p384_addcarryx_u32(&x718, &x719, 0x0, x646, x693); fiat_p384_addcarryx_u32(&x720, &x721, x719, x648, x695); fiat_p384_addcarryx_u32(&x722, &x723, x721, x650, x697); @@ -2222,7 +2222,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x774, &x775, x773, x751, x748); fiat_p384_addcarryx_u32(&x776, &x777, x775, x749, x746); fiat_p384_addcarryx_u32(&x778, &x779, x777, x747, x744); - x780 = (x779 + x745); + x780 = x779 + x745; fiat_p384_addcarryx_u32(&x781, &x782, 0x0, x718, x762); fiat_p384_addcarryx_u32(&x783, &x784, x782, x720, x763); fiat_p384_addcarryx_u32(&x785, &x786, x784, x722, 0x0); @@ -2236,19 +2236,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x801, &x802, x800, x738, x776); fiat_p384_addcarryx_u32(&x803, &x804, x802, x740, x778); fiat_p384_addcarryx_u32(&x805, &x806, x804, x742, x780); - x807 = ((uint32_t)x806 + x743); - fiat_p384_mulx_u32(&x808, &x809, x6, (arg2[11])); - fiat_p384_mulx_u32(&x810, &x811, x6, (arg2[10])); - fiat_p384_mulx_u32(&x812, &x813, x6, (arg2[9])); - fiat_p384_mulx_u32(&x814, &x815, x6, (arg2[8])); - fiat_p384_mulx_u32(&x816, &x817, x6, (arg2[7])); - fiat_p384_mulx_u32(&x818, &x819, x6, (arg2[6])); - fiat_p384_mulx_u32(&x820, &x821, x6, (arg2[5])); - fiat_p384_mulx_u32(&x822, &x823, x6, (arg2[4])); - fiat_p384_mulx_u32(&x824, &x825, x6, (arg2[3])); - fiat_p384_mulx_u32(&x826, &x827, x6, (arg2[2])); - fiat_p384_mulx_u32(&x828, &x829, x6, (arg2[1])); - fiat_p384_mulx_u32(&x830, &x831, x6, (arg2[0])); + x807 = (uint32_t)x806 + x743; + fiat_p384_mulx_u32(&x808, &x809, x6, arg2[11]); + fiat_p384_mulx_u32(&x810, &x811, x6, arg2[10]); + fiat_p384_mulx_u32(&x812, &x813, x6, arg2[9]); + fiat_p384_mulx_u32(&x814, &x815, x6, arg2[8]); + fiat_p384_mulx_u32(&x816, &x817, x6, arg2[7]); + fiat_p384_mulx_u32(&x818, &x819, x6, arg2[6]); + fiat_p384_mulx_u32(&x820, &x821, x6, arg2[5]); + fiat_p384_mulx_u32(&x822, &x823, x6, arg2[4]); + fiat_p384_mulx_u32(&x824, &x825, x6, arg2[3]); + fiat_p384_mulx_u32(&x826, &x827, x6, arg2[2]); + fiat_p384_mulx_u32(&x828, &x829, x6, arg2[1]); + fiat_p384_mulx_u32(&x830, &x831, x6, arg2[0]); fiat_p384_addcarryx_u32(&x832, &x833, 0x0, x831, x828); fiat_p384_addcarryx_u32(&x834, &x835, x833, x829, x826); fiat_p384_addcarryx_u32(&x836, &x837, x835, x827, x824); @@ -2260,7 +2260,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x848, &x849, x847, x815, x812); fiat_p384_addcarryx_u32(&x850, &x851, x849, x813, x810); fiat_p384_addcarryx_u32(&x852, &x853, x851, x811, x808); - x854 = (x853 + x809); + x854 = x853 + x809; fiat_p384_addcarryx_u32(&x855, &x856, 0x0, x783, x830); fiat_p384_addcarryx_u32(&x857, &x858, x856, x785, x832); fiat_p384_addcarryx_u32(&x859, &x860, x858, x787, x834); @@ -2292,7 +2292,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x911, &x912, x910, x888, x885); fiat_p384_addcarryx_u32(&x913, &x914, x912, x886, x883); fiat_p384_addcarryx_u32(&x915, &x916, x914, x884, x881); - x917 = (x916 + x882); + x917 = x916 + x882; fiat_p384_addcarryx_u32(&x918, &x919, 0x0, x855, x899); fiat_p384_addcarryx_u32(&x920, &x921, x919, x857, x900); fiat_p384_addcarryx_u32(&x922, &x923, x921, x859, 0x0); @@ -2306,19 +2306,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x938, &x939, x937, x875, x913); fiat_p384_addcarryx_u32(&x940, &x941, x939, x877, x915); fiat_p384_addcarryx_u32(&x942, &x943, x941, x879, x917); - x944 = ((uint32_t)x943 + x880); - fiat_p384_mulx_u32(&x945, &x946, x7, (arg2[11])); - fiat_p384_mulx_u32(&x947, &x948, x7, (arg2[10])); - fiat_p384_mulx_u32(&x949, &x950, x7, (arg2[9])); - fiat_p384_mulx_u32(&x951, &x952, x7, (arg2[8])); - fiat_p384_mulx_u32(&x953, &x954, x7, (arg2[7])); - fiat_p384_mulx_u32(&x955, &x956, x7, (arg2[6])); - fiat_p384_mulx_u32(&x957, &x958, x7, (arg2[5])); - fiat_p384_mulx_u32(&x959, &x960, x7, (arg2[4])); - fiat_p384_mulx_u32(&x961, &x962, x7, (arg2[3])); - fiat_p384_mulx_u32(&x963, &x964, x7, (arg2[2])); - fiat_p384_mulx_u32(&x965, &x966, x7, (arg2[1])); - fiat_p384_mulx_u32(&x967, &x968, x7, (arg2[0])); + x944 = (uint32_t)x943 + x880; + fiat_p384_mulx_u32(&x945, &x946, x7, arg2[11]); + fiat_p384_mulx_u32(&x947, &x948, x7, arg2[10]); + fiat_p384_mulx_u32(&x949, &x950, x7, arg2[9]); + fiat_p384_mulx_u32(&x951, &x952, x7, arg2[8]); + fiat_p384_mulx_u32(&x953, &x954, x7, arg2[7]); + fiat_p384_mulx_u32(&x955, &x956, x7, arg2[6]); + fiat_p384_mulx_u32(&x957, &x958, x7, arg2[5]); + fiat_p384_mulx_u32(&x959, &x960, x7, arg2[4]); + fiat_p384_mulx_u32(&x961, &x962, x7, arg2[3]); + fiat_p384_mulx_u32(&x963, &x964, x7, arg2[2]); + fiat_p384_mulx_u32(&x965, &x966, x7, arg2[1]); + fiat_p384_mulx_u32(&x967, &x968, x7, arg2[0]); fiat_p384_addcarryx_u32(&x969, &x970, 0x0, x968, x965); fiat_p384_addcarryx_u32(&x971, &x972, x970, x966, x963); fiat_p384_addcarryx_u32(&x973, &x974, x972, x964, x961); @@ -2330,7 +2330,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x985, &x986, x984, x952, x949); fiat_p384_addcarryx_u32(&x987, &x988, x986, x950, x947); fiat_p384_addcarryx_u32(&x989, &x990, x988, x948, x945); - x991 = (x990 + x946); + x991 = x990 + x946; fiat_p384_addcarryx_u32(&x992, &x993, 0x0, x920, x967); fiat_p384_addcarryx_u32(&x994, &x995, x993, x922, x969); fiat_p384_addcarryx_u32(&x996, &x997, x995, x924, x971); @@ -2362,7 +2362,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1048, &x1049, x1047, x1025, x1022); fiat_p384_addcarryx_u32(&x1050, &x1051, x1049, x1023, x1020); fiat_p384_addcarryx_u32(&x1052, &x1053, x1051, x1021, x1018); - x1054 = (x1053 + x1019); + x1054 = x1053 + x1019; fiat_p384_addcarryx_u32(&x1055, &x1056, 0x0, x992, x1036); fiat_p384_addcarryx_u32(&x1057, &x1058, x1056, x994, x1037); fiat_p384_addcarryx_u32(&x1059, &x1060, x1058, x996, 0x0); @@ -2376,19 +2376,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1075, &x1076, x1074, x1012, x1050); fiat_p384_addcarryx_u32(&x1077, &x1078, x1076, x1014, x1052); fiat_p384_addcarryx_u32(&x1079, &x1080, x1078, x1016, x1054); - x1081 = ((uint32_t)x1080 + x1017); - fiat_p384_mulx_u32(&x1082, &x1083, x8, (arg2[11])); - fiat_p384_mulx_u32(&x1084, &x1085, x8, (arg2[10])); - fiat_p384_mulx_u32(&x1086, &x1087, x8, (arg2[9])); - fiat_p384_mulx_u32(&x1088, &x1089, x8, (arg2[8])); - fiat_p384_mulx_u32(&x1090, &x1091, x8, (arg2[7])); - fiat_p384_mulx_u32(&x1092, &x1093, x8, (arg2[6])); - fiat_p384_mulx_u32(&x1094, &x1095, x8, (arg2[5])); - fiat_p384_mulx_u32(&x1096, &x1097, x8, (arg2[4])); - fiat_p384_mulx_u32(&x1098, &x1099, x8, (arg2[3])); - fiat_p384_mulx_u32(&x1100, &x1101, x8, (arg2[2])); - fiat_p384_mulx_u32(&x1102, &x1103, x8, (arg2[1])); - fiat_p384_mulx_u32(&x1104, &x1105, x8, (arg2[0])); + x1081 = (uint32_t)x1080 + x1017; + fiat_p384_mulx_u32(&x1082, &x1083, x8, arg2[11]); + fiat_p384_mulx_u32(&x1084, &x1085, x8, arg2[10]); + fiat_p384_mulx_u32(&x1086, &x1087, x8, arg2[9]); + fiat_p384_mulx_u32(&x1088, &x1089, x8, arg2[8]); + fiat_p384_mulx_u32(&x1090, &x1091, x8, arg2[7]); + fiat_p384_mulx_u32(&x1092, &x1093, x8, arg2[6]); + fiat_p384_mulx_u32(&x1094, &x1095, x8, arg2[5]); + fiat_p384_mulx_u32(&x1096, &x1097, x8, arg2[4]); + fiat_p384_mulx_u32(&x1098, &x1099, x8, arg2[3]); + fiat_p384_mulx_u32(&x1100, &x1101, x8, arg2[2]); + fiat_p384_mulx_u32(&x1102, &x1103, x8, arg2[1]); + fiat_p384_mulx_u32(&x1104, &x1105, x8, arg2[0]); fiat_p384_addcarryx_u32(&x1106, &x1107, 0x0, x1105, x1102); fiat_p384_addcarryx_u32(&x1108, &x1109, x1107, x1103, x1100); fiat_p384_addcarryx_u32(&x1110, &x1111, x1109, x1101, x1098); @@ -2400,7 +2400,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1122, &x1123, x1121, x1089, x1086); fiat_p384_addcarryx_u32(&x1124, &x1125, x1123, x1087, x1084); fiat_p384_addcarryx_u32(&x1126, &x1127, x1125, x1085, x1082); - x1128 = (x1127 + x1083); + x1128 = x1127 + x1083; fiat_p384_addcarryx_u32(&x1129, &x1130, 0x0, x1057, x1104); fiat_p384_addcarryx_u32(&x1131, &x1132, x1130, x1059, x1106); fiat_p384_addcarryx_u32(&x1133, &x1134, x1132, x1061, x1108); @@ -2432,7 +2432,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1185, &x1186, x1184, x1162, x1159); fiat_p384_addcarryx_u32(&x1187, &x1188, x1186, x1160, x1157); fiat_p384_addcarryx_u32(&x1189, &x1190, x1188, x1158, x1155); - x1191 = (x1190 + x1156); + x1191 = x1190 + x1156; fiat_p384_addcarryx_u32(&x1192, &x1193, 0x0, x1129, x1173); fiat_p384_addcarryx_u32(&x1194, &x1195, x1193, x1131, x1174); fiat_p384_addcarryx_u32(&x1196, &x1197, x1195, x1133, 0x0); @@ -2446,19 +2446,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1212, &x1213, x1211, x1149, x1187); fiat_p384_addcarryx_u32(&x1214, &x1215, x1213, x1151, x1189); fiat_p384_addcarryx_u32(&x1216, &x1217, x1215, x1153, x1191); - x1218 = ((uint32_t)x1217 + x1154); - fiat_p384_mulx_u32(&x1219, &x1220, x9, (arg2[11])); - fiat_p384_mulx_u32(&x1221, &x1222, x9, (arg2[10])); - fiat_p384_mulx_u32(&x1223, &x1224, x9, (arg2[9])); - fiat_p384_mulx_u32(&x1225, &x1226, x9, (arg2[8])); - fiat_p384_mulx_u32(&x1227, &x1228, x9, (arg2[7])); - fiat_p384_mulx_u32(&x1229, &x1230, x9, (arg2[6])); - fiat_p384_mulx_u32(&x1231, &x1232, x9, (arg2[5])); - fiat_p384_mulx_u32(&x1233, &x1234, x9, (arg2[4])); - fiat_p384_mulx_u32(&x1235, &x1236, x9, (arg2[3])); - fiat_p384_mulx_u32(&x1237, &x1238, x9, (arg2[2])); - fiat_p384_mulx_u32(&x1239, &x1240, x9, (arg2[1])); - fiat_p384_mulx_u32(&x1241, &x1242, x9, (arg2[0])); + x1218 = (uint32_t)x1217 + x1154; + fiat_p384_mulx_u32(&x1219, &x1220, x9, arg2[11]); + fiat_p384_mulx_u32(&x1221, &x1222, x9, arg2[10]); + fiat_p384_mulx_u32(&x1223, &x1224, x9, arg2[9]); + fiat_p384_mulx_u32(&x1225, &x1226, x9, arg2[8]); + fiat_p384_mulx_u32(&x1227, &x1228, x9, arg2[7]); + fiat_p384_mulx_u32(&x1229, &x1230, x9, arg2[6]); + fiat_p384_mulx_u32(&x1231, &x1232, x9, arg2[5]); + fiat_p384_mulx_u32(&x1233, &x1234, x9, arg2[4]); + fiat_p384_mulx_u32(&x1235, &x1236, x9, arg2[3]); + fiat_p384_mulx_u32(&x1237, &x1238, x9, arg2[2]); + fiat_p384_mulx_u32(&x1239, &x1240, x9, arg2[1]); + fiat_p384_mulx_u32(&x1241, &x1242, x9, arg2[0]); fiat_p384_addcarryx_u32(&x1243, &x1244, 0x0, x1242, x1239); fiat_p384_addcarryx_u32(&x1245, &x1246, x1244, x1240, x1237); fiat_p384_addcarryx_u32(&x1247, &x1248, x1246, x1238, x1235); @@ -2470,7 +2470,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1259, &x1260, x1258, x1226, x1223); fiat_p384_addcarryx_u32(&x1261, &x1262, x1260, x1224, x1221); fiat_p384_addcarryx_u32(&x1263, &x1264, x1262, x1222, x1219); - x1265 = (x1264 + x1220); + x1265 = x1264 + x1220; fiat_p384_addcarryx_u32(&x1266, &x1267, 0x0, x1194, x1241); fiat_p384_addcarryx_u32(&x1268, &x1269, x1267, x1196, x1243); fiat_p384_addcarryx_u32(&x1270, &x1271, x1269, x1198, x1245); @@ -2502,7 +2502,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1322, &x1323, x1321, x1299, x1296); fiat_p384_addcarryx_u32(&x1324, &x1325, x1323, x1297, x1294); fiat_p384_addcarryx_u32(&x1326, &x1327, x1325, x1295, x1292); - x1328 = (x1327 + x1293); + x1328 = x1327 + x1293; fiat_p384_addcarryx_u32(&x1329, &x1330, 0x0, x1266, x1310); fiat_p384_addcarryx_u32(&x1331, &x1332, x1330, x1268, x1311); fiat_p384_addcarryx_u32(&x1333, &x1334, x1332, x1270, 0x0); @@ -2516,19 +2516,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1349, &x1350, x1348, x1286, x1324); fiat_p384_addcarryx_u32(&x1351, &x1352, x1350, x1288, x1326); fiat_p384_addcarryx_u32(&x1353, &x1354, x1352, x1290, x1328); - x1355 = ((uint32_t)x1354 + x1291); - fiat_p384_mulx_u32(&x1356, &x1357, x10, (arg2[11])); - fiat_p384_mulx_u32(&x1358, &x1359, x10, (arg2[10])); - fiat_p384_mulx_u32(&x1360, &x1361, x10, (arg2[9])); - fiat_p384_mulx_u32(&x1362, &x1363, x10, (arg2[8])); - fiat_p384_mulx_u32(&x1364, &x1365, x10, (arg2[7])); - fiat_p384_mulx_u32(&x1366, &x1367, x10, (arg2[6])); - fiat_p384_mulx_u32(&x1368, &x1369, x10, (arg2[5])); - fiat_p384_mulx_u32(&x1370, &x1371, x10, (arg2[4])); - fiat_p384_mulx_u32(&x1372, &x1373, x10, (arg2[3])); - fiat_p384_mulx_u32(&x1374, &x1375, x10, (arg2[2])); - fiat_p384_mulx_u32(&x1376, &x1377, x10, (arg2[1])); - fiat_p384_mulx_u32(&x1378, &x1379, x10, (arg2[0])); + x1355 = (uint32_t)x1354 + x1291; + fiat_p384_mulx_u32(&x1356, &x1357, x10, arg2[11]); + fiat_p384_mulx_u32(&x1358, &x1359, x10, arg2[10]); + fiat_p384_mulx_u32(&x1360, &x1361, x10, arg2[9]); + fiat_p384_mulx_u32(&x1362, &x1363, x10, arg2[8]); + fiat_p384_mulx_u32(&x1364, &x1365, x10, arg2[7]); + fiat_p384_mulx_u32(&x1366, &x1367, x10, arg2[6]); + fiat_p384_mulx_u32(&x1368, &x1369, x10, arg2[5]); + fiat_p384_mulx_u32(&x1370, &x1371, x10, arg2[4]); + fiat_p384_mulx_u32(&x1372, &x1373, x10, arg2[3]); + fiat_p384_mulx_u32(&x1374, &x1375, x10, arg2[2]); + fiat_p384_mulx_u32(&x1376, &x1377, x10, arg2[1]); + fiat_p384_mulx_u32(&x1378, &x1379, x10, arg2[0]); fiat_p384_addcarryx_u32(&x1380, &x1381, 0x0, x1379, x1376); fiat_p384_addcarryx_u32(&x1382, &x1383, x1381, x1377, x1374); fiat_p384_addcarryx_u32(&x1384, &x1385, x1383, x1375, x1372); @@ -2540,7 +2540,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1396, &x1397, x1395, x1363, x1360); fiat_p384_addcarryx_u32(&x1398, &x1399, x1397, x1361, x1358); fiat_p384_addcarryx_u32(&x1400, &x1401, x1399, x1359, x1356); - x1402 = (x1401 + x1357); + x1402 = x1401 + x1357; fiat_p384_addcarryx_u32(&x1403, &x1404, 0x0, x1331, x1378); fiat_p384_addcarryx_u32(&x1405, &x1406, x1404, x1333, x1380); fiat_p384_addcarryx_u32(&x1407, &x1408, x1406, x1335, x1382); @@ -2572,7 +2572,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1459, &x1460, x1458, x1436, x1433); fiat_p384_addcarryx_u32(&x1461, &x1462, x1460, x1434, x1431); fiat_p384_addcarryx_u32(&x1463, &x1464, x1462, x1432, x1429); - x1465 = (x1464 + x1430); + x1465 = x1464 + x1430; fiat_p384_addcarryx_u32(&x1466, &x1467, 0x0, x1403, x1447); fiat_p384_addcarryx_u32(&x1468, &x1469, x1467, x1405, x1448); fiat_p384_addcarryx_u32(&x1470, &x1471, x1469, x1407, 0x0); @@ -2586,19 +2586,19 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1486, &x1487, x1485, x1423, x1461); fiat_p384_addcarryx_u32(&x1488, &x1489, x1487, x1425, x1463); fiat_p384_addcarryx_u32(&x1490, &x1491, x1489, x1427, x1465); - x1492 = ((uint32_t)x1491 + x1428); - fiat_p384_mulx_u32(&x1493, &x1494, x11, (arg2[11])); - fiat_p384_mulx_u32(&x1495, &x1496, x11, (arg2[10])); - fiat_p384_mulx_u32(&x1497, &x1498, x11, (arg2[9])); - fiat_p384_mulx_u32(&x1499, &x1500, x11, (arg2[8])); - fiat_p384_mulx_u32(&x1501, &x1502, x11, (arg2[7])); - fiat_p384_mulx_u32(&x1503, &x1504, x11, (arg2[6])); - fiat_p384_mulx_u32(&x1505, &x1506, x11, (arg2[5])); - fiat_p384_mulx_u32(&x1507, &x1508, x11, (arg2[4])); - fiat_p384_mulx_u32(&x1509, &x1510, x11, (arg2[3])); - fiat_p384_mulx_u32(&x1511, &x1512, x11, (arg2[2])); - fiat_p384_mulx_u32(&x1513, &x1514, x11, (arg2[1])); - fiat_p384_mulx_u32(&x1515, &x1516, x11, (arg2[0])); + x1492 = (uint32_t)x1491 + x1428; + fiat_p384_mulx_u32(&x1493, &x1494, x11, arg2[11]); + fiat_p384_mulx_u32(&x1495, &x1496, x11, arg2[10]); + fiat_p384_mulx_u32(&x1497, &x1498, x11, arg2[9]); + fiat_p384_mulx_u32(&x1499, &x1500, x11, arg2[8]); + fiat_p384_mulx_u32(&x1501, &x1502, x11, arg2[7]); + fiat_p384_mulx_u32(&x1503, &x1504, x11, arg2[6]); + fiat_p384_mulx_u32(&x1505, &x1506, x11, arg2[5]); + fiat_p384_mulx_u32(&x1507, &x1508, x11, arg2[4]); + fiat_p384_mulx_u32(&x1509, &x1510, x11, arg2[3]); + fiat_p384_mulx_u32(&x1511, &x1512, x11, arg2[2]); + fiat_p384_mulx_u32(&x1513, &x1514, x11, arg2[1]); + fiat_p384_mulx_u32(&x1515, &x1516, x11, arg2[0]); fiat_p384_addcarryx_u32(&x1517, &x1518, 0x0, x1516, x1513); fiat_p384_addcarryx_u32(&x1519, &x1520, x1518, x1514, x1511); fiat_p384_addcarryx_u32(&x1521, &x1522, x1520, x1512, x1509); @@ -2610,7 +2610,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1533, &x1534, x1532, x1500, x1497); fiat_p384_addcarryx_u32(&x1535, &x1536, x1534, x1498, x1495); fiat_p384_addcarryx_u32(&x1537, &x1538, x1536, x1496, x1493); - x1539 = (x1538 + x1494); + x1539 = x1538 + x1494; fiat_p384_addcarryx_u32(&x1540, &x1541, 0x0, x1468, x1515); fiat_p384_addcarryx_u32(&x1542, &x1543, x1541, x1470, x1517); fiat_p384_addcarryx_u32(&x1544, &x1545, x1543, x1472, x1519); @@ -2642,7 +2642,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1596, &x1597, x1595, x1573, x1570); fiat_p384_addcarryx_u32(&x1598, &x1599, x1597, x1571, x1568); fiat_p384_addcarryx_u32(&x1600, &x1601, x1599, x1569, x1566); - x1602 = (x1601 + x1567); + x1602 = x1601 + x1567; fiat_p384_addcarryx_u32(&x1603, &x1604, 0x0, x1540, x1584); fiat_p384_addcarryx_u32(&x1605, &x1606, x1604, x1542, x1585); fiat_p384_addcarryx_u32(&x1607, &x1608, x1606, x1544, 0x0); @@ -2656,7 +2656,7 @@ static void fiat_p384_mul(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_addcarryx_u32(&x1623, &x1624, x1622, x1560, x1598); fiat_p384_addcarryx_u32(&x1625, &x1626, x1624, x1562, x1600); fiat_p384_addcarryx_u32(&x1627, &x1628, x1626, x1564, x1602); - x1629 = ((uint32_t)x1628 + x1565); + x1629 = (uint32_t)x1628 + x1565; fiat_p384_subborrowx_u32(&x1630, &x1631, 0x0, x1605, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x1632, &x1633, x1631, x1607, 0x0); fiat_p384_subborrowx_u32(&x1634, &x1635, x1633, x1609, 0x0); @@ -4378,30 +4378,30 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { uint32_t x1665; uint32_t x1666; uint32_t x1667; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[8]); - x9 = (arg1[9]); - x10 = (arg1[10]); - x11 = (arg1[11]); - x12 = (arg1[0]); - fiat_p384_mulx_u32(&x13, &x14, x12, (arg1[11])); - fiat_p384_mulx_u32(&x15, &x16, x12, (arg1[10])); - fiat_p384_mulx_u32(&x17, &x18, x12, (arg1[9])); - fiat_p384_mulx_u32(&x19, &x20, x12, (arg1[8])); - fiat_p384_mulx_u32(&x21, &x22, x12, (arg1[7])); - fiat_p384_mulx_u32(&x23, &x24, x12, (arg1[6])); - fiat_p384_mulx_u32(&x25, &x26, x12, (arg1[5])); - fiat_p384_mulx_u32(&x27, &x28, x12, (arg1[4])); - fiat_p384_mulx_u32(&x29, &x30, x12, (arg1[3])); - fiat_p384_mulx_u32(&x31, &x32, x12, (arg1[2])); - fiat_p384_mulx_u32(&x33, &x34, x12, (arg1[1])); - fiat_p384_mulx_u32(&x35, &x36, x12, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[8]; + x9 = arg1[9]; + x10 = arg1[10]; + x11 = arg1[11]; + x12 = arg1[0]; + fiat_p384_mulx_u32(&x13, &x14, x12, arg1[11]); + fiat_p384_mulx_u32(&x15, &x16, x12, arg1[10]); + fiat_p384_mulx_u32(&x17, &x18, x12, arg1[9]); + fiat_p384_mulx_u32(&x19, &x20, x12, arg1[8]); + fiat_p384_mulx_u32(&x21, &x22, x12, arg1[7]); + fiat_p384_mulx_u32(&x23, &x24, x12, arg1[6]); + fiat_p384_mulx_u32(&x25, &x26, x12, arg1[5]); + fiat_p384_mulx_u32(&x27, &x28, x12, arg1[4]); + fiat_p384_mulx_u32(&x29, &x30, x12, arg1[3]); + fiat_p384_mulx_u32(&x31, &x32, x12, arg1[2]); + fiat_p384_mulx_u32(&x33, &x34, x12, arg1[1]); + fiat_p384_mulx_u32(&x35, &x36, x12, arg1[0]); fiat_p384_addcarryx_u32(&x37, &x38, 0x0, x36, x33); fiat_p384_addcarryx_u32(&x39, &x40, x38, x34, x31); fiat_p384_addcarryx_u32(&x41, &x42, x40, x32, x29); @@ -4413,7 +4413,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x53, &x54, x52, x20, x17); fiat_p384_addcarryx_u32(&x55, &x56, x54, x18, x15); fiat_p384_addcarryx_u32(&x57, &x58, x56, x16, x13); - x59 = (x58 + x14); + x59 = x58 + x14; fiat_p384_mulx_u32(&x60, &x61, x35, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x62, &x63, x35, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x64, &x65, x35, UINT32_C(0xffffffff)); @@ -4432,7 +4432,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x90, &x91, x89, x67, x64); fiat_p384_addcarryx_u32(&x92, &x93, x91, x65, x62); fiat_p384_addcarryx_u32(&x94, &x95, x93, x63, x60); - x96 = (x95 + x61); + x96 = x95 + x61; fiat_p384_addcarryx_u32(&x97, &x98, 0x0, x35, x78); fiat_p384_addcarryx_u32(&x99, &x100, x98, x37, x79); fiat_p384_addcarryx_u32(&x101, &x102, x100, x39, 0x0); @@ -4446,18 +4446,18 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x117, &x118, x116, x55, x92); fiat_p384_addcarryx_u32(&x119, &x120, x118, x57, x94); fiat_p384_addcarryx_u32(&x121, &x122, x120, x59, x96); - fiat_p384_mulx_u32(&x123, &x124, x1, (arg1[11])); - fiat_p384_mulx_u32(&x125, &x126, x1, (arg1[10])); - fiat_p384_mulx_u32(&x127, &x128, x1, (arg1[9])); - fiat_p384_mulx_u32(&x129, &x130, x1, (arg1[8])); - fiat_p384_mulx_u32(&x131, &x132, x1, (arg1[7])); - fiat_p384_mulx_u32(&x133, &x134, x1, (arg1[6])); - fiat_p384_mulx_u32(&x135, &x136, x1, (arg1[5])); - fiat_p384_mulx_u32(&x137, &x138, x1, (arg1[4])); - fiat_p384_mulx_u32(&x139, &x140, x1, (arg1[3])); - fiat_p384_mulx_u32(&x141, &x142, x1, (arg1[2])); - fiat_p384_mulx_u32(&x143, &x144, x1, (arg1[1])); - fiat_p384_mulx_u32(&x145, &x146, x1, (arg1[0])); + fiat_p384_mulx_u32(&x123, &x124, x1, arg1[11]); + fiat_p384_mulx_u32(&x125, &x126, x1, arg1[10]); + fiat_p384_mulx_u32(&x127, &x128, x1, arg1[9]); + fiat_p384_mulx_u32(&x129, &x130, x1, arg1[8]); + fiat_p384_mulx_u32(&x131, &x132, x1, arg1[7]); + fiat_p384_mulx_u32(&x133, &x134, x1, arg1[6]); + fiat_p384_mulx_u32(&x135, &x136, x1, arg1[5]); + fiat_p384_mulx_u32(&x137, &x138, x1, arg1[4]); + fiat_p384_mulx_u32(&x139, &x140, x1, arg1[3]); + fiat_p384_mulx_u32(&x141, &x142, x1, arg1[2]); + fiat_p384_mulx_u32(&x143, &x144, x1, arg1[1]); + fiat_p384_mulx_u32(&x145, &x146, x1, arg1[0]); fiat_p384_addcarryx_u32(&x147, &x148, 0x0, x146, x143); fiat_p384_addcarryx_u32(&x149, &x150, x148, x144, x141); fiat_p384_addcarryx_u32(&x151, &x152, x150, x142, x139); @@ -4469,7 +4469,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x163, &x164, x162, x130, x127); fiat_p384_addcarryx_u32(&x165, &x166, x164, x128, x125); fiat_p384_addcarryx_u32(&x167, &x168, x166, x126, x123); - x169 = (x168 + x124); + x169 = x168 + x124; fiat_p384_addcarryx_u32(&x170, &x171, 0x0, x99, x145); fiat_p384_addcarryx_u32(&x172, &x173, x171, x101, x147); fiat_p384_addcarryx_u32(&x174, &x175, x173, x103, x149); @@ -4501,7 +4501,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x226, &x227, x225, x203, x200); fiat_p384_addcarryx_u32(&x228, &x229, x227, x201, x198); fiat_p384_addcarryx_u32(&x230, &x231, x229, x199, x196); - x232 = (x231 + x197); + x232 = x231 + x197; fiat_p384_addcarryx_u32(&x233, &x234, 0x0, x170, x214); fiat_p384_addcarryx_u32(&x235, &x236, x234, x172, x215); fiat_p384_addcarryx_u32(&x237, &x238, x236, x174, 0x0); @@ -4515,19 +4515,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x253, &x254, x252, x190, x228); fiat_p384_addcarryx_u32(&x255, &x256, x254, x192, x230); fiat_p384_addcarryx_u32(&x257, &x258, x256, x194, x232); - x259 = ((uint32_t)x258 + x195); - fiat_p384_mulx_u32(&x260, &x261, x2, (arg1[11])); - fiat_p384_mulx_u32(&x262, &x263, x2, (arg1[10])); - fiat_p384_mulx_u32(&x264, &x265, x2, (arg1[9])); - fiat_p384_mulx_u32(&x266, &x267, x2, (arg1[8])); - fiat_p384_mulx_u32(&x268, &x269, x2, (arg1[7])); - fiat_p384_mulx_u32(&x270, &x271, x2, (arg1[6])); - fiat_p384_mulx_u32(&x272, &x273, x2, (arg1[5])); - fiat_p384_mulx_u32(&x274, &x275, x2, (arg1[4])); - fiat_p384_mulx_u32(&x276, &x277, x2, (arg1[3])); - fiat_p384_mulx_u32(&x278, &x279, x2, (arg1[2])); - fiat_p384_mulx_u32(&x280, &x281, x2, (arg1[1])); - fiat_p384_mulx_u32(&x282, &x283, x2, (arg1[0])); + x259 = (uint32_t)x258 + x195; + fiat_p384_mulx_u32(&x260, &x261, x2, arg1[11]); + fiat_p384_mulx_u32(&x262, &x263, x2, arg1[10]); + fiat_p384_mulx_u32(&x264, &x265, x2, arg1[9]); + fiat_p384_mulx_u32(&x266, &x267, x2, arg1[8]); + fiat_p384_mulx_u32(&x268, &x269, x2, arg1[7]); + fiat_p384_mulx_u32(&x270, &x271, x2, arg1[6]); + fiat_p384_mulx_u32(&x272, &x273, x2, arg1[5]); + fiat_p384_mulx_u32(&x274, &x275, x2, arg1[4]); + fiat_p384_mulx_u32(&x276, &x277, x2, arg1[3]); + fiat_p384_mulx_u32(&x278, &x279, x2, arg1[2]); + fiat_p384_mulx_u32(&x280, &x281, x2, arg1[1]); + fiat_p384_mulx_u32(&x282, &x283, x2, arg1[0]); fiat_p384_addcarryx_u32(&x284, &x285, 0x0, x283, x280); fiat_p384_addcarryx_u32(&x286, &x287, x285, x281, x278); fiat_p384_addcarryx_u32(&x288, &x289, x287, x279, x276); @@ -4539,7 +4539,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x300, &x301, x299, x267, x264); fiat_p384_addcarryx_u32(&x302, &x303, x301, x265, x262); fiat_p384_addcarryx_u32(&x304, &x305, x303, x263, x260); - x306 = (x305 + x261); + x306 = x305 + x261; fiat_p384_addcarryx_u32(&x307, &x308, 0x0, x235, x282); fiat_p384_addcarryx_u32(&x309, &x310, x308, x237, x284); fiat_p384_addcarryx_u32(&x311, &x312, x310, x239, x286); @@ -4571,7 +4571,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x363, &x364, x362, x340, x337); fiat_p384_addcarryx_u32(&x365, &x366, x364, x338, x335); fiat_p384_addcarryx_u32(&x367, &x368, x366, x336, x333); - x369 = (x368 + x334); + x369 = x368 + x334; fiat_p384_addcarryx_u32(&x370, &x371, 0x0, x307, x351); fiat_p384_addcarryx_u32(&x372, &x373, x371, x309, x352); fiat_p384_addcarryx_u32(&x374, &x375, x373, x311, 0x0); @@ -4585,19 +4585,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x390, &x391, x389, x327, x365); fiat_p384_addcarryx_u32(&x392, &x393, x391, x329, x367); fiat_p384_addcarryx_u32(&x394, &x395, x393, x331, x369); - x396 = ((uint32_t)x395 + x332); - fiat_p384_mulx_u32(&x397, &x398, x3, (arg1[11])); - fiat_p384_mulx_u32(&x399, &x400, x3, (arg1[10])); - fiat_p384_mulx_u32(&x401, &x402, x3, (arg1[9])); - fiat_p384_mulx_u32(&x403, &x404, x3, (arg1[8])); - fiat_p384_mulx_u32(&x405, &x406, x3, (arg1[7])); - fiat_p384_mulx_u32(&x407, &x408, x3, (arg1[6])); - fiat_p384_mulx_u32(&x409, &x410, x3, (arg1[5])); - fiat_p384_mulx_u32(&x411, &x412, x3, (arg1[4])); - fiat_p384_mulx_u32(&x413, &x414, x3, (arg1[3])); - fiat_p384_mulx_u32(&x415, &x416, x3, (arg1[2])); - fiat_p384_mulx_u32(&x417, &x418, x3, (arg1[1])); - fiat_p384_mulx_u32(&x419, &x420, x3, (arg1[0])); + x396 = (uint32_t)x395 + x332; + fiat_p384_mulx_u32(&x397, &x398, x3, arg1[11]); + fiat_p384_mulx_u32(&x399, &x400, x3, arg1[10]); + fiat_p384_mulx_u32(&x401, &x402, x3, arg1[9]); + fiat_p384_mulx_u32(&x403, &x404, x3, arg1[8]); + fiat_p384_mulx_u32(&x405, &x406, x3, arg1[7]); + fiat_p384_mulx_u32(&x407, &x408, x3, arg1[6]); + fiat_p384_mulx_u32(&x409, &x410, x3, arg1[5]); + fiat_p384_mulx_u32(&x411, &x412, x3, arg1[4]); + fiat_p384_mulx_u32(&x413, &x414, x3, arg1[3]); + fiat_p384_mulx_u32(&x415, &x416, x3, arg1[2]); + fiat_p384_mulx_u32(&x417, &x418, x3, arg1[1]); + fiat_p384_mulx_u32(&x419, &x420, x3, arg1[0]); fiat_p384_addcarryx_u32(&x421, &x422, 0x0, x420, x417); fiat_p384_addcarryx_u32(&x423, &x424, x422, x418, x415); fiat_p384_addcarryx_u32(&x425, &x426, x424, x416, x413); @@ -4609,7 +4609,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x437, &x438, x436, x404, x401); fiat_p384_addcarryx_u32(&x439, &x440, x438, x402, x399); fiat_p384_addcarryx_u32(&x441, &x442, x440, x400, x397); - x443 = (x442 + x398); + x443 = x442 + x398; fiat_p384_addcarryx_u32(&x444, &x445, 0x0, x372, x419); fiat_p384_addcarryx_u32(&x446, &x447, x445, x374, x421); fiat_p384_addcarryx_u32(&x448, &x449, x447, x376, x423); @@ -4641,7 +4641,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x500, &x501, x499, x477, x474); fiat_p384_addcarryx_u32(&x502, &x503, x501, x475, x472); fiat_p384_addcarryx_u32(&x504, &x505, x503, x473, x470); - x506 = (x505 + x471); + x506 = x505 + x471; fiat_p384_addcarryx_u32(&x507, &x508, 0x0, x444, x488); fiat_p384_addcarryx_u32(&x509, &x510, x508, x446, x489); fiat_p384_addcarryx_u32(&x511, &x512, x510, x448, 0x0); @@ -4655,19 +4655,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x527, &x528, x526, x464, x502); fiat_p384_addcarryx_u32(&x529, &x530, x528, x466, x504); fiat_p384_addcarryx_u32(&x531, &x532, x530, x468, x506); - x533 = ((uint32_t)x532 + x469); - fiat_p384_mulx_u32(&x534, &x535, x4, (arg1[11])); - fiat_p384_mulx_u32(&x536, &x537, x4, (arg1[10])); - fiat_p384_mulx_u32(&x538, &x539, x4, (arg1[9])); - fiat_p384_mulx_u32(&x540, &x541, x4, (arg1[8])); - fiat_p384_mulx_u32(&x542, &x543, x4, (arg1[7])); - fiat_p384_mulx_u32(&x544, &x545, x4, (arg1[6])); - fiat_p384_mulx_u32(&x546, &x547, x4, (arg1[5])); - fiat_p384_mulx_u32(&x548, &x549, x4, (arg1[4])); - fiat_p384_mulx_u32(&x550, &x551, x4, (arg1[3])); - fiat_p384_mulx_u32(&x552, &x553, x4, (arg1[2])); - fiat_p384_mulx_u32(&x554, &x555, x4, (arg1[1])); - fiat_p384_mulx_u32(&x556, &x557, x4, (arg1[0])); + x533 = (uint32_t)x532 + x469; + fiat_p384_mulx_u32(&x534, &x535, x4, arg1[11]); + fiat_p384_mulx_u32(&x536, &x537, x4, arg1[10]); + fiat_p384_mulx_u32(&x538, &x539, x4, arg1[9]); + fiat_p384_mulx_u32(&x540, &x541, x4, arg1[8]); + fiat_p384_mulx_u32(&x542, &x543, x4, arg1[7]); + fiat_p384_mulx_u32(&x544, &x545, x4, arg1[6]); + fiat_p384_mulx_u32(&x546, &x547, x4, arg1[5]); + fiat_p384_mulx_u32(&x548, &x549, x4, arg1[4]); + fiat_p384_mulx_u32(&x550, &x551, x4, arg1[3]); + fiat_p384_mulx_u32(&x552, &x553, x4, arg1[2]); + fiat_p384_mulx_u32(&x554, &x555, x4, arg1[1]); + fiat_p384_mulx_u32(&x556, &x557, x4, arg1[0]); fiat_p384_addcarryx_u32(&x558, &x559, 0x0, x557, x554); fiat_p384_addcarryx_u32(&x560, &x561, x559, x555, x552); fiat_p384_addcarryx_u32(&x562, &x563, x561, x553, x550); @@ -4679,7 +4679,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x574, &x575, x573, x541, x538); fiat_p384_addcarryx_u32(&x576, &x577, x575, x539, x536); fiat_p384_addcarryx_u32(&x578, &x579, x577, x537, x534); - x580 = (x579 + x535); + x580 = x579 + x535; fiat_p384_addcarryx_u32(&x581, &x582, 0x0, x509, x556); fiat_p384_addcarryx_u32(&x583, &x584, x582, x511, x558); fiat_p384_addcarryx_u32(&x585, &x586, x584, x513, x560); @@ -4711,7 +4711,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x637, &x638, x636, x614, x611); fiat_p384_addcarryx_u32(&x639, &x640, x638, x612, x609); fiat_p384_addcarryx_u32(&x641, &x642, x640, x610, x607); - x643 = (x642 + x608); + x643 = x642 + x608; fiat_p384_addcarryx_u32(&x644, &x645, 0x0, x581, x625); fiat_p384_addcarryx_u32(&x646, &x647, x645, x583, x626); fiat_p384_addcarryx_u32(&x648, &x649, x647, x585, 0x0); @@ -4725,19 +4725,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x664, &x665, x663, x601, x639); fiat_p384_addcarryx_u32(&x666, &x667, x665, x603, x641); fiat_p384_addcarryx_u32(&x668, &x669, x667, x605, x643); - x670 = ((uint32_t)x669 + x606); - fiat_p384_mulx_u32(&x671, &x672, x5, (arg1[11])); - fiat_p384_mulx_u32(&x673, &x674, x5, (arg1[10])); - fiat_p384_mulx_u32(&x675, &x676, x5, (arg1[9])); - fiat_p384_mulx_u32(&x677, &x678, x5, (arg1[8])); - fiat_p384_mulx_u32(&x679, &x680, x5, (arg1[7])); - fiat_p384_mulx_u32(&x681, &x682, x5, (arg1[6])); - fiat_p384_mulx_u32(&x683, &x684, x5, (arg1[5])); - fiat_p384_mulx_u32(&x685, &x686, x5, (arg1[4])); - fiat_p384_mulx_u32(&x687, &x688, x5, (arg1[3])); - fiat_p384_mulx_u32(&x689, &x690, x5, (arg1[2])); - fiat_p384_mulx_u32(&x691, &x692, x5, (arg1[1])); - fiat_p384_mulx_u32(&x693, &x694, x5, (arg1[0])); + x670 = (uint32_t)x669 + x606; + fiat_p384_mulx_u32(&x671, &x672, x5, arg1[11]); + fiat_p384_mulx_u32(&x673, &x674, x5, arg1[10]); + fiat_p384_mulx_u32(&x675, &x676, x5, arg1[9]); + fiat_p384_mulx_u32(&x677, &x678, x5, arg1[8]); + fiat_p384_mulx_u32(&x679, &x680, x5, arg1[7]); + fiat_p384_mulx_u32(&x681, &x682, x5, arg1[6]); + fiat_p384_mulx_u32(&x683, &x684, x5, arg1[5]); + fiat_p384_mulx_u32(&x685, &x686, x5, arg1[4]); + fiat_p384_mulx_u32(&x687, &x688, x5, arg1[3]); + fiat_p384_mulx_u32(&x689, &x690, x5, arg1[2]); + fiat_p384_mulx_u32(&x691, &x692, x5, arg1[1]); + fiat_p384_mulx_u32(&x693, &x694, x5, arg1[0]); fiat_p384_addcarryx_u32(&x695, &x696, 0x0, x694, x691); fiat_p384_addcarryx_u32(&x697, &x698, x696, x692, x689); fiat_p384_addcarryx_u32(&x699, &x700, x698, x690, x687); @@ -4749,7 +4749,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x711, &x712, x710, x678, x675); fiat_p384_addcarryx_u32(&x713, &x714, x712, x676, x673); fiat_p384_addcarryx_u32(&x715, &x716, x714, x674, x671); - x717 = (x716 + x672); + x717 = x716 + x672; fiat_p384_addcarryx_u32(&x718, &x719, 0x0, x646, x693); fiat_p384_addcarryx_u32(&x720, &x721, x719, x648, x695); fiat_p384_addcarryx_u32(&x722, &x723, x721, x650, x697); @@ -4781,7 +4781,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x774, &x775, x773, x751, x748); fiat_p384_addcarryx_u32(&x776, &x777, x775, x749, x746); fiat_p384_addcarryx_u32(&x778, &x779, x777, x747, x744); - x780 = (x779 + x745); + x780 = x779 + x745; fiat_p384_addcarryx_u32(&x781, &x782, 0x0, x718, x762); fiat_p384_addcarryx_u32(&x783, &x784, x782, x720, x763); fiat_p384_addcarryx_u32(&x785, &x786, x784, x722, 0x0); @@ -4795,19 +4795,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x801, &x802, x800, x738, x776); fiat_p384_addcarryx_u32(&x803, &x804, x802, x740, x778); fiat_p384_addcarryx_u32(&x805, &x806, x804, x742, x780); - x807 = ((uint32_t)x806 + x743); - fiat_p384_mulx_u32(&x808, &x809, x6, (arg1[11])); - fiat_p384_mulx_u32(&x810, &x811, x6, (arg1[10])); - fiat_p384_mulx_u32(&x812, &x813, x6, (arg1[9])); - fiat_p384_mulx_u32(&x814, &x815, x6, (arg1[8])); - fiat_p384_mulx_u32(&x816, &x817, x6, (arg1[7])); - fiat_p384_mulx_u32(&x818, &x819, x6, (arg1[6])); - fiat_p384_mulx_u32(&x820, &x821, x6, (arg1[5])); - fiat_p384_mulx_u32(&x822, &x823, x6, (arg1[4])); - fiat_p384_mulx_u32(&x824, &x825, x6, (arg1[3])); - fiat_p384_mulx_u32(&x826, &x827, x6, (arg1[2])); - fiat_p384_mulx_u32(&x828, &x829, x6, (arg1[1])); - fiat_p384_mulx_u32(&x830, &x831, x6, (arg1[0])); + x807 = (uint32_t)x806 + x743; + fiat_p384_mulx_u32(&x808, &x809, x6, arg1[11]); + fiat_p384_mulx_u32(&x810, &x811, x6, arg1[10]); + fiat_p384_mulx_u32(&x812, &x813, x6, arg1[9]); + fiat_p384_mulx_u32(&x814, &x815, x6, arg1[8]); + fiat_p384_mulx_u32(&x816, &x817, x6, arg1[7]); + fiat_p384_mulx_u32(&x818, &x819, x6, arg1[6]); + fiat_p384_mulx_u32(&x820, &x821, x6, arg1[5]); + fiat_p384_mulx_u32(&x822, &x823, x6, arg1[4]); + fiat_p384_mulx_u32(&x824, &x825, x6, arg1[3]); + fiat_p384_mulx_u32(&x826, &x827, x6, arg1[2]); + fiat_p384_mulx_u32(&x828, &x829, x6, arg1[1]); + fiat_p384_mulx_u32(&x830, &x831, x6, arg1[0]); fiat_p384_addcarryx_u32(&x832, &x833, 0x0, x831, x828); fiat_p384_addcarryx_u32(&x834, &x835, x833, x829, x826); fiat_p384_addcarryx_u32(&x836, &x837, x835, x827, x824); @@ -4819,7 +4819,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x848, &x849, x847, x815, x812); fiat_p384_addcarryx_u32(&x850, &x851, x849, x813, x810); fiat_p384_addcarryx_u32(&x852, &x853, x851, x811, x808); - x854 = (x853 + x809); + x854 = x853 + x809; fiat_p384_addcarryx_u32(&x855, &x856, 0x0, x783, x830); fiat_p384_addcarryx_u32(&x857, &x858, x856, x785, x832); fiat_p384_addcarryx_u32(&x859, &x860, x858, x787, x834); @@ -4851,7 +4851,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x911, &x912, x910, x888, x885); fiat_p384_addcarryx_u32(&x913, &x914, x912, x886, x883); fiat_p384_addcarryx_u32(&x915, &x916, x914, x884, x881); - x917 = (x916 + x882); + x917 = x916 + x882; fiat_p384_addcarryx_u32(&x918, &x919, 0x0, x855, x899); fiat_p384_addcarryx_u32(&x920, &x921, x919, x857, x900); fiat_p384_addcarryx_u32(&x922, &x923, x921, x859, 0x0); @@ -4865,19 +4865,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x938, &x939, x937, x875, x913); fiat_p384_addcarryx_u32(&x940, &x941, x939, x877, x915); fiat_p384_addcarryx_u32(&x942, &x943, x941, x879, x917); - x944 = ((uint32_t)x943 + x880); - fiat_p384_mulx_u32(&x945, &x946, x7, (arg1[11])); - fiat_p384_mulx_u32(&x947, &x948, x7, (arg1[10])); - fiat_p384_mulx_u32(&x949, &x950, x7, (arg1[9])); - fiat_p384_mulx_u32(&x951, &x952, x7, (arg1[8])); - fiat_p384_mulx_u32(&x953, &x954, x7, (arg1[7])); - fiat_p384_mulx_u32(&x955, &x956, x7, (arg1[6])); - fiat_p384_mulx_u32(&x957, &x958, x7, (arg1[5])); - fiat_p384_mulx_u32(&x959, &x960, x7, (arg1[4])); - fiat_p384_mulx_u32(&x961, &x962, x7, (arg1[3])); - fiat_p384_mulx_u32(&x963, &x964, x7, (arg1[2])); - fiat_p384_mulx_u32(&x965, &x966, x7, (arg1[1])); - fiat_p384_mulx_u32(&x967, &x968, x7, (arg1[0])); + x944 = (uint32_t)x943 + x880; + fiat_p384_mulx_u32(&x945, &x946, x7, arg1[11]); + fiat_p384_mulx_u32(&x947, &x948, x7, arg1[10]); + fiat_p384_mulx_u32(&x949, &x950, x7, arg1[9]); + fiat_p384_mulx_u32(&x951, &x952, x7, arg1[8]); + fiat_p384_mulx_u32(&x953, &x954, x7, arg1[7]); + fiat_p384_mulx_u32(&x955, &x956, x7, arg1[6]); + fiat_p384_mulx_u32(&x957, &x958, x7, arg1[5]); + fiat_p384_mulx_u32(&x959, &x960, x7, arg1[4]); + fiat_p384_mulx_u32(&x961, &x962, x7, arg1[3]); + fiat_p384_mulx_u32(&x963, &x964, x7, arg1[2]); + fiat_p384_mulx_u32(&x965, &x966, x7, arg1[1]); + fiat_p384_mulx_u32(&x967, &x968, x7, arg1[0]); fiat_p384_addcarryx_u32(&x969, &x970, 0x0, x968, x965); fiat_p384_addcarryx_u32(&x971, &x972, x970, x966, x963); fiat_p384_addcarryx_u32(&x973, &x974, x972, x964, x961); @@ -4889,7 +4889,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x985, &x986, x984, x952, x949); fiat_p384_addcarryx_u32(&x987, &x988, x986, x950, x947); fiat_p384_addcarryx_u32(&x989, &x990, x988, x948, x945); - x991 = (x990 + x946); + x991 = x990 + x946; fiat_p384_addcarryx_u32(&x992, &x993, 0x0, x920, x967); fiat_p384_addcarryx_u32(&x994, &x995, x993, x922, x969); fiat_p384_addcarryx_u32(&x996, &x997, x995, x924, x971); @@ -4921,7 +4921,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1048, &x1049, x1047, x1025, x1022); fiat_p384_addcarryx_u32(&x1050, &x1051, x1049, x1023, x1020); fiat_p384_addcarryx_u32(&x1052, &x1053, x1051, x1021, x1018); - x1054 = (x1053 + x1019); + x1054 = x1053 + x1019; fiat_p384_addcarryx_u32(&x1055, &x1056, 0x0, x992, x1036); fiat_p384_addcarryx_u32(&x1057, &x1058, x1056, x994, x1037); fiat_p384_addcarryx_u32(&x1059, &x1060, x1058, x996, 0x0); @@ -4935,19 +4935,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1075, &x1076, x1074, x1012, x1050); fiat_p384_addcarryx_u32(&x1077, &x1078, x1076, x1014, x1052); fiat_p384_addcarryx_u32(&x1079, &x1080, x1078, x1016, x1054); - x1081 = ((uint32_t)x1080 + x1017); - fiat_p384_mulx_u32(&x1082, &x1083, x8, (arg1[11])); - fiat_p384_mulx_u32(&x1084, &x1085, x8, (arg1[10])); - fiat_p384_mulx_u32(&x1086, &x1087, x8, (arg1[9])); - fiat_p384_mulx_u32(&x1088, &x1089, x8, (arg1[8])); - fiat_p384_mulx_u32(&x1090, &x1091, x8, (arg1[7])); - fiat_p384_mulx_u32(&x1092, &x1093, x8, (arg1[6])); - fiat_p384_mulx_u32(&x1094, &x1095, x8, (arg1[5])); - fiat_p384_mulx_u32(&x1096, &x1097, x8, (arg1[4])); - fiat_p384_mulx_u32(&x1098, &x1099, x8, (arg1[3])); - fiat_p384_mulx_u32(&x1100, &x1101, x8, (arg1[2])); - fiat_p384_mulx_u32(&x1102, &x1103, x8, (arg1[1])); - fiat_p384_mulx_u32(&x1104, &x1105, x8, (arg1[0])); + x1081 = (uint32_t)x1080 + x1017; + fiat_p384_mulx_u32(&x1082, &x1083, x8, arg1[11]); + fiat_p384_mulx_u32(&x1084, &x1085, x8, arg1[10]); + fiat_p384_mulx_u32(&x1086, &x1087, x8, arg1[9]); + fiat_p384_mulx_u32(&x1088, &x1089, x8, arg1[8]); + fiat_p384_mulx_u32(&x1090, &x1091, x8, arg1[7]); + fiat_p384_mulx_u32(&x1092, &x1093, x8, arg1[6]); + fiat_p384_mulx_u32(&x1094, &x1095, x8, arg1[5]); + fiat_p384_mulx_u32(&x1096, &x1097, x8, arg1[4]); + fiat_p384_mulx_u32(&x1098, &x1099, x8, arg1[3]); + fiat_p384_mulx_u32(&x1100, &x1101, x8, arg1[2]); + fiat_p384_mulx_u32(&x1102, &x1103, x8, arg1[1]); + fiat_p384_mulx_u32(&x1104, &x1105, x8, arg1[0]); fiat_p384_addcarryx_u32(&x1106, &x1107, 0x0, x1105, x1102); fiat_p384_addcarryx_u32(&x1108, &x1109, x1107, x1103, x1100); fiat_p384_addcarryx_u32(&x1110, &x1111, x1109, x1101, x1098); @@ -4959,7 +4959,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1122, &x1123, x1121, x1089, x1086); fiat_p384_addcarryx_u32(&x1124, &x1125, x1123, x1087, x1084); fiat_p384_addcarryx_u32(&x1126, &x1127, x1125, x1085, x1082); - x1128 = (x1127 + x1083); + x1128 = x1127 + x1083; fiat_p384_addcarryx_u32(&x1129, &x1130, 0x0, x1057, x1104); fiat_p384_addcarryx_u32(&x1131, &x1132, x1130, x1059, x1106); fiat_p384_addcarryx_u32(&x1133, &x1134, x1132, x1061, x1108); @@ -4991,7 +4991,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1185, &x1186, x1184, x1162, x1159); fiat_p384_addcarryx_u32(&x1187, &x1188, x1186, x1160, x1157); fiat_p384_addcarryx_u32(&x1189, &x1190, x1188, x1158, x1155); - x1191 = (x1190 + x1156); + x1191 = x1190 + x1156; fiat_p384_addcarryx_u32(&x1192, &x1193, 0x0, x1129, x1173); fiat_p384_addcarryx_u32(&x1194, &x1195, x1193, x1131, x1174); fiat_p384_addcarryx_u32(&x1196, &x1197, x1195, x1133, 0x0); @@ -5005,19 +5005,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1212, &x1213, x1211, x1149, x1187); fiat_p384_addcarryx_u32(&x1214, &x1215, x1213, x1151, x1189); fiat_p384_addcarryx_u32(&x1216, &x1217, x1215, x1153, x1191); - x1218 = ((uint32_t)x1217 + x1154); - fiat_p384_mulx_u32(&x1219, &x1220, x9, (arg1[11])); - fiat_p384_mulx_u32(&x1221, &x1222, x9, (arg1[10])); - fiat_p384_mulx_u32(&x1223, &x1224, x9, (arg1[9])); - fiat_p384_mulx_u32(&x1225, &x1226, x9, (arg1[8])); - fiat_p384_mulx_u32(&x1227, &x1228, x9, (arg1[7])); - fiat_p384_mulx_u32(&x1229, &x1230, x9, (arg1[6])); - fiat_p384_mulx_u32(&x1231, &x1232, x9, (arg1[5])); - fiat_p384_mulx_u32(&x1233, &x1234, x9, (arg1[4])); - fiat_p384_mulx_u32(&x1235, &x1236, x9, (arg1[3])); - fiat_p384_mulx_u32(&x1237, &x1238, x9, (arg1[2])); - fiat_p384_mulx_u32(&x1239, &x1240, x9, (arg1[1])); - fiat_p384_mulx_u32(&x1241, &x1242, x9, (arg1[0])); + x1218 = (uint32_t)x1217 + x1154; + fiat_p384_mulx_u32(&x1219, &x1220, x9, arg1[11]); + fiat_p384_mulx_u32(&x1221, &x1222, x9, arg1[10]); + fiat_p384_mulx_u32(&x1223, &x1224, x9, arg1[9]); + fiat_p384_mulx_u32(&x1225, &x1226, x9, arg1[8]); + fiat_p384_mulx_u32(&x1227, &x1228, x9, arg1[7]); + fiat_p384_mulx_u32(&x1229, &x1230, x9, arg1[6]); + fiat_p384_mulx_u32(&x1231, &x1232, x9, arg1[5]); + fiat_p384_mulx_u32(&x1233, &x1234, x9, arg1[4]); + fiat_p384_mulx_u32(&x1235, &x1236, x9, arg1[3]); + fiat_p384_mulx_u32(&x1237, &x1238, x9, arg1[2]); + fiat_p384_mulx_u32(&x1239, &x1240, x9, arg1[1]); + fiat_p384_mulx_u32(&x1241, &x1242, x9, arg1[0]); fiat_p384_addcarryx_u32(&x1243, &x1244, 0x0, x1242, x1239); fiat_p384_addcarryx_u32(&x1245, &x1246, x1244, x1240, x1237); fiat_p384_addcarryx_u32(&x1247, &x1248, x1246, x1238, x1235); @@ -5029,7 +5029,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1259, &x1260, x1258, x1226, x1223); fiat_p384_addcarryx_u32(&x1261, &x1262, x1260, x1224, x1221); fiat_p384_addcarryx_u32(&x1263, &x1264, x1262, x1222, x1219); - x1265 = (x1264 + x1220); + x1265 = x1264 + x1220; fiat_p384_addcarryx_u32(&x1266, &x1267, 0x0, x1194, x1241); fiat_p384_addcarryx_u32(&x1268, &x1269, x1267, x1196, x1243); fiat_p384_addcarryx_u32(&x1270, &x1271, x1269, x1198, x1245); @@ -5061,7 +5061,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1322, &x1323, x1321, x1299, x1296); fiat_p384_addcarryx_u32(&x1324, &x1325, x1323, x1297, x1294); fiat_p384_addcarryx_u32(&x1326, &x1327, x1325, x1295, x1292); - x1328 = (x1327 + x1293); + x1328 = x1327 + x1293; fiat_p384_addcarryx_u32(&x1329, &x1330, 0x0, x1266, x1310); fiat_p384_addcarryx_u32(&x1331, &x1332, x1330, x1268, x1311); fiat_p384_addcarryx_u32(&x1333, &x1334, x1332, x1270, 0x0); @@ -5075,19 +5075,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1349, &x1350, x1348, x1286, x1324); fiat_p384_addcarryx_u32(&x1351, &x1352, x1350, x1288, x1326); fiat_p384_addcarryx_u32(&x1353, &x1354, x1352, x1290, x1328); - x1355 = ((uint32_t)x1354 + x1291); - fiat_p384_mulx_u32(&x1356, &x1357, x10, (arg1[11])); - fiat_p384_mulx_u32(&x1358, &x1359, x10, (arg1[10])); - fiat_p384_mulx_u32(&x1360, &x1361, x10, (arg1[9])); - fiat_p384_mulx_u32(&x1362, &x1363, x10, (arg1[8])); - fiat_p384_mulx_u32(&x1364, &x1365, x10, (arg1[7])); - fiat_p384_mulx_u32(&x1366, &x1367, x10, (arg1[6])); - fiat_p384_mulx_u32(&x1368, &x1369, x10, (arg1[5])); - fiat_p384_mulx_u32(&x1370, &x1371, x10, (arg1[4])); - fiat_p384_mulx_u32(&x1372, &x1373, x10, (arg1[3])); - fiat_p384_mulx_u32(&x1374, &x1375, x10, (arg1[2])); - fiat_p384_mulx_u32(&x1376, &x1377, x10, (arg1[1])); - fiat_p384_mulx_u32(&x1378, &x1379, x10, (arg1[0])); + x1355 = (uint32_t)x1354 + x1291; + fiat_p384_mulx_u32(&x1356, &x1357, x10, arg1[11]); + fiat_p384_mulx_u32(&x1358, &x1359, x10, arg1[10]); + fiat_p384_mulx_u32(&x1360, &x1361, x10, arg1[9]); + fiat_p384_mulx_u32(&x1362, &x1363, x10, arg1[8]); + fiat_p384_mulx_u32(&x1364, &x1365, x10, arg1[7]); + fiat_p384_mulx_u32(&x1366, &x1367, x10, arg1[6]); + fiat_p384_mulx_u32(&x1368, &x1369, x10, arg1[5]); + fiat_p384_mulx_u32(&x1370, &x1371, x10, arg1[4]); + fiat_p384_mulx_u32(&x1372, &x1373, x10, arg1[3]); + fiat_p384_mulx_u32(&x1374, &x1375, x10, arg1[2]); + fiat_p384_mulx_u32(&x1376, &x1377, x10, arg1[1]); + fiat_p384_mulx_u32(&x1378, &x1379, x10, arg1[0]); fiat_p384_addcarryx_u32(&x1380, &x1381, 0x0, x1379, x1376); fiat_p384_addcarryx_u32(&x1382, &x1383, x1381, x1377, x1374); fiat_p384_addcarryx_u32(&x1384, &x1385, x1383, x1375, x1372); @@ -5099,7 +5099,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1396, &x1397, x1395, x1363, x1360); fiat_p384_addcarryx_u32(&x1398, &x1399, x1397, x1361, x1358); fiat_p384_addcarryx_u32(&x1400, &x1401, x1399, x1359, x1356); - x1402 = (x1401 + x1357); + x1402 = x1401 + x1357; fiat_p384_addcarryx_u32(&x1403, &x1404, 0x0, x1331, x1378); fiat_p384_addcarryx_u32(&x1405, &x1406, x1404, x1333, x1380); fiat_p384_addcarryx_u32(&x1407, &x1408, x1406, x1335, x1382); @@ -5131,7 +5131,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1459, &x1460, x1458, x1436, x1433); fiat_p384_addcarryx_u32(&x1461, &x1462, x1460, x1434, x1431); fiat_p384_addcarryx_u32(&x1463, &x1464, x1462, x1432, x1429); - x1465 = (x1464 + x1430); + x1465 = x1464 + x1430; fiat_p384_addcarryx_u32(&x1466, &x1467, 0x0, x1403, x1447); fiat_p384_addcarryx_u32(&x1468, &x1469, x1467, x1405, x1448); fiat_p384_addcarryx_u32(&x1470, &x1471, x1469, x1407, 0x0); @@ -5145,19 +5145,19 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1486, &x1487, x1485, x1423, x1461); fiat_p384_addcarryx_u32(&x1488, &x1489, x1487, x1425, x1463); fiat_p384_addcarryx_u32(&x1490, &x1491, x1489, x1427, x1465); - x1492 = ((uint32_t)x1491 + x1428); - fiat_p384_mulx_u32(&x1493, &x1494, x11, (arg1[11])); - fiat_p384_mulx_u32(&x1495, &x1496, x11, (arg1[10])); - fiat_p384_mulx_u32(&x1497, &x1498, x11, (arg1[9])); - fiat_p384_mulx_u32(&x1499, &x1500, x11, (arg1[8])); - fiat_p384_mulx_u32(&x1501, &x1502, x11, (arg1[7])); - fiat_p384_mulx_u32(&x1503, &x1504, x11, (arg1[6])); - fiat_p384_mulx_u32(&x1505, &x1506, x11, (arg1[5])); - fiat_p384_mulx_u32(&x1507, &x1508, x11, (arg1[4])); - fiat_p384_mulx_u32(&x1509, &x1510, x11, (arg1[3])); - fiat_p384_mulx_u32(&x1511, &x1512, x11, (arg1[2])); - fiat_p384_mulx_u32(&x1513, &x1514, x11, (arg1[1])); - fiat_p384_mulx_u32(&x1515, &x1516, x11, (arg1[0])); + x1492 = (uint32_t)x1491 + x1428; + fiat_p384_mulx_u32(&x1493, &x1494, x11, arg1[11]); + fiat_p384_mulx_u32(&x1495, &x1496, x11, arg1[10]); + fiat_p384_mulx_u32(&x1497, &x1498, x11, arg1[9]); + fiat_p384_mulx_u32(&x1499, &x1500, x11, arg1[8]); + fiat_p384_mulx_u32(&x1501, &x1502, x11, arg1[7]); + fiat_p384_mulx_u32(&x1503, &x1504, x11, arg1[6]); + fiat_p384_mulx_u32(&x1505, &x1506, x11, arg1[5]); + fiat_p384_mulx_u32(&x1507, &x1508, x11, arg1[4]); + fiat_p384_mulx_u32(&x1509, &x1510, x11, arg1[3]); + fiat_p384_mulx_u32(&x1511, &x1512, x11, arg1[2]); + fiat_p384_mulx_u32(&x1513, &x1514, x11, arg1[1]); + fiat_p384_mulx_u32(&x1515, &x1516, x11, arg1[0]); fiat_p384_addcarryx_u32(&x1517, &x1518, 0x0, x1516, x1513); fiat_p384_addcarryx_u32(&x1519, &x1520, x1518, x1514, x1511); fiat_p384_addcarryx_u32(&x1521, &x1522, x1520, x1512, x1509); @@ -5169,7 +5169,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1533, &x1534, x1532, x1500, x1497); fiat_p384_addcarryx_u32(&x1535, &x1536, x1534, x1498, x1495); fiat_p384_addcarryx_u32(&x1537, &x1538, x1536, x1496, x1493); - x1539 = (x1538 + x1494); + x1539 = x1538 + x1494; fiat_p384_addcarryx_u32(&x1540, &x1541, 0x0, x1468, x1515); fiat_p384_addcarryx_u32(&x1542, &x1543, x1541, x1470, x1517); fiat_p384_addcarryx_u32(&x1544, &x1545, x1543, x1472, x1519); @@ -5201,7 +5201,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1596, &x1597, x1595, x1573, x1570); fiat_p384_addcarryx_u32(&x1598, &x1599, x1597, x1571, x1568); fiat_p384_addcarryx_u32(&x1600, &x1601, x1599, x1569, x1566); - x1602 = (x1601 + x1567); + x1602 = x1601 + x1567; fiat_p384_addcarryx_u32(&x1603, &x1604, 0x0, x1540, x1584); fiat_p384_addcarryx_u32(&x1605, &x1606, x1604, x1542, x1585); fiat_p384_addcarryx_u32(&x1607, &x1608, x1606, x1544, 0x0); @@ -5215,7 +5215,7 @@ static void fiat_p384_square(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_addcarryx_u32(&x1623, &x1624, x1622, x1560, x1598); fiat_p384_addcarryx_u32(&x1625, &x1626, x1624, x1562, x1600); fiat_p384_addcarryx_u32(&x1627, &x1628, x1626, x1564, x1602); - x1629 = ((uint32_t)x1628 + x1565); + x1629 = (uint32_t)x1628 + x1565; fiat_p384_subborrowx_u32(&x1630, &x1631, 0x0, x1605, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x1632, &x1633, x1631, x1607, 0x0); fiat_p384_subborrowx_u32(&x1634, &x1635, x1633, x1609, 0x0); @@ -5334,18 +5334,18 @@ static void fiat_p384_add(uint32_t out1[12], const uint32_t arg1[12], const uint uint32_t x60; uint32_t x61; uint32_t x62; - fiat_p384_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p384_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p384_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p384_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p384_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p384_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p384_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); - fiat_p384_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); - fiat_p384_addcarryx_u32(&x17, &x18, x16, (arg1[8]), (arg2[8])); - fiat_p384_addcarryx_u32(&x19, &x20, x18, (arg1[9]), (arg2[9])); - fiat_p384_addcarryx_u32(&x21, &x22, x20, (arg1[10]), (arg2[10])); - fiat_p384_addcarryx_u32(&x23, &x24, x22, (arg1[11]), (arg2[11])); + fiat_p384_addcarryx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p384_addcarryx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p384_addcarryx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p384_addcarryx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p384_addcarryx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p384_addcarryx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p384_addcarryx_u32(&x13, &x14, x12, arg1[6], arg2[6]); + fiat_p384_addcarryx_u32(&x15, &x16, x14, arg1[7], arg2[7]); + fiat_p384_addcarryx_u32(&x17, &x18, x16, arg1[8], arg2[8]); + fiat_p384_addcarryx_u32(&x19, &x20, x18, arg1[9], arg2[9]); + fiat_p384_addcarryx_u32(&x21, &x22, x20, arg1[10], arg2[10]); + fiat_p384_addcarryx_u32(&x23, &x24, x22, arg1[11], arg2[11]); fiat_p384_subborrowx_u32(&x25, &x26, 0x0, x1, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x27, &x28, x26, x3, 0x0); fiat_p384_subborrowx_u32(&x29, &x30, x28, x5, 0x0); @@ -5451,24 +5451,24 @@ static void fiat_p384_sub(uint32_t out1[12], const uint32_t arg1[12], const uint fiat_p384_uint1 x47; uint32_t x48; fiat_p384_uint1 x49; - fiat_p384_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p384_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p384_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p384_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p384_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p384_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p384_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); - fiat_p384_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); - fiat_p384_subborrowx_u32(&x17, &x18, x16, (arg1[8]), (arg2[8])); - fiat_p384_subborrowx_u32(&x19, &x20, x18, (arg1[9]), (arg2[9])); - fiat_p384_subborrowx_u32(&x21, &x22, x20, (arg1[10]), (arg2[10])); - fiat_p384_subborrowx_u32(&x23, &x24, x22, (arg1[11]), (arg2[11])); + fiat_p384_subborrowx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p384_subborrowx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p384_subborrowx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p384_subborrowx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p384_subborrowx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p384_subborrowx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p384_subborrowx_u32(&x13, &x14, x12, arg1[6], arg2[6]); + fiat_p384_subborrowx_u32(&x15, &x16, x14, arg1[7], arg2[7]); + fiat_p384_subborrowx_u32(&x17, &x18, x16, arg1[8], arg2[8]); + fiat_p384_subborrowx_u32(&x19, &x20, x18, arg1[9], arg2[9]); + fiat_p384_subborrowx_u32(&x21, &x22, x20, arg1[10], arg2[10]); + fiat_p384_subborrowx_u32(&x23, &x24, x22, arg1[11], arg2[11]); fiat_p384_cmovznz_u32(&x25, x24, 0x0, UINT32_C(0xffffffff)); fiat_p384_addcarryx_u32(&x26, &x27, 0x0, x1, x25); fiat_p384_addcarryx_u32(&x28, &x29, x27, x3, 0x0); fiat_p384_addcarryx_u32(&x30, &x31, x29, x5, 0x0); fiat_p384_addcarryx_u32(&x32, &x33, x31, x7, x25); - fiat_p384_addcarryx_u32(&x34, &x35, x33, x9, (x25 & UINT32_C(0xfffffffe))); + fiat_p384_addcarryx_u32(&x34, &x35, x33, x9, x25 & UINT32_C(0xfffffffe)); fiat_p384_addcarryx_u32(&x36, &x37, x35, x11, x25); fiat_p384_addcarryx_u32(&x38, &x39, x37, x13, x25); fiat_p384_addcarryx_u32(&x40, &x41, x39, x15, x25); @@ -5554,24 +5554,24 @@ static void fiat_p384_opp(uint32_t out1[12], const uint32_t arg1[12]) { fiat_p384_uint1 x47; uint32_t x48; fiat_p384_uint1 x49; - fiat_p384_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p384_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p384_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p384_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); - fiat_p384_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); - fiat_p384_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); - fiat_p384_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); - fiat_p384_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); - fiat_p384_subborrowx_u32(&x17, &x18, x16, 0x0, (arg1[8])); - fiat_p384_subborrowx_u32(&x19, &x20, x18, 0x0, (arg1[9])); - fiat_p384_subborrowx_u32(&x21, &x22, x20, 0x0, (arg1[10])); - fiat_p384_subborrowx_u32(&x23, &x24, x22, 0x0, (arg1[11])); + fiat_p384_subborrowx_u32(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p384_subborrowx_u32(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p384_subborrowx_u32(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p384_subborrowx_u32(&x7, &x8, x6, 0x0, arg1[3]); + fiat_p384_subborrowx_u32(&x9, &x10, x8, 0x0, arg1[4]); + fiat_p384_subborrowx_u32(&x11, &x12, x10, 0x0, arg1[5]); + fiat_p384_subborrowx_u32(&x13, &x14, x12, 0x0, arg1[6]); + fiat_p384_subborrowx_u32(&x15, &x16, x14, 0x0, arg1[7]); + fiat_p384_subborrowx_u32(&x17, &x18, x16, 0x0, arg1[8]); + fiat_p384_subborrowx_u32(&x19, &x20, x18, 0x0, arg1[9]); + fiat_p384_subborrowx_u32(&x21, &x22, x20, 0x0, arg1[10]); + fiat_p384_subborrowx_u32(&x23, &x24, x22, 0x0, arg1[11]); fiat_p384_cmovznz_u32(&x25, x24, 0x0, UINT32_C(0xffffffff)); fiat_p384_addcarryx_u32(&x26, &x27, 0x0, x1, x25); fiat_p384_addcarryx_u32(&x28, &x29, x27, x3, 0x0); fiat_p384_addcarryx_u32(&x30, &x31, x29, x5, 0x0); fiat_p384_addcarryx_u32(&x32, &x33, x31, x7, x25); - fiat_p384_addcarryx_u32(&x34, &x35, x33, x9, (x25 & UINT32_C(0xfffffffe))); + fiat_p384_addcarryx_u32(&x34, &x35, x33, x9, x25 & UINT32_C(0xfffffffe)); fiat_p384_addcarryx_u32(&x36, &x37, x35, x11, x25); fiat_p384_addcarryx_u32(&x38, &x39, x37, x13, x25); fiat_p384_addcarryx_u32(&x40, &x41, x39, x15, x25); @@ -6609,7 +6609,7 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] uint32_t x999; uint32_t x1000; uint32_t x1001; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p384_mulx_u32(&x2, &x3, x1, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x4, &x5, x1, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x6, &x7, x1, UINT32_C(0xffffffff)); @@ -6629,7 +6629,7 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x34, &x35, x33, x7, x4); fiat_p384_addcarryx_u32(&x36, &x37, x35, x5, x2); fiat_p384_addcarryx_u32(&x38, &x39, 0x0, x1, x20); - fiat_p384_addcarryx_u32(&x40, &x41, 0x0, (x39 + x21), (arg1[1])); + fiat_p384_addcarryx_u32(&x40, &x41, 0x0, x39 + x21, arg1[1]); fiat_p384_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); fiat_p384_mulx_u32(&x46, &x47, x40, UINT32_C(0xffffffff)); @@ -6659,9 +6659,9 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x94, &x95, x93, x32, x70); fiat_p384_addcarryx_u32(&x96, &x97, x95, x34, x72); fiat_p384_addcarryx_u32(&x98, &x99, x97, x36, x74); - fiat_p384_addcarryx_u32(&x100, &x101, x99, (x37 + x3), x76); - fiat_p384_addcarryx_u32(&x102, &x103, x101, 0x0, (x77 + x43)); - fiat_p384_addcarryx_u32(&x104, &x105, 0x0, x80, (arg1[2])); + fiat_p384_addcarryx_u32(&x100, &x101, x99, x37 + x3, x76); + fiat_p384_addcarryx_u32(&x102, &x103, x101, 0x0, x77 + x43); + fiat_p384_addcarryx_u32(&x104, &x105, 0x0, x80, arg1[2]); fiat_p384_addcarryx_u32(&x106, &x107, x105, x82, 0x0); fiat_p384_addcarryx_u32(&x108, &x109, x107, x84, 0x0); fiat_p384_addcarryx_u32(&x110, &x111, x109, x86, 0x0); @@ -6703,8 +6703,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x182, &x183, x181, x122, x158); fiat_p384_addcarryx_u32(&x184, &x185, x183, x124, x160); fiat_p384_addcarryx_u32(&x186, &x187, x185, x126, x162); - fiat_p384_addcarryx_u32(&x188, &x189, x187, ((uint32_t)x127 + x103), (x163 + x129)); - fiat_p384_addcarryx_u32(&x190, &x191, 0x0, x166, (arg1[3])); + fiat_p384_addcarryx_u32(&x188, &x189, x187, (uint32_t)x127 + x103, x163 + x129); + fiat_p384_addcarryx_u32(&x190, &x191, 0x0, x166, arg1[3]); fiat_p384_addcarryx_u32(&x192, &x193, x191, x168, 0x0); fiat_p384_addcarryx_u32(&x194, &x195, x193, x170, 0x0); fiat_p384_addcarryx_u32(&x196, &x197, x195, x172, 0x0); @@ -6746,8 +6746,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x268, &x269, x267, x208, x244); fiat_p384_addcarryx_u32(&x270, &x271, x269, x210, x246); fiat_p384_addcarryx_u32(&x272, &x273, x271, x212, x248); - fiat_p384_addcarryx_u32(&x274, &x275, x273, ((uint32_t)x213 + x189), (x249 + x215)); - fiat_p384_addcarryx_u32(&x276, &x277, 0x0, x252, (arg1[4])); + fiat_p384_addcarryx_u32(&x274, &x275, x273, (uint32_t)x213 + x189, x249 + x215); + fiat_p384_addcarryx_u32(&x276, &x277, 0x0, x252, arg1[4]); fiat_p384_addcarryx_u32(&x278, &x279, x277, x254, 0x0); fiat_p384_addcarryx_u32(&x280, &x281, x279, x256, 0x0); fiat_p384_addcarryx_u32(&x282, &x283, x281, x258, 0x0); @@ -6789,8 +6789,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x354, &x355, x353, x294, x330); fiat_p384_addcarryx_u32(&x356, &x357, x355, x296, x332); fiat_p384_addcarryx_u32(&x358, &x359, x357, x298, x334); - fiat_p384_addcarryx_u32(&x360, &x361, x359, ((uint32_t)x299 + x275), (x335 + x301)); - fiat_p384_addcarryx_u32(&x362, &x363, 0x0, x338, (arg1[5])); + fiat_p384_addcarryx_u32(&x360, &x361, x359, (uint32_t)x299 + x275, x335 + x301); + fiat_p384_addcarryx_u32(&x362, &x363, 0x0, x338, arg1[5]); fiat_p384_addcarryx_u32(&x364, &x365, x363, x340, 0x0); fiat_p384_addcarryx_u32(&x366, &x367, x365, x342, 0x0); fiat_p384_addcarryx_u32(&x368, &x369, x367, x344, 0x0); @@ -6832,8 +6832,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x440, &x441, x439, x380, x416); fiat_p384_addcarryx_u32(&x442, &x443, x441, x382, x418); fiat_p384_addcarryx_u32(&x444, &x445, x443, x384, x420); - fiat_p384_addcarryx_u32(&x446, &x447, x445, ((uint32_t)x385 + x361), (x421 + x387)); - fiat_p384_addcarryx_u32(&x448, &x449, 0x0, x424, (arg1[6])); + fiat_p384_addcarryx_u32(&x446, &x447, x445, (uint32_t)x385 + x361, x421 + x387); + fiat_p384_addcarryx_u32(&x448, &x449, 0x0, x424, arg1[6]); fiat_p384_addcarryx_u32(&x450, &x451, x449, x426, 0x0); fiat_p384_addcarryx_u32(&x452, &x453, x451, x428, 0x0); fiat_p384_addcarryx_u32(&x454, &x455, x453, x430, 0x0); @@ -6875,8 +6875,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x526, &x527, x525, x466, x502); fiat_p384_addcarryx_u32(&x528, &x529, x527, x468, x504); fiat_p384_addcarryx_u32(&x530, &x531, x529, x470, x506); - fiat_p384_addcarryx_u32(&x532, &x533, x531, ((uint32_t)x471 + x447), (x507 + x473)); - fiat_p384_addcarryx_u32(&x534, &x535, 0x0, x510, (arg1[7])); + fiat_p384_addcarryx_u32(&x532, &x533, x531, (uint32_t)x471 + x447, x507 + x473); + fiat_p384_addcarryx_u32(&x534, &x535, 0x0, x510, arg1[7]); fiat_p384_addcarryx_u32(&x536, &x537, x535, x512, 0x0); fiat_p384_addcarryx_u32(&x538, &x539, x537, x514, 0x0); fiat_p384_addcarryx_u32(&x540, &x541, x539, x516, 0x0); @@ -6918,8 +6918,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x612, &x613, x611, x552, x588); fiat_p384_addcarryx_u32(&x614, &x615, x613, x554, x590); fiat_p384_addcarryx_u32(&x616, &x617, x615, x556, x592); - fiat_p384_addcarryx_u32(&x618, &x619, x617, ((uint32_t)x557 + x533), (x593 + x559)); - fiat_p384_addcarryx_u32(&x620, &x621, 0x0, x596, (arg1[8])); + fiat_p384_addcarryx_u32(&x618, &x619, x617, (uint32_t)x557 + x533, x593 + x559); + fiat_p384_addcarryx_u32(&x620, &x621, 0x0, x596, arg1[8]); fiat_p384_addcarryx_u32(&x622, &x623, x621, x598, 0x0); fiat_p384_addcarryx_u32(&x624, &x625, x623, x600, 0x0); fiat_p384_addcarryx_u32(&x626, &x627, x625, x602, 0x0); @@ -6961,8 +6961,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x698, &x699, x697, x638, x674); fiat_p384_addcarryx_u32(&x700, &x701, x699, x640, x676); fiat_p384_addcarryx_u32(&x702, &x703, x701, x642, x678); - fiat_p384_addcarryx_u32(&x704, &x705, x703, ((uint32_t)x643 + x619), (x679 + x645)); - fiat_p384_addcarryx_u32(&x706, &x707, 0x0, x682, (arg1[9])); + fiat_p384_addcarryx_u32(&x704, &x705, x703, (uint32_t)x643 + x619, x679 + x645); + fiat_p384_addcarryx_u32(&x706, &x707, 0x0, x682, arg1[9]); fiat_p384_addcarryx_u32(&x708, &x709, x707, x684, 0x0); fiat_p384_addcarryx_u32(&x710, &x711, x709, x686, 0x0); fiat_p384_addcarryx_u32(&x712, &x713, x711, x688, 0x0); @@ -7004,8 +7004,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x784, &x785, x783, x724, x760); fiat_p384_addcarryx_u32(&x786, &x787, x785, x726, x762); fiat_p384_addcarryx_u32(&x788, &x789, x787, x728, x764); - fiat_p384_addcarryx_u32(&x790, &x791, x789, ((uint32_t)x729 + x705), (x765 + x731)); - fiat_p384_addcarryx_u32(&x792, &x793, 0x0, x768, (arg1[10])); + fiat_p384_addcarryx_u32(&x790, &x791, x789, (uint32_t)x729 + x705, x765 + x731); + fiat_p384_addcarryx_u32(&x792, &x793, 0x0, x768, arg1[10]); fiat_p384_addcarryx_u32(&x794, &x795, x793, x770, 0x0); fiat_p384_addcarryx_u32(&x796, &x797, x795, x772, 0x0); fiat_p384_addcarryx_u32(&x798, &x799, x797, x774, 0x0); @@ -7047,8 +7047,8 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x870, &x871, x869, x810, x846); fiat_p384_addcarryx_u32(&x872, &x873, x871, x812, x848); fiat_p384_addcarryx_u32(&x874, &x875, x873, x814, x850); - fiat_p384_addcarryx_u32(&x876, &x877, x875, ((uint32_t)x815 + x791), (x851 + x817)); - fiat_p384_addcarryx_u32(&x878, &x879, 0x0, x854, (arg1[11])); + fiat_p384_addcarryx_u32(&x876, &x877, x875, (uint32_t)x815 + x791, x851 + x817); + fiat_p384_addcarryx_u32(&x878, &x879, 0x0, x854, arg1[11]); fiat_p384_addcarryx_u32(&x880, &x881, x879, x856, 0x0); fiat_p384_addcarryx_u32(&x882, &x883, x881, x858, 0x0); fiat_p384_addcarryx_u32(&x884, &x885, x883, x860, 0x0); @@ -7090,7 +7090,7 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_addcarryx_u32(&x956, &x957, x955, x896, x932); fiat_p384_addcarryx_u32(&x958, &x959, x957, x898, x934); fiat_p384_addcarryx_u32(&x960, &x961, x959, x900, x936); - fiat_p384_addcarryx_u32(&x962, &x963, x961, ((uint32_t)x901 + x877), (x937 + x903)); + fiat_p384_addcarryx_u32(&x962, &x963, x961, (uint32_t)x901 + x877, x937 + x903); fiat_p384_subborrowx_u32(&x964, &x965, 0x0, x940, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x966, &x967, x965, x942, 0x0); fiat_p384_subborrowx_u32(&x968, &x969, x967, x944, 0x0); @@ -8321,18 +8321,18 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) uint32_t x1174; uint32_t x1175; uint32_t x1176; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[8]); - x9 = (arg1[9]); - x10 = (arg1[10]); - x11 = (arg1[11]); - x12 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[8]; + x9 = arg1[9]; + x10 = arg1[10]; + x11 = arg1[11]; + x12 = arg1[0]; fiat_p384_mulx_u32(&x13, &x14, x12, 0x2); fiat_p384_mulx_u32(&x15, &x16, x12, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x17, &x18, x12, 0x2); @@ -8367,14 +8367,14 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x75, &x76, x74, x22, x53); fiat_p384_addcarryx_u32(&x77, &x78, x76, 0x0, x55); fiat_p384_addcarryx_u32(&x79, &x80, x78, 0x0, x57); - fiat_p384_addcarryx_u32(&x81, &x82, x80, 0x0, (x58 + x24)); + fiat_p384_addcarryx_u32(&x81, &x82, x80, 0x0, x58 + x24); fiat_p384_mulx_u32(&x83, &x84, x1, 0x2); fiat_p384_mulx_u32(&x85, &x86, x1, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x87, &x88, x1, 0x2); fiat_p384_mulx_u32(&x89, &x90, x1, UINT32_C(0xfffffffe)); fiat_p384_addcarryx_u32(&x91, &x92, 0x0, (fiat_p384_uint1)x84, x1); fiat_p384_addcarryx_u32(&x93, &x94, 0x0, x61, x1); - fiat_p384_addcarryx_u32(&x95, &x96, x94, (x62 + x20), x89); + fiat_p384_addcarryx_u32(&x95, &x96, x94, x62 + x20, x89); fiat_p384_addcarryx_u32(&x97, &x98, x96, x63, x90); fiat_p384_addcarryx_u32(&x99, &x100, x98, x65, x87); fiat_p384_addcarryx_u32(&x101, &x102, x100, x67, (fiat_p384_uint1)x88); @@ -8415,7 +8415,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x171, &x172, x170, x111, x147); fiat_p384_addcarryx_u32(&x173, &x174, x172, x113, x149); fiat_p384_addcarryx_u32(&x175, &x176, x174, x115, x151); - fiat_p384_addcarryx_u32(&x177, &x178, x176, ((uint32_t)x116 + x82), (x152 + x118)); + fiat_p384_addcarryx_u32(&x177, &x178, x176, (uint32_t)x116 + x82, x152 + x118); fiat_p384_mulx_u32(&x179, &x180, x2, 0x2); fiat_p384_mulx_u32(&x181, &x182, x2, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x183, &x184, x2, 0x2); @@ -8463,7 +8463,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x267, &x268, x266, x207, x243); fiat_p384_addcarryx_u32(&x269, &x270, x268, x209, x245); fiat_p384_addcarryx_u32(&x271, &x272, x270, x211, x247); - fiat_p384_addcarryx_u32(&x273, &x274, x272, ((uint32_t)x212 + x178), (x248 + x214)); + fiat_p384_addcarryx_u32(&x273, &x274, x272, (uint32_t)x212 + x178, x248 + x214); fiat_p384_mulx_u32(&x275, &x276, x3, 0x2); fiat_p384_mulx_u32(&x277, &x278, x3, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x279, &x280, x3, 0x2); @@ -8511,7 +8511,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x363, &x364, x362, x303, x339); fiat_p384_addcarryx_u32(&x365, &x366, x364, x305, x341); fiat_p384_addcarryx_u32(&x367, &x368, x366, x307, x343); - fiat_p384_addcarryx_u32(&x369, &x370, x368, ((uint32_t)x308 + x274), (x344 + x310)); + fiat_p384_addcarryx_u32(&x369, &x370, x368, (uint32_t)x308 + x274, x344 + x310); fiat_p384_mulx_u32(&x371, &x372, x4, 0x2); fiat_p384_mulx_u32(&x373, &x374, x4, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x375, &x376, x4, 0x2); @@ -8559,7 +8559,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x459, &x460, x458, x399, x435); fiat_p384_addcarryx_u32(&x461, &x462, x460, x401, x437); fiat_p384_addcarryx_u32(&x463, &x464, x462, x403, x439); - fiat_p384_addcarryx_u32(&x465, &x466, x464, ((uint32_t)x404 + x370), (x440 + x406)); + fiat_p384_addcarryx_u32(&x465, &x466, x464, (uint32_t)x404 + x370, x440 + x406); fiat_p384_mulx_u32(&x467, &x468, x5, 0x2); fiat_p384_mulx_u32(&x469, &x470, x5, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x471, &x472, x5, 0x2); @@ -8607,7 +8607,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x555, &x556, x554, x495, x531); fiat_p384_addcarryx_u32(&x557, &x558, x556, x497, x533); fiat_p384_addcarryx_u32(&x559, &x560, x558, x499, x535); - fiat_p384_addcarryx_u32(&x561, &x562, x560, ((uint32_t)x500 + x466), (x536 + x502)); + fiat_p384_addcarryx_u32(&x561, &x562, x560, (uint32_t)x500 + x466, x536 + x502); fiat_p384_mulx_u32(&x563, &x564, x6, 0x2); fiat_p384_mulx_u32(&x565, &x566, x6, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x567, &x568, x6, 0x2); @@ -8655,7 +8655,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x651, &x652, x650, x591, x627); fiat_p384_addcarryx_u32(&x653, &x654, x652, x593, x629); fiat_p384_addcarryx_u32(&x655, &x656, x654, x595, x631); - fiat_p384_addcarryx_u32(&x657, &x658, x656, ((uint32_t)x596 + x562), (x632 + x598)); + fiat_p384_addcarryx_u32(&x657, &x658, x656, (uint32_t)x596 + x562, x632 + x598); fiat_p384_mulx_u32(&x659, &x660, x7, 0x2); fiat_p384_mulx_u32(&x661, &x662, x7, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x663, &x664, x7, 0x2); @@ -8703,7 +8703,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x747, &x748, x746, x687, x723); fiat_p384_addcarryx_u32(&x749, &x750, x748, x689, x725); fiat_p384_addcarryx_u32(&x751, &x752, x750, x691, x727); - fiat_p384_addcarryx_u32(&x753, &x754, x752, ((uint32_t)x692 + x658), (x728 + x694)); + fiat_p384_addcarryx_u32(&x753, &x754, x752, (uint32_t)x692 + x658, x728 + x694); fiat_p384_mulx_u32(&x755, &x756, x8, 0x2); fiat_p384_mulx_u32(&x757, &x758, x8, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x759, &x760, x8, 0x2); @@ -8751,7 +8751,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x843, &x844, x842, x783, x819); fiat_p384_addcarryx_u32(&x845, &x846, x844, x785, x821); fiat_p384_addcarryx_u32(&x847, &x848, x846, x787, x823); - fiat_p384_addcarryx_u32(&x849, &x850, x848, ((uint32_t)x788 + x754), (x824 + x790)); + fiat_p384_addcarryx_u32(&x849, &x850, x848, (uint32_t)x788 + x754, x824 + x790); fiat_p384_mulx_u32(&x851, &x852, x9, 0x2); fiat_p384_mulx_u32(&x853, &x854, x9, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x855, &x856, x9, 0x2); @@ -8799,7 +8799,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x939, &x940, x938, x879, x915); fiat_p384_addcarryx_u32(&x941, &x942, x940, x881, x917); fiat_p384_addcarryx_u32(&x943, &x944, x942, x883, x919); - fiat_p384_addcarryx_u32(&x945, &x946, x944, ((uint32_t)x884 + x850), (x920 + x886)); + fiat_p384_addcarryx_u32(&x945, &x946, x944, (uint32_t)x884 + x850, x920 + x886); fiat_p384_mulx_u32(&x947, &x948, x10, 0x2); fiat_p384_mulx_u32(&x949, &x950, x10, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x951, &x952, x10, 0x2); @@ -8847,7 +8847,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x1035, &x1036, x1034, x975, x1011); fiat_p384_addcarryx_u32(&x1037, &x1038, x1036, x977, x1013); fiat_p384_addcarryx_u32(&x1039, &x1040, x1038, x979, x1015); - fiat_p384_addcarryx_u32(&x1041, &x1042, x1040, ((uint32_t)x980 + x946), (x1016 + x982)); + fiat_p384_addcarryx_u32(&x1041, &x1042, x1040, (uint32_t)x980 + x946, x1016 + x982); fiat_p384_mulx_u32(&x1043, &x1044, x11, 0x2); fiat_p384_mulx_u32(&x1045, &x1046, x11, UINT32_C(0xfffffffe)); fiat_p384_mulx_u32(&x1047, &x1048, x11, 0x2); @@ -8895,7 +8895,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) fiat_p384_addcarryx_u32(&x1131, &x1132, x1130, x1071, x1107); fiat_p384_addcarryx_u32(&x1133, &x1134, x1132, x1073, x1109); fiat_p384_addcarryx_u32(&x1135, &x1136, x1134, x1075, x1111); - fiat_p384_addcarryx_u32(&x1137, &x1138, x1136, ((uint32_t)x1076 + x1042), (x1112 + x1078)); + fiat_p384_addcarryx_u32(&x1137, &x1138, x1136, (uint32_t)x1076 + x1042, x1112 + x1078); fiat_p384_subborrowx_u32(&x1139, &x1140, 0x0, x1115, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x1141, &x1142, x1140, x1117, 0x0); fiat_p384_subborrowx_u32(&x1143, &x1144, x1142, x1119, 0x0); @@ -8950,7 +8950,7 @@ static void fiat_p384_to_montgomery(uint32_t out1[12], const uint32_t arg1[12]) */ static void fiat_p384_nonzero(uint32_t* out1, const uint32_t arg1[12]) { uint32_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | ((arg1[7]) | ((arg1[8]) | ((arg1[9]) | ((arg1[10]) | (arg1[11])))))))))))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | (arg1[3] | (arg1[4] | (arg1[5] | (arg1[6] | (arg1[7] | (arg1[8] | (arg1[9] | (arg1[10] | arg1[11])))))))))); *out1 = x1; } @@ -8980,18 +8980,18 @@ static void fiat_p384_selectznz(uint32_t out1[12], fiat_p384_uint1 arg1, const u uint32_t x10; uint32_t x11; uint32_t x12; - fiat_p384_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p384_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p384_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p384_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p384_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p384_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p384_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_p384_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); - fiat_p384_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); - fiat_p384_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); - fiat_p384_cmovznz_u32(&x11, arg1, (arg2[10]), (arg3[10])); - fiat_p384_cmovznz_u32(&x12, arg1, (arg2[11]), (arg3[11])); + fiat_p384_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_p384_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_p384_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_p384_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_p384_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); + fiat_p384_cmovznz_u32(&x6, arg1, arg2[5], arg3[5]); + fiat_p384_cmovznz_u32(&x7, arg1, arg2[6], arg3[6]); + fiat_p384_cmovznz_u32(&x8, arg1, arg2[7], arg3[7]); + fiat_p384_cmovznz_u32(&x9, arg1, arg2[8], arg3[8]); + fiat_p384_cmovznz_u32(&x10, arg1, arg2[9], arg3[9]); + fiat_p384_cmovznz_u32(&x11, arg1, arg2[10], arg3[10]); + fiat_p384_cmovznz_u32(&x12, arg1, arg2[11], arg3[11]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -9104,88 +9104,88 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint32_t arg1[12]) { uint32_t x82; uint8_t x83; uint8_t x84; - x1 = (arg1[11]); - x2 = (arg1[10]); - x3 = (arg1[9]); - x4 = (arg1[8]); - x5 = (arg1[7]); - x6 = (arg1[6]); - x7 = (arg1[5]); - x8 = (arg1[4]); - x9 = (arg1[3]); - x10 = (arg1[2]); - x11 = (arg1[1]); - x12 = (arg1[0]); + x1 = arg1[11]; + x2 = arg1[10]; + x3 = arg1[9]; + x4 = arg1[8]; + x5 = arg1[7]; + x6 = arg1[6]; + x7 = arg1[5]; + x8 = arg1[4]; + x9 = arg1[3]; + x10 = arg1[2]; + x11 = arg1[1]; + x12 = arg1[0]; x13 = (uint8_t)(x12 & UINT8_C(0xff)); - x14 = (x12 >> 8); + x14 = x12 >> 8; x15 = (uint8_t)(x14 & UINT8_C(0xff)); - x16 = (x14 >> 8); + x16 = x14 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); x18 = (uint8_t)(x16 >> 8); x19 = (uint8_t)(x11 & UINT8_C(0xff)); - x20 = (x11 >> 8); + x20 = x11 >> 8; x21 = (uint8_t)(x20 & UINT8_C(0xff)); - x22 = (x20 >> 8); + x22 = x20 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); x24 = (uint8_t)(x22 >> 8); x25 = (uint8_t)(x10 & UINT8_C(0xff)); - x26 = (x10 >> 8); + x26 = x10 >> 8; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); x30 = (uint8_t)(x28 >> 8); x31 = (uint8_t)(x9 & UINT8_C(0xff)); - x32 = (x9 >> 8); + x32 = x9 >> 8; x33 = (uint8_t)(x32 & UINT8_C(0xff)); - x34 = (x32 >> 8); + x34 = x32 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); x36 = (uint8_t)(x34 >> 8); x37 = (uint8_t)(x8 & UINT8_C(0xff)); - x38 = (x8 >> 8); + x38 = x8 >> 8; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); x42 = (uint8_t)(x40 >> 8); x43 = (uint8_t)(x7 & UINT8_C(0xff)); - x44 = (x7 >> 8); + x44 = x7 >> 8; x45 = (uint8_t)(x44 & UINT8_C(0xff)); - x46 = (x44 >> 8); + x46 = x44 >> 8; x47 = (uint8_t)(x46 & UINT8_C(0xff)); x48 = (uint8_t)(x46 >> 8); x49 = (uint8_t)(x6 & UINT8_C(0xff)); - x50 = (x6 >> 8); + x50 = x6 >> 8; x51 = (uint8_t)(x50 & UINT8_C(0xff)); - x52 = (x50 >> 8); + x52 = x50 >> 8; x53 = (uint8_t)(x52 & UINT8_C(0xff)); x54 = (uint8_t)(x52 >> 8); x55 = (uint8_t)(x5 & UINT8_C(0xff)); - x56 = (x5 >> 8); + x56 = x5 >> 8; x57 = (uint8_t)(x56 & UINT8_C(0xff)); - x58 = (x56 >> 8); + x58 = x56 >> 8; x59 = (uint8_t)(x58 & UINT8_C(0xff)); x60 = (uint8_t)(x58 >> 8); x61 = (uint8_t)(x4 & UINT8_C(0xff)); - x62 = (x4 >> 8); + x62 = x4 >> 8; x63 = (uint8_t)(x62 & UINT8_C(0xff)); - x64 = (x62 >> 8); + x64 = x62 >> 8; x65 = (uint8_t)(x64 & UINT8_C(0xff)); x66 = (uint8_t)(x64 >> 8); x67 = (uint8_t)(x3 & UINT8_C(0xff)); - x68 = (x3 >> 8); + x68 = x3 >> 8; x69 = (uint8_t)(x68 & UINT8_C(0xff)); - x70 = (x68 >> 8); + x70 = x68 >> 8; x71 = (uint8_t)(x70 & UINT8_C(0xff)); x72 = (uint8_t)(x70 >> 8); x73 = (uint8_t)(x2 & UINT8_C(0xff)); - x74 = (x2 >> 8); + x74 = x2 >> 8; x75 = (uint8_t)(x74 & UINT8_C(0xff)); - x76 = (x74 >> 8); + x76 = x74 >> 8; x77 = (uint8_t)(x76 & UINT8_C(0xff)); x78 = (uint8_t)(x76 >> 8); x79 = (uint8_t)(x1 & UINT8_C(0xff)); - x80 = (x1 >> 8); + x80 = x1 >> 8; x81 = (uint8_t)(x80 & UINT8_C(0xff)); - x82 = (x80 >> 8); + x82 = x80 >> 8; x83 = (uint8_t)(x82 & UINT8_C(0xff)); x84 = (uint8_t)(x82 >> 8); out1[0] = x13; @@ -9337,90 +9337,90 @@ static void fiat_p384_from_bytes(uint32_t out1[12], const uint8_t arg1[48]) { uint32_t x82; uint32_t x83; uint32_t x84; - x1 = ((uint32_t)(arg1[47]) << 24); - x2 = ((uint32_t)(arg1[46]) << 16); - x3 = ((uint32_t)(arg1[45]) << 8); - x4 = (arg1[44]); - x5 = ((uint32_t)(arg1[43]) << 24); - x6 = ((uint32_t)(arg1[42]) << 16); - x7 = ((uint32_t)(arg1[41]) << 8); - x8 = (arg1[40]); - x9 = ((uint32_t)(arg1[39]) << 24); - x10 = ((uint32_t)(arg1[38]) << 16); - x11 = ((uint32_t)(arg1[37]) << 8); - x12 = (arg1[36]); - x13 = ((uint32_t)(arg1[35]) << 24); - x14 = ((uint32_t)(arg1[34]) << 16); - x15 = ((uint32_t)(arg1[33]) << 8); - x16 = (arg1[32]); - x17 = ((uint32_t)(arg1[31]) << 24); - x18 = ((uint32_t)(arg1[30]) << 16); - x19 = ((uint32_t)(arg1[29]) << 8); - x20 = (arg1[28]); - x21 = ((uint32_t)(arg1[27]) << 24); - x22 = ((uint32_t)(arg1[26]) << 16); - x23 = ((uint32_t)(arg1[25]) << 8); - x24 = (arg1[24]); - x25 = ((uint32_t)(arg1[23]) << 24); - x26 = ((uint32_t)(arg1[22]) << 16); - x27 = ((uint32_t)(arg1[21]) << 8); - x28 = (arg1[20]); - x29 = ((uint32_t)(arg1[19]) << 24); - x30 = ((uint32_t)(arg1[18]) << 16); - x31 = ((uint32_t)(arg1[17]) << 8); - x32 = (arg1[16]); - x33 = ((uint32_t)(arg1[15]) << 24); - x34 = ((uint32_t)(arg1[14]) << 16); - x35 = ((uint32_t)(arg1[13]) << 8); - x36 = (arg1[12]); - x37 = ((uint32_t)(arg1[11]) << 24); - x38 = ((uint32_t)(arg1[10]) << 16); - x39 = ((uint32_t)(arg1[9]) << 8); - x40 = (arg1[8]); - x41 = ((uint32_t)(arg1[7]) << 24); - x42 = ((uint32_t)(arg1[6]) << 16); - x43 = ((uint32_t)(arg1[5]) << 8); - x44 = (arg1[4]); - x45 = ((uint32_t)(arg1[3]) << 24); - x46 = ((uint32_t)(arg1[2]) << 16); - x47 = ((uint32_t)(arg1[1]) << 8); - x48 = (arg1[0]); - x49 = (x47 + (uint32_t)x48); - x50 = (x46 + x49); - x51 = (x45 + x50); - x52 = (x43 + (uint32_t)x44); - x53 = (x42 + x52); - x54 = (x41 + x53); - x55 = (x39 + (uint32_t)x40); - x56 = (x38 + x55); - x57 = (x37 + x56); - x58 = (x35 + (uint32_t)x36); - x59 = (x34 + x58); - x60 = (x33 + x59); - x61 = (x31 + (uint32_t)x32); - x62 = (x30 + x61); - x63 = (x29 + x62); - x64 = (x27 + (uint32_t)x28); - x65 = (x26 + x64); - x66 = (x25 + x65); - x67 = (x23 + (uint32_t)x24); - x68 = (x22 + x67); - x69 = (x21 + x68); - x70 = (x19 + (uint32_t)x20); - x71 = (x18 + x70); - x72 = (x17 + x71); - x73 = (x15 + (uint32_t)x16); - x74 = (x14 + x73); - x75 = (x13 + x74); - x76 = (x11 + (uint32_t)x12); - x77 = (x10 + x76); - x78 = (x9 + x77); - x79 = (x7 + (uint32_t)x8); - x80 = (x6 + x79); - x81 = (x5 + x80); - x82 = (x3 + (uint32_t)x4); - x83 = (x2 + x82); - x84 = (x1 + x83); + x1 = (uint32_t)arg1[47] << 24; + x2 = (uint32_t)arg1[46] << 16; + x3 = (uint32_t)arg1[45] << 8; + x4 = arg1[44]; + x5 = (uint32_t)arg1[43] << 24; + x6 = (uint32_t)arg1[42] << 16; + x7 = (uint32_t)arg1[41] << 8; + x8 = arg1[40]; + x9 = (uint32_t)arg1[39] << 24; + x10 = (uint32_t)arg1[38] << 16; + x11 = (uint32_t)arg1[37] << 8; + x12 = arg1[36]; + x13 = (uint32_t)arg1[35] << 24; + x14 = (uint32_t)arg1[34] << 16; + x15 = (uint32_t)arg1[33] << 8; + x16 = arg1[32]; + x17 = (uint32_t)arg1[31] << 24; + x18 = (uint32_t)arg1[30] << 16; + x19 = (uint32_t)arg1[29] << 8; + x20 = arg1[28]; + x21 = (uint32_t)arg1[27] << 24; + x22 = (uint32_t)arg1[26] << 16; + x23 = (uint32_t)arg1[25] << 8; + x24 = arg1[24]; + x25 = (uint32_t)arg1[23] << 24; + x26 = (uint32_t)arg1[22] << 16; + x27 = (uint32_t)arg1[21] << 8; + x28 = arg1[20]; + x29 = (uint32_t)arg1[19] << 24; + x30 = (uint32_t)arg1[18] << 16; + x31 = (uint32_t)arg1[17] << 8; + x32 = arg1[16]; + x33 = (uint32_t)arg1[15] << 24; + x34 = (uint32_t)arg1[14] << 16; + x35 = (uint32_t)arg1[13] << 8; + x36 = arg1[12]; + x37 = (uint32_t)arg1[11] << 24; + x38 = (uint32_t)arg1[10] << 16; + x39 = (uint32_t)arg1[9] << 8; + x40 = arg1[8]; + x41 = (uint32_t)arg1[7] << 24; + x42 = (uint32_t)arg1[6] << 16; + x43 = (uint32_t)arg1[5] << 8; + x44 = arg1[4]; + x45 = (uint32_t)arg1[3] << 24; + x46 = (uint32_t)arg1[2] << 16; + x47 = (uint32_t)arg1[1] << 8; + x48 = arg1[0]; + x49 = x47 + (uint32_t)x48; + x50 = x46 + x49; + x51 = x45 + x50; + x52 = x43 + (uint32_t)x44; + x53 = x42 + x52; + x54 = x41 + x53; + x55 = x39 + (uint32_t)x40; + x56 = x38 + x55; + x57 = x37 + x56; + x58 = x35 + (uint32_t)x36; + x59 = x34 + x58; + x60 = x33 + x59; + x61 = x31 + (uint32_t)x32; + x62 = x30 + x61; + x63 = x29 + x62; + x64 = x27 + (uint32_t)x28; + x65 = x26 + x64; + x66 = x25 + x65; + x67 = x23 + (uint32_t)x24; + x68 = x22 + x67; + x69 = x21 + x68; + x70 = x19 + (uint32_t)x20; + x71 = x18 + x70; + x72 = x17 + x71; + x73 = x15 + (uint32_t)x16; + x74 = x14 + x73; + x75 = x13 + x74; + x76 = x11 + (uint32_t)x12; + x77 = x10 + x76; + x78 = x9 + x77; + x79 = x7 + (uint32_t)x8; + x80 = x6 + x79; + x81 = x5 + x80; + x82 = x3 + (uint32_t)x4; + x83 = x2 + x82; + x84 = x1 + x83; out1[0] = x51; out1[1] = x54; out1[2] = x57; @@ -9853,61 +9853,61 @@ static void fiat_p384_divstep(uint32_t* out1, uint32_t out2[13], uint32_t out3[1 uint32_t x332; uint32_t x333; uint32_t x334; - fiat_p384_addcarryx_u32(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p384_uint1)((fiat_p384_uint1)(x1 >> 31) & (fiat_p384_uint1)((arg3[0]) & 0x1)); - fiat_p384_addcarryx_u32(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p384_addcarryx_u32(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p384_uint1)((fiat_p384_uint1)(x1 >> 31) & (fiat_p384_uint1)(arg3[0] & 0x1)); + fiat_p384_addcarryx_u32(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p384_cmovznz_u32(&x6, x3, arg1, x4); - fiat_p384_cmovznz_u32(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p384_cmovznz_u32(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p384_cmovznz_u32(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p384_cmovznz_u32(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p384_cmovznz_u32(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p384_cmovznz_u32(&x12, x3, (arg2[5]), (arg3[5])); - fiat_p384_cmovznz_u32(&x13, x3, (arg2[6]), (arg3[6])); - fiat_p384_cmovznz_u32(&x14, x3, (arg2[7]), (arg3[7])); - fiat_p384_cmovznz_u32(&x15, x3, (arg2[8]), (arg3[8])); - fiat_p384_cmovznz_u32(&x16, x3, (arg2[9]), (arg3[9])); - fiat_p384_cmovznz_u32(&x17, x3, (arg2[10]), (arg3[10])); - fiat_p384_cmovznz_u32(&x18, x3, (arg2[11]), (arg3[11])); - fiat_p384_cmovznz_u32(&x19, x3, (arg2[12]), (arg3[12])); - fiat_p384_addcarryx_u32(&x20, &x21, 0x0, 0x1, (~(arg2[0]))); - fiat_p384_addcarryx_u32(&x22, &x23, x21, 0x0, (~(arg2[1]))); - fiat_p384_addcarryx_u32(&x24, &x25, x23, 0x0, (~(arg2[2]))); - fiat_p384_addcarryx_u32(&x26, &x27, x25, 0x0, (~(arg2[3]))); - fiat_p384_addcarryx_u32(&x28, &x29, x27, 0x0, (~(arg2[4]))); - fiat_p384_addcarryx_u32(&x30, &x31, x29, 0x0, (~(arg2[5]))); - fiat_p384_addcarryx_u32(&x32, &x33, x31, 0x0, (~(arg2[6]))); - fiat_p384_addcarryx_u32(&x34, &x35, x33, 0x0, (~(arg2[7]))); - fiat_p384_addcarryx_u32(&x36, &x37, x35, 0x0, (~(arg2[8]))); - fiat_p384_addcarryx_u32(&x38, &x39, x37, 0x0, (~(arg2[9]))); - fiat_p384_addcarryx_u32(&x40, &x41, x39, 0x0, (~(arg2[10]))); - fiat_p384_addcarryx_u32(&x42, &x43, x41, 0x0, (~(arg2[11]))); - fiat_p384_addcarryx_u32(&x44, &x45, x43, 0x0, (~(arg2[12]))); - fiat_p384_cmovznz_u32(&x46, x3, (arg3[0]), x20); - fiat_p384_cmovznz_u32(&x47, x3, (arg3[1]), x22); - fiat_p384_cmovznz_u32(&x48, x3, (arg3[2]), x24); - fiat_p384_cmovznz_u32(&x49, x3, (arg3[3]), x26); - fiat_p384_cmovznz_u32(&x50, x3, (arg3[4]), x28); - fiat_p384_cmovznz_u32(&x51, x3, (arg3[5]), x30); - fiat_p384_cmovznz_u32(&x52, x3, (arg3[6]), x32); - fiat_p384_cmovznz_u32(&x53, x3, (arg3[7]), x34); - fiat_p384_cmovznz_u32(&x54, x3, (arg3[8]), x36); - fiat_p384_cmovznz_u32(&x55, x3, (arg3[9]), x38); - fiat_p384_cmovznz_u32(&x56, x3, (arg3[10]), x40); - fiat_p384_cmovznz_u32(&x57, x3, (arg3[11]), x42); - fiat_p384_cmovznz_u32(&x58, x3, (arg3[12]), x44); - fiat_p384_cmovznz_u32(&x59, x3, (arg4[0]), (arg5[0])); - fiat_p384_cmovznz_u32(&x60, x3, (arg4[1]), (arg5[1])); - fiat_p384_cmovznz_u32(&x61, x3, (arg4[2]), (arg5[2])); - fiat_p384_cmovznz_u32(&x62, x3, (arg4[3]), (arg5[3])); - fiat_p384_cmovznz_u32(&x63, x3, (arg4[4]), (arg5[4])); - fiat_p384_cmovznz_u32(&x64, x3, (arg4[5]), (arg5[5])); - fiat_p384_cmovznz_u32(&x65, x3, (arg4[6]), (arg5[6])); - fiat_p384_cmovznz_u32(&x66, x3, (arg4[7]), (arg5[7])); - fiat_p384_cmovznz_u32(&x67, x3, (arg4[8]), (arg5[8])); - fiat_p384_cmovznz_u32(&x68, x3, (arg4[9]), (arg5[9])); - fiat_p384_cmovznz_u32(&x69, x3, (arg4[10]), (arg5[10])); - fiat_p384_cmovznz_u32(&x70, x3, (arg4[11]), (arg5[11])); + fiat_p384_cmovznz_u32(&x7, x3, arg2[0], arg3[0]); + fiat_p384_cmovznz_u32(&x8, x3, arg2[1], arg3[1]); + fiat_p384_cmovznz_u32(&x9, x3, arg2[2], arg3[2]); + fiat_p384_cmovznz_u32(&x10, x3, arg2[3], arg3[3]); + fiat_p384_cmovznz_u32(&x11, x3, arg2[4], arg3[4]); + fiat_p384_cmovznz_u32(&x12, x3, arg2[5], arg3[5]); + fiat_p384_cmovznz_u32(&x13, x3, arg2[6], arg3[6]); + fiat_p384_cmovznz_u32(&x14, x3, arg2[7], arg3[7]); + fiat_p384_cmovznz_u32(&x15, x3, arg2[8], arg3[8]); + fiat_p384_cmovznz_u32(&x16, x3, arg2[9], arg3[9]); + fiat_p384_cmovznz_u32(&x17, x3, arg2[10], arg3[10]); + fiat_p384_cmovznz_u32(&x18, x3, arg2[11], arg3[11]); + fiat_p384_cmovznz_u32(&x19, x3, arg2[12], arg3[12]); + fiat_p384_addcarryx_u32(&x20, &x21, 0x0, 0x1, ~arg2[0]); + fiat_p384_addcarryx_u32(&x22, &x23, x21, 0x0, ~arg2[1]); + fiat_p384_addcarryx_u32(&x24, &x25, x23, 0x0, ~arg2[2]); + fiat_p384_addcarryx_u32(&x26, &x27, x25, 0x0, ~arg2[3]); + fiat_p384_addcarryx_u32(&x28, &x29, x27, 0x0, ~arg2[4]); + fiat_p384_addcarryx_u32(&x30, &x31, x29, 0x0, ~arg2[5]); + fiat_p384_addcarryx_u32(&x32, &x33, x31, 0x0, ~arg2[6]); + fiat_p384_addcarryx_u32(&x34, &x35, x33, 0x0, ~arg2[7]); + fiat_p384_addcarryx_u32(&x36, &x37, x35, 0x0, ~arg2[8]); + fiat_p384_addcarryx_u32(&x38, &x39, x37, 0x0, ~arg2[9]); + fiat_p384_addcarryx_u32(&x40, &x41, x39, 0x0, ~arg2[10]); + fiat_p384_addcarryx_u32(&x42, &x43, x41, 0x0, ~arg2[11]); + fiat_p384_addcarryx_u32(&x44, &x45, x43, 0x0, ~arg2[12]); + fiat_p384_cmovznz_u32(&x46, x3, arg3[0], x20); + fiat_p384_cmovznz_u32(&x47, x3, arg3[1], x22); + fiat_p384_cmovznz_u32(&x48, x3, arg3[2], x24); + fiat_p384_cmovznz_u32(&x49, x3, arg3[3], x26); + fiat_p384_cmovznz_u32(&x50, x3, arg3[4], x28); + fiat_p384_cmovznz_u32(&x51, x3, arg3[5], x30); + fiat_p384_cmovznz_u32(&x52, x3, arg3[6], x32); + fiat_p384_cmovznz_u32(&x53, x3, arg3[7], x34); + fiat_p384_cmovznz_u32(&x54, x3, arg3[8], x36); + fiat_p384_cmovznz_u32(&x55, x3, arg3[9], x38); + fiat_p384_cmovznz_u32(&x56, x3, arg3[10], x40); + fiat_p384_cmovznz_u32(&x57, x3, arg3[11], x42); + fiat_p384_cmovznz_u32(&x58, x3, arg3[12], x44); + fiat_p384_cmovznz_u32(&x59, x3, arg4[0], arg5[0]); + fiat_p384_cmovznz_u32(&x60, x3, arg4[1], arg5[1]); + fiat_p384_cmovznz_u32(&x61, x3, arg4[2], arg5[2]); + fiat_p384_cmovznz_u32(&x62, x3, arg4[3], arg5[3]); + fiat_p384_cmovznz_u32(&x63, x3, arg4[4], arg5[4]); + fiat_p384_cmovznz_u32(&x64, x3, arg4[5], arg5[5]); + fiat_p384_cmovznz_u32(&x65, x3, arg4[6], arg5[6]); + fiat_p384_cmovznz_u32(&x66, x3, arg4[7], arg5[7]); + fiat_p384_cmovznz_u32(&x67, x3, arg4[8], arg5[8]); + fiat_p384_cmovznz_u32(&x68, x3, arg4[9], arg5[9]); + fiat_p384_cmovznz_u32(&x69, x3, arg4[10], arg5[10]); + fiat_p384_cmovznz_u32(&x70, x3, arg4[11], arg5[11]); fiat_p384_addcarryx_u32(&x71, &x72, 0x0, x59, x59); fiat_p384_addcarryx_u32(&x73, &x74, x72, x60, x60); fiat_p384_addcarryx_u32(&x75, &x76, x74, x61, x61); @@ -9933,18 +9933,18 @@ static void fiat_p384_divstep(uint32_t* out1, uint32_t out2[13], uint32_t out3[1 fiat_p384_subborrowx_u32(&x115, &x116, x114, x91, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x117, &x118, x116, x93, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x119, &x120, x118, x94, 0x0); - x121 = (arg4[11]); - x122 = (arg4[10]); - x123 = (arg4[9]); - x124 = (arg4[8]); - x125 = (arg4[7]); - x126 = (arg4[6]); - x127 = (arg4[5]); - x128 = (arg4[4]); - x129 = (arg4[3]); - x130 = (arg4[2]); - x131 = (arg4[1]); - x132 = (arg4[0]); + x121 = arg4[11]; + x122 = arg4[10]; + x123 = arg4[9]; + x124 = arg4[8]; + x125 = arg4[7]; + x126 = arg4[6]; + x127 = arg4[5]; + x128 = arg4[4]; + x129 = arg4[3]; + x130 = arg4[2]; + x131 = arg4[1]; + x132 = arg4[0]; fiat_p384_subborrowx_u32(&x133, &x134, 0x0, 0x0, x132); fiat_p384_subborrowx_u32(&x135, &x136, x134, 0x0, x131); fiat_p384_subborrowx_u32(&x137, &x138, x136, 0x0, x130); @@ -9962,7 +9962,7 @@ static void fiat_p384_divstep(uint32_t* out1, uint32_t out2[13], uint32_t out3[1 fiat_p384_addcarryx_u32(&x160, &x161, x159, x135, 0x0); fiat_p384_addcarryx_u32(&x162, &x163, x161, x137, 0x0); fiat_p384_addcarryx_u32(&x164, &x165, x163, x139, x157); - fiat_p384_addcarryx_u32(&x166, &x167, x165, x141, (x157 & UINT32_C(0xfffffffe))); + fiat_p384_addcarryx_u32(&x166, &x167, x165, x141, x157 & UINT32_C(0xfffffffe)); fiat_p384_addcarryx_u32(&x168, &x169, x167, x143, x157); fiat_p384_addcarryx_u32(&x170, &x171, x169, x145, x157); fiat_p384_addcarryx_u32(&x172, &x173, x171, x147, x157); @@ -9970,18 +9970,18 @@ static void fiat_p384_divstep(uint32_t* out1, uint32_t out2[13], uint32_t out3[1 fiat_p384_addcarryx_u32(&x176, &x177, x175, x151, x157); fiat_p384_addcarryx_u32(&x178, &x179, x177, x153, x157); fiat_p384_addcarryx_u32(&x180, &x181, x179, x155, x157); - fiat_p384_cmovznz_u32(&x182, x3, (arg5[0]), x158); - fiat_p384_cmovznz_u32(&x183, x3, (arg5[1]), x160); - fiat_p384_cmovznz_u32(&x184, x3, (arg5[2]), x162); - fiat_p384_cmovznz_u32(&x185, x3, (arg5[3]), x164); - fiat_p384_cmovznz_u32(&x186, x3, (arg5[4]), x166); - fiat_p384_cmovznz_u32(&x187, x3, (arg5[5]), x168); - fiat_p384_cmovznz_u32(&x188, x3, (arg5[6]), x170); - fiat_p384_cmovznz_u32(&x189, x3, (arg5[7]), x172); - fiat_p384_cmovznz_u32(&x190, x3, (arg5[8]), x174); - fiat_p384_cmovznz_u32(&x191, x3, (arg5[9]), x176); - fiat_p384_cmovznz_u32(&x192, x3, (arg5[10]), x178); - fiat_p384_cmovznz_u32(&x193, x3, (arg5[11]), x180); + fiat_p384_cmovznz_u32(&x182, x3, arg5[0], x158); + fiat_p384_cmovznz_u32(&x183, x3, arg5[1], x160); + fiat_p384_cmovznz_u32(&x184, x3, arg5[2], x162); + fiat_p384_cmovznz_u32(&x185, x3, arg5[3], x164); + fiat_p384_cmovznz_u32(&x186, x3, arg5[4], x166); + fiat_p384_cmovznz_u32(&x187, x3, arg5[5], x168); + fiat_p384_cmovznz_u32(&x188, x3, arg5[6], x170); + fiat_p384_cmovznz_u32(&x189, x3, arg5[7], x172); + fiat_p384_cmovznz_u32(&x190, x3, arg5[8], x174); + fiat_p384_cmovznz_u32(&x191, x3, arg5[9], x176); + fiat_p384_cmovznz_u32(&x192, x3, arg5[10], x178); + fiat_p384_cmovznz_u32(&x193, x3, arg5[11], x180); x194 = (fiat_p384_uint1)(x46 & 0x1); fiat_p384_cmovznz_u32(&x195, x194, 0x0, x7); fiat_p384_cmovznz_u32(&x196, x194, 0x0, x8); @@ -10047,19 +10047,19 @@ static void fiat_p384_divstep(uint32_t* out1, uint32_t out2[13], uint32_t out3[1 fiat_p384_subborrowx_u32(&x292, &x293, x291, x268, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x294, &x295, x293, x269, 0x0); fiat_p384_addcarryx_u32(&x296, &x297, 0x0, x6, 0x1); - x298 = ((x208 >> 1) | ((x210 << 31) & UINT32_C(0xffffffff))); - x299 = ((x210 >> 1) | ((x212 << 31) & UINT32_C(0xffffffff))); - x300 = ((x212 >> 1) | ((x214 << 31) & UINT32_C(0xffffffff))); - x301 = ((x214 >> 1) | ((x216 << 31) & UINT32_C(0xffffffff))); - x302 = ((x216 >> 1) | ((x218 << 31) & UINT32_C(0xffffffff))); - x303 = ((x218 >> 1) | ((x220 << 31) & UINT32_C(0xffffffff))); - x304 = ((x220 >> 1) | ((x222 << 31) & UINT32_C(0xffffffff))); - x305 = ((x222 >> 1) | ((x224 << 31) & UINT32_C(0xffffffff))); - x306 = ((x224 >> 1) | ((x226 << 31) & UINT32_C(0xffffffff))); - x307 = ((x226 >> 1) | ((x228 << 31) & UINT32_C(0xffffffff))); - x308 = ((x228 >> 1) | ((x230 << 31) & UINT32_C(0xffffffff))); - x309 = ((x230 >> 1) | ((x232 << 31) & UINT32_C(0xffffffff))); - x310 = ((x232 & UINT32_C(0x80000000)) | (x232 >> 1)); + x298 = x208 >> 1 | x210 << 31 & UINT32_C(0xffffffff); + x299 = x210 >> 1 | x212 << 31 & UINT32_C(0xffffffff); + x300 = x212 >> 1 | x214 << 31 & UINT32_C(0xffffffff); + x301 = x214 >> 1 | x216 << 31 & UINT32_C(0xffffffff); + x302 = x216 >> 1 | x218 << 31 & UINT32_C(0xffffffff); + x303 = x218 >> 1 | x220 << 31 & UINT32_C(0xffffffff); + x304 = x220 >> 1 | x222 << 31 & UINT32_C(0xffffffff); + x305 = x222 >> 1 | x224 << 31 & UINT32_C(0xffffffff); + x306 = x224 >> 1 | x226 << 31 & UINT32_C(0xffffffff); + x307 = x226 >> 1 | x228 << 31 & UINT32_C(0xffffffff); + x308 = x228 >> 1 | x230 << 31 & UINT32_C(0xffffffff); + x309 = x230 >> 1 | x232 << 31 & UINT32_C(0xffffffff); + x310 = x232 & UINT32_C(0x80000000) | x232 >> 1; fiat_p384_cmovznz_u32(&x311, x120, x95, x71); fiat_p384_cmovznz_u32(&x312, x120, x97, x73); fiat_p384_cmovznz_u32(&x313, x120, x99, x75); diff --git a/fiat-c/src/p384_64.c b/fiat-c/src/p384_64.c index 6f27a7fadb..c3d70391e3 100644 --- a/fiat-c/src/p384_64.c +++ b/fiat-c/src/p384_64.c @@ -62,7 +62,7 @@ static void fiat_p384_addcarryx_u64(uint64_t* out1, fiat_p384_uint1* out2, fiat_ fiat_p384_uint128 x1; uint64_t x2; fiat_p384_uint1 x3; - x1 = ((arg1 + (fiat_p384_uint128)arg2) + arg3); + x1 = arg1 + (fiat_p384_uint128)arg2 + arg3; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (fiat_p384_uint1)(x1 >> 64); *out1 = x2; @@ -88,7 +88,7 @@ static void fiat_p384_subborrowx_u64(uint64_t* out1, fiat_p384_uint1* out2, fiat fiat_p384_int128 x1; fiat_p384_int1 x2; uint64_t x3; - x1 = ((arg2 - (fiat_p384_int128)arg1) - arg3); + x1 = arg2 - (fiat_p384_int128)arg1 - arg3; x2 = (fiat_p384_int1)(x1 >> 64); x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); *out1 = x3; @@ -113,7 +113,7 @@ static void fiat_p384_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui fiat_p384_uint128 x1; uint64_t x2; uint64_t x3; - x1 = ((fiat_p384_uint128)arg1 * arg2); + x1 = (fiat_p384_uint128)arg1 * arg2; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (uint64_t)(x1 >> 64); *out1 = x2; @@ -137,9 +137,9 @@ static void fiat_p384_cmovznz_u64(uint64_t* out1, fiat_p384_uint1 arg1, uint64_t fiat_p384_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p384_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_p384_value_barrier_u64(x2) & arg3) | (fiat_p384_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p384_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_p384_value_barrier_u64(x2) & arg3 | fiat_p384_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -633,24 +633,24 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 uint64_t x471; uint64_t x472; uint64_t x473; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[0]); - fiat_p384_mulx_u64(&x7, &x8, x6, (arg2[5])); - fiat_p384_mulx_u64(&x9, &x10, x6, (arg2[4])); - fiat_p384_mulx_u64(&x11, &x12, x6, (arg2[3])); - fiat_p384_mulx_u64(&x13, &x14, x6, (arg2[2])); - fiat_p384_mulx_u64(&x15, &x16, x6, (arg2[1])); - fiat_p384_mulx_u64(&x17, &x18, x6, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[0]; + fiat_p384_mulx_u64(&x7, &x8, x6, arg2[5]); + fiat_p384_mulx_u64(&x9, &x10, x6, arg2[4]); + fiat_p384_mulx_u64(&x11, &x12, x6, arg2[3]); + fiat_p384_mulx_u64(&x13, &x14, x6, arg2[2]); + fiat_p384_mulx_u64(&x15, &x16, x6, arg2[1]); + fiat_p384_mulx_u64(&x17, &x18, x6, arg2[0]); fiat_p384_addcarryx_u64(&x19, &x20, 0x0, x18, x15); fiat_p384_addcarryx_u64(&x21, &x22, x20, x16, x13); fiat_p384_addcarryx_u64(&x23, &x24, x22, x14, x11); fiat_p384_addcarryx_u64(&x25, &x26, x24, x12, x9); fiat_p384_addcarryx_u64(&x27, &x28, x26, x10, x7); - x29 = (x28 + x8); + x29 = x28 + x8; fiat_p384_mulx_u64(&x30, &x31, x17, UINT64_C(0x100000001)); fiat_p384_mulx_u64(&x32, &x33, x30, UINT64_C(0xffffffffffffffff)); fiat_p384_mulx_u64(&x34, &x35, x30, UINT64_C(0xffffffffffffffff)); @@ -663,7 +663,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x48, &x49, x47, x39, x36); fiat_p384_addcarryx_u64(&x50, &x51, x49, x37, x34); fiat_p384_addcarryx_u64(&x52, &x53, x51, x35, x32); - x54 = (x53 + x33); + x54 = x53 + x33; fiat_p384_addcarryx_u64(&x55, &x56, 0x0, x17, x42); fiat_p384_addcarryx_u64(&x57, &x58, x56, x19, x44); fiat_p384_addcarryx_u64(&x59, &x60, x58, x21, x46); @@ -671,18 +671,18 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x63, &x64, x62, x25, x50); fiat_p384_addcarryx_u64(&x65, &x66, x64, x27, x52); fiat_p384_addcarryx_u64(&x67, &x68, x66, x29, x54); - fiat_p384_mulx_u64(&x69, &x70, x1, (arg2[5])); - fiat_p384_mulx_u64(&x71, &x72, x1, (arg2[4])); - fiat_p384_mulx_u64(&x73, &x74, x1, (arg2[3])); - fiat_p384_mulx_u64(&x75, &x76, x1, (arg2[2])); - fiat_p384_mulx_u64(&x77, &x78, x1, (arg2[1])); - fiat_p384_mulx_u64(&x79, &x80, x1, (arg2[0])); + fiat_p384_mulx_u64(&x69, &x70, x1, arg2[5]); + fiat_p384_mulx_u64(&x71, &x72, x1, arg2[4]); + fiat_p384_mulx_u64(&x73, &x74, x1, arg2[3]); + fiat_p384_mulx_u64(&x75, &x76, x1, arg2[2]); + fiat_p384_mulx_u64(&x77, &x78, x1, arg2[1]); + fiat_p384_mulx_u64(&x79, &x80, x1, arg2[0]); fiat_p384_addcarryx_u64(&x81, &x82, 0x0, x80, x77); fiat_p384_addcarryx_u64(&x83, &x84, x82, x78, x75); fiat_p384_addcarryx_u64(&x85, &x86, x84, x76, x73); fiat_p384_addcarryx_u64(&x87, &x88, x86, x74, x71); fiat_p384_addcarryx_u64(&x89, &x90, x88, x72, x69); - x91 = (x90 + x70); + x91 = x90 + x70; fiat_p384_addcarryx_u64(&x92, &x93, 0x0, x57, x79); fiat_p384_addcarryx_u64(&x94, &x95, x93, x59, x81); fiat_p384_addcarryx_u64(&x96, &x97, x95, x61, x83); @@ -702,7 +702,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x124, &x125, x123, x115, x112); fiat_p384_addcarryx_u64(&x126, &x127, x125, x113, x110); fiat_p384_addcarryx_u64(&x128, &x129, x127, x111, x108); - x130 = (x129 + x109); + x130 = x129 + x109; fiat_p384_addcarryx_u64(&x131, &x132, 0x0, x92, x118); fiat_p384_addcarryx_u64(&x133, &x134, x132, x94, x120); fiat_p384_addcarryx_u64(&x135, &x136, x134, x96, x122); @@ -710,19 +710,19 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x139, &x140, x138, x100, x126); fiat_p384_addcarryx_u64(&x141, &x142, x140, x102, x128); fiat_p384_addcarryx_u64(&x143, &x144, x142, x104, x130); - x145 = ((uint64_t)x144 + x105); - fiat_p384_mulx_u64(&x146, &x147, x2, (arg2[5])); - fiat_p384_mulx_u64(&x148, &x149, x2, (arg2[4])); - fiat_p384_mulx_u64(&x150, &x151, x2, (arg2[3])); - fiat_p384_mulx_u64(&x152, &x153, x2, (arg2[2])); - fiat_p384_mulx_u64(&x154, &x155, x2, (arg2[1])); - fiat_p384_mulx_u64(&x156, &x157, x2, (arg2[0])); + x145 = (uint64_t)x144 + x105; + fiat_p384_mulx_u64(&x146, &x147, x2, arg2[5]); + fiat_p384_mulx_u64(&x148, &x149, x2, arg2[4]); + fiat_p384_mulx_u64(&x150, &x151, x2, arg2[3]); + fiat_p384_mulx_u64(&x152, &x153, x2, arg2[2]); + fiat_p384_mulx_u64(&x154, &x155, x2, arg2[1]); + fiat_p384_mulx_u64(&x156, &x157, x2, arg2[0]); fiat_p384_addcarryx_u64(&x158, &x159, 0x0, x157, x154); fiat_p384_addcarryx_u64(&x160, &x161, x159, x155, x152); fiat_p384_addcarryx_u64(&x162, &x163, x161, x153, x150); fiat_p384_addcarryx_u64(&x164, &x165, x163, x151, x148); fiat_p384_addcarryx_u64(&x166, &x167, x165, x149, x146); - x168 = (x167 + x147); + x168 = x167 + x147; fiat_p384_addcarryx_u64(&x169, &x170, 0x0, x133, x156); fiat_p384_addcarryx_u64(&x171, &x172, x170, x135, x158); fiat_p384_addcarryx_u64(&x173, &x174, x172, x137, x160); @@ -742,7 +742,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x201, &x202, x200, x192, x189); fiat_p384_addcarryx_u64(&x203, &x204, x202, x190, x187); fiat_p384_addcarryx_u64(&x205, &x206, x204, x188, x185); - x207 = (x206 + x186); + x207 = x206 + x186; fiat_p384_addcarryx_u64(&x208, &x209, 0x0, x169, x195); fiat_p384_addcarryx_u64(&x210, &x211, x209, x171, x197); fiat_p384_addcarryx_u64(&x212, &x213, x211, x173, x199); @@ -750,19 +750,19 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x216, &x217, x215, x177, x203); fiat_p384_addcarryx_u64(&x218, &x219, x217, x179, x205); fiat_p384_addcarryx_u64(&x220, &x221, x219, x181, x207); - x222 = ((uint64_t)x221 + x182); - fiat_p384_mulx_u64(&x223, &x224, x3, (arg2[5])); - fiat_p384_mulx_u64(&x225, &x226, x3, (arg2[4])); - fiat_p384_mulx_u64(&x227, &x228, x3, (arg2[3])); - fiat_p384_mulx_u64(&x229, &x230, x3, (arg2[2])); - fiat_p384_mulx_u64(&x231, &x232, x3, (arg2[1])); - fiat_p384_mulx_u64(&x233, &x234, x3, (arg2[0])); + x222 = (uint64_t)x221 + x182; + fiat_p384_mulx_u64(&x223, &x224, x3, arg2[5]); + fiat_p384_mulx_u64(&x225, &x226, x3, arg2[4]); + fiat_p384_mulx_u64(&x227, &x228, x3, arg2[3]); + fiat_p384_mulx_u64(&x229, &x230, x3, arg2[2]); + fiat_p384_mulx_u64(&x231, &x232, x3, arg2[1]); + fiat_p384_mulx_u64(&x233, &x234, x3, arg2[0]); fiat_p384_addcarryx_u64(&x235, &x236, 0x0, x234, x231); fiat_p384_addcarryx_u64(&x237, &x238, x236, x232, x229); fiat_p384_addcarryx_u64(&x239, &x240, x238, x230, x227); fiat_p384_addcarryx_u64(&x241, &x242, x240, x228, x225); fiat_p384_addcarryx_u64(&x243, &x244, x242, x226, x223); - x245 = (x244 + x224); + x245 = x244 + x224; fiat_p384_addcarryx_u64(&x246, &x247, 0x0, x210, x233); fiat_p384_addcarryx_u64(&x248, &x249, x247, x212, x235); fiat_p384_addcarryx_u64(&x250, &x251, x249, x214, x237); @@ -782,7 +782,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x278, &x279, x277, x269, x266); fiat_p384_addcarryx_u64(&x280, &x281, x279, x267, x264); fiat_p384_addcarryx_u64(&x282, &x283, x281, x265, x262); - x284 = (x283 + x263); + x284 = x283 + x263; fiat_p384_addcarryx_u64(&x285, &x286, 0x0, x246, x272); fiat_p384_addcarryx_u64(&x287, &x288, x286, x248, x274); fiat_p384_addcarryx_u64(&x289, &x290, x288, x250, x276); @@ -790,19 +790,19 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x293, &x294, x292, x254, x280); fiat_p384_addcarryx_u64(&x295, &x296, x294, x256, x282); fiat_p384_addcarryx_u64(&x297, &x298, x296, x258, x284); - x299 = ((uint64_t)x298 + x259); - fiat_p384_mulx_u64(&x300, &x301, x4, (arg2[5])); - fiat_p384_mulx_u64(&x302, &x303, x4, (arg2[4])); - fiat_p384_mulx_u64(&x304, &x305, x4, (arg2[3])); - fiat_p384_mulx_u64(&x306, &x307, x4, (arg2[2])); - fiat_p384_mulx_u64(&x308, &x309, x4, (arg2[1])); - fiat_p384_mulx_u64(&x310, &x311, x4, (arg2[0])); + x299 = (uint64_t)x298 + x259; + fiat_p384_mulx_u64(&x300, &x301, x4, arg2[5]); + fiat_p384_mulx_u64(&x302, &x303, x4, arg2[4]); + fiat_p384_mulx_u64(&x304, &x305, x4, arg2[3]); + fiat_p384_mulx_u64(&x306, &x307, x4, arg2[2]); + fiat_p384_mulx_u64(&x308, &x309, x4, arg2[1]); + fiat_p384_mulx_u64(&x310, &x311, x4, arg2[0]); fiat_p384_addcarryx_u64(&x312, &x313, 0x0, x311, x308); fiat_p384_addcarryx_u64(&x314, &x315, x313, x309, x306); fiat_p384_addcarryx_u64(&x316, &x317, x315, x307, x304); fiat_p384_addcarryx_u64(&x318, &x319, x317, x305, x302); fiat_p384_addcarryx_u64(&x320, &x321, x319, x303, x300); - x322 = (x321 + x301); + x322 = x321 + x301; fiat_p384_addcarryx_u64(&x323, &x324, 0x0, x287, x310); fiat_p384_addcarryx_u64(&x325, &x326, x324, x289, x312); fiat_p384_addcarryx_u64(&x327, &x328, x326, x291, x314); @@ -822,7 +822,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x355, &x356, x354, x346, x343); fiat_p384_addcarryx_u64(&x357, &x358, x356, x344, x341); fiat_p384_addcarryx_u64(&x359, &x360, x358, x342, x339); - x361 = (x360 + x340); + x361 = x360 + x340; fiat_p384_addcarryx_u64(&x362, &x363, 0x0, x323, x349); fiat_p384_addcarryx_u64(&x364, &x365, x363, x325, x351); fiat_p384_addcarryx_u64(&x366, &x367, x365, x327, x353); @@ -830,19 +830,19 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x370, &x371, x369, x331, x357); fiat_p384_addcarryx_u64(&x372, &x373, x371, x333, x359); fiat_p384_addcarryx_u64(&x374, &x375, x373, x335, x361); - x376 = ((uint64_t)x375 + x336); - fiat_p384_mulx_u64(&x377, &x378, x5, (arg2[5])); - fiat_p384_mulx_u64(&x379, &x380, x5, (arg2[4])); - fiat_p384_mulx_u64(&x381, &x382, x5, (arg2[3])); - fiat_p384_mulx_u64(&x383, &x384, x5, (arg2[2])); - fiat_p384_mulx_u64(&x385, &x386, x5, (arg2[1])); - fiat_p384_mulx_u64(&x387, &x388, x5, (arg2[0])); + x376 = (uint64_t)x375 + x336; + fiat_p384_mulx_u64(&x377, &x378, x5, arg2[5]); + fiat_p384_mulx_u64(&x379, &x380, x5, arg2[4]); + fiat_p384_mulx_u64(&x381, &x382, x5, arg2[3]); + fiat_p384_mulx_u64(&x383, &x384, x5, arg2[2]); + fiat_p384_mulx_u64(&x385, &x386, x5, arg2[1]); + fiat_p384_mulx_u64(&x387, &x388, x5, arg2[0]); fiat_p384_addcarryx_u64(&x389, &x390, 0x0, x388, x385); fiat_p384_addcarryx_u64(&x391, &x392, x390, x386, x383); fiat_p384_addcarryx_u64(&x393, &x394, x392, x384, x381); fiat_p384_addcarryx_u64(&x395, &x396, x394, x382, x379); fiat_p384_addcarryx_u64(&x397, &x398, x396, x380, x377); - x399 = (x398 + x378); + x399 = x398 + x378; fiat_p384_addcarryx_u64(&x400, &x401, 0x0, x364, x387); fiat_p384_addcarryx_u64(&x402, &x403, x401, x366, x389); fiat_p384_addcarryx_u64(&x404, &x405, x403, x368, x391); @@ -862,7 +862,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x432, &x433, x431, x423, x420); fiat_p384_addcarryx_u64(&x434, &x435, x433, x421, x418); fiat_p384_addcarryx_u64(&x436, &x437, x435, x419, x416); - x438 = (x437 + x417); + x438 = x437 + x417; fiat_p384_addcarryx_u64(&x439, &x440, 0x0, x400, x426); fiat_p384_addcarryx_u64(&x441, &x442, x440, x402, x428); fiat_p384_addcarryx_u64(&x443, &x444, x442, x404, x430); @@ -870,7 +870,7 @@ static void fiat_p384_mul(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_addcarryx_u64(&x447, &x448, x446, x408, x434); fiat_p384_addcarryx_u64(&x449, &x450, x448, x410, x436); fiat_p384_addcarryx_u64(&x451, &x452, x450, x412, x438); - x453 = ((uint64_t)x452 + x413); + x453 = (uint64_t)x452 + x413; fiat_p384_subborrowx_u64(&x454, &x455, 0x0, x441, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u64(&x456, &x457, x455, x443, UINT64_C(0xffffffff00000000)); fiat_p384_subborrowx_u64(&x458, &x459, x457, x445, UINT64_C(0xfffffffffffffffe)); @@ -1380,24 +1380,24 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { uint64_t x471; uint64_t x472; uint64_t x473; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[0]); - fiat_p384_mulx_u64(&x7, &x8, x6, (arg1[5])); - fiat_p384_mulx_u64(&x9, &x10, x6, (arg1[4])); - fiat_p384_mulx_u64(&x11, &x12, x6, (arg1[3])); - fiat_p384_mulx_u64(&x13, &x14, x6, (arg1[2])); - fiat_p384_mulx_u64(&x15, &x16, x6, (arg1[1])); - fiat_p384_mulx_u64(&x17, &x18, x6, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[0]; + fiat_p384_mulx_u64(&x7, &x8, x6, arg1[5]); + fiat_p384_mulx_u64(&x9, &x10, x6, arg1[4]); + fiat_p384_mulx_u64(&x11, &x12, x6, arg1[3]); + fiat_p384_mulx_u64(&x13, &x14, x6, arg1[2]); + fiat_p384_mulx_u64(&x15, &x16, x6, arg1[1]); + fiat_p384_mulx_u64(&x17, &x18, x6, arg1[0]); fiat_p384_addcarryx_u64(&x19, &x20, 0x0, x18, x15); fiat_p384_addcarryx_u64(&x21, &x22, x20, x16, x13); fiat_p384_addcarryx_u64(&x23, &x24, x22, x14, x11); fiat_p384_addcarryx_u64(&x25, &x26, x24, x12, x9); fiat_p384_addcarryx_u64(&x27, &x28, x26, x10, x7); - x29 = (x28 + x8); + x29 = x28 + x8; fiat_p384_mulx_u64(&x30, &x31, x17, UINT64_C(0x100000001)); fiat_p384_mulx_u64(&x32, &x33, x30, UINT64_C(0xffffffffffffffff)); fiat_p384_mulx_u64(&x34, &x35, x30, UINT64_C(0xffffffffffffffff)); @@ -1410,7 +1410,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x48, &x49, x47, x39, x36); fiat_p384_addcarryx_u64(&x50, &x51, x49, x37, x34); fiat_p384_addcarryx_u64(&x52, &x53, x51, x35, x32); - x54 = (x53 + x33); + x54 = x53 + x33; fiat_p384_addcarryx_u64(&x55, &x56, 0x0, x17, x42); fiat_p384_addcarryx_u64(&x57, &x58, x56, x19, x44); fiat_p384_addcarryx_u64(&x59, &x60, x58, x21, x46); @@ -1418,18 +1418,18 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x63, &x64, x62, x25, x50); fiat_p384_addcarryx_u64(&x65, &x66, x64, x27, x52); fiat_p384_addcarryx_u64(&x67, &x68, x66, x29, x54); - fiat_p384_mulx_u64(&x69, &x70, x1, (arg1[5])); - fiat_p384_mulx_u64(&x71, &x72, x1, (arg1[4])); - fiat_p384_mulx_u64(&x73, &x74, x1, (arg1[3])); - fiat_p384_mulx_u64(&x75, &x76, x1, (arg1[2])); - fiat_p384_mulx_u64(&x77, &x78, x1, (arg1[1])); - fiat_p384_mulx_u64(&x79, &x80, x1, (arg1[0])); + fiat_p384_mulx_u64(&x69, &x70, x1, arg1[5]); + fiat_p384_mulx_u64(&x71, &x72, x1, arg1[4]); + fiat_p384_mulx_u64(&x73, &x74, x1, arg1[3]); + fiat_p384_mulx_u64(&x75, &x76, x1, arg1[2]); + fiat_p384_mulx_u64(&x77, &x78, x1, arg1[1]); + fiat_p384_mulx_u64(&x79, &x80, x1, arg1[0]); fiat_p384_addcarryx_u64(&x81, &x82, 0x0, x80, x77); fiat_p384_addcarryx_u64(&x83, &x84, x82, x78, x75); fiat_p384_addcarryx_u64(&x85, &x86, x84, x76, x73); fiat_p384_addcarryx_u64(&x87, &x88, x86, x74, x71); fiat_p384_addcarryx_u64(&x89, &x90, x88, x72, x69); - x91 = (x90 + x70); + x91 = x90 + x70; fiat_p384_addcarryx_u64(&x92, &x93, 0x0, x57, x79); fiat_p384_addcarryx_u64(&x94, &x95, x93, x59, x81); fiat_p384_addcarryx_u64(&x96, &x97, x95, x61, x83); @@ -1449,7 +1449,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x124, &x125, x123, x115, x112); fiat_p384_addcarryx_u64(&x126, &x127, x125, x113, x110); fiat_p384_addcarryx_u64(&x128, &x129, x127, x111, x108); - x130 = (x129 + x109); + x130 = x129 + x109; fiat_p384_addcarryx_u64(&x131, &x132, 0x0, x92, x118); fiat_p384_addcarryx_u64(&x133, &x134, x132, x94, x120); fiat_p384_addcarryx_u64(&x135, &x136, x134, x96, x122); @@ -1457,19 +1457,19 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x139, &x140, x138, x100, x126); fiat_p384_addcarryx_u64(&x141, &x142, x140, x102, x128); fiat_p384_addcarryx_u64(&x143, &x144, x142, x104, x130); - x145 = ((uint64_t)x144 + x105); - fiat_p384_mulx_u64(&x146, &x147, x2, (arg1[5])); - fiat_p384_mulx_u64(&x148, &x149, x2, (arg1[4])); - fiat_p384_mulx_u64(&x150, &x151, x2, (arg1[3])); - fiat_p384_mulx_u64(&x152, &x153, x2, (arg1[2])); - fiat_p384_mulx_u64(&x154, &x155, x2, (arg1[1])); - fiat_p384_mulx_u64(&x156, &x157, x2, (arg1[0])); + x145 = (uint64_t)x144 + x105; + fiat_p384_mulx_u64(&x146, &x147, x2, arg1[5]); + fiat_p384_mulx_u64(&x148, &x149, x2, arg1[4]); + fiat_p384_mulx_u64(&x150, &x151, x2, arg1[3]); + fiat_p384_mulx_u64(&x152, &x153, x2, arg1[2]); + fiat_p384_mulx_u64(&x154, &x155, x2, arg1[1]); + fiat_p384_mulx_u64(&x156, &x157, x2, arg1[0]); fiat_p384_addcarryx_u64(&x158, &x159, 0x0, x157, x154); fiat_p384_addcarryx_u64(&x160, &x161, x159, x155, x152); fiat_p384_addcarryx_u64(&x162, &x163, x161, x153, x150); fiat_p384_addcarryx_u64(&x164, &x165, x163, x151, x148); fiat_p384_addcarryx_u64(&x166, &x167, x165, x149, x146); - x168 = (x167 + x147); + x168 = x167 + x147; fiat_p384_addcarryx_u64(&x169, &x170, 0x0, x133, x156); fiat_p384_addcarryx_u64(&x171, &x172, x170, x135, x158); fiat_p384_addcarryx_u64(&x173, &x174, x172, x137, x160); @@ -1489,7 +1489,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x201, &x202, x200, x192, x189); fiat_p384_addcarryx_u64(&x203, &x204, x202, x190, x187); fiat_p384_addcarryx_u64(&x205, &x206, x204, x188, x185); - x207 = (x206 + x186); + x207 = x206 + x186; fiat_p384_addcarryx_u64(&x208, &x209, 0x0, x169, x195); fiat_p384_addcarryx_u64(&x210, &x211, x209, x171, x197); fiat_p384_addcarryx_u64(&x212, &x213, x211, x173, x199); @@ -1497,19 +1497,19 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x216, &x217, x215, x177, x203); fiat_p384_addcarryx_u64(&x218, &x219, x217, x179, x205); fiat_p384_addcarryx_u64(&x220, &x221, x219, x181, x207); - x222 = ((uint64_t)x221 + x182); - fiat_p384_mulx_u64(&x223, &x224, x3, (arg1[5])); - fiat_p384_mulx_u64(&x225, &x226, x3, (arg1[4])); - fiat_p384_mulx_u64(&x227, &x228, x3, (arg1[3])); - fiat_p384_mulx_u64(&x229, &x230, x3, (arg1[2])); - fiat_p384_mulx_u64(&x231, &x232, x3, (arg1[1])); - fiat_p384_mulx_u64(&x233, &x234, x3, (arg1[0])); + x222 = (uint64_t)x221 + x182; + fiat_p384_mulx_u64(&x223, &x224, x3, arg1[5]); + fiat_p384_mulx_u64(&x225, &x226, x3, arg1[4]); + fiat_p384_mulx_u64(&x227, &x228, x3, arg1[3]); + fiat_p384_mulx_u64(&x229, &x230, x3, arg1[2]); + fiat_p384_mulx_u64(&x231, &x232, x3, arg1[1]); + fiat_p384_mulx_u64(&x233, &x234, x3, arg1[0]); fiat_p384_addcarryx_u64(&x235, &x236, 0x0, x234, x231); fiat_p384_addcarryx_u64(&x237, &x238, x236, x232, x229); fiat_p384_addcarryx_u64(&x239, &x240, x238, x230, x227); fiat_p384_addcarryx_u64(&x241, &x242, x240, x228, x225); fiat_p384_addcarryx_u64(&x243, &x244, x242, x226, x223); - x245 = (x244 + x224); + x245 = x244 + x224; fiat_p384_addcarryx_u64(&x246, &x247, 0x0, x210, x233); fiat_p384_addcarryx_u64(&x248, &x249, x247, x212, x235); fiat_p384_addcarryx_u64(&x250, &x251, x249, x214, x237); @@ -1529,7 +1529,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x278, &x279, x277, x269, x266); fiat_p384_addcarryx_u64(&x280, &x281, x279, x267, x264); fiat_p384_addcarryx_u64(&x282, &x283, x281, x265, x262); - x284 = (x283 + x263); + x284 = x283 + x263; fiat_p384_addcarryx_u64(&x285, &x286, 0x0, x246, x272); fiat_p384_addcarryx_u64(&x287, &x288, x286, x248, x274); fiat_p384_addcarryx_u64(&x289, &x290, x288, x250, x276); @@ -1537,19 +1537,19 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x293, &x294, x292, x254, x280); fiat_p384_addcarryx_u64(&x295, &x296, x294, x256, x282); fiat_p384_addcarryx_u64(&x297, &x298, x296, x258, x284); - x299 = ((uint64_t)x298 + x259); - fiat_p384_mulx_u64(&x300, &x301, x4, (arg1[5])); - fiat_p384_mulx_u64(&x302, &x303, x4, (arg1[4])); - fiat_p384_mulx_u64(&x304, &x305, x4, (arg1[3])); - fiat_p384_mulx_u64(&x306, &x307, x4, (arg1[2])); - fiat_p384_mulx_u64(&x308, &x309, x4, (arg1[1])); - fiat_p384_mulx_u64(&x310, &x311, x4, (arg1[0])); + x299 = (uint64_t)x298 + x259; + fiat_p384_mulx_u64(&x300, &x301, x4, arg1[5]); + fiat_p384_mulx_u64(&x302, &x303, x4, arg1[4]); + fiat_p384_mulx_u64(&x304, &x305, x4, arg1[3]); + fiat_p384_mulx_u64(&x306, &x307, x4, arg1[2]); + fiat_p384_mulx_u64(&x308, &x309, x4, arg1[1]); + fiat_p384_mulx_u64(&x310, &x311, x4, arg1[0]); fiat_p384_addcarryx_u64(&x312, &x313, 0x0, x311, x308); fiat_p384_addcarryx_u64(&x314, &x315, x313, x309, x306); fiat_p384_addcarryx_u64(&x316, &x317, x315, x307, x304); fiat_p384_addcarryx_u64(&x318, &x319, x317, x305, x302); fiat_p384_addcarryx_u64(&x320, &x321, x319, x303, x300); - x322 = (x321 + x301); + x322 = x321 + x301; fiat_p384_addcarryx_u64(&x323, &x324, 0x0, x287, x310); fiat_p384_addcarryx_u64(&x325, &x326, x324, x289, x312); fiat_p384_addcarryx_u64(&x327, &x328, x326, x291, x314); @@ -1569,7 +1569,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x355, &x356, x354, x346, x343); fiat_p384_addcarryx_u64(&x357, &x358, x356, x344, x341); fiat_p384_addcarryx_u64(&x359, &x360, x358, x342, x339); - x361 = (x360 + x340); + x361 = x360 + x340; fiat_p384_addcarryx_u64(&x362, &x363, 0x0, x323, x349); fiat_p384_addcarryx_u64(&x364, &x365, x363, x325, x351); fiat_p384_addcarryx_u64(&x366, &x367, x365, x327, x353); @@ -1577,19 +1577,19 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x370, &x371, x369, x331, x357); fiat_p384_addcarryx_u64(&x372, &x373, x371, x333, x359); fiat_p384_addcarryx_u64(&x374, &x375, x373, x335, x361); - x376 = ((uint64_t)x375 + x336); - fiat_p384_mulx_u64(&x377, &x378, x5, (arg1[5])); - fiat_p384_mulx_u64(&x379, &x380, x5, (arg1[4])); - fiat_p384_mulx_u64(&x381, &x382, x5, (arg1[3])); - fiat_p384_mulx_u64(&x383, &x384, x5, (arg1[2])); - fiat_p384_mulx_u64(&x385, &x386, x5, (arg1[1])); - fiat_p384_mulx_u64(&x387, &x388, x5, (arg1[0])); + x376 = (uint64_t)x375 + x336; + fiat_p384_mulx_u64(&x377, &x378, x5, arg1[5]); + fiat_p384_mulx_u64(&x379, &x380, x5, arg1[4]); + fiat_p384_mulx_u64(&x381, &x382, x5, arg1[3]); + fiat_p384_mulx_u64(&x383, &x384, x5, arg1[2]); + fiat_p384_mulx_u64(&x385, &x386, x5, arg1[1]); + fiat_p384_mulx_u64(&x387, &x388, x5, arg1[0]); fiat_p384_addcarryx_u64(&x389, &x390, 0x0, x388, x385); fiat_p384_addcarryx_u64(&x391, &x392, x390, x386, x383); fiat_p384_addcarryx_u64(&x393, &x394, x392, x384, x381); fiat_p384_addcarryx_u64(&x395, &x396, x394, x382, x379); fiat_p384_addcarryx_u64(&x397, &x398, x396, x380, x377); - x399 = (x398 + x378); + x399 = x398 + x378; fiat_p384_addcarryx_u64(&x400, &x401, 0x0, x364, x387); fiat_p384_addcarryx_u64(&x402, &x403, x401, x366, x389); fiat_p384_addcarryx_u64(&x404, &x405, x403, x368, x391); @@ -1609,7 +1609,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x432, &x433, x431, x423, x420); fiat_p384_addcarryx_u64(&x434, &x435, x433, x421, x418); fiat_p384_addcarryx_u64(&x436, &x437, x435, x419, x416); - x438 = (x437 + x417); + x438 = x437 + x417; fiat_p384_addcarryx_u64(&x439, &x440, 0x0, x400, x426); fiat_p384_addcarryx_u64(&x441, &x442, x440, x402, x428); fiat_p384_addcarryx_u64(&x443, &x444, x442, x404, x430); @@ -1617,7 +1617,7 @@ static void fiat_p384_square(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x447, &x448, x446, x408, x434); fiat_p384_addcarryx_u64(&x449, &x450, x448, x410, x436); fiat_p384_addcarryx_u64(&x451, &x452, x450, x412, x438); - x453 = ((uint64_t)x452 + x413); + x453 = (uint64_t)x452 + x413; fiat_p384_subborrowx_u64(&x454, &x455, 0x0, x441, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u64(&x456, &x457, x455, x443, UINT64_C(0xffffffff00000000)); fiat_p384_subborrowx_u64(&x458, &x459, x457, x445, UINT64_C(0xfffffffffffffffe)); @@ -1688,12 +1688,12 @@ static void fiat_p384_add(uint64_t out1[6], const uint64_t arg1[6], const uint64 uint64_t x30; uint64_t x31; uint64_t x32; - fiat_p384_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p384_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p384_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p384_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p384_addcarryx_u64(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p384_addcarryx_u64(&x11, &x12, x10, (arg1[5]), (arg2[5])); + fiat_p384_addcarryx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p384_addcarryx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p384_addcarryx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p384_addcarryx_u64(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p384_addcarryx_u64(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p384_addcarryx_u64(&x11, &x12, x10, arg1[5], arg2[5]); fiat_p384_subborrowx_u64(&x13, &x14, 0x0, x1, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u64(&x15, &x16, x14, x3, UINT64_C(0xffffffff00000000)); fiat_p384_subborrowx_u64(&x17, &x18, x16, x5, UINT64_C(0xfffffffffffffffe)); @@ -1757,16 +1757,16 @@ static void fiat_p384_sub(uint64_t out1[6], const uint64_t arg1[6], const uint64 fiat_p384_uint1 x23; uint64_t x24; fiat_p384_uint1 x25; - fiat_p384_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p384_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p384_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p384_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p384_subborrowx_u64(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p384_subborrowx_u64(&x11, &x12, x10, (arg1[5]), (arg2[5])); + fiat_p384_subborrowx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p384_subborrowx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p384_subborrowx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p384_subborrowx_u64(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p384_subborrowx_u64(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p384_subborrowx_u64(&x11, &x12, x10, arg1[5], arg2[5]); fiat_p384_cmovznz_u64(&x13, x12, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_p384_addcarryx_u64(&x14, &x15, 0x0, x1, (x13 & UINT32_C(0xffffffff))); - fiat_p384_addcarryx_u64(&x16, &x17, x15, x3, (x13 & UINT64_C(0xffffffff00000000))); - fiat_p384_addcarryx_u64(&x18, &x19, x17, x5, (x13 & UINT64_C(0xfffffffffffffffe))); + fiat_p384_addcarryx_u64(&x14, &x15, 0x0, x1, x13 & UINT32_C(0xffffffff)); + fiat_p384_addcarryx_u64(&x16, &x17, x15, x3, x13 & UINT64_C(0xffffffff00000000)); + fiat_p384_addcarryx_u64(&x18, &x19, x17, x5, x13 & UINT64_C(0xfffffffffffffffe)); fiat_p384_addcarryx_u64(&x20, &x21, x19, x7, x13); fiat_p384_addcarryx_u64(&x22, &x23, x21, x9, x13); fiat_p384_addcarryx_u64(&x24, &x25, x23, x11, x13); @@ -1818,16 +1818,16 @@ static void fiat_p384_opp(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_uint1 x23; uint64_t x24; fiat_p384_uint1 x25; - fiat_p384_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p384_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p384_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p384_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); - fiat_p384_subborrowx_u64(&x9, &x10, x8, 0x0, (arg1[4])); - fiat_p384_subborrowx_u64(&x11, &x12, x10, 0x0, (arg1[5])); + fiat_p384_subborrowx_u64(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p384_subborrowx_u64(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p384_subborrowx_u64(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p384_subborrowx_u64(&x7, &x8, x6, 0x0, arg1[3]); + fiat_p384_subborrowx_u64(&x9, &x10, x8, 0x0, arg1[4]); + fiat_p384_subborrowx_u64(&x11, &x12, x10, 0x0, arg1[5]); fiat_p384_cmovznz_u64(&x13, x12, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_p384_addcarryx_u64(&x14, &x15, 0x0, x1, (x13 & UINT32_C(0xffffffff))); - fiat_p384_addcarryx_u64(&x16, &x17, x15, x3, (x13 & UINT64_C(0xffffffff00000000))); - fiat_p384_addcarryx_u64(&x18, &x19, x17, x5, (x13 & UINT64_C(0xfffffffffffffffe))); + fiat_p384_addcarryx_u64(&x14, &x15, 0x0, x1, x13 & UINT32_C(0xffffffff)); + fiat_p384_addcarryx_u64(&x16, &x17, x15, x3, x13 & UINT64_C(0xffffffff00000000)); + fiat_p384_addcarryx_u64(&x18, &x19, x17, x5, x13 & UINT64_C(0xfffffffffffffffe)); fiat_p384_addcarryx_u64(&x20, &x21, x19, x7, x13); fiat_p384_addcarryx_u64(&x22, &x23, x21, x9, x13); fiat_p384_addcarryx_u64(&x24, &x25, x23, x11, x13); @@ -2163,7 +2163,7 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) uint64_t x307; uint64_t x308; uint64_t x309; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p384_mulx_u64(&x2, &x3, x1, UINT64_C(0x100000001)); fiat_p384_mulx_u64(&x4, &x5, x2, UINT64_C(0xffffffffffffffff)); fiat_p384_mulx_u64(&x6, &x7, x2, UINT64_C(0xffffffffffffffff)); @@ -2182,8 +2182,8 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_addcarryx_u64(&x32, &x33, x31, 0x0, x20); fiat_p384_addcarryx_u64(&x34, &x35, x33, 0x0, x22); fiat_p384_addcarryx_u64(&x36, &x37, x35, 0x0, x24); - fiat_p384_addcarryx_u64(&x38, &x39, x37, 0x0, (x25 + x5)); - fiat_p384_addcarryx_u64(&x40, &x41, 0x0, x28, (arg1[1])); + fiat_p384_addcarryx_u64(&x38, &x39, x37, 0x0, x25 + x5); + fiat_p384_addcarryx_u64(&x40, &x41, 0x0, x28, arg1[1]); fiat_p384_addcarryx_u64(&x42, &x43, x41, x30, 0x0); fiat_p384_addcarryx_u64(&x44, &x45, x43, x32, 0x0); fiat_p384_addcarryx_u64(&x46, &x47, x45, x34, 0x0); @@ -2207,8 +2207,8 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_addcarryx_u64(&x82, &x83, x81, x46, x70); fiat_p384_addcarryx_u64(&x84, &x85, x83, x48, x72); fiat_p384_addcarryx_u64(&x86, &x87, x85, x50, x74); - fiat_p384_addcarryx_u64(&x88, &x89, x87, ((uint64_t)x51 + x39), (x75 + x55)); - fiat_p384_addcarryx_u64(&x90, &x91, 0x0, x78, (arg1[2])); + fiat_p384_addcarryx_u64(&x88, &x89, x87, (uint64_t)x51 + x39, x75 + x55); + fiat_p384_addcarryx_u64(&x90, &x91, 0x0, x78, arg1[2]); fiat_p384_addcarryx_u64(&x92, &x93, x91, x80, 0x0); fiat_p384_addcarryx_u64(&x94, &x95, x93, x82, 0x0); fiat_p384_addcarryx_u64(&x96, &x97, x95, x84, 0x0); @@ -2232,8 +2232,8 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_addcarryx_u64(&x132, &x133, x131, x96, x120); fiat_p384_addcarryx_u64(&x134, &x135, x133, x98, x122); fiat_p384_addcarryx_u64(&x136, &x137, x135, x100, x124); - fiat_p384_addcarryx_u64(&x138, &x139, x137, ((uint64_t)x101 + x89), (x125 + x105)); - fiat_p384_addcarryx_u64(&x140, &x141, 0x0, x128, (arg1[3])); + fiat_p384_addcarryx_u64(&x138, &x139, x137, (uint64_t)x101 + x89, x125 + x105); + fiat_p384_addcarryx_u64(&x140, &x141, 0x0, x128, arg1[3]); fiat_p384_addcarryx_u64(&x142, &x143, x141, x130, 0x0); fiat_p384_addcarryx_u64(&x144, &x145, x143, x132, 0x0); fiat_p384_addcarryx_u64(&x146, &x147, x145, x134, 0x0); @@ -2257,8 +2257,8 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_addcarryx_u64(&x182, &x183, x181, x146, x170); fiat_p384_addcarryx_u64(&x184, &x185, x183, x148, x172); fiat_p384_addcarryx_u64(&x186, &x187, x185, x150, x174); - fiat_p384_addcarryx_u64(&x188, &x189, x187, ((uint64_t)x151 + x139), (x175 + x155)); - fiat_p384_addcarryx_u64(&x190, &x191, 0x0, x178, (arg1[4])); + fiat_p384_addcarryx_u64(&x188, &x189, x187, (uint64_t)x151 + x139, x175 + x155); + fiat_p384_addcarryx_u64(&x190, &x191, 0x0, x178, arg1[4]); fiat_p384_addcarryx_u64(&x192, &x193, x191, x180, 0x0); fiat_p384_addcarryx_u64(&x194, &x195, x193, x182, 0x0); fiat_p384_addcarryx_u64(&x196, &x197, x195, x184, 0x0); @@ -2282,8 +2282,8 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_addcarryx_u64(&x232, &x233, x231, x196, x220); fiat_p384_addcarryx_u64(&x234, &x235, x233, x198, x222); fiat_p384_addcarryx_u64(&x236, &x237, x235, x200, x224); - fiat_p384_addcarryx_u64(&x238, &x239, x237, ((uint64_t)x201 + x189), (x225 + x205)); - fiat_p384_addcarryx_u64(&x240, &x241, 0x0, x228, (arg1[5])); + fiat_p384_addcarryx_u64(&x238, &x239, x237, (uint64_t)x201 + x189, x225 + x205); + fiat_p384_addcarryx_u64(&x240, &x241, 0x0, x228, arg1[5]); fiat_p384_addcarryx_u64(&x242, &x243, x241, x230, 0x0); fiat_p384_addcarryx_u64(&x244, &x245, x243, x232, 0x0); fiat_p384_addcarryx_u64(&x246, &x247, x245, x234, 0x0); @@ -2307,7 +2307,7 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_addcarryx_u64(&x282, &x283, x281, x246, x270); fiat_p384_addcarryx_u64(&x284, &x285, x283, x248, x272); fiat_p384_addcarryx_u64(&x286, &x287, x285, x250, x274); - fiat_p384_addcarryx_u64(&x288, &x289, x287, ((uint64_t)x251 + x239), (x275 + x255)); + fiat_p384_addcarryx_u64(&x288, &x289, x287, (uint64_t)x251 + x239, x275 + x255); fiat_p384_subborrowx_u64(&x290, &x291, 0x0, x278, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u64(&x292, &x293, x291, x280, UINT64_C(0xffffffff00000000)); fiat_p384_subborrowx_u64(&x294, &x295, x293, x282, UINT64_C(0xfffffffffffffffe)); @@ -2754,12 +2754,12 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { uint64_t x408; uint64_t x409; uint64_t x410; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[0]; fiat_p384_mulx_u64(&x7, &x8, x6, UINT64_C(0x200000000)); fiat_p384_mulx_u64(&x9, &x10, x6, UINT64_C(0xfffffffe00000000)); fiat_p384_mulx_u64(&x11, &x12, x6, UINT64_C(0x200000000)); @@ -2786,7 +2786,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x53, &x54, x52, x19, x41); fiat_p384_addcarryx_u64(&x55, &x56, x54, x21, x43); fiat_p384_addcarryx_u64(&x57, &x58, x56, x22, x45); - fiat_p384_addcarryx_u64(&x59, &x60, x58, 0x0, (x46 + x26)); + fiat_p384_addcarryx_u64(&x59, &x60, x58, 0x0, x46 + x26); fiat_p384_mulx_u64(&x61, &x62, x1, UINT64_C(0x200000000)); fiat_p384_mulx_u64(&x63, &x64, x1, UINT64_C(0xfffffffe00000000)); fiat_p384_mulx_u64(&x65, &x66, x1, UINT64_C(0x200000000)); @@ -2819,7 +2819,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x119, &x120, x118, x83, x107); fiat_p384_addcarryx_u64(&x121, &x122, x120, x85, x109); fiat_p384_addcarryx_u64(&x123, &x124, x122, x87, x111); - fiat_p384_addcarryx_u64(&x125, &x126, x124, ((uint64_t)x88 + x60), (x112 + x92)); + fiat_p384_addcarryx_u64(&x125, &x126, x124, (uint64_t)x88 + x60, x112 + x92); fiat_p384_mulx_u64(&x127, &x128, x2, UINT64_C(0x200000000)); fiat_p384_mulx_u64(&x129, &x130, x2, UINT64_C(0xfffffffe00000000)); fiat_p384_mulx_u64(&x131, &x132, x2, UINT64_C(0x200000000)); @@ -2852,7 +2852,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x185, &x186, x184, x149, x173); fiat_p384_addcarryx_u64(&x187, &x188, x186, x151, x175); fiat_p384_addcarryx_u64(&x189, &x190, x188, x153, x177); - fiat_p384_addcarryx_u64(&x191, &x192, x190, ((uint64_t)x154 + x126), (x178 + x158)); + fiat_p384_addcarryx_u64(&x191, &x192, x190, (uint64_t)x154 + x126, x178 + x158); fiat_p384_mulx_u64(&x193, &x194, x3, UINT64_C(0x200000000)); fiat_p384_mulx_u64(&x195, &x196, x3, UINT64_C(0xfffffffe00000000)); fiat_p384_mulx_u64(&x197, &x198, x3, UINT64_C(0x200000000)); @@ -2885,7 +2885,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x251, &x252, x250, x215, x239); fiat_p384_addcarryx_u64(&x253, &x254, x252, x217, x241); fiat_p384_addcarryx_u64(&x255, &x256, x254, x219, x243); - fiat_p384_addcarryx_u64(&x257, &x258, x256, ((uint64_t)x220 + x192), (x244 + x224)); + fiat_p384_addcarryx_u64(&x257, &x258, x256, (uint64_t)x220 + x192, x244 + x224); fiat_p384_mulx_u64(&x259, &x260, x4, UINT64_C(0x200000000)); fiat_p384_mulx_u64(&x261, &x262, x4, UINT64_C(0xfffffffe00000000)); fiat_p384_mulx_u64(&x263, &x264, x4, UINT64_C(0x200000000)); @@ -2918,7 +2918,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x317, &x318, x316, x281, x305); fiat_p384_addcarryx_u64(&x319, &x320, x318, x283, x307); fiat_p384_addcarryx_u64(&x321, &x322, x320, x285, x309); - fiat_p384_addcarryx_u64(&x323, &x324, x322, ((uint64_t)x286 + x258), (x310 + x290)); + fiat_p384_addcarryx_u64(&x323, &x324, x322, (uint64_t)x286 + x258, x310 + x290); fiat_p384_mulx_u64(&x325, &x326, x5, UINT64_C(0x200000000)); fiat_p384_mulx_u64(&x327, &x328, x5, UINT64_C(0xfffffffe00000000)); fiat_p384_mulx_u64(&x329, &x330, x5, UINT64_C(0x200000000)); @@ -2951,7 +2951,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { fiat_p384_addcarryx_u64(&x383, &x384, x382, x347, x371); fiat_p384_addcarryx_u64(&x385, &x386, x384, x349, x373); fiat_p384_addcarryx_u64(&x387, &x388, x386, x351, x375); - fiat_p384_addcarryx_u64(&x389, &x390, x388, ((uint64_t)x352 + x324), (x376 + x356)); + fiat_p384_addcarryx_u64(&x389, &x390, x388, (uint64_t)x352 + x324, x376 + x356); fiat_p384_subborrowx_u64(&x391, &x392, 0x0, x379, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u64(&x393, &x394, x392, x381, UINT64_C(0xffffffff00000000)); fiat_p384_subborrowx_u64(&x395, &x396, x394, x383, UINT64_C(0xfffffffffffffffe)); @@ -2988,7 +2988,7 @@ static void fiat_p384_to_montgomery(uint64_t out1[6], const uint64_t arg1[6]) { */ static void fiat_p384_nonzero(uint64_t* out1, const uint64_t arg1[6]) { uint64_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5])))))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | (arg1[3] | (arg1[4] | arg1[5])))); *out1 = x1; } @@ -3012,12 +3012,12 @@ static void fiat_p384_selectznz(uint64_t out1[6], fiat_p384_uint1 arg1, const ui uint64_t x4; uint64_t x5; uint64_t x6; - fiat_p384_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p384_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p384_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p384_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p384_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p384_cmovznz_u64(&x6, arg1, (arg2[5]), (arg3[5])); + fiat_p384_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_p384_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_p384_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_p384_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); + fiat_p384_cmovznz_u64(&x5, arg1, arg2[4], arg3[4]); + fiat_p384_cmovznz_u64(&x6, arg1, arg2[5], arg3[5]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -3130,94 +3130,94 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { uint64_t x88; uint8_t x89; uint8_t x90; - x1 = (arg1[5]); - x2 = (arg1[4]); - x3 = (arg1[3]); - x4 = (arg1[2]); - x5 = (arg1[1]); - x6 = (arg1[0]); + x1 = arg1[5]; + x2 = arg1[4]; + x3 = arg1[3]; + x4 = arg1[2]; + x5 = arg1[1]; + x6 = arg1[0]; x7 = (uint8_t)(x6 & UINT8_C(0xff)); - x8 = (x6 >> 8); + x8 = x6 >> 8; x9 = (uint8_t)(x8 & UINT8_C(0xff)); - x10 = (x8 >> 8); + x10 = x8 >> 8; x11 = (uint8_t)(x10 & UINT8_C(0xff)); - x12 = (x10 >> 8); + x12 = x10 >> 8; x13 = (uint8_t)(x12 & UINT8_C(0xff)); - x14 = (x12 >> 8); + x14 = x12 >> 8; x15 = (uint8_t)(x14 & UINT8_C(0xff)); - x16 = (x14 >> 8); + x16 = x14 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); - x18 = (x16 >> 8); + x18 = x16 >> 8; x19 = (uint8_t)(x18 & UINT8_C(0xff)); x20 = (uint8_t)(x18 >> 8); x21 = (uint8_t)(x5 & UINT8_C(0xff)); - x22 = (x5 >> 8); + x22 = x5 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); - x24 = (x22 >> 8); + x24 = x22 >> 8; x25 = (uint8_t)(x24 & UINT8_C(0xff)); - x26 = (x24 >> 8); + x26 = x24 >> 8; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); - x32 = (x30 >> 8); + x32 = x30 >> 8; x33 = (uint8_t)(x32 & UINT8_C(0xff)); x34 = (uint8_t)(x32 >> 8); x35 = (uint8_t)(x4 & UINT8_C(0xff)); - x36 = (x4 >> 8); + x36 = x4 >> 8; x37 = (uint8_t)(x36 & UINT8_C(0xff)); - x38 = (x36 >> 8); + x38 = x36 >> 8; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); - x44 = (x42 >> 8); + x44 = x42 >> 8; x45 = (uint8_t)(x44 & UINT8_C(0xff)); - x46 = (x44 >> 8); + x46 = x44 >> 8; x47 = (uint8_t)(x46 & UINT8_C(0xff)); x48 = (uint8_t)(x46 >> 8); x49 = (uint8_t)(x3 & UINT8_C(0xff)); - x50 = (x3 >> 8); + x50 = x3 >> 8; x51 = (uint8_t)(x50 & UINT8_C(0xff)); - x52 = (x50 >> 8); + x52 = x50 >> 8; x53 = (uint8_t)(x52 & UINT8_C(0xff)); - x54 = (x52 >> 8); + x54 = x52 >> 8; x55 = (uint8_t)(x54 & UINT8_C(0xff)); - x56 = (x54 >> 8); + x56 = x54 >> 8; x57 = (uint8_t)(x56 & UINT8_C(0xff)); - x58 = (x56 >> 8); + x58 = x56 >> 8; x59 = (uint8_t)(x58 & UINT8_C(0xff)); - x60 = (x58 >> 8); + x60 = x58 >> 8; x61 = (uint8_t)(x60 & UINT8_C(0xff)); x62 = (uint8_t)(x60 >> 8); x63 = (uint8_t)(x2 & UINT8_C(0xff)); - x64 = (x2 >> 8); + x64 = x2 >> 8; x65 = (uint8_t)(x64 & UINT8_C(0xff)); - x66 = (x64 >> 8); + x66 = x64 >> 8; x67 = (uint8_t)(x66 & UINT8_C(0xff)); - x68 = (x66 >> 8); + x68 = x66 >> 8; x69 = (uint8_t)(x68 & UINT8_C(0xff)); - x70 = (x68 >> 8); + x70 = x68 >> 8; x71 = (uint8_t)(x70 & UINT8_C(0xff)); - x72 = (x70 >> 8); + x72 = x70 >> 8; x73 = (uint8_t)(x72 & UINT8_C(0xff)); - x74 = (x72 >> 8); + x74 = x72 >> 8; x75 = (uint8_t)(x74 & UINT8_C(0xff)); x76 = (uint8_t)(x74 >> 8); x77 = (uint8_t)(x1 & UINT8_C(0xff)); - x78 = (x1 >> 8); + x78 = x1 >> 8; x79 = (uint8_t)(x78 & UINT8_C(0xff)); - x80 = (x78 >> 8); + x80 = x78 >> 8; x81 = (uint8_t)(x80 & UINT8_C(0xff)); - x82 = (x80 >> 8); + x82 = x80 >> 8; x83 = (uint8_t)(x82 & UINT8_C(0xff)); - x84 = (x82 >> 8); + x84 = x82 >> 8; x85 = (uint8_t)(x84 & UINT8_C(0xff)); - x86 = (x84 >> 8); + x86 = x84 >> 8; x87 = (uint8_t)(x86 & UINT8_C(0xff)); - x88 = (x86 >> 8); + x88 = x86 >> 8; x89 = (uint8_t)(x88 & UINT8_C(0xff)); x90 = (uint8_t)(x88 >> 8); out1[0] = x7; @@ -3375,96 +3375,96 @@ static void fiat_p384_from_bytes(uint64_t out1[6], const uint8_t arg1[48]) { uint64_t x88; uint64_t x89; uint64_t x90; - x1 = ((uint64_t)(arg1[47]) << 56); - x2 = ((uint64_t)(arg1[46]) << 48); - x3 = ((uint64_t)(arg1[45]) << 40); - x4 = ((uint64_t)(arg1[44]) << 32); - x5 = ((uint64_t)(arg1[43]) << 24); - x6 = ((uint64_t)(arg1[42]) << 16); - x7 = ((uint64_t)(arg1[41]) << 8); - x8 = (arg1[40]); - x9 = ((uint64_t)(arg1[39]) << 56); - x10 = ((uint64_t)(arg1[38]) << 48); - x11 = ((uint64_t)(arg1[37]) << 40); - x12 = ((uint64_t)(arg1[36]) << 32); - x13 = ((uint64_t)(arg1[35]) << 24); - x14 = ((uint64_t)(arg1[34]) << 16); - x15 = ((uint64_t)(arg1[33]) << 8); - x16 = (arg1[32]); - x17 = ((uint64_t)(arg1[31]) << 56); - x18 = ((uint64_t)(arg1[30]) << 48); - x19 = ((uint64_t)(arg1[29]) << 40); - x20 = ((uint64_t)(arg1[28]) << 32); - x21 = ((uint64_t)(arg1[27]) << 24); - x22 = ((uint64_t)(arg1[26]) << 16); - x23 = ((uint64_t)(arg1[25]) << 8); - x24 = (arg1[24]); - x25 = ((uint64_t)(arg1[23]) << 56); - x26 = ((uint64_t)(arg1[22]) << 48); - x27 = ((uint64_t)(arg1[21]) << 40); - x28 = ((uint64_t)(arg1[20]) << 32); - x29 = ((uint64_t)(arg1[19]) << 24); - x30 = ((uint64_t)(arg1[18]) << 16); - x31 = ((uint64_t)(arg1[17]) << 8); - x32 = (arg1[16]); - x33 = ((uint64_t)(arg1[15]) << 56); - x34 = ((uint64_t)(arg1[14]) << 48); - x35 = ((uint64_t)(arg1[13]) << 40); - x36 = ((uint64_t)(arg1[12]) << 32); - x37 = ((uint64_t)(arg1[11]) << 24); - x38 = ((uint64_t)(arg1[10]) << 16); - x39 = ((uint64_t)(arg1[9]) << 8); - x40 = (arg1[8]); - x41 = ((uint64_t)(arg1[7]) << 56); - x42 = ((uint64_t)(arg1[6]) << 48); - x43 = ((uint64_t)(arg1[5]) << 40); - x44 = ((uint64_t)(arg1[4]) << 32); - x45 = ((uint64_t)(arg1[3]) << 24); - x46 = ((uint64_t)(arg1[2]) << 16); - x47 = ((uint64_t)(arg1[1]) << 8); - x48 = (arg1[0]); - x49 = (x47 + (uint64_t)x48); - x50 = (x46 + x49); - x51 = (x45 + x50); - x52 = (x44 + x51); - x53 = (x43 + x52); - x54 = (x42 + x53); - x55 = (x41 + x54); - x56 = (x39 + (uint64_t)x40); - x57 = (x38 + x56); - x58 = (x37 + x57); - x59 = (x36 + x58); - x60 = (x35 + x59); - x61 = (x34 + x60); - x62 = (x33 + x61); - x63 = (x31 + (uint64_t)x32); - x64 = (x30 + x63); - x65 = (x29 + x64); - x66 = (x28 + x65); - x67 = (x27 + x66); - x68 = (x26 + x67); - x69 = (x25 + x68); - x70 = (x23 + (uint64_t)x24); - x71 = (x22 + x70); - x72 = (x21 + x71); - x73 = (x20 + x72); - x74 = (x19 + x73); - x75 = (x18 + x74); - x76 = (x17 + x75); - x77 = (x15 + (uint64_t)x16); - x78 = (x14 + x77); - x79 = (x13 + x78); - x80 = (x12 + x79); - x81 = (x11 + x80); - x82 = (x10 + x81); - x83 = (x9 + x82); - x84 = (x7 + (uint64_t)x8); - x85 = (x6 + x84); - x86 = (x5 + x85); - x87 = (x4 + x86); - x88 = (x3 + x87); - x89 = (x2 + x88); - x90 = (x1 + x89); + x1 = (uint64_t)arg1[47] << 56; + x2 = (uint64_t)arg1[46] << 48; + x3 = (uint64_t)arg1[45] << 40; + x4 = (uint64_t)arg1[44] << 32; + x5 = (uint64_t)arg1[43] << 24; + x6 = (uint64_t)arg1[42] << 16; + x7 = (uint64_t)arg1[41] << 8; + x8 = arg1[40]; + x9 = (uint64_t)arg1[39] << 56; + x10 = (uint64_t)arg1[38] << 48; + x11 = (uint64_t)arg1[37] << 40; + x12 = (uint64_t)arg1[36] << 32; + x13 = (uint64_t)arg1[35] << 24; + x14 = (uint64_t)arg1[34] << 16; + x15 = (uint64_t)arg1[33] << 8; + x16 = arg1[32]; + x17 = (uint64_t)arg1[31] << 56; + x18 = (uint64_t)arg1[30] << 48; + x19 = (uint64_t)arg1[29] << 40; + x20 = (uint64_t)arg1[28] << 32; + x21 = (uint64_t)arg1[27] << 24; + x22 = (uint64_t)arg1[26] << 16; + x23 = (uint64_t)arg1[25] << 8; + x24 = arg1[24]; + x25 = (uint64_t)arg1[23] << 56; + x26 = (uint64_t)arg1[22] << 48; + x27 = (uint64_t)arg1[21] << 40; + x28 = (uint64_t)arg1[20] << 32; + x29 = (uint64_t)arg1[19] << 24; + x30 = (uint64_t)arg1[18] << 16; + x31 = (uint64_t)arg1[17] << 8; + x32 = arg1[16]; + x33 = (uint64_t)arg1[15] << 56; + x34 = (uint64_t)arg1[14] << 48; + x35 = (uint64_t)arg1[13] << 40; + x36 = (uint64_t)arg1[12] << 32; + x37 = (uint64_t)arg1[11] << 24; + x38 = (uint64_t)arg1[10] << 16; + x39 = (uint64_t)arg1[9] << 8; + x40 = arg1[8]; + x41 = (uint64_t)arg1[7] << 56; + x42 = (uint64_t)arg1[6] << 48; + x43 = (uint64_t)arg1[5] << 40; + x44 = (uint64_t)arg1[4] << 32; + x45 = (uint64_t)arg1[3] << 24; + x46 = (uint64_t)arg1[2] << 16; + x47 = (uint64_t)arg1[1] << 8; + x48 = arg1[0]; + x49 = x47 + (uint64_t)x48; + x50 = x46 + x49; + x51 = x45 + x50; + x52 = x44 + x51; + x53 = x43 + x52; + x54 = x42 + x53; + x55 = x41 + x54; + x56 = x39 + (uint64_t)x40; + x57 = x38 + x56; + x58 = x37 + x57; + x59 = x36 + x58; + x60 = x35 + x59; + x61 = x34 + x60; + x62 = x33 + x61; + x63 = x31 + (uint64_t)x32; + x64 = x30 + x63; + x65 = x29 + x64; + x66 = x28 + x65; + x67 = x27 + x66; + x68 = x26 + x67; + x69 = x25 + x68; + x70 = x23 + (uint64_t)x24; + x71 = x22 + x70; + x72 = x21 + x71; + x73 = x20 + x72; + x74 = x19 + x73; + x75 = x18 + x74; + x76 = x17 + x75; + x77 = x15 + (uint64_t)x16; + x78 = x14 + x77; + x79 = x13 + x78; + x80 = x12 + x79; + x81 = x11 + x80; + x82 = x10 + x81; + x83 = x9 + x82; + x84 = x7 + (uint64_t)x8; + x85 = x6 + x84; + x86 = x5 + x85; + x87 = x4 + x86; + x88 = x3 + x87; + x89 = x2 + x88; + x90 = x1 + x89; out1[0] = x55; out1[1] = x62; out1[2] = x69; @@ -3723,37 +3723,37 @@ static void fiat_p384_divstep(uint64_t* out1, uint64_t out2[7], uint64_t out3[7] uint64_t x176; uint64_t x177; uint64_t x178; - fiat_p384_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p384_uint1)((fiat_p384_uint1)(x1 >> 63) & (fiat_p384_uint1)((arg3[0]) & 0x1)); - fiat_p384_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p384_addcarryx_u64(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p384_uint1)((fiat_p384_uint1)(x1 >> 63) & (fiat_p384_uint1)(arg3[0] & 0x1)); + fiat_p384_addcarryx_u64(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p384_cmovznz_u64(&x6, x3, arg1, x4); - fiat_p384_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p384_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p384_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p384_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p384_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p384_cmovznz_u64(&x12, x3, (arg2[5]), (arg3[5])); - fiat_p384_cmovznz_u64(&x13, x3, (arg2[6]), (arg3[6])); - fiat_p384_addcarryx_u64(&x14, &x15, 0x0, 0x1, (~(arg2[0]))); - fiat_p384_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[1]))); - fiat_p384_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[2]))); - fiat_p384_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[3]))); - fiat_p384_addcarryx_u64(&x22, &x23, x21, 0x0, (~(arg2[4]))); - fiat_p384_addcarryx_u64(&x24, &x25, x23, 0x0, (~(arg2[5]))); - fiat_p384_addcarryx_u64(&x26, &x27, x25, 0x0, (~(arg2[6]))); - fiat_p384_cmovznz_u64(&x28, x3, (arg3[0]), x14); - fiat_p384_cmovznz_u64(&x29, x3, (arg3[1]), x16); - fiat_p384_cmovznz_u64(&x30, x3, (arg3[2]), x18); - fiat_p384_cmovznz_u64(&x31, x3, (arg3[3]), x20); - fiat_p384_cmovznz_u64(&x32, x3, (arg3[4]), x22); - fiat_p384_cmovznz_u64(&x33, x3, (arg3[5]), x24); - fiat_p384_cmovznz_u64(&x34, x3, (arg3[6]), x26); - fiat_p384_cmovznz_u64(&x35, x3, (arg4[0]), (arg5[0])); - fiat_p384_cmovznz_u64(&x36, x3, (arg4[1]), (arg5[1])); - fiat_p384_cmovznz_u64(&x37, x3, (arg4[2]), (arg5[2])); - fiat_p384_cmovznz_u64(&x38, x3, (arg4[3]), (arg5[3])); - fiat_p384_cmovznz_u64(&x39, x3, (arg4[4]), (arg5[4])); - fiat_p384_cmovznz_u64(&x40, x3, (arg4[5]), (arg5[5])); + fiat_p384_cmovznz_u64(&x7, x3, arg2[0], arg3[0]); + fiat_p384_cmovznz_u64(&x8, x3, arg2[1], arg3[1]); + fiat_p384_cmovznz_u64(&x9, x3, arg2[2], arg3[2]); + fiat_p384_cmovznz_u64(&x10, x3, arg2[3], arg3[3]); + fiat_p384_cmovznz_u64(&x11, x3, arg2[4], arg3[4]); + fiat_p384_cmovznz_u64(&x12, x3, arg2[5], arg3[5]); + fiat_p384_cmovznz_u64(&x13, x3, arg2[6], arg3[6]); + fiat_p384_addcarryx_u64(&x14, &x15, 0x0, 0x1, ~arg2[0]); + fiat_p384_addcarryx_u64(&x16, &x17, x15, 0x0, ~arg2[1]); + fiat_p384_addcarryx_u64(&x18, &x19, x17, 0x0, ~arg2[2]); + fiat_p384_addcarryx_u64(&x20, &x21, x19, 0x0, ~arg2[3]); + fiat_p384_addcarryx_u64(&x22, &x23, x21, 0x0, ~arg2[4]); + fiat_p384_addcarryx_u64(&x24, &x25, x23, 0x0, ~arg2[5]); + fiat_p384_addcarryx_u64(&x26, &x27, x25, 0x0, ~arg2[6]); + fiat_p384_cmovznz_u64(&x28, x3, arg3[0], x14); + fiat_p384_cmovznz_u64(&x29, x3, arg3[1], x16); + fiat_p384_cmovznz_u64(&x30, x3, arg3[2], x18); + fiat_p384_cmovznz_u64(&x31, x3, arg3[3], x20); + fiat_p384_cmovznz_u64(&x32, x3, arg3[4], x22); + fiat_p384_cmovznz_u64(&x33, x3, arg3[5], x24); + fiat_p384_cmovznz_u64(&x34, x3, arg3[6], x26); + fiat_p384_cmovznz_u64(&x35, x3, arg4[0], arg5[0]); + fiat_p384_cmovznz_u64(&x36, x3, arg4[1], arg5[1]); + fiat_p384_cmovznz_u64(&x37, x3, arg4[2], arg5[2]); + fiat_p384_cmovznz_u64(&x38, x3, arg4[3], arg5[3]); + fiat_p384_cmovznz_u64(&x39, x3, arg4[4], arg5[4]); + fiat_p384_cmovznz_u64(&x40, x3, arg4[5], arg5[5]); fiat_p384_addcarryx_u64(&x41, &x42, 0x0, x35, x35); fiat_p384_addcarryx_u64(&x43, &x44, x42, x36, x36); fiat_p384_addcarryx_u64(&x45, &x46, x44, x37, x37); @@ -3767,12 +3767,12 @@ static void fiat_p384_divstep(uint64_t* out1, uint64_t out2[7], uint64_t out3[7] fiat_p384_subborrowx_u64(&x61, &x62, x60, x49, UINT64_C(0xffffffffffffffff)); fiat_p384_subborrowx_u64(&x63, &x64, x62, x51, UINT64_C(0xffffffffffffffff)); fiat_p384_subborrowx_u64(&x65, &x66, x64, x52, 0x0); - x67 = (arg4[5]); - x68 = (arg4[4]); - x69 = (arg4[3]); - x70 = (arg4[2]); - x71 = (arg4[1]); - x72 = (arg4[0]); + x67 = arg4[5]; + x68 = arg4[4]; + x69 = arg4[3]; + x70 = arg4[2]; + x71 = arg4[1]; + x72 = arg4[0]; fiat_p384_subborrowx_u64(&x73, &x74, 0x0, 0x0, x72); fiat_p384_subborrowx_u64(&x75, &x76, x74, 0x0, x71); fiat_p384_subborrowx_u64(&x77, &x78, x76, 0x0, x70); @@ -3780,18 +3780,18 @@ static void fiat_p384_divstep(uint64_t* out1, uint64_t out2[7], uint64_t out3[7] fiat_p384_subborrowx_u64(&x81, &x82, x80, 0x0, x68); fiat_p384_subborrowx_u64(&x83, &x84, x82, 0x0, x67); fiat_p384_cmovznz_u64(&x85, x84, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_p384_addcarryx_u64(&x86, &x87, 0x0, x73, (x85 & UINT32_C(0xffffffff))); - fiat_p384_addcarryx_u64(&x88, &x89, x87, x75, (x85 & UINT64_C(0xffffffff00000000))); - fiat_p384_addcarryx_u64(&x90, &x91, x89, x77, (x85 & UINT64_C(0xfffffffffffffffe))); + fiat_p384_addcarryx_u64(&x86, &x87, 0x0, x73, x85 & UINT32_C(0xffffffff)); + fiat_p384_addcarryx_u64(&x88, &x89, x87, x75, x85 & UINT64_C(0xffffffff00000000)); + fiat_p384_addcarryx_u64(&x90, &x91, x89, x77, x85 & UINT64_C(0xfffffffffffffffe)); fiat_p384_addcarryx_u64(&x92, &x93, x91, x79, x85); fiat_p384_addcarryx_u64(&x94, &x95, x93, x81, x85); fiat_p384_addcarryx_u64(&x96, &x97, x95, x83, x85); - fiat_p384_cmovznz_u64(&x98, x3, (arg5[0]), x86); - fiat_p384_cmovznz_u64(&x99, x3, (arg5[1]), x88); - fiat_p384_cmovznz_u64(&x100, x3, (arg5[2]), x90); - fiat_p384_cmovznz_u64(&x101, x3, (arg5[3]), x92); - fiat_p384_cmovznz_u64(&x102, x3, (arg5[4]), x94); - fiat_p384_cmovznz_u64(&x103, x3, (arg5[5]), x96); + fiat_p384_cmovznz_u64(&x98, x3, arg5[0], x86); + fiat_p384_cmovznz_u64(&x99, x3, arg5[1], x88); + fiat_p384_cmovznz_u64(&x100, x3, arg5[2], x90); + fiat_p384_cmovznz_u64(&x101, x3, arg5[3], x92); + fiat_p384_cmovznz_u64(&x102, x3, arg5[4], x94); + fiat_p384_cmovznz_u64(&x103, x3, arg5[5], x96); x104 = (fiat_p384_uint1)(x28 & 0x1); fiat_p384_cmovznz_u64(&x105, x104, 0x0, x7); fiat_p384_cmovznz_u64(&x106, x104, 0x0, x8); @@ -3827,13 +3827,13 @@ static void fiat_p384_divstep(uint64_t* out1, uint64_t out2[7], uint64_t out3[7] fiat_p384_subborrowx_u64(&x154, &x155, x153, x142, UINT64_C(0xffffffffffffffff)); fiat_p384_subborrowx_u64(&x156, &x157, x155, x143, 0x0); fiat_p384_addcarryx_u64(&x158, &x159, 0x0, x6, 0x1); - x160 = ((x112 >> 1) | ((x114 << 63) & UINT64_C(0xffffffffffffffff))); - x161 = ((x114 >> 1) | ((x116 << 63) & UINT64_C(0xffffffffffffffff))); - x162 = ((x116 >> 1) | ((x118 << 63) & UINT64_C(0xffffffffffffffff))); - x163 = ((x118 >> 1) | ((x120 << 63) & UINT64_C(0xffffffffffffffff))); - x164 = ((x120 >> 1) | ((x122 << 63) & UINT64_C(0xffffffffffffffff))); - x165 = ((x122 >> 1) | ((x124 << 63) & UINT64_C(0xffffffffffffffff))); - x166 = ((x124 & UINT64_C(0x8000000000000000)) | (x124 >> 1)); + x160 = x112 >> 1 | x114 << 63 & UINT64_C(0xffffffffffffffff); + x161 = x114 >> 1 | x116 << 63 & UINT64_C(0xffffffffffffffff); + x162 = x116 >> 1 | x118 << 63 & UINT64_C(0xffffffffffffffff); + x163 = x118 >> 1 | x120 << 63 & UINT64_C(0xffffffffffffffff); + x164 = x120 >> 1 | x122 << 63 & UINT64_C(0xffffffffffffffff); + x165 = x122 >> 1 | x124 << 63 & UINT64_C(0xffffffffffffffff); + x166 = x124 & UINT64_C(0x8000000000000000) | x124 >> 1; fiat_p384_cmovznz_u64(&x167, x66, x53, x41); fiat_p384_cmovznz_u64(&x168, x66, x55, x43); fiat_p384_cmovznz_u64(&x169, x66, x57, x45); diff --git a/fiat-c/src/p434_64.c b/fiat-c/src/p434_64.c index 08de27a453..ff98d87862 100644 --- a/fiat-c/src/p434_64.c +++ b/fiat-c/src/p434_64.c @@ -62,7 +62,7 @@ static void fiat_p434_addcarryx_u64(uint64_t* out1, fiat_p434_uint1* out2, fiat_ fiat_p434_uint128 x1; uint64_t x2; fiat_p434_uint1 x3; - x1 = ((arg1 + (fiat_p434_uint128)arg2) + arg3); + x1 = arg1 + (fiat_p434_uint128)arg2 + arg3; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (fiat_p434_uint1)(x1 >> 64); *out1 = x2; @@ -88,7 +88,7 @@ static void fiat_p434_subborrowx_u64(uint64_t* out1, fiat_p434_uint1* out2, fiat fiat_p434_int128 x1; fiat_p434_int1 x2; uint64_t x3; - x1 = ((arg2 - (fiat_p434_int128)arg1) - arg3); + x1 = arg2 - (fiat_p434_int128)arg1 - arg3; x2 = (fiat_p434_int1)(x1 >> 64); x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); *out1 = x3; @@ -113,7 +113,7 @@ static void fiat_p434_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, ui fiat_p434_uint128 x1; uint64_t x2; uint64_t x3; - x1 = ((fiat_p434_uint128)arg1 * arg2); + x1 = (fiat_p434_uint128)arg1 * arg2; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (uint64_t)(x1 >> 64); *out1 = x2; @@ -137,9 +137,9 @@ static void fiat_p434_cmovznz_u64(uint64_t* out1, fiat_p434_uint1 arg1, uint64_t fiat_p434_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p434_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_p434_value_barrier_u64(x2) & arg3) | (fiat_p434_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p434_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_p434_value_barrier_u64(x2) & arg3 | fiat_p434_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -782,27 +782,27 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 uint64_t x620; uint64_t x621; uint64_t x622; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[0]); - fiat_p434_mulx_u64(&x8, &x9, x7, (arg2[6])); - fiat_p434_mulx_u64(&x10, &x11, x7, (arg2[5])); - fiat_p434_mulx_u64(&x12, &x13, x7, (arg2[4])); - fiat_p434_mulx_u64(&x14, &x15, x7, (arg2[3])); - fiat_p434_mulx_u64(&x16, &x17, x7, (arg2[2])); - fiat_p434_mulx_u64(&x18, &x19, x7, (arg2[1])); - fiat_p434_mulx_u64(&x20, &x21, x7, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[0]; + fiat_p434_mulx_u64(&x8, &x9, x7, arg2[6]); + fiat_p434_mulx_u64(&x10, &x11, x7, arg2[5]); + fiat_p434_mulx_u64(&x12, &x13, x7, arg2[4]); + fiat_p434_mulx_u64(&x14, &x15, x7, arg2[3]); + fiat_p434_mulx_u64(&x16, &x17, x7, arg2[2]); + fiat_p434_mulx_u64(&x18, &x19, x7, arg2[1]); + fiat_p434_mulx_u64(&x20, &x21, x7, arg2[0]); fiat_p434_addcarryx_u64(&x22, &x23, 0x0, x21, x18); fiat_p434_addcarryx_u64(&x24, &x25, x23, x19, x16); fiat_p434_addcarryx_u64(&x26, &x27, x25, x17, x14); fiat_p434_addcarryx_u64(&x28, &x29, x27, x15, x12); fiat_p434_addcarryx_u64(&x30, &x31, x29, x13, x10); fiat_p434_addcarryx_u64(&x32, &x33, x31, x11, x8); - x34 = (x33 + x9); + x34 = x33 + x9; fiat_p434_mulx_u64(&x35, &x36, x20, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x37, &x38, x20, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x39, &x40, x20, UINT64_C(0x7bc65c783158aea3)); @@ -816,7 +816,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x55, &x56, x54, x42, x39); fiat_p434_addcarryx_u64(&x57, &x58, x56, x40, x37); fiat_p434_addcarryx_u64(&x59, &x60, x58, x38, x35); - x61 = (x60 + x36); + x61 = x60 + x36; fiat_p434_addcarryx_u64(&x62, &x63, 0x0, x20, x47); fiat_p434_addcarryx_u64(&x64, &x65, x63, x22, x49); fiat_p434_addcarryx_u64(&x66, &x67, x65, x24, x51); @@ -825,20 +825,20 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x72, &x73, x71, x30, x57); fiat_p434_addcarryx_u64(&x74, &x75, x73, x32, x59); fiat_p434_addcarryx_u64(&x76, &x77, x75, x34, x61); - fiat_p434_mulx_u64(&x78, &x79, x1, (arg2[6])); - fiat_p434_mulx_u64(&x80, &x81, x1, (arg2[5])); - fiat_p434_mulx_u64(&x82, &x83, x1, (arg2[4])); - fiat_p434_mulx_u64(&x84, &x85, x1, (arg2[3])); - fiat_p434_mulx_u64(&x86, &x87, x1, (arg2[2])); - fiat_p434_mulx_u64(&x88, &x89, x1, (arg2[1])); - fiat_p434_mulx_u64(&x90, &x91, x1, (arg2[0])); + fiat_p434_mulx_u64(&x78, &x79, x1, arg2[6]); + fiat_p434_mulx_u64(&x80, &x81, x1, arg2[5]); + fiat_p434_mulx_u64(&x82, &x83, x1, arg2[4]); + fiat_p434_mulx_u64(&x84, &x85, x1, arg2[3]); + fiat_p434_mulx_u64(&x86, &x87, x1, arg2[2]); + fiat_p434_mulx_u64(&x88, &x89, x1, arg2[1]); + fiat_p434_mulx_u64(&x90, &x91, x1, arg2[0]); fiat_p434_addcarryx_u64(&x92, &x93, 0x0, x91, x88); fiat_p434_addcarryx_u64(&x94, &x95, x93, x89, x86); fiat_p434_addcarryx_u64(&x96, &x97, x95, x87, x84); fiat_p434_addcarryx_u64(&x98, &x99, x97, x85, x82); fiat_p434_addcarryx_u64(&x100, &x101, x99, x83, x80); fiat_p434_addcarryx_u64(&x102, &x103, x101, x81, x78); - x104 = (x103 + x79); + x104 = x103 + x79; fiat_p434_addcarryx_u64(&x105, &x106, 0x0, x64, x90); fiat_p434_addcarryx_u64(&x107, &x108, x106, x66, x92); fiat_p434_addcarryx_u64(&x109, &x110, x108, x68, x94); @@ -860,7 +860,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x141, &x142, x140, x128, x125); fiat_p434_addcarryx_u64(&x143, &x144, x142, x126, x123); fiat_p434_addcarryx_u64(&x145, &x146, x144, x124, x121); - x147 = (x146 + x122); + x147 = x146 + x122; fiat_p434_addcarryx_u64(&x148, &x149, 0x0, x105, x133); fiat_p434_addcarryx_u64(&x150, &x151, x149, x107, x135); fiat_p434_addcarryx_u64(&x152, &x153, x151, x109, x137); @@ -869,21 +869,21 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x158, &x159, x157, x115, x143); fiat_p434_addcarryx_u64(&x160, &x161, x159, x117, x145); fiat_p434_addcarryx_u64(&x162, &x163, x161, x119, x147); - x164 = ((uint64_t)x163 + x120); - fiat_p434_mulx_u64(&x165, &x166, x2, (arg2[6])); - fiat_p434_mulx_u64(&x167, &x168, x2, (arg2[5])); - fiat_p434_mulx_u64(&x169, &x170, x2, (arg2[4])); - fiat_p434_mulx_u64(&x171, &x172, x2, (arg2[3])); - fiat_p434_mulx_u64(&x173, &x174, x2, (arg2[2])); - fiat_p434_mulx_u64(&x175, &x176, x2, (arg2[1])); - fiat_p434_mulx_u64(&x177, &x178, x2, (arg2[0])); + x164 = (uint64_t)x163 + x120; + fiat_p434_mulx_u64(&x165, &x166, x2, arg2[6]); + fiat_p434_mulx_u64(&x167, &x168, x2, arg2[5]); + fiat_p434_mulx_u64(&x169, &x170, x2, arg2[4]); + fiat_p434_mulx_u64(&x171, &x172, x2, arg2[3]); + fiat_p434_mulx_u64(&x173, &x174, x2, arg2[2]); + fiat_p434_mulx_u64(&x175, &x176, x2, arg2[1]); + fiat_p434_mulx_u64(&x177, &x178, x2, arg2[0]); fiat_p434_addcarryx_u64(&x179, &x180, 0x0, x178, x175); fiat_p434_addcarryx_u64(&x181, &x182, x180, x176, x173); fiat_p434_addcarryx_u64(&x183, &x184, x182, x174, x171); fiat_p434_addcarryx_u64(&x185, &x186, x184, x172, x169); fiat_p434_addcarryx_u64(&x187, &x188, x186, x170, x167); fiat_p434_addcarryx_u64(&x189, &x190, x188, x168, x165); - x191 = (x190 + x166); + x191 = x190 + x166; fiat_p434_addcarryx_u64(&x192, &x193, 0x0, x150, x177); fiat_p434_addcarryx_u64(&x194, &x195, x193, x152, x179); fiat_p434_addcarryx_u64(&x196, &x197, x195, x154, x181); @@ -905,7 +905,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x228, &x229, x227, x215, x212); fiat_p434_addcarryx_u64(&x230, &x231, x229, x213, x210); fiat_p434_addcarryx_u64(&x232, &x233, x231, x211, x208); - x234 = (x233 + x209); + x234 = x233 + x209; fiat_p434_addcarryx_u64(&x235, &x236, 0x0, x192, x220); fiat_p434_addcarryx_u64(&x237, &x238, x236, x194, x222); fiat_p434_addcarryx_u64(&x239, &x240, x238, x196, x224); @@ -914,21 +914,21 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x245, &x246, x244, x202, x230); fiat_p434_addcarryx_u64(&x247, &x248, x246, x204, x232); fiat_p434_addcarryx_u64(&x249, &x250, x248, x206, x234); - x251 = ((uint64_t)x250 + x207); - fiat_p434_mulx_u64(&x252, &x253, x3, (arg2[6])); - fiat_p434_mulx_u64(&x254, &x255, x3, (arg2[5])); - fiat_p434_mulx_u64(&x256, &x257, x3, (arg2[4])); - fiat_p434_mulx_u64(&x258, &x259, x3, (arg2[3])); - fiat_p434_mulx_u64(&x260, &x261, x3, (arg2[2])); - fiat_p434_mulx_u64(&x262, &x263, x3, (arg2[1])); - fiat_p434_mulx_u64(&x264, &x265, x3, (arg2[0])); + x251 = (uint64_t)x250 + x207; + fiat_p434_mulx_u64(&x252, &x253, x3, arg2[6]); + fiat_p434_mulx_u64(&x254, &x255, x3, arg2[5]); + fiat_p434_mulx_u64(&x256, &x257, x3, arg2[4]); + fiat_p434_mulx_u64(&x258, &x259, x3, arg2[3]); + fiat_p434_mulx_u64(&x260, &x261, x3, arg2[2]); + fiat_p434_mulx_u64(&x262, &x263, x3, arg2[1]); + fiat_p434_mulx_u64(&x264, &x265, x3, arg2[0]); fiat_p434_addcarryx_u64(&x266, &x267, 0x0, x265, x262); fiat_p434_addcarryx_u64(&x268, &x269, x267, x263, x260); fiat_p434_addcarryx_u64(&x270, &x271, x269, x261, x258); fiat_p434_addcarryx_u64(&x272, &x273, x271, x259, x256); fiat_p434_addcarryx_u64(&x274, &x275, x273, x257, x254); fiat_p434_addcarryx_u64(&x276, &x277, x275, x255, x252); - x278 = (x277 + x253); + x278 = x277 + x253; fiat_p434_addcarryx_u64(&x279, &x280, 0x0, x237, x264); fiat_p434_addcarryx_u64(&x281, &x282, x280, x239, x266); fiat_p434_addcarryx_u64(&x283, &x284, x282, x241, x268); @@ -950,7 +950,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x315, &x316, x314, x302, x299); fiat_p434_addcarryx_u64(&x317, &x318, x316, x300, x297); fiat_p434_addcarryx_u64(&x319, &x320, x318, x298, x295); - x321 = (x320 + x296); + x321 = x320 + x296; fiat_p434_addcarryx_u64(&x322, &x323, 0x0, x279, x307); fiat_p434_addcarryx_u64(&x324, &x325, x323, x281, x309); fiat_p434_addcarryx_u64(&x326, &x327, x325, x283, x311); @@ -959,21 +959,21 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x332, &x333, x331, x289, x317); fiat_p434_addcarryx_u64(&x334, &x335, x333, x291, x319); fiat_p434_addcarryx_u64(&x336, &x337, x335, x293, x321); - x338 = ((uint64_t)x337 + x294); - fiat_p434_mulx_u64(&x339, &x340, x4, (arg2[6])); - fiat_p434_mulx_u64(&x341, &x342, x4, (arg2[5])); - fiat_p434_mulx_u64(&x343, &x344, x4, (arg2[4])); - fiat_p434_mulx_u64(&x345, &x346, x4, (arg2[3])); - fiat_p434_mulx_u64(&x347, &x348, x4, (arg2[2])); - fiat_p434_mulx_u64(&x349, &x350, x4, (arg2[1])); - fiat_p434_mulx_u64(&x351, &x352, x4, (arg2[0])); + x338 = (uint64_t)x337 + x294; + fiat_p434_mulx_u64(&x339, &x340, x4, arg2[6]); + fiat_p434_mulx_u64(&x341, &x342, x4, arg2[5]); + fiat_p434_mulx_u64(&x343, &x344, x4, arg2[4]); + fiat_p434_mulx_u64(&x345, &x346, x4, arg2[3]); + fiat_p434_mulx_u64(&x347, &x348, x4, arg2[2]); + fiat_p434_mulx_u64(&x349, &x350, x4, arg2[1]); + fiat_p434_mulx_u64(&x351, &x352, x4, arg2[0]); fiat_p434_addcarryx_u64(&x353, &x354, 0x0, x352, x349); fiat_p434_addcarryx_u64(&x355, &x356, x354, x350, x347); fiat_p434_addcarryx_u64(&x357, &x358, x356, x348, x345); fiat_p434_addcarryx_u64(&x359, &x360, x358, x346, x343); fiat_p434_addcarryx_u64(&x361, &x362, x360, x344, x341); fiat_p434_addcarryx_u64(&x363, &x364, x362, x342, x339); - x365 = (x364 + x340); + x365 = x364 + x340; fiat_p434_addcarryx_u64(&x366, &x367, 0x0, x324, x351); fiat_p434_addcarryx_u64(&x368, &x369, x367, x326, x353); fiat_p434_addcarryx_u64(&x370, &x371, x369, x328, x355); @@ -995,7 +995,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x402, &x403, x401, x389, x386); fiat_p434_addcarryx_u64(&x404, &x405, x403, x387, x384); fiat_p434_addcarryx_u64(&x406, &x407, x405, x385, x382); - x408 = (x407 + x383); + x408 = x407 + x383; fiat_p434_addcarryx_u64(&x409, &x410, 0x0, x366, x394); fiat_p434_addcarryx_u64(&x411, &x412, x410, x368, x396); fiat_p434_addcarryx_u64(&x413, &x414, x412, x370, x398); @@ -1004,21 +1004,21 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x419, &x420, x418, x376, x404); fiat_p434_addcarryx_u64(&x421, &x422, x420, x378, x406); fiat_p434_addcarryx_u64(&x423, &x424, x422, x380, x408); - x425 = ((uint64_t)x424 + x381); - fiat_p434_mulx_u64(&x426, &x427, x5, (arg2[6])); - fiat_p434_mulx_u64(&x428, &x429, x5, (arg2[5])); - fiat_p434_mulx_u64(&x430, &x431, x5, (arg2[4])); - fiat_p434_mulx_u64(&x432, &x433, x5, (arg2[3])); - fiat_p434_mulx_u64(&x434, &x435, x5, (arg2[2])); - fiat_p434_mulx_u64(&x436, &x437, x5, (arg2[1])); - fiat_p434_mulx_u64(&x438, &x439, x5, (arg2[0])); + x425 = (uint64_t)x424 + x381; + fiat_p434_mulx_u64(&x426, &x427, x5, arg2[6]); + fiat_p434_mulx_u64(&x428, &x429, x5, arg2[5]); + fiat_p434_mulx_u64(&x430, &x431, x5, arg2[4]); + fiat_p434_mulx_u64(&x432, &x433, x5, arg2[3]); + fiat_p434_mulx_u64(&x434, &x435, x5, arg2[2]); + fiat_p434_mulx_u64(&x436, &x437, x5, arg2[1]); + fiat_p434_mulx_u64(&x438, &x439, x5, arg2[0]); fiat_p434_addcarryx_u64(&x440, &x441, 0x0, x439, x436); fiat_p434_addcarryx_u64(&x442, &x443, x441, x437, x434); fiat_p434_addcarryx_u64(&x444, &x445, x443, x435, x432); fiat_p434_addcarryx_u64(&x446, &x447, x445, x433, x430); fiat_p434_addcarryx_u64(&x448, &x449, x447, x431, x428); fiat_p434_addcarryx_u64(&x450, &x451, x449, x429, x426); - x452 = (x451 + x427); + x452 = x451 + x427; fiat_p434_addcarryx_u64(&x453, &x454, 0x0, x411, x438); fiat_p434_addcarryx_u64(&x455, &x456, x454, x413, x440); fiat_p434_addcarryx_u64(&x457, &x458, x456, x415, x442); @@ -1040,7 +1040,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x489, &x490, x488, x476, x473); fiat_p434_addcarryx_u64(&x491, &x492, x490, x474, x471); fiat_p434_addcarryx_u64(&x493, &x494, x492, x472, x469); - x495 = (x494 + x470); + x495 = x494 + x470; fiat_p434_addcarryx_u64(&x496, &x497, 0x0, x453, x481); fiat_p434_addcarryx_u64(&x498, &x499, x497, x455, x483); fiat_p434_addcarryx_u64(&x500, &x501, x499, x457, x485); @@ -1049,21 +1049,21 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x506, &x507, x505, x463, x491); fiat_p434_addcarryx_u64(&x508, &x509, x507, x465, x493); fiat_p434_addcarryx_u64(&x510, &x511, x509, x467, x495); - x512 = ((uint64_t)x511 + x468); - fiat_p434_mulx_u64(&x513, &x514, x6, (arg2[6])); - fiat_p434_mulx_u64(&x515, &x516, x6, (arg2[5])); - fiat_p434_mulx_u64(&x517, &x518, x6, (arg2[4])); - fiat_p434_mulx_u64(&x519, &x520, x6, (arg2[3])); - fiat_p434_mulx_u64(&x521, &x522, x6, (arg2[2])); - fiat_p434_mulx_u64(&x523, &x524, x6, (arg2[1])); - fiat_p434_mulx_u64(&x525, &x526, x6, (arg2[0])); + x512 = (uint64_t)x511 + x468; + fiat_p434_mulx_u64(&x513, &x514, x6, arg2[6]); + fiat_p434_mulx_u64(&x515, &x516, x6, arg2[5]); + fiat_p434_mulx_u64(&x517, &x518, x6, arg2[4]); + fiat_p434_mulx_u64(&x519, &x520, x6, arg2[3]); + fiat_p434_mulx_u64(&x521, &x522, x6, arg2[2]); + fiat_p434_mulx_u64(&x523, &x524, x6, arg2[1]); + fiat_p434_mulx_u64(&x525, &x526, x6, arg2[0]); fiat_p434_addcarryx_u64(&x527, &x528, 0x0, x526, x523); fiat_p434_addcarryx_u64(&x529, &x530, x528, x524, x521); fiat_p434_addcarryx_u64(&x531, &x532, x530, x522, x519); fiat_p434_addcarryx_u64(&x533, &x534, x532, x520, x517); fiat_p434_addcarryx_u64(&x535, &x536, x534, x518, x515); fiat_p434_addcarryx_u64(&x537, &x538, x536, x516, x513); - x539 = (x538 + x514); + x539 = x538 + x514; fiat_p434_addcarryx_u64(&x540, &x541, 0x0, x498, x525); fiat_p434_addcarryx_u64(&x542, &x543, x541, x500, x527); fiat_p434_addcarryx_u64(&x544, &x545, x543, x502, x529); @@ -1085,7 +1085,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x576, &x577, x575, x563, x560); fiat_p434_addcarryx_u64(&x578, &x579, x577, x561, x558); fiat_p434_addcarryx_u64(&x580, &x581, x579, x559, x556); - x582 = (x581 + x557); + x582 = x581 + x557; fiat_p434_addcarryx_u64(&x583, &x584, 0x0, x540, x568); fiat_p434_addcarryx_u64(&x585, &x586, x584, x542, x570); fiat_p434_addcarryx_u64(&x587, &x588, x586, x544, x572); @@ -1094,7 +1094,7 @@ static void fiat_p434_mul(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_addcarryx_u64(&x593, &x594, x592, x550, x578); fiat_p434_addcarryx_u64(&x595, &x596, x594, x552, x580); fiat_p434_addcarryx_u64(&x597, &x598, x596, x554, x582); - x599 = ((uint64_t)x598 + x555); + x599 = (uint64_t)x598 + x555; fiat_p434_subborrowx_u64(&x600, &x601, 0x0, x585, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x602, &x603, x601, x587, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x604, &x605, x603, x589, UINT64_C(0xffffffffffffffff)); @@ -1756,27 +1756,27 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { uint64_t x620; uint64_t x621; uint64_t x622; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[0]); - fiat_p434_mulx_u64(&x8, &x9, x7, (arg1[6])); - fiat_p434_mulx_u64(&x10, &x11, x7, (arg1[5])); - fiat_p434_mulx_u64(&x12, &x13, x7, (arg1[4])); - fiat_p434_mulx_u64(&x14, &x15, x7, (arg1[3])); - fiat_p434_mulx_u64(&x16, &x17, x7, (arg1[2])); - fiat_p434_mulx_u64(&x18, &x19, x7, (arg1[1])); - fiat_p434_mulx_u64(&x20, &x21, x7, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[0]; + fiat_p434_mulx_u64(&x8, &x9, x7, arg1[6]); + fiat_p434_mulx_u64(&x10, &x11, x7, arg1[5]); + fiat_p434_mulx_u64(&x12, &x13, x7, arg1[4]); + fiat_p434_mulx_u64(&x14, &x15, x7, arg1[3]); + fiat_p434_mulx_u64(&x16, &x17, x7, arg1[2]); + fiat_p434_mulx_u64(&x18, &x19, x7, arg1[1]); + fiat_p434_mulx_u64(&x20, &x21, x7, arg1[0]); fiat_p434_addcarryx_u64(&x22, &x23, 0x0, x21, x18); fiat_p434_addcarryx_u64(&x24, &x25, x23, x19, x16); fiat_p434_addcarryx_u64(&x26, &x27, x25, x17, x14); fiat_p434_addcarryx_u64(&x28, &x29, x27, x15, x12); fiat_p434_addcarryx_u64(&x30, &x31, x29, x13, x10); fiat_p434_addcarryx_u64(&x32, &x33, x31, x11, x8); - x34 = (x33 + x9); + x34 = x33 + x9; fiat_p434_mulx_u64(&x35, &x36, x20, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x37, &x38, x20, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x39, &x40, x20, UINT64_C(0x7bc65c783158aea3)); @@ -1790,7 +1790,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x55, &x56, x54, x42, x39); fiat_p434_addcarryx_u64(&x57, &x58, x56, x40, x37); fiat_p434_addcarryx_u64(&x59, &x60, x58, x38, x35); - x61 = (x60 + x36); + x61 = x60 + x36; fiat_p434_addcarryx_u64(&x62, &x63, 0x0, x20, x47); fiat_p434_addcarryx_u64(&x64, &x65, x63, x22, x49); fiat_p434_addcarryx_u64(&x66, &x67, x65, x24, x51); @@ -1799,20 +1799,20 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x72, &x73, x71, x30, x57); fiat_p434_addcarryx_u64(&x74, &x75, x73, x32, x59); fiat_p434_addcarryx_u64(&x76, &x77, x75, x34, x61); - fiat_p434_mulx_u64(&x78, &x79, x1, (arg1[6])); - fiat_p434_mulx_u64(&x80, &x81, x1, (arg1[5])); - fiat_p434_mulx_u64(&x82, &x83, x1, (arg1[4])); - fiat_p434_mulx_u64(&x84, &x85, x1, (arg1[3])); - fiat_p434_mulx_u64(&x86, &x87, x1, (arg1[2])); - fiat_p434_mulx_u64(&x88, &x89, x1, (arg1[1])); - fiat_p434_mulx_u64(&x90, &x91, x1, (arg1[0])); + fiat_p434_mulx_u64(&x78, &x79, x1, arg1[6]); + fiat_p434_mulx_u64(&x80, &x81, x1, arg1[5]); + fiat_p434_mulx_u64(&x82, &x83, x1, arg1[4]); + fiat_p434_mulx_u64(&x84, &x85, x1, arg1[3]); + fiat_p434_mulx_u64(&x86, &x87, x1, arg1[2]); + fiat_p434_mulx_u64(&x88, &x89, x1, arg1[1]); + fiat_p434_mulx_u64(&x90, &x91, x1, arg1[0]); fiat_p434_addcarryx_u64(&x92, &x93, 0x0, x91, x88); fiat_p434_addcarryx_u64(&x94, &x95, x93, x89, x86); fiat_p434_addcarryx_u64(&x96, &x97, x95, x87, x84); fiat_p434_addcarryx_u64(&x98, &x99, x97, x85, x82); fiat_p434_addcarryx_u64(&x100, &x101, x99, x83, x80); fiat_p434_addcarryx_u64(&x102, &x103, x101, x81, x78); - x104 = (x103 + x79); + x104 = x103 + x79; fiat_p434_addcarryx_u64(&x105, &x106, 0x0, x64, x90); fiat_p434_addcarryx_u64(&x107, &x108, x106, x66, x92); fiat_p434_addcarryx_u64(&x109, &x110, x108, x68, x94); @@ -1834,7 +1834,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x141, &x142, x140, x128, x125); fiat_p434_addcarryx_u64(&x143, &x144, x142, x126, x123); fiat_p434_addcarryx_u64(&x145, &x146, x144, x124, x121); - x147 = (x146 + x122); + x147 = x146 + x122; fiat_p434_addcarryx_u64(&x148, &x149, 0x0, x105, x133); fiat_p434_addcarryx_u64(&x150, &x151, x149, x107, x135); fiat_p434_addcarryx_u64(&x152, &x153, x151, x109, x137); @@ -1843,21 +1843,21 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x158, &x159, x157, x115, x143); fiat_p434_addcarryx_u64(&x160, &x161, x159, x117, x145); fiat_p434_addcarryx_u64(&x162, &x163, x161, x119, x147); - x164 = ((uint64_t)x163 + x120); - fiat_p434_mulx_u64(&x165, &x166, x2, (arg1[6])); - fiat_p434_mulx_u64(&x167, &x168, x2, (arg1[5])); - fiat_p434_mulx_u64(&x169, &x170, x2, (arg1[4])); - fiat_p434_mulx_u64(&x171, &x172, x2, (arg1[3])); - fiat_p434_mulx_u64(&x173, &x174, x2, (arg1[2])); - fiat_p434_mulx_u64(&x175, &x176, x2, (arg1[1])); - fiat_p434_mulx_u64(&x177, &x178, x2, (arg1[0])); + x164 = (uint64_t)x163 + x120; + fiat_p434_mulx_u64(&x165, &x166, x2, arg1[6]); + fiat_p434_mulx_u64(&x167, &x168, x2, arg1[5]); + fiat_p434_mulx_u64(&x169, &x170, x2, arg1[4]); + fiat_p434_mulx_u64(&x171, &x172, x2, arg1[3]); + fiat_p434_mulx_u64(&x173, &x174, x2, arg1[2]); + fiat_p434_mulx_u64(&x175, &x176, x2, arg1[1]); + fiat_p434_mulx_u64(&x177, &x178, x2, arg1[0]); fiat_p434_addcarryx_u64(&x179, &x180, 0x0, x178, x175); fiat_p434_addcarryx_u64(&x181, &x182, x180, x176, x173); fiat_p434_addcarryx_u64(&x183, &x184, x182, x174, x171); fiat_p434_addcarryx_u64(&x185, &x186, x184, x172, x169); fiat_p434_addcarryx_u64(&x187, &x188, x186, x170, x167); fiat_p434_addcarryx_u64(&x189, &x190, x188, x168, x165); - x191 = (x190 + x166); + x191 = x190 + x166; fiat_p434_addcarryx_u64(&x192, &x193, 0x0, x150, x177); fiat_p434_addcarryx_u64(&x194, &x195, x193, x152, x179); fiat_p434_addcarryx_u64(&x196, &x197, x195, x154, x181); @@ -1879,7 +1879,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x228, &x229, x227, x215, x212); fiat_p434_addcarryx_u64(&x230, &x231, x229, x213, x210); fiat_p434_addcarryx_u64(&x232, &x233, x231, x211, x208); - x234 = (x233 + x209); + x234 = x233 + x209; fiat_p434_addcarryx_u64(&x235, &x236, 0x0, x192, x220); fiat_p434_addcarryx_u64(&x237, &x238, x236, x194, x222); fiat_p434_addcarryx_u64(&x239, &x240, x238, x196, x224); @@ -1888,21 +1888,21 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x245, &x246, x244, x202, x230); fiat_p434_addcarryx_u64(&x247, &x248, x246, x204, x232); fiat_p434_addcarryx_u64(&x249, &x250, x248, x206, x234); - x251 = ((uint64_t)x250 + x207); - fiat_p434_mulx_u64(&x252, &x253, x3, (arg1[6])); - fiat_p434_mulx_u64(&x254, &x255, x3, (arg1[5])); - fiat_p434_mulx_u64(&x256, &x257, x3, (arg1[4])); - fiat_p434_mulx_u64(&x258, &x259, x3, (arg1[3])); - fiat_p434_mulx_u64(&x260, &x261, x3, (arg1[2])); - fiat_p434_mulx_u64(&x262, &x263, x3, (arg1[1])); - fiat_p434_mulx_u64(&x264, &x265, x3, (arg1[0])); + x251 = (uint64_t)x250 + x207; + fiat_p434_mulx_u64(&x252, &x253, x3, arg1[6]); + fiat_p434_mulx_u64(&x254, &x255, x3, arg1[5]); + fiat_p434_mulx_u64(&x256, &x257, x3, arg1[4]); + fiat_p434_mulx_u64(&x258, &x259, x3, arg1[3]); + fiat_p434_mulx_u64(&x260, &x261, x3, arg1[2]); + fiat_p434_mulx_u64(&x262, &x263, x3, arg1[1]); + fiat_p434_mulx_u64(&x264, &x265, x3, arg1[0]); fiat_p434_addcarryx_u64(&x266, &x267, 0x0, x265, x262); fiat_p434_addcarryx_u64(&x268, &x269, x267, x263, x260); fiat_p434_addcarryx_u64(&x270, &x271, x269, x261, x258); fiat_p434_addcarryx_u64(&x272, &x273, x271, x259, x256); fiat_p434_addcarryx_u64(&x274, &x275, x273, x257, x254); fiat_p434_addcarryx_u64(&x276, &x277, x275, x255, x252); - x278 = (x277 + x253); + x278 = x277 + x253; fiat_p434_addcarryx_u64(&x279, &x280, 0x0, x237, x264); fiat_p434_addcarryx_u64(&x281, &x282, x280, x239, x266); fiat_p434_addcarryx_u64(&x283, &x284, x282, x241, x268); @@ -1924,7 +1924,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x315, &x316, x314, x302, x299); fiat_p434_addcarryx_u64(&x317, &x318, x316, x300, x297); fiat_p434_addcarryx_u64(&x319, &x320, x318, x298, x295); - x321 = (x320 + x296); + x321 = x320 + x296; fiat_p434_addcarryx_u64(&x322, &x323, 0x0, x279, x307); fiat_p434_addcarryx_u64(&x324, &x325, x323, x281, x309); fiat_p434_addcarryx_u64(&x326, &x327, x325, x283, x311); @@ -1933,21 +1933,21 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x332, &x333, x331, x289, x317); fiat_p434_addcarryx_u64(&x334, &x335, x333, x291, x319); fiat_p434_addcarryx_u64(&x336, &x337, x335, x293, x321); - x338 = ((uint64_t)x337 + x294); - fiat_p434_mulx_u64(&x339, &x340, x4, (arg1[6])); - fiat_p434_mulx_u64(&x341, &x342, x4, (arg1[5])); - fiat_p434_mulx_u64(&x343, &x344, x4, (arg1[4])); - fiat_p434_mulx_u64(&x345, &x346, x4, (arg1[3])); - fiat_p434_mulx_u64(&x347, &x348, x4, (arg1[2])); - fiat_p434_mulx_u64(&x349, &x350, x4, (arg1[1])); - fiat_p434_mulx_u64(&x351, &x352, x4, (arg1[0])); + x338 = (uint64_t)x337 + x294; + fiat_p434_mulx_u64(&x339, &x340, x4, arg1[6]); + fiat_p434_mulx_u64(&x341, &x342, x4, arg1[5]); + fiat_p434_mulx_u64(&x343, &x344, x4, arg1[4]); + fiat_p434_mulx_u64(&x345, &x346, x4, arg1[3]); + fiat_p434_mulx_u64(&x347, &x348, x4, arg1[2]); + fiat_p434_mulx_u64(&x349, &x350, x4, arg1[1]); + fiat_p434_mulx_u64(&x351, &x352, x4, arg1[0]); fiat_p434_addcarryx_u64(&x353, &x354, 0x0, x352, x349); fiat_p434_addcarryx_u64(&x355, &x356, x354, x350, x347); fiat_p434_addcarryx_u64(&x357, &x358, x356, x348, x345); fiat_p434_addcarryx_u64(&x359, &x360, x358, x346, x343); fiat_p434_addcarryx_u64(&x361, &x362, x360, x344, x341); fiat_p434_addcarryx_u64(&x363, &x364, x362, x342, x339); - x365 = (x364 + x340); + x365 = x364 + x340; fiat_p434_addcarryx_u64(&x366, &x367, 0x0, x324, x351); fiat_p434_addcarryx_u64(&x368, &x369, x367, x326, x353); fiat_p434_addcarryx_u64(&x370, &x371, x369, x328, x355); @@ -1969,7 +1969,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x402, &x403, x401, x389, x386); fiat_p434_addcarryx_u64(&x404, &x405, x403, x387, x384); fiat_p434_addcarryx_u64(&x406, &x407, x405, x385, x382); - x408 = (x407 + x383); + x408 = x407 + x383; fiat_p434_addcarryx_u64(&x409, &x410, 0x0, x366, x394); fiat_p434_addcarryx_u64(&x411, &x412, x410, x368, x396); fiat_p434_addcarryx_u64(&x413, &x414, x412, x370, x398); @@ -1978,21 +1978,21 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x419, &x420, x418, x376, x404); fiat_p434_addcarryx_u64(&x421, &x422, x420, x378, x406); fiat_p434_addcarryx_u64(&x423, &x424, x422, x380, x408); - x425 = ((uint64_t)x424 + x381); - fiat_p434_mulx_u64(&x426, &x427, x5, (arg1[6])); - fiat_p434_mulx_u64(&x428, &x429, x5, (arg1[5])); - fiat_p434_mulx_u64(&x430, &x431, x5, (arg1[4])); - fiat_p434_mulx_u64(&x432, &x433, x5, (arg1[3])); - fiat_p434_mulx_u64(&x434, &x435, x5, (arg1[2])); - fiat_p434_mulx_u64(&x436, &x437, x5, (arg1[1])); - fiat_p434_mulx_u64(&x438, &x439, x5, (arg1[0])); + x425 = (uint64_t)x424 + x381; + fiat_p434_mulx_u64(&x426, &x427, x5, arg1[6]); + fiat_p434_mulx_u64(&x428, &x429, x5, arg1[5]); + fiat_p434_mulx_u64(&x430, &x431, x5, arg1[4]); + fiat_p434_mulx_u64(&x432, &x433, x5, arg1[3]); + fiat_p434_mulx_u64(&x434, &x435, x5, arg1[2]); + fiat_p434_mulx_u64(&x436, &x437, x5, arg1[1]); + fiat_p434_mulx_u64(&x438, &x439, x5, arg1[0]); fiat_p434_addcarryx_u64(&x440, &x441, 0x0, x439, x436); fiat_p434_addcarryx_u64(&x442, &x443, x441, x437, x434); fiat_p434_addcarryx_u64(&x444, &x445, x443, x435, x432); fiat_p434_addcarryx_u64(&x446, &x447, x445, x433, x430); fiat_p434_addcarryx_u64(&x448, &x449, x447, x431, x428); fiat_p434_addcarryx_u64(&x450, &x451, x449, x429, x426); - x452 = (x451 + x427); + x452 = x451 + x427; fiat_p434_addcarryx_u64(&x453, &x454, 0x0, x411, x438); fiat_p434_addcarryx_u64(&x455, &x456, x454, x413, x440); fiat_p434_addcarryx_u64(&x457, &x458, x456, x415, x442); @@ -2014,7 +2014,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x489, &x490, x488, x476, x473); fiat_p434_addcarryx_u64(&x491, &x492, x490, x474, x471); fiat_p434_addcarryx_u64(&x493, &x494, x492, x472, x469); - x495 = (x494 + x470); + x495 = x494 + x470; fiat_p434_addcarryx_u64(&x496, &x497, 0x0, x453, x481); fiat_p434_addcarryx_u64(&x498, &x499, x497, x455, x483); fiat_p434_addcarryx_u64(&x500, &x501, x499, x457, x485); @@ -2023,21 +2023,21 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x506, &x507, x505, x463, x491); fiat_p434_addcarryx_u64(&x508, &x509, x507, x465, x493); fiat_p434_addcarryx_u64(&x510, &x511, x509, x467, x495); - x512 = ((uint64_t)x511 + x468); - fiat_p434_mulx_u64(&x513, &x514, x6, (arg1[6])); - fiat_p434_mulx_u64(&x515, &x516, x6, (arg1[5])); - fiat_p434_mulx_u64(&x517, &x518, x6, (arg1[4])); - fiat_p434_mulx_u64(&x519, &x520, x6, (arg1[3])); - fiat_p434_mulx_u64(&x521, &x522, x6, (arg1[2])); - fiat_p434_mulx_u64(&x523, &x524, x6, (arg1[1])); - fiat_p434_mulx_u64(&x525, &x526, x6, (arg1[0])); + x512 = (uint64_t)x511 + x468; + fiat_p434_mulx_u64(&x513, &x514, x6, arg1[6]); + fiat_p434_mulx_u64(&x515, &x516, x6, arg1[5]); + fiat_p434_mulx_u64(&x517, &x518, x6, arg1[4]); + fiat_p434_mulx_u64(&x519, &x520, x6, arg1[3]); + fiat_p434_mulx_u64(&x521, &x522, x6, arg1[2]); + fiat_p434_mulx_u64(&x523, &x524, x6, arg1[1]); + fiat_p434_mulx_u64(&x525, &x526, x6, arg1[0]); fiat_p434_addcarryx_u64(&x527, &x528, 0x0, x526, x523); fiat_p434_addcarryx_u64(&x529, &x530, x528, x524, x521); fiat_p434_addcarryx_u64(&x531, &x532, x530, x522, x519); fiat_p434_addcarryx_u64(&x533, &x534, x532, x520, x517); fiat_p434_addcarryx_u64(&x535, &x536, x534, x518, x515); fiat_p434_addcarryx_u64(&x537, &x538, x536, x516, x513); - x539 = (x538 + x514); + x539 = x538 + x514; fiat_p434_addcarryx_u64(&x540, &x541, 0x0, x498, x525); fiat_p434_addcarryx_u64(&x542, &x543, x541, x500, x527); fiat_p434_addcarryx_u64(&x544, &x545, x543, x502, x529); @@ -2059,7 +2059,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x576, &x577, x575, x563, x560); fiat_p434_addcarryx_u64(&x578, &x579, x577, x561, x558); fiat_p434_addcarryx_u64(&x580, &x581, x579, x559, x556); - x582 = (x581 + x557); + x582 = x581 + x557; fiat_p434_addcarryx_u64(&x583, &x584, 0x0, x540, x568); fiat_p434_addcarryx_u64(&x585, &x586, x584, x542, x570); fiat_p434_addcarryx_u64(&x587, &x588, x586, x544, x572); @@ -2068,7 +2068,7 @@ static void fiat_p434_square(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x593, &x594, x592, x550, x578); fiat_p434_addcarryx_u64(&x595, &x596, x594, x552, x580); fiat_p434_addcarryx_u64(&x597, &x598, x596, x554, x582); - x599 = ((uint64_t)x598 + x555); + x599 = (uint64_t)x598 + x555; fiat_p434_subborrowx_u64(&x600, &x601, 0x0, x585, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x602, &x603, x601, x587, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x604, &x605, x603, x589, UINT64_C(0xffffffffffffffff)); @@ -2147,13 +2147,13 @@ static void fiat_p434_add(uint64_t out1[7], const uint64_t arg1[7], const uint64 uint64_t x35; uint64_t x36; uint64_t x37; - fiat_p434_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p434_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p434_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p434_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p434_addcarryx_u64(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p434_addcarryx_u64(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p434_addcarryx_u64(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_p434_addcarryx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p434_addcarryx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p434_addcarryx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p434_addcarryx_u64(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p434_addcarryx_u64(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p434_addcarryx_u64(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p434_addcarryx_u64(&x13, &x14, x12, arg1[6], arg2[6]); fiat_p434_subborrowx_u64(&x15, &x16, 0x0, x1, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x17, &x18, x16, x3, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x19, &x20, x18, x5, UINT64_C(0xffffffffffffffff)); @@ -2224,21 +2224,21 @@ static void fiat_p434_sub(uint64_t out1[7], const uint64_t arg1[7], const uint64 fiat_p434_uint1 x27; uint64_t x28; fiat_p434_uint1 x29; - fiat_p434_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_p434_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_p434_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_p434_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_p434_subborrowx_u64(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_p434_subborrowx_u64(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_p434_subborrowx_u64(&x13, &x14, x12, (arg1[6]), (arg2[6])); + fiat_p434_subborrowx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_p434_subborrowx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_p434_subborrowx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_p434_subborrowx_u64(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_p434_subborrowx_u64(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_p434_subborrowx_u64(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_p434_subborrowx_u64(&x13, &x14, x12, arg1[6], arg2[6]); fiat_p434_cmovznz_u64(&x15, x14, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p434_addcarryx_u64(&x16, &x17, 0x0, x1, x15); fiat_p434_addcarryx_u64(&x18, &x19, x17, x3, x15); fiat_p434_addcarryx_u64(&x20, &x21, x19, x5, x15); - fiat_p434_addcarryx_u64(&x22, &x23, x21, x7, (x15 & UINT64_C(0xfdc1767ae2ffffff))); - fiat_p434_addcarryx_u64(&x24, &x25, x23, x9, (x15 & UINT64_C(0x7bc65c783158aea3))); - fiat_p434_addcarryx_u64(&x26, &x27, x25, x11, (x15 & UINT64_C(0x6cfc5fd681c52056))); - fiat_p434_addcarryx_u64(&x28, &x29, x27, x13, (x15 & UINT64_C(0x2341f27177344))); + fiat_p434_addcarryx_u64(&x22, &x23, x21, x7, x15 & UINT64_C(0xfdc1767ae2ffffff)); + fiat_p434_addcarryx_u64(&x24, &x25, x23, x9, x15 & UINT64_C(0x7bc65c783158aea3)); + fiat_p434_addcarryx_u64(&x26, &x27, x25, x11, x15 & UINT64_C(0x6cfc5fd681c52056)); + fiat_p434_addcarryx_u64(&x28, &x29, x27, x13, x15 & UINT64_C(0x2341f27177344)); out1[0] = x16; out1[1] = x18; out1[2] = x20; @@ -2292,21 +2292,21 @@ static void fiat_p434_opp(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_uint1 x27; uint64_t x28; fiat_p434_uint1 x29; - fiat_p434_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_p434_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_p434_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_p434_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); - fiat_p434_subborrowx_u64(&x9, &x10, x8, 0x0, (arg1[4])); - fiat_p434_subborrowx_u64(&x11, &x12, x10, 0x0, (arg1[5])); - fiat_p434_subborrowx_u64(&x13, &x14, x12, 0x0, (arg1[6])); + fiat_p434_subborrowx_u64(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_p434_subborrowx_u64(&x3, &x4, x2, 0x0, arg1[1]); + fiat_p434_subborrowx_u64(&x5, &x6, x4, 0x0, arg1[2]); + fiat_p434_subborrowx_u64(&x7, &x8, x6, 0x0, arg1[3]); + fiat_p434_subborrowx_u64(&x9, &x10, x8, 0x0, arg1[4]); + fiat_p434_subborrowx_u64(&x11, &x12, x10, 0x0, arg1[5]); + fiat_p434_subborrowx_u64(&x13, &x14, x12, 0x0, arg1[6]); fiat_p434_cmovznz_u64(&x15, x14, 0x0, UINT64_C(0xffffffffffffffff)); fiat_p434_addcarryx_u64(&x16, &x17, 0x0, x1, x15); fiat_p434_addcarryx_u64(&x18, &x19, x17, x3, x15); fiat_p434_addcarryx_u64(&x20, &x21, x19, x5, x15); - fiat_p434_addcarryx_u64(&x22, &x23, x21, x7, (x15 & UINT64_C(0xfdc1767ae2ffffff))); - fiat_p434_addcarryx_u64(&x24, &x25, x23, x9, (x15 & UINT64_C(0x7bc65c783158aea3))); - fiat_p434_addcarryx_u64(&x26, &x27, x25, x11, (x15 & UINT64_C(0x6cfc5fd681c52056))); - fiat_p434_addcarryx_u64(&x28, &x29, x27, x13, (x15 & UINT64_C(0x2341f27177344))); + fiat_p434_addcarryx_u64(&x22, &x23, x21, x7, x15 & UINT64_C(0xfdc1767ae2ffffff)); + fiat_p434_addcarryx_u64(&x24, &x25, x23, x9, x15 & UINT64_C(0x7bc65c783158aea3)); + fiat_p434_addcarryx_u64(&x26, &x27, x25, x11, x15 & UINT64_C(0x6cfc5fd681c52056)); + fiat_p434_addcarryx_u64(&x28, &x29, x27, x13, x15 & UINT64_C(0x2341f27177344)); out1[0] = x16; out1[1] = x18; out1[2] = x20; @@ -2708,7 +2708,7 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) uint64_t x375; uint64_t x376; uint64_t x377; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_p434_mulx_u64(&x2, &x3, x1, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x4, &x5, x1, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x6, &x7, x1, UINT64_C(0x7bc65c783158aea3)); @@ -2729,7 +2729,7 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x36, &x37, x35, 0x0, x22); fiat_p434_addcarryx_u64(&x38, &x39, x37, 0x0, x24); fiat_p434_addcarryx_u64(&x40, &x41, x39, 0x0, x26); - fiat_p434_addcarryx_u64(&x42, &x43, 0x0, x30, (arg1[1])); + fiat_p434_addcarryx_u64(&x42, &x43, 0x0, x30, arg1[1]); fiat_p434_addcarryx_u64(&x44, &x45, x43, x32, 0x0); fiat_p434_addcarryx_u64(&x46, &x47, x45, x34, 0x0); fiat_p434_addcarryx_u64(&x48, &x49, x47, x36, 0x0); @@ -2754,8 +2754,8 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x86, &x87, x85, x48, x72); fiat_p434_addcarryx_u64(&x88, &x89, x87, x50, x74); fiat_p434_addcarryx_u64(&x90, &x91, x89, x52, x76); - fiat_p434_addcarryx_u64(&x92, &x93, x91, (x53 + (x41 + (x27 + x3))), x78); - fiat_p434_addcarryx_u64(&x94, &x95, 0x0, x82, (arg1[2])); + fiat_p434_addcarryx_u64(&x92, &x93, x91, x53 + (x41 + (x27 + x3)), x78); + fiat_p434_addcarryx_u64(&x94, &x95, 0x0, x82, arg1[2]); fiat_p434_addcarryx_u64(&x96, &x97, x95, x84, 0x0); fiat_p434_addcarryx_u64(&x98, &x99, x97, x86, 0x0); fiat_p434_addcarryx_u64(&x100, &x101, x99, x88, 0x0); @@ -2780,8 +2780,8 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x138, &x139, x137, x100, x124); fiat_p434_addcarryx_u64(&x140, &x141, x139, x102, x126); fiat_p434_addcarryx_u64(&x142, &x143, x141, x104, x128); - fiat_p434_addcarryx_u64(&x144, &x145, x143, (x105 + (x93 + (x79 + x55))), x130); - fiat_p434_addcarryx_u64(&x146, &x147, 0x0, x134, (arg1[3])); + fiat_p434_addcarryx_u64(&x144, &x145, x143, x105 + (x93 + (x79 + x55)), x130); + fiat_p434_addcarryx_u64(&x146, &x147, 0x0, x134, arg1[3]); fiat_p434_addcarryx_u64(&x148, &x149, x147, x136, 0x0); fiat_p434_addcarryx_u64(&x150, &x151, x149, x138, 0x0); fiat_p434_addcarryx_u64(&x152, &x153, x151, x140, 0x0); @@ -2806,8 +2806,8 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x190, &x191, x189, x152, x176); fiat_p434_addcarryx_u64(&x192, &x193, x191, x154, x178); fiat_p434_addcarryx_u64(&x194, &x195, x193, x156, x180); - fiat_p434_addcarryx_u64(&x196, &x197, x195, (x157 + (x145 + (x131 + x107))), x182); - fiat_p434_addcarryx_u64(&x198, &x199, 0x0, x186, (arg1[4])); + fiat_p434_addcarryx_u64(&x196, &x197, x195, x157 + (x145 + (x131 + x107)), x182); + fiat_p434_addcarryx_u64(&x198, &x199, 0x0, x186, arg1[4]); fiat_p434_addcarryx_u64(&x200, &x201, x199, x188, 0x0); fiat_p434_addcarryx_u64(&x202, &x203, x201, x190, 0x0); fiat_p434_addcarryx_u64(&x204, &x205, x203, x192, 0x0); @@ -2832,8 +2832,8 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x242, &x243, x241, x204, x228); fiat_p434_addcarryx_u64(&x244, &x245, x243, x206, x230); fiat_p434_addcarryx_u64(&x246, &x247, x245, x208, x232); - fiat_p434_addcarryx_u64(&x248, &x249, x247, (x209 + (x197 + (x183 + x159))), x234); - fiat_p434_addcarryx_u64(&x250, &x251, 0x0, x238, (arg1[5])); + fiat_p434_addcarryx_u64(&x248, &x249, x247, x209 + (x197 + (x183 + x159)), x234); + fiat_p434_addcarryx_u64(&x250, &x251, 0x0, x238, arg1[5]); fiat_p434_addcarryx_u64(&x252, &x253, x251, x240, 0x0); fiat_p434_addcarryx_u64(&x254, &x255, x253, x242, 0x0); fiat_p434_addcarryx_u64(&x256, &x257, x255, x244, 0x0); @@ -2858,8 +2858,8 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x294, &x295, x293, x256, x280); fiat_p434_addcarryx_u64(&x296, &x297, x295, x258, x282); fiat_p434_addcarryx_u64(&x298, &x299, x297, x260, x284); - fiat_p434_addcarryx_u64(&x300, &x301, x299, (x261 + (x249 + (x235 + x211))), x286); - fiat_p434_addcarryx_u64(&x302, &x303, 0x0, x290, (arg1[6])); + fiat_p434_addcarryx_u64(&x300, &x301, x299, x261 + (x249 + (x235 + x211)), x286); + fiat_p434_addcarryx_u64(&x302, &x303, 0x0, x290, arg1[6]); fiat_p434_addcarryx_u64(&x304, &x305, x303, x292, 0x0); fiat_p434_addcarryx_u64(&x306, &x307, x305, x294, 0x0); fiat_p434_addcarryx_u64(&x308, &x309, x307, x296, 0x0); @@ -2884,8 +2884,8 @@ static void fiat_p434_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p434_addcarryx_u64(&x346, &x347, x345, x308, x332); fiat_p434_addcarryx_u64(&x348, &x349, x347, x310, x334); fiat_p434_addcarryx_u64(&x350, &x351, x349, x312, x336); - fiat_p434_addcarryx_u64(&x352, &x353, x351, (x313 + (x301 + (x287 + x263))), x338); - x354 = (x353 + (x339 + x315)); + fiat_p434_addcarryx_u64(&x352, &x353, x351, x313 + (x301 + (x287 + x263)), x338); + x354 = x353 + (x339 + x315); fiat_p434_subborrowx_u64(&x355, &x356, 0x0, x342, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x357, &x358, x356, x344, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x359, &x360, x358, x346, UINT64_C(0xffffffffffffffff)); @@ -3502,13 +3502,13 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { uint64_t x575; uint64_t x576; uint64_t x577; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[0]; fiat_p434_mulx_u64(&x8, &x9, x7, UINT64_C(0x25a89bcdd12a)); fiat_p434_mulx_u64(&x10, &x11, x7, UINT64_C(0x69e16a61c7686d9a)); fiat_p434_mulx_u64(&x12, &x13, x7, UINT64_C(0xabcd92bf2dde347e)); @@ -3561,7 +3561,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x106, &x107, x105, x68, x92); fiat_p434_addcarryx_u64(&x108, &x109, x107, x70, x94); fiat_p434_addcarryx_u64(&x110, &x111, x109, x72, x96); - fiat_p434_addcarryx_u64(&x112, &x113, x111, ((x73 + (x33 + x9)) + (x59 + x35)), x98); + fiat_p434_addcarryx_u64(&x112, &x113, x111, x73 + (x33 + x9) + (x59 + x35), x98); fiat_p434_mulx_u64(&x114, &x115, x100, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x116, &x117, x100, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x118, &x119, x100, UINT64_C(0x7bc65c783158aea3)); @@ -3601,7 +3601,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x186, &x187, x185, x148, x172); fiat_p434_addcarryx_u64(&x188, &x189, x187, x150, x174); fiat_p434_addcarryx_u64(&x190, &x191, x189, x152, x176); - fiat_p434_addcarryx_u64(&x192, &x193, x191, ((x153 + (x113 + (x99 + x75))) + (x139 + x115)), x178); + fiat_p434_addcarryx_u64(&x192, &x193, x191, x153 + (x113 + (x99 + x75)) + (x139 + x115), x178); fiat_p434_mulx_u64(&x194, &x195, x180, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x196, &x197, x180, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x198, &x199, x180, UINT64_C(0x7bc65c783158aea3)); @@ -3641,7 +3641,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x266, &x267, x265, x228, x252); fiat_p434_addcarryx_u64(&x268, &x269, x267, x230, x254); fiat_p434_addcarryx_u64(&x270, &x271, x269, x232, x256); - fiat_p434_addcarryx_u64(&x272, &x273, x271, ((x233 + (x193 + (x179 + x155))) + (x219 + x195)), x258); + fiat_p434_addcarryx_u64(&x272, &x273, x271, x233 + (x193 + (x179 + x155)) + (x219 + x195), x258); fiat_p434_mulx_u64(&x274, &x275, x260, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x276, &x277, x260, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x278, &x279, x260, UINT64_C(0x7bc65c783158aea3)); @@ -3681,7 +3681,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x346, &x347, x345, x308, x332); fiat_p434_addcarryx_u64(&x348, &x349, x347, x310, x334); fiat_p434_addcarryx_u64(&x350, &x351, x349, x312, x336); - fiat_p434_addcarryx_u64(&x352, &x353, x351, ((x313 + (x273 + (x259 + x235))) + (x299 + x275)), x338); + fiat_p434_addcarryx_u64(&x352, &x353, x351, x313 + (x273 + (x259 + x235)) + (x299 + x275), x338); fiat_p434_mulx_u64(&x354, &x355, x340, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x356, &x357, x340, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x358, &x359, x340, UINT64_C(0x7bc65c783158aea3)); @@ -3721,7 +3721,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x426, &x427, x425, x388, x412); fiat_p434_addcarryx_u64(&x428, &x429, x427, x390, x414); fiat_p434_addcarryx_u64(&x430, &x431, x429, x392, x416); - fiat_p434_addcarryx_u64(&x432, &x433, x431, ((x393 + (x353 + (x339 + x315))) + (x379 + x355)), x418); + fiat_p434_addcarryx_u64(&x432, &x433, x431, x393 + (x353 + (x339 + x315)) + (x379 + x355), x418); fiat_p434_mulx_u64(&x434, &x435, x420, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x436, &x437, x420, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x438, &x439, x420, UINT64_C(0x7bc65c783158aea3)); @@ -3761,7 +3761,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x506, &x507, x505, x468, x492); fiat_p434_addcarryx_u64(&x508, &x509, x507, x470, x494); fiat_p434_addcarryx_u64(&x510, &x511, x509, x472, x496); - fiat_p434_addcarryx_u64(&x512, &x513, x511, ((x473 + (x433 + (x419 + x395))) + (x459 + x435)), x498); + fiat_p434_addcarryx_u64(&x512, &x513, x511, x473 + (x433 + (x419 + x395)) + (x459 + x435), x498); fiat_p434_mulx_u64(&x514, &x515, x500, UINT64_C(0x2341f27177344)); fiat_p434_mulx_u64(&x516, &x517, x500, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_mulx_u64(&x518, &x519, x500, UINT64_C(0x7bc65c783158aea3)); @@ -3782,7 +3782,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { fiat_p434_addcarryx_u64(&x548, &x549, x547, x508, x534); fiat_p434_addcarryx_u64(&x550, &x551, x549, x510, x536); fiat_p434_addcarryx_u64(&x552, &x553, x551, x512, x538); - x554 = ((x553 + (x513 + (x499 + x475))) + (x539 + x515)); + x554 = x553 + (x513 + (x499 + x475)) + (x539 + x515); fiat_p434_subborrowx_u64(&x555, &x556, 0x0, x542, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x557, &x558, x556, x544, UINT64_C(0xffffffffffffffff)); fiat_p434_subborrowx_u64(&x559, &x560, x558, x546, UINT64_C(0xffffffffffffffff)); @@ -3822,7 +3822,7 @@ static void fiat_p434_to_montgomery(uint64_t out1[7], const uint64_t arg1[7]) { */ static void fiat_p434_nonzero(uint64_t* out1, const uint64_t arg1[7]) { uint64_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (arg1[6]))))))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | (arg1[3] | (arg1[4] | (arg1[5] | arg1[6]))))); *out1 = x1; } @@ -3847,13 +3847,13 @@ static void fiat_p434_selectznz(uint64_t out1[7], fiat_p434_uint1 arg1, const ui uint64_t x5; uint64_t x6; uint64_t x7; - fiat_p434_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p434_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p434_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p434_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p434_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p434_cmovznz_u64(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p434_cmovznz_u64(&x7, arg1, (arg2[6]), (arg3[6])); + fiat_p434_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_p434_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_p434_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_p434_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); + fiat_p434_cmovznz_u64(&x5, arg1, arg2[4], arg3[4]); + fiat_p434_cmovznz_u64(&x6, arg1, arg2[5], arg3[5]); + fiat_p434_cmovznz_u64(&x7, arg1, arg2[6], arg3[6]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -3980,107 +3980,107 @@ static void fiat_p434_to_bytes(uint8_t out1[55], const uint64_t arg1[7]) { uint64_t x101; uint8_t x102; uint8_t x103; - x1 = (arg1[6]); - x2 = (arg1[5]); - x3 = (arg1[4]); - x4 = (arg1[3]); - x5 = (arg1[2]); - x6 = (arg1[1]); - x7 = (arg1[0]); + x1 = arg1[6]; + x2 = arg1[5]; + x3 = arg1[4]; + x4 = arg1[3]; + x5 = arg1[2]; + x6 = arg1[1]; + x7 = arg1[0]; x8 = (uint8_t)(x7 & UINT8_C(0xff)); - x9 = (x7 >> 8); + x9 = x7 >> 8; x10 = (uint8_t)(x9 & UINT8_C(0xff)); - x11 = (x9 >> 8); + x11 = x9 >> 8; x12 = (uint8_t)(x11 & UINT8_C(0xff)); - x13 = (x11 >> 8); + x13 = x11 >> 8; x14 = (uint8_t)(x13 & UINT8_C(0xff)); - x15 = (x13 >> 8); + x15 = x13 >> 8; x16 = (uint8_t)(x15 & UINT8_C(0xff)); - x17 = (x15 >> 8); + x17 = x15 >> 8; x18 = (uint8_t)(x17 & UINT8_C(0xff)); - x19 = (x17 >> 8); + x19 = x17 >> 8; x20 = (uint8_t)(x19 & UINT8_C(0xff)); x21 = (uint8_t)(x19 >> 8); x22 = (uint8_t)(x6 & UINT8_C(0xff)); - x23 = (x6 >> 8); + x23 = x6 >> 8; x24 = (uint8_t)(x23 & UINT8_C(0xff)); - x25 = (x23 >> 8); + x25 = x23 >> 8; x26 = (uint8_t)(x25 & UINT8_C(0xff)); - x27 = (x25 >> 8); + x27 = x25 >> 8; x28 = (uint8_t)(x27 & UINT8_C(0xff)); - x29 = (x27 >> 8); + x29 = x27 >> 8; x30 = (uint8_t)(x29 & UINT8_C(0xff)); - x31 = (x29 >> 8); + x31 = x29 >> 8; x32 = (uint8_t)(x31 & UINT8_C(0xff)); - x33 = (x31 >> 8); + x33 = x31 >> 8; x34 = (uint8_t)(x33 & UINT8_C(0xff)); x35 = (uint8_t)(x33 >> 8); x36 = (uint8_t)(x5 & UINT8_C(0xff)); - x37 = (x5 >> 8); + x37 = x5 >> 8; x38 = (uint8_t)(x37 & UINT8_C(0xff)); - x39 = (x37 >> 8); + x39 = x37 >> 8; x40 = (uint8_t)(x39 & UINT8_C(0xff)); - x41 = (x39 >> 8); + x41 = x39 >> 8; x42 = (uint8_t)(x41 & UINT8_C(0xff)); - x43 = (x41 >> 8); + x43 = x41 >> 8; x44 = (uint8_t)(x43 & UINT8_C(0xff)); - x45 = (x43 >> 8); + x45 = x43 >> 8; x46 = (uint8_t)(x45 & UINT8_C(0xff)); - x47 = (x45 >> 8); + x47 = x45 >> 8; x48 = (uint8_t)(x47 & UINT8_C(0xff)); x49 = (uint8_t)(x47 >> 8); x50 = (uint8_t)(x4 & UINT8_C(0xff)); - x51 = (x4 >> 8); + x51 = x4 >> 8; x52 = (uint8_t)(x51 & UINT8_C(0xff)); - x53 = (x51 >> 8); + x53 = x51 >> 8; x54 = (uint8_t)(x53 & UINT8_C(0xff)); - x55 = (x53 >> 8); + x55 = x53 >> 8; x56 = (uint8_t)(x55 & UINT8_C(0xff)); - x57 = (x55 >> 8); + x57 = x55 >> 8; x58 = (uint8_t)(x57 & UINT8_C(0xff)); - x59 = (x57 >> 8); + x59 = x57 >> 8; x60 = (uint8_t)(x59 & UINT8_C(0xff)); - x61 = (x59 >> 8); + x61 = x59 >> 8; x62 = (uint8_t)(x61 & UINT8_C(0xff)); x63 = (uint8_t)(x61 >> 8); x64 = (uint8_t)(x3 & UINT8_C(0xff)); - x65 = (x3 >> 8); + x65 = x3 >> 8; x66 = (uint8_t)(x65 & UINT8_C(0xff)); - x67 = (x65 >> 8); + x67 = x65 >> 8; x68 = (uint8_t)(x67 & UINT8_C(0xff)); - x69 = (x67 >> 8); + x69 = x67 >> 8; x70 = (uint8_t)(x69 & UINT8_C(0xff)); - x71 = (x69 >> 8); + x71 = x69 >> 8; x72 = (uint8_t)(x71 & UINT8_C(0xff)); - x73 = (x71 >> 8); + x73 = x71 >> 8; x74 = (uint8_t)(x73 & UINT8_C(0xff)); - x75 = (x73 >> 8); + x75 = x73 >> 8; x76 = (uint8_t)(x75 & UINT8_C(0xff)); x77 = (uint8_t)(x75 >> 8); x78 = (uint8_t)(x2 & UINT8_C(0xff)); - x79 = (x2 >> 8); + x79 = x2 >> 8; x80 = (uint8_t)(x79 & UINT8_C(0xff)); - x81 = (x79 >> 8); + x81 = x79 >> 8; x82 = (uint8_t)(x81 & UINT8_C(0xff)); - x83 = (x81 >> 8); + x83 = x81 >> 8; x84 = (uint8_t)(x83 & UINT8_C(0xff)); - x85 = (x83 >> 8); + x85 = x83 >> 8; x86 = (uint8_t)(x85 & UINT8_C(0xff)); - x87 = (x85 >> 8); + x87 = x85 >> 8; x88 = (uint8_t)(x87 & UINT8_C(0xff)); - x89 = (x87 >> 8); + x89 = x87 >> 8; x90 = (uint8_t)(x89 & UINT8_C(0xff)); x91 = (uint8_t)(x89 >> 8); x92 = (uint8_t)(x1 & UINT8_C(0xff)); - x93 = (x1 >> 8); + x93 = x1 >> 8; x94 = (uint8_t)(x93 & UINT8_C(0xff)); - x95 = (x93 >> 8); + x95 = x93 >> 8; x96 = (uint8_t)(x95 & UINT8_C(0xff)); - x97 = (x95 >> 8); + x97 = x95 >> 8; x98 = (uint8_t)(x97 & UINT8_C(0xff)); - x99 = (x97 >> 8); + x99 = x97 >> 8; x100 = (uint8_t)(x99 & UINT8_C(0xff)); - x101 = (x99 >> 8); + x101 = x99 >> 8; x102 = (uint8_t)(x101 & UINT8_C(0xff)); x103 = (uint8_t)(x101 >> 8); out1[0] = x8; @@ -4258,109 +4258,109 @@ static void fiat_p434_from_bytes(uint64_t out1[7], const uint8_t arg1[55]) { uint64_t x101; uint64_t x102; uint64_t x103; - x1 = ((uint64_t)(arg1[54]) << 48); - x2 = ((uint64_t)(arg1[53]) << 40); - x3 = ((uint64_t)(arg1[52]) << 32); - x4 = ((uint64_t)(arg1[51]) << 24); - x5 = ((uint64_t)(arg1[50]) << 16); - x6 = ((uint64_t)(arg1[49]) << 8); - x7 = (arg1[48]); - x8 = ((uint64_t)(arg1[47]) << 56); - x9 = ((uint64_t)(arg1[46]) << 48); - x10 = ((uint64_t)(arg1[45]) << 40); - x11 = ((uint64_t)(arg1[44]) << 32); - x12 = ((uint64_t)(arg1[43]) << 24); - x13 = ((uint64_t)(arg1[42]) << 16); - x14 = ((uint64_t)(arg1[41]) << 8); - x15 = (arg1[40]); - x16 = ((uint64_t)(arg1[39]) << 56); - x17 = ((uint64_t)(arg1[38]) << 48); - x18 = ((uint64_t)(arg1[37]) << 40); - x19 = ((uint64_t)(arg1[36]) << 32); - x20 = ((uint64_t)(arg1[35]) << 24); - x21 = ((uint64_t)(arg1[34]) << 16); - x22 = ((uint64_t)(arg1[33]) << 8); - x23 = (arg1[32]); - x24 = ((uint64_t)(arg1[31]) << 56); - x25 = ((uint64_t)(arg1[30]) << 48); - x26 = ((uint64_t)(arg1[29]) << 40); - x27 = ((uint64_t)(arg1[28]) << 32); - x28 = ((uint64_t)(arg1[27]) << 24); - x29 = ((uint64_t)(arg1[26]) << 16); - x30 = ((uint64_t)(arg1[25]) << 8); - x31 = (arg1[24]); - x32 = ((uint64_t)(arg1[23]) << 56); - x33 = ((uint64_t)(arg1[22]) << 48); - x34 = ((uint64_t)(arg1[21]) << 40); - x35 = ((uint64_t)(arg1[20]) << 32); - x36 = ((uint64_t)(arg1[19]) << 24); - x37 = ((uint64_t)(arg1[18]) << 16); - x38 = ((uint64_t)(arg1[17]) << 8); - x39 = (arg1[16]); - x40 = ((uint64_t)(arg1[15]) << 56); - x41 = ((uint64_t)(arg1[14]) << 48); - x42 = ((uint64_t)(arg1[13]) << 40); - x43 = ((uint64_t)(arg1[12]) << 32); - x44 = ((uint64_t)(arg1[11]) << 24); - x45 = ((uint64_t)(arg1[10]) << 16); - x46 = ((uint64_t)(arg1[9]) << 8); - x47 = (arg1[8]); - x48 = ((uint64_t)(arg1[7]) << 56); - x49 = ((uint64_t)(arg1[6]) << 48); - x50 = ((uint64_t)(arg1[5]) << 40); - x51 = ((uint64_t)(arg1[4]) << 32); - x52 = ((uint64_t)(arg1[3]) << 24); - x53 = ((uint64_t)(arg1[2]) << 16); - x54 = ((uint64_t)(arg1[1]) << 8); - x55 = (arg1[0]); - x56 = (x54 + (uint64_t)x55); - x57 = (x53 + x56); - x58 = (x52 + x57); - x59 = (x51 + x58); - x60 = (x50 + x59); - x61 = (x49 + x60); - x62 = (x48 + x61); - x63 = (x46 + (uint64_t)x47); - x64 = (x45 + x63); - x65 = (x44 + x64); - x66 = (x43 + x65); - x67 = (x42 + x66); - x68 = (x41 + x67); - x69 = (x40 + x68); - x70 = (x38 + (uint64_t)x39); - x71 = (x37 + x70); - x72 = (x36 + x71); - x73 = (x35 + x72); - x74 = (x34 + x73); - x75 = (x33 + x74); - x76 = (x32 + x75); - x77 = (x30 + (uint64_t)x31); - x78 = (x29 + x77); - x79 = (x28 + x78); - x80 = (x27 + x79); - x81 = (x26 + x80); - x82 = (x25 + x81); - x83 = (x24 + x82); - x84 = (x22 + (uint64_t)x23); - x85 = (x21 + x84); - x86 = (x20 + x85); - x87 = (x19 + x86); - x88 = (x18 + x87); - x89 = (x17 + x88); - x90 = (x16 + x89); - x91 = (x14 + (uint64_t)x15); - x92 = (x13 + x91); - x93 = (x12 + x92); - x94 = (x11 + x93); - x95 = (x10 + x94); - x96 = (x9 + x95); - x97 = (x8 + x96); - x98 = (x6 + (uint64_t)x7); - x99 = (x5 + x98); - x100 = (x4 + x99); - x101 = (x3 + x100); - x102 = (x2 + x101); - x103 = (x1 + x102); + x1 = (uint64_t)arg1[54] << 48; + x2 = (uint64_t)arg1[53] << 40; + x3 = (uint64_t)arg1[52] << 32; + x4 = (uint64_t)arg1[51] << 24; + x5 = (uint64_t)arg1[50] << 16; + x6 = (uint64_t)arg1[49] << 8; + x7 = arg1[48]; + x8 = (uint64_t)arg1[47] << 56; + x9 = (uint64_t)arg1[46] << 48; + x10 = (uint64_t)arg1[45] << 40; + x11 = (uint64_t)arg1[44] << 32; + x12 = (uint64_t)arg1[43] << 24; + x13 = (uint64_t)arg1[42] << 16; + x14 = (uint64_t)arg1[41] << 8; + x15 = arg1[40]; + x16 = (uint64_t)arg1[39] << 56; + x17 = (uint64_t)arg1[38] << 48; + x18 = (uint64_t)arg1[37] << 40; + x19 = (uint64_t)arg1[36] << 32; + x20 = (uint64_t)arg1[35] << 24; + x21 = (uint64_t)arg1[34] << 16; + x22 = (uint64_t)arg1[33] << 8; + x23 = arg1[32]; + x24 = (uint64_t)arg1[31] << 56; + x25 = (uint64_t)arg1[30] << 48; + x26 = (uint64_t)arg1[29] << 40; + x27 = (uint64_t)arg1[28] << 32; + x28 = (uint64_t)arg1[27] << 24; + x29 = (uint64_t)arg1[26] << 16; + x30 = (uint64_t)arg1[25] << 8; + x31 = arg1[24]; + x32 = (uint64_t)arg1[23] << 56; + x33 = (uint64_t)arg1[22] << 48; + x34 = (uint64_t)arg1[21] << 40; + x35 = (uint64_t)arg1[20] << 32; + x36 = (uint64_t)arg1[19] << 24; + x37 = (uint64_t)arg1[18] << 16; + x38 = (uint64_t)arg1[17] << 8; + x39 = arg1[16]; + x40 = (uint64_t)arg1[15] << 56; + x41 = (uint64_t)arg1[14] << 48; + x42 = (uint64_t)arg1[13] << 40; + x43 = (uint64_t)arg1[12] << 32; + x44 = (uint64_t)arg1[11] << 24; + x45 = (uint64_t)arg1[10] << 16; + x46 = (uint64_t)arg1[9] << 8; + x47 = arg1[8]; + x48 = (uint64_t)arg1[7] << 56; + x49 = (uint64_t)arg1[6] << 48; + x50 = (uint64_t)arg1[5] << 40; + x51 = (uint64_t)arg1[4] << 32; + x52 = (uint64_t)arg1[3] << 24; + x53 = (uint64_t)arg1[2] << 16; + x54 = (uint64_t)arg1[1] << 8; + x55 = arg1[0]; + x56 = x54 + (uint64_t)x55; + x57 = x53 + x56; + x58 = x52 + x57; + x59 = x51 + x58; + x60 = x50 + x59; + x61 = x49 + x60; + x62 = x48 + x61; + x63 = x46 + (uint64_t)x47; + x64 = x45 + x63; + x65 = x44 + x64; + x66 = x43 + x65; + x67 = x42 + x66; + x68 = x41 + x67; + x69 = x40 + x68; + x70 = x38 + (uint64_t)x39; + x71 = x37 + x70; + x72 = x36 + x71; + x73 = x35 + x72; + x74 = x34 + x73; + x75 = x33 + x74; + x76 = x32 + x75; + x77 = x30 + (uint64_t)x31; + x78 = x29 + x77; + x79 = x28 + x78; + x80 = x27 + x79; + x81 = x26 + x80; + x82 = x25 + x81; + x83 = x24 + x82; + x84 = x22 + (uint64_t)x23; + x85 = x21 + x84; + x86 = x20 + x85; + x87 = x19 + x86; + x88 = x18 + x87; + x89 = x17 + x88; + x90 = x16 + x89; + x91 = x14 + (uint64_t)x15; + x92 = x13 + x91; + x93 = x12 + x92; + x94 = x11 + x93; + x95 = x10 + x94; + x96 = x9 + x95; + x97 = x8 + x96; + x98 = x6 + (uint64_t)x7; + x99 = x5 + x98; + x100 = x4 + x99; + x101 = x3 + x100; + x102 = x2 + x101; + x103 = x1 + x102; out1[0] = x62; out1[1] = x69; out1[2] = x76; @@ -4648,41 +4648,41 @@ static void fiat_p434_divstep(uint64_t* out1, uint64_t out2[8], uint64_t out3[8] uint64_t x202; uint64_t x203; uint64_t x204; - fiat_p434_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_p434_uint1)((fiat_p434_uint1)(x1 >> 63) & (fiat_p434_uint1)((arg3[0]) & 0x1)); - fiat_p434_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_p434_addcarryx_u64(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_p434_uint1)((fiat_p434_uint1)(x1 >> 63) & (fiat_p434_uint1)(arg3[0] & 0x1)); + fiat_p434_addcarryx_u64(&x4, &x5, 0x0, ~arg1, 0x1); fiat_p434_cmovznz_u64(&x6, x3, arg1, x4); - fiat_p434_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); - fiat_p434_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); - fiat_p434_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); - fiat_p434_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); - fiat_p434_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); - fiat_p434_cmovznz_u64(&x12, x3, (arg2[5]), (arg3[5])); - fiat_p434_cmovznz_u64(&x13, x3, (arg2[6]), (arg3[6])); - fiat_p434_cmovznz_u64(&x14, x3, (arg2[7]), (arg3[7])); - fiat_p434_addcarryx_u64(&x15, &x16, 0x0, 0x1, (~(arg2[0]))); - fiat_p434_addcarryx_u64(&x17, &x18, x16, 0x0, (~(arg2[1]))); - fiat_p434_addcarryx_u64(&x19, &x20, x18, 0x0, (~(arg2[2]))); - fiat_p434_addcarryx_u64(&x21, &x22, x20, 0x0, (~(arg2[3]))); - fiat_p434_addcarryx_u64(&x23, &x24, x22, 0x0, (~(arg2[4]))); - fiat_p434_addcarryx_u64(&x25, &x26, x24, 0x0, (~(arg2[5]))); - fiat_p434_addcarryx_u64(&x27, &x28, x26, 0x0, (~(arg2[6]))); - fiat_p434_addcarryx_u64(&x29, &x30, x28, 0x0, (~(arg2[7]))); - fiat_p434_cmovznz_u64(&x31, x3, (arg3[0]), x15); - fiat_p434_cmovznz_u64(&x32, x3, (arg3[1]), x17); - fiat_p434_cmovznz_u64(&x33, x3, (arg3[2]), x19); - fiat_p434_cmovznz_u64(&x34, x3, (arg3[3]), x21); - fiat_p434_cmovznz_u64(&x35, x3, (arg3[4]), x23); - fiat_p434_cmovznz_u64(&x36, x3, (arg3[5]), x25); - fiat_p434_cmovznz_u64(&x37, x3, (arg3[6]), x27); - fiat_p434_cmovznz_u64(&x38, x3, (arg3[7]), x29); - fiat_p434_cmovznz_u64(&x39, x3, (arg4[0]), (arg5[0])); - fiat_p434_cmovznz_u64(&x40, x3, (arg4[1]), (arg5[1])); - fiat_p434_cmovznz_u64(&x41, x3, (arg4[2]), (arg5[2])); - fiat_p434_cmovznz_u64(&x42, x3, (arg4[3]), (arg5[3])); - fiat_p434_cmovznz_u64(&x43, x3, (arg4[4]), (arg5[4])); - fiat_p434_cmovznz_u64(&x44, x3, (arg4[5]), (arg5[5])); - fiat_p434_cmovznz_u64(&x45, x3, (arg4[6]), (arg5[6])); + fiat_p434_cmovznz_u64(&x7, x3, arg2[0], arg3[0]); + fiat_p434_cmovznz_u64(&x8, x3, arg2[1], arg3[1]); + fiat_p434_cmovznz_u64(&x9, x3, arg2[2], arg3[2]); + fiat_p434_cmovznz_u64(&x10, x3, arg2[3], arg3[3]); + fiat_p434_cmovznz_u64(&x11, x3, arg2[4], arg3[4]); + fiat_p434_cmovznz_u64(&x12, x3, arg2[5], arg3[5]); + fiat_p434_cmovznz_u64(&x13, x3, arg2[6], arg3[6]); + fiat_p434_cmovznz_u64(&x14, x3, arg2[7], arg3[7]); + fiat_p434_addcarryx_u64(&x15, &x16, 0x0, 0x1, ~arg2[0]); + fiat_p434_addcarryx_u64(&x17, &x18, x16, 0x0, ~arg2[1]); + fiat_p434_addcarryx_u64(&x19, &x20, x18, 0x0, ~arg2[2]); + fiat_p434_addcarryx_u64(&x21, &x22, x20, 0x0, ~arg2[3]); + fiat_p434_addcarryx_u64(&x23, &x24, x22, 0x0, ~arg2[4]); + fiat_p434_addcarryx_u64(&x25, &x26, x24, 0x0, ~arg2[5]); + fiat_p434_addcarryx_u64(&x27, &x28, x26, 0x0, ~arg2[6]); + fiat_p434_addcarryx_u64(&x29, &x30, x28, 0x0, ~arg2[7]); + fiat_p434_cmovznz_u64(&x31, x3, arg3[0], x15); + fiat_p434_cmovznz_u64(&x32, x3, arg3[1], x17); + fiat_p434_cmovznz_u64(&x33, x3, arg3[2], x19); + fiat_p434_cmovznz_u64(&x34, x3, arg3[3], x21); + fiat_p434_cmovznz_u64(&x35, x3, arg3[4], x23); + fiat_p434_cmovznz_u64(&x36, x3, arg3[5], x25); + fiat_p434_cmovznz_u64(&x37, x3, arg3[6], x27); + fiat_p434_cmovznz_u64(&x38, x3, arg3[7], x29); + fiat_p434_cmovznz_u64(&x39, x3, arg4[0], arg5[0]); + fiat_p434_cmovznz_u64(&x40, x3, arg4[1], arg5[1]); + fiat_p434_cmovznz_u64(&x41, x3, arg4[2], arg5[2]); + fiat_p434_cmovznz_u64(&x42, x3, arg4[3], arg5[3]); + fiat_p434_cmovznz_u64(&x43, x3, arg4[4], arg5[4]); + fiat_p434_cmovznz_u64(&x44, x3, arg4[5], arg5[5]); + fiat_p434_cmovznz_u64(&x45, x3, arg4[6], arg5[6]); fiat_p434_addcarryx_u64(&x46, &x47, 0x0, x39, x39); fiat_p434_addcarryx_u64(&x48, &x49, x47, x40, x40); fiat_p434_addcarryx_u64(&x50, &x51, x49, x41, x41); @@ -4698,13 +4698,13 @@ static void fiat_p434_divstep(uint64_t* out1, uint64_t out2[8], uint64_t out3[8] fiat_p434_subborrowx_u64(&x70, &x71, x69, x56, UINT64_C(0x6cfc5fd681c52056)); fiat_p434_subborrowx_u64(&x72, &x73, x71, x58, UINT64_C(0x2341f27177344)); fiat_p434_subborrowx_u64(&x74, &x75, x73, x59, 0x0); - x76 = (arg4[6]); - x77 = (arg4[5]); - x78 = (arg4[4]); - x79 = (arg4[3]); - x80 = (arg4[2]); - x81 = (arg4[1]); - x82 = (arg4[0]); + x76 = arg4[6]; + x77 = arg4[5]; + x78 = arg4[4]; + x79 = arg4[3]; + x80 = arg4[2]; + x81 = arg4[1]; + x82 = arg4[0]; fiat_p434_subborrowx_u64(&x83, &x84, 0x0, 0x0, x82); fiat_p434_subborrowx_u64(&x85, &x86, x84, 0x0, x81); fiat_p434_subborrowx_u64(&x87, &x88, x86, 0x0, x80); @@ -4716,17 +4716,17 @@ static void fiat_p434_divstep(uint64_t* out1, uint64_t out2[8], uint64_t out3[8] fiat_p434_addcarryx_u64(&x98, &x99, 0x0, x83, x97); fiat_p434_addcarryx_u64(&x100, &x101, x99, x85, x97); fiat_p434_addcarryx_u64(&x102, &x103, x101, x87, x97); - fiat_p434_addcarryx_u64(&x104, &x105, x103, x89, (x97 & UINT64_C(0xfdc1767ae2ffffff))); - fiat_p434_addcarryx_u64(&x106, &x107, x105, x91, (x97 & UINT64_C(0x7bc65c783158aea3))); - fiat_p434_addcarryx_u64(&x108, &x109, x107, x93, (x97 & UINT64_C(0x6cfc5fd681c52056))); - fiat_p434_addcarryx_u64(&x110, &x111, x109, x95, (x97 & UINT64_C(0x2341f27177344))); - fiat_p434_cmovznz_u64(&x112, x3, (arg5[0]), x98); - fiat_p434_cmovznz_u64(&x113, x3, (arg5[1]), x100); - fiat_p434_cmovznz_u64(&x114, x3, (arg5[2]), x102); - fiat_p434_cmovznz_u64(&x115, x3, (arg5[3]), x104); - fiat_p434_cmovznz_u64(&x116, x3, (arg5[4]), x106); - fiat_p434_cmovznz_u64(&x117, x3, (arg5[5]), x108); - fiat_p434_cmovznz_u64(&x118, x3, (arg5[6]), x110); + fiat_p434_addcarryx_u64(&x104, &x105, x103, x89, x97 & UINT64_C(0xfdc1767ae2ffffff)); + fiat_p434_addcarryx_u64(&x106, &x107, x105, x91, x97 & UINT64_C(0x7bc65c783158aea3)); + fiat_p434_addcarryx_u64(&x108, &x109, x107, x93, x97 & UINT64_C(0x6cfc5fd681c52056)); + fiat_p434_addcarryx_u64(&x110, &x111, x109, x95, x97 & UINT64_C(0x2341f27177344)); + fiat_p434_cmovznz_u64(&x112, x3, arg5[0], x98); + fiat_p434_cmovznz_u64(&x113, x3, arg5[1], x100); + fiat_p434_cmovznz_u64(&x114, x3, arg5[2], x102); + fiat_p434_cmovznz_u64(&x115, x3, arg5[3], x104); + fiat_p434_cmovznz_u64(&x116, x3, arg5[4], x106); + fiat_p434_cmovznz_u64(&x117, x3, arg5[5], x108); + fiat_p434_cmovznz_u64(&x118, x3, arg5[6], x110); x119 = (fiat_p434_uint1)(x31 & 0x1); fiat_p434_cmovznz_u64(&x120, x119, 0x0, x7); fiat_p434_cmovznz_u64(&x121, x119, 0x0, x8); @@ -4767,14 +4767,14 @@ static void fiat_p434_divstep(uint64_t* out1, uint64_t out2[8], uint64_t out3[8] fiat_p434_subborrowx_u64(&x177, &x178, x176, x163, UINT64_C(0x2341f27177344)); fiat_p434_subborrowx_u64(&x179, &x180, x178, x164, 0x0); fiat_p434_addcarryx_u64(&x181, &x182, 0x0, x6, 0x1); - x183 = ((x128 >> 1) | ((x130 << 63) & UINT64_C(0xffffffffffffffff))); - x184 = ((x130 >> 1) | ((x132 << 63) & UINT64_C(0xffffffffffffffff))); - x185 = ((x132 >> 1) | ((x134 << 63) & UINT64_C(0xffffffffffffffff))); - x186 = ((x134 >> 1) | ((x136 << 63) & UINT64_C(0xffffffffffffffff))); - x187 = ((x136 >> 1) | ((x138 << 63) & UINT64_C(0xffffffffffffffff))); - x188 = ((x138 >> 1) | ((x140 << 63) & UINT64_C(0xffffffffffffffff))); - x189 = ((x140 >> 1) | ((x142 << 63) & UINT64_C(0xffffffffffffffff))); - x190 = ((x142 & UINT64_C(0x8000000000000000)) | (x142 >> 1)); + x183 = x128 >> 1 | x130 << 63 & UINT64_C(0xffffffffffffffff); + x184 = x130 >> 1 | x132 << 63 & UINT64_C(0xffffffffffffffff); + x185 = x132 >> 1 | x134 << 63 & UINT64_C(0xffffffffffffffff); + x186 = x134 >> 1 | x136 << 63 & UINT64_C(0xffffffffffffffff); + x187 = x136 >> 1 | x138 << 63 & UINT64_C(0xffffffffffffffff); + x188 = x138 >> 1 | x140 << 63 & UINT64_C(0xffffffffffffffff); + x189 = x140 >> 1 | x142 << 63 & UINT64_C(0xffffffffffffffff); + x190 = x142 & UINT64_C(0x8000000000000000) | x142 >> 1; fiat_p434_cmovznz_u64(&x191, x75, x60, x46); fiat_p434_cmovznz_u64(&x192, x75, x62, x48); fiat_p434_cmovznz_u64(&x193, x75, x64, x50); diff --git a/fiat-c/src/p448_solinas_32.c b/fiat-c/src/p448_solinas_32.c index 64230967bb..41f65ba6f9 100644 --- a/fiat-c/src/p448_solinas_32.c +++ b/fiat-c/src/p448_solinas_32.c @@ -57,8 +57,8 @@ static void fiat_p448_addcarryx_u28(uint32_t* out1, fiat_p448_uint1* out2, fiat_ uint32_t x1; uint32_t x2; fiat_p448_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT32_C(0xfffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT32_C(0xfffffff); x3 = (fiat_p448_uint1)(x1 >> 28); *out1 = x2; *out2 = x3; @@ -83,9 +83,9 @@ static void fiat_p448_subborrowx_u28(uint32_t* out1, fiat_p448_uint1* out2, fiat int32_t x1; fiat_p448_int1 x2; uint32_t x3; - x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); + x1 = (int32_t)(arg2 - arg1) - (int32_t)arg3; x2 = (fiat_p448_int1)(x1 >> 28); - x3 = (x1 & UINT32_C(0xfffffff)); + x3 = x1 & UINT32_C(0xfffffff); *out1 = x3; *out2 = (fiat_p448_uint1)(0x0 - x2); } @@ -107,9 +107,9 @@ static void fiat_p448_cmovznz_u32(uint32_t* out1, fiat_p448_uint1 arg1, uint32_t fiat_p448_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p448_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_p448_value_barrier_u32(x2) & arg3) | (fiat_p448_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p448_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_p448_value_barrier_u32(x2) & arg3 | fiat_p448_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -608,488 +608,488 @@ static void fiat_p448_carry_mul(uint32_t out1[16], const uint32_t arg1[16], cons fiat_p448_uint1 x480; uint32_t x481; uint32_t x482; - x1 = ((uint64_t)(arg1[15]) * (arg2[15])); - x2 = ((uint64_t)(arg1[15]) * (arg2[14])); - x3 = ((uint64_t)(arg1[15]) * (arg2[13])); - x4 = ((uint64_t)(arg1[15]) * (arg2[12])); - x5 = ((uint64_t)(arg1[15]) * (arg2[11])); - x6 = ((uint64_t)(arg1[15]) * (arg2[10])); - x7 = ((uint64_t)(arg1[15]) * (arg2[9])); - x8 = ((uint64_t)(arg1[14]) * (arg2[15])); - x9 = ((uint64_t)(arg1[14]) * (arg2[14])); - x10 = ((uint64_t)(arg1[14]) * (arg2[13])); - x11 = ((uint64_t)(arg1[14]) * (arg2[12])); - x12 = ((uint64_t)(arg1[14]) * (arg2[11])); - x13 = ((uint64_t)(arg1[14]) * (arg2[10])); - x14 = ((uint64_t)(arg1[13]) * (arg2[15])); - x15 = ((uint64_t)(arg1[13]) * (arg2[14])); - x16 = ((uint64_t)(arg1[13]) * (arg2[13])); - x17 = ((uint64_t)(arg1[13]) * (arg2[12])); - x18 = ((uint64_t)(arg1[13]) * (arg2[11])); - x19 = ((uint64_t)(arg1[12]) * (arg2[15])); - x20 = ((uint64_t)(arg1[12]) * (arg2[14])); - x21 = ((uint64_t)(arg1[12]) * (arg2[13])); - x22 = ((uint64_t)(arg1[12]) * (arg2[12])); - x23 = ((uint64_t)(arg1[11]) * (arg2[15])); - x24 = ((uint64_t)(arg1[11]) * (arg2[14])); - x25 = ((uint64_t)(arg1[11]) * (arg2[13])); - x26 = ((uint64_t)(arg1[10]) * (arg2[15])); - x27 = ((uint64_t)(arg1[10]) * (arg2[14])); - x28 = ((uint64_t)(arg1[9]) * (arg2[15])); - x29 = ((uint64_t)(arg1[15]) * (arg2[15])); - x30 = ((uint64_t)(arg1[15]) * (arg2[14])); - x31 = ((uint64_t)(arg1[15]) * (arg2[13])); - x32 = ((uint64_t)(arg1[15]) * (arg2[12])); - x33 = ((uint64_t)(arg1[15]) * (arg2[11])); - x34 = ((uint64_t)(arg1[15]) * (arg2[10])); - x35 = ((uint64_t)(arg1[15]) * (arg2[9])); - x36 = ((uint64_t)(arg1[14]) * (arg2[15])); - x37 = ((uint64_t)(arg1[14]) * (arg2[14])); - x38 = ((uint64_t)(arg1[14]) * (arg2[13])); - x39 = ((uint64_t)(arg1[14]) * (arg2[12])); - x40 = ((uint64_t)(arg1[14]) * (arg2[11])); - x41 = ((uint64_t)(arg1[14]) * (arg2[10])); - x42 = ((uint64_t)(arg1[13]) * (arg2[15])); - x43 = ((uint64_t)(arg1[13]) * (arg2[14])); - x44 = ((uint64_t)(arg1[13]) * (arg2[13])); - x45 = ((uint64_t)(arg1[13]) * (arg2[12])); - x46 = ((uint64_t)(arg1[13]) * (arg2[11])); - x47 = ((uint64_t)(arg1[12]) * (arg2[15])); - x48 = ((uint64_t)(arg1[12]) * (arg2[14])); - x49 = ((uint64_t)(arg1[12]) * (arg2[13])); - x50 = ((uint64_t)(arg1[12]) * (arg2[12])); - x51 = ((uint64_t)(arg1[11]) * (arg2[15])); - x52 = ((uint64_t)(arg1[11]) * (arg2[14])); - x53 = ((uint64_t)(arg1[11]) * (arg2[13])); - x54 = ((uint64_t)(arg1[10]) * (arg2[15])); - x55 = ((uint64_t)(arg1[10]) * (arg2[14])); - x56 = ((uint64_t)(arg1[9]) * (arg2[15])); - x57 = ((uint64_t)(arg1[15]) * (arg2[15])); - x58 = ((uint64_t)(arg1[15]) * (arg2[14])); - x59 = ((uint64_t)(arg1[15]) * (arg2[13])); - x60 = ((uint64_t)(arg1[15]) * (arg2[12])); - x61 = ((uint64_t)(arg1[15]) * (arg2[11])); - x62 = ((uint64_t)(arg1[15]) * (arg2[10])); - x63 = ((uint64_t)(arg1[15]) * (arg2[9])); - x64 = ((uint64_t)(arg1[15]) * (arg2[8])); - x65 = ((uint64_t)(arg1[15]) * (arg2[7])); - x66 = ((uint64_t)(arg1[15]) * (arg2[6])); - x67 = ((uint64_t)(arg1[15]) * (arg2[5])); - x68 = ((uint64_t)(arg1[15]) * (arg2[4])); - x69 = ((uint64_t)(arg1[15]) * (arg2[3])); - x70 = ((uint64_t)(arg1[15]) * (arg2[2])); - x71 = ((uint64_t)(arg1[15]) * (arg2[1])); - x72 = ((uint64_t)(arg1[14]) * (arg2[15])); - x73 = ((uint64_t)(arg1[14]) * (arg2[14])); - x74 = ((uint64_t)(arg1[14]) * (arg2[13])); - x75 = ((uint64_t)(arg1[14]) * (arg2[12])); - x76 = ((uint64_t)(arg1[14]) * (arg2[11])); - x77 = ((uint64_t)(arg1[14]) * (arg2[10])); - x78 = ((uint64_t)(arg1[14]) * (arg2[9])); - x79 = ((uint64_t)(arg1[14]) * (arg2[8])); - x80 = ((uint64_t)(arg1[14]) * (arg2[7])); - x81 = ((uint64_t)(arg1[14]) * (arg2[6])); - x82 = ((uint64_t)(arg1[14]) * (arg2[5])); - x83 = ((uint64_t)(arg1[14]) * (arg2[4])); - x84 = ((uint64_t)(arg1[14]) * (arg2[3])); - x85 = ((uint64_t)(arg1[14]) * (arg2[2])); - x86 = ((uint64_t)(arg1[13]) * (arg2[15])); - x87 = ((uint64_t)(arg1[13]) * (arg2[14])); - x88 = ((uint64_t)(arg1[13]) * (arg2[13])); - x89 = ((uint64_t)(arg1[13]) * (arg2[12])); - x90 = ((uint64_t)(arg1[13]) * (arg2[11])); - x91 = ((uint64_t)(arg1[13]) * (arg2[10])); - x92 = ((uint64_t)(arg1[13]) * (arg2[9])); - x93 = ((uint64_t)(arg1[13]) * (arg2[8])); - x94 = ((uint64_t)(arg1[13]) * (arg2[7])); - x95 = ((uint64_t)(arg1[13]) * (arg2[6])); - x96 = ((uint64_t)(arg1[13]) * (arg2[5])); - x97 = ((uint64_t)(arg1[13]) * (arg2[4])); - x98 = ((uint64_t)(arg1[13]) * (arg2[3])); - x99 = ((uint64_t)(arg1[12]) * (arg2[15])); - x100 = ((uint64_t)(arg1[12]) * (arg2[14])); - x101 = ((uint64_t)(arg1[12]) * (arg2[13])); - x102 = ((uint64_t)(arg1[12]) * (arg2[12])); - x103 = ((uint64_t)(arg1[12]) * (arg2[11])); - x104 = ((uint64_t)(arg1[12]) * (arg2[10])); - x105 = ((uint64_t)(arg1[12]) * (arg2[9])); - x106 = ((uint64_t)(arg1[12]) * (arg2[8])); - x107 = ((uint64_t)(arg1[12]) * (arg2[7])); - x108 = ((uint64_t)(arg1[12]) * (arg2[6])); - x109 = ((uint64_t)(arg1[12]) * (arg2[5])); - x110 = ((uint64_t)(arg1[12]) * (arg2[4])); - x111 = ((uint64_t)(arg1[11]) * (arg2[15])); - x112 = ((uint64_t)(arg1[11]) * (arg2[14])); - x113 = ((uint64_t)(arg1[11]) * (arg2[13])); - x114 = ((uint64_t)(arg1[11]) * (arg2[12])); - x115 = ((uint64_t)(arg1[11]) * (arg2[11])); - x116 = ((uint64_t)(arg1[11]) * (arg2[10])); - x117 = ((uint64_t)(arg1[11]) * (arg2[9])); - x118 = ((uint64_t)(arg1[11]) * (arg2[8])); - x119 = ((uint64_t)(arg1[11]) * (arg2[7])); - x120 = ((uint64_t)(arg1[11]) * (arg2[6])); - x121 = ((uint64_t)(arg1[11]) * (arg2[5])); - x122 = ((uint64_t)(arg1[10]) * (arg2[15])); - x123 = ((uint64_t)(arg1[10]) * (arg2[14])); - x124 = ((uint64_t)(arg1[10]) * (arg2[13])); - x125 = ((uint64_t)(arg1[10]) * (arg2[12])); - x126 = ((uint64_t)(arg1[10]) * (arg2[11])); - x127 = ((uint64_t)(arg1[10]) * (arg2[10])); - x128 = ((uint64_t)(arg1[10]) * (arg2[9])); - x129 = ((uint64_t)(arg1[10]) * (arg2[8])); - x130 = ((uint64_t)(arg1[10]) * (arg2[7])); - x131 = ((uint64_t)(arg1[10]) * (arg2[6])); - x132 = ((uint64_t)(arg1[9]) * (arg2[15])); - x133 = ((uint64_t)(arg1[9]) * (arg2[14])); - x134 = ((uint64_t)(arg1[9]) * (arg2[13])); - x135 = ((uint64_t)(arg1[9]) * (arg2[12])); - x136 = ((uint64_t)(arg1[9]) * (arg2[11])); - x137 = ((uint64_t)(arg1[9]) * (arg2[10])); - x138 = ((uint64_t)(arg1[9]) * (arg2[9])); - x139 = ((uint64_t)(arg1[9]) * (arg2[8])); - x140 = ((uint64_t)(arg1[9]) * (arg2[7])); - x141 = ((uint64_t)(arg1[8]) * (arg2[15])); - x142 = ((uint64_t)(arg1[8]) * (arg2[14])); - x143 = ((uint64_t)(arg1[8]) * (arg2[13])); - x144 = ((uint64_t)(arg1[8]) * (arg2[12])); - x145 = ((uint64_t)(arg1[8]) * (arg2[11])); - x146 = ((uint64_t)(arg1[8]) * (arg2[10])); - x147 = ((uint64_t)(arg1[8]) * (arg2[9])); - x148 = ((uint64_t)(arg1[8]) * (arg2[8])); - x149 = ((uint64_t)(arg1[7]) * (arg2[15])); - x150 = ((uint64_t)(arg1[7]) * (arg2[14])); - x151 = ((uint64_t)(arg1[7]) * (arg2[13])); - x152 = ((uint64_t)(arg1[7]) * (arg2[12])); - x153 = ((uint64_t)(arg1[7]) * (arg2[11])); - x154 = ((uint64_t)(arg1[7]) * (arg2[10])); - x155 = ((uint64_t)(arg1[7]) * (arg2[9])); - x156 = ((uint64_t)(arg1[6]) * (arg2[15])); - x157 = ((uint64_t)(arg1[6]) * (arg2[14])); - x158 = ((uint64_t)(arg1[6]) * (arg2[13])); - x159 = ((uint64_t)(arg1[6]) * (arg2[12])); - x160 = ((uint64_t)(arg1[6]) * (arg2[11])); - x161 = ((uint64_t)(arg1[6]) * (arg2[10])); - x162 = ((uint64_t)(arg1[5]) * (arg2[15])); - x163 = ((uint64_t)(arg1[5]) * (arg2[14])); - x164 = ((uint64_t)(arg1[5]) * (arg2[13])); - x165 = ((uint64_t)(arg1[5]) * (arg2[12])); - x166 = ((uint64_t)(arg1[5]) * (arg2[11])); - x167 = ((uint64_t)(arg1[4]) * (arg2[15])); - x168 = ((uint64_t)(arg1[4]) * (arg2[14])); - x169 = ((uint64_t)(arg1[4]) * (arg2[13])); - x170 = ((uint64_t)(arg1[4]) * (arg2[12])); - x171 = ((uint64_t)(arg1[3]) * (arg2[15])); - x172 = ((uint64_t)(arg1[3]) * (arg2[14])); - x173 = ((uint64_t)(arg1[3]) * (arg2[13])); - x174 = ((uint64_t)(arg1[2]) * (arg2[15])); - x175 = ((uint64_t)(arg1[2]) * (arg2[14])); - x176 = ((uint64_t)(arg1[1]) * (arg2[15])); - x177 = ((uint64_t)(arg1[15]) * (arg2[8])); - x178 = ((uint64_t)(arg1[15]) * (arg2[7])); - x179 = ((uint64_t)(arg1[15]) * (arg2[6])); - x180 = ((uint64_t)(arg1[15]) * (arg2[5])); - x181 = ((uint64_t)(arg1[15]) * (arg2[4])); - x182 = ((uint64_t)(arg1[15]) * (arg2[3])); - x183 = ((uint64_t)(arg1[15]) * (arg2[2])); - x184 = ((uint64_t)(arg1[15]) * (arg2[1])); - x185 = ((uint64_t)(arg1[14]) * (arg2[9])); - x186 = ((uint64_t)(arg1[14]) * (arg2[8])); - x187 = ((uint64_t)(arg1[14]) * (arg2[7])); - x188 = ((uint64_t)(arg1[14]) * (arg2[6])); - x189 = ((uint64_t)(arg1[14]) * (arg2[5])); - x190 = ((uint64_t)(arg1[14]) * (arg2[4])); - x191 = ((uint64_t)(arg1[14]) * (arg2[3])); - x192 = ((uint64_t)(arg1[14]) * (arg2[2])); - x193 = ((uint64_t)(arg1[13]) * (arg2[10])); - x194 = ((uint64_t)(arg1[13]) * (arg2[9])); - x195 = ((uint64_t)(arg1[13]) * (arg2[8])); - x196 = ((uint64_t)(arg1[13]) * (arg2[7])); - x197 = ((uint64_t)(arg1[13]) * (arg2[6])); - x198 = ((uint64_t)(arg1[13]) * (arg2[5])); - x199 = ((uint64_t)(arg1[13]) * (arg2[4])); - x200 = ((uint64_t)(arg1[13]) * (arg2[3])); - x201 = ((uint64_t)(arg1[12]) * (arg2[11])); - x202 = ((uint64_t)(arg1[12]) * (arg2[10])); - x203 = ((uint64_t)(arg1[12]) * (arg2[9])); - x204 = ((uint64_t)(arg1[12]) * (arg2[8])); - x205 = ((uint64_t)(arg1[12]) * (arg2[7])); - x206 = ((uint64_t)(arg1[12]) * (arg2[6])); - x207 = ((uint64_t)(arg1[12]) * (arg2[5])); - x208 = ((uint64_t)(arg1[12]) * (arg2[4])); - x209 = ((uint64_t)(arg1[11]) * (arg2[12])); - x210 = ((uint64_t)(arg1[11]) * (arg2[11])); - x211 = ((uint64_t)(arg1[11]) * (arg2[10])); - x212 = ((uint64_t)(arg1[11]) * (arg2[9])); - x213 = ((uint64_t)(arg1[11]) * (arg2[8])); - x214 = ((uint64_t)(arg1[11]) * (arg2[7])); - x215 = ((uint64_t)(arg1[11]) * (arg2[6])); - x216 = ((uint64_t)(arg1[11]) * (arg2[5])); - x217 = ((uint64_t)(arg1[10]) * (arg2[13])); - x218 = ((uint64_t)(arg1[10]) * (arg2[12])); - x219 = ((uint64_t)(arg1[10]) * (arg2[11])); - x220 = ((uint64_t)(arg1[10]) * (arg2[10])); - x221 = ((uint64_t)(arg1[10]) * (arg2[9])); - x222 = ((uint64_t)(arg1[10]) * (arg2[8])); - x223 = ((uint64_t)(arg1[10]) * (arg2[7])); - x224 = ((uint64_t)(arg1[10]) * (arg2[6])); - x225 = ((uint64_t)(arg1[9]) * (arg2[14])); - x226 = ((uint64_t)(arg1[9]) * (arg2[13])); - x227 = ((uint64_t)(arg1[9]) * (arg2[12])); - x228 = ((uint64_t)(arg1[9]) * (arg2[11])); - x229 = ((uint64_t)(arg1[9]) * (arg2[10])); - x230 = ((uint64_t)(arg1[9]) * (arg2[9])); - x231 = ((uint64_t)(arg1[9]) * (arg2[8])); - x232 = ((uint64_t)(arg1[9]) * (arg2[7])); - x233 = ((uint64_t)(arg1[8]) * (arg2[15])); - x234 = ((uint64_t)(arg1[8]) * (arg2[14])); - x235 = ((uint64_t)(arg1[8]) * (arg2[13])); - x236 = ((uint64_t)(arg1[8]) * (arg2[12])); - x237 = ((uint64_t)(arg1[8]) * (arg2[11])); - x238 = ((uint64_t)(arg1[8]) * (arg2[10])); - x239 = ((uint64_t)(arg1[8]) * (arg2[9])); - x240 = ((uint64_t)(arg1[8]) * (arg2[8])); - x241 = ((uint64_t)(arg1[7]) * (arg2[15])); - x242 = ((uint64_t)(arg1[7]) * (arg2[14])); - x243 = ((uint64_t)(arg1[7]) * (arg2[13])); - x244 = ((uint64_t)(arg1[7]) * (arg2[12])); - x245 = ((uint64_t)(arg1[7]) * (arg2[11])); - x246 = ((uint64_t)(arg1[7]) * (arg2[10])); - x247 = ((uint64_t)(arg1[7]) * (arg2[9])); - x248 = ((uint64_t)(arg1[6]) * (arg2[15])); - x249 = ((uint64_t)(arg1[6]) * (arg2[14])); - x250 = ((uint64_t)(arg1[6]) * (arg2[13])); - x251 = ((uint64_t)(arg1[6]) * (arg2[12])); - x252 = ((uint64_t)(arg1[6]) * (arg2[11])); - x253 = ((uint64_t)(arg1[6]) * (arg2[10])); - x254 = ((uint64_t)(arg1[5]) * (arg2[15])); - x255 = ((uint64_t)(arg1[5]) * (arg2[14])); - x256 = ((uint64_t)(arg1[5]) * (arg2[13])); - x257 = ((uint64_t)(arg1[5]) * (arg2[12])); - x258 = ((uint64_t)(arg1[5]) * (arg2[11])); - x259 = ((uint64_t)(arg1[4]) * (arg2[15])); - x260 = ((uint64_t)(arg1[4]) * (arg2[14])); - x261 = ((uint64_t)(arg1[4]) * (arg2[13])); - x262 = ((uint64_t)(arg1[4]) * (arg2[12])); - x263 = ((uint64_t)(arg1[3]) * (arg2[15])); - x264 = ((uint64_t)(arg1[3]) * (arg2[14])); - x265 = ((uint64_t)(arg1[3]) * (arg2[13])); - x266 = ((uint64_t)(arg1[2]) * (arg2[15])); - x267 = ((uint64_t)(arg1[2]) * (arg2[14])); - x268 = ((uint64_t)(arg1[1]) * (arg2[15])); - x269 = ((uint64_t)(arg1[15]) * (arg2[0])); - x270 = ((uint64_t)(arg1[14]) * (arg2[1])); - x271 = ((uint64_t)(arg1[14]) * (arg2[0])); - x272 = ((uint64_t)(arg1[13]) * (arg2[2])); - x273 = ((uint64_t)(arg1[13]) * (arg2[1])); - x274 = ((uint64_t)(arg1[13]) * (arg2[0])); - x275 = ((uint64_t)(arg1[12]) * (arg2[3])); - x276 = ((uint64_t)(arg1[12]) * (arg2[2])); - x277 = ((uint64_t)(arg1[12]) * (arg2[1])); - x278 = ((uint64_t)(arg1[12]) * (arg2[0])); - x279 = ((uint64_t)(arg1[11]) * (arg2[4])); - x280 = ((uint64_t)(arg1[11]) * (arg2[3])); - x281 = ((uint64_t)(arg1[11]) * (arg2[2])); - x282 = ((uint64_t)(arg1[11]) * (arg2[1])); - x283 = ((uint64_t)(arg1[11]) * (arg2[0])); - x284 = ((uint64_t)(arg1[10]) * (arg2[5])); - x285 = ((uint64_t)(arg1[10]) * (arg2[4])); - x286 = ((uint64_t)(arg1[10]) * (arg2[3])); - x287 = ((uint64_t)(arg1[10]) * (arg2[2])); - x288 = ((uint64_t)(arg1[10]) * (arg2[1])); - x289 = ((uint64_t)(arg1[10]) * (arg2[0])); - x290 = ((uint64_t)(arg1[9]) * (arg2[6])); - x291 = ((uint64_t)(arg1[9]) * (arg2[5])); - x292 = ((uint64_t)(arg1[9]) * (arg2[4])); - x293 = ((uint64_t)(arg1[9]) * (arg2[3])); - x294 = ((uint64_t)(arg1[9]) * (arg2[2])); - x295 = ((uint64_t)(arg1[9]) * (arg2[1])); - x296 = ((uint64_t)(arg1[9]) * (arg2[0])); - x297 = ((uint64_t)(arg1[8]) * (arg2[7])); - x298 = ((uint64_t)(arg1[8]) * (arg2[6])); - x299 = ((uint64_t)(arg1[8]) * (arg2[5])); - x300 = ((uint64_t)(arg1[8]) * (arg2[4])); - x301 = ((uint64_t)(arg1[8]) * (arg2[3])); - x302 = ((uint64_t)(arg1[8]) * (arg2[2])); - x303 = ((uint64_t)(arg1[8]) * (arg2[1])); - x304 = ((uint64_t)(arg1[8]) * (arg2[0])); - x305 = ((uint64_t)(arg1[7]) * (arg2[8])); - x306 = ((uint64_t)(arg1[7]) * (arg2[7])); - x307 = ((uint64_t)(arg1[7]) * (arg2[6])); - x308 = ((uint64_t)(arg1[7]) * (arg2[5])); - x309 = ((uint64_t)(arg1[7]) * (arg2[4])); - x310 = ((uint64_t)(arg1[7]) * (arg2[3])); - x311 = ((uint64_t)(arg1[7]) * (arg2[2])); - x312 = ((uint64_t)(arg1[7]) * (arg2[1])); - x313 = ((uint64_t)(arg1[7]) * (arg2[0])); - x314 = ((uint64_t)(arg1[6]) * (arg2[9])); - x315 = ((uint64_t)(arg1[6]) * (arg2[8])); - x316 = ((uint64_t)(arg1[6]) * (arg2[7])); - x317 = ((uint64_t)(arg1[6]) * (arg2[6])); - x318 = ((uint64_t)(arg1[6]) * (arg2[5])); - x319 = ((uint64_t)(arg1[6]) * (arg2[4])); - x320 = ((uint64_t)(arg1[6]) * (arg2[3])); - x321 = ((uint64_t)(arg1[6]) * (arg2[2])); - x322 = ((uint64_t)(arg1[6]) * (arg2[1])); - x323 = ((uint64_t)(arg1[6]) * (arg2[0])); - x324 = ((uint64_t)(arg1[5]) * (arg2[10])); - x325 = ((uint64_t)(arg1[5]) * (arg2[9])); - x326 = ((uint64_t)(arg1[5]) * (arg2[8])); - x327 = ((uint64_t)(arg1[5]) * (arg2[7])); - x328 = ((uint64_t)(arg1[5]) * (arg2[6])); - x329 = ((uint64_t)(arg1[5]) * (arg2[5])); - x330 = ((uint64_t)(arg1[5]) * (arg2[4])); - x331 = ((uint64_t)(arg1[5]) * (arg2[3])); - x332 = ((uint64_t)(arg1[5]) * (arg2[2])); - x333 = ((uint64_t)(arg1[5]) * (arg2[1])); - x334 = ((uint64_t)(arg1[5]) * (arg2[0])); - x335 = ((uint64_t)(arg1[4]) * (arg2[11])); - x336 = ((uint64_t)(arg1[4]) * (arg2[10])); - x337 = ((uint64_t)(arg1[4]) * (arg2[9])); - x338 = ((uint64_t)(arg1[4]) * (arg2[8])); - x339 = ((uint64_t)(arg1[4]) * (arg2[7])); - x340 = ((uint64_t)(arg1[4]) * (arg2[6])); - x341 = ((uint64_t)(arg1[4]) * (arg2[5])); - x342 = ((uint64_t)(arg1[4]) * (arg2[4])); - x343 = ((uint64_t)(arg1[4]) * (arg2[3])); - x344 = ((uint64_t)(arg1[4]) * (arg2[2])); - x345 = ((uint64_t)(arg1[4]) * (arg2[1])); - x346 = ((uint64_t)(arg1[4]) * (arg2[0])); - x347 = ((uint64_t)(arg1[3]) * (arg2[12])); - x348 = ((uint64_t)(arg1[3]) * (arg2[11])); - x349 = ((uint64_t)(arg1[3]) * (arg2[10])); - x350 = ((uint64_t)(arg1[3]) * (arg2[9])); - x351 = ((uint64_t)(arg1[3]) * (arg2[8])); - x352 = ((uint64_t)(arg1[3]) * (arg2[7])); - x353 = ((uint64_t)(arg1[3]) * (arg2[6])); - x354 = ((uint64_t)(arg1[3]) * (arg2[5])); - x355 = ((uint64_t)(arg1[3]) * (arg2[4])); - x356 = ((uint64_t)(arg1[3]) * (arg2[3])); - x357 = ((uint64_t)(arg1[3]) * (arg2[2])); - x358 = ((uint64_t)(arg1[3]) * (arg2[1])); - x359 = ((uint64_t)(arg1[3]) * (arg2[0])); - x360 = ((uint64_t)(arg1[2]) * (arg2[13])); - x361 = ((uint64_t)(arg1[2]) * (arg2[12])); - x362 = ((uint64_t)(arg1[2]) * (arg2[11])); - x363 = ((uint64_t)(arg1[2]) * (arg2[10])); - x364 = ((uint64_t)(arg1[2]) * (arg2[9])); - x365 = ((uint64_t)(arg1[2]) * (arg2[8])); - x366 = ((uint64_t)(arg1[2]) * (arg2[7])); - x367 = ((uint64_t)(arg1[2]) * (arg2[6])); - x368 = ((uint64_t)(arg1[2]) * (arg2[5])); - x369 = ((uint64_t)(arg1[2]) * (arg2[4])); - x370 = ((uint64_t)(arg1[2]) * (arg2[3])); - x371 = ((uint64_t)(arg1[2]) * (arg2[2])); - x372 = ((uint64_t)(arg1[2]) * (arg2[1])); - x373 = ((uint64_t)(arg1[2]) * (arg2[0])); - x374 = ((uint64_t)(arg1[1]) * (arg2[14])); - x375 = ((uint64_t)(arg1[1]) * (arg2[13])); - x376 = ((uint64_t)(arg1[1]) * (arg2[12])); - x377 = ((uint64_t)(arg1[1]) * (arg2[11])); - x378 = ((uint64_t)(arg1[1]) * (arg2[10])); - x379 = ((uint64_t)(arg1[1]) * (arg2[9])); - x380 = ((uint64_t)(arg1[1]) * (arg2[8])); - x381 = ((uint64_t)(arg1[1]) * (arg2[7])); - x382 = ((uint64_t)(arg1[1]) * (arg2[6])); - x383 = ((uint64_t)(arg1[1]) * (arg2[5])); - x384 = ((uint64_t)(arg1[1]) * (arg2[4])); - x385 = ((uint64_t)(arg1[1]) * (arg2[3])); - x386 = ((uint64_t)(arg1[1]) * (arg2[2])); - x387 = ((uint64_t)(arg1[1]) * (arg2[1])); - x388 = ((uint64_t)(arg1[1]) * (arg2[0])); - x389 = ((uint64_t)(arg1[0]) * (arg2[15])); - x390 = ((uint64_t)(arg1[0]) * (arg2[14])); - x391 = ((uint64_t)(arg1[0]) * (arg2[13])); - x392 = ((uint64_t)(arg1[0]) * (arg2[12])); - x393 = ((uint64_t)(arg1[0]) * (arg2[11])); - x394 = ((uint64_t)(arg1[0]) * (arg2[10])); - x395 = ((uint64_t)(arg1[0]) * (arg2[9])); - x396 = ((uint64_t)(arg1[0]) * (arg2[8])); - x397 = ((uint64_t)(arg1[0]) * (arg2[7])); - x398 = ((uint64_t)(arg1[0]) * (arg2[6])); - x399 = ((uint64_t)(arg1[0]) * (arg2[5])); - x400 = ((uint64_t)(arg1[0]) * (arg2[4])); - x401 = ((uint64_t)(arg1[0]) * (arg2[3])); - x402 = ((uint64_t)(arg1[0]) * (arg2[2])); - x403 = ((uint64_t)(arg1[0]) * (arg2[1])); - x404 = ((uint64_t)(arg1[0]) * (arg2[0])); - x405 = (x397 + (x382 + (x368 + (x355 + (x343 + (x332 + (x322 + (x313 + (x141 + (x133 + (x124 + (x114 + (x103 + (x91 + (x78 + x64))))))))))))))); - x406 = (x405 >> 28); + x1 = (uint64_t)arg1[15] * arg2[15]; + x2 = (uint64_t)arg1[15] * arg2[14]; + x3 = (uint64_t)arg1[15] * arg2[13]; + x4 = (uint64_t)arg1[15] * arg2[12]; + x5 = (uint64_t)arg1[15] * arg2[11]; + x6 = (uint64_t)arg1[15] * arg2[10]; + x7 = (uint64_t)arg1[15] * arg2[9]; + x8 = (uint64_t)arg1[14] * arg2[15]; + x9 = (uint64_t)arg1[14] * arg2[14]; + x10 = (uint64_t)arg1[14] * arg2[13]; + x11 = (uint64_t)arg1[14] * arg2[12]; + x12 = (uint64_t)arg1[14] * arg2[11]; + x13 = (uint64_t)arg1[14] * arg2[10]; + x14 = (uint64_t)arg1[13] * arg2[15]; + x15 = (uint64_t)arg1[13] * arg2[14]; + x16 = (uint64_t)arg1[13] * arg2[13]; + x17 = (uint64_t)arg1[13] * arg2[12]; + x18 = (uint64_t)arg1[13] * arg2[11]; + x19 = (uint64_t)arg1[12] * arg2[15]; + x20 = (uint64_t)arg1[12] * arg2[14]; + x21 = (uint64_t)arg1[12] * arg2[13]; + x22 = (uint64_t)arg1[12] * arg2[12]; + x23 = (uint64_t)arg1[11] * arg2[15]; + x24 = (uint64_t)arg1[11] * arg2[14]; + x25 = (uint64_t)arg1[11] * arg2[13]; + x26 = (uint64_t)arg1[10] * arg2[15]; + x27 = (uint64_t)arg1[10] * arg2[14]; + x28 = (uint64_t)arg1[9] * arg2[15]; + x29 = (uint64_t)arg1[15] * arg2[15]; + x30 = (uint64_t)arg1[15] * arg2[14]; + x31 = (uint64_t)arg1[15] * arg2[13]; + x32 = (uint64_t)arg1[15] * arg2[12]; + x33 = (uint64_t)arg1[15] * arg2[11]; + x34 = (uint64_t)arg1[15] * arg2[10]; + x35 = (uint64_t)arg1[15] * arg2[9]; + x36 = (uint64_t)arg1[14] * arg2[15]; + x37 = (uint64_t)arg1[14] * arg2[14]; + x38 = (uint64_t)arg1[14] * arg2[13]; + x39 = (uint64_t)arg1[14] * arg2[12]; + x40 = (uint64_t)arg1[14] * arg2[11]; + x41 = (uint64_t)arg1[14] * arg2[10]; + x42 = (uint64_t)arg1[13] * arg2[15]; + x43 = (uint64_t)arg1[13] * arg2[14]; + x44 = (uint64_t)arg1[13] * arg2[13]; + x45 = (uint64_t)arg1[13] * arg2[12]; + x46 = (uint64_t)arg1[13] * arg2[11]; + x47 = (uint64_t)arg1[12] * arg2[15]; + x48 = (uint64_t)arg1[12] * arg2[14]; + x49 = (uint64_t)arg1[12] * arg2[13]; + x50 = (uint64_t)arg1[12] * arg2[12]; + x51 = (uint64_t)arg1[11] * arg2[15]; + x52 = (uint64_t)arg1[11] * arg2[14]; + x53 = (uint64_t)arg1[11] * arg2[13]; + x54 = (uint64_t)arg1[10] * arg2[15]; + x55 = (uint64_t)arg1[10] * arg2[14]; + x56 = (uint64_t)arg1[9] * arg2[15]; + x57 = (uint64_t)arg1[15] * arg2[15]; + x58 = (uint64_t)arg1[15] * arg2[14]; + x59 = (uint64_t)arg1[15] * arg2[13]; + x60 = (uint64_t)arg1[15] * arg2[12]; + x61 = (uint64_t)arg1[15] * arg2[11]; + x62 = (uint64_t)arg1[15] * arg2[10]; + x63 = (uint64_t)arg1[15] * arg2[9]; + x64 = (uint64_t)arg1[15] * arg2[8]; + x65 = (uint64_t)arg1[15] * arg2[7]; + x66 = (uint64_t)arg1[15] * arg2[6]; + x67 = (uint64_t)arg1[15] * arg2[5]; + x68 = (uint64_t)arg1[15] * arg2[4]; + x69 = (uint64_t)arg1[15] * arg2[3]; + x70 = (uint64_t)arg1[15] * arg2[2]; + x71 = (uint64_t)arg1[15] * arg2[1]; + x72 = (uint64_t)arg1[14] * arg2[15]; + x73 = (uint64_t)arg1[14] * arg2[14]; + x74 = (uint64_t)arg1[14] * arg2[13]; + x75 = (uint64_t)arg1[14] * arg2[12]; + x76 = (uint64_t)arg1[14] * arg2[11]; + x77 = (uint64_t)arg1[14] * arg2[10]; + x78 = (uint64_t)arg1[14] * arg2[9]; + x79 = (uint64_t)arg1[14] * arg2[8]; + x80 = (uint64_t)arg1[14] * arg2[7]; + x81 = (uint64_t)arg1[14] * arg2[6]; + x82 = (uint64_t)arg1[14] * arg2[5]; + x83 = (uint64_t)arg1[14] * arg2[4]; + x84 = (uint64_t)arg1[14] * arg2[3]; + x85 = (uint64_t)arg1[14] * arg2[2]; + x86 = (uint64_t)arg1[13] * arg2[15]; + x87 = (uint64_t)arg1[13] * arg2[14]; + x88 = (uint64_t)arg1[13] * arg2[13]; + x89 = (uint64_t)arg1[13] * arg2[12]; + x90 = (uint64_t)arg1[13] * arg2[11]; + x91 = (uint64_t)arg1[13] * arg2[10]; + x92 = (uint64_t)arg1[13] * arg2[9]; + x93 = (uint64_t)arg1[13] * arg2[8]; + x94 = (uint64_t)arg1[13] * arg2[7]; + x95 = (uint64_t)arg1[13] * arg2[6]; + x96 = (uint64_t)arg1[13] * arg2[5]; + x97 = (uint64_t)arg1[13] * arg2[4]; + x98 = (uint64_t)arg1[13] * arg2[3]; + x99 = (uint64_t)arg1[12] * arg2[15]; + x100 = (uint64_t)arg1[12] * arg2[14]; + x101 = (uint64_t)arg1[12] * arg2[13]; + x102 = (uint64_t)arg1[12] * arg2[12]; + x103 = (uint64_t)arg1[12] * arg2[11]; + x104 = (uint64_t)arg1[12] * arg2[10]; + x105 = (uint64_t)arg1[12] * arg2[9]; + x106 = (uint64_t)arg1[12] * arg2[8]; + x107 = (uint64_t)arg1[12] * arg2[7]; + x108 = (uint64_t)arg1[12] * arg2[6]; + x109 = (uint64_t)arg1[12] * arg2[5]; + x110 = (uint64_t)arg1[12] * arg2[4]; + x111 = (uint64_t)arg1[11] * arg2[15]; + x112 = (uint64_t)arg1[11] * arg2[14]; + x113 = (uint64_t)arg1[11] * arg2[13]; + x114 = (uint64_t)arg1[11] * arg2[12]; + x115 = (uint64_t)arg1[11] * arg2[11]; + x116 = (uint64_t)arg1[11] * arg2[10]; + x117 = (uint64_t)arg1[11] * arg2[9]; + x118 = (uint64_t)arg1[11] * arg2[8]; + x119 = (uint64_t)arg1[11] * arg2[7]; + x120 = (uint64_t)arg1[11] * arg2[6]; + x121 = (uint64_t)arg1[11] * arg2[5]; + x122 = (uint64_t)arg1[10] * arg2[15]; + x123 = (uint64_t)arg1[10] * arg2[14]; + x124 = (uint64_t)arg1[10] * arg2[13]; + x125 = (uint64_t)arg1[10] * arg2[12]; + x126 = (uint64_t)arg1[10] * arg2[11]; + x127 = (uint64_t)arg1[10] * arg2[10]; + x128 = (uint64_t)arg1[10] * arg2[9]; + x129 = (uint64_t)arg1[10] * arg2[8]; + x130 = (uint64_t)arg1[10] * arg2[7]; + x131 = (uint64_t)arg1[10] * arg2[6]; + x132 = (uint64_t)arg1[9] * arg2[15]; + x133 = (uint64_t)arg1[9] * arg2[14]; + x134 = (uint64_t)arg1[9] * arg2[13]; + x135 = (uint64_t)arg1[9] * arg2[12]; + x136 = (uint64_t)arg1[9] * arg2[11]; + x137 = (uint64_t)arg1[9] * arg2[10]; + x138 = (uint64_t)arg1[9] * arg2[9]; + x139 = (uint64_t)arg1[9] * arg2[8]; + x140 = (uint64_t)arg1[9] * arg2[7]; + x141 = (uint64_t)arg1[8] * arg2[15]; + x142 = (uint64_t)arg1[8] * arg2[14]; + x143 = (uint64_t)arg1[8] * arg2[13]; + x144 = (uint64_t)arg1[8] * arg2[12]; + x145 = (uint64_t)arg1[8] * arg2[11]; + x146 = (uint64_t)arg1[8] * arg2[10]; + x147 = (uint64_t)arg1[8] * arg2[9]; + x148 = (uint64_t)arg1[8] * arg2[8]; + x149 = (uint64_t)arg1[7] * arg2[15]; + x150 = (uint64_t)arg1[7] * arg2[14]; + x151 = (uint64_t)arg1[7] * arg2[13]; + x152 = (uint64_t)arg1[7] * arg2[12]; + x153 = (uint64_t)arg1[7] * arg2[11]; + x154 = (uint64_t)arg1[7] * arg2[10]; + x155 = (uint64_t)arg1[7] * arg2[9]; + x156 = (uint64_t)arg1[6] * arg2[15]; + x157 = (uint64_t)arg1[6] * arg2[14]; + x158 = (uint64_t)arg1[6] * arg2[13]; + x159 = (uint64_t)arg1[6] * arg2[12]; + x160 = (uint64_t)arg1[6] * arg2[11]; + x161 = (uint64_t)arg1[6] * arg2[10]; + x162 = (uint64_t)arg1[5] * arg2[15]; + x163 = (uint64_t)arg1[5] * arg2[14]; + x164 = (uint64_t)arg1[5] * arg2[13]; + x165 = (uint64_t)arg1[5] * arg2[12]; + x166 = (uint64_t)arg1[5] * arg2[11]; + x167 = (uint64_t)arg1[4] * arg2[15]; + x168 = (uint64_t)arg1[4] * arg2[14]; + x169 = (uint64_t)arg1[4] * arg2[13]; + x170 = (uint64_t)arg1[4] * arg2[12]; + x171 = (uint64_t)arg1[3] * arg2[15]; + x172 = (uint64_t)arg1[3] * arg2[14]; + x173 = (uint64_t)arg1[3] * arg2[13]; + x174 = (uint64_t)arg1[2] * arg2[15]; + x175 = (uint64_t)arg1[2] * arg2[14]; + x176 = (uint64_t)arg1[1] * arg2[15]; + x177 = (uint64_t)arg1[15] * arg2[8]; + x178 = (uint64_t)arg1[15] * arg2[7]; + x179 = (uint64_t)arg1[15] * arg2[6]; + x180 = (uint64_t)arg1[15] * arg2[5]; + x181 = (uint64_t)arg1[15] * arg2[4]; + x182 = (uint64_t)arg1[15] * arg2[3]; + x183 = (uint64_t)arg1[15] * arg2[2]; + x184 = (uint64_t)arg1[15] * arg2[1]; + x185 = (uint64_t)arg1[14] * arg2[9]; + x186 = (uint64_t)arg1[14] * arg2[8]; + x187 = (uint64_t)arg1[14] * arg2[7]; + x188 = (uint64_t)arg1[14] * arg2[6]; + x189 = (uint64_t)arg1[14] * arg2[5]; + x190 = (uint64_t)arg1[14] * arg2[4]; + x191 = (uint64_t)arg1[14] * arg2[3]; + x192 = (uint64_t)arg1[14] * arg2[2]; + x193 = (uint64_t)arg1[13] * arg2[10]; + x194 = (uint64_t)arg1[13] * arg2[9]; + x195 = (uint64_t)arg1[13] * arg2[8]; + x196 = (uint64_t)arg1[13] * arg2[7]; + x197 = (uint64_t)arg1[13] * arg2[6]; + x198 = (uint64_t)arg1[13] * arg2[5]; + x199 = (uint64_t)arg1[13] * arg2[4]; + x200 = (uint64_t)arg1[13] * arg2[3]; + x201 = (uint64_t)arg1[12] * arg2[11]; + x202 = (uint64_t)arg1[12] * arg2[10]; + x203 = (uint64_t)arg1[12] * arg2[9]; + x204 = (uint64_t)arg1[12] * arg2[8]; + x205 = (uint64_t)arg1[12] * arg2[7]; + x206 = (uint64_t)arg1[12] * arg2[6]; + x207 = (uint64_t)arg1[12] * arg2[5]; + x208 = (uint64_t)arg1[12] * arg2[4]; + x209 = (uint64_t)arg1[11] * arg2[12]; + x210 = (uint64_t)arg1[11] * arg2[11]; + x211 = (uint64_t)arg1[11] * arg2[10]; + x212 = (uint64_t)arg1[11] * arg2[9]; + x213 = (uint64_t)arg1[11] * arg2[8]; + x214 = (uint64_t)arg1[11] * arg2[7]; + x215 = (uint64_t)arg1[11] * arg2[6]; + x216 = (uint64_t)arg1[11] * arg2[5]; + x217 = (uint64_t)arg1[10] * arg2[13]; + x218 = (uint64_t)arg1[10] * arg2[12]; + x219 = (uint64_t)arg1[10] * arg2[11]; + x220 = (uint64_t)arg1[10] * arg2[10]; + x221 = (uint64_t)arg1[10] * arg2[9]; + x222 = (uint64_t)arg1[10] * arg2[8]; + x223 = (uint64_t)arg1[10] * arg2[7]; + x224 = (uint64_t)arg1[10] * arg2[6]; + x225 = (uint64_t)arg1[9] * arg2[14]; + x226 = (uint64_t)arg1[9] * arg2[13]; + x227 = (uint64_t)arg1[9] * arg2[12]; + x228 = (uint64_t)arg1[9] * arg2[11]; + x229 = (uint64_t)arg1[9] * arg2[10]; + x230 = (uint64_t)arg1[9] * arg2[9]; + x231 = (uint64_t)arg1[9] * arg2[8]; + x232 = (uint64_t)arg1[9] * arg2[7]; + x233 = (uint64_t)arg1[8] * arg2[15]; + x234 = (uint64_t)arg1[8] * arg2[14]; + x235 = (uint64_t)arg1[8] * arg2[13]; + x236 = (uint64_t)arg1[8] * arg2[12]; + x237 = (uint64_t)arg1[8] * arg2[11]; + x238 = (uint64_t)arg1[8] * arg2[10]; + x239 = (uint64_t)arg1[8] * arg2[9]; + x240 = (uint64_t)arg1[8] * arg2[8]; + x241 = (uint64_t)arg1[7] * arg2[15]; + x242 = (uint64_t)arg1[7] * arg2[14]; + x243 = (uint64_t)arg1[7] * arg2[13]; + x244 = (uint64_t)arg1[7] * arg2[12]; + x245 = (uint64_t)arg1[7] * arg2[11]; + x246 = (uint64_t)arg1[7] * arg2[10]; + x247 = (uint64_t)arg1[7] * arg2[9]; + x248 = (uint64_t)arg1[6] * arg2[15]; + x249 = (uint64_t)arg1[6] * arg2[14]; + x250 = (uint64_t)arg1[6] * arg2[13]; + x251 = (uint64_t)arg1[6] * arg2[12]; + x252 = (uint64_t)arg1[6] * arg2[11]; + x253 = (uint64_t)arg1[6] * arg2[10]; + x254 = (uint64_t)arg1[5] * arg2[15]; + x255 = (uint64_t)arg1[5] * arg2[14]; + x256 = (uint64_t)arg1[5] * arg2[13]; + x257 = (uint64_t)arg1[5] * arg2[12]; + x258 = (uint64_t)arg1[5] * arg2[11]; + x259 = (uint64_t)arg1[4] * arg2[15]; + x260 = (uint64_t)arg1[4] * arg2[14]; + x261 = (uint64_t)arg1[4] * arg2[13]; + x262 = (uint64_t)arg1[4] * arg2[12]; + x263 = (uint64_t)arg1[3] * arg2[15]; + x264 = (uint64_t)arg1[3] * arg2[14]; + x265 = (uint64_t)arg1[3] * arg2[13]; + x266 = (uint64_t)arg1[2] * arg2[15]; + x267 = (uint64_t)arg1[2] * arg2[14]; + x268 = (uint64_t)arg1[1] * arg2[15]; + x269 = (uint64_t)arg1[15] * arg2[0]; + x270 = (uint64_t)arg1[14] * arg2[1]; + x271 = (uint64_t)arg1[14] * arg2[0]; + x272 = (uint64_t)arg1[13] * arg2[2]; + x273 = (uint64_t)arg1[13] * arg2[1]; + x274 = (uint64_t)arg1[13] * arg2[0]; + x275 = (uint64_t)arg1[12] * arg2[3]; + x276 = (uint64_t)arg1[12] * arg2[2]; + x277 = (uint64_t)arg1[12] * arg2[1]; + x278 = (uint64_t)arg1[12] * arg2[0]; + x279 = (uint64_t)arg1[11] * arg2[4]; + x280 = (uint64_t)arg1[11] * arg2[3]; + x281 = (uint64_t)arg1[11] * arg2[2]; + x282 = (uint64_t)arg1[11] * arg2[1]; + x283 = (uint64_t)arg1[11] * arg2[0]; + x284 = (uint64_t)arg1[10] * arg2[5]; + x285 = (uint64_t)arg1[10] * arg2[4]; + x286 = (uint64_t)arg1[10] * arg2[3]; + x287 = (uint64_t)arg1[10] * arg2[2]; + x288 = (uint64_t)arg1[10] * arg2[1]; + x289 = (uint64_t)arg1[10] * arg2[0]; + x290 = (uint64_t)arg1[9] * arg2[6]; + x291 = (uint64_t)arg1[9] * arg2[5]; + x292 = (uint64_t)arg1[9] * arg2[4]; + x293 = (uint64_t)arg1[9] * arg2[3]; + x294 = (uint64_t)arg1[9] * arg2[2]; + x295 = (uint64_t)arg1[9] * arg2[1]; + x296 = (uint64_t)arg1[9] * arg2[0]; + x297 = (uint64_t)arg1[8] * arg2[7]; + x298 = (uint64_t)arg1[8] * arg2[6]; + x299 = (uint64_t)arg1[8] * arg2[5]; + x300 = (uint64_t)arg1[8] * arg2[4]; + x301 = (uint64_t)arg1[8] * arg2[3]; + x302 = (uint64_t)arg1[8] * arg2[2]; + x303 = (uint64_t)arg1[8] * arg2[1]; + x304 = (uint64_t)arg1[8] * arg2[0]; + x305 = (uint64_t)arg1[7] * arg2[8]; + x306 = (uint64_t)arg1[7] * arg2[7]; + x307 = (uint64_t)arg1[7] * arg2[6]; + x308 = (uint64_t)arg1[7] * arg2[5]; + x309 = (uint64_t)arg1[7] * arg2[4]; + x310 = (uint64_t)arg1[7] * arg2[3]; + x311 = (uint64_t)arg1[7] * arg2[2]; + x312 = (uint64_t)arg1[7] * arg2[1]; + x313 = (uint64_t)arg1[7] * arg2[0]; + x314 = (uint64_t)arg1[6] * arg2[9]; + x315 = (uint64_t)arg1[6] * arg2[8]; + x316 = (uint64_t)arg1[6] * arg2[7]; + x317 = (uint64_t)arg1[6] * arg2[6]; + x318 = (uint64_t)arg1[6] * arg2[5]; + x319 = (uint64_t)arg1[6] * arg2[4]; + x320 = (uint64_t)arg1[6] * arg2[3]; + x321 = (uint64_t)arg1[6] * arg2[2]; + x322 = (uint64_t)arg1[6] * arg2[1]; + x323 = (uint64_t)arg1[6] * arg2[0]; + x324 = (uint64_t)arg1[5] * arg2[10]; + x325 = (uint64_t)arg1[5] * arg2[9]; + x326 = (uint64_t)arg1[5] * arg2[8]; + x327 = (uint64_t)arg1[5] * arg2[7]; + x328 = (uint64_t)arg1[5] * arg2[6]; + x329 = (uint64_t)arg1[5] * arg2[5]; + x330 = (uint64_t)arg1[5] * arg2[4]; + x331 = (uint64_t)arg1[5] * arg2[3]; + x332 = (uint64_t)arg1[5] * arg2[2]; + x333 = (uint64_t)arg1[5] * arg2[1]; + x334 = (uint64_t)arg1[5] * arg2[0]; + x335 = (uint64_t)arg1[4] * arg2[11]; + x336 = (uint64_t)arg1[4] * arg2[10]; + x337 = (uint64_t)arg1[4] * arg2[9]; + x338 = (uint64_t)arg1[4] * arg2[8]; + x339 = (uint64_t)arg1[4] * arg2[7]; + x340 = (uint64_t)arg1[4] * arg2[6]; + x341 = (uint64_t)arg1[4] * arg2[5]; + x342 = (uint64_t)arg1[4] * arg2[4]; + x343 = (uint64_t)arg1[4] * arg2[3]; + x344 = (uint64_t)arg1[4] * arg2[2]; + x345 = (uint64_t)arg1[4] * arg2[1]; + x346 = (uint64_t)arg1[4] * arg2[0]; + x347 = (uint64_t)arg1[3] * arg2[12]; + x348 = (uint64_t)arg1[3] * arg2[11]; + x349 = (uint64_t)arg1[3] * arg2[10]; + x350 = (uint64_t)arg1[3] * arg2[9]; + x351 = (uint64_t)arg1[3] * arg2[8]; + x352 = (uint64_t)arg1[3] * arg2[7]; + x353 = (uint64_t)arg1[3] * arg2[6]; + x354 = (uint64_t)arg1[3] * arg2[5]; + x355 = (uint64_t)arg1[3] * arg2[4]; + x356 = (uint64_t)arg1[3] * arg2[3]; + x357 = (uint64_t)arg1[3] * arg2[2]; + x358 = (uint64_t)arg1[3] * arg2[1]; + x359 = (uint64_t)arg1[3] * arg2[0]; + x360 = (uint64_t)arg1[2] * arg2[13]; + x361 = (uint64_t)arg1[2] * arg2[12]; + x362 = (uint64_t)arg1[2] * arg2[11]; + x363 = (uint64_t)arg1[2] * arg2[10]; + x364 = (uint64_t)arg1[2] * arg2[9]; + x365 = (uint64_t)arg1[2] * arg2[8]; + x366 = (uint64_t)arg1[2] * arg2[7]; + x367 = (uint64_t)arg1[2] * arg2[6]; + x368 = (uint64_t)arg1[2] * arg2[5]; + x369 = (uint64_t)arg1[2] * arg2[4]; + x370 = (uint64_t)arg1[2] * arg2[3]; + x371 = (uint64_t)arg1[2] * arg2[2]; + x372 = (uint64_t)arg1[2] * arg2[1]; + x373 = (uint64_t)arg1[2] * arg2[0]; + x374 = (uint64_t)arg1[1] * arg2[14]; + x375 = (uint64_t)arg1[1] * arg2[13]; + x376 = (uint64_t)arg1[1] * arg2[12]; + x377 = (uint64_t)arg1[1] * arg2[11]; + x378 = (uint64_t)arg1[1] * arg2[10]; + x379 = (uint64_t)arg1[1] * arg2[9]; + x380 = (uint64_t)arg1[1] * arg2[8]; + x381 = (uint64_t)arg1[1] * arg2[7]; + x382 = (uint64_t)arg1[1] * arg2[6]; + x383 = (uint64_t)arg1[1] * arg2[5]; + x384 = (uint64_t)arg1[1] * arg2[4]; + x385 = (uint64_t)arg1[1] * arg2[3]; + x386 = (uint64_t)arg1[1] * arg2[2]; + x387 = (uint64_t)arg1[1] * arg2[1]; + x388 = (uint64_t)arg1[1] * arg2[0]; + x389 = (uint64_t)arg1[0] * arg2[15]; + x390 = (uint64_t)arg1[0] * arg2[14]; + x391 = (uint64_t)arg1[0] * arg2[13]; + x392 = (uint64_t)arg1[0] * arg2[12]; + x393 = (uint64_t)arg1[0] * arg2[11]; + x394 = (uint64_t)arg1[0] * arg2[10]; + x395 = (uint64_t)arg1[0] * arg2[9]; + x396 = (uint64_t)arg1[0] * arg2[8]; + x397 = (uint64_t)arg1[0] * arg2[7]; + x398 = (uint64_t)arg1[0] * arg2[6]; + x399 = (uint64_t)arg1[0] * arg2[5]; + x400 = (uint64_t)arg1[0] * arg2[4]; + x401 = (uint64_t)arg1[0] * arg2[3]; + x402 = (uint64_t)arg1[0] * arg2[2]; + x403 = (uint64_t)arg1[0] * arg2[1]; + x404 = (uint64_t)arg1[0] * arg2[0]; + x405 = x397 + (x382 + (x368 + (x355 + (x343 + (x332 + (x322 + (x313 + (x141 + (x133 + (x124 + (x114 + (x103 + (x91 + (x78 + x64)))))))))))))); + x406 = x405 >> 28; x407 = (uint32_t)(x405 & UINT32_C(0xfffffff)); - x408 = (x389 + (x374 + (x360 + (x347 + (x335 + (x324 + (x314 + (x305 + (x297 + (x290 + (x284 + (x279 + (x275 + (x272 + (x270 + (x269 + (x233 + (x225 + (x217 + (x209 + (x201 + (x193 + (x185 + x177))))))))))))))))))))))); - x409 = (x390 + (x375 + (x361 + (x348 + (x336 + (x325 + (x315 + (x306 + (x298 + (x291 + (x285 + (x280 + (x276 + (x273 + (x271 + (x241 + (x234 + (x226 + (x218 + (x210 + (x202 + (x194 + (x186 + (x178 + (x57 + x29))))))))))))))))))))))))); - x410 = (x391 + (x376 + (x362 + (x349 + (x337 + (x326 + (x316 + (x307 + (x299 + (x292 + (x286 + (x281 + (x277 + (x274 + (x248 + (x242 + (x235 + (x227 + (x219 + (x211 + (x203 + (x195 + (x187 + (x179 + (x72 + (x58 + (x36 + x30))))))))))))))))))))))))))); - x411 = (x392 + ((fiat_p448_uint128)x377 + (x363 + (x350 + (x338 + (x327 + (x317 + (x308 + (x300 + (x293 + (x287 + (x282 + (x278 + (x254 + (x249 + (x243 + (x236 + (x228 + (x220 + (x212 + (x204 + (x196 + (x188 + (x180 + (x86 + (x73 + (x59 + (x42 + (x37 + x31))))))))))))))))))))))))))))); - x412 = (x393 + (x378 + (x364 + ((fiat_p448_uint128)x351 + (x339 + (x328 + (x318 + (x309 + (x301 + (x294 + (x288 + (x283 + (x259 + (x255 + (x250 + (x244 + (x237 + (x229 + (x221 + (x213 + (x205 + (x197 + (x189 + (x181 + (x99 + (x87 + (x74 + (x60 + (x47 + (x43 + (x38 + x32))))))))))))))))))))))))))))))); - x413 = (x394 + (x379 + (x365 + (x352 + (x340 + ((fiat_p448_uint128)x329 + (x319 + (x310 + (x302 + (x295 + (x289 + (x263 + (x260 + (x256 + (x251 + (x245 + (x238 + (x230 + (x222 + (x214 + (x206 + (x198 + (x190 + (x182 + (x111 + (x100 + (x88 + (x75 + (x61 + (x51 + (x48 + (x44 + (x39 + x33))))))))))))))))))))))))))))))))); - x414 = (x395 + (x380 + (x366 + (x353 + (x341 + (x330 + (x320 + ((fiat_p448_uint128)x311 + (x303 + (x296 + (x266 + (x264 + (x261 + (x257 + (x252 + (x246 + (x239 + (x231 + (x223 + (x215 + (x207 + (x199 + (x191 + (x183 + (x122 + (x112 + (x101 + (x89 + (x76 + (x62 + (x54 + (x52 + (x49 + (x45 + (x40 + x34))))))))))))))))))))))))))))))))))); - x415 = (x396 + (x381 + (x367 + (x354 + (x342 + (x331 + (x321 + (x312 + (x304 + ((fiat_p448_uint128)x268 + (x267 + (x265 + (x262 + (x258 + (x253 + (x247 + (x240 + (x232 + (x224 + (x216 + (x208 + (x200 + (x192 + (x184 + (x132 + (x123 + (x113 + (x102 + (x90 + (x77 + (x63 + (x56 + (x55 + (x53 + (x50 + (x46 + (x41 + x35))))))))))))))))))))))))))))))))))))); - x416 = (x398 + (x383 + (x369 + (x356 + (x344 + (x333 + (x323 + (x149 + (x142 + (x134 + (x125 + (x115 + (x104 + (x92 + (x79 + (x65 + x1)))))))))))))))); - x417 = (x399 + (x384 + (x370 + (x357 + (x345 + (x334 + (x156 + (x150 + (x143 + (x135 + (x126 + (x116 + (x105 + (x93 + (x80 + (x66 + (x8 + x2))))))))))))))))); - x418 = (x400 + (x385 + (x371 + (x358 + (x346 + (x162 + (x157 + (x151 + (x144 + (x136 + (x127 + (x117 + (x106 + (x94 + (x81 + (x67 + (x14 + (x9 + x3)))))))))))))))))); - x419 = (x401 + (x386 + (x372 + (x359 + (x167 + (x163 + (x158 + (x152 + (x145 + (x137 + (x128 + (x118 + (x107 + (x95 + (x82 + (x68 + (x19 + (x15 + (x10 + x4))))))))))))))))))); - x420 = (x402 + (x387 + (x373 + (x171 + (x168 + (x164 + (x159 + (x153 + (x146 + (x138 + (x129 + (x119 + (x108 + (x96 + (x83 + (x69 + (x23 + (x20 + (x16 + (x11 + x5)))))))))))))))))))); - x421 = (x403 + (x388 + (x174 + (x172 + (x169 + (x165 + (x160 + (x154 + (x147 + (x139 + (x130 + (x120 + (x109 + (x97 + (x84 + (x70 + (x26 + (x24 + (x21 + (x17 + (x12 + x6))))))))))))))))))))); - x422 = (x404 + (x176 + (x175 + (x173 + (x170 + (x166 + (x161 + (x155 + (x148 + (x140 + (x131 + (x121 + (x110 + (x98 + (x85 + (x71 + (x28 + (x27 + (x25 + (x22 + (x18 + (x13 + x7)))))))))))))))))))))); - x423 = (x406 + x415); - x424 = (x408 >> 28); + x408 = x389 + (x374 + (x360 + (x347 + (x335 + (x324 + (x314 + (x305 + (x297 + (x290 + (x284 + (x279 + (x275 + (x272 + (x270 + (x269 + (x233 + (x225 + (x217 + (x209 + (x201 + (x193 + (x185 + x177)))))))))))))))))))))); + x409 = x390 + (x375 + (x361 + (x348 + (x336 + (x325 + (x315 + (x306 + (x298 + (x291 + (x285 + (x280 + (x276 + (x273 + (x271 + (x241 + (x234 + (x226 + (x218 + (x210 + (x202 + (x194 + (x186 + (x178 + (x57 + x29)))))))))))))))))))))))); + x410 = x391 + (x376 + (x362 + (x349 + (x337 + (x326 + (x316 + (x307 + (x299 + (x292 + (x286 + (x281 + (x277 + (x274 + (x248 + (x242 + (x235 + (x227 + (x219 + (x211 + (x203 + (x195 + (x187 + (x179 + (x72 + (x58 + (x36 + x30)))))))))))))))))))))))))); + x411 = x392 + ((fiat_p448_uint128)x377 + (x363 + (x350 + (x338 + (x327 + (x317 + (x308 + (x300 + (x293 + (x287 + (x282 + (x278 + (x254 + (x249 + (x243 + (x236 + (x228 + (x220 + (x212 + (x204 + (x196 + (x188 + (x180 + (x86 + (x73 + (x59 + (x42 + (x37 + x31)))))))))))))))))))))))))))); + x412 = x393 + (x378 + (x364 + ((fiat_p448_uint128)x351 + (x339 + (x328 + (x318 + (x309 + (x301 + (x294 + (x288 + (x283 + (x259 + (x255 + (x250 + (x244 + (x237 + (x229 + (x221 + (x213 + (x205 + (x197 + (x189 + (x181 + (x99 + (x87 + (x74 + (x60 + (x47 + (x43 + (x38 + x32)))))))))))))))))))))))))))))); + x413 = x394 + (x379 + (x365 + (x352 + (x340 + ((fiat_p448_uint128)x329 + (x319 + (x310 + (x302 + (x295 + (x289 + (x263 + (x260 + (x256 + (x251 + (x245 + (x238 + (x230 + (x222 + (x214 + (x206 + (x198 + (x190 + (x182 + (x111 + (x100 + (x88 + (x75 + (x61 + (x51 + (x48 + (x44 + (x39 + x33)))))))))))))))))))))))))))))))); + x414 = x395 + (x380 + (x366 + (x353 + (x341 + (x330 + (x320 + ((fiat_p448_uint128)x311 + (x303 + (x296 + (x266 + (x264 + (x261 + (x257 + (x252 + (x246 + (x239 + (x231 + (x223 + (x215 + (x207 + (x199 + (x191 + (x183 + (x122 + (x112 + (x101 + (x89 + (x76 + (x62 + (x54 + (x52 + (x49 + (x45 + (x40 + x34)))))))))))))))))))))))))))))))))); + x415 = x396 + (x381 + (x367 + (x354 + (x342 + (x331 + (x321 + (x312 + (x304 + ((fiat_p448_uint128)x268 + (x267 + (x265 + (x262 + (x258 + (x253 + (x247 + (x240 + (x232 + (x224 + (x216 + (x208 + (x200 + (x192 + (x184 + (x132 + (x123 + (x113 + (x102 + (x90 + (x77 + (x63 + (x56 + (x55 + (x53 + (x50 + (x46 + (x41 + x35)))))))))))))))))))))))))))))))))))); + x416 = x398 + (x383 + (x369 + (x356 + (x344 + (x333 + (x323 + (x149 + (x142 + (x134 + (x125 + (x115 + (x104 + (x92 + (x79 + (x65 + x1))))))))))))))); + x417 = x399 + (x384 + (x370 + (x357 + (x345 + (x334 + (x156 + (x150 + (x143 + (x135 + (x126 + (x116 + (x105 + (x93 + (x80 + (x66 + (x8 + x2)))))))))))))))); + x418 = x400 + (x385 + (x371 + (x358 + (x346 + (x162 + (x157 + (x151 + (x144 + (x136 + (x127 + (x117 + (x106 + (x94 + (x81 + (x67 + (x14 + (x9 + x3))))))))))))))))); + x419 = x401 + (x386 + (x372 + (x359 + (x167 + (x163 + (x158 + (x152 + (x145 + (x137 + (x128 + (x118 + (x107 + (x95 + (x82 + (x68 + (x19 + (x15 + (x10 + x4)))))))))))))))))); + x420 = x402 + (x387 + (x373 + (x171 + (x168 + (x164 + (x159 + (x153 + (x146 + (x138 + (x129 + (x119 + (x108 + (x96 + (x83 + (x69 + (x23 + (x20 + (x16 + (x11 + x5))))))))))))))))))); + x421 = x403 + (x388 + (x174 + (x172 + (x169 + (x165 + (x160 + (x154 + (x147 + (x139 + (x130 + (x120 + (x109 + (x97 + (x84 + (x70 + (x26 + (x24 + (x21 + (x17 + (x12 + x6)))))))))))))))))))); + x422 = x404 + (x176 + (x175 + (x173 + (x170 + (x166 + (x161 + (x155 + (x148 + (x140 + (x131 + (x121 + (x110 + (x98 + (x85 + (x71 + (x28 + (x27 + (x25 + (x22 + (x18 + (x13 + x7))))))))))))))))))))); + x423 = x406 + x415; + x424 = x408 >> 28; x425 = (uint32_t)(x408 & UINT32_C(0xfffffff)); - x426 = (x423 + x424); + x426 = x423 + x424; x427 = (uint64_t)(x426 >> 28); x428 = (uint32_t)(x426 & UINT32_C(0xfffffff)); - x429 = (x422 + x424); - x430 = (x427 + x414); - x431 = (x429 >> 28); + x429 = x422 + x424; + x430 = x427 + x414; + x431 = x429 >> 28; x432 = (uint32_t)(x429 & UINT32_C(0xfffffff)); - x433 = (x431 + x421); + x433 = x431 + x421; x434 = (uint64_t)(x430 >> 28); x435 = (uint32_t)(x430 & UINT32_C(0xfffffff)); - x436 = (x434 + x413); - x437 = (x433 >> 28); + x436 = x434 + x413; + x437 = x433 >> 28; x438 = (uint32_t)(x433 & UINT32_C(0xfffffff)); - x439 = (x437 + x420); + x439 = x437 + x420; x440 = (uint64_t)(x436 >> 28); x441 = (uint32_t)(x436 & UINT32_C(0xfffffff)); - x442 = (x440 + x412); - x443 = (x439 >> 28); + x442 = x440 + x412; + x443 = x439 >> 28; x444 = (uint32_t)(x439 & UINT32_C(0xfffffff)); - x445 = (x443 + x419); + x445 = x443 + x419; x446 = (uint64_t)(x442 >> 28); x447 = (uint32_t)(x442 & UINT32_C(0xfffffff)); - x448 = (x446 + x411); - x449 = (x445 >> 28); + x448 = x446 + x411; + x449 = x445 >> 28; x450 = (uint32_t)(x445 & UINT32_C(0xfffffff)); - x451 = (x449 + x418); + x451 = x449 + x418; x452 = (uint64_t)(x448 >> 28); x453 = (uint32_t)(x448 & UINT32_C(0xfffffff)); - x454 = (x452 + x410); - x455 = (x451 >> 28); + x454 = x452 + x410; + x455 = x451 >> 28; x456 = (uint32_t)(x451 & UINT32_C(0xfffffff)); - x457 = (x455 + x417); - x458 = (x454 >> 28); + x457 = x455 + x417; + x458 = x454 >> 28; x459 = (uint32_t)(x454 & UINT32_C(0xfffffff)); - x460 = (x458 + x409); - x461 = (x457 >> 28); + x460 = x458 + x409; + x461 = x457 >> 28; x462 = (uint32_t)(x457 & UINT32_C(0xfffffff)); - x463 = (x461 + x416); - x464 = (x460 >> 28); + x463 = x461 + x416; + x464 = x460 >> 28; x465 = (uint32_t)(x460 & UINT32_C(0xfffffff)); - x466 = (x464 + x425); - x467 = (x463 >> 28); + x466 = x464 + x425; + x467 = x463 >> 28; x468 = (uint32_t)(x463 & UINT32_C(0xfffffff)); - x469 = (x467 + x407); + x469 = x467 + x407; x470 = (uint32_t)(x466 >> 28); x471 = (uint32_t)(x466 & UINT32_C(0xfffffff)); x472 = (uint32_t)(x469 >> 28); x473 = (uint32_t)(x469 & UINT32_C(0xfffffff)); - x474 = (x428 + x470); - x475 = (x432 + x470); - x476 = (x472 + x474); + x474 = x428 + x470; + x475 = x432 + x470; + x476 = x472 + x474; x477 = (fiat_p448_uint1)(x476 >> 28); - x478 = (x476 & UINT32_C(0xfffffff)); - x479 = (x477 + x435); + x478 = x476 & UINT32_C(0xfffffff); + x479 = x477 + x435; x480 = (fiat_p448_uint1)(x475 >> 28); - x481 = (x475 & UINT32_C(0xfffffff)); - x482 = (x480 + x438); + x481 = x475 & UINT32_C(0xfffffff); + x482 = x480 + x438; out1[0] = x481; out1[1] = x482; out1[2] = x444; @@ -1459,345 +1459,345 @@ static void fiat_p448_carry_square(uint32_t out1[16], const uint32_t arg1[16]) { fiat_p448_uint1 x337; uint32_t x338; uint32_t x339; - x1 = (arg1[15]); - x2 = (arg1[15]); - x3 = (x1 * 0x2); - x4 = (x2 * 0x2); - x5 = ((arg1[15]) * 0x2); - x6 = (arg1[14]); - x7 = (arg1[14]); - x8 = (x6 * 0x2); - x9 = (x7 * 0x2); - x10 = ((arg1[14]) * 0x2); - x11 = (arg1[13]); - x12 = (arg1[13]); - x13 = (x11 * 0x2); - x14 = (x12 * 0x2); - x15 = ((arg1[13]) * 0x2); - x16 = (arg1[12]); - x17 = (arg1[12]); - x18 = (x16 * 0x2); - x19 = (x17 * 0x2); - x20 = ((arg1[12]) * 0x2); - x21 = (arg1[11]); - x22 = (arg1[11]); - x23 = (x21 * 0x2); - x24 = (x22 * 0x2); - x25 = ((arg1[11]) * 0x2); - x26 = (arg1[10]); - x27 = (arg1[10]); - x28 = (x26 * 0x2); - x29 = (x27 * 0x2); - x30 = ((arg1[10]) * 0x2); - x31 = (arg1[9]); - x32 = (arg1[9]); - x33 = (x31 * 0x2); - x34 = (x32 * 0x2); - x35 = ((arg1[9]) * 0x2); - x36 = (arg1[8]); - x37 = (arg1[8]); - x38 = ((arg1[8]) * 0x2); - x39 = ((arg1[7]) * 0x2); - x40 = ((arg1[6]) * 0x2); - x41 = ((arg1[5]) * 0x2); - x42 = ((arg1[4]) * 0x2); - x43 = ((arg1[3]) * 0x2); - x44 = ((arg1[2]) * 0x2); - x45 = ((arg1[1]) * 0x2); - x46 = ((uint64_t)(arg1[15]) * x1); - x47 = ((uint64_t)(arg1[14]) * x3); - x48 = ((uint64_t)(arg1[14]) * x6); - x49 = ((uint64_t)(arg1[13]) * x3); - x50 = ((uint64_t)(arg1[13]) * x8); - x51 = ((uint64_t)(arg1[13]) * x11); - x52 = ((uint64_t)(arg1[12]) * x3); - x53 = ((uint64_t)(arg1[12]) * x8); - x54 = ((uint64_t)(arg1[12]) * x13); - x55 = ((uint64_t)(arg1[12]) * x16); - x56 = ((uint64_t)(arg1[11]) * x3); - x57 = ((uint64_t)(arg1[11]) * x8); - x58 = ((uint64_t)(arg1[11]) * x13); - x59 = ((uint64_t)(arg1[10]) * x3); - x60 = ((uint64_t)(arg1[10]) * x8); - x61 = ((uint64_t)(arg1[9]) * x3); - x62 = ((uint64_t)(arg1[15]) * x1); - x63 = ((uint64_t)(arg1[14]) * x3); - x64 = ((uint64_t)(arg1[14]) * x6); - x65 = ((uint64_t)(arg1[13]) * x3); - x66 = ((uint64_t)(arg1[13]) * x8); - x67 = ((uint64_t)(arg1[13]) * x11); - x68 = ((uint64_t)(arg1[12]) * x3); - x69 = ((uint64_t)(arg1[12]) * x8); - x70 = ((uint64_t)(arg1[12]) * x13); - x71 = ((uint64_t)(arg1[12]) * x16); - x72 = ((uint64_t)(arg1[11]) * x3); - x73 = ((uint64_t)(arg1[11]) * x8); - x74 = ((uint64_t)(arg1[11]) * x13); - x75 = ((uint64_t)(arg1[10]) * x3); - x76 = ((uint64_t)(arg1[10]) * x8); - x77 = ((uint64_t)(arg1[9]) * x3); - x78 = ((uint64_t)(arg1[15]) * x2); - x79 = ((uint64_t)(arg1[14]) * x4); - x80 = ((uint64_t)(arg1[14]) * x7); - x81 = ((uint64_t)(arg1[13]) * x4); - x82 = ((uint64_t)(arg1[13]) * x9); - x83 = ((uint64_t)(arg1[13]) * x12); - x84 = ((uint64_t)(arg1[12]) * x4); - x85 = ((uint64_t)(arg1[12]) * x9); - x86 = ((uint64_t)(arg1[12]) * x14); - x87 = ((uint64_t)(arg1[12]) * x17); - x88 = ((uint64_t)(arg1[11]) * x4); - x89 = ((uint64_t)(arg1[11]) * x9); - x90 = ((uint64_t)(arg1[11]) * x14); - x91 = ((uint64_t)(arg1[11]) * x19); - x92 = ((uint64_t)(arg1[11]) * x18); - x93 = ((uint64_t)(arg1[11]) * x22); - x94 = ((uint64_t)(arg1[11]) * x21); - x95 = ((uint64_t)(arg1[10]) * x4); - x96 = ((uint64_t)(arg1[10]) * x9); - x97 = ((uint64_t)(arg1[10]) * x14); - x98 = ((uint64_t)(arg1[10]) * x13); - x99 = ((uint64_t)(arg1[10]) * x19); - x100 = ((uint64_t)(arg1[10]) * x18); - x101 = ((uint64_t)(arg1[10]) * x24); - x102 = ((uint64_t)(arg1[10]) * x23); - x103 = ((uint64_t)(arg1[10]) * x27); - x104 = ((uint64_t)(arg1[10]) * x26); - x105 = ((uint64_t)(arg1[9]) * x4); - x106 = ((uint64_t)(arg1[9]) * x9); - x107 = ((uint64_t)(arg1[9]) * x8); - x108 = ((uint64_t)(arg1[9]) * x14); - x109 = ((uint64_t)(arg1[9]) * x13); - x110 = ((uint64_t)(arg1[9]) * x19); - x111 = ((uint64_t)(arg1[9]) * x18); - x112 = ((uint64_t)(arg1[9]) * x24); - x113 = ((uint64_t)(arg1[9]) * x23); - x114 = ((uint64_t)(arg1[9]) * x29); - x115 = ((uint64_t)(arg1[9]) * x28); - x116 = ((uint64_t)(arg1[9]) * x32); - x117 = ((uint64_t)(arg1[9]) * x31); - x118 = ((uint64_t)(arg1[8]) * x4); - x119 = ((uint64_t)(arg1[8]) * x3); - x120 = ((uint64_t)(arg1[8]) * x9); - x121 = ((uint64_t)(arg1[8]) * x8); - x122 = ((uint64_t)(arg1[8]) * x14); - x123 = ((uint64_t)(arg1[8]) * x13); - x124 = ((uint64_t)(arg1[8]) * x19); - x125 = ((uint64_t)(arg1[8]) * x18); - x126 = ((uint64_t)(arg1[8]) * x24); - x127 = ((uint64_t)(arg1[8]) * x23); - x128 = ((uint64_t)(arg1[8]) * x29); - x129 = ((uint64_t)(arg1[8]) * x28); - x130 = ((uint64_t)(arg1[8]) * x34); - x131 = ((uint64_t)(arg1[8]) * x33); - x132 = ((uint64_t)(arg1[8]) * x37); - x133 = ((uint64_t)(arg1[8]) * x36); - x134 = ((uint64_t)(arg1[7]) * x4); - x135 = ((uint64_t)(arg1[7]) * x3); - x136 = ((uint64_t)(arg1[7]) * x9); - x137 = ((uint64_t)(arg1[7]) * x8); - x138 = ((uint64_t)(arg1[7]) * x14); - x139 = ((uint64_t)(arg1[7]) * x13); - x140 = ((uint64_t)(arg1[7]) * x19); - x141 = ((uint64_t)(arg1[7]) * x18); - x142 = ((uint64_t)(arg1[7]) * x24); - x143 = ((uint64_t)(arg1[7]) * x23); - x144 = ((uint64_t)(arg1[7]) * x29); - x145 = ((uint64_t)(arg1[7]) * x28); - x146 = ((uint64_t)(arg1[7]) * x34); - x147 = ((uint64_t)(arg1[7]) * x33); - x148 = ((uint64_t)(arg1[7]) * x38); - x149 = ((uint64_t)(arg1[7]) * (arg1[7])); - x150 = ((uint64_t)(arg1[6]) * x4); - x151 = ((uint64_t)(arg1[6]) * x3); - x152 = ((uint64_t)(arg1[6]) * x9); - x153 = ((uint64_t)(arg1[6]) * x8); - x154 = ((uint64_t)(arg1[6]) * x14); - x155 = ((uint64_t)(arg1[6]) * x13); - x156 = ((uint64_t)(arg1[6]) * x19); - x157 = ((uint64_t)(arg1[6]) * x18); - x158 = ((uint64_t)(arg1[6]) * x24); - x159 = ((uint64_t)(arg1[6]) * x23); - x160 = ((uint64_t)(arg1[6]) * x29); - x161 = ((uint64_t)(arg1[6]) * x28); - x162 = ((uint64_t)(arg1[6]) * x35); - x163 = ((uint64_t)(arg1[6]) * x38); - x164 = ((uint64_t)(arg1[6]) * x39); - x165 = ((uint64_t)(arg1[6]) * (arg1[6])); - x166 = ((uint64_t)(arg1[5]) * x4); - x167 = ((uint64_t)(arg1[5]) * x3); - x168 = ((uint64_t)(arg1[5]) * x9); - x169 = ((uint64_t)(arg1[5]) * x8); - x170 = ((uint64_t)(arg1[5]) * x14); - x171 = ((uint64_t)(arg1[5]) * x13); - x172 = ((uint64_t)(arg1[5]) * x19); - x173 = ((uint64_t)(arg1[5]) * x18); - x174 = ((uint64_t)(arg1[5]) * x24); - x175 = ((uint64_t)(arg1[5]) * x23); - x176 = ((uint64_t)(arg1[5]) * x30); - x177 = ((uint64_t)(arg1[5]) * x35); - x178 = ((uint64_t)(arg1[5]) * x38); - x179 = ((uint64_t)(arg1[5]) * x39); - x180 = ((uint64_t)(arg1[5]) * x40); - x181 = ((uint64_t)(arg1[5]) * (arg1[5])); - x182 = ((uint64_t)(arg1[4]) * x4); - x183 = ((uint64_t)(arg1[4]) * x3); - x184 = ((uint64_t)(arg1[4]) * x9); - x185 = ((uint64_t)(arg1[4]) * x8); - x186 = ((uint64_t)(arg1[4]) * x14); - x187 = ((uint64_t)(arg1[4]) * x13); - x188 = ((uint64_t)(arg1[4]) * x19); - x189 = ((uint64_t)(arg1[4]) * x18); - x190 = ((uint64_t)(arg1[4]) * x25); - x191 = ((uint64_t)(arg1[4]) * x30); - x192 = ((uint64_t)(arg1[4]) * x35); - x193 = ((uint64_t)(arg1[4]) * x38); - x194 = ((uint64_t)(arg1[4]) * x39); - x195 = ((uint64_t)(arg1[4]) * x40); - x196 = ((uint64_t)(arg1[4]) * x41); - x197 = ((uint64_t)(arg1[4]) * (arg1[4])); - x198 = ((uint64_t)(arg1[3]) * x4); - x199 = ((uint64_t)(arg1[3]) * x3); - x200 = ((uint64_t)(arg1[3]) * x9); - x201 = ((uint64_t)(arg1[3]) * x8); - x202 = ((uint64_t)(arg1[3]) * x14); - x203 = ((uint64_t)(arg1[3]) * x13); - x204 = ((uint64_t)(arg1[3]) * x20); - x205 = ((uint64_t)(arg1[3]) * x25); - x206 = ((uint64_t)(arg1[3]) * x30); - x207 = ((uint64_t)(arg1[3]) * x35); - x208 = ((uint64_t)(arg1[3]) * x38); - x209 = ((uint64_t)(arg1[3]) * x39); - x210 = ((uint64_t)(arg1[3]) * x40); - x211 = ((uint64_t)(arg1[3]) * x41); - x212 = ((uint64_t)(arg1[3]) * x42); - x213 = ((uint64_t)(arg1[3]) * (arg1[3])); - x214 = ((uint64_t)(arg1[2]) * x4); - x215 = ((uint64_t)(arg1[2]) * x3); - x216 = ((uint64_t)(arg1[2]) * x9); - x217 = ((uint64_t)(arg1[2]) * x8); - x218 = ((uint64_t)(arg1[2]) * x15); - x219 = ((uint64_t)(arg1[2]) * x20); - x220 = ((uint64_t)(arg1[2]) * x25); - x221 = ((uint64_t)(arg1[2]) * x30); - x222 = ((uint64_t)(arg1[2]) * x35); - x223 = ((uint64_t)(arg1[2]) * x38); - x224 = ((uint64_t)(arg1[2]) * x39); - x225 = ((uint64_t)(arg1[2]) * x40); - x226 = ((uint64_t)(arg1[2]) * x41); - x227 = ((uint64_t)(arg1[2]) * x42); - x228 = ((uint64_t)(arg1[2]) * x43); - x229 = ((uint64_t)(arg1[2]) * (arg1[2])); - x230 = ((uint64_t)(arg1[1]) * x4); - x231 = ((uint64_t)(arg1[1]) * x3); - x232 = ((uint64_t)(arg1[1]) * x10); - x233 = ((uint64_t)(arg1[1]) * x15); - x234 = ((uint64_t)(arg1[1]) * x20); - x235 = ((uint64_t)(arg1[1]) * x25); - x236 = ((uint64_t)(arg1[1]) * x30); - x237 = ((uint64_t)(arg1[1]) * x35); - x238 = ((uint64_t)(arg1[1]) * x38); - x239 = ((uint64_t)(arg1[1]) * x39); - x240 = ((uint64_t)(arg1[1]) * x40); - x241 = ((uint64_t)(arg1[1]) * x41); - x242 = ((uint64_t)(arg1[1]) * x42); - x243 = ((uint64_t)(arg1[1]) * x43); - x244 = ((uint64_t)(arg1[1]) * x44); - x245 = ((uint64_t)(arg1[1]) * (arg1[1])); - x246 = ((uint64_t)(arg1[0]) * x5); - x247 = ((uint64_t)(arg1[0]) * x10); - x248 = ((uint64_t)(arg1[0]) * x15); - x249 = ((uint64_t)(arg1[0]) * x20); - x250 = ((uint64_t)(arg1[0]) * x25); - x251 = ((uint64_t)(arg1[0]) * x30); - x252 = ((uint64_t)(arg1[0]) * x35); - x253 = ((uint64_t)(arg1[0]) * x38); - x254 = ((uint64_t)(arg1[0]) * x39); - x255 = ((uint64_t)(arg1[0]) * x40); - x256 = ((uint64_t)(arg1[0]) * x41); - x257 = ((uint64_t)(arg1[0]) * x42); - x258 = ((uint64_t)(arg1[0]) * x43); - x259 = ((uint64_t)(arg1[0]) * x44); - x260 = ((uint64_t)(arg1[0]) * x45); - x261 = ((uint64_t)(arg1[0]) * (arg1[0])); - x262 = (x254 + (x240 + (x226 + (x212 + (x118 + (x106 + (x97 + x91))))))); - x263 = (x262 >> 28); + x1 = arg1[15]; + x2 = arg1[15]; + x3 = x1 * 0x2; + x4 = x2 * 0x2; + x5 = arg1[15] * 0x2; + x6 = arg1[14]; + x7 = arg1[14]; + x8 = x6 * 0x2; + x9 = x7 * 0x2; + x10 = arg1[14] * 0x2; + x11 = arg1[13]; + x12 = arg1[13]; + x13 = x11 * 0x2; + x14 = x12 * 0x2; + x15 = arg1[13] * 0x2; + x16 = arg1[12]; + x17 = arg1[12]; + x18 = x16 * 0x2; + x19 = x17 * 0x2; + x20 = arg1[12] * 0x2; + x21 = arg1[11]; + x22 = arg1[11]; + x23 = x21 * 0x2; + x24 = x22 * 0x2; + x25 = arg1[11] * 0x2; + x26 = arg1[10]; + x27 = arg1[10]; + x28 = x26 * 0x2; + x29 = x27 * 0x2; + x30 = arg1[10] * 0x2; + x31 = arg1[9]; + x32 = arg1[9]; + x33 = x31 * 0x2; + x34 = x32 * 0x2; + x35 = arg1[9] * 0x2; + x36 = arg1[8]; + x37 = arg1[8]; + x38 = arg1[8] * 0x2; + x39 = arg1[7] * 0x2; + x40 = arg1[6] * 0x2; + x41 = arg1[5] * 0x2; + x42 = arg1[4] * 0x2; + x43 = arg1[3] * 0x2; + x44 = arg1[2] * 0x2; + x45 = arg1[1] * 0x2; + x46 = (uint64_t)arg1[15] * x1; + x47 = (uint64_t)arg1[14] * x3; + x48 = (uint64_t)arg1[14] * x6; + x49 = (uint64_t)arg1[13] * x3; + x50 = (uint64_t)arg1[13] * x8; + x51 = (uint64_t)arg1[13] * x11; + x52 = (uint64_t)arg1[12] * x3; + x53 = (uint64_t)arg1[12] * x8; + x54 = (uint64_t)arg1[12] * x13; + x55 = (uint64_t)arg1[12] * x16; + x56 = (uint64_t)arg1[11] * x3; + x57 = (uint64_t)arg1[11] * x8; + x58 = (uint64_t)arg1[11] * x13; + x59 = (uint64_t)arg1[10] * x3; + x60 = (uint64_t)arg1[10] * x8; + x61 = (uint64_t)arg1[9] * x3; + x62 = (uint64_t)arg1[15] * x1; + x63 = (uint64_t)arg1[14] * x3; + x64 = (uint64_t)arg1[14] * x6; + x65 = (uint64_t)arg1[13] * x3; + x66 = (uint64_t)arg1[13] * x8; + x67 = (uint64_t)arg1[13] * x11; + x68 = (uint64_t)arg1[12] * x3; + x69 = (uint64_t)arg1[12] * x8; + x70 = (uint64_t)arg1[12] * x13; + x71 = (uint64_t)arg1[12] * x16; + x72 = (uint64_t)arg1[11] * x3; + x73 = (uint64_t)arg1[11] * x8; + x74 = (uint64_t)arg1[11] * x13; + x75 = (uint64_t)arg1[10] * x3; + x76 = (uint64_t)arg1[10] * x8; + x77 = (uint64_t)arg1[9] * x3; + x78 = (uint64_t)arg1[15] * x2; + x79 = (uint64_t)arg1[14] * x4; + x80 = (uint64_t)arg1[14] * x7; + x81 = (uint64_t)arg1[13] * x4; + x82 = (uint64_t)arg1[13] * x9; + x83 = (uint64_t)arg1[13] * x12; + x84 = (uint64_t)arg1[12] * x4; + x85 = (uint64_t)arg1[12] * x9; + x86 = (uint64_t)arg1[12] * x14; + x87 = (uint64_t)arg1[12] * x17; + x88 = (uint64_t)arg1[11] * x4; + x89 = (uint64_t)arg1[11] * x9; + x90 = (uint64_t)arg1[11] * x14; + x91 = (uint64_t)arg1[11] * x19; + x92 = (uint64_t)arg1[11] * x18; + x93 = (uint64_t)arg1[11] * x22; + x94 = (uint64_t)arg1[11] * x21; + x95 = (uint64_t)arg1[10] * x4; + x96 = (uint64_t)arg1[10] * x9; + x97 = (uint64_t)arg1[10] * x14; + x98 = (uint64_t)arg1[10] * x13; + x99 = (uint64_t)arg1[10] * x19; + x100 = (uint64_t)arg1[10] * x18; + x101 = (uint64_t)arg1[10] * x24; + x102 = (uint64_t)arg1[10] * x23; + x103 = (uint64_t)arg1[10] * x27; + x104 = (uint64_t)arg1[10] * x26; + x105 = (uint64_t)arg1[9] * x4; + x106 = (uint64_t)arg1[9] * x9; + x107 = (uint64_t)arg1[9] * x8; + x108 = (uint64_t)arg1[9] * x14; + x109 = (uint64_t)arg1[9] * x13; + x110 = (uint64_t)arg1[9] * x19; + x111 = (uint64_t)arg1[9] * x18; + x112 = (uint64_t)arg1[9] * x24; + x113 = (uint64_t)arg1[9] * x23; + x114 = (uint64_t)arg1[9] * x29; + x115 = (uint64_t)arg1[9] * x28; + x116 = (uint64_t)arg1[9] * x32; + x117 = (uint64_t)arg1[9] * x31; + x118 = (uint64_t)arg1[8] * x4; + x119 = (uint64_t)arg1[8] * x3; + x120 = (uint64_t)arg1[8] * x9; + x121 = (uint64_t)arg1[8] * x8; + x122 = (uint64_t)arg1[8] * x14; + x123 = (uint64_t)arg1[8] * x13; + x124 = (uint64_t)arg1[8] * x19; + x125 = (uint64_t)arg1[8] * x18; + x126 = (uint64_t)arg1[8] * x24; + x127 = (uint64_t)arg1[8] * x23; + x128 = (uint64_t)arg1[8] * x29; + x129 = (uint64_t)arg1[8] * x28; + x130 = (uint64_t)arg1[8] * x34; + x131 = (uint64_t)arg1[8] * x33; + x132 = (uint64_t)arg1[8] * x37; + x133 = (uint64_t)arg1[8] * x36; + x134 = (uint64_t)arg1[7] * x4; + x135 = (uint64_t)arg1[7] * x3; + x136 = (uint64_t)arg1[7] * x9; + x137 = (uint64_t)arg1[7] * x8; + x138 = (uint64_t)arg1[7] * x14; + x139 = (uint64_t)arg1[7] * x13; + x140 = (uint64_t)arg1[7] * x19; + x141 = (uint64_t)arg1[7] * x18; + x142 = (uint64_t)arg1[7] * x24; + x143 = (uint64_t)arg1[7] * x23; + x144 = (uint64_t)arg1[7] * x29; + x145 = (uint64_t)arg1[7] * x28; + x146 = (uint64_t)arg1[7] * x34; + x147 = (uint64_t)arg1[7] * x33; + x148 = (uint64_t)arg1[7] * x38; + x149 = (uint64_t)arg1[7] * arg1[7]; + x150 = (uint64_t)arg1[6] * x4; + x151 = (uint64_t)arg1[6] * x3; + x152 = (uint64_t)arg1[6] * x9; + x153 = (uint64_t)arg1[6] * x8; + x154 = (uint64_t)arg1[6] * x14; + x155 = (uint64_t)arg1[6] * x13; + x156 = (uint64_t)arg1[6] * x19; + x157 = (uint64_t)arg1[6] * x18; + x158 = (uint64_t)arg1[6] * x24; + x159 = (uint64_t)arg1[6] * x23; + x160 = (uint64_t)arg1[6] * x29; + x161 = (uint64_t)arg1[6] * x28; + x162 = (uint64_t)arg1[6] * x35; + x163 = (uint64_t)arg1[6] * x38; + x164 = (uint64_t)arg1[6] * x39; + x165 = (uint64_t)arg1[6] * arg1[6]; + x166 = (uint64_t)arg1[5] * x4; + x167 = (uint64_t)arg1[5] * x3; + x168 = (uint64_t)arg1[5] * x9; + x169 = (uint64_t)arg1[5] * x8; + x170 = (uint64_t)arg1[5] * x14; + x171 = (uint64_t)arg1[5] * x13; + x172 = (uint64_t)arg1[5] * x19; + x173 = (uint64_t)arg1[5] * x18; + x174 = (uint64_t)arg1[5] * x24; + x175 = (uint64_t)arg1[5] * x23; + x176 = (uint64_t)arg1[5] * x30; + x177 = (uint64_t)arg1[5] * x35; + x178 = (uint64_t)arg1[5] * x38; + x179 = (uint64_t)arg1[5] * x39; + x180 = (uint64_t)arg1[5] * x40; + x181 = (uint64_t)arg1[5] * arg1[5]; + x182 = (uint64_t)arg1[4] * x4; + x183 = (uint64_t)arg1[4] * x3; + x184 = (uint64_t)arg1[4] * x9; + x185 = (uint64_t)arg1[4] * x8; + x186 = (uint64_t)arg1[4] * x14; + x187 = (uint64_t)arg1[4] * x13; + x188 = (uint64_t)arg1[4] * x19; + x189 = (uint64_t)arg1[4] * x18; + x190 = (uint64_t)arg1[4] * x25; + x191 = (uint64_t)arg1[4] * x30; + x192 = (uint64_t)arg1[4] * x35; + x193 = (uint64_t)arg1[4] * x38; + x194 = (uint64_t)arg1[4] * x39; + x195 = (uint64_t)arg1[4] * x40; + x196 = (uint64_t)arg1[4] * x41; + x197 = (uint64_t)arg1[4] * arg1[4]; + x198 = (uint64_t)arg1[3] * x4; + x199 = (uint64_t)arg1[3] * x3; + x200 = (uint64_t)arg1[3] * x9; + x201 = (uint64_t)arg1[3] * x8; + x202 = (uint64_t)arg1[3] * x14; + x203 = (uint64_t)arg1[3] * x13; + x204 = (uint64_t)arg1[3] * x20; + x205 = (uint64_t)arg1[3] * x25; + x206 = (uint64_t)arg1[3] * x30; + x207 = (uint64_t)arg1[3] * x35; + x208 = (uint64_t)arg1[3] * x38; + x209 = (uint64_t)arg1[3] * x39; + x210 = (uint64_t)arg1[3] * x40; + x211 = (uint64_t)arg1[3] * x41; + x212 = (uint64_t)arg1[3] * x42; + x213 = (uint64_t)arg1[3] * arg1[3]; + x214 = (uint64_t)arg1[2] * x4; + x215 = (uint64_t)arg1[2] * x3; + x216 = (uint64_t)arg1[2] * x9; + x217 = (uint64_t)arg1[2] * x8; + x218 = (uint64_t)arg1[2] * x15; + x219 = (uint64_t)arg1[2] * x20; + x220 = (uint64_t)arg1[2] * x25; + x221 = (uint64_t)arg1[2] * x30; + x222 = (uint64_t)arg1[2] * x35; + x223 = (uint64_t)arg1[2] * x38; + x224 = (uint64_t)arg1[2] * x39; + x225 = (uint64_t)arg1[2] * x40; + x226 = (uint64_t)arg1[2] * x41; + x227 = (uint64_t)arg1[2] * x42; + x228 = (uint64_t)arg1[2] * x43; + x229 = (uint64_t)arg1[2] * arg1[2]; + x230 = (uint64_t)arg1[1] * x4; + x231 = (uint64_t)arg1[1] * x3; + x232 = (uint64_t)arg1[1] * x10; + x233 = (uint64_t)arg1[1] * x15; + x234 = (uint64_t)arg1[1] * x20; + x235 = (uint64_t)arg1[1] * x25; + x236 = (uint64_t)arg1[1] * x30; + x237 = (uint64_t)arg1[1] * x35; + x238 = (uint64_t)arg1[1] * x38; + x239 = (uint64_t)arg1[1] * x39; + x240 = (uint64_t)arg1[1] * x40; + x241 = (uint64_t)arg1[1] * x41; + x242 = (uint64_t)arg1[1] * x42; + x243 = (uint64_t)arg1[1] * x43; + x244 = (uint64_t)arg1[1] * x44; + x245 = (uint64_t)arg1[1] * arg1[1]; + x246 = (uint64_t)arg1[0] * x5; + x247 = (uint64_t)arg1[0] * x10; + x248 = (uint64_t)arg1[0] * x15; + x249 = (uint64_t)arg1[0] * x20; + x250 = (uint64_t)arg1[0] * x25; + x251 = (uint64_t)arg1[0] * x30; + x252 = (uint64_t)arg1[0] * x35; + x253 = (uint64_t)arg1[0] * x38; + x254 = (uint64_t)arg1[0] * x39; + x255 = (uint64_t)arg1[0] * x40; + x256 = (uint64_t)arg1[0] * x41; + x257 = (uint64_t)arg1[0] * x42; + x258 = (uint64_t)arg1[0] * x43; + x259 = (uint64_t)arg1[0] * x44; + x260 = (uint64_t)arg1[0] * x45; + x261 = (uint64_t)arg1[0] * arg1[0]; + x262 = x254 + (x240 + (x226 + (x212 + (x118 + (x106 + (x97 + x91)))))); + x263 = x262 >> 28; x264 = (uint32_t)(x262 & UINT32_C(0xfffffff)); - x265 = (x246 + (x232 + (x218 + (x204 + (x190 + (x176 + (x162 + (x148 + (x119 + (x107 + (x98 + x92))))))))))); - x266 = (x247 + (x233 + (x219 + (x205 + (x191 + (x177 + (x163 + (x149 + (x135 + (x121 + (x109 + (x100 + (x94 + (x78 + x62)))))))))))))); - x267 = (x248 + (x234 + (x220 + (x206 + (x192 + (x178 + (x164 + (x151 + (x137 + (x123 + (x111 + (x102 + (x79 + x63))))))))))))); - x268 = ((fiat_p448_uint128)x249 + (x235 + (x221 + (x207 + (x193 + (x179 + (x167 + (x165 + (x153 + (x139 + (x125 + (x113 + (x104 + (x81 + (x80 + (x65 + x64)))))))))))))))); - x269 = (x250 + ((fiat_p448_uint128)x236 + (x222 + (x208 + (x194 + (x183 + (x180 + (x169 + (x155 + (x141 + (x127 + (x115 + (x84 + (x82 + (x68 + x66))))))))))))))); - x270 = (x251 + (x237 + ((fiat_p448_uint128)x223 + (x209 + (x199 + (x195 + (x185 + (x181 + (x171 + (x157 + (x143 + (x129 + (x117 + (x88 + (x85 + (x83 + (x72 + (x69 + x67)))))))))))))))))); - x271 = (x252 + (x238 + (x224 + ((fiat_p448_uint128)x215 + (x210 + (x201 + (x196 + (x187 + (x173 + (x159 + (x145 + (x131 + (x95 + (x89 + (x86 + (x75 + (x73 + x70))))))))))))))))); - x272 = (x253 + (x239 + (x231 + (x225 + ((fiat_p448_uint128)x217 + (x211 + (x203 + (x197 + (x189 + (x175 + (x161 + (x147 + (x133 + (x105 + (x96 + (x90 + (x87 + (x77 + (x76 + (x74 + x71)))))))))))))))))))); - x273 = (x255 + (x241 + (x227 + (x213 + (x134 + (x120 + (x108 + (x99 + (x93 + x46))))))))); - x274 = (x256 + (x242 + (x228 + (x150 + (x136 + (x122 + (x110 + (x101 + x47)))))))); - x275 = (x257 + (x243 + (x229 + (x166 + (x152 + (x138 + (x124 + (x112 + (x103 + (x49 + x48)))))))))); - x276 = (x258 + (x244 + (x182 + (x168 + (x154 + (x140 + (x126 + (x114 + (x52 + x50))))))))); - x277 = (x259 + (x245 + (x198 + (x184 + (x170 + (x156 + (x142 + (x128 + (x116 + (x56 + (x53 + x51))))))))))); - x278 = (x260 + (x214 + (x200 + (x186 + (x172 + (x158 + (x144 + (x130 + (x59 + (x57 + x54)))))))))); - x279 = (x261 + (x230 + (x216 + (x202 + (x188 + (x174 + (x160 + (x146 + (x132 + (x61 + (x60 + (x58 + x55)))))))))))); - x280 = (x263 + x272); - x281 = (x265 >> 28); + x265 = x246 + (x232 + (x218 + (x204 + (x190 + (x176 + (x162 + (x148 + (x119 + (x107 + (x98 + x92)))))))))); + x266 = x247 + (x233 + (x219 + (x205 + (x191 + (x177 + (x163 + (x149 + (x135 + (x121 + (x109 + (x100 + (x94 + (x78 + x62))))))))))))); + x267 = x248 + (x234 + (x220 + (x206 + (x192 + (x178 + (x164 + (x151 + (x137 + (x123 + (x111 + (x102 + (x79 + x63)))))))))))); + x268 = (fiat_p448_uint128)x249 + (x235 + (x221 + (x207 + (x193 + (x179 + (x167 + (x165 + (x153 + (x139 + (x125 + (x113 + (x104 + (x81 + (x80 + (x65 + x64))))))))))))))); + x269 = x250 + ((fiat_p448_uint128)x236 + (x222 + (x208 + (x194 + (x183 + (x180 + (x169 + (x155 + (x141 + (x127 + (x115 + (x84 + (x82 + (x68 + x66)))))))))))))); + x270 = x251 + (x237 + ((fiat_p448_uint128)x223 + (x209 + (x199 + (x195 + (x185 + (x181 + (x171 + (x157 + (x143 + (x129 + (x117 + (x88 + (x85 + (x83 + (x72 + (x69 + x67))))))))))))))))); + x271 = x252 + (x238 + (x224 + ((fiat_p448_uint128)x215 + (x210 + (x201 + (x196 + (x187 + (x173 + (x159 + (x145 + (x131 + (x95 + (x89 + (x86 + (x75 + (x73 + x70)))))))))))))))); + x272 = x253 + (x239 + (x231 + (x225 + ((fiat_p448_uint128)x217 + (x211 + (x203 + (x197 + (x189 + (x175 + (x161 + (x147 + (x133 + (x105 + (x96 + (x90 + (x87 + (x77 + (x76 + (x74 + x71))))))))))))))))))); + x273 = x255 + (x241 + (x227 + (x213 + (x134 + (x120 + (x108 + (x99 + (x93 + x46)))))))); + x274 = x256 + (x242 + (x228 + (x150 + (x136 + (x122 + (x110 + (x101 + x47))))))); + x275 = x257 + (x243 + (x229 + (x166 + (x152 + (x138 + (x124 + (x112 + (x103 + (x49 + x48))))))))); + x276 = x258 + (x244 + (x182 + (x168 + (x154 + (x140 + (x126 + (x114 + (x52 + x50)))))))); + x277 = x259 + (x245 + (x198 + (x184 + (x170 + (x156 + (x142 + (x128 + (x116 + (x56 + (x53 + x51)))))))))); + x278 = x260 + (x214 + (x200 + (x186 + (x172 + (x158 + (x144 + (x130 + (x59 + (x57 + x54))))))))); + x279 = x261 + (x230 + (x216 + (x202 + (x188 + (x174 + (x160 + (x146 + (x132 + (x61 + (x60 + (x58 + x55))))))))))); + x280 = x263 + x272; + x281 = x265 >> 28; x282 = (uint32_t)(x265 & UINT32_C(0xfffffff)); - x283 = (x280 + x281); + x283 = x280 + x281; x284 = (uint64_t)(x283 >> 28); x285 = (uint32_t)(x283 & UINT32_C(0xfffffff)); - x286 = (x279 + x281); - x287 = (x284 + x271); - x288 = (x286 >> 28); + x286 = x279 + x281; + x287 = x284 + x271; + x288 = x286 >> 28; x289 = (uint32_t)(x286 & UINT32_C(0xfffffff)); - x290 = (x288 + x278); + x290 = x288 + x278; x291 = (uint64_t)(x287 >> 28); x292 = (uint32_t)(x287 & UINT32_C(0xfffffff)); - x293 = (x291 + x270); - x294 = (x290 >> 28); + x293 = x291 + x270; + x294 = x290 >> 28; x295 = (uint32_t)(x290 & UINT32_C(0xfffffff)); - x296 = (x294 + x277); + x296 = x294 + x277; x297 = (uint64_t)(x293 >> 28); x298 = (uint32_t)(x293 & UINT32_C(0xfffffff)); - x299 = (x297 + x269); - x300 = (x296 >> 28); + x299 = x297 + x269; + x300 = x296 >> 28; x301 = (uint32_t)(x296 & UINT32_C(0xfffffff)); - x302 = (x300 + x276); + x302 = x300 + x276; x303 = (uint64_t)(x299 >> 28); x304 = (uint32_t)(x299 & UINT32_C(0xfffffff)); - x305 = (x303 + x268); - x306 = (x302 >> 28); + x305 = x303 + x268; + x306 = x302 >> 28; x307 = (uint32_t)(x302 & UINT32_C(0xfffffff)); - x308 = (x306 + x275); + x308 = x306 + x275; x309 = (uint64_t)(x305 >> 28); x310 = (uint32_t)(x305 & UINT32_C(0xfffffff)); - x311 = (x309 + x267); - x312 = (x308 >> 28); + x311 = x309 + x267; + x312 = x308 >> 28; x313 = (uint32_t)(x308 & UINT32_C(0xfffffff)); - x314 = (x312 + x274); - x315 = (x311 >> 28); + x314 = x312 + x274; + x315 = x311 >> 28; x316 = (uint32_t)(x311 & UINT32_C(0xfffffff)); - x317 = (x315 + x266); - x318 = (x314 >> 28); + x317 = x315 + x266; + x318 = x314 >> 28; x319 = (uint32_t)(x314 & UINT32_C(0xfffffff)); - x320 = (x318 + x273); - x321 = (x317 >> 28); + x320 = x318 + x273; + x321 = x317 >> 28; x322 = (uint32_t)(x317 & UINT32_C(0xfffffff)); - x323 = (x321 + x282); - x324 = (x320 >> 28); + x323 = x321 + x282; + x324 = x320 >> 28; x325 = (uint32_t)(x320 & UINT32_C(0xfffffff)); - x326 = (x324 + x264); + x326 = x324 + x264; x327 = (uint32_t)(x323 >> 28); x328 = (uint32_t)(x323 & UINT32_C(0xfffffff)); x329 = (uint32_t)(x326 >> 28); x330 = (uint32_t)(x326 & UINT32_C(0xfffffff)); - x331 = (x285 + x327); - x332 = (x289 + x327); - x333 = (x329 + x331); + x331 = x285 + x327; + x332 = x289 + x327; + x333 = x329 + x331; x334 = (fiat_p448_uint1)(x333 >> 28); - x335 = (x333 & UINT32_C(0xfffffff)); - x336 = (x334 + x292); + x335 = x333 & UINT32_C(0xfffffff); + x336 = x334 + x292; x337 = (fiat_p448_uint1)(x332 >> 28); - x338 = (x332 & UINT32_C(0xfffffff)); - x339 = (x337 + x295); + x338 = x332 & UINT32_C(0xfffffff); + x339 = x337 + x295; out1[0] = x338; out1[1] = x339; out1[2] = x301; @@ -1866,44 +1866,44 @@ static void fiat_p448_carry(uint32_t out1[16], const uint32_t arg1[16]) { uint32_t x36; uint32_t x37; uint32_t x38; - x1 = (arg1[7]); - x2 = (arg1[15]); - x3 = (x2 >> 28); - x4 = (((x1 >> 28) + (arg1[8])) + x3); - x5 = ((arg1[0]) + x3); - x6 = ((x4 >> 28) + (arg1[9])); - x7 = ((x5 >> 28) + (arg1[1])); - x8 = ((x6 >> 28) + (arg1[10])); - x9 = ((x7 >> 28) + (arg1[2])); - x10 = ((x8 >> 28) + (arg1[11])); - x11 = ((x9 >> 28) + (arg1[3])); - x12 = ((x10 >> 28) + (arg1[12])); - x13 = ((x11 >> 28) + (arg1[4])); - x14 = ((x12 >> 28) + (arg1[13])); - x15 = ((x13 >> 28) + (arg1[5])); - x16 = ((x14 >> 28) + (arg1[14])); - x17 = ((x15 >> 28) + (arg1[6])); - x18 = ((x16 >> 28) + (x2 & UINT32_C(0xfffffff))); - x19 = ((x17 >> 28) + (x1 & UINT32_C(0xfffffff))); + x1 = arg1[7]; + x2 = arg1[15]; + x3 = x2 >> 28; + x4 = (x1 >> 28) + arg1[8] + x3; + x5 = arg1[0] + x3; + x6 = (x4 >> 28) + arg1[9]; + x7 = (x5 >> 28) + arg1[1]; + x8 = (x6 >> 28) + arg1[10]; + x9 = (x7 >> 28) + arg1[2]; + x10 = (x8 >> 28) + arg1[11]; + x11 = (x9 >> 28) + arg1[3]; + x12 = (x10 >> 28) + arg1[12]; + x13 = (x11 >> 28) + arg1[4]; + x14 = (x12 >> 28) + arg1[13]; + x15 = (x13 >> 28) + arg1[5]; + x16 = (x14 >> 28) + arg1[14]; + x17 = (x15 >> 28) + arg1[6]; + x18 = (x16 >> 28) + (x2 & UINT32_C(0xfffffff)); + x19 = (x17 >> 28) + (x1 & UINT32_C(0xfffffff)); x20 = (fiat_p448_uint1)(x18 >> 28); - x21 = ((x5 & UINT32_C(0xfffffff)) + (uint32_t)x20); - x22 = ((fiat_p448_uint1)(x19 >> 28) + ((x4 & UINT32_C(0xfffffff)) + (uint32_t)x20)); - x23 = (x21 & UINT32_C(0xfffffff)); - x24 = ((fiat_p448_uint1)(x21 >> 28) + (x7 & UINT32_C(0xfffffff))); - x25 = (x9 & UINT32_C(0xfffffff)); - x26 = (x11 & UINT32_C(0xfffffff)); - x27 = (x13 & UINT32_C(0xfffffff)); - x28 = (x15 & UINT32_C(0xfffffff)); - x29 = (x17 & UINT32_C(0xfffffff)); - x30 = (x19 & UINT32_C(0xfffffff)); - x31 = (x22 & UINT32_C(0xfffffff)); - x32 = ((fiat_p448_uint1)(x22 >> 28) + (x6 & UINT32_C(0xfffffff))); - x33 = (x8 & UINT32_C(0xfffffff)); - x34 = (x10 & UINT32_C(0xfffffff)); - x35 = (x12 & UINT32_C(0xfffffff)); - x36 = (x14 & UINT32_C(0xfffffff)); - x37 = (x16 & UINT32_C(0xfffffff)); - x38 = (x18 & UINT32_C(0xfffffff)); + x21 = (x5 & UINT32_C(0xfffffff)) + (uint32_t)x20; + x22 = (fiat_p448_uint1)(x19 >> 28) + ((x4 & UINT32_C(0xfffffff)) + (uint32_t)x20); + x23 = x21 & UINT32_C(0xfffffff); + x24 = (fiat_p448_uint1)(x21 >> 28) + (x7 & UINT32_C(0xfffffff)); + x25 = x9 & UINT32_C(0xfffffff); + x26 = x11 & UINT32_C(0xfffffff); + x27 = x13 & UINT32_C(0xfffffff); + x28 = x15 & UINT32_C(0xfffffff); + x29 = x17 & UINT32_C(0xfffffff); + x30 = x19 & UINT32_C(0xfffffff); + x31 = x22 & UINT32_C(0xfffffff); + x32 = (fiat_p448_uint1)(x22 >> 28) + (x6 & UINT32_C(0xfffffff)); + x33 = x8 & UINT32_C(0xfffffff); + x34 = x10 & UINT32_C(0xfffffff); + x35 = x12 & UINT32_C(0xfffffff); + x36 = x14 & UINT32_C(0xfffffff); + x37 = x16 & UINT32_C(0xfffffff); + x38 = x18 & UINT32_C(0xfffffff); out1[0] = x23; out1[1] = x24; out1[2] = x25; @@ -1951,22 +1951,22 @@ static void fiat_p448_add(uint32_t out1[16], const uint32_t arg1[16], const uint uint32_t x14; uint32_t x15; uint32_t x16; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); - x4 = ((arg1[3]) + (arg2[3])); - x5 = ((arg1[4]) + (arg2[4])); - x6 = ((arg1[5]) + (arg2[5])); - x7 = ((arg1[6]) + (arg2[6])); - x8 = ((arg1[7]) + (arg2[7])); - x9 = ((arg1[8]) + (arg2[8])); - x10 = ((arg1[9]) + (arg2[9])); - x11 = ((arg1[10]) + (arg2[10])); - x12 = ((arg1[11]) + (arg2[11])); - x13 = ((arg1[12]) + (arg2[12])); - x14 = ((arg1[13]) + (arg2[13])); - x15 = ((arg1[14]) + (arg2[14])); - x16 = ((arg1[15]) + (arg2[15])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; + x4 = arg1[3] + arg2[3]; + x5 = arg1[4] + arg2[4]; + x6 = arg1[5] + arg2[5]; + x7 = arg1[6] + arg2[6]; + x8 = arg1[7] + arg2[7]; + x9 = arg1[8] + arg2[8]; + x10 = arg1[9] + arg2[9]; + x11 = arg1[10] + arg2[10]; + x12 = arg1[11] + arg2[11]; + x13 = arg1[12] + arg2[12]; + x14 = arg1[13] + arg2[13]; + x15 = arg1[14] + arg2[14]; + x16 = arg1[15] + arg2[15]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -2014,22 +2014,22 @@ static void fiat_p448_sub(uint32_t out1[16], const uint32_t arg1[16], const uint uint32_t x14; uint32_t x15; uint32_t x16; - x1 = ((UINT32_C(0x1ffffffe) + (arg1[0])) - (arg2[0])); - x2 = ((UINT32_C(0x1ffffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT32_C(0x1ffffffe) + (arg1[2])) - (arg2[2])); - x4 = ((UINT32_C(0x1ffffffe) + (arg1[3])) - (arg2[3])); - x5 = ((UINT32_C(0x1ffffffe) + (arg1[4])) - (arg2[4])); - x6 = ((UINT32_C(0x1ffffffe) + (arg1[5])) - (arg2[5])); - x7 = ((UINT32_C(0x1ffffffe) + (arg1[6])) - (arg2[6])); - x8 = ((UINT32_C(0x1ffffffe) + (arg1[7])) - (arg2[7])); - x9 = ((UINT32_C(0x1ffffffc) + (arg1[8])) - (arg2[8])); - x10 = ((UINT32_C(0x1ffffffe) + (arg1[9])) - (arg2[9])); - x11 = ((UINT32_C(0x1ffffffe) + (arg1[10])) - (arg2[10])); - x12 = ((UINT32_C(0x1ffffffe) + (arg1[11])) - (arg2[11])); - x13 = ((UINT32_C(0x1ffffffe) + (arg1[12])) - (arg2[12])); - x14 = ((UINT32_C(0x1ffffffe) + (arg1[13])) - (arg2[13])); - x15 = ((UINT32_C(0x1ffffffe) + (arg1[14])) - (arg2[14])); - x16 = ((UINT32_C(0x1ffffffe) + (arg1[15])) - (arg2[15])); + x1 = UINT32_C(0x1ffffffe) + arg1[0] - arg2[0]; + x2 = UINT32_C(0x1ffffffe) + arg1[1] - arg2[1]; + x3 = UINT32_C(0x1ffffffe) + arg1[2] - arg2[2]; + x4 = UINT32_C(0x1ffffffe) + arg1[3] - arg2[3]; + x5 = UINT32_C(0x1ffffffe) + arg1[4] - arg2[4]; + x6 = UINT32_C(0x1ffffffe) + arg1[5] - arg2[5]; + x7 = UINT32_C(0x1ffffffe) + arg1[6] - arg2[6]; + x8 = UINT32_C(0x1ffffffe) + arg1[7] - arg2[7]; + x9 = UINT32_C(0x1ffffffc) + arg1[8] - arg2[8]; + x10 = UINT32_C(0x1ffffffe) + arg1[9] - arg2[9]; + x11 = UINT32_C(0x1ffffffe) + arg1[10] - arg2[10]; + x12 = UINT32_C(0x1ffffffe) + arg1[11] - arg2[11]; + x13 = UINT32_C(0x1ffffffe) + arg1[12] - arg2[12]; + x14 = UINT32_C(0x1ffffffe) + arg1[13] - arg2[13]; + x15 = UINT32_C(0x1ffffffe) + arg1[14] - arg2[14]; + x16 = UINT32_C(0x1ffffffe) + arg1[15] - arg2[15]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -2076,22 +2076,22 @@ static void fiat_p448_opp(uint32_t out1[16], const uint32_t arg1[16]) { uint32_t x14; uint32_t x15; uint32_t x16; - x1 = (UINT32_C(0x1ffffffe) - (arg1[0])); - x2 = (UINT32_C(0x1ffffffe) - (arg1[1])); - x3 = (UINT32_C(0x1ffffffe) - (arg1[2])); - x4 = (UINT32_C(0x1ffffffe) - (arg1[3])); - x5 = (UINT32_C(0x1ffffffe) - (arg1[4])); - x6 = (UINT32_C(0x1ffffffe) - (arg1[5])); - x7 = (UINT32_C(0x1ffffffe) - (arg1[6])); - x8 = (UINT32_C(0x1ffffffe) - (arg1[7])); - x9 = (UINT32_C(0x1ffffffc) - (arg1[8])); - x10 = (UINT32_C(0x1ffffffe) - (arg1[9])); - x11 = (UINT32_C(0x1ffffffe) - (arg1[10])); - x12 = (UINT32_C(0x1ffffffe) - (arg1[11])); - x13 = (UINT32_C(0x1ffffffe) - (arg1[12])); - x14 = (UINT32_C(0x1ffffffe) - (arg1[13])); - x15 = (UINT32_C(0x1ffffffe) - (arg1[14])); - x16 = (UINT32_C(0x1ffffffe) - (arg1[15])); + x1 = UINT32_C(0x1ffffffe) - arg1[0]; + x2 = UINT32_C(0x1ffffffe) - arg1[1]; + x3 = UINT32_C(0x1ffffffe) - arg1[2]; + x4 = UINT32_C(0x1ffffffe) - arg1[3]; + x5 = UINT32_C(0x1ffffffe) - arg1[4]; + x6 = UINT32_C(0x1ffffffe) - arg1[5]; + x7 = UINT32_C(0x1ffffffe) - arg1[6]; + x8 = UINT32_C(0x1ffffffe) - arg1[7]; + x9 = UINT32_C(0x1ffffffc) - arg1[8]; + x10 = UINT32_C(0x1ffffffe) - arg1[9]; + x11 = UINT32_C(0x1ffffffe) - arg1[10]; + x12 = UINT32_C(0x1ffffffe) - arg1[11]; + x13 = UINT32_C(0x1ffffffe) - arg1[12]; + x14 = UINT32_C(0x1ffffffe) - arg1[13]; + x15 = UINT32_C(0x1ffffffe) - arg1[14]; + x16 = UINT32_C(0x1ffffffe) - arg1[15]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -2140,22 +2140,22 @@ static void fiat_p448_selectznz(uint32_t out1[16], fiat_p448_uint1 arg1, const u uint32_t x14; uint32_t x15; uint32_t x16; - fiat_p448_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p448_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p448_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p448_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p448_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p448_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p448_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_p448_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); - fiat_p448_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); - fiat_p448_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); - fiat_p448_cmovznz_u32(&x11, arg1, (arg2[10]), (arg3[10])); - fiat_p448_cmovznz_u32(&x12, arg1, (arg2[11]), (arg3[11])); - fiat_p448_cmovznz_u32(&x13, arg1, (arg2[12]), (arg3[12])); - fiat_p448_cmovznz_u32(&x14, arg1, (arg2[13]), (arg3[13])); - fiat_p448_cmovznz_u32(&x15, arg1, (arg2[14]), (arg3[14])); - fiat_p448_cmovznz_u32(&x16, arg1, (arg2[15]), (arg3[15])); + fiat_p448_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_p448_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_p448_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_p448_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_p448_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); + fiat_p448_cmovznz_u32(&x6, arg1, arg2[5], arg3[5]); + fiat_p448_cmovznz_u32(&x7, arg1, arg2[6], arg3[6]); + fiat_p448_cmovznz_u32(&x8, arg1, arg2[7], arg3[7]); + fiat_p448_cmovznz_u32(&x9, arg1, arg2[8], arg3[8]); + fiat_p448_cmovznz_u32(&x10, arg1, arg2[9], arg3[9]); + fiat_p448_cmovznz_u32(&x11, arg1, arg2[10], arg3[10]); + fiat_p448_cmovznz_u32(&x12, arg1, arg2[11], arg3[11]); + fiat_p448_cmovznz_u32(&x13, arg1, arg2[12], arg3[12]); + fiat_p448_cmovznz_u32(&x14, arg1, arg2[13], arg3[13]); + fiat_p448_cmovznz_u32(&x15, arg1, arg2[14], arg3[14]); + fiat_p448_cmovznz_u32(&x16, arg1, arg2[15], arg3[15]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -2363,149 +2363,149 @@ static void fiat_p448_to_bytes(uint8_t out1[56], const uint32_t arg1[16]) { uint32_t x175; uint8_t x176; uint8_t x177; - fiat_p448_subborrowx_u28(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x3, &x4, x2, (arg1[1]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x5, &x6, x4, (arg1[2]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x7, &x8, x6, (arg1[3]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x9, &x10, x8, (arg1[4]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x11, &x12, x10, (arg1[5]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x13, &x14, x12, (arg1[6]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x15, &x16, x14, (arg1[7]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x17, &x18, x16, (arg1[8]), UINT32_C(0xffffffe)); - fiat_p448_subborrowx_u28(&x19, &x20, x18, (arg1[9]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x21, &x22, x20, (arg1[10]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x23, &x24, x22, (arg1[11]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x25, &x26, x24, (arg1[12]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x27, &x28, x26, (arg1[13]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x29, &x30, x28, (arg1[14]), UINT32_C(0xfffffff)); - fiat_p448_subborrowx_u28(&x31, &x32, x30, (arg1[15]), UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x1, &x2, 0x0, arg1[0], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x3, &x4, x2, arg1[1], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x5, &x6, x4, arg1[2], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x7, &x8, x6, arg1[3], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x9, &x10, x8, arg1[4], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x11, &x12, x10, arg1[5], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x13, &x14, x12, arg1[6], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x15, &x16, x14, arg1[7], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x17, &x18, x16, arg1[8], UINT32_C(0xffffffe)); + fiat_p448_subborrowx_u28(&x19, &x20, x18, arg1[9], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x21, &x22, x20, arg1[10], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x23, &x24, x22, arg1[11], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x25, &x26, x24, arg1[12], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x27, &x28, x26, arg1[13], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x29, &x30, x28, arg1[14], UINT32_C(0xfffffff)); + fiat_p448_subborrowx_u28(&x31, &x32, x30, arg1[15], UINT32_C(0xfffffff)); fiat_p448_cmovznz_u32(&x33, x32, 0x0, UINT32_C(0xffffffff)); - fiat_p448_addcarryx_u28(&x34, &x35, 0x0, x1, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x36, &x37, x35, x3, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x38, &x39, x37, x5, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x40, &x41, x39, x7, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x42, &x43, x41, x9, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x44, &x45, x43, x11, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x46, &x47, x45, x13, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x48, &x49, x47, x15, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x50, &x51, x49, x17, (x33 & UINT32_C(0xffffffe))); - fiat_p448_addcarryx_u28(&x52, &x53, x51, x19, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x54, &x55, x53, x21, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x56, &x57, x55, x23, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x58, &x59, x57, x25, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x60, &x61, x59, x27, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x62, &x63, x61, x29, (x33 & UINT32_C(0xfffffff))); - fiat_p448_addcarryx_u28(&x64, &x65, x63, x31, (x33 & UINT32_C(0xfffffff))); - x66 = (x64 << 4); - x67 = (x60 << 4); - x68 = (x56 << 4); - x69 = (x52 << 4); - x70 = (x48 << 4); - x71 = (x44 << 4); - x72 = (x40 << 4); - x73 = (x36 << 4); + fiat_p448_addcarryx_u28(&x34, &x35, 0x0, x1, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x36, &x37, x35, x3, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x38, &x39, x37, x5, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x40, &x41, x39, x7, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x42, &x43, x41, x9, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x44, &x45, x43, x11, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x46, &x47, x45, x13, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x48, &x49, x47, x15, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x50, &x51, x49, x17, x33 & UINT32_C(0xffffffe)); + fiat_p448_addcarryx_u28(&x52, &x53, x51, x19, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x54, &x55, x53, x21, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x56, &x57, x55, x23, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x58, &x59, x57, x25, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x60, &x61, x59, x27, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x62, &x63, x61, x29, x33 & UINT32_C(0xfffffff)); + fiat_p448_addcarryx_u28(&x64, &x65, x63, x31, x33 & UINT32_C(0xfffffff)); + x66 = x64 << 4; + x67 = x60 << 4; + x68 = x56 << 4; + x69 = x52 << 4; + x70 = x48 << 4; + x71 = x44 << 4; + x72 = x40 << 4; + x73 = x36 << 4; x74 = (uint8_t)(x34 & UINT8_C(0xff)); - x75 = (x34 >> 8); + x75 = x34 >> 8; x76 = (uint8_t)(x75 & UINT8_C(0xff)); - x77 = (x75 >> 8); + x77 = x75 >> 8; x78 = (uint8_t)(x77 & UINT8_C(0xff)); x79 = (uint8_t)(x77 >> 8); - x80 = (x73 + (uint32_t)x79); + x80 = x73 + (uint32_t)x79; x81 = (uint8_t)(x80 & UINT8_C(0xff)); - x82 = (x80 >> 8); + x82 = x80 >> 8; x83 = (uint8_t)(x82 & UINT8_C(0xff)); - x84 = (x82 >> 8); + x84 = x82 >> 8; x85 = (uint8_t)(x84 & UINT8_C(0xff)); x86 = (uint8_t)(x84 >> 8); x87 = (uint8_t)(x38 & UINT8_C(0xff)); - x88 = (x38 >> 8); + x88 = x38 >> 8; x89 = (uint8_t)(x88 & UINT8_C(0xff)); - x90 = (x88 >> 8); + x90 = x88 >> 8; x91 = (uint8_t)(x90 & UINT8_C(0xff)); x92 = (uint8_t)(x90 >> 8); - x93 = (x72 + (uint32_t)x92); + x93 = x72 + (uint32_t)x92; x94 = (uint8_t)(x93 & UINT8_C(0xff)); - x95 = (x93 >> 8); + x95 = x93 >> 8; x96 = (uint8_t)(x95 & UINT8_C(0xff)); - x97 = (x95 >> 8); + x97 = x95 >> 8; x98 = (uint8_t)(x97 & UINT8_C(0xff)); x99 = (uint8_t)(x97 >> 8); x100 = (uint8_t)(x42 & UINT8_C(0xff)); - x101 = (x42 >> 8); + x101 = x42 >> 8; x102 = (uint8_t)(x101 & UINT8_C(0xff)); - x103 = (x101 >> 8); + x103 = x101 >> 8; x104 = (uint8_t)(x103 & UINT8_C(0xff)); x105 = (uint8_t)(x103 >> 8); - x106 = (x71 + (uint32_t)x105); + x106 = x71 + (uint32_t)x105; x107 = (uint8_t)(x106 & UINT8_C(0xff)); - x108 = (x106 >> 8); + x108 = x106 >> 8; x109 = (uint8_t)(x108 & UINT8_C(0xff)); - x110 = (x108 >> 8); + x110 = x108 >> 8; x111 = (uint8_t)(x110 & UINT8_C(0xff)); x112 = (uint8_t)(x110 >> 8); x113 = (uint8_t)(x46 & UINT8_C(0xff)); - x114 = (x46 >> 8); + x114 = x46 >> 8; x115 = (uint8_t)(x114 & UINT8_C(0xff)); - x116 = (x114 >> 8); + x116 = x114 >> 8; x117 = (uint8_t)(x116 & UINT8_C(0xff)); x118 = (uint8_t)(x116 >> 8); - x119 = (x70 + (uint32_t)x118); + x119 = x70 + (uint32_t)x118; x120 = (uint8_t)(x119 & UINT8_C(0xff)); - x121 = (x119 >> 8); + x121 = x119 >> 8; x122 = (uint8_t)(x121 & UINT8_C(0xff)); - x123 = (x121 >> 8); + x123 = x121 >> 8; x124 = (uint8_t)(x123 & UINT8_C(0xff)); x125 = (uint8_t)(x123 >> 8); x126 = (uint8_t)(x50 & UINT8_C(0xff)); - x127 = (x50 >> 8); + x127 = x50 >> 8; x128 = (uint8_t)(x127 & UINT8_C(0xff)); - x129 = (x127 >> 8); + x129 = x127 >> 8; x130 = (uint8_t)(x129 & UINT8_C(0xff)); x131 = (uint8_t)(x129 >> 8); - x132 = (x69 + (uint32_t)x131); + x132 = x69 + (uint32_t)x131; x133 = (uint8_t)(x132 & UINT8_C(0xff)); - x134 = (x132 >> 8); + x134 = x132 >> 8; x135 = (uint8_t)(x134 & UINT8_C(0xff)); - x136 = (x134 >> 8); + x136 = x134 >> 8; x137 = (uint8_t)(x136 & UINT8_C(0xff)); x138 = (uint8_t)(x136 >> 8); x139 = (uint8_t)(x54 & UINT8_C(0xff)); - x140 = (x54 >> 8); + x140 = x54 >> 8; x141 = (uint8_t)(x140 & UINT8_C(0xff)); - x142 = (x140 >> 8); + x142 = x140 >> 8; x143 = (uint8_t)(x142 & UINT8_C(0xff)); x144 = (uint8_t)(x142 >> 8); - x145 = (x68 + (uint32_t)x144); + x145 = x68 + (uint32_t)x144; x146 = (uint8_t)(x145 & UINT8_C(0xff)); - x147 = (x145 >> 8); + x147 = x145 >> 8; x148 = (uint8_t)(x147 & UINT8_C(0xff)); - x149 = (x147 >> 8); + x149 = x147 >> 8; x150 = (uint8_t)(x149 & UINT8_C(0xff)); x151 = (uint8_t)(x149 >> 8); x152 = (uint8_t)(x58 & UINT8_C(0xff)); - x153 = (x58 >> 8); + x153 = x58 >> 8; x154 = (uint8_t)(x153 & UINT8_C(0xff)); - x155 = (x153 >> 8); + x155 = x153 >> 8; x156 = (uint8_t)(x155 & UINT8_C(0xff)); x157 = (uint8_t)(x155 >> 8); - x158 = (x67 + (uint32_t)x157); + x158 = x67 + (uint32_t)x157; x159 = (uint8_t)(x158 & UINT8_C(0xff)); - x160 = (x158 >> 8); + x160 = x158 >> 8; x161 = (uint8_t)(x160 & UINT8_C(0xff)); - x162 = (x160 >> 8); + x162 = x160 >> 8; x163 = (uint8_t)(x162 & UINT8_C(0xff)); x164 = (uint8_t)(x162 >> 8); x165 = (uint8_t)(x62 & UINT8_C(0xff)); - x166 = (x62 >> 8); + x166 = x62 >> 8; x167 = (uint8_t)(x166 & UINT8_C(0xff)); - x168 = (x166 >> 8); + x168 = x166 >> 8; x169 = (uint8_t)(x168 & UINT8_C(0xff)); x170 = (uint8_t)(x168 >> 8); - x171 = (x66 + (uint32_t)x170); + x171 = x66 + (uint32_t)x170; x172 = (uint8_t)(x171 & UINT8_C(0xff)); - x173 = (x171 >> 8); + x173 = x171 >> 8; x174 = (uint8_t)(x173 & UINT8_C(0xff)); - x175 = (x173 >> 8); + x175 = x173 >> 8; x176 = (uint8_t)(x175 & UINT8_C(0xff)); x177 = (uint8_t)(x175 >> 8); out1[0] = x74; @@ -2698,126 +2698,126 @@ static void fiat_p448_from_bytes(uint32_t out1[16], const uint8_t arg1[56]) { uint32_t x118; uint32_t x119; uint32_t x120; - x1 = ((uint32_t)(arg1[55]) << 20); - x2 = ((uint32_t)(arg1[54]) << 12); - x3 = ((uint32_t)(arg1[53]) << 4); - x4 = ((uint32_t)(arg1[52]) << 24); - x5 = ((uint32_t)(arg1[51]) << 16); - x6 = ((uint32_t)(arg1[50]) << 8); - x7 = (arg1[49]); - x8 = ((uint32_t)(arg1[48]) << 20); - x9 = ((uint32_t)(arg1[47]) << 12); - x10 = ((uint32_t)(arg1[46]) << 4); - x11 = ((uint32_t)(arg1[45]) << 24); - x12 = ((uint32_t)(arg1[44]) << 16); - x13 = ((uint32_t)(arg1[43]) << 8); - x14 = (arg1[42]); - x15 = ((uint32_t)(arg1[41]) << 20); - x16 = ((uint32_t)(arg1[40]) << 12); - x17 = ((uint32_t)(arg1[39]) << 4); - x18 = ((uint32_t)(arg1[38]) << 24); - x19 = ((uint32_t)(arg1[37]) << 16); - x20 = ((uint32_t)(arg1[36]) << 8); - x21 = (arg1[35]); - x22 = ((uint32_t)(arg1[34]) << 20); - x23 = ((uint32_t)(arg1[33]) << 12); - x24 = ((uint32_t)(arg1[32]) << 4); - x25 = ((uint32_t)(arg1[31]) << 24); - x26 = ((uint32_t)(arg1[30]) << 16); - x27 = ((uint32_t)(arg1[29]) << 8); - x28 = (arg1[28]); - x29 = ((uint32_t)(arg1[27]) << 20); - x30 = ((uint32_t)(arg1[26]) << 12); - x31 = ((uint32_t)(arg1[25]) << 4); - x32 = ((uint32_t)(arg1[24]) << 24); - x33 = ((uint32_t)(arg1[23]) << 16); - x34 = ((uint32_t)(arg1[22]) << 8); - x35 = (arg1[21]); - x36 = ((uint32_t)(arg1[20]) << 20); - x37 = ((uint32_t)(arg1[19]) << 12); - x38 = ((uint32_t)(arg1[18]) << 4); - x39 = ((uint32_t)(arg1[17]) << 24); - x40 = ((uint32_t)(arg1[16]) << 16); - x41 = ((uint32_t)(arg1[15]) << 8); - x42 = (arg1[14]); - x43 = ((uint32_t)(arg1[13]) << 20); - x44 = ((uint32_t)(arg1[12]) << 12); - x45 = ((uint32_t)(arg1[11]) << 4); - x46 = ((uint32_t)(arg1[10]) << 24); - x47 = ((uint32_t)(arg1[9]) << 16); - x48 = ((uint32_t)(arg1[8]) << 8); - x49 = (arg1[7]); - x50 = ((uint32_t)(arg1[6]) << 20); - x51 = ((uint32_t)(arg1[5]) << 12); - x52 = ((uint32_t)(arg1[4]) << 4); - x53 = ((uint32_t)(arg1[3]) << 24); - x54 = ((uint32_t)(arg1[2]) << 16); - x55 = ((uint32_t)(arg1[1]) << 8); - x56 = (arg1[0]); - x57 = (x55 + (uint32_t)x56); - x58 = (x54 + x57); - x59 = (x53 + x58); - x60 = (x59 & UINT32_C(0xfffffff)); + x1 = (uint32_t)arg1[55] << 20; + x2 = (uint32_t)arg1[54] << 12; + x3 = (uint32_t)arg1[53] << 4; + x4 = (uint32_t)arg1[52] << 24; + x5 = (uint32_t)arg1[51] << 16; + x6 = (uint32_t)arg1[50] << 8; + x7 = arg1[49]; + x8 = (uint32_t)arg1[48] << 20; + x9 = (uint32_t)arg1[47] << 12; + x10 = (uint32_t)arg1[46] << 4; + x11 = (uint32_t)arg1[45] << 24; + x12 = (uint32_t)arg1[44] << 16; + x13 = (uint32_t)arg1[43] << 8; + x14 = arg1[42]; + x15 = (uint32_t)arg1[41] << 20; + x16 = (uint32_t)arg1[40] << 12; + x17 = (uint32_t)arg1[39] << 4; + x18 = (uint32_t)arg1[38] << 24; + x19 = (uint32_t)arg1[37] << 16; + x20 = (uint32_t)arg1[36] << 8; + x21 = arg1[35]; + x22 = (uint32_t)arg1[34] << 20; + x23 = (uint32_t)arg1[33] << 12; + x24 = (uint32_t)arg1[32] << 4; + x25 = (uint32_t)arg1[31] << 24; + x26 = (uint32_t)arg1[30] << 16; + x27 = (uint32_t)arg1[29] << 8; + x28 = arg1[28]; + x29 = (uint32_t)arg1[27] << 20; + x30 = (uint32_t)arg1[26] << 12; + x31 = (uint32_t)arg1[25] << 4; + x32 = (uint32_t)arg1[24] << 24; + x33 = (uint32_t)arg1[23] << 16; + x34 = (uint32_t)arg1[22] << 8; + x35 = arg1[21]; + x36 = (uint32_t)arg1[20] << 20; + x37 = (uint32_t)arg1[19] << 12; + x38 = (uint32_t)arg1[18] << 4; + x39 = (uint32_t)arg1[17] << 24; + x40 = (uint32_t)arg1[16] << 16; + x41 = (uint32_t)arg1[15] << 8; + x42 = arg1[14]; + x43 = (uint32_t)arg1[13] << 20; + x44 = (uint32_t)arg1[12] << 12; + x45 = (uint32_t)arg1[11] << 4; + x46 = (uint32_t)arg1[10] << 24; + x47 = (uint32_t)arg1[9] << 16; + x48 = (uint32_t)arg1[8] << 8; + x49 = arg1[7]; + x50 = (uint32_t)arg1[6] << 20; + x51 = (uint32_t)arg1[5] << 12; + x52 = (uint32_t)arg1[4] << 4; + x53 = (uint32_t)arg1[3] << 24; + x54 = (uint32_t)arg1[2] << 16; + x55 = (uint32_t)arg1[1] << 8; + x56 = arg1[0]; + x57 = x55 + (uint32_t)x56; + x58 = x54 + x57; + x59 = x53 + x58; + x60 = x59 & UINT32_C(0xfffffff); x61 = (uint8_t)(x59 >> 28); - x62 = (x52 + (uint32_t)x61); - x63 = (x51 + x62); - x64 = (x50 + x63); - x65 = (x48 + (uint32_t)x49); - x66 = (x47 + x65); - x67 = (x46 + x66); - x68 = (x67 & UINT32_C(0xfffffff)); + x62 = x52 + (uint32_t)x61; + x63 = x51 + x62; + x64 = x50 + x63; + x65 = x48 + (uint32_t)x49; + x66 = x47 + x65; + x67 = x46 + x66; + x68 = x67 & UINT32_C(0xfffffff); x69 = (uint8_t)(x67 >> 28); - x70 = (x45 + (uint32_t)x69); - x71 = (x44 + x70); - x72 = (x43 + x71); - x73 = (x41 + (uint32_t)x42); - x74 = (x40 + x73); - x75 = (x39 + x74); - x76 = (x75 & UINT32_C(0xfffffff)); + x70 = x45 + (uint32_t)x69; + x71 = x44 + x70; + x72 = x43 + x71; + x73 = x41 + (uint32_t)x42; + x74 = x40 + x73; + x75 = x39 + x74; + x76 = x75 & UINT32_C(0xfffffff); x77 = (uint8_t)(x75 >> 28); - x78 = (x38 + (uint32_t)x77); - x79 = (x37 + x78); - x80 = (x36 + x79); - x81 = (x34 + (uint32_t)x35); - x82 = (x33 + x81); - x83 = (x32 + x82); - x84 = (x83 & UINT32_C(0xfffffff)); + x78 = x38 + (uint32_t)x77; + x79 = x37 + x78; + x80 = x36 + x79; + x81 = x34 + (uint32_t)x35; + x82 = x33 + x81; + x83 = x32 + x82; + x84 = x83 & UINT32_C(0xfffffff); x85 = (uint8_t)(x83 >> 28); - x86 = (x31 + (uint32_t)x85); - x87 = (x30 + x86); - x88 = (x29 + x87); - x89 = (x27 + (uint32_t)x28); - x90 = (x26 + x89); - x91 = (x25 + x90); - x92 = (x91 & UINT32_C(0xfffffff)); + x86 = x31 + (uint32_t)x85; + x87 = x30 + x86; + x88 = x29 + x87; + x89 = x27 + (uint32_t)x28; + x90 = x26 + x89; + x91 = x25 + x90; + x92 = x91 & UINT32_C(0xfffffff); x93 = (uint8_t)(x91 >> 28); - x94 = (x24 + (uint32_t)x93); - x95 = (x23 + x94); - x96 = (x22 + x95); - x97 = (x20 + (uint32_t)x21); - x98 = (x19 + x97); - x99 = (x18 + x98); - x100 = (x99 & UINT32_C(0xfffffff)); + x94 = x24 + (uint32_t)x93; + x95 = x23 + x94; + x96 = x22 + x95; + x97 = x20 + (uint32_t)x21; + x98 = x19 + x97; + x99 = x18 + x98; + x100 = x99 & UINT32_C(0xfffffff); x101 = (uint8_t)(x99 >> 28); - x102 = (x17 + (uint32_t)x101); - x103 = (x16 + x102); - x104 = (x15 + x103); - x105 = (x13 + (uint32_t)x14); - x106 = (x12 + x105); - x107 = (x11 + x106); - x108 = (x107 & UINT32_C(0xfffffff)); + x102 = x17 + (uint32_t)x101; + x103 = x16 + x102; + x104 = x15 + x103; + x105 = x13 + (uint32_t)x14; + x106 = x12 + x105; + x107 = x11 + x106; + x108 = x107 & UINT32_C(0xfffffff); x109 = (uint8_t)(x107 >> 28); - x110 = (x10 + (uint32_t)x109); - x111 = (x9 + x110); - x112 = (x8 + x111); - x113 = (x6 + (uint32_t)x7); - x114 = (x5 + x113); - x115 = (x4 + x114); - x116 = (x115 & UINT32_C(0xfffffff)); + x110 = x10 + (uint32_t)x109; + x111 = x9 + x110; + x112 = x8 + x111; + x113 = x6 + (uint32_t)x7; + x114 = x5 + x113; + x115 = x4 + x114; + x116 = x115 & UINT32_C(0xfffffff); x117 = (uint8_t)(x115 >> 28); - x118 = (x3 + (uint32_t)x117); - x119 = (x2 + x118); - x120 = (x1 + x119); + x118 = x3 + (uint32_t)x117; + x119 = x2 + x118; + x120 = x1 + x119; out1[0] = x60; out1[1] = x64; out1[2] = x68; diff --git a/fiat-c/src/p448_solinas_64.c b/fiat-c/src/p448_solinas_64.c index c733278ecc..afbb533069 100644 --- a/fiat-c/src/p448_solinas_64.c +++ b/fiat-c/src/p448_solinas_64.c @@ -57,8 +57,8 @@ static void fiat_p448_addcarryx_u56(uint64_t* out1, fiat_p448_uint1* out2, fiat_ uint64_t x1; uint64_t x2; fiat_p448_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT64_C(0xffffffffffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT64_C(0xffffffffffffff); x3 = (fiat_p448_uint1)(x1 >> 56); *out1 = x2; *out2 = x3; @@ -83,9 +83,9 @@ static void fiat_p448_subborrowx_u56(uint64_t* out1, fiat_p448_uint1* out2, fiat int64_t x1; fiat_p448_int1 x2; uint64_t x3; - x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + x1 = (int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3; x2 = (fiat_p448_int1)(x1 >> 56); - x3 = (x1 & UINT64_C(0xffffffffffffff)); + x3 = x1 & UINT64_C(0xffffffffffffff); *out1 = x3; *out2 = (fiat_p448_uint1)(0x0 - x2); } @@ -107,9 +107,9 @@ static void fiat_p448_cmovznz_u64(uint64_t* out1, fiat_p448_uint1 arg1, uint64_t fiat_p448_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p448_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_p448_value_barrier_u64(x2) & arg3) | (fiat_p448_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p448_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_p448_value_barrier_u64(x2) & arg3 | fiat_p448_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -270,150 +270,150 @@ static void fiat_p448_carry_mul(uint64_t out1[8], const uint64_t arg1[8], const fiat_p448_uint1 x142; uint64_t x143; uint64_t x144; - x1 = ((fiat_p448_uint128)(arg1[7]) * (arg2[7])); - x2 = ((fiat_p448_uint128)(arg1[7]) * (arg2[6])); - x3 = ((fiat_p448_uint128)(arg1[7]) * (arg2[5])); - x4 = ((fiat_p448_uint128)(arg1[6]) * (arg2[7])); - x5 = ((fiat_p448_uint128)(arg1[6]) * (arg2[6])); - x6 = ((fiat_p448_uint128)(arg1[5]) * (arg2[7])); - x7 = ((fiat_p448_uint128)(arg1[7]) * (arg2[7])); - x8 = ((fiat_p448_uint128)(arg1[7]) * (arg2[6])); - x9 = ((fiat_p448_uint128)(arg1[7]) * (arg2[5])); - x10 = ((fiat_p448_uint128)(arg1[6]) * (arg2[7])); - x11 = ((fiat_p448_uint128)(arg1[6]) * (arg2[6])); - x12 = ((fiat_p448_uint128)(arg1[5]) * (arg2[7])); - x13 = ((fiat_p448_uint128)(arg1[7]) * (arg2[7])); - x14 = ((fiat_p448_uint128)(arg1[7]) * (arg2[6])); - x15 = ((fiat_p448_uint128)(arg1[7]) * (arg2[5])); - x16 = ((fiat_p448_uint128)(arg1[7]) * (arg2[4])); - x17 = ((fiat_p448_uint128)(arg1[7]) * (arg2[3])); - x18 = ((fiat_p448_uint128)(arg1[7]) * (arg2[2])); - x19 = ((fiat_p448_uint128)(arg1[7]) * (arg2[1])); - x20 = ((fiat_p448_uint128)(arg1[6]) * (arg2[7])); - x21 = ((fiat_p448_uint128)(arg1[6]) * (arg2[6])); - x22 = ((fiat_p448_uint128)(arg1[6]) * (arg2[5])); - x23 = ((fiat_p448_uint128)(arg1[6]) * (arg2[4])); - x24 = ((fiat_p448_uint128)(arg1[6]) * (arg2[3])); - x25 = ((fiat_p448_uint128)(arg1[6]) * (arg2[2])); - x26 = ((fiat_p448_uint128)(arg1[5]) * (arg2[7])); - x27 = ((fiat_p448_uint128)(arg1[5]) * (arg2[6])); - x28 = ((fiat_p448_uint128)(arg1[5]) * (arg2[5])); - x29 = ((fiat_p448_uint128)(arg1[5]) * (arg2[4])); - x30 = ((fiat_p448_uint128)(arg1[5]) * (arg2[3])); - x31 = ((fiat_p448_uint128)(arg1[4]) * (arg2[7])); - x32 = ((fiat_p448_uint128)(arg1[4]) * (arg2[6])); - x33 = ((fiat_p448_uint128)(arg1[4]) * (arg2[5])); - x34 = ((fiat_p448_uint128)(arg1[4]) * (arg2[4])); - x35 = ((fiat_p448_uint128)(arg1[3]) * (arg2[7])); - x36 = ((fiat_p448_uint128)(arg1[3]) * (arg2[6])); - x37 = ((fiat_p448_uint128)(arg1[3]) * (arg2[5])); - x38 = ((fiat_p448_uint128)(arg1[2]) * (arg2[7])); - x39 = ((fiat_p448_uint128)(arg1[2]) * (arg2[6])); - x40 = ((fiat_p448_uint128)(arg1[1]) * (arg2[7])); - x41 = ((fiat_p448_uint128)(arg1[7]) * (arg2[4])); - x42 = ((fiat_p448_uint128)(arg1[7]) * (arg2[3])); - x43 = ((fiat_p448_uint128)(arg1[7]) * (arg2[2])); - x44 = ((fiat_p448_uint128)(arg1[7]) * (arg2[1])); - x45 = ((fiat_p448_uint128)(arg1[6]) * (arg2[5])); - x46 = ((fiat_p448_uint128)(arg1[6]) * (arg2[4])); - x47 = ((fiat_p448_uint128)(arg1[6]) * (arg2[3])); - x48 = ((fiat_p448_uint128)(arg1[6]) * (arg2[2])); - x49 = ((fiat_p448_uint128)(arg1[5]) * (arg2[6])); - x50 = ((fiat_p448_uint128)(arg1[5]) * (arg2[5])); - x51 = ((fiat_p448_uint128)(arg1[5]) * (arg2[4])); - x52 = ((fiat_p448_uint128)(arg1[5]) * (arg2[3])); - x53 = ((fiat_p448_uint128)(arg1[4]) * (arg2[7])); - x54 = ((fiat_p448_uint128)(arg1[4]) * (arg2[6])); - x55 = ((fiat_p448_uint128)(arg1[4]) * (arg2[5])); - x56 = ((fiat_p448_uint128)(arg1[4]) * (arg2[4])); - x57 = ((fiat_p448_uint128)(arg1[3]) * (arg2[7])); - x58 = ((fiat_p448_uint128)(arg1[3]) * (arg2[6])); - x59 = ((fiat_p448_uint128)(arg1[3]) * (arg2[5])); - x60 = ((fiat_p448_uint128)(arg1[2]) * (arg2[7])); - x61 = ((fiat_p448_uint128)(arg1[2]) * (arg2[6])); - x62 = ((fiat_p448_uint128)(arg1[1]) * (arg2[7])); - x63 = ((fiat_p448_uint128)(arg1[7]) * (arg2[0])); - x64 = ((fiat_p448_uint128)(arg1[6]) * (arg2[1])); - x65 = ((fiat_p448_uint128)(arg1[6]) * (arg2[0])); - x66 = ((fiat_p448_uint128)(arg1[5]) * (arg2[2])); - x67 = ((fiat_p448_uint128)(arg1[5]) * (arg2[1])); - x68 = ((fiat_p448_uint128)(arg1[5]) * (arg2[0])); - x69 = ((fiat_p448_uint128)(arg1[4]) * (arg2[3])); - x70 = ((fiat_p448_uint128)(arg1[4]) * (arg2[2])); - x71 = ((fiat_p448_uint128)(arg1[4]) * (arg2[1])); - x72 = ((fiat_p448_uint128)(arg1[4]) * (arg2[0])); - x73 = ((fiat_p448_uint128)(arg1[3]) * (arg2[4])); - x74 = ((fiat_p448_uint128)(arg1[3]) * (arg2[3])); - x75 = ((fiat_p448_uint128)(arg1[3]) * (arg2[2])); - x76 = ((fiat_p448_uint128)(arg1[3]) * (arg2[1])); - x77 = ((fiat_p448_uint128)(arg1[3]) * (arg2[0])); - x78 = ((fiat_p448_uint128)(arg1[2]) * (arg2[5])); - x79 = ((fiat_p448_uint128)(arg1[2]) * (arg2[4])); - x80 = ((fiat_p448_uint128)(arg1[2]) * (arg2[3])); - x81 = ((fiat_p448_uint128)(arg1[2]) * (arg2[2])); - x82 = ((fiat_p448_uint128)(arg1[2]) * (arg2[1])); - x83 = ((fiat_p448_uint128)(arg1[2]) * (arg2[0])); - x84 = ((fiat_p448_uint128)(arg1[1]) * (arg2[6])); - x85 = ((fiat_p448_uint128)(arg1[1]) * (arg2[5])); - x86 = ((fiat_p448_uint128)(arg1[1]) * (arg2[4])); - x87 = ((fiat_p448_uint128)(arg1[1]) * (arg2[3])); - x88 = ((fiat_p448_uint128)(arg1[1]) * (arg2[2])); - x89 = ((fiat_p448_uint128)(arg1[1]) * (arg2[1])); - x90 = ((fiat_p448_uint128)(arg1[1]) * (arg2[0])); - x91 = ((fiat_p448_uint128)(arg1[0]) * (arg2[7])); - x92 = ((fiat_p448_uint128)(arg1[0]) * (arg2[6])); - x93 = ((fiat_p448_uint128)(arg1[0]) * (arg2[5])); - x94 = ((fiat_p448_uint128)(arg1[0]) * (arg2[4])); - x95 = ((fiat_p448_uint128)(arg1[0]) * (arg2[3])); - x96 = ((fiat_p448_uint128)(arg1[0]) * (arg2[2])); - x97 = ((fiat_p448_uint128)(arg1[0]) * (arg2[1])); - x98 = ((fiat_p448_uint128)(arg1[0]) * (arg2[0])); - x99 = (x95 + (x88 + (x82 + (x77 + (x31 + (x27 + (x22 + x16))))))); + x1 = (fiat_p448_uint128)arg1[7] * arg2[7]; + x2 = (fiat_p448_uint128)arg1[7] * arg2[6]; + x3 = (fiat_p448_uint128)arg1[7] * arg2[5]; + x4 = (fiat_p448_uint128)arg1[6] * arg2[7]; + x5 = (fiat_p448_uint128)arg1[6] * arg2[6]; + x6 = (fiat_p448_uint128)arg1[5] * arg2[7]; + x7 = (fiat_p448_uint128)arg1[7] * arg2[7]; + x8 = (fiat_p448_uint128)arg1[7] * arg2[6]; + x9 = (fiat_p448_uint128)arg1[7] * arg2[5]; + x10 = (fiat_p448_uint128)arg1[6] * arg2[7]; + x11 = (fiat_p448_uint128)arg1[6] * arg2[6]; + x12 = (fiat_p448_uint128)arg1[5] * arg2[7]; + x13 = (fiat_p448_uint128)arg1[7] * arg2[7]; + x14 = (fiat_p448_uint128)arg1[7] * arg2[6]; + x15 = (fiat_p448_uint128)arg1[7] * arg2[5]; + x16 = (fiat_p448_uint128)arg1[7] * arg2[4]; + x17 = (fiat_p448_uint128)arg1[7] * arg2[3]; + x18 = (fiat_p448_uint128)arg1[7] * arg2[2]; + x19 = (fiat_p448_uint128)arg1[7] * arg2[1]; + x20 = (fiat_p448_uint128)arg1[6] * arg2[7]; + x21 = (fiat_p448_uint128)arg1[6] * arg2[6]; + x22 = (fiat_p448_uint128)arg1[6] * arg2[5]; + x23 = (fiat_p448_uint128)arg1[6] * arg2[4]; + x24 = (fiat_p448_uint128)arg1[6] * arg2[3]; + x25 = (fiat_p448_uint128)arg1[6] * arg2[2]; + x26 = (fiat_p448_uint128)arg1[5] * arg2[7]; + x27 = (fiat_p448_uint128)arg1[5] * arg2[6]; + x28 = (fiat_p448_uint128)arg1[5] * arg2[5]; + x29 = (fiat_p448_uint128)arg1[5] * arg2[4]; + x30 = (fiat_p448_uint128)arg1[5] * arg2[3]; + x31 = (fiat_p448_uint128)arg1[4] * arg2[7]; + x32 = (fiat_p448_uint128)arg1[4] * arg2[6]; + x33 = (fiat_p448_uint128)arg1[4] * arg2[5]; + x34 = (fiat_p448_uint128)arg1[4] * arg2[4]; + x35 = (fiat_p448_uint128)arg1[3] * arg2[7]; + x36 = (fiat_p448_uint128)arg1[3] * arg2[6]; + x37 = (fiat_p448_uint128)arg1[3] * arg2[5]; + x38 = (fiat_p448_uint128)arg1[2] * arg2[7]; + x39 = (fiat_p448_uint128)arg1[2] * arg2[6]; + x40 = (fiat_p448_uint128)arg1[1] * arg2[7]; + x41 = (fiat_p448_uint128)arg1[7] * arg2[4]; + x42 = (fiat_p448_uint128)arg1[7] * arg2[3]; + x43 = (fiat_p448_uint128)arg1[7] * arg2[2]; + x44 = (fiat_p448_uint128)arg1[7] * arg2[1]; + x45 = (fiat_p448_uint128)arg1[6] * arg2[5]; + x46 = (fiat_p448_uint128)arg1[6] * arg2[4]; + x47 = (fiat_p448_uint128)arg1[6] * arg2[3]; + x48 = (fiat_p448_uint128)arg1[6] * arg2[2]; + x49 = (fiat_p448_uint128)arg1[5] * arg2[6]; + x50 = (fiat_p448_uint128)arg1[5] * arg2[5]; + x51 = (fiat_p448_uint128)arg1[5] * arg2[4]; + x52 = (fiat_p448_uint128)arg1[5] * arg2[3]; + x53 = (fiat_p448_uint128)arg1[4] * arg2[7]; + x54 = (fiat_p448_uint128)arg1[4] * arg2[6]; + x55 = (fiat_p448_uint128)arg1[4] * arg2[5]; + x56 = (fiat_p448_uint128)arg1[4] * arg2[4]; + x57 = (fiat_p448_uint128)arg1[3] * arg2[7]; + x58 = (fiat_p448_uint128)arg1[3] * arg2[6]; + x59 = (fiat_p448_uint128)arg1[3] * arg2[5]; + x60 = (fiat_p448_uint128)arg1[2] * arg2[7]; + x61 = (fiat_p448_uint128)arg1[2] * arg2[6]; + x62 = (fiat_p448_uint128)arg1[1] * arg2[7]; + x63 = (fiat_p448_uint128)arg1[7] * arg2[0]; + x64 = (fiat_p448_uint128)arg1[6] * arg2[1]; + x65 = (fiat_p448_uint128)arg1[6] * arg2[0]; + x66 = (fiat_p448_uint128)arg1[5] * arg2[2]; + x67 = (fiat_p448_uint128)arg1[5] * arg2[1]; + x68 = (fiat_p448_uint128)arg1[5] * arg2[0]; + x69 = (fiat_p448_uint128)arg1[4] * arg2[3]; + x70 = (fiat_p448_uint128)arg1[4] * arg2[2]; + x71 = (fiat_p448_uint128)arg1[4] * arg2[1]; + x72 = (fiat_p448_uint128)arg1[4] * arg2[0]; + x73 = (fiat_p448_uint128)arg1[3] * arg2[4]; + x74 = (fiat_p448_uint128)arg1[3] * arg2[3]; + x75 = (fiat_p448_uint128)arg1[3] * arg2[2]; + x76 = (fiat_p448_uint128)arg1[3] * arg2[1]; + x77 = (fiat_p448_uint128)arg1[3] * arg2[0]; + x78 = (fiat_p448_uint128)arg1[2] * arg2[5]; + x79 = (fiat_p448_uint128)arg1[2] * arg2[4]; + x80 = (fiat_p448_uint128)arg1[2] * arg2[3]; + x81 = (fiat_p448_uint128)arg1[2] * arg2[2]; + x82 = (fiat_p448_uint128)arg1[2] * arg2[1]; + x83 = (fiat_p448_uint128)arg1[2] * arg2[0]; + x84 = (fiat_p448_uint128)arg1[1] * arg2[6]; + x85 = (fiat_p448_uint128)arg1[1] * arg2[5]; + x86 = (fiat_p448_uint128)arg1[1] * arg2[4]; + x87 = (fiat_p448_uint128)arg1[1] * arg2[3]; + x88 = (fiat_p448_uint128)arg1[1] * arg2[2]; + x89 = (fiat_p448_uint128)arg1[1] * arg2[1]; + x90 = (fiat_p448_uint128)arg1[1] * arg2[0]; + x91 = (fiat_p448_uint128)arg1[0] * arg2[7]; + x92 = (fiat_p448_uint128)arg1[0] * arg2[6]; + x93 = (fiat_p448_uint128)arg1[0] * arg2[5]; + x94 = (fiat_p448_uint128)arg1[0] * arg2[4]; + x95 = (fiat_p448_uint128)arg1[0] * arg2[3]; + x96 = (fiat_p448_uint128)arg1[0] * arg2[2]; + x97 = (fiat_p448_uint128)arg1[0] * arg2[1]; + x98 = (fiat_p448_uint128)arg1[0] * arg2[0]; + x99 = x95 + (x88 + (x82 + (x77 + (x31 + (x27 + (x22 + x16)))))); x100 = (uint64_t)(x99 >> 56); x101 = (uint64_t)(x99 & UINT64_C(0xffffffffffffff)); - x102 = (x91 + (x84 + (x78 + (x73 + (x69 + (x66 + (x64 + (x63 + (x53 + (x49 + (x45 + x41))))))))))); - x103 = (x92 + (x85 + (x79 + (x74 + (x70 + (x67 + (x65 + (x57 + (x54 + (x50 + (x46 + (x42 + (x13 + x7))))))))))))); - x104 = (x93 + (x86 + (x80 + (x75 + (x71 + (x68 + (x60 + (x58 + (x55 + (x51 + (x47 + (x43 + (x20 + (x14 + (x10 + x8))))))))))))))); - x105 = (x94 + (x87 + (x81 + (x76 + (x72 + (x62 + (x61 + (x59 + (x56 + (x52 + (x48 + (x44 + (x26 + (x21 + (x15 + (x12 + (x11 + x9))))))))))))))))); - x106 = (x96 + (x89 + (x83 + (x35 + (x32 + (x28 + (x23 + (x17 + x1)))))))); - x107 = (x97 + (x90 + (x38 + (x36 + (x33 + (x29 + (x24 + (x18 + (x4 + x2))))))))); - x108 = (x98 + (x40 + (x39 + (x37 + (x34 + (x30 + (x25 + (x19 + (x6 + (x5 + x3)))))))))); - x109 = (x100 + x105); + x102 = x91 + (x84 + (x78 + (x73 + (x69 + (x66 + (x64 + (x63 + (x53 + (x49 + (x45 + x41)))))))))); + x103 = x92 + (x85 + (x79 + (x74 + (x70 + (x67 + (x65 + (x57 + (x54 + (x50 + (x46 + (x42 + (x13 + x7)))))))))))); + x104 = x93 + (x86 + (x80 + (x75 + (x71 + (x68 + (x60 + (x58 + (x55 + (x51 + (x47 + (x43 + (x20 + (x14 + (x10 + x8)))))))))))))); + x105 = x94 + (x87 + (x81 + (x76 + (x72 + (x62 + (x61 + (x59 + (x56 + (x52 + (x48 + (x44 + (x26 + (x21 + (x15 + (x12 + (x11 + x9)))))))))))))))); + x106 = x96 + (x89 + (x83 + (x35 + (x32 + (x28 + (x23 + (x17 + x1))))))); + x107 = x97 + (x90 + (x38 + (x36 + (x33 + (x29 + (x24 + (x18 + (x4 + x2)))))))); + x108 = x98 + (x40 + (x39 + (x37 + (x34 + (x30 + (x25 + (x19 + (x6 + (x5 + x3))))))))); + x109 = x100 + x105; x110 = (uint64_t)(x102 >> 56); x111 = (uint64_t)(x102 & UINT64_C(0xffffffffffffff)); - x112 = (x109 + x110); + x112 = x109 + x110; x113 = (uint64_t)(x112 >> 56); x114 = (uint64_t)(x112 & UINT64_C(0xffffffffffffff)); - x115 = (x108 + x110); - x116 = (x113 + x104); + x115 = x108 + x110; + x116 = x113 + x104; x117 = (uint64_t)(x115 >> 56); x118 = (uint64_t)(x115 & UINT64_C(0xffffffffffffff)); - x119 = (x117 + x107); + x119 = x117 + x107; x120 = (uint64_t)(x116 >> 56); x121 = (uint64_t)(x116 & UINT64_C(0xffffffffffffff)); - x122 = (x120 + x103); + x122 = x120 + x103; x123 = (uint64_t)(x119 >> 56); x124 = (uint64_t)(x119 & UINT64_C(0xffffffffffffff)); - x125 = (x123 + x106); + x125 = x123 + x106; x126 = (uint64_t)(x122 >> 56); x127 = (uint64_t)(x122 & UINT64_C(0xffffffffffffff)); - x128 = (x126 + x111); + x128 = x126 + x111; x129 = (uint64_t)(x125 >> 56); x130 = (uint64_t)(x125 & UINT64_C(0xffffffffffffff)); - x131 = (x129 + x101); - x132 = (x128 >> 56); - x133 = (x128 & UINT64_C(0xffffffffffffff)); - x134 = (x131 >> 56); - x135 = (x131 & UINT64_C(0xffffffffffffff)); - x136 = (x114 + x132); - x137 = (x118 + x132); - x138 = (x134 + x136); + x131 = x129 + x101; + x132 = x128 >> 56; + x133 = x128 & UINT64_C(0xffffffffffffff); + x134 = x131 >> 56; + x135 = x131 & UINT64_C(0xffffffffffffff); + x136 = x114 + x132; + x137 = x118 + x132; + x138 = x134 + x136; x139 = (fiat_p448_uint1)(x138 >> 56); - x140 = (x138 & UINT64_C(0xffffffffffffff)); - x141 = (x139 + x121); + x140 = x138 & UINT64_C(0xffffffffffffff); + x141 = x139 + x121; x142 = (fiat_p448_uint1)(x137 >> 56); - x143 = (x137 & UINT64_C(0xffffffffffffff)); - x144 = (x142 + x124); + x143 = x137 & UINT64_C(0xffffffffffffff); + x144 = x142 + x124; out1[0] = x143; out1[1] = x144; out1[2] = x130; @@ -559,129 +559,129 @@ static void fiat_p448_carry_square(uint64_t out1[8], const uint64_t arg1[8]) { fiat_p448_uint1 x121; uint64_t x122; uint64_t x123; - x1 = (arg1[7]); - x2 = (arg1[7]); - x3 = (x1 * 0x2); - x4 = (x2 * 0x2); - x5 = ((arg1[7]) * 0x2); - x6 = (arg1[6]); - x7 = (arg1[6]); - x8 = (x6 * 0x2); - x9 = (x7 * 0x2); - x10 = ((arg1[6]) * 0x2); - x11 = (arg1[5]); - x12 = (arg1[5]); - x13 = (x11 * 0x2); - x14 = (x12 * 0x2); - x15 = ((arg1[5]) * 0x2); - x16 = (arg1[4]); - x17 = (arg1[4]); - x18 = ((arg1[4]) * 0x2); - x19 = ((arg1[3]) * 0x2); - x20 = ((arg1[2]) * 0x2); - x21 = ((arg1[1]) * 0x2); - x22 = ((fiat_p448_uint128)(arg1[7]) * x1); - x23 = ((fiat_p448_uint128)(arg1[6]) * x3); - x24 = ((fiat_p448_uint128)(arg1[6]) * x6); - x25 = ((fiat_p448_uint128)(arg1[5]) * x3); - x26 = ((fiat_p448_uint128)(arg1[7]) * x1); - x27 = ((fiat_p448_uint128)(arg1[6]) * x3); - x28 = ((fiat_p448_uint128)(arg1[6]) * x6); - x29 = ((fiat_p448_uint128)(arg1[5]) * x3); - x30 = ((fiat_p448_uint128)(arg1[7]) * x2); - x31 = ((fiat_p448_uint128)(arg1[6]) * x4); - x32 = ((fiat_p448_uint128)(arg1[6]) * x7); - x33 = ((fiat_p448_uint128)(arg1[5]) * x4); - x34 = ((fiat_p448_uint128)(arg1[5]) * x9); - x35 = ((fiat_p448_uint128)(arg1[5]) * x8); - x36 = ((fiat_p448_uint128)(arg1[5]) * x12); - x37 = ((fiat_p448_uint128)(arg1[5]) * x11); - x38 = ((fiat_p448_uint128)(arg1[4]) * x4); - x39 = ((fiat_p448_uint128)(arg1[4]) * x3); - x40 = ((fiat_p448_uint128)(arg1[4]) * x9); - x41 = ((fiat_p448_uint128)(arg1[4]) * x8); - x42 = ((fiat_p448_uint128)(arg1[4]) * x14); - x43 = ((fiat_p448_uint128)(arg1[4]) * x13); - x44 = ((fiat_p448_uint128)(arg1[4]) * x17); - x45 = ((fiat_p448_uint128)(arg1[4]) * x16); - x46 = ((fiat_p448_uint128)(arg1[3]) * x4); - x47 = ((fiat_p448_uint128)(arg1[3]) * x3); - x48 = ((fiat_p448_uint128)(arg1[3]) * x9); - x49 = ((fiat_p448_uint128)(arg1[3]) * x8); - x50 = ((fiat_p448_uint128)(arg1[3]) * x14); - x51 = ((fiat_p448_uint128)(arg1[3]) * x13); - x52 = ((fiat_p448_uint128)(arg1[3]) * x18); - x53 = ((fiat_p448_uint128)(arg1[3]) * (arg1[3])); - x54 = ((fiat_p448_uint128)(arg1[2]) * x4); - x55 = ((fiat_p448_uint128)(arg1[2]) * x3); - x56 = ((fiat_p448_uint128)(arg1[2]) * x9); - x57 = ((fiat_p448_uint128)(arg1[2]) * x8); - x58 = ((fiat_p448_uint128)(arg1[2]) * x15); - x59 = ((fiat_p448_uint128)(arg1[2]) * x18); - x60 = ((fiat_p448_uint128)(arg1[2]) * x19); - x61 = ((fiat_p448_uint128)(arg1[2]) * (arg1[2])); - x62 = ((fiat_p448_uint128)(arg1[1]) * x4); - x63 = ((fiat_p448_uint128)(arg1[1]) * x3); - x64 = ((fiat_p448_uint128)(arg1[1]) * x10); - x65 = ((fiat_p448_uint128)(arg1[1]) * x15); - x66 = ((fiat_p448_uint128)(arg1[1]) * x18); - x67 = ((fiat_p448_uint128)(arg1[1]) * x19); - x68 = ((fiat_p448_uint128)(arg1[1]) * x20); - x69 = ((fiat_p448_uint128)(arg1[1]) * (arg1[1])); - x70 = ((fiat_p448_uint128)(arg1[0]) * x5); - x71 = ((fiat_p448_uint128)(arg1[0]) * x10); - x72 = ((fiat_p448_uint128)(arg1[0]) * x15); - x73 = ((fiat_p448_uint128)(arg1[0]) * x18); - x74 = ((fiat_p448_uint128)(arg1[0]) * x19); - x75 = ((fiat_p448_uint128)(arg1[0]) * x20); - x76 = ((fiat_p448_uint128)(arg1[0]) * x21); - x77 = ((fiat_p448_uint128)(arg1[0]) * (arg1[0])); - x78 = (x74 + (x68 + (x38 + x34))); + x1 = arg1[7]; + x2 = arg1[7]; + x3 = x1 * 0x2; + x4 = x2 * 0x2; + x5 = arg1[7] * 0x2; + x6 = arg1[6]; + x7 = arg1[6]; + x8 = x6 * 0x2; + x9 = x7 * 0x2; + x10 = arg1[6] * 0x2; + x11 = arg1[5]; + x12 = arg1[5]; + x13 = x11 * 0x2; + x14 = x12 * 0x2; + x15 = arg1[5] * 0x2; + x16 = arg1[4]; + x17 = arg1[4]; + x18 = arg1[4] * 0x2; + x19 = arg1[3] * 0x2; + x20 = arg1[2] * 0x2; + x21 = arg1[1] * 0x2; + x22 = (fiat_p448_uint128)arg1[7] * x1; + x23 = (fiat_p448_uint128)arg1[6] * x3; + x24 = (fiat_p448_uint128)arg1[6] * x6; + x25 = (fiat_p448_uint128)arg1[5] * x3; + x26 = (fiat_p448_uint128)arg1[7] * x1; + x27 = (fiat_p448_uint128)arg1[6] * x3; + x28 = (fiat_p448_uint128)arg1[6] * x6; + x29 = (fiat_p448_uint128)arg1[5] * x3; + x30 = (fiat_p448_uint128)arg1[7] * x2; + x31 = (fiat_p448_uint128)arg1[6] * x4; + x32 = (fiat_p448_uint128)arg1[6] * x7; + x33 = (fiat_p448_uint128)arg1[5] * x4; + x34 = (fiat_p448_uint128)arg1[5] * x9; + x35 = (fiat_p448_uint128)arg1[5] * x8; + x36 = (fiat_p448_uint128)arg1[5] * x12; + x37 = (fiat_p448_uint128)arg1[5] * x11; + x38 = (fiat_p448_uint128)arg1[4] * x4; + x39 = (fiat_p448_uint128)arg1[4] * x3; + x40 = (fiat_p448_uint128)arg1[4] * x9; + x41 = (fiat_p448_uint128)arg1[4] * x8; + x42 = (fiat_p448_uint128)arg1[4] * x14; + x43 = (fiat_p448_uint128)arg1[4] * x13; + x44 = (fiat_p448_uint128)arg1[4] * x17; + x45 = (fiat_p448_uint128)arg1[4] * x16; + x46 = (fiat_p448_uint128)arg1[3] * x4; + x47 = (fiat_p448_uint128)arg1[3] * x3; + x48 = (fiat_p448_uint128)arg1[3] * x9; + x49 = (fiat_p448_uint128)arg1[3] * x8; + x50 = (fiat_p448_uint128)arg1[3] * x14; + x51 = (fiat_p448_uint128)arg1[3] * x13; + x52 = (fiat_p448_uint128)arg1[3] * x18; + x53 = (fiat_p448_uint128)arg1[3] * arg1[3]; + x54 = (fiat_p448_uint128)arg1[2] * x4; + x55 = (fiat_p448_uint128)arg1[2] * x3; + x56 = (fiat_p448_uint128)arg1[2] * x9; + x57 = (fiat_p448_uint128)arg1[2] * x8; + x58 = (fiat_p448_uint128)arg1[2] * x15; + x59 = (fiat_p448_uint128)arg1[2] * x18; + x60 = (fiat_p448_uint128)arg1[2] * x19; + x61 = (fiat_p448_uint128)arg1[2] * arg1[2]; + x62 = (fiat_p448_uint128)arg1[1] * x4; + x63 = (fiat_p448_uint128)arg1[1] * x3; + x64 = (fiat_p448_uint128)arg1[1] * x10; + x65 = (fiat_p448_uint128)arg1[1] * x15; + x66 = (fiat_p448_uint128)arg1[1] * x18; + x67 = (fiat_p448_uint128)arg1[1] * x19; + x68 = (fiat_p448_uint128)arg1[1] * x20; + x69 = (fiat_p448_uint128)arg1[1] * arg1[1]; + x70 = (fiat_p448_uint128)arg1[0] * x5; + x71 = (fiat_p448_uint128)arg1[0] * x10; + x72 = (fiat_p448_uint128)arg1[0] * x15; + x73 = (fiat_p448_uint128)arg1[0] * x18; + x74 = (fiat_p448_uint128)arg1[0] * x19; + x75 = (fiat_p448_uint128)arg1[0] * x20; + x76 = (fiat_p448_uint128)arg1[0] * x21; + x77 = (fiat_p448_uint128)arg1[0] * arg1[0]; + x78 = x74 + (x68 + (x38 + x34)); x79 = (uint64_t)(x78 >> 56); x80 = (uint64_t)(x78 & UINT64_C(0xffffffffffffff)); - x81 = (x70 + (x64 + (x58 + (x52 + (x39 + x35))))); - x82 = (x71 + (x65 + (x59 + (x53 + (x47 + (x41 + (x37 + (x30 + x26)))))))); - x83 = (x72 + (x66 + (x60 + (x55 + (x49 + (x43 + (x31 + x27))))))); - x84 = (x73 + (x67 + (x63 + (x61 + (x57 + (x51 + (x45 + (x33 + (x32 + (x29 + x28)))))))))); - x85 = (x75 + (x69 + (x46 + (x40 + (x36 + x22))))); - x86 = (x76 + (x54 + (x48 + (x42 + x23)))); - x87 = (x77 + (x62 + (x56 + (x50 + (x44 + (x25 + x24)))))); - x88 = (x79 + x84); + x81 = x70 + (x64 + (x58 + (x52 + (x39 + x35)))); + x82 = x71 + (x65 + (x59 + (x53 + (x47 + (x41 + (x37 + (x30 + x26))))))); + x83 = x72 + (x66 + (x60 + (x55 + (x49 + (x43 + (x31 + x27)))))); + x84 = x73 + (x67 + (x63 + (x61 + (x57 + (x51 + (x45 + (x33 + (x32 + (x29 + x28))))))))); + x85 = x75 + (x69 + (x46 + (x40 + (x36 + x22)))); + x86 = x76 + (x54 + (x48 + (x42 + x23))); + x87 = x77 + (x62 + (x56 + (x50 + (x44 + (x25 + x24))))); + x88 = x79 + x84; x89 = (uint64_t)(x81 >> 56); x90 = (uint64_t)(x81 & UINT64_C(0xffffffffffffff)); - x91 = (x88 + x89); + x91 = x88 + x89; x92 = (uint64_t)(x91 >> 56); x93 = (uint64_t)(x91 & UINT64_C(0xffffffffffffff)); - x94 = (x87 + x89); - x95 = (x92 + x83); + x94 = x87 + x89; + x95 = x92 + x83; x96 = (uint64_t)(x94 >> 56); x97 = (uint64_t)(x94 & UINT64_C(0xffffffffffffff)); - x98 = (x96 + x86); + x98 = x96 + x86; x99 = (uint64_t)(x95 >> 56); x100 = (uint64_t)(x95 & UINT64_C(0xffffffffffffff)); - x101 = (x99 + x82); + x101 = x99 + x82; x102 = (uint64_t)(x98 >> 56); x103 = (uint64_t)(x98 & UINT64_C(0xffffffffffffff)); - x104 = (x102 + x85); + x104 = x102 + x85; x105 = (uint64_t)(x101 >> 56); x106 = (uint64_t)(x101 & UINT64_C(0xffffffffffffff)); - x107 = (x105 + x90); + x107 = x105 + x90; x108 = (uint64_t)(x104 >> 56); x109 = (uint64_t)(x104 & UINT64_C(0xffffffffffffff)); - x110 = (x108 + x80); - x111 = (x107 >> 56); - x112 = (x107 & UINT64_C(0xffffffffffffff)); - x113 = (x110 >> 56); - x114 = (x110 & UINT64_C(0xffffffffffffff)); - x115 = (x93 + x111); - x116 = (x97 + x111); - x117 = (x113 + x115); + x110 = x108 + x80; + x111 = x107 >> 56; + x112 = x107 & UINT64_C(0xffffffffffffff); + x113 = x110 >> 56; + x114 = x110 & UINT64_C(0xffffffffffffff); + x115 = x93 + x111; + x116 = x97 + x111; + x117 = x113 + x115; x118 = (fiat_p448_uint1)(x117 >> 56); - x119 = (x117 & UINT64_C(0xffffffffffffff)); - x120 = (x118 + x100); + x119 = x117 & UINT64_C(0xffffffffffffff); + x120 = x118 + x100; x121 = (fiat_p448_uint1)(x116 >> 56); - x122 = (x116 & UINT64_C(0xffffffffffffff)); - x123 = (x121 + x103); + x122 = x116 & UINT64_C(0xffffffffffffff); + x123 = x121 + x103; out1[0] = x122; out1[1] = x123; out1[2] = x109; @@ -726,28 +726,28 @@ static void fiat_p448_carry(uint64_t out1[8], const uint64_t arg1[8]) { uint64_t x20; uint64_t x21; uint64_t x22; - x1 = (arg1[3]); - x2 = (arg1[7]); - x3 = (x2 >> 56); - x4 = (((x1 >> 56) + (arg1[4])) + x3); - x5 = ((arg1[0]) + x3); - x6 = ((x4 >> 56) + (arg1[5])); - x7 = ((x5 >> 56) + (arg1[1])); - x8 = ((x6 >> 56) + (arg1[6])); - x9 = ((x7 >> 56) + (arg1[2])); - x10 = ((x8 >> 56) + (x2 & UINT64_C(0xffffffffffffff))); - x11 = ((x9 >> 56) + (x1 & UINT64_C(0xffffffffffffff))); + x1 = arg1[3]; + x2 = arg1[7]; + x3 = x2 >> 56; + x4 = (x1 >> 56) + arg1[4] + x3; + x5 = arg1[0] + x3; + x6 = (x4 >> 56) + arg1[5]; + x7 = (x5 >> 56) + arg1[1]; + x8 = (x6 >> 56) + arg1[6]; + x9 = (x7 >> 56) + arg1[2]; + x10 = (x8 >> 56) + (x2 & UINT64_C(0xffffffffffffff)); + x11 = (x9 >> 56) + (x1 & UINT64_C(0xffffffffffffff)); x12 = (fiat_p448_uint1)(x10 >> 56); - x13 = ((x5 & UINT64_C(0xffffffffffffff)) + (uint64_t)x12); - x14 = ((fiat_p448_uint1)(x11 >> 56) + ((x4 & UINT64_C(0xffffffffffffff)) + (uint64_t)x12)); - x15 = (x13 & UINT64_C(0xffffffffffffff)); - x16 = ((fiat_p448_uint1)(x13 >> 56) + (x7 & UINT64_C(0xffffffffffffff))); - x17 = (x9 & UINT64_C(0xffffffffffffff)); - x18 = (x11 & UINT64_C(0xffffffffffffff)); - x19 = (x14 & UINT64_C(0xffffffffffffff)); - x20 = ((fiat_p448_uint1)(x14 >> 56) + (x6 & UINT64_C(0xffffffffffffff))); - x21 = (x8 & UINT64_C(0xffffffffffffff)); - x22 = (x10 & UINT64_C(0xffffffffffffff)); + x13 = (x5 & UINT64_C(0xffffffffffffff)) + (uint64_t)x12; + x14 = (fiat_p448_uint1)(x11 >> 56) + ((x4 & UINT64_C(0xffffffffffffff)) + (uint64_t)x12); + x15 = x13 & UINT64_C(0xffffffffffffff); + x16 = (fiat_p448_uint1)(x13 >> 56) + (x7 & UINT64_C(0xffffffffffffff)); + x17 = x9 & UINT64_C(0xffffffffffffff); + x18 = x11 & UINT64_C(0xffffffffffffff); + x19 = x14 & UINT64_C(0xffffffffffffff); + x20 = (fiat_p448_uint1)(x14 >> 56) + (x6 & UINT64_C(0xffffffffffffff)); + x21 = x8 & UINT64_C(0xffffffffffffff); + x22 = x10 & UINT64_C(0xffffffffffffff); out1[0] = x15; out1[1] = x16; out1[2] = x17; @@ -779,14 +779,14 @@ static void fiat_p448_add(uint64_t out1[8], const uint64_t arg1[8], const uint64 uint64_t x6; uint64_t x7; uint64_t x8; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); - x4 = ((arg1[3]) + (arg2[3])); - x5 = ((arg1[4]) + (arg2[4])); - x6 = ((arg1[5]) + (arg2[5])); - x7 = ((arg1[6]) + (arg2[6])); - x8 = ((arg1[7]) + (arg2[7])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; + x4 = arg1[3] + arg2[3]; + x5 = arg1[4] + arg2[4]; + x6 = arg1[5] + arg2[5]; + x7 = arg1[6] + arg2[6]; + x8 = arg1[7] + arg2[7]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -818,14 +818,14 @@ static void fiat_p448_sub(uint64_t out1[8], const uint64_t arg1[8], const uint64 uint64_t x6; uint64_t x7; uint64_t x8; - x1 = ((UINT64_C(0x1fffffffffffffe) + (arg1[0])) - (arg2[0])); - x2 = ((UINT64_C(0x1fffffffffffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT64_C(0x1fffffffffffffe) + (arg1[2])) - (arg2[2])); - x4 = ((UINT64_C(0x1fffffffffffffe) + (arg1[3])) - (arg2[3])); - x5 = ((UINT64_C(0x1fffffffffffffc) + (arg1[4])) - (arg2[4])); - x6 = ((UINT64_C(0x1fffffffffffffe) + (arg1[5])) - (arg2[5])); - x7 = ((UINT64_C(0x1fffffffffffffe) + (arg1[6])) - (arg2[6])); - x8 = ((UINT64_C(0x1fffffffffffffe) + (arg1[7])) - (arg2[7])); + x1 = UINT64_C(0x1fffffffffffffe) + arg1[0] - arg2[0]; + x2 = UINT64_C(0x1fffffffffffffe) + arg1[1] - arg2[1]; + x3 = UINT64_C(0x1fffffffffffffe) + arg1[2] - arg2[2]; + x4 = UINT64_C(0x1fffffffffffffe) + arg1[3] - arg2[3]; + x5 = UINT64_C(0x1fffffffffffffc) + arg1[4] - arg2[4]; + x6 = UINT64_C(0x1fffffffffffffe) + arg1[5] - arg2[5]; + x7 = UINT64_C(0x1fffffffffffffe) + arg1[6] - arg2[6]; + x8 = UINT64_C(0x1fffffffffffffe) + arg1[7] - arg2[7]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -856,14 +856,14 @@ static void fiat_p448_opp(uint64_t out1[8], const uint64_t arg1[8]) { uint64_t x6; uint64_t x7; uint64_t x8; - x1 = (UINT64_C(0x1fffffffffffffe) - (arg1[0])); - x2 = (UINT64_C(0x1fffffffffffffe) - (arg1[1])); - x3 = (UINT64_C(0x1fffffffffffffe) - (arg1[2])); - x4 = (UINT64_C(0x1fffffffffffffe) - (arg1[3])); - x5 = (UINT64_C(0x1fffffffffffffc) - (arg1[4])); - x6 = (UINT64_C(0x1fffffffffffffe) - (arg1[5])); - x7 = (UINT64_C(0x1fffffffffffffe) - (arg1[6])); - x8 = (UINT64_C(0x1fffffffffffffe) - (arg1[7])); + x1 = UINT64_C(0x1fffffffffffffe) - arg1[0]; + x2 = UINT64_C(0x1fffffffffffffe) - arg1[1]; + x3 = UINT64_C(0x1fffffffffffffe) - arg1[2]; + x4 = UINT64_C(0x1fffffffffffffe) - arg1[3]; + x5 = UINT64_C(0x1fffffffffffffc) - arg1[4]; + x6 = UINT64_C(0x1fffffffffffffe) - arg1[5]; + x7 = UINT64_C(0x1fffffffffffffe) - arg1[6]; + x8 = UINT64_C(0x1fffffffffffffe) - arg1[7]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -896,14 +896,14 @@ static void fiat_p448_selectznz(uint64_t out1[8], fiat_p448_uint1 arg1, const ui uint64_t x6; uint64_t x7; uint64_t x8; - fiat_p448_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p448_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p448_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p448_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p448_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p448_cmovznz_u64(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p448_cmovznz_u64(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_p448_cmovznz_u64(&x8, arg1, (arg2[7]), (arg3[7])); + fiat_p448_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_p448_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_p448_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_p448_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); + fiat_p448_cmovznz_u64(&x5, arg1, arg2[4], arg3[4]); + fiat_p448_cmovznz_u64(&x6, arg1, arg2[5], arg3[5]); + fiat_p448_cmovznz_u64(&x7, arg1, arg2[6], arg3[6]); + fiat_p448_cmovznz_u64(&x8, arg1, arg2[7], arg3[7]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -1055,117 +1055,117 @@ static void fiat_p448_to_bytes(uint8_t out1[56], const uint64_t arg1[8]) { uint64_t x127; uint8_t x128; uint8_t x129; - fiat_p448_subborrowx_u56(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0xffffffffffffff)); - fiat_p448_subborrowx_u56(&x3, &x4, x2, (arg1[1]), UINT64_C(0xffffffffffffff)); - fiat_p448_subborrowx_u56(&x5, &x6, x4, (arg1[2]), UINT64_C(0xffffffffffffff)); - fiat_p448_subborrowx_u56(&x7, &x8, x6, (arg1[3]), UINT64_C(0xffffffffffffff)); - fiat_p448_subborrowx_u56(&x9, &x10, x8, (arg1[4]), UINT64_C(0xfffffffffffffe)); - fiat_p448_subborrowx_u56(&x11, &x12, x10, (arg1[5]), UINT64_C(0xffffffffffffff)); - fiat_p448_subborrowx_u56(&x13, &x14, x12, (arg1[6]), UINT64_C(0xffffffffffffff)); - fiat_p448_subborrowx_u56(&x15, &x16, x14, (arg1[7]), UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x1, &x2, 0x0, arg1[0], UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x3, &x4, x2, arg1[1], UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x5, &x6, x4, arg1[2], UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x7, &x8, x6, arg1[3], UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x9, &x10, x8, arg1[4], UINT64_C(0xfffffffffffffe)); + fiat_p448_subborrowx_u56(&x11, &x12, x10, arg1[5], UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x13, &x14, x12, arg1[6], UINT64_C(0xffffffffffffff)); + fiat_p448_subborrowx_u56(&x15, &x16, x14, arg1[7], UINT64_C(0xffffffffffffff)); fiat_p448_cmovznz_u64(&x17, x16, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_p448_addcarryx_u56(&x18, &x19, 0x0, x1, (x17 & UINT64_C(0xffffffffffffff))); - fiat_p448_addcarryx_u56(&x20, &x21, x19, x3, (x17 & UINT64_C(0xffffffffffffff))); - fiat_p448_addcarryx_u56(&x22, &x23, x21, x5, (x17 & UINT64_C(0xffffffffffffff))); - fiat_p448_addcarryx_u56(&x24, &x25, x23, x7, (x17 & UINT64_C(0xffffffffffffff))); - fiat_p448_addcarryx_u56(&x26, &x27, x25, x9, (x17 & UINT64_C(0xfffffffffffffe))); - fiat_p448_addcarryx_u56(&x28, &x29, x27, x11, (x17 & UINT64_C(0xffffffffffffff))); - fiat_p448_addcarryx_u56(&x30, &x31, x29, x13, (x17 & UINT64_C(0xffffffffffffff))); - fiat_p448_addcarryx_u56(&x32, &x33, x31, x15, (x17 & UINT64_C(0xffffffffffffff))); + fiat_p448_addcarryx_u56(&x18, &x19, 0x0, x1, x17 & UINT64_C(0xffffffffffffff)); + fiat_p448_addcarryx_u56(&x20, &x21, x19, x3, x17 & UINT64_C(0xffffffffffffff)); + fiat_p448_addcarryx_u56(&x22, &x23, x21, x5, x17 & UINT64_C(0xffffffffffffff)); + fiat_p448_addcarryx_u56(&x24, &x25, x23, x7, x17 & UINT64_C(0xffffffffffffff)); + fiat_p448_addcarryx_u56(&x26, &x27, x25, x9, x17 & UINT64_C(0xfffffffffffffe)); + fiat_p448_addcarryx_u56(&x28, &x29, x27, x11, x17 & UINT64_C(0xffffffffffffff)); + fiat_p448_addcarryx_u56(&x30, &x31, x29, x13, x17 & UINT64_C(0xffffffffffffff)); + fiat_p448_addcarryx_u56(&x32, &x33, x31, x15, x17 & UINT64_C(0xffffffffffffff)); x34 = (uint8_t)(x18 & UINT8_C(0xff)); - x35 = (x18 >> 8); + x35 = x18 >> 8; x36 = (uint8_t)(x35 & UINT8_C(0xff)); - x37 = (x35 >> 8); + x37 = x35 >> 8; x38 = (uint8_t)(x37 & UINT8_C(0xff)); - x39 = (x37 >> 8); + x39 = x37 >> 8; x40 = (uint8_t)(x39 & UINT8_C(0xff)); - x41 = (x39 >> 8); + x41 = x39 >> 8; x42 = (uint8_t)(x41 & UINT8_C(0xff)); - x43 = (x41 >> 8); + x43 = x41 >> 8; x44 = (uint8_t)(x43 & UINT8_C(0xff)); x45 = (uint8_t)(x43 >> 8); x46 = (uint8_t)(x20 & UINT8_C(0xff)); - x47 = (x20 >> 8); + x47 = x20 >> 8; x48 = (uint8_t)(x47 & UINT8_C(0xff)); - x49 = (x47 >> 8); + x49 = x47 >> 8; x50 = (uint8_t)(x49 & UINT8_C(0xff)); - x51 = (x49 >> 8); + x51 = x49 >> 8; x52 = (uint8_t)(x51 & UINT8_C(0xff)); - x53 = (x51 >> 8); + x53 = x51 >> 8; x54 = (uint8_t)(x53 & UINT8_C(0xff)); - x55 = (x53 >> 8); + x55 = x53 >> 8; x56 = (uint8_t)(x55 & UINT8_C(0xff)); x57 = (uint8_t)(x55 >> 8); x58 = (uint8_t)(x22 & UINT8_C(0xff)); - x59 = (x22 >> 8); + x59 = x22 >> 8; x60 = (uint8_t)(x59 & UINT8_C(0xff)); - x61 = (x59 >> 8); + x61 = x59 >> 8; x62 = (uint8_t)(x61 & UINT8_C(0xff)); - x63 = (x61 >> 8); + x63 = x61 >> 8; x64 = (uint8_t)(x63 & UINT8_C(0xff)); - x65 = (x63 >> 8); + x65 = x63 >> 8; x66 = (uint8_t)(x65 & UINT8_C(0xff)); - x67 = (x65 >> 8); + x67 = x65 >> 8; x68 = (uint8_t)(x67 & UINT8_C(0xff)); x69 = (uint8_t)(x67 >> 8); x70 = (uint8_t)(x24 & UINT8_C(0xff)); - x71 = (x24 >> 8); + x71 = x24 >> 8; x72 = (uint8_t)(x71 & UINT8_C(0xff)); - x73 = (x71 >> 8); + x73 = x71 >> 8; x74 = (uint8_t)(x73 & UINT8_C(0xff)); - x75 = (x73 >> 8); + x75 = x73 >> 8; x76 = (uint8_t)(x75 & UINT8_C(0xff)); - x77 = (x75 >> 8); + x77 = x75 >> 8; x78 = (uint8_t)(x77 & UINT8_C(0xff)); - x79 = (x77 >> 8); + x79 = x77 >> 8; x80 = (uint8_t)(x79 & UINT8_C(0xff)); x81 = (uint8_t)(x79 >> 8); x82 = (uint8_t)(x26 & UINT8_C(0xff)); - x83 = (x26 >> 8); + x83 = x26 >> 8; x84 = (uint8_t)(x83 & UINT8_C(0xff)); - x85 = (x83 >> 8); + x85 = x83 >> 8; x86 = (uint8_t)(x85 & UINT8_C(0xff)); - x87 = (x85 >> 8); + x87 = x85 >> 8; x88 = (uint8_t)(x87 & UINT8_C(0xff)); - x89 = (x87 >> 8); + x89 = x87 >> 8; x90 = (uint8_t)(x89 & UINT8_C(0xff)); - x91 = (x89 >> 8); + x91 = x89 >> 8; x92 = (uint8_t)(x91 & UINT8_C(0xff)); x93 = (uint8_t)(x91 >> 8); x94 = (uint8_t)(x28 & UINT8_C(0xff)); - x95 = (x28 >> 8); + x95 = x28 >> 8; x96 = (uint8_t)(x95 & UINT8_C(0xff)); - x97 = (x95 >> 8); + x97 = x95 >> 8; x98 = (uint8_t)(x97 & UINT8_C(0xff)); - x99 = (x97 >> 8); + x99 = x97 >> 8; x100 = (uint8_t)(x99 & UINT8_C(0xff)); - x101 = (x99 >> 8); + x101 = x99 >> 8; x102 = (uint8_t)(x101 & UINT8_C(0xff)); - x103 = (x101 >> 8); + x103 = x101 >> 8; x104 = (uint8_t)(x103 & UINT8_C(0xff)); x105 = (uint8_t)(x103 >> 8); x106 = (uint8_t)(x30 & UINT8_C(0xff)); - x107 = (x30 >> 8); + x107 = x30 >> 8; x108 = (uint8_t)(x107 & UINT8_C(0xff)); - x109 = (x107 >> 8); + x109 = x107 >> 8; x110 = (uint8_t)(x109 & UINT8_C(0xff)); - x111 = (x109 >> 8); + x111 = x109 >> 8; x112 = (uint8_t)(x111 & UINT8_C(0xff)); - x113 = (x111 >> 8); + x113 = x111 >> 8; x114 = (uint8_t)(x113 & UINT8_C(0xff)); - x115 = (x113 >> 8); + x115 = x113 >> 8; x116 = (uint8_t)(x115 & UINT8_C(0xff)); x117 = (uint8_t)(x115 >> 8); x118 = (uint8_t)(x32 & UINT8_C(0xff)); - x119 = (x32 >> 8); + x119 = x32 >> 8; x120 = (uint8_t)(x119 & UINT8_C(0xff)); - x121 = (x119 >> 8); + x121 = x119 >> 8; x122 = (uint8_t)(x121 & UINT8_C(0xff)); - x123 = (x121 >> 8); + x123 = x121 >> 8; x124 = (uint8_t)(x123 & UINT8_C(0xff)); - x125 = (x123 >> 8); + x125 = x123 >> 8; x126 = (uint8_t)(x125 & UINT8_C(0xff)); - x127 = (x125 >> 8); + x127 = x125 >> 8; x128 = (uint8_t)(x127 & UINT8_C(0xff)); x129 = (uint8_t)(x127 >> 8); out1[0] = x34; @@ -1342,110 +1342,110 @@ static void fiat_p448_from_bytes(uint64_t out1[8], const uint8_t arg1[56]) { uint64_t x102; uint64_t x103; uint64_t x104; - x1 = ((uint64_t)(arg1[55]) << 48); - x2 = ((uint64_t)(arg1[54]) << 40); - x3 = ((uint64_t)(arg1[53]) << 32); - x4 = ((uint64_t)(arg1[52]) << 24); - x5 = ((uint64_t)(arg1[51]) << 16); - x6 = ((uint64_t)(arg1[50]) << 8); - x7 = (arg1[49]); - x8 = ((uint64_t)(arg1[48]) << 48); - x9 = ((uint64_t)(arg1[47]) << 40); - x10 = ((uint64_t)(arg1[46]) << 32); - x11 = ((uint64_t)(arg1[45]) << 24); - x12 = ((uint64_t)(arg1[44]) << 16); - x13 = ((uint64_t)(arg1[43]) << 8); - x14 = (arg1[42]); - x15 = ((uint64_t)(arg1[41]) << 48); - x16 = ((uint64_t)(arg1[40]) << 40); - x17 = ((uint64_t)(arg1[39]) << 32); - x18 = ((uint64_t)(arg1[38]) << 24); - x19 = ((uint64_t)(arg1[37]) << 16); - x20 = ((uint64_t)(arg1[36]) << 8); - x21 = (arg1[35]); - x22 = ((uint64_t)(arg1[34]) << 48); - x23 = ((uint64_t)(arg1[33]) << 40); - x24 = ((uint64_t)(arg1[32]) << 32); - x25 = ((uint64_t)(arg1[31]) << 24); - x26 = ((uint64_t)(arg1[30]) << 16); - x27 = ((uint64_t)(arg1[29]) << 8); - x28 = (arg1[28]); - x29 = ((uint64_t)(arg1[27]) << 48); - x30 = ((uint64_t)(arg1[26]) << 40); - x31 = ((uint64_t)(arg1[25]) << 32); - x32 = ((uint64_t)(arg1[24]) << 24); - x33 = ((uint64_t)(arg1[23]) << 16); - x34 = ((uint64_t)(arg1[22]) << 8); - x35 = (arg1[21]); - x36 = ((uint64_t)(arg1[20]) << 48); - x37 = ((uint64_t)(arg1[19]) << 40); - x38 = ((uint64_t)(arg1[18]) << 32); - x39 = ((uint64_t)(arg1[17]) << 24); - x40 = ((uint64_t)(arg1[16]) << 16); - x41 = ((uint64_t)(arg1[15]) << 8); - x42 = (arg1[14]); - x43 = ((uint64_t)(arg1[13]) << 48); - x44 = ((uint64_t)(arg1[12]) << 40); - x45 = ((uint64_t)(arg1[11]) << 32); - x46 = ((uint64_t)(arg1[10]) << 24); - x47 = ((uint64_t)(arg1[9]) << 16); - x48 = ((uint64_t)(arg1[8]) << 8); - x49 = (arg1[7]); - x50 = ((uint64_t)(arg1[6]) << 48); - x51 = ((uint64_t)(arg1[5]) << 40); - x52 = ((uint64_t)(arg1[4]) << 32); - x53 = ((uint64_t)(arg1[3]) << 24); - x54 = ((uint64_t)(arg1[2]) << 16); - x55 = ((uint64_t)(arg1[1]) << 8); - x56 = (arg1[0]); - x57 = (x55 + (uint64_t)x56); - x58 = (x54 + x57); - x59 = (x53 + x58); - x60 = (x52 + x59); - x61 = (x51 + x60); - x62 = (x50 + x61); - x63 = (x48 + (uint64_t)x49); - x64 = (x47 + x63); - x65 = (x46 + x64); - x66 = (x45 + x65); - x67 = (x44 + x66); - x68 = (x43 + x67); - x69 = (x41 + (uint64_t)x42); - x70 = (x40 + x69); - x71 = (x39 + x70); - x72 = (x38 + x71); - x73 = (x37 + x72); - x74 = (x36 + x73); - x75 = (x34 + (uint64_t)x35); - x76 = (x33 + x75); - x77 = (x32 + x76); - x78 = (x31 + x77); - x79 = (x30 + x78); - x80 = (x29 + x79); - x81 = (x27 + (uint64_t)x28); - x82 = (x26 + x81); - x83 = (x25 + x82); - x84 = (x24 + x83); - x85 = (x23 + x84); - x86 = (x22 + x85); - x87 = (x20 + (uint64_t)x21); - x88 = (x19 + x87); - x89 = (x18 + x88); - x90 = (x17 + x89); - x91 = (x16 + x90); - x92 = (x15 + x91); - x93 = (x13 + (uint64_t)x14); - x94 = (x12 + x93); - x95 = (x11 + x94); - x96 = (x10 + x95); - x97 = (x9 + x96); - x98 = (x8 + x97); - x99 = (x6 + (uint64_t)x7); - x100 = (x5 + x99); - x101 = (x4 + x100); - x102 = (x3 + x101); - x103 = (x2 + x102); - x104 = (x1 + x103); + x1 = (uint64_t)arg1[55] << 48; + x2 = (uint64_t)arg1[54] << 40; + x3 = (uint64_t)arg1[53] << 32; + x4 = (uint64_t)arg1[52] << 24; + x5 = (uint64_t)arg1[51] << 16; + x6 = (uint64_t)arg1[50] << 8; + x7 = arg1[49]; + x8 = (uint64_t)arg1[48] << 48; + x9 = (uint64_t)arg1[47] << 40; + x10 = (uint64_t)arg1[46] << 32; + x11 = (uint64_t)arg1[45] << 24; + x12 = (uint64_t)arg1[44] << 16; + x13 = (uint64_t)arg1[43] << 8; + x14 = arg1[42]; + x15 = (uint64_t)arg1[41] << 48; + x16 = (uint64_t)arg1[40] << 40; + x17 = (uint64_t)arg1[39] << 32; + x18 = (uint64_t)arg1[38] << 24; + x19 = (uint64_t)arg1[37] << 16; + x20 = (uint64_t)arg1[36] << 8; + x21 = arg1[35]; + x22 = (uint64_t)arg1[34] << 48; + x23 = (uint64_t)arg1[33] << 40; + x24 = (uint64_t)arg1[32] << 32; + x25 = (uint64_t)arg1[31] << 24; + x26 = (uint64_t)arg1[30] << 16; + x27 = (uint64_t)arg1[29] << 8; + x28 = arg1[28]; + x29 = (uint64_t)arg1[27] << 48; + x30 = (uint64_t)arg1[26] << 40; + x31 = (uint64_t)arg1[25] << 32; + x32 = (uint64_t)arg1[24] << 24; + x33 = (uint64_t)arg1[23] << 16; + x34 = (uint64_t)arg1[22] << 8; + x35 = arg1[21]; + x36 = (uint64_t)arg1[20] << 48; + x37 = (uint64_t)arg1[19] << 40; + x38 = (uint64_t)arg1[18] << 32; + x39 = (uint64_t)arg1[17] << 24; + x40 = (uint64_t)arg1[16] << 16; + x41 = (uint64_t)arg1[15] << 8; + x42 = arg1[14]; + x43 = (uint64_t)arg1[13] << 48; + x44 = (uint64_t)arg1[12] << 40; + x45 = (uint64_t)arg1[11] << 32; + x46 = (uint64_t)arg1[10] << 24; + x47 = (uint64_t)arg1[9] << 16; + x48 = (uint64_t)arg1[8] << 8; + x49 = arg1[7]; + x50 = (uint64_t)arg1[6] << 48; + x51 = (uint64_t)arg1[5] << 40; + x52 = (uint64_t)arg1[4] << 32; + x53 = (uint64_t)arg1[3] << 24; + x54 = (uint64_t)arg1[2] << 16; + x55 = (uint64_t)arg1[1] << 8; + x56 = arg1[0]; + x57 = x55 + (uint64_t)x56; + x58 = x54 + x57; + x59 = x53 + x58; + x60 = x52 + x59; + x61 = x51 + x60; + x62 = x50 + x61; + x63 = x48 + (uint64_t)x49; + x64 = x47 + x63; + x65 = x46 + x64; + x66 = x45 + x65; + x67 = x44 + x66; + x68 = x43 + x67; + x69 = x41 + (uint64_t)x42; + x70 = x40 + x69; + x71 = x39 + x70; + x72 = x38 + x71; + x73 = x37 + x72; + x74 = x36 + x73; + x75 = x34 + (uint64_t)x35; + x76 = x33 + x75; + x77 = x32 + x76; + x78 = x31 + x77; + x79 = x30 + x78; + x80 = x29 + x79; + x81 = x27 + (uint64_t)x28; + x82 = x26 + x81; + x83 = x25 + x82; + x84 = x24 + x83; + x85 = x23 + x84; + x86 = x22 + x85; + x87 = x20 + (uint64_t)x21; + x88 = x19 + x87; + x89 = x18 + x88; + x90 = x17 + x89; + x91 = x16 + x90; + x92 = x15 + x91; + x93 = x13 + (uint64_t)x14; + x94 = x12 + x93; + x95 = x11 + x94; + x96 = x10 + x95; + x97 = x9 + x96; + x98 = x8 + x97; + x99 = x6 + (uint64_t)x7; + x100 = x5 + x99; + x101 = x4 + x100; + x102 = x3 + x101; + x103 = x2 + x102; + x104 = x1 + x103; out1[0] = x62; out1[1] = x68; out1[2] = x74; diff --git a/fiat-c/src/p521_64.c b/fiat-c/src/p521_64.c index 01527e7ee7..b0871381ba 100644 --- a/fiat-c/src/p521_64.c +++ b/fiat-c/src/p521_64.c @@ -57,8 +57,8 @@ static void fiat_p521_addcarryx_u58(uint64_t* out1, fiat_p521_uint1* out2, fiat_ uint64_t x1; uint64_t x2; fiat_p521_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT64_C(0x3ffffffffffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT64_C(0x3ffffffffffffff); x3 = (fiat_p521_uint1)(x1 >> 58); *out1 = x2; *out2 = x3; @@ -83,9 +83,9 @@ static void fiat_p521_subborrowx_u58(uint64_t* out1, fiat_p521_uint1* out2, fiat int64_t x1; fiat_p521_int1 x2; uint64_t x3; - x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + x1 = (int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3; x2 = (fiat_p521_int1)(x1 >> 58); - x3 = (x1 & UINT64_C(0x3ffffffffffffff)); + x3 = x1 & UINT64_C(0x3ffffffffffffff); *out1 = x3; *out2 = (fiat_p521_uint1)(0x0 - x2); } @@ -109,8 +109,8 @@ static void fiat_p521_addcarryx_u57(uint64_t* out1, fiat_p521_uint1* out2, fiat_ uint64_t x1; uint64_t x2; fiat_p521_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT64_C(0x1ffffffffffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT64_C(0x1ffffffffffffff); x3 = (fiat_p521_uint1)(x1 >> 57); *out1 = x2; *out2 = x3; @@ -135,9 +135,9 @@ static void fiat_p521_subborrowx_u57(uint64_t* out1, fiat_p521_uint1* out2, fiat int64_t x1; fiat_p521_int1 x2; uint64_t x3; - x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + x1 = (int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3; x2 = (fiat_p521_int1)(x1 >> 57); - x3 = (x1 & UINT64_C(0x1ffffffffffffff)); + x3 = x1 & UINT64_C(0x1ffffffffffffff); *out1 = x3; *out2 = (fiat_p521_uint1)(0x0 - x2); } @@ -159,9 +159,9 @@ static void fiat_p521_cmovznz_u64(uint64_t* out1, fiat_p521_uint1 arg1, uint64_t fiat_p521_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_p521_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_p521_value_barrier_u64(x2) & arg3) | (fiat_p521_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_p521_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_p521_value_barrier_u64(x2) & arg3 | fiat_p521_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -301,129 +301,129 @@ static void fiat_p521_carry_mul(uint64_t out1[9], const uint64_t arg1[9], const fiat_p521_uint1 x121; uint64_t x122; uint64_t x123; - x1 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[8]) * 0x2)); - x2 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[7]) * 0x2)); - x3 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[6]) * 0x2)); - x4 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[5]) * 0x2)); - x5 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[4]) * 0x2)); - x6 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[3]) * 0x2)); - x7 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[2]) * 0x2)); - x8 = ((fiat_p521_uint128)(arg1[8]) * ((arg2[1]) * 0x2)); - x9 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[8]) * 0x2)); - x10 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[7]) * 0x2)); - x11 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[6]) * 0x2)); - x12 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[5]) * 0x2)); - x13 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[4]) * 0x2)); - x14 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[3]) * 0x2)); - x15 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[2]) * 0x2)); - x16 = ((fiat_p521_uint128)(arg1[6]) * ((arg2[8]) * 0x2)); - x17 = ((fiat_p521_uint128)(arg1[6]) * ((arg2[7]) * 0x2)); - x18 = ((fiat_p521_uint128)(arg1[6]) * ((arg2[6]) * 0x2)); - x19 = ((fiat_p521_uint128)(arg1[6]) * ((arg2[5]) * 0x2)); - x20 = ((fiat_p521_uint128)(arg1[6]) * ((arg2[4]) * 0x2)); - x21 = ((fiat_p521_uint128)(arg1[6]) * ((arg2[3]) * 0x2)); - x22 = ((fiat_p521_uint128)(arg1[5]) * ((arg2[8]) * 0x2)); - x23 = ((fiat_p521_uint128)(arg1[5]) * ((arg2[7]) * 0x2)); - x24 = ((fiat_p521_uint128)(arg1[5]) * ((arg2[6]) * 0x2)); - x25 = ((fiat_p521_uint128)(arg1[5]) * ((arg2[5]) * 0x2)); - x26 = ((fiat_p521_uint128)(arg1[5]) * ((arg2[4]) * 0x2)); - x27 = ((fiat_p521_uint128)(arg1[4]) * ((arg2[8]) * 0x2)); - x28 = ((fiat_p521_uint128)(arg1[4]) * ((arg2[7]) * 0x2)); - x29 = ((fiat_p521_uint128)(arg1[4]) * ((arg2[6]) * 0x2)); - x30 = ((fiat_p521_uint128)(arg1[4]) * ((arg2[5]) * 0x2)); - x31 = ((fiat_p521_uint128)(arg1[3]) * ((arg2[8]) * 0x2)); - x32 = ((fiat_p521_uint128)(arg1[3]) * ((arg2[7]) * 0x2)); - x33 = ((fiat_p521_uint128)(arg1[3]) * ((arg2[6]) * 0x2)); - x34 = ((fiat_p521_uint128)(arg1[2]) * ((arg2[8]) * 0x2)); - x35 = ((fiat_p521_uint128)(arg1[2]) * ((arg2[7]) * 0x2)); - x36 = ((fiat_p521_uint128)(arg1[1]) * ((arg2[8]) * 0x2)); - x37 = ((fiat_p521_uint128)(arg1[8]) * (arg2[0])); - x38 = ((fiat_p521_uint128)(arg1[7]) * (arg2[1])); - x39 = ((fiat_p521_uint128)(arg1[7]) * (arg2[0])); - x40 = ((fiat_p521_uint128)(arg1[6]) * (arg2[2])); - x41 = ((fiat_p521_uint128)(arg1[6]) * (arg2[1])); - x42 = ((fiat_p521_uint128)(arg1[6]) * (arg2[0])); - x43 = ((fiat_p521_uint128)(arg1[5]) * (arg2[3])); - x44 = ((fiat_p521_uint128)(arg1[5]) * (arg2[2])); - x45 = ((fiat_p521_uint128)(arg1[5]) * (arg2[1])); - x46 = ((fiat_p521_uint128)(arg1[5]) * (arg2[0])); - x47 = ((fiat_p521_uint128)(arg1[4]) * (arg2[4])); - x48 = ((fiat_p521_uint128)(arg1[4]) * (arg2[3])); - x49 = ((fiat_p521_uint128)(arg1[4]) * (arg2[2])); - x50 = ((fiat_p521_uint128)(arg1[4]) * (arg2[1])); - x51 = ((fiat_p521_uint128)(arg1[4]) * (arg2[0])); - x52 = ((fiat_p521_uint128)(arg1[3]) * (arg2[5])); - x53 = ((fiat_p521_uint128)(arg1[3]) * (arg2[4])); - x54 = ((fiat_p521_uint128)(arg1[3]) * (arg2[3])); - x55 = ((fiat_p521_uint128)(arg1[3]) * (arg2[2])); - x56 = ((fiat_p521_uint128)(arg1[3]) * (arg2[1])); - x57 = ((fiat_p521_uint128)(arg1[3]) * (arg2[0])); - x58 = ((fiat_p521_uint128)(arg1[2]) * (arg2[6])); - x59 = ((fiat_p521_uint128)(arg1[2]) * (arg2[5])); - x60 = ((fiat_p521_uint128)(arg1[2]) * (arg2[4])); - x61 = ((fiat_p521_uint128)(arg1[2]) * (arg2[3])); - x62 = ((fiat_p521_uint128)(arg1[2]) * (arg2[2])); - x63 = ((fiat_p521_uint128)(arg1[2]) * (arg2[1])); - x64 = ((fiat_p521_uint128)(arg1[2]) * (arg2[0])); - x65 = ((fiat_p521_uint128)(arg1[1]) * (arg2[7])); - x66 = ((fiat_p521_uint128)(arg1[1]) * (arg2[6])); - x67 = ((fiat_p521_uint128)(arg1[1]) * (arg2[5])); - x68 = ((fiat_p521_uint128)(arg1[1]) * (arg2[4])); - x69 = ((fiat_p521_uint128)(arg1[1]) * (arg2[3])); - x70 = ((fiat_p521_uint128)(arg1[1]) * (arg2[2])); - x71 = ((fiat_p521_uint128)(arg1[1]) * (arg2[1])); - x72 = ((fiat_p521_uint128)(arg1[1]) * (arg2[0])); - x73 = ((fiat_p521_uint128)(arg1[0]) * (arg2[8])); - x74 = ((fiat_p521_uint128)(arg1[0]) * (arg2[7])); - x75 = ((fiat_p521_uint128)(arg1[0]) * (arg2[6])); - x76 = ((fiat_p521_uint128)(arg1[0]) * (arg2[5])); - x77 = ((fiat_p521_uint128)(arg1[0]) * (arg2[4])); - x78 = ((fiat_p521_uint128)(arg1[0]) * (arg2[3])); - x79 = ((fiat_p521_uint128)(arg1[0]) * (arg2[2])); - x80 = ((fiat_p521_uint128)(arg1[0]) * (arg2[1])); - x81 = ((fiat_p521_uint128)(arg1[0]) * (arg2[0])); - x82 = (x81 + (x36 + (x35 + (x33 + (x30 + (x26 + (x21 + (x15 + x8)))))))); - x83 = (x82 >> 58); + x1 = (fiat_p521_uint128)arg1[8] * (arg2[8] * 0x2); + x2 = (fiat_p521_uint128)arg1[8] * (arg2[7] * 0x2); + x3 = (fiat_p521_uint128)arg1[8] * (arg2[6] * 0x2); + x4 = (fiat_p521_uint128)arg1[8] * (arg2[5] * 0x2); + x5 = (fiat_p521_uint128)arg1[8] * (arg2[4] * 0x2); + x6 = (fiat_p521_uint128)arg1[8] * (arg2[3] * 0x2); + x7 = (fiat_p521_uint128)arg1[8] * (arg2[2] * 0x2); + x8 = (fiat_p521_uint128)arg1[8] * (arg2[1] * 0x2); + x9 = (fiat_p521_uint128)arg1[7] * (arg2[8] * 0x2); + x10 = (fiat_p521_uint128)arg1[7] * (arg2[7] * 0x2); + x11 = (fiat_p521_uint128)arg1[7] * (arg2[6] * 0x2); + x12 = (fiat_p521_uint128)arg1[7] * (arg2[5] * 0x2); + x13 = (fiat_p521_uint128)arg1[7] * (arg2[4] * 0x2); + x14 = (fiat_p521_uint128)arg1[7] * (arg2[3] * 0x2); + x15 = (fiat_p521_uint128)arg1[7] * (arg2[2] * 0x2); + x16 = (fiat_p521_uint128)arg1[6] * (arg2[8] * 0x2); + x17 = (fiat_p521_uint128)arg1[6] * (arg2[7] * 0x2); + x18 = (fiat_p521_uint128)arg1[6] * (arg2[6] * 0x2); + x19 = (fiat_p521_uint128)arg1[6] * (arg2[5] * 0x2); + x20 = (fiat_p521_uint128)arg1[6] * (arg2[4] * 0x2); + x21 = (fiat_p521_uint128)arg1[6] * (arg2[3] * 0x2); + x22 = (fiat_p521_uint128)arg1[5] * (arg2[8] * 0x2); + x23 = (fiat_p521_uint128)arg1[5] * (arg2[7] * 0x2); + x24 = (fiat_p521_uint128)arg1[5] * (arg2[6] * 0x2); + x25 = (fiat_p521_uint128)arg1[5] * (arg2[5] * 0x2); + x26 = (fiat_p521_uint128)arg1[5] * (arg2[4] * 0x2); + x27 = (fiat_p521_uint128)arg1[4] * (arg2[8] * 0x2); + x28 = (fiat_p521_uint128)arg1[4] * (arg2[7] * 0x2); + x29 = (fiat_p521_uint128)arg1[4] * (arg2[6] * 0x2); + x30 = (fiat_p521_uint128)arg1[4] * (arg2[5] * 0x2); + x31 = (fiat_p521_uint128)arg1[3] * (arg2[8] * 0x2); + x32 = (fiat_p521_uint128)arg1[3] * (arg2[7] * 0x2); + x33 = (fiat_p521_uint128)arg1[3] * (arg2[6] * 0x2); + x34 = (fiat_p521_uint128)arg1[2] * (arg2[8] * 0x2); + x35 = (fiat_p521_uint128)arg1[2] * (arg2[7] * 0x2); + x36 = (fiat_p521_uint128)arg1[1] * (arg2[8] * 0x2); + x37 = (fiat_p521_uint128)arg1[8] * arg2[0]; + x38 = (fiat_p521_uint128)arg1[7] * arg2[1]; + x39 = (fiat_p521_uint128)arg1[7] * arg2[0]; + x40 = (fiat_p521_uint128)arg1[6] * arg2[2]; + x41 = (fiat_p521_uint128)arg1[6] * arg2[1]; + x42 = (fiat_p521_uint128)arg1[6] * arg2[0]; + x43 = (fiat_p521_uint128)arg1[5] * arg2[3]; + x44 = (fiat_p521_uint128)arg1[5] * arg2[2]; + x45 = (fiat_p521_uint128)arg1[5] * arg2[1]; + x46 = (fiat_p521_uint128)arg1[5] * arg2[0]; + x47 = (fiat_p521_uint128)arg1[4] * arg2[4]; + x48 = (fiat_p521_uint128)arg1[4] * arg2[3]; + x49 = (fiat_p521_uint128)arg1[4] * arg2[2]; + x50 = (fiat_p521_uint128)arg1[4] * arg2[1]; + x51 = (fiat_p521_uint128)arg1[4] * arg2[0]; + x52 = (fiat_p521_uint128)arg1[3] * arg2[5]; + x53 = (fiat_p521_uint128)arg1[3] * arg2[4]; + x54 = (fiat_p521_uint128)arg1[3] * arg2[3]; + x55 = (fiat_p521_uint128)arg1[3] * arg2[2]; + x56 = (fiat_p521_uint128)arg1[3] * arg2[1]; + x57 = (fiat_p521_uint128)arg1[3] * arg2[0]; + x58 = (fiat_p521_uint128)arg1[2] * arg2[6]; + x59 = (fiat_p521_uint128)arg1[2] * arg2[5]; + x60 = (fiat_p521_uint128)arg1[2] * arg2[4]; + x61 = (fiat_p521_uint128)arg1[2] * arg2[3]; + x62 = (fiat_p521_uint128)arg1[2] * arg2[2]; + x63 = (fiat_p521_uint128)arg1[2] * arg2[1]; + x64 = (fiat_p521_uint128)arg1[2] * arg2[0]; + x65 = (fiat_p521_uint128)arg1[1] * arg2[7]; + x66 = (fiat_p521_uint128)arg1[1] * arg2[6]; + x67 = (fiat_p521_uint128)arg1[1] * arg2[5]; + x68 = (fiat_p521_uint128)arg1[1] * arg2[4]; + x69 = (fiat_p521_uint128)arg1[1] * arg2[3]; + x70 = (fiat_p521_uint128)arg1[1] * arg2[2]; + x71 = (fiat_p521_uint128)arg1[1] * arg2[1]; + x72 = (fiat_p521_uint128)arg1[1] * arg2[0]; + x73 = (fiat_p521_uint128)arg1[0] * arg2[8]; + x74 = (fiat_p521_uint128)arg1[0] * arg2[7]; + x75 = (fiat_p521_uint128)arg1[0] * arg2[6]; + x76 = (fiat_p521_uint128)arg1[0] * arg2[5]; + x77 = (fiat_p521_uint128)arg1[0] * arg2[4]; + x78 = (fiat_p521_uint128)arg1[0] * arg2[3]; + x79 = (fiat_p521_uint128)arg1[0] * arg2[2]; + x80 = (fiat_p521_uint128)arg1[0] * arg2[1]; + x81 = (fiat_p521_uint128)arg1[0] * arg2[0]; + x82 = x81 + (x36 + (x35 + (x33 + (x30 + (x26 + (x21 + (x15 + x8))))))); + x83 = x82 >> 58; x84 = (uint64_t)(x82 & UINT64_C(0x3ffffffffffffff)); - x85 = (x73 + (x65 + (x58 + (x52 + (x47 + (x43 + (x40 + (x38 + x37)))))))); - x86 = (x74 + (x66 + (x59 + (x53 + (x48 + (x44 + (x41 + (x39 + x1)))))))); - x87 = (x75 + (x67 + (x60 + (x54 + (x49 + (x45 + (x42 + (x9 + x2)))))))); - x88 = (x76 + (x68 + (x61 + (x55 + (x50 + (x46 + (x16 + (x10 + x3)))))))); - x89 = (x77 + (x69 + (x62 + (x56 + (x51 + (x22 + (x17 + (x11 + x4)))))))); - x90 = (x78 + (x70 + (x63 + (x57 + (x27 + (x23 + (x18 + (x12 + x5)))))))); - x91 = (x79 + (x71 + (x64 + (x31 + (x28 + (x24 + (x19 + (x13 + x6)))))))); - x92 = (x80 + (x72 + (x34 + (x32 + (x29 + (x25 + (x20 + (x14 + x7)))))))); - x93 = (x83 + x92); - x94 = (x93 >> 58); + x85 = x73 + (x65 + (x58 + (x52 + (x47 + (x43 + (x40 + (x38 + x37))))))); + x86 = x74 + (x66 + (x59 + (x53 + (x48 + (x44 + (x41 + (x39 + x1))))))); + x87 = x75 + (x67 + (x60 + (x54 + (x49 + (x45 + (x42 + (x9 + x2))))))); + x88 = x76 + (x68 + (x61 + (x55 + (x50 + (x46 + (x16 + (x10 + x3))))))); + x89 = x77 + (x69 + (x62 + (x56 + (x51 + (x22 + (x17 + (x11 + x4))))))); + x90 = x78 + (x70 + (x63 + (x57 + (x27 + (x23 + (x18 + (x12 + x5))))))); + x91 = x79 + (x71 + (x64 + (x31 + (x28 + (x24 + (x19 + (x13 + x6))))))); + x92 = x80 + (x72 + (x34 + (x32 + (x29 + (x25 + (x20 + (x14 + x7))))))); + x93 = x83 + x92; + x94 = x93 >> 58; x95 = (uint64_t)(x93 & UINT64_C(0x3ffffffffffffff)); - x96 = (x94 + x91); - x97 = (x96 >> 58); + x96 = x94 + x91; + x97 = x96 >> 58; x98 = (uint64_t)(x96 & UINT64_C(0x3ffffffffffffff)); - x99 = (x97 + x90); - x100 = (x99 >> 58); + x99 = x97 + x90; + x100 = x99 >> 58; x101 = (uint64_t)(x99 & UINT64_C(0x3ffffffffffffff)); - x102 = (x100 + x89); - x103 = (x102 >> 58); + x102 = x100 + x89; + x103 = x102 >> 58; x104 = (uint64_t)(x102 & UINT64_C(0x3ffffffffffffff)); - x105 = (x103 + x88); - x106 = (x105 >> 58); + x105 = x103 + x88; + x106 = x105 >> 58; x107 = (uint64_t)(x105 & UINT64_C(0x3ffffffffffffff)); - x108 = (x106 + x87); - x109 = (x108 >> 58); + x108 = x106 + x87; + x109 = x108 >> 58; x110 = (uint64_t)(x108 & UINT64_C(0x3ffffffffffffff)); - x111 = (x109 + x86); - x112 = (x111 >> 58); + x111 = x109 + x86; + x112 = x111 >> 58; x113 = (uint64_t)(x111 & UINT64_C(0x3ffffffffffffff)); - x114 = (x112 + x85); - x115 = (x114 >> 57); + x114 = x112 + x85; + x115 = x114 >> 57; x116 = (uint64_t)(x114 & UINT64_C(0x1ffffffffffffff)); - x117 = (x84 + x115); + x117 = x84 + x115; x118 = (uint64_t)(x117 >> 58); x119 = (uint64_t)(x117 & UINT64_C(0x3ffffffffffffff)); - x120 = (x118 + x95); + x120 = x118 + x95; x121 = (fiat_p521_uint1)(x120 >> 58); - x122 = (x120 & UINT64_C(0x3ffffffffffffff)); - x123 = (x121 + x98); + x122 = x120 & UINT64_C(0x3ffffffffffffff); + x123 = x121 + x98; out1[0] = x119; out1[1] = x122; out1[2] = x123; @@ -550,109 +550,109 @@ static void fiat_p521_carry_square(uint64_t out1[9], const uint64_t arg1[9]) { fiat_p521_uint1 x101; uint64_t x102; uint64_t x103; - x1 = (arg1[8]); - x2 = (x1 * 0x2); - x3 = ((arg1[8]) * 0x2); - x4 = (arg1[7]); - x5 = (x4 * 0x2); - x6 = ((arg1[7]) * 0x2); - x7 = (arg1[6]); - x8 = (x7 * 0x2); - x9 = ((arg1[6]) * 0x2); - x10 = (arg1[5]); - x11 = (x10 * 0x2); - x12 = ((arg1[5]) * 0x2); - x13 = ((arg1[4]) * 0x2); - x14 = ((arg1[3]) * 0x2); - x15 = ((arg1[2]) * 0x2); - x16 = ((arg1[1]) * 0x2); - x17 = ((fiat_p521_uint128)(arg1[8]) * (x1 * 0x2)); - x18 = ((fiat_p521_uint128)(arg1[7]) * (x2 * 0x2)); - x19 = ((fiat_p521_uint128)(arg1[7]) * (x4 * 0x2)); - x20 = ((fiat_p521_uint128)(arg1[6]) * (x2 * 0x2)); - x21 = ((fiat_p521_uint128)(arg1[6]) * (x5 * 0x2)); - x22 = ((fiat_p521_uint128)(arg1[6]) * (x7 * 0x2)); - x23 = ((fiat_p521_uint128)(arg1[5]) * (x2 * 0x2)); - x24 = ((fiat_p521_uint128)(arg1[5]) * (x5 * 0x2)); - x25 = ((fiat_p521_uint128)(arg1[5]) * (x8 * 0x2)); - x26 = ((fiat_p521_uint128)(arg1[5]) * (x10 * 0x2)); - x27 = ((fiat_p521_uint128)(arg1[4]) * (x2 * 0x2)); - x28 = ((fiat_p521_uint128)(arg1[4]) * (x5 * 0x2)); - x29 = ((fiat_p521_uint128)(arg1[4]) * (x8 * 0x2)); - x30 = ((fiat_p521_uint128)(arg1[4]) * (x11 * 0x2)); - x31 = ((fiat_p521_uint128)(arg1[4]) * (arg1[4])); - x32 = ((fiat_p521_uint128)(arg1[3]) * (x2 * 0x2)); - x33 = ((fiat_p521_uint128)(arg1[3]) * (x5 * 0x2)); - x34 = ((fiat_p521_uint128)(arg1[3]) * (x8 * 0x2)); - x35 = ((fiat_p521_uint128)(arg1[3]) * x12); - x36 = ((fiat_p521_uint128)(arg1[3]) * x13); - x37 = ((fiat_p521_uint128)(arg1[3]) * (arg1[3])); - x38 = ((fiat_p521_uint128)(arg1[2]) * (x2 * 0x2)); - x39 = ((fiat_p521_uint128)(arg1[2]) * (x5 * 0x2)); - x40 = ((fiat_p521_uint128)(arg1[2]) * x9); - x41 = ((fiat_p521_uint128)(arg1[2]) * x12); - x42 = ((fiat_p521_uint128)(arg1[2]) * x13); - x43 = ((fiat_p521_uint128)(arg1[2]) * x14); - x44 = ((fiat_p521_uint128)(arg1[2]) * (arg1[2])); - x45 = ((fiat_p521_uint128)(arg1[1]) * (x2 * 0x2)); - x46 = ((fiat_p521_uint128)(arg1[1]) * x6); - x47 = ((fiat_p521_uint128)(arg1[1]) * x9); - x48 = ((fiat_p521_uint128)(arg1[1]) * x12); - x49 = ((fiat_p521_uint128)(arg1[1]) * x13); - x50 = ((fiat_p521_uint128)(arg1[1]) * x14); - x51 = ((fiat_p521_uint128)(arg1[1]) * x15); - x52 = ((fiat_p521_uint128)(arg1[1]) * (arg1[1])); - x53 = ((fiat_p521_uint128)(arg1[0]) * x3); - x54 = ((fiat_p521_uint128)(arg1[0]) * x6); - x55 = ((fiat_p521_uint128)(arg1[0]) * x9); - x56 = ((fiat_p521_uint128)(arg1[0]) * x12); - x57 = ((fiat_p521_uint128)(arg1[0]) * x13); - x58 = ((fiat_p521_uint128)(arg1[0]) * x14); - x59 = ((fiat_p521_uint128)(arg1[0]) * x15); - x60 = ((fiat_p521_uint128)(arg1[0]) * x16); - x61 = ((fiat_p521_uint128)(arg1[0]) * (arg1[0])); - x62 = (x61 + (x45 + (x39 + (x34 + x30)))); - x63 = (x62 >> 58); + x1 = arg1[8]; + x2 = x1 * 0x2; + x3 = arg1[8] * 0x2; + x4 = arg1[7]; + x5 = x4 * 0x2; + x6 = arg1[7] * 0x2; + x7 = arg1[6]; + x8 = x7 * 0x2; + x9 = arg1[6] * 0x2; + x10 = arg1[5]; + x11 = x10 * 0x2; + x12 = arg1[5] * 0x2; + x13 = arg1[4] * 0x2; + x14 = arg1[3] * 0x2; + x15 = arg1[2] * 0x2; + x16 = arg1[1] * 0x2; + x17 = (fiat_p521_uint128)arg1[8] * (x1 * 0x2); + x18 = (fiat_p521_uint128)arg1[7] * (x2 * 0x2); + x19 = (fiat_p521_uint128)arg1[7] * (x4 * 0x2); + x20 = (fiat_p521_uint128)arg1[6] * (x2 * 0x2); + x21 = (fiat_p521_uint128)arg1[6] * (x5 * 0x2); + x22 = (fiat_p521_uint128)arg1[6] * (x7 * 0x2); + x23 = (fiat_p521_uint128)arg1[5] * (x2 * 0x2); + x24 = (fiat_p521_uint128)arg1[5] * (x5 * 0x2); + x25 = (fiat_p521_uint128)arg1[5] * (x8 * 0x2); + x26 = (fiat_p521_uint128)arg1[5] * (x10 * 0x2); + x27 = (fiat_p521_uint128)arg1[4] * (x2 * 0x2); + x28 = (fiat_p521_uint128)arg1[4] * (x5 * 0x2); + x29 = (fiat_p521_uint128)arg1[4] * (x8 * 0x2); + x30 = (fiat_p521_uint128)arg1[4] * (x11 * 0x2); + x31 = (fiat_p521_uint128)arg1[4] * arg1[4]; + x32 = (fiat_p521_uint128)arg1[3] * (x2 * 0x2); + x33 = (fiat_p521_uint128)arg1[3] * (x5 * 0x2); + x34 = (fiat_p521_uint128)arg1[3] * (x8 * 0x2); + x35 = (fiat_p521_uint128)arg1[3] * x12; + x36 = (fiat_p521_uint128)arg1[3] * x13; + x37 = (fiat_p521_uint128)arg1[3] * arg1[3]; + x38 = (fiat_p521_uint128)arg1[2] * (x2 * 0x2); + x39 = (fiat_p521_uint128)arg1[2] * (x5 * 0x2); + x40 = (fiat_p521_uint128)arg1[2] * x9; + x41 = (fiat_p521_uint128)arg1[2] * x12; + x42 = (fiat_p521_uint128)arg1[2] * x13; + x43 = (fiat_p521_uint128)arg1[2] * x14; + x44 = (fiat_p521_uint128)arg1[2] * arg1[2]; + x45 = (fiat_p521_uint128)arg1[1] * (x2 * 0x2); + x46 = (fiat_p521_uint128)arg1[1] * x6; + x47 = (fiat_p521_uint128)arg1[1] * x9; + x48 = (fiat_p521_uint128)arg1[1] * x12; + x49 = (fiat_p521_uint128)arg1[1] * x13; + x50 = (fiat_p521_uint128)arg1[1] * x14; + x51 = (fiat_p521_uint128)arg1[1] * x15; + x52 = (fiat_p521_uint128)arg1[1] * arg1[1]; + x53 = (fiat_p521_uint128)arg1[0] * x3; + x54 = (fiat_p521_uint128)arg1[0] * x6; + x55 = (fiat_p521_uint128)arg1[0] * x9; + x56 = (fiat_p521_uint128)arg1[0] * x12; + x57 = (fiat_p521_uint128)arg1[0] * x13; + x58 = (fiat_p521_uint128)arg1[0] * x14; + x59 = (fiat_p521_uint128)arg1[0] * x15; + x60 = (fiat_p521_uint128)arg1[0] * x16; + x61 = (fiat_p521_uint128)arg1[0] * arg1[0]; + x62 = x61 + (x45 + (x39 + (x34 + x30))); + x63 = x62 >> 58; x64 = (uint64_t)(x62 & UINT64_C(0x3ffffffffffffff)); - x65 = (x53 + (x46 + (x40 + (x35 + x31)))); - x66 = (x54 + (x47 + (x41 + (x36 + x17)))); - x67 = (x55 + (x48 + (x42 + (x37 + x18)))); - x68 = (x56 + (x49 + (x43 + (x20 + x19)))); - x69 = (x57 + (x50 + (x44 + (x23 + x21)))); - x70 = (x58 + (x51 + (x27 + (x24 + x22)))); - x71 = (x59 + (x52 + (x32 + (x28 + x25)))); - x72 = (x60 + (x38 + (x33 + (x29 + x26)))); - x73 = (x63 + x72); - x74 = (x73 >> 58); + x65 = x53 + (x46 + (x40 + (x35 + x31))); + x66 = x54 + (x47 + (x41 + (x36 + x17))); + x67 = x55 + (x48 + (x42 + (x37 + x18))); + x68 = x56 + (x49 + (x43 + (x20 + x19))); + x69 = x57 + (x50 + (x44 + (x23 + x21))); + x70 = x58 + (x51 + (x27 + (x24 + x22))); + x71 = x59 + (x52 + (x32 + (x28 + x25))); + x72 = x60 + (x38 + (x33 + (x29 + x26))); + x73 = x63 + x72; + x74 = x73 >> 58; x75 = (uint64_t)(x73 & UINT64_C(0x3ffffffffffffff)); - x76 = (x74 + x71); - x77 = (x76 >> 58); + x76 = x74 + x71; + x77 = x76 >> 58; x78 = (uint64_t)(x76 & UINT64_C(0x3ffffffffffffff)); - x79 = (x77 + x70); - x80 = (x79 >> 58); + x79 = x77 + x70; + x80 = x79 >> 58; x81 = (uint64_t)(x79 & UINT64_C(0x3ffffffffffffff)); - x82 = (x80 + x69); - x83 = (x82 >> 58); + x82 = x80 + x69; + x83 = x82 >> 58; x84 = (uint64_t)(x82 & UINT64_C(0x3ffffffffffffff)); - x85 = (x83 + x68); - x86 = (x85 >> 58); + x85 = x83 + x68; + x86 = x85 >> 58; x87 = (uint64_t)(x85 & UINT64_C(0x3ffffffffffffff)); - x88 = (x86 + x67); - x89 = (x88 >> 58); + x88 = x86 + x67; + x89 = x88 >> 58; x90 = (uint64_t)(x88 & UINT64_C(0x3ffffffffffffff)); - x91 = (x89 + x66); - x92 = (x91 >> 58); + x91 = x89 + x66; + x92 = x91 >> 58; x93 = (uint64_t)(x91 & UINT64_C(0x3ffffffffffffff)); - x94 = (x92 + x65); - x95 = (x94 >> 57); + x94 = x92 + x65; + x95 = x94 >> 57; x96 = (uint64_t)(x94 & UINT64_C(0x1ffffffffffffff)); - x97 = (x64 + x95); + x97 = x64 + x95; x98 = (uint64_t)(x97 >> 58); x99 = (uint64_t)(x97 & UINT64_C(0x3ffffffffffffff)); - x100 = (x98 + x75); + x100 = x98 + x75; x101 = (fiat_p521_uint1)(x100 >> 58); - x102 = (x100 & UINT64_C(0x3ffffffffffffff)); - x103 = (x101 + x78); + x102 = x100 & UINT64_C(0x3ffffffffffffff); + x103 = x101 + x78; out1[0] = x99; out1[1] = x102; out1[2] = x103; @@ -696,26 +696,26 @@ static void fiat_p521_carry(uint64_t out1[9], const uint64_t arg1[9]) { uint64_t x18; uint64_t x19; uint64_t x20; - x1 = (arg1[0]); - x2 = ((x1 >> 58) + (arg1[1])); - x3 = ((x2 >> 58) + (arg1[2])); - x4 = ((x3 >> 58) + (arg1[3])); - x5 = ((x4 >> 58) + (arg1[4])); - x6 = ((x5 >> 58) + (arg1[5])); - x7 = ((x6 >> 58) + (arg1[6])); - x8 = ((x7 >> 58) + (arg1[7])); - x9 = ((x8 >> 58) + (arg1[8])); - x10 = ((x1 & UINT64_C(0x3ffffffffffffff)) + (x9 >> 57)); - x11 = ((fiat_p521_uint1)(x10 >> 58) + (x2 & UINT64_C(0x3ffffffffffffff))); - x12 = (x10 & UINT64_C(0x3ffffffffffffff)); - x13 = (x11 & UINT64_C(0x3ffffffffffffff)); - x14 = ((fiat_p521_uint1)(x11 >> 58) + (x3 & UINT64_C(0x3ffffffffffffff))); - x15 = (x4 & UINT64_C(0x3ffffffffffffff)); - x16 = (x5 & UINT64_C(0x3ffffffffffffff)); - x17 = (x6 & UINT64_C(0x3ffffffffffffff)); - x18 = (x7 & UINT64_C(0x3ffffffffffffff)); - x19 = (x8 & UINT64_C(0x3ffffffffffffff)); - x20 = (x9 & UINT64_C(0x1ffffffffffffff)); + x1 = arg1[0]; + x2 = (x1 >> 58) + arg1[1]; + x3 = (x2 >> 58) + arg1[2]; + x4 = (x3 >> 58) + arg1[3]; + x5 = (x4 >> 58) + arg1[4]; + x6 = (x5 >> 58) + arg1[5]; + x7 = (x6 >> 58) + arg1[6]; + x8 = (x7 >> 58) + arg1[7]; + x9 = (x8 >> 58) + arg1[8]; + x10 = (x1 & UINT64_C(0x3ffffffffffffff)) + (x9 >> 57); + x11 = (fiat_p521_uint1)(x10 >> 58) + (x2 & UINT64_C(0x3ffffffffffffff)); + x12 = x10 & UINT64_C(0x3ffffffffffffff); + x13 = x11 & UINT64_C(0x3ffffffffffffff); + x14 = (fiat_p521_uint1)(x11 >> 58) + (x3 & UINT64_C(0x3ffffffffffffff)); + x15 = x4 & UINT64_C(0x3ffffffffffffff); + x16 = x5 & UINT64_C(0x3ffffffffffffff); + x17 = x6 & UINT64_C(0x3ffffffffffffff); + x18 = x7 & UINT64_C(0x3ffffffffffffff); + x19 = x8 & UINT64_C(0x3ffffffffffffff); + x20 = x9 & UINT64_C(0x1ffffffffffffff); out1[0] = x12; out1[1] = x13; out1[2] = x14; @@ -749,15 +749,15 @@ static void fiat_p521_add(uint64_t out1[9], const uint64_t arg1[9], const uint64 uint64_t x7; uint64_t x8; uint64_t x9; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); - x4 = ((arg1[3]) + (arg2[3])); - x5 = ((arg1[4]) + (arg2[4])); - x6 = ((arg1[5]) + (arg2[5])); - x7 = ((arg1[6]) + (arg2[6])); - x8 = ((arg1[7]) + (arg2[7])); - x9 = ((arg1[8]) + (arg2[8])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; + x4 = arg1[3] + arg2[3]; + x5 = arg1[4] + arg2[4]; + x6 = arg1[5] + arg2[5]; + x7 = arg1[6] + arg2[6]; + x8 = arg1[7] + arg2[7]; + x9 = arg1[8] + arg2[8]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -791,15 +791,15 @@ static void fiat_p521_sub(uint64_t out1[9], const uint64_t arg1[9], const uint64 uint64_t x7; uint64_t x8; uint64_t x9; - x1 = ((UINT64_C(0x7fffffffffffffe) + (arg1[0])) - (arg2[0])); - x2 = ((UINT64_C(0x7fffffffffffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT64_C(0x7fffffffffffffe) + (arg1[2])) - (arg2[2])); - x4 = ((UINT64_C(0x7fffffffffffffe) + (arg1[3])) - (arg2[3])); - x5 = ((UINT64_C(0x7fffffffffffffe) + (arg1[4])) - (arg2[4])); - x6 = ((UINT64_C(0x7fffffffffffffe) + (arg1[5])) - (arg2[5])); - x7 = ((UINT64_C(0x7fffffffffffffe) + (arg1[6])) - (arg2[6])); - x8 = ((UINT64_C(0x7fffffffffffffe) + (arg1[7])) - (arg2[7])); - x9 = ((UINT64_C(0x3fffffffffffffe) + (arg1[8])) - (arg2[8])); + x1 = UINT64_C(0x7fffffffffffffe) + arg1[0] - arg2[0]; + x2 = UINT64_C(0x7fffffffffffffe) + arg1[1] - arg2[1]; + x3 = UINT64_C(0x7fffffffffffffe) + arg1[2] - arg2[2]; + x4 = UINT64_C(0x7fffffffffffffe) + arg1[3] - arg2[3]; + x5 = UINT64_C(0x7fffffffffffffe) + arg1[4] - arg2[4]; + x6 = UINT64_C(0x7fffffffffffffe) + arg1[5] - arg2[5]; + x7 = UINT64_C(0x7fffffffffffffe) + arg1[6] - arg2[6]; + x8 = UINT64_C(0x7fffffffffffffe) + arg1[7] - arg2[7]; + x9 = UINT64_C(0x3fffffffffffffe) + arg1[8] - arg2[8]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -832,15 +832,15 @@ static void fiat_p521_opp(uint64_t out1[9], const uint64_t arg1[9]) { uint64_t x7; uint64_t x8; uint64_t x9; - x1 = (UINT64_C(0x7fffffffffffffe) - (arg1[0])); - x2 = (UINT64_C(0x7fffffffffffffe) - (arg1[1])); - x3 = (UINT64_C(0x7fffffffffffffe) - (arg1[2])); - x4 = (UINT64_C(0x7fffffffffffffe) - (arg1[3])); - x5 = (UINT64_C(0x7fffffffffffffe) - (arg1[4])); - x6 = (UINT64_C(0x7fffffffffffffe) - (arg1[5])); - x7 = (UINT64_C(0x7fffffffffffffe) - (arg1[6])); - x8 = (UINT64_C(0x7fffffffffffffe) - (arg1[7])); - x9 = (UINT64_C(0x3fffffffffffffe) - (arg1[8])); + x1 = UINT64_C(0x7fffffffffffffe) - arg1[0]; + x2 = UINT64_C(0x7fffffffffffffe) - arg1[1]; + x3 = UINT64_C(0x7fffffffffffffe) - arg1[2]; + x4 = UINT64_C(0x7fffffffffffffe) - arg1[3]; + x5 = UINT64_C(0x7fffffffffffffe) - arg1[4]; + x6 = UINT64_C(0x7fffffffffffffe) - arg1[5]; + x7 = UINT64_C(0x7fffffffffffffe) - arg1[6]; + x8 = UINT64_C(0x7fffffffffffffe) - arg1[7]; + x9 = UINT64_C(0x3fffffffffffffe) - arg1[8]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -875,15 +875,15 @@ static void fiat_p521_selectznz(uint64_t out1[9], fiat_p521_uint1 arg1, const ui uint64_t x7; uint64_t x8; uint64_t x9; - fiat_p521_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_p521_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_p521_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_p521_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_p521_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_p521_cmovznz_u64(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_p521_cmovznz_u64(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_p521_cmovznz_u64(&x8, arg1, (arg2[7]), (arg3[7])); - fiat_p521_cmovznz_u64(&x9, arg1, (arg2[8]), (arg3[8])); + fiat_p521_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_p521_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_p521_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_p521_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); + fiat_p521_cmovznz_u64(&x5, arg1, arg2[4], arg3[4]); + fiat_p521_cmovznz_u64(&x6, arg1, arg2[5], arg3[5]); + fiat_p521_cmovznz_u64(&x7, arg1, arg2[6], arg3[6]); + fiat_p521_cmovznz_u64(&x8, arg1, arg2[7], arg3[7]); + fiat_p521_cmovznz_u64(&x9, arg1, arg2[8], arg3[8]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -1082,161 +1082,161 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { uint64_t x173; uint8_t x174; fiat_p521_uint1 x175; - fiat_p521_subborrowx_u58(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x3, &x4, x2, (arg1[1]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x5, &x6, x4, (arg1[2]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x7, &x8, x6, (arg1[3]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x9, &x10, x8, (arg1[4]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x11, &x12, x10, (arg1[5]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x13, &x14, x12, (arg1[6]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u58(&x15, &x16, x14, (arg1[7]), UINT64_C(0x3ffffffffffffff)); - fiat_p521_subborrowx_u57(&x17, &x18, x16, (arg1[8]), UINT64_C(0x1ffffffffffffff)); + fiat_p521_subborrowx_u58(&x1, &x2, 0x0, arg1[0], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x3, &x4, x2, arg1[1], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x5, &x6, x4, arg1[2], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x7, &x8, x6, arg1[3], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x9, &x10, x8, arg1[4], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x11, &x12, x10, arg1[5], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x13, &x14, x12, arg1[6], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u58(&x15, &x16, x14, arg1[7], UINT64_C(0x3ffffffffffffff)); + fiat_p521_subborrowx_u57(&x17, &x18, x16, arg1[8], UINT64_C(0x1ffffffffffffff)); fiat_p521_cmovznz_u64(&x19, x18, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_p521_addcarryx_u58(&x20, &x21, 0x0, x1, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x22, &x23, x21, x3, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x24, &x25, x23, x5, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x26, &x27, x25, x7, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x28, &x29, x27, x9, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x30, &x31, x29, x11, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x32, &x33, x31, x13, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u58(&x34, &x35, x33, x15, (x19 & UINT64_C(0x3ffffffffffffff))); - fiat_p521_addcarryx_u57(&x36, &x37, x35, x17, (x19 & UINT64_C(0x1ffffffffffffff))); - x38 = (x34 << 6); - x39 = (x32 << 4); - x40 = (x30 << 2); - x41 = (x26 << 6); - x42 = (x24 << 4); - x43 = (x22 << 2); + fiat_p521_addcarryx_u58(&x20, &x21, 0x0, x1, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x22, &x23, x21, x3, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x24, &x25, x23, x5, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x26, &x27, x25, x7, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x28, &x29, x27, x9, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x30, &x31, x29, x11, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x32, &x33, x31, x13, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u58(&x34, &x35, x33, x15, x19 & UINT64_C(0x3ffffffffffffff)); + fiat_p521_addcarryx_u57(&x36, &x37, x35, x17, x19 & UINT64_C(0x1ffffffffffffff)); + x38 = x34 << 6; + x39 = x32 << 4; + x40 = x30 << 2; + x41 = x26 << 6; + x42 = x24 << 4; + x43 = x22 << 2; x44 = (uint8_t)(x20 & UINT8_C(0xff)); - x45 = (x20 >> 8); + x45 = x20 >> 8; x46 = (uint8_t)(x45 & UINT8_C(0xff)); - x47 = (x45 >> 8); + x47 = x45 >> 8; x48 = (uint8_t)(x47 & UINT8_C(0xff)); - x49 = (x47 >> 8); + x49 = x47 >> 8; x50 = (uint8_t)(x49 & UINT8_C(0xff)); - x51 = (x49 >> 8); + x51 = x49 >> 8; x52 = (uint8_t)(x51 & UINT8_C(0xff)); - x53 = (x51 >> 8); + x53 = x51 >> 8; x54 = (uint8_t)(x53 & UINT8_C(0xff)); - x55 = (x53 >> 8); + x55 = x53 >> 8; x56 = (uint8_t)(x55 & UINT8_C(0xff)); x57 = (uint8_t)(x55 >> 8); - x58 = (x43 + (uint64_t)x57); + x58 = x43 + (uint64_t)x57; x59 = (uint8_t)(x58 & UINT8_C(0xff)); - x60 = (x58 >> 8); + x60 = x58 >> 8; x61 = (uint8_t)(x60 & UINT8_C(0xff)); - x62 = (x60 >> 8); + x62 = x60 >> 8; x63 = (uint8_t)(x62 & UINT8_C(0xff)); - x64 = (x62 >> 8); + x64 = x62 >> 8; x65 = (uint8_t)(x64 & UINT8_C(0xff)); - x66 = (x64 >> 8); + x66 = x64 >> 8; x67 = (uint8_t)(x66 & UINT8_C(0xff)); - x68 = (x66 >> 8); + x68 = x66 >> 8; x69 = (uint8_t)(x68 & UINT8_C(0xff)); - x70 = (x68 >> 8); + x70 = x68 >> 8; x71 = (uint8_t)(x70 & UINT8_C(0xff)); x72 = (uint8_t)(x70 >> 8); - x73 = (x42 + (uint64_t)x72); + x73 = x42 + (uint64_t)x72; x74 = (uint8_t)(x73 & UINT8_C(0xff)); - x75 = (x73 >> 8); + x75 = x73 >> 8; x76 = (uint8_t)(x75 & UINT8_C(0xff)); - x77 = (x75 >> 8); + x77 = x75 >> 8; x78 = (uint8_t)(x77 & UINT8_C(0xff)); - x79 = (x77 >> 8); + x79 = x77 >> 8; x80 = (uint8_t)(x79 & UINT8_C(0xff)); - x81 = (x79 >> 8); + x81 = x79 >> 8; x82 = (uint8_t)(x81 & UINT8_C(0xff)); - x83 = (x81 >> 8); + x83 = x81 >> 8; x84 = (uint8_t)(x83 & UINT8_C(0xff)); - x85 = (x83 >> 8); + x85 = x83 >> 8; x86 = (uint8_t)(x85 & UINT8_C(0xff)); x87 = (uint8_t)(x85 >> 8); - x88 = (x41 + (uint64_t)x87); + x88 = x41 + (uint64_t)x87; x89 = (uint8_t)(x88 & UINT8_C(0xff)); - x90 = (x88 >> 8); + x90 = x88 >> 8; x91 = (uint8_t)(x90 & UINT8_C(0xff)); - x92 = (x90 >> 8); + x92 = x90 >> 8; x93 = (uint8_t)(x92 & UINT8_C(0xff)); - x94 = (x92 >> 8); + x94 = x92 >> 8; x95 = (uint8_t)(x94 & UINT8_C(0xff)); - x96 = (x94 >> 8); + x96 = x94 >> 8; x97 = (uint8_t)(x96 & UINT8_C(0xff)); - x98 = (x96 >> 8); + x98 = x96 >> 8; x99 = (uint8_t)(x98 & UINT8_C(0xff)); - x100 = (x98 >> 8); + x100 = x98 >> 8; x101 = (uint8_t)(x100 & UINT8_C(0xff)); x102 = (uint8_t)(x100 >> 8); x103 = (uint8_t)(x28 & UINT8_C(0xff)); - x104 = (x28 >> 8); + x104 = x28 >> 8; x105 = (uint8_t)(x104 & UINT8_C(0xff)); - x106 = (x104 >> 8); + x106 = x104 >> 8; x107 = (uint8_t)(x106 & UINT8_C(0xff)); - x108 = (x106 >> 8); + x108 = x106 >> 8; x109 = (uint8_t)(x108 & UINT8_C(0xff)); - x110 = (x108 >> 8); + x110 = x108 >> 8; x111 = (uint8_t)(x110 & UINT8_C(0xff)); - x112 = (x110 >> 8); + x112 = x110 >> 8; x113 = (uint8_t)(x112 & UINT8_C(0xff)); - x114 = (x112 >> 8); + x114 = x112 >> 8; x115 = (uint8_t)(x114 & UINT8_C(0xff)); x116 = (uint8_t)(x114 >> 8); - x117 = (x40 + (uint64_t)x116); + x117 = x40 + (uint64_t)x116; x118 = (uint8_t)(x117 & UINT8_C(0xff)); - x119 = (x117 >> 8); + x119 = x117 >> 8; x120 = (uint8_t)(x119 & UINT8_C(0xff)); - x121 = (x119 >> 8); + x121 = x119 >> 8; x122 = (uint8_t)(x121 & UINT8_C(0xff)); - x123 = (x121 >> 8); + x123 = x121 >> 8; x124 = (uint8_t)(x123 & UINT8_C(0xff)); - x125 = (x123 >> 8); + x125 = x123 >> 8; x126 = (uint8_t)(x125 & UINT8_C(0xff)); - x127 = (x125 >> 8); + x127 = x125 >> 8; x128 = (uint8_t)(x127 & UINT8_C(0xff)); - x129 = (x127 >> 8); + x129 = x127 >> 8; x130 = (uint8_t)(x129 & UINT8_C(0xff)); x131 = (uint8_t)(x129 >> 8); - x132 = (x39 + (uint64_t)x131); + x132 = x39 + (uint64_t)x131; x133 = (uint8_t)(x132 & UINT8_C(0xff)); - x134 = (x132 >> 8); + x134 = x132 >> 8; x135 = (uint8_t)(x134 & UINT8_C(0xff)); - x136 = (x134 >> 8); + x136 = x134 >> 8; x137 = (uint8_t)(x136 & UINT8_C(0xff)); - x138 = (x136 >> 8); + x138 = x136 >> 8; x139 = (uint8_t)(x138 & UINT8_C(0xff)); - x140 = (x138 >> 8); + x140 = x138 >> 8; x141 = (uint8_t)(x140 & UINT8_C(0xff)); - x142 = (x140 >> 8); + x142 = x140 >> 8; x143 = (uint8_t)(x142 & UINT8_C(0xff)); - x144 = (x142 >> 8); + x144 = x142 >> 8; x145 = (uint8_t)(x144 & UINT8_C(0xff)); x146 = (uint8_t)(x144 >> 8); - x147 = (x38 + (uint64_t)x146); + x147 = x38 + (uint64_t)x146; x148 = (uint8_t)(x147 & UINT8_C(0xff)); - x149 = (x147 >> 8); + x149 = x147 >> 8; x150 = (uint8_t)(x149 & UINT8_C(0xff)); - x151 = (x149 >> 8); + x151 = x149 >> 8; x152 = (uint8_t)(x151 & UINT8_C(0xff)); - x153 = (x151 >> 8); + x153 = x151 >> 8; x154 = (uint8_t)(x153 & UINT8_C(0xff)); - x155 = (x153 >> 8); + x155 = x153 >> 8; x156 = (uint8_t)(x155 & UINT8_C(0xff)); - x157 = (x155 >> 8); + x157 = x155 >> 8; x158 = (uint8_t)(x157 & UINT8_C(0xff)); - x159 = (x157 >> 8); + x159 = x157 >> 8; x160 = (uint8_t)(x159 & UINT8_C(0xff)); x161 = (uint8_t)(x159 >> 8); x162 = (uint8_t)(x36 & UINT8_C(0xff)); - x163 = (x36 >> 8); + x163 = x36 >> 8; x164 = (uint8_t)(x163 & UINT8_C(0xff)); - x165 = (x163 >> 8); + x165 = x163 >> 8; x166 = (uint8_t)(x165 & UINT8_C(0xff)); - x167 = (x165 >> 8); + x167 = x165 >> 8; x168 = (uint8_t)(x167 & UINT8_C(0xff)); - x169 = (x167 >> 8); + x169 = x167 >> 8; x170 = (uint8_t)(x169 & UINT8_C(0xff)); - x171 = (x169 >> 8); + x171 = x169 >> 8; x172 = (uint8_t)(x171 & UINT8_C(0xff)); - x173 = (x171 >> 8); + x173 = x171 >> 8; x174 = (uint8_t)(x173 & UINT8_C(0xff)); x175 = (fiat_p521_uint1)(x173 >> 8); out1[0] = x44; @@ -1460,147 +1460,147 @@ static void fiat_p521_from_bytes(uint64_t out1[9], const uint8_t arg1[66]) { uint64_t x139; uint64_t x140; uint64_t x141; - x1 = ((uint64_t)(fiat_p521_uint1)(arg1[65]) << 56); - x2 = ((uint64_t)(arg1[64]) << 48); - x3 = ((uint64_t)(arg1[63]) << 40); - x4 = ((uint64_t)(arg1[62]) << 32); - x5 = ((uint64_t)(arg1[61]) << 24); - x6 = ((uint64_t)(arg1[60]) << 16); - x7 = ((uint64_t)(arg1[59]) << 8); - x8 = (arg1[58]); - x9 = ((uint64_t)(arg1[57]) << 50); - x10 = ((uint64_t)(arg1[56]) << 42); - x11 = ((uint64_t)(arg1[55]) << 34); - x12 = ((uint64_t)(arg1[54]) << 26); - x13 = ((uint64_t)(arg1[53]) << 18); - x14 = ((uint64_t)(arg1[52]) << 10); - x15 = ((uint64_t)(arg1[51]) << 2); - x16 = ((uint64_t)(arg1[50]) << 52); - x17 = ((uint64_t)(arg1[49]) << 44); - x18 = ((uint64_t)(arg1[48]) << 36); - x19 = ((uint64_t)(arg1[47]) << 28); - x20 = ((uint64_t)(arg1[46]) << 20); - x21 = ((uint64_t)(arg1[45]) << 12); - x22 = ((uint64_t)(arg1[44]) << 4); - x23 = ((uint64_t)(arg1[43]) << 54); - x24 = ((uint64_t)(arg1[42]) << 46); - x25 = ((uint64_t)(arg1[41]) << 38); - x26 = ((uint64_t)(arg1[40]) << 30); - x27 = ((uint64_t)(arg1[39]) << 22); - x28 = ((uint64_t)(arg1[38]) << 14); - x29 = ((uint64_t)(arg1[37]) << 6); - x30 = ((uint64_t)(arg1[36]) << 56); - x31 = ((uint64_t)(arg1[35]) << 48); - x32 = ((uint64_t)(arg1[34]) << 40); - x33 = ((uint64_t)(arg1[33]) << 32); - x34 = ((uint64_t)(arg1[32]) << 24); - x35 = ((uint64_t)(arg1[31]) << 16); - x36 = ((uint64_t)(arg1[30]) << 8); - x37 = (arg1[29]); - x38 = ((uint64_t)(arg1[28]) << 50); - x39 = ((uint64_t)(arg1[27]) << 42); - x40 = ((uint64_t)(arg1[26]) << 34); - x41 = ((uint64_t)(arg1[25]) << 26); - x42 = ((uint64_t)(arg1[24]) << 18); - x43 = ((uint64_t)(arg1[23]) << 10); - x44 = ((uint64_t)(arg1[22]) << 2); - x45 = ((uint64_t)(arg1[21]) << 52); - x46 = ((uint64_t)(arg1[20]) << 44); - x47 = ((uint64_t)(arg1[19]) << 36); - x48 = ((uint64_t)(arg1[18]) << 28); - x49 = ((uint64_t)(arg1[17]) << 20); - x50 = ((uint64_t)(arg1[16]) << 12); - x51 = ((uint64_t)(arg1[15]) << 4); - x52 = ((uint64_t)(arg1[14]) << 54); - x53 = ((uint64_t)(arg1[13]) << 46); - x54 = ((uint64_t)(arg1[12]) << 38); - x55 = ((uint64_t)(arg1[11]) << 30); - x56 = ((uint64_t)(arg1[10]) << 22); - x57 = ((uint64_t)(arg1[9]) << 14); - x58 = ((uint64_t)(arg1[8]) << 6); - x59 = ((uint64_t)(arg1[7]) << 56); - x60 = ((uint64_t)(arg1[6]) << 48); - x61 = ((uint64_t)(arg1[5]) << 40); - x62 = ((uint64_t)(arg1[4]) << 32); - x63 = ((uint64_t)(arg1[3]) << 24); - x64 = ((uint64_t)(arg1[2]) << 16); - x65 = ((uint64_t)(arg1[1]) << 8); - x66 = (arg1[0]); - x67 = (x65 + (uint64_t)x66); - x68 = (x64 + x67); - x69 = (x63 + x68); - x70 = (x62 + x69); - x71 = (x61 + x70); - x72 = (x60 + x71); - x73 = (x59 + x72); - x74 = (x73 & UINT64_C(0x3ffffffffffffff)); + x1 = (uint64_t)(fiat_p521_uint1)arg1[65] << 56; + x2 = (uint64_t)arg1[64] << 48; + x3 = (uint64_t)arg1[63] << 40; + x4 = (uint64_t)arg1[62] << 32; + x5 = (uint64_t)arg1[61] << 24; + x6 = (uint64_t)arg1[60] << 16; + x7 = (uint64_t)arg1[59] << 8; + x8 = arg1[58]; + x9 = (uint64_t)arg1[57] << 50; + x10 = (uint64_t)arg1[56] << 42; + x11 = (uint64_t)arg1[55] << 34; + x12 = (uint64_t)arg1[54] << 26; + x13 = (uint64_t)arg1[53] << 18; + x14 = (uint64_t)arg1[52] << 10; + x15 = (uint64_t)arg1[51] << 2; + x16 = (uint64_t)arg1[50] << 52; + x17 = (uint64_t)arg1[49] << 44; + x18 = (uint64_t)arg1[48] << 36; + x19 = (uint64_t)arg1[47] << 28; + x20 = (uint64_t)arg1[46] << 20; + x21 = (uint64_t)arg1[45] << 12; + x22 = (uint64_t)arg1[44] << 4; + x23 = (uint64_t)arg1[43] << 54; + x24 = (uint64_t)arg1[42] << 46; + x25 = (uint64_t)arg1[41] << 38; + x26 = (uint64_t)arg1[40] << 30; + x27 = (uint64_t)arg1[39] << 22; + x28 = (uint64_t)arg1[38] << 14; + x29 = (uint64_t)arg1[37] << 6; + x30 = (uint64_t)arg1[36] << 56; + x31 = (uint64_t)arg1[35] << 48; + x32 = (uint64_t)arg1[34] << 40; + x33 = (uint64_t)arg1[33] << 32; + x34 = (uint64_t)arg1[32] << 24; + x35 = (uint64_t)arg1[31] << 16; + x36 = (uint64_t)arg1[30] << 8; + x37 = arg1[29]; + x38 = (uint64_t)arg1[28] << 50; + x39 = (uint64_t)arg1[27] << 42; + x40 = (uint64_t)arg1[26] << 34; + x41 = (uint64_t)arg1[25] << 26; + x42 = (uint64_t)arg1[24] << 18; + x43 = (uint64_t)arg1[23] << 10; + x44 = (uint64_t)arg1[22] << 2; + x45 = (uint64_t)arg1[21] << 52; + x46 = (uint64_t)arg1[20] << 44; + x47 = (uint64_t)arg1[19] << 36; + x48 = (uint64_t)arg1[18] << 28; + x49 = (uint64_t)arg1[17] << 20; + x50 = (uint64_t)arg1[16] << 12; + x51 = (uint64_t)arg1[15] << 4; + x52 = (uint64_t)arg1[14] << 54; + x53 = (uint64_t)arg1[13] << 46; + x54 = (uint64_t)arg1[12] << 38; + x55 = (uint64_t)arg1[11] << 30; + x56 = (uint64_t)arg1[10] << 22; + x57 = (uint64_t)arg1[9] << 14; + x58 = (uint64_t)arg1[8] << 6; + x59 = (uint64_t)arg1[7] << 56; + x60 = (uint64_t)arg1[6] << 48; + x61 = (uint64_t)arg1[5] << 40; + x62 = (uint64_t)arg1[4] << 32; + x63 = (uint64_t)arg1[3] << 24; + x64 = (uint64_t)arg1[2] << 16; + x65 = (uint64_t)arg1[1] << 8; + x66 = arg1[0]; + x67 = x65 + (uint64_t)x66; + x68 = x64 + x67; + x69 = x63 + x68; + x70 = x62 + x69; + x71 = x61 + x70; + x72 = x60 + x71; + x73 = x59 + x72; + x74 = x73 & UINT64_C(0x3ffffffffffffff); x75 = (uint8_t)(x73 >> 58); - x76 = (x58 + (uint64_t)x75); - x77 = (x57 + x76); - x78 = (x56 + x77); - x79 = (x55 + x78); - x80 = (x54 + x79); - x81 = (x53 + x80); - x82 = (x52 + x81); - x83 = (x82 & UINT64_C(0x3ffffffffffffff)); + x76 = x58 + (uint64_t)x75; + x77 = x57 + x76; + x78 = x56 + x77; + x79 = x55 + x78; + x80 = x54 + x79; + x81 = x53 + x80; + x82 = x52 + x81; + x83 = x82 & UINT64_C(0x3ffffffffffffff); x84 = (uint8_t)(x82 >> 58); - x85 = (x51 + (uint64_t)x84); - x86 = (x50 + x85); - x87 = (x49 + x86); - x88 = (x48 + x87); - x89 = (x47 + x88); - x90 = (x46 + x89); - x91 = (x45 + x90); - x92 = (x91 & UINT64_C(0x3ffffffffffffff)); + x85 = x51 + (uint64_t)x84; + x86 = x50 + x85; + x87 = x49 + x86; + x88 = x48 + x87; + x89 = x47 + x88; + x90 = x46 + x89; + x91 = x45 + x90; + x92 = x91 & UINT64_C(0x3ffffffffffffff); x93 = (uint8_t)(x91 >> 58); - x94 = (x44 + (uint64_t)x93); - x95 = (x43 + x94); - x96 = (x42 + x95); - x97 = (x41 + x96); - x98 = (x40 + x97); - x99 = (x39 + x98); - x100 = (x38 + x99); - x101 = (x36 + (uint64_t)x37); - x102 = (x35 + x101); - x103 = (x34 + x102); - x104 = (x33 + x103); - x105 = (x32 + x104); - x106 = (x31 + x105); - x107 = (x30 + x106); - x108 = (x107 & UINT64_C(0x3ffffffffffffff)); + x94 = x44 + (uint64_t)x93; + x95 = x43 + x94; + x96 = x42 + x95; + x97 = x41 + x96; + x98 = x40 + x97; + x99 = x39 + x98; + x100 = x38 + x99; + x101 = x36 + (uint64_t)x37; + x102 = x35 + x101; + x103 = x34 + x102; + x104 = x33 + x103; + x105 = x32 + x104; + x106 = x31 + x105; + x107 = x30 + x106; + x108 = x107 & UINT64_C(0x3ffffffffffffff); x109 = (uint8_t)(x107 >> 58); - x110 = (x29 + (uint64_t)x109); - x111 = (x28 + x110); - x112 = (x27 + x111); - x113 = (x26 + x112); - x114 = (x25 + x113); - x115 = (x24 + x114); - x116 = (x23 + x115); - x117 = (x116 & UINT64_C(0x3ffffffffffffff)); + x110 = x29 + (uint64_t)x109; + x111 = x28 + x110; + x112 = x27 + x111; + x113 = x26 + x112; + x114 = x25 + x113; + x115 = x24 + x114; + x116 = x23 + x115; + x117 = x116 & UINT64_C(0x3ffffffffffffff); x118 = (uint8_t)(x116 >> 58); - x119 = (x22 + (uint64_t)x118); - x120 = (x21 + x119); - x121 = (x20 + x120); - x122 = (x19 + x121); - x123 = (x18 + x122); - x124 = (x17 + x123); - x125 = (x16 + x124); - x126 = (x125 & UINT64_C(0x3ffffffffffffff)); + x119 = x22 + (uint64_t)x118; + x120 = x21 + x119; + x121 = x20 + x120; + x122 = x19 + x121; + x123 = x18 + x122; + x124 = x17 + x123; + x125 = x16 + x124; + x126 = x125 & UINT64_C(0x3ffffffffffffff); x127 = (uint8_t)(x125 >> 58); - x128 = (x15 + (uint64_t)x127); - x129 = (x14 + x128); - x130 = (x13 + x129); - x131 = (x12 + x130); - x132 = (x11 + x131); - x133 = (x10 + x132); - x134 = (x9 + x133); - x135 = (x7 + (uint64_t)x8); - x136 = (x6 + x135); - x137 = (x5 + x136); - x138 = (x4 + x137); - x139 = (x3 + x138); - x140 = (x2 + x139); - x141 = (x1 + x140); + x128 = x15 + (uint64_t)x127; + x129 = x14 + x128; + x130 = x13 + x129; + x131 = x12 + x130; + x132 = x11 + x131; + x133 = x10 + x132; + x134 = x9 + x133; + x135 = x7 + (uint64_t)x8; + x136 = x6 + x135; + x137 = x5 + x136; + x138 = x4 + x137; + x139 = x3 + x138; + x140 = x2 + x139; + x141 = x1 + x140; out1[0] = x74; out1[1] = x83; out1[2] = x92; diff --git a/fiat-c/src/poly1305_32.c b/fiat-c/src/poly1305_32.c index 502c6bb2a2..8463140f46 100644 --- a/fiat-c/src/poly1305_32.c +++ b/fiat-c/src/poly1305_32.c @@ -49,8 +49,8 @@ static void fiat_poly1305_addcarryx_u26(uint32_t* out1, fiat_poly1305_uint1* out uint32_t x1; uint32_t x2; fiat_poly1305_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT32_C(0x3ffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT32_C(0x3ffffff); x3 = (fiat_poly1305_uint1)(x1 >> 26); *out1 = x2; *out2 = x3; @@ -75,9 +75,9 @@ static void fiat_poly1305_subborrowx_u26(uint32_t* out1, fiat_poly1305_uint1* ou int32_t x1; fiat_poly1305_int1 x2; uint32_t x3; - x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); + x1 = (int32_t)(arg2 - arg1) - (int32_t)arg3; x2 = (fiat_poly1305_int1)(x1 >> 26); - x3 = (x1 & UINT32_C(0x3ffffff)); + x3 = x1 & UINT32_C(0x3ffffff); *out1 = x3; *out2 = (fiat_poly1305_uint1)(0x0 - x2); } @@ -99,9 +99,9 @@ static void fiat_poly1305_cmovznz_u32(uint32_t* out1, fiat_poly1305_uint1 arg1, fiat_poly1305_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_poly1305_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_poly1305_value_barrier_u32(x2) & arg3) | (fiat_poly1305_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_poly1305_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_poly1305_value_barrier_u32(x2) & arg3 | fiat_poly1305_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -170,58 +170,58 @@ static void fiat_poly1305_carry_mul(uint32_t out1[5], const uint32_t arg1[5], co fiat_poly1305_uint1 x50; uint32_t x51; uint32_t x52; - x1 = ((uint64_t)(arg1[4]) * ((arg2[4]) * 0x5)); - x2 = ((uint64_t)(arg1[4]) * ((arg2[3]) * 0x5)); - x3 = ((uint64_t)(arg1[4]) * ((arg2[2]) * 0x5)); - x4 = ((uint64_t)(arg1[4]) * ((arg2[1]) * 0x5)); - x5 = ((uint64_t)(arg1[3]) * ((arg2[4]) * 0x5)); - x6 = ((uint64_t)(arg1[3]) * ((arg2[3]) * 0x5)); - x7 = ((uint64_t)(arg1[3]) * ((arg2[2]) * 0x5)); - x8 = ((uint64_t)(arg1[2]) * ((arg2[4]) * 0x5)); - x9 = ((uint64_t)(arg1[2]) * ((arg2[3]) * 0x5)); - x10 = ((uint64_t)(arg1[1]) * ((arg2[4]) * 0x5)); - x11 = ((uint64_t)(arg1[4]) * (arg2[0])); - x12 = ((uint64_t)(arg1[3]) * (arg2[1])); - x13 = ((uint64_t)(arg1[3]) * (arg2[0])); - x14 = ((uint64_t)(arg1[2]) * (arg2[2])); - x15 = ((uint64_t)(arg1[2]) * (arg2[1])); - x16 = ((uint64_t)(arg1[2]) * (arg2[0])); - x17 = ((uint64_t)(arg1[1]) * (arg2[3])); - x18 = ((uint64_t)(arg1[1]) * (arg2[2])); - x19 = ((uint64_t)(arg1[1]) * (arg2[1])); - x20 = ((uint64_t)(arg1[1]) * (arg2[0])); - x21 = ((uint64_t)(arg1[0]) * (arg2[4])); - x22 = ((uint64_t)(arg1[0]) * (arg2[3])); - x23 = ((uint64_t)(arg1[0]) * (arg2[2])); - x24 = ((uint64_t)(arg1[0]) * (arg2[1])); - x25 = ((uint64_t)(arg1[0]) * (arg2[0])); - x26 = (x25 + (x10 + (x9 + (x7 + x4)))); - x27 = (x26 >> 26); + x1 = (uint64_t)arg1[4] * (arg2[4] * 0x5); + x2 = (uint64_t)arg1[4] * (arg2[3] * 0x5); + x3 = (uint64_t)arg1[4] * (arg2[2] * 0x5); + x4 = (uint64_t)arg1[4] * (arg2[1] * 0x5); + x5 = (uint64_t)arg1[3] * (arg2[4] * 0x5); + x6 = (uint64_t)arg1[3] * (arg2[3] * 0x5); + x7 = (uint64_t)arg1[3] * (arg2[2] * 0x5); + x8 = (uint64_t)arg1[2] * (arg2[4] * 0x5); + x9 = (uint64_t)arg1[2] * (arg2[3] * 0x5); + x10 = (uint64_t)arg1[1] * (arg2[4] * 0x5); + x11 = (uint64_t)arg1[4] * arg2[0]; + x12 = (uint64_t)arg1[3] * arg2[1]; + x13 = (uint64_t)arg1[3] * arg2[0]; + x14 = (uint64_t)arg1[2] * arg2[2]; + x15 = (uint64_t)arg1[2] * arg2[1]; + x16 = (uint64_t)arg1[2] * arg2[0]; + x17 = (uint64_t)arg1[1] * arg2[3]; + x18 = (uint64_t)arg1[1] * arg2[2]; + x19 = (uint64_t)arg1[1] * arg2[1]; + x20 = (uint64_t)arg1[1] * arg2[0]; + x21 = (uint64_t)arg1[0] * arg2[4]; + x22 = (uint64_t)arg1[0] * arg2[3]; + x23 = (uint64_t)arg1[0] * arg2[2]; + x24 = (uint64_t)arg1[0] * arg2[1]; + x25 = (uint64_t)arg1[0] * arg2[0]; + x26 = x25 + (x10 + (x9 + (x7 + x4))); + x27 = x26 >> 26; x28 = (uint32_t)(x26 & UINT32_C(0x3ffffff)); - x29 = (x21 + (x17 + (x14 + (x12 + x11)))); - x30 = (x22 + (x18 + (x15 + (x13 + x1)))); - x31 = (x23 + (x19 + (x16 + (x5 + x2)))); - x32 = (x24 + (x20 + (x8 + (x6 + x3)))); - x33 = (x27 + x32); - x34 = (x33 >> 26); + x29 = x21 + (x17 + (x14 + (x12 + x11))); + x30 = x22 + (x18 + (x15 + (x13 + x1))); + x31 = x23 + (x19 + (x16 + (x5 + x2))); + x32 = x24 + (x20 + (x8 + (x6 + x3))); + x33 = x27 + x32; + x34 = x33 >> 26; x35 = (uint32_t)(x33 & UINT32_C(0x3ffffff)); - x36 = (x34 + x31); - x37 = (x36 >> 26); + x36 = x34 + x31; + x37 = x36 >> 26; x38 = (uint32_t)(x36 & UINT32_C(0x3ffffff)); - x39 = (x37 + x30); - x40 = (x39 >> 26); + x39 = x37 + x30; + x40 = x39 >> 26; x41 = (uint32_t)(x39 & UINT32_C(0x3ffffff)); - x42 = (x40 + x29); + x42 = x40 + x29; x43 = (uint32_t)(x42 >> 26); x44 = (uint32_t)(x42 & UINT32_C(0x3ffffff)); - x45 = ((uint64_t)x43 * 0x5); - x46 = (x28 + x45); + x45 = (uint64_t)x43 * 0x5; + x46 = x28 + x45; x47 = (uint32_t)(x46 >> 26); x48 = (uint32_t)(x46 & UINT32_C(0x3ffffff)); - x49 = (x47 + x35); + x49 = x47 + x35; x50 = (fiat_poly1305_uint1)(x49 >> 26); - x51 = (x49 & UINT32_C(0x3ffffff)); - x52 = (x50 + x38); + x51 = x49 & UINT32_C(0x3ffffff); + x52 = x50 + x38; out1[0] = x48; out1[1] = x51; out1[2] = x52; @@ -291,56 +291,56 @@ static void fiat_poly1305_carry_square(uint32_t out1[5], const uint32_t arg1[5]) fiat_poly1305_uint1 x48; uint32_t x49; uint32_t x50; - x1 = ((arg1[4]) * 0x5); - x2 = (x1 * 0x2); - x3 = ((arg1[4]) * 0x2); - x4 = ((arg1[3]) * 0x5); - x5 = (x4 * 0x2); - x6 = ((arg1[3]) * 0x2); - x7 = ((arg1[2]) * 0x2); - x8 = ((arg1[1]) * 0x2); - x9 = ((uint64_t)(arg1[4]) * x1); - x10 = ((uint64_t)(arg1[3]) * x2); - x11 = ((uint64_t)(arg1[3]) * x4); - x12 = ((uint64_t)(arg1[2]) * x2); - x13 = ((uint64_t)(arg1[2]) * x5); - x14 = ((uint64_t)(arg1[2]) * (arg1[2])); - x15 = ((uint64_t)(arg1[1]) * x2); - x16 = ((uint64_t)(arg1[1]) * x6); - x17 = ((uint64_t)(arg1[1]) * x7); - x18 = ((uint64_t)(arg1[1]) * (arg1[1])); - x19 = ((uint64_t)(arg1[0]) * x3); - x20 = ((uint64_t)(arg1[0]) * x6); - x21 = ((uint64_t)(arg1[0]) * x7); - x22 = ((uint64_t)(arg1[0]) * x8); - x23 = ((uint64_t)(arg1[0]) * (arg1[0])); - x24 = (x23 + (x15 + x13)); - x25 = (x24 >> 26); + x1 = arg1[4] * 0x5; + x2 = x1 * 0x2; + x3 = arg1[4] * 0x2; + x4 = arg1[3] * 0x5; + x5 = x4 * 0x2; + x6 = arg1[3] * 0x2; + x7 = arg1[2] * 0x2; + x8 = arg1[1] * 0x2; + x9 = (uint64_t)arg1[4] * x1; + x10 = (uint64_t)arg1[3] * x2; + x11 = (uint64_t)arg1[3] * x4; + x12 = (uint64_t)arg1[2] * x2; + x13 = (uint64_t)arg1[2] * x5; + x14 = (uint64_t)arg1[2] * arg1[2]; + x15 = (uint64_t)arg1[1] * x2; + x16 = (uint64_t)arg1[1] * x6; + x17 = (uint64_t)arg1[1] * x7; + x18 = (uint64_t)arg1[1] * arg1[1]; + x19 = (uint64_t)arg1[0] * x3; + x20 = (uint64_t)arg1[0] * x6; + x21 = (uint64_t)arg1[0] * x7; + x22 = (uint64_t)arg1[0] * x8; + x23 = (uint64_t)arg1[0] * arg1[0]; + x24 = x23 + (x15 + x13); + x25 = x24 >> 26; x26 = (uint32_t)(x24 & UINT32_C(0x3ffffff)); - x27 = (x19 + (x16 + x14)); - x28 = (x20 + (x17 + x9)); - x29 = (x21 + (x18 + x10)); - x30 = (x22 + (x12 + x11)); - x31 = (x25 + x30); - x32 = (x31 >> 26); + x27 = x19 + (x16 + x14); + x28 = x20 + (x17 + x9); + x29 = x21 + (x18 + x10); + x30 = x22 + (x12 + x11); + x31 = x25 + x30; + x32 = x31 >> 26; x33 = (uint32_t)(x31 & UINT32_C(0x3ffffff)); - x34 = (x32 + x29); - x35 = (x34 >> 26); + x34 = x32 + x29; + x35 = x34 >> 26; x36 = (uint32_t)(x34 & UINT32_C(0x3ffffff)); - x37 = (x35 + x28); - x38 = (x37 >> 26); + x37 = x35 + x28; + x38 = x37 >> 26; x39 = (uint32_t)(x37 & UINT32_C(0x3ffffff)); - x40 = (x38 + x27); + x40 = x38 + x27; x41 = (uint32_t)(x40 >> 26); x42 = (uint32_t)(x40 & UINT32_C(0x3ffffff)); - x43 = ((uint64_t)x41 * 0x5); - x44 = (x26 + x43); + x43 = (uint64_t)x41 * 0x5; + x44 = x26 + x43; x45 = (uint32_t)(x44 >> 26); x46 = (uint32_t)(x44 & UINT32_C(0x3ffffff)); - x47 = (x45 + x33); + x47 = x45 + x33; x48 = (fiat_poly1305_uint1)(x47 >> 26); - x49 = (x47 & UINT32_C(0x3ffffff)); - x50 = (x48 + x36); + x49 = x47 & UINT32_C(0x3ffffff); + x50 = x48 + x36; out1[0] = x46; out1[1] = x49; out1[2] = x50; @@ -372,18 +372,18 @@ static void fiat_poly1305_carry(uint32_t out1[5], const uint32_t arg1[5]) { uint32_t x10; uint32_t x11; uint32_t x12; - x1 = (arg1[0]); - x2 = ((x1 >> 26) + (arg1[1])); - x3 = ((x2 >> 26) + (arg1[2])); - x4 = ((x3 >> 26) + (arg1[3])); - x5 = ((x4 >> 26) + (arg1[4])); - x6 = ((x1 & UINT32_C(0x3ffffff)) + ((x5 >> 26) * 0x5)); - x7 = ((fiat_poly1305_uint1)(x6 >> 26) + (x2 & UINT32_C(0x3ffffff))); - x8 = (x6 & UINT32_C(0x3ffffff)); - x9 = (x7 & UINT32_C(0x3ffffff)); - x10 = ((fiat_poly1305_uint1)(x7 >> 26) + (x3 & UINT32_C(0x3ffffff))); - x11 = (x4 & UINT32_C(0x3ffffff)); - x12 = (x5 & UINT32_C(0x3ffffff)); + x1 = arg1[0]; + x2 = (x1 >> 26) + arg1[1]; + x3 = (x2 >> 26) + arg1[2]; + x4 = (x3 >> 26) + arg1[3]; + x5 = (x4 >> 26) + arg1[4]; + x6 = (x1 & UINT32_C(0x3ffffff)) + (x5 >> 26) * 0x5; + x7 = (fiat_poly1305_uint1)(x6 >> 26) + (x2 & UINT32_C(0x3ffffff)); + x8 = x6 & UINT32_C(0x3ffffff); + x9 = x7 & UINT32_C(0x3ffffff); + x10 = (fiat_poly1305_uint1)(x7 >> 26) + (x3 & UINT32_C(0x3ffffff)); + x11 = x4 & UINT32_C(0x3ffffff); + x12 = x5 & UINT32_C(0x3ffffff); out1[0] = x8; out1[1] = x9; out1[2] = x10; @@ -409,11 +409,11 @@ static void fiat_poly1305_add(uint32_t out1[5], const uint32_t arg1[5], const ui uint32_t x3; uint32_t x4; uint32_t x5; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); - x4 = ((arg1[3]) + (arg2[3])); - x5 = ((arg1[4]) + (arg2[4])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; + x4 = arg1[3] + arg2[3]; + x5 = arg1[4] + arg2[4]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -439,11 +439,11 @@ static void fiat_poly1305_sub(uint32_t out1[5], const uint32_t arg1[5], const ui uint32_t x3; uint32_t x4; uint32_t x5; - x1 = ((UINT32_C(0x7fffff6) + (arg1[0])) - (arg2[0])); - x2 = ((UINT32_C(0x7fffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2])); - x4 = ((UINT32_C(0x7fffffe) + (arg1[3])) - (arg2[3])); - x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4])); + x1 = UINT32_C(0x7fffff6) + arg1[0] - arg2[0]; + x2 = UINT32_C(0x7fffffe) + arg1[1] - arg2[1]; + x3 = UINT32_C(0x7fffffe) + arg1[2] - arg2[2]; + x4 = UINT32_C(0x7fffffe) + arg1[3] - arg2[3]; + x5 = UINT32_C(0x7fffffe) + arg1[4] - arg2[4]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -468,11 +468,11 @@ static void fiat_poly1305_opp(uint32_t out1[5], const uint32_t arg1[5]) { uint32_t x3; uint32_t x4; uint32_t x5; - x1 = (UINT32_C(0x7fffff6) - (arg1[0])); - x2 = (UINT32_C(0x7fffffe) - (arg1[1])); - x3 = (UINT32_C(0x7fffffe) - (arg1[2])); - x4 = (UINT32_C(0x7fffffe) - (arg1[3])); - x5 = (UINT32_C(0x7fffffe) - (arg1[4])); + x1 = UINT32_C(0x7fffff6) - arg1[0]; + x2 = UINT32_C(0x7fffffe) - arg1[1]; + x3 = UINT32_C(0x7fffffe) - arg1[2]; + x4 = UINT32_C(0x7fffffe) - arg1[3]; + x5 = UINT32_C(0x7fffffe) - arg1[4]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -499,11 +499,11 @@ static void fiat_poly1305_selectznz(uint32_t out1[5], fiat_poly1305_uint1 arg1, uint32_t x3; uint32_t x4; uint32_t x5; - fiat_poly1305_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_poly1305_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_poly1305_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_poly1305_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_poly1305_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); + fiat_poly1305_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_poly1305_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_poly1305_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_poly1305_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_poly1305_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -580,51 +580,51 @@ static void fiat_poly1305_to_bytes(uint8_t out1[17], const uint32_t arg1[5]) { uint32_t x55; uint8_t x56; uint8_t x57; - fiat_poly1305_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3fffffb)); - fiat_poly1305_subborrowx_u26(&x3, &x4, x2, (arg1[1]), UINT32_C(0x3ffffff)); - fiat_poly1305_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff)); - fiat_poly1305_subborrowx_u26(&x7, &x8, x6, (arg1[3]), UINT32_C(0x3ffffff)); - fiat_poly1305_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff)); + fiat_poly1305_subborrowx_u26(&x1, &x2, 0x0, arg1[0], UINT32_C(0x3fffffb)); + fiat_poly1305_subborrowx_u26(&x3, &x4, x2, arg1[1], UINT32_C(0x3ffffff)); + fiat_poly1305_subborrowx_u26(&x5, &x6, x4, arg1[2], UINT32_C(0x3ffffff)); + fiat_poly1305_subborrowx_u26(&x7, &x8, x6, arg1[3], UINT32_C(0x3ffffff)); + fiat_poly1305_subborrowx_u26(&x9, &x10, x8, arg1[4], UINT32_C(0x3ffffff)); fiat_poly1305_cmovznz_u32(&x11, x10, 0x0, UINT32_C(0xffffffff)); - fiat_poly1305_addcarryx_u26(&x12, &x13, 0x0, x1, (x11 & UINT32_C(0x3fffffb))); - fiat_poly1305_addcarryx_u26(&x14, &x15, x13, x3, (x11 & UINT32_C(0x3ffffff))); - fiat_poly1305_addcarryx_u26(&x16, &x17, x15, x5, (x11 & UINT32_C(0x3ffffff))); - fiat_poly1305_addcarryx_u26(&x18, &x19, x17, x7, (x11 & UINT32_C(0x3ffffff))); - fiat_poly1305_addcarryx_u26(&x20, &x21, x19, x9, (x11 & UINT32_C(0x3ffffff))); - x22 = (x18 << 6); - x23 = (x16 << 4); - x24 = (x14 << 2); + fiat_poly1305_addcarryx_u26(&x12, &x13, 0x0, x1, x11 & UINT32_C(0x3fffffb)); + fiat_poly1305_addcarryx_u26(&x14, &x15, x13, x3, x11 & UINT32_C(0x3ffffff)); + fiat_poly1305_addcarryx_u26(&x16, &x17, x15, x5, x11 & UINT32_C(0x3ffffff)); + fiat_poly1305_addcarryx_u26(&x18, &x19, x17, x7, x11 & UINT32_C(0x3ffffff)); + fiat_poly1305_addcarryx_u26(&x20, &x21, x19, x9, x11 & UINT32_C(0x3ffffff)); + x22 = x18 << 6; + x23 = x16 << 4; + x24 = x14 << 2; x25 = (uint8_t)(x12 & UINT8_C(0xff)); - x26 = (x12 >> 8); + x26 = x12 >> 8; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); x30 = (uint8_t)(x28 >> 8); - x31 = (x24 + (uint32_t)x30); + x31 = x24 + (uint32_t)x30; x32 = (uint8_t)(x31 & UINT8_C(0xff)); - x33 = (x31 >> 8); + x33 = x31 >> 8; x34 = (uint8_t)(x33 & UINT8_C(0xff)); - x35 = (x33 >> 8); + x35 = x33 >> 8; x36 = (uint8_t)(x35 & UINT8_C(0xff)); x37 = (uint8_t)(x35 >> 8); - x38 = (x23 + (uint32_t)x37); + x38 = x23 + (uint32_t)x37; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); x44 = (uint8_t)(x42 >> 8); - x45 = (x22 + (uint32_t)x44); + x45 = x22 + (uint32_t)x44; x46 = (uint8_t)(x45 & UINT8_C(0xff)); - x47 = (x45 >> 8); + x47 = x45 >> 8; x48 = (uint8_t)(x47 & UINT8_C(0xff)); - x49 = (x47 >> 8); + x49 = x47 >> 8; x50 = (uint8_t)(x49 & UINT8_C(0xff)); x51 = (uint8_t)(x49 >> 8); x52 = (uint8_t)(x20 & UINT8_C(0xff)); - x53 = (x20 >> 8); + x53 = x20 >> 8; x54 = (uint8_t)(x53 & UINT8_C(0xff)); - x55 = (x53 >> 8); + x55 = x53 >> 8; x56 = (uint8_t)(x55 & UINT8_C(0xff)); x57 = (uint8_t)(x55 >> 8); out1[0] = x25; @@ -696,44 +696,44 @@ static void fiat_poly1305_from_bytes(uint32_t out1[5], const uint8_t arg1[17]) { uint32_t x36; uint32_t x37; uint32_t x38; - x1 = ((uint32_t)(arg1[16]) << 24); - x2 = ((uint32_t)(arg1[15]) << 16); - x3 = ((uint32_t)(arg1[14]) << 8); - x4 = (arg1[13]); - x5 = ((uint32_t)(arg1[12]) << 18); - x6 = ((uint32_t)(arg1[11]) << 10); - x7 = ((uint32_t)(arg1[10]) << 2); - x8 = ((uint32_t)(arg1[9]) << 20); - x9 = ((uint32_t)(arg1[8]) << 12); - x10 = ((uint32_t)(arg1[7]) << 4); - x11 = ((uint32_t)(arg1[6]) << 22); - x12 = ((uint32_t)(arg1[5]) << 14); - x13 = ((uint32_t)(arg1[4]) << 6); - x14 = ((uint32_t)(arg1[3]) << 24); - x15 = ((uint32_t)(arg1[2]) << 16); - x16 = ((uint32_t)(arg1[1]) << 8); - x17 = (arg1[0]); - x18 = (x16 + (uint32_t)x17); - x19 = (x15 + x18); - x20 = (x14 + x19); - x21 = (x20 & UINT32_C(0x3ffffff)); + x1 = (uint32_t)arg1[16] << 24; + x2 = (uint32_t)arg1[15] << 16; + x3 = (uint32_t)arg1[14] << 8; + x4 = arg1[13]; + x5 = (uint32_t)arg1[12] << 18; + x6 = (uint32_t)arg1[11] << 10; + x7 = (uint32_t)arg1[10] << 2; + x8 = (uint32_t)arg1[9] << 20; + x9 = (uint32_t)arg1[8] << 12; + x10 = (uint32_t)arg1[7] << 4; + x11 = (uint32_t)arg1[6] << 22; + x12 = (uint32_t)arg1[5] << 14; + x13 = (uint32_t)arg1[4] << 6; + x14 = (uint32_t)arg1[3] << 24; + x15 = (uint32_t)arg1[2] << 16; + x16 = (uint32_t)arg1[1] << 8; + x17 = arg1[0]; + x18 = x16 + (uint32_t)x17; + x19 = x15 + x18; + x20 = x14 + x19; + x21 = x20 & UINT32_C(0x3ffffff); x22 = (uint8_t)(x20 >> 26); - x23 = (x13 + (uint32_t)x22); - x24 = (x12 + x23); - x25 = (x11 + x24); - x26 = (x25 & UINT32_C(0x3ffffff)); + x23 = x13 + (uint32_t)x22; + x24 = x12 + x23; + x25 = x11 + x24; + x26 = x25 & UINT32_C(0x3ffffff); x27 = (uint8_t)(x25 >> 26); - x28 = (x10 + (uint32_t)x27); - x29 = (x9 + x28); - x30 = (x8 + x29); - x31 = (x30 & UINT32_C(0x3ffffff)); + x28 = x10 + (uint32_t)x27; + x29 = x9 + x28; + x30 = x8 + x29; + x31 = x30 & UINT32_C(0x3ffffff); x32 = (uint8_t)(x30 >> 26); - x33 = (x7 + (uint32_t)x32); - x34 = (x6 + x33); - x35 = (x5 + x34); - x36 = (x3 + (uint32_t)x4); - x37 = (x2 + x36); - x38 = (x1 + x37); + x33 = x7 + (uint32_t)x32; + x34 = x6 + x33; + x35 = x5 + x34; + x36 = x3 + (uint32_t)x4; + x37 = x2 + x36; + x38 = x1 + x37; out1[0] = x21; out1[1] = x26; out1[2] = x31; diff --git a/fiat-c/src/poly1305_64.c b/fiat-c/src/poly1305_64.c index 4e088e6f79..479b517053 100644 --- a/fiat-c/src/poly1305_64.c +++ b/fiat-c/src/poly1305_64.c @@ -57,8 +57,8 @@ static void fiat_poly1305_addcarryx_u44(uint64_t* out1, fiat_poly1305_uint1* out uint64_t x1; uint64_t x2; fiat_poly1305_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT64_C(0xfffffffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT64_C(0xfffffffffff); x3 = (fiat_poly1305_uint1)(x1 >> 44); *out1 = x2; *out2 = x3; @@ -83,9 +83,9 @@ static void fiat_poly1305_subborrowx_u44(uint64_t* out1, fiat_poly1305_uint1* ou int64_t x1; fiat_poly1305_int1 x2; uint64_t x3; - x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + x1 = (int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3; x2 = (fiat_poly1305_int1)(x1 >> 44); - x3 = (x1 & UINT64_C(0xfffffffffff)); + x3 = x1 & UINT64_C(0xfffffffffff); *out1 = x3; *out2 = (fiat_poly1305_uint1)(0x0 - x2); } @@ -109,8 +109,8 @@ static void fiat_poly1305_addcarryx_u43(uint64_t* out1, fiat_poly1305_uint1* out uint64_t x1; uint64_t x2; fiat_poly1305_uint1 x3; - x1 = ((arg1 + arg2) + arg3); - x2 = (x1 & UINT64_C(0x7ffffffffff)); + x1 = arg1 + arg2 + arg3; + x2 = x1 & UINT64_C(0x7ffffffffff); x3 = (fiat_poly1305_uint1)(x1 >> 43); *out1 = x2; *out2 = x3; @@ -135,9 +135,9 @@ static void fiat_poly1305_subborrowx_u43(uint64_t* out1, fiat_poly1305_uint1* ou int64_t x1; fiat_poly1305_int1 x2; uint64_t x3; - x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + x1 = (int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3; x2 = (fiat_poly1305_int1)(x1 >> 43); - x3 = (x1 & UINT64_C(0x7ffffffffff)); + x3 = x1 & UINT64_C(0x7ffffffffff); *out1 = x3; *out2 = (fiat_poly1305_uint1)(0x0 - x2); } @@ -159,9 +159,9 @@ static void fiat_poly1305_cmovznz_u64(uint64_t* out1, fiat_poly1305_uint1 arg1, fiat_poly1305_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_poly1305_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_poly1305_value_barrier_u64(x2) & arg3) | (fiat_poly1305_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_poly1305_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_poly1305_value_barrier_u64(x2) & arg3 | fiat_poly1305_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -206,34 +206,34 @@ static void fiat_poly1305_carry_mul(uint64_t out1[3], const uint64_t arg1[3], co fiat_poly1305_uint1 x26; uint64_t x27; uint64_t x28; - x1 = ((fiat_poly1305_uint128)(arg1[2]) * ((arg2[2]) * 0x5)); - x2 = ((fiat_poly1305_uint128)(arg1[2]) * ((arg2[1]) * 0xa)); - x3 = ((fiat_poly1305_uint128)(arg1[1]) * ((arg2[2]) * 0xa)); - x4 = ((fiat_poly1305_uint128)(arg1[2]) * (arg2[0])); - x5 = ((fiat_poly1305_uint128)(arg1[1]) * ((arg2[1]) * 0x2)); - x6 = ((fiat_poly1305_uint128)(arg1[1]) * (arg2[0])); - x7 = ((fiat_poly1305_uint128)(arg1[0]) * (arg2[2])); - x8 = ((fiat_poly1305_uint128)(arg1[0]) * (arg2[1])); - x9 = ((fiat_poly1305_uint128)(arg1[0]) * (arg2[0])); - x10 = (x9 + (x3 + x2)); + x1 = (fiat_poly1305_uint128)arg1[2] * (arg2[2] * 0x5); + x2 = (fiat_poly1305_uint128)arg1[2] * (arg2[1] * 0xa); + x3 = (fiat_poly1305_uint128)arg1[1] * (arg2[2] * 0xa); + x4 = (fiat_poly1305_uint128)arg1[2] * arg2[0]; + x5 = (fiat_poly1305_uint128)arg1[1] * (arg2[1] * 0x2); + x6 = (fiat_poly1305_uint128)arg1[1] * arg2[0]; + x7 = (fiat_poly1305_uint128)arg1[0] * arg2[2]; + x8 = (fiat_poly1305_uint128)arg1[0] * arg2[1]; + x9 = (fiat_poly1305_uint128)arg1[0] * arg2[0]; + x10 = x9 + (x3 + x2); x11 = (uint64_t)(x10 >> 44); x12 = (uint64_t)(x10 & UINT64_C(0xfffffffffff)); - x13 = (x7 + (x5 + x4)); - x14 = (x8 + (x6 + x1)); - x15 = (x11 + x14); + x13 = x7 + (x5 + x4); + x14 = x8 + (x6 + x1); + x15 = x11 + x14; x16 = (uint64_t)(x15 >> 43); x17 = (uint64_t)(x15 & UINT64_C(0x7ffffffffff)); - x18 = (x16 + x13); + x18 = x16 + x13; x19 = (uint64_t)(x18 >> 43); x20 = (uint64_t)(x18 & UINT64_C(0x7ffffffffff)); - x21 = (x19 * 0x5); - x22 = (x12 + x21); - x23 = (x22 >> 44); - x24 = (x22 & UINT64_C(0xfffffffffff)); - x25 = (x23 + x17); + x21 = x19 * 0x5; + x22 = x12 + x21; + x23 = x22 >> 44; + x24 = x22 & UINT64_C(0xfffffffffff); + x25 = x23 + x17; x26 = (fiat_poly1305_uint1)(x25 >> 43); - x27 = (x25 & UINT64_C(0x7ffffffffff)); - x28 = (x26 + x20); + x27 = x25 & UINT64_C(0x7ffffffffff); + x28 = x26 + x20; out1[0] = x24; out1[1] = x27; out1[2] = x28; @@ -280,35 +280,35 @@ static void fiat_poly1305_carry_square(uint64_t out1[3], const uint64_t arg1[3]) fiat_poly1305_uint1 x27; uint64_t x28; uint64_t x29; - x1 = ((arg1[2]) * 0x5); - x2 = (x1 * 0x2); - x3 = ((arg1[2]) * 0x2); - x4 = ((arg1[1]) * 0x2); - x5 = ((fiat_poly1305_uint128)(arg1[2]) * x1); - x6 = ((fiat_poly1305_uint128)(arg1[1]) * (x2 * 0x2)); - x7 = ((fiat_poly1305_uint128)(arg1[1]) * ((arg1[1]) * 0x2)); - x8 = ((fiat_poly1305_uint128)(arg1[0]) * x3); - x9 = ((fiat_poly1305_uint128)(arg1[0]) * x4); - x10 = ((fiat_poly1305_uint128)(arg1[0]) * (arg1[0])); - x11 = (x10 + x6); + x1 = arg1[2] * 0x5; + x2 = x1 * 0x2; + x3 = arg1[2] * 0x2; + x4 = arg1[1] * 0x2; + x5 = (fiat_poly1305_uint128)arg1[2] * x1; + x6 = (fiat_poly1305_uint128)arg1[1] * (x2 * 0x2); + x7 = (fiat_poly1305_uint128)arg1[1] * (arg1[1] * 0x2); + x8 = (fiat_poly1305_uint128)arg1[0] * x3; + x9 = (fiat_poly1305_uint128)arg1[0] * x4; + x10 = (fiat_poly1305_uint128)arg1[0] * arg1[0]; + x11 = x10 + x6; x12 = (uint64_t)(x11 >> 44); x13 = (uint64_t)(x11 & UINT64_C(0xfffffffffff)); - x14 = (x8 + x7); - x15 = (x9 + x5); - x16 = (x12 + x15); + x14 = x8 + x7; + x15 = x9 + x5; + x16 = x12 + x15; x17 = (uint64_t)(x16 >> 43); x18 = (uint64_t)(x16 & UINT64_C(0x7ffffffffff)); - x19 = (x17 + x14); + x19 = x17 + x14; x20 = (uint64_t)(x19 >> 43); x21 = (uint64_t)(x19 & UINT64_C(0x7ffffffffff)); - x22 = (x20 * 0x5); - x23 = (x13 + x22); - x24 = (x23 >> 44); - x25 = (x23 & UINT64_C(0xfffffffffff)); - x26 = (x24 + x18); + x22 = x20 * 0x5; + x23 = x13 + x22; + x24 = x23 >> 44; + x25 = x23 & UINT64_C(0xfffffffffff); + x26 = x24 + x18; x27 = (fiat_poly1305_uint1)(x26 >> 43); - x28 = (x26 & UINT64_C(0x7ffffffffff)); - x29 = (x27 + x21); + x28 = x26 & UINT64_C(0x7ffffffffff); + x29 = x27 + x21; out1[0] = x25; out1[1] = x28; out1[2] = x29; @@ -334,14 +334,14 @@ static void fiat_poly1305_carry(uint64_t out1[3], const uint64_t arg1[3]) { uint64_t x6; uint64_t x7; uint64_t x8; - x1 = (arg1[0]); - x2 = ((x1 >> 44) + (arg1[1])); - x3 = ((x2 >> 43) + (arg1[2])); - x4 = ((x1 & UINT64_C(0xfffffffffff)) + ((x3 >> 43) * 0x5)); - x5 = ((fiat_poly1305_uint1)(x4 >> 44) + (x2 & UINT64_C(0x7ffffffffff))); - x6 = (x4 & UINT64_C(0xfffffffffff)); - x7 = (x5 & UINT64_C(0x7ffffffffff)); - x8 = ((fiat_poly1305_uint1)(x5 >> 43) + (x3 & UINT64_C(0x7ffffffffff))); + x1 = arg1[0]; + x2 = (x1 >> 44) + arg1[1]; + x3 = (x2 >> 43) + arg1[2]; + x4 = (x1 & UINT64_C(0xfffffffffff)) + (x3 >> 43) * 0x5; + x5 = (fiat_poly1305_uint1)(x4 >> 44) + (x2 & UINT64_C(0x7ffffffffff)); + x6 = x4 & UINT64_C(0xfffffffffff); + x7 = x5 & UINT64_C(0x7ffffffffff); + x8 = (fiat_poly1305_uint1)(x5 >> 43) + (x3 & UINT64_C(0x7ffffffffff)); out1[0] = x6; out1[1] = x7; out1[2] = x8; @@ -363,9 +363,9 @@ static void fiat_poly1305_add(uint64_t out1[3], const uint64_t arg1[3], const ui uint64_t x1; uint64_t x2; uint64_t x3; - x1 = ((arg1[0]) + (arg2[0])); - x2 = ((arg1[1]) + (arg2[1])); - x3 = ((arg1[2]) + (arg2[2])); + x1 = arg1[0] + arg2[0]; + x2 = arg1[1] + arg2[1]; + x3 = arg1[2] + arg2[2]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -387,9 +387,9 @@ static void fiat_poly1305_sub(uint64_t out1[3], const uint64_t arg1[3], const ui uint64_t x1; uint64_t x2; uint64_t x3; - x1 = ((UINT64_C(0x1ffffffffff6) + (arg1[0])) - (arg2[0])); - x2 = ((UINT64_C(0xffffffffffe) + (arg1[1])) - (arg2[1])); - x3 = ((UINT64_C(0xffffffffffe) + (arg1[2])) - (arg2[2])); + x1 = UINT64_C(0x1ffffffffff6) + arg1[0] - arg2[0]; + x2 = UINT64_C(0xffffffffffe) + arg1[1] - arg2[1]; + x3 = UINT64_C(0xffffffffffe) + arg1[2] - arg2[2]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -410,9 +410,9 @@ static void fiat_poly1305_opp(uint64_t out1[3], const uint64_t arg1[3]) { uint64_t x1; uint64_t x2; uint64_t x3; - x1 = (UINT64_C(0x1ffffffffff6) - (arg1[0])); - x2 = (UINT64_C(0xffffffffffe) - (arg1[1])); - x3 = (UINT64_C(0xffffffffffe) - (arg1[2])); + x1 = UINT64_C(0x1ffffffffff6) - arg1[0]; + x2 = UINT64_C(0xffffffffffe) - arg1[1]; + x3 = UINT64_C(0xffffffffffe) - arg1[2]; out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -435,9 +435,9 @@ static void fiat_poly1305_selectznz(uint64_t out1[3], fiat_poly1305_uint1 arg1, uint64_t x1; uint64_t x2; uint64_t x3; - fiat_poly1305_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_poly1305_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_poly1305_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + fiat_poly1305_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_poly1305_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_poly1305_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -504,47 +504,47 @@ static void fiat_poly1305_to_bytes(uint8_t out1[17], const uint64_t arg1[3]) { uint64_t x47; uint8_t x48; uint8_t x49; - fiat_poly1305_subborrowx_u44(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0xffffffffffb)); - fiat_poly1305_subborrowx_u43(&x3, &x4, x2, (arg1[1]), UINT64_C(0x7ffffffffff)); - fiat_poly1305_subborrowx_u43(&x5, &x6, x4, (arg1[2]), UINT64_C(0x7ffffffffff)); + fiat_poly1305_subborrowx_u44(&x1, &x2, 0x0, arg1[0], UINT64_C(0xffffffffffb)); + fiat_poly1305_subborrowx_u43(&x3, &x4, x2, arg1[1], UINT64_C(0x7ffffffffff)); + fiat_poly1305_subborrowx_u43(&x5, &x6, x4, arg1[2], UINT64_C(0x7ffffffffff)); fiat_poly1305_cmovznz_u64(&x7, x6, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_poly1305_addcarryx_u44(&x8, &x9, 0x0, x1, (x7 & UINT64_C(0xffffffffffb))); - fiat_poly1305_addcarryx_u43(&x10, &x11, x9, x3, (x7 & UINT64_C(0x7ffffffffff))); - fiat_poly1305_addcarryx_u43(&x12, &x13, x11, x5, (x7 & UINT64_C(0x7ffffffffff))); - x14 = (x12 << 7); - x15 = (x10 << 4); + fiat_poly1305_addcarryx_u44(&x8, &x9, 0x0, x1, x7 & UINT64_C(0xffffffffffb)); + fiat_poly1305_addcarryx_u43(&x10, &x11, x9, x3, x7 & UINT64_C(0x7ffffffffff)); + fiat_poly1305_addcarryx_u43(&x12, &x13, x11, x5, x7 & UINT64_C(0x7ffffffffff)); + x14 = x12 << 7; + x15 = x10 << 4; x16 = (uint8_t)(x8 & UINT8_C(0xff)); - x17 = (x8 >> 8); + x17 = x8 >> 8; x18 = (uint8_t)(x17 & UINT8_C(0xff)); - x19 = (x17 >> 8); + x19 = x17 >> 8; x20 = (uint8_t)(x19 & UINT8_C(0xff)); - x21 = (x19 >> 8); + x21 = x19 >> 8; x22 = (uint8_t)(x21 & UINT8_C(0xff)); - x23 = (x21 >> 8); + x23 = x21 >> 8; x24 = (uint8_t)(x23 & UINT8_C(0xff)); x25 = (uint8_t)(x23 >> 8); - x26 = (x15 + (uint64_t)x25); + x26 = x15 + (uint64_t)x25; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); - x32 = (x30 >> 8); + x32 = x30 >> 8; x33 = (uint8_t)(x32 & UINT8_C(0xff)); - x34 = (x32 >> 8); + x34 = x32 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); x36 = (uint8_t)(x34 >> 8); - x37 = (x14 + (uint64_t)x36); + x37 = x14 + (uint64_t)x36; x38 = (uint8_t)(x37 & UINT8_C(0xff)); - x39 = (x37 >> 8); + x39 = x37 >> 8; x40 = (uint8_t)(x39 & UINT8_C(0xff)); - x41 = (x39 >> 8); + x41 = x39 >> 8; x42 = (uint8_t)(x41 & UINT8_C(0xff)); - x43 = (x41 >> 8); + x43 = x41 >> 8; x44 = (uint8_t)(x43 & UINT8_C(0xff)); - x45 = (x43 >> 8); + x45 = x43 >> 8; x46 = (uint8_t)(x45 & UINT8_C(0xff)); - x47 = (x45 >> 8); + x47 = x45 >> 8; x48 = (uint8_t)(x47 & UINT8_C(0xff)); x49 = (uint8_t)(x47 >> 8); out1[0] = x16; @@ -615,43 +615,43 @@ static void fiat_poly1305_from_bytes(uint64_t out1[3], const uint8_t arg1[17]) { uint64_t x35; uint64_t x36; uint64_t x37; - x1 = ((uint64_t)(arg1[16]) << 41); - x2 = ((uint64_t)(arg1[15]) << 33); - x3 = ((uint64_t)(arg1[14]) << 25); - x4 = ((uint64_t)(arg1[13]) << 17); - x5 = ((uint64_t)(arg1[12]) << 9); - x6 = ((uint64_t)(arg1[11]) * 0x2); - x7 = ((uint64_t)(arg1[10]) << 36); - x8 = ((uint64_t)(arg1[9]) << 28); - x9 = ((uint64_t)(arg1[8]) << 20); - x10 = ((uint64_t)(arg1[7]) << 12); - x11 = ((uint64_t)(arg1[6]) << 4); - x12 = ((uint64_t)(arg1[5]) << 40); - x13 = ((uint64_t)(arg1[4]) << 32); - x14 = ((uint64_t)(arg1[3]) << 24); - x15 = ((uint64_t)(arg1[2]) << 16); - x16 = ((uint64_t)(arg1[1]) << 8); - x17 = (arg1[0]); - x18 = (x16 + (uint64_t)x17); - x19 = (x15 + x18); - x20 = (x14 + x19); - x21 = (x13 + x20); - x22 = (x12 + x21); - x23 = (x22 & UINT64_C(0xfffffffffff)); + x1 = (uint64_t)arg1[16] << 41; + x2 = (uint64_t)arg1[15] << 33; + x3 = (uint64_t)arg1[14] << 25; + x4 = (uint64_t)arg1[13] << 17; + x5 = (uint64_t)arg1[12] << 9; + x6 = (uint64_t)arg1[11] * 0x2; + x7 = (uint64_t)arg1[10] << 36; + x8 = (uint64_t)arg1[9] << 28; + x9 = (uint64_t)arg1[8] << 20; + x10 = (uint64_t)arg1[7] << 12; + x11 = (uint64_t)arg1[6] << 4; + x12 = (uint64_t)arg1[5] << 40; + x13 = (uint64_t)arg1[4] << 32; + x14 = (uint64_t)arg1[3] << 24; + x15 = (uint64_t)arg1[2] << 16; + x16 = (uint64_t)arg1[1] << 8; + x17 = arg1[0]; + x18 = x16 + (uint64_t)x17; + x19 = x15 + x18; + x20 = x14 + x19; + x21 = x13 + x20; + x22 = x12 + x21; + x23 = x22 & UINT64_C(0xfffffffffff); x24 = (uint8_t)(x22 >> 44); - x25 = (x11 + (uint64_t)x24); - x26 = (x10 + x25); - x27 = (x9 + x26); - x28 = (x8 + x27); - x29 = (x7 + x28); - x30 = (x29 & UINT64_C(0x7ffffffffff)); + x25 = x11 + (uint64_t)x24; + x26 = x10 + x25; + x27 = x9 + x26; + x28 = x8 + x27; + x29 = x7 + x28; + x30 = x29 & UINT64_C(0x7ffffffffff); x31 = (fiat_poly1305_uint1)(x29 >> 43); - x32 = (x6 + (uint64_t)x31); - x33 = (x5 + x32); - x34 = (x4 + x33); - x35 = (x3 + x34); - x36 = (x2 + x35); - x37 = (x1 + x36); + x32 = x6 + (uint64_t)x31; + x33 = x5 + x32; + x34 = x4 + x33; + x35 = x3 + x34; + x36 = x2 + x35; + x37 = x1 + x36; out1[0] = x23; out1[1] = x30; out1[2] = x37; diff --git a/fiat-c/src/secp256k1_32.c b/fiat-c/src/secp256k1_32.c index 31fc741bae..67e4b7d8dc 100644 --- a/fiat-c/src/secp256k1_32.c +++ b/fiat-c/src/secp256k1_32.c @@ -54,7 +54,7 @@ static void fiat_secp256k1_addcarryx_u32(uint32_t* out1, fiat_secp256k1_uint1* o uint64_t x1; uint32_t x2; fiat_secp256k1_uint1 x3; - x1 = ((arg1 + (uint64_t)arg2) + arg3); + x1 = arg1 + (uint64_t)arg2 + arg3; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (fiat_secp256k1_uint1)(x1 >> 32); *out1 = x2; @@ -80,7 +80,7 @@ static void fiat_secp256k1_subborrowx_u32(uint32_t* out1, fiat_secp256k1_uint1* int64_t x1; fiat_secp256k1_int1 x2; uint32_t x3; - x1 = ((arg2 - (int64_t)arg1) - arg3); + x1 = arg2 - (int64_t)arg1 - arg3; x2 = (fiat_secp256k1_int1)(x1 >> 32); x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); *out1 = x3; @@ -105,7 +105,7 @@ static void fiat_secp256k1_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg uint64_t x1; uint32_t x2; uint32_t x3; - x1 = ((uint64_t)arg1 * arg2); + x1 = (uint64_t)arg1 * arg2; x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); x3 = (uint32_t)(x1 >> 32); *out1 = x2; @@ -129,9 +129,9 @@ static void fiat_secp256k1_cmovznz_u32(uint32_t* out1, fiat_secp256k1_uint1 arg1 fiat_secp256k1_uint1 x1; uint32_t x2; uint32_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_secp256k1_int1)(0x0 - x1) & UINT32_C(0xffffffff)); - x3 = ((fiat_secp256k1_value_barrier_u32(x2) & arg3) | (fiat_secp256k1_value_barrier_u32((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_secp256k1_int1)(0x0 - x1) & UINT32_C(0xffffffff); + x3 = fiat_secp256k1_value_barrier_u32(x2) & arg3 | fiat_secp256k1_value_barrier_u32(~x2) & arg2; *out1 = x3; } @@ -975,22 +975,22 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u uint32_t x821; uint32_t x822; uint32_t x823; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[0]); - fiat_secp256k1_mulx_u32(&x9, &x10, x8, (arg2[7])); - fiat_secp256k1_mulx_u32(&x11, &x12, x8, (arg2[6])); - fiat_secp256k1_mulx_u32(&x13, &x14, x8, (arg2[5])); - fiat_secp256k1_mulx_u32(&x15, &x16, x8, (arg2[4])); - fiat_secp256k1_mulx_u32(&x17, &x18, x8, (arg2[3])); - fiat_secp256k1_mulx_u32(&x19, &x20, x8, (arg2[2])); - fiat_secp256k1_mulx_u32(&x21, &x22, x8, (arg2[1])); - fiat_secp256k1_mulx_u32(&x23, &x24, x8, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[0]; + fiat_secp256k1_mulx_u32(&x9, &x10, x8, arg2[7]); + fiat_secp256k1_mulx_u32(&x11, &x12, x8, arg2[6]); + fiat_secp256k1_mulx_u32(&x13, &x14, x8, arg2[5]); + fiat_secp256k1_mulx_u32(&x15, &x16, x8, arg2[4]); + fiat_secp256k1_mulx_u32(&x17, &x18, x8, arg2[3]); + fiat_secp256k1_mulx_u32(&x19, &x20, x8, arg2[2]); + fiat_secp256k1_mulx_u32(&x21, &x22, x8, arg2[1]); + fiat_secp256k1_mulx_u32(&x23, &x24, x8, arg2[0]); fiat_secp256k1_addcarryx_u32(&x25, &x26, 0x0, x24, x21); fiat_secp256k1_addcarryx_u32(&x27, &x28, x26, x22, x19); fiat_secp256k1_addcarryx_u32(&x29, &x30, x28, x20, x17); @@ -998,7 +998,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x33, &x34, x32, x16, x13); fiat_secp256k1_addcarryx_u32(&x35, &x36, x34, x14, x11); fiat_secp256k1_addcarryx_u32(&x37, &x38, x36, x12, x9); - x39 = (x38 + x10); + x39 = x38 + x10; fiat_secp256k1_mulx_u32(&x40, &x41, x23, UINT32_C(0xd2253531)); fiat_secp256k1_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); fiat_secp256k1_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); @@ -1015,7 +1015,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x66, &x67, x65, x49, x46); fiat_secp256k1_addcarryx_u32(&x68, &x69, x67, x47, x44); fiat_secp256k1_addcarryx_u32(&x70, &x71, x69, x45, x42); - x72 = (x71 + x43); + x72 = x71 + x43; fiat_secp256k1_addcarryx_u32(&x73, &x74, 0x0, x23, x56); fiat_secp256k1_addcarryx_u32(&x75, &x76, x74, x25, x58); fiat_secp256k1_addcarryx_u32(&x77, &x78, x76, x27, x60); @@ -1025,14 +1025,14 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x85, &x86, x84, x35, x68); fiat_secp256k1_addcarryx_u32(&x87, &x88, x86, x37, x70); fiat_secp256k1_addcarryx_u32(&x89, &x90, x88, x39, x72); - fiat_secp256k1_mulx_u32(&x91, &x92, x1, (arg2[7])); - fiat_secp256k1_mulx_u32(&x93, &x94, x1, (arg2[6])); - fiat_secp256k1_mulx_u32(&x95, &x96, x1, (arg2[5])); - fiat_secp256k1_mulx_u32(&x97, &x98, x1, (arg2[4])); - fiat_secp256k1_mulx_u32(&x99, &x100, x1, (arg2[3])); - fiat_secp256k1_mulx_u32(&x101, &x102, x1, (arg2[2])); - fiat_secp256k1_mulx_u32(&x103, &x104, x1, (arg2[1])); - fiat_secp256k1_mulx_u32(&x105, &x106, x1, (arg2[0])); + fiat_secp256k1_mulx_u32(&x91, &x92, x1, arg2[7]); + fiat_secp256k1_mulx_u32(&x93, &x94, x1, arg2[6]); + fiat_secp256k1_mulx_u32(&x95, &x96, x1, arg2[5]); + fiat_secp256k1_mulx_u32(&x97, &x98, x1, arg2[4]); + fiat_secp256k1_mulx_u32(&x99, &x100, x1, arg2[3]); + fiat_secp256k1_mulx_u32(&x101, &x102, x1, arg2[2]); + fiat_secp256k1_mulx_u32(&x103, &x104, x1, arg2[1]); + fiat_secp256k1_mulx_u32(&x105, &x106, x1, arg2[0]); fiat_secp256k1_addcarryx_u32(&x107, &x108, 0x0, x106, x103); fiat_secp256k1_addcarryx_u32(&x109, &x110, x108, x104, x101); fiat_secp256k1_addcarryx_u32(&x111, &x112, x110, x102, x99); @@ -1040,7 +1040,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x115, &x116, x114, x98, x95); fiat_secp256k1_addcarryx_u32(&x117, &x118, x116, x96, x93); fiat_secp256k1_addcarryx_u32(&x119, &x120, x118, x94, x91); - x121 = (x120 + x92); + x121 = x120 + x92; fiat_secp256k1_addcarryx_u32(&x122, &x123, 0x0, x75, x105); fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x77, x107); fiat_secp256k1_addcarryx_u32(&x126, &x127, x125, x79, x109); @@ -1066,7 +1066,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x166, &x167, x165, x149, x146); fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x147, x144); fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x145, x142); - x172 = (x171 + x143); + x172 = x171 + x143; fiat_secp256k1_addcarryx_u32(&x173, &x174, 0x0, x122, x156); fiat_secp256k1_addcarryx_u32(&x175, &x176, x174, x124, x158); fiat_secp256k1_addcarryx_u32(&x177, &x178, x176, x126, x160); @@ -1076,15 +1076,15 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x185, &x186, x184, x134, x168); fiat_secp256k1_addcarryx_u32(&x187, &x188, x186, x136, x170); fiat_secp256k1_addcarryx_u32(&x189, &x190, x188, x138, x172); - x191 = ((uint32_t)x190 + x139); - fiat_secp256k1_mulx_u32(&x192, &x193, x2, (arg2[7])); - fiat_secp256k1_mulx_u32(&x194, &x195, x2, (arg2[6])); - fiat_secp256k1_mulx_u32(&x196, &x197, x2, (arg2[5])); - fiat_secp256k1_mulx_u32(&x198, &x199, x2, (arg2[4])); - fiat_secp256k1_mulx_u32(&x200, &x201, x2, (arg2[3])); - fiat_secp256k1_mulx_u32(&x202, &x203, x2, (arg2[2])); - fiat_secp256k1_mulx_u32(&x204, &x205, x2, (arg2[1])); - fiat_secp256k1_mulx_u32(&x206, &x207, x2, (arg2[0])); + x191 = (uint32_t)x190 + x139; + fiat_secp256k1_mulx_u32(&x192, &x193, x2, arg2[7]); + fiat_secp256k1_mulx_u32(&x194, &x195, x2, arg2[6]); + fiat_secp256k1_mulx_u32(&x196, &x197, x2, arg2[5]); + fiat_secp256k1_mulx_u32(&x198, &x199, x2, arg2[4]); + fiat_secp256k1_mulx_u32(&x200, &x201, x2, arg2[3]); + fiat_secp256k1_mulx_u32(&x202, &x203, x2, arg2[2]); + fiat_secp256k1_mulx_u32(&x204, &x205, x2, arg2[1]); + fiat_secp256k1_mulx_u32(&x206, &x207, x2, arg2[0]); fiat_secp256k1_addcarryx_u32(&x208, &x209, 0x0, x207, x204); fiat_secp256k1_addcarryx_u32(&x210, &x211, x209, x205, x202); fiat_secp256k1_addcarryx_u32(&x212, &x213, x211, x203, x200); @@ -1092,7 +1092,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x216, &x217, x215, x199, x196); fiat_secp256k1_addcarryx_u32(&x218, &x219, x217, x197, x194); fiat_secp256k1_addcarryx_u32(&x220, &x221, x219, x195, x192); - x222 = (x221 + x193); + x222 = x221 + x193; fiat_secp256k1_addcarryx_u32(&x223, &x224, 0x0, x175, x206); fiat_secp256k1_addcarryx_u32(&x225, &x226, x224, x177, x208); fiat_secp256k1_addcarryx_u32(&x227, &x228, x226, x179, x210); @@ -1118,7 +1118,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x267, &x268, x266, x250, x247); fiat_secp256k1_addcarryx_u32(&x269, &x270, x268, x248, x245); fiat_secp256k1_addcarryx_u32(&x271, &x272, x270, x246, x243); - x273 = (x272 + x244); + x273 = x272 + x244; fiat_secp256k1_addcarryx_u32(&x274, &x275, 0x0, x223, x257); fiat_secp256k1_addcarryx_u32(&x276, &x277, x275, x225, x259); fiat_secp256k1_addcarryx_u32(&x278, &x279, x277, x227, x261); @@ -1128,15 +1128,15 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x286, &x287, x285, x235, x269); fiat_secp256k1_addcarryx_u32(&x288, &x289, x287, x237, x271); fiat_secp256k1_addcarryx_u32(&x290, &x291, x289, x239, x273); - x292 = ((uint32_t)x291 + x240); - fiat_secp256k1_mulx_u32(&x293, &x294, x3, (arg2[7])); - fiat_secp256k1_mulx_u32(&x295, &x296, x3, (arg2[6])); - fiat_secp256k1_mulx_u32(&x297, &x298, x3, (arg2[5])); - fiat_secp256k1_mulx_u32(&x299, &x300, x3, (arg2[4])); - fiat_secp256k1_mulx_u32(&x301, &x302, x3, (arg2[3])); - fiat_secp256k1_mulx_u32(&x303, &x304, x3, (arg2[2])); - fiat_secp256k1_mulx_u32(&x305, &x306, x3, (arg2[1])); - fiat_secp256k1_mulx_u32(&x307, &x308, x3, (arg2[0])); + x292 = (uint32_t)x291 + x240; + fiat_secp256k1_mulx_u32(&x293, &x294, x3, arg2[7]); + fiat_secp256k1_mulx_u32(&x295, &x296, x3, arg2[6]); + fiat_secp256k1_mulx_u32(&x297, &x298, x3, arg2[5]); + fiat_secp256k1_mulx_u32(&x299, &x300, x3, arg2[4]); + fiat_secp256k1_mulx_u32(&x301, &x302, x3, arg2[3]); + fiat_secp256k1_mulx_u32(&x303, &x304, x3, arg2[2]); + fiat_secp256k1_mulx_u32(&x305, &x306, x3, arg2[1]); + fiat_secp256k1_mulx_u32(&x307, &x308, x3, arg2[0]); fiat_secp256k1_addcarryx_u32(&x309, &x310, 0x0, x308, x305); fiat_secp256k1_addcarryx_u32(&x311, &x312, x310, x306, x303); fiat_secp256k1_addcarryx_u32(&x313, &x314, x312, x304, x301); @@ -1144,7 +1144,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x317, &x318, x316, x300, x297); fiat_secp256k1_addcarryx_u32(&x319, &x320, x318, x298, x295); fiat_secp256k1_addcarryx_u32(&x321, &x322, x320, x296, x293); - x323 = (x322 + x294); + x323 = x322 + x294; fiat_secp256k1_addcarryx_u32(&x324, &x325, 0x0, x276, x307); fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x278, x309); fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x280, x311); @@ -1170,7 +1170,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x368, &x369, x367, x351, x348); fiat_secp256k1_addcarryx_u32(&x370, &x371, x369, x349, x346); fiat_secp256k1_addcarryx_u32(&x372, &x373, x371, x347, x344); - x374 = (x373 + x345); + x374 = x373 + x345; fiat_secp256k1_addcarryx_u32(&x375, &x376, 0x0, x324, x358); fiat_secp256k1_addcarryx_u32(&x377, &x378, x376, x326, x360); fiat_secp256k1_addcarryx_u32(&x379, &x380, x378, x328, x362); @@ -1180,15 +1180,15 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x387, &x388, x386, x336, x370); fiat_secp256k1_addcarryx_u32(&x389, &x390, x388, x338, x372); fiat_secp256k1_addcarryx_u32(&x391, &x392, x390, x340, x374); - x393 = ((uint32_t)x392 + x341); - fiat_secp256k1_mulx_u32(&x394, &x395, x4, (arg2[7])); - fiat_secp256k1_mulx_u32(&x396, &x397, x4, (arg2[6])); - fiat_secp256k1_mulx_u32(&x398, &x399, x4, (arg2[5])); - fiat_secp256k1_mulx_u32(&x400, &x401, x4, (arg2[4])); - fiat_secp256k1_mulx_u32(&x402, &x403, x4, (arg2[3])); - fiat_secp256k1_mulx_u32(&x404, &x405, x4, (arg2[2])); - fiat_secp256k1_mulx_u32(&x406, &x407, x4, (arg2[1])); - fiat_secp256k1_mulx_u32(&x408, &x409, x4, (arg2[0])); + x393 = (uint32_t)x392 + x341; + fiat_secp256k1_mulx_u32(&x394, &x395, x4, arg2[7]); + fiat_secp256k1_mulx_u32(&x396, &x397, x4, arg2[6]); + fiat_secp256k1_mulx_u32(&x398, &x399, x4, arg2[5]); + fiat_secp256k1_mulx_u32(&x400, &x401, x4, arg2[4]); + fiat_secp256k1_mulx_u32(&x402, &x403, x4, arg2[3]); + fiat_secp256k1_mulx_u32(&x404, &x405, x4, arg2[2]); + fiat_secp256k1_mulx_u32(&x406, &x407, x4, arg2[1]); + fiat_secp256k1_mulx_u32(&x408, &x409, x4, arg2[0]); fiat_secp256k1_addcarryx_u32(&x410, &x411, 0x0, x409, x406); fiat_secp256k1_addcarryx_u32(&x412, &x413, x411, x407, x404); fiat_secp256k1_addcarryx_u32(&x414, &x415, x413, x405, x402); @@ -1196,7 +1196,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, x401, x398); fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, x399, x396); fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, x397, x394); - x424 = (x423 + x395); + x424 = x423 + x395; fiat_secp256k1_addcarryx_u32(&x425, &x426, 0x0, x377, x408); fiat_secp256k1_addcarryx_u32(&x427, &x428, x426, x379, x410); fiat_secp256k1_addcarryx_u32(&x429, &x430, x428, x381, x412); @@ -1222,7 +1222,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x469, &x470, x468, x452, x449); fiat_secp256k1_addcarryx_u32(&x471, &x472, x470, x450, x447); fiat_secp256k1_addcarryx_u32(&x473, &x474, x472, x448, x445); - x475 = (x474 + x446); + x475 = x474 + x446; fiat_secp256k1_addcarryx_u32(&x476, &x477, 0x0, x425, x459); fiat_secp256k1_addcarryx_u32(&x478, &x479, x477, x427, x461); fiat_secp256k1_addcarryx_u32(&x480, &x481, x479, x429, x463); @@ -1232,15 +1232,15 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, x437, x471); fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, x439, x473); fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, x441, x475); - x494 = ((uint32_t)x493 + x442); - fiat_secp256k1_mulx_u32(&x495, &x496, x5, (arg2[7])); - fiat_secp256k1_mulx_u32(&x497, &x498, x5, (arg2[6])); - fiat_secp256k1_mulx_u32(&x499, &x500, x5, (arg2[5])); - fiat_secp256k1_mulx_u32(&x501, &x502, x5, (arg2[4])); - fiat_secp256k1_mulx_u32(&x503, &x504, x5, (arg2[3])); - fiat_secp256k1_mulx_u32(&x505, &x506, x5, (arg2[2])); - fiat_secp256k1_mulx_u32(&x507, &x508, x5, (arg2[1])); - fiat_secp256k1_mulx_u32(&x509, &x510, x5, (arg2[0])); + x494 = (uint32_t)x493 + x442; + fiat_secp256k1_mulx_u32(&x495, &x496, x5, arg2[7]); + fiat_secp256k1_mulx_u32(&x497, &x498, x5, arg2[6]); + fiat_secp256k1_mulx_u32(&x499, &x500, x5, arg2[5]); + fiat_secp256k1_mulx_u32(&x501, &x502, x5, arg2[4]); + fiat_secp256k1_mulx_u32(&x503, &x504, x5, arg2[3]); + fiat_secp256k1_mulx_u32(&x505, &x506, x5, arg2[2]); + fiat_secp256k1_mulx_u32(&x507, &x508, x5, arg2[1]); + fiat_secp256k1_mulx_u32(&x509, &x510, x5, arg2[0]); fiat_secp256k1_addcarryx_u32(&x511, &x512, 0x0, x510, x507); fiat_secp256k1_addcarryx_u32(&x513, &x514, x512, x508, x505); fiat_secp256k1_addcarryx_u32(&x515, &x516, x514, x506, x503); @@ -1248,7 +1248,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x519, &x520, x518, x502, x499); fiat_secp256k1_addcarryx_u32(&x521, &x522, x520, x500, x497); fiat_secp256k1_addcarryx_u32(&x523, &x524, x522, x498, x495); - x525 = (x524 + x496); + x525 = x524 + x496; fiat_secp256k1_addcarryx_u32(&x526, &x527, 0x0, x478, x509); fiat_secp256k1_addcarryx_u32(&x528, &x529, x527, x480, x511); fiat_secp256k1_addcarryx_u32(&x530, &x531, x529, x482, x513); @@ -1274,7 +1274,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x570, &x571, x569, x553, x550); fiat_secp256k1_addcarryx_u32(&x572, &x573, x571, x551, x548); fiat_secp256k1_addcarryx_u32(&x574, &x575, x573, x549, x546); - x576 = (x575 + x547); + x576 = x575 + x547; fiat_secp256k1_addcarryx_u32(&x577, &x578, 0x0, x526, x560); fiat_secp256k1_addcarryx_u32(&x579, &x580, x578, x528, x562); fiat_secp256k1_addcarryx_u32(&x581, &x582, x580, x530, x564); @@ -1284,15 +1284,15 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x589, &x590, x588, x538, x572); fiat_secp256k1_addcarryx_u32(&x591, &x592, x590, x540, x574); fiat_secp256k1_addcarryx_u32(&x593, &x594, x592, x542, x576); - x595 = ((uint32_t)x594 + x543); - fiat_secp256k1_mulx_u32(&x596, &x597, x6, (arg2[7])); - fiat_secp256k1_mulx_u32(&x598, &x599, x6, (arg2[6])); - fiat_secp256k1_mulx_u32(&x600, &x601, x6, (arg2[5])); - fiat_secp256k1_mulx_u32(&x602, &x603, x6, (arg2[4])); - fiat_secp256k1_mulx_u32(&x604, &x605, x6, (arg2[3])); - fiat_secp256k1_mulx_u32(&x606, &x607, x6, (arg2[2])); - fiat_secp256k1_mulx_u32(&x608, &x609, x6, (arg2[1])); - fiat_secp256k1_mulx_u32(&x610, &x611, x6, (arg2[0])); + x595 = (uint32_t)x594 + x543; + fiat_secp256k1_mulx_u32(&x596, &x597, x6, arg2[7]); + fiat_secp256k1_mulx_u32(&x598, &x599, x6, arg2[6]); + fiat_secp256k1_mulx_u32(&x600, &x601, x6, arg2[5]); + fiat_secp256k1_mulx_u32(&x602, &x603, x6, arg2[4]); + fiat_secp256k1_mulx_u32(&x604, &x605, x6, arg2[3]); + fiat_secp256k1_mulx_u32(&x606, &x607, x6, arg2[2]); + fiat_secp256k1_mulx_u32(&x608, &x609, x6, arg2[1]); + fiat_secp256k1_mulx_u32(&x610, &x611, x6, arg2[0]); fiat_secp256k1_addcarryx_u32(&x612, &x613, 0x0, x611, x608); fiat_secp256k1_addcarryx_u32(&x614, &x615, x613, x609, x606); fiat_secp256k1_addcarryx_u32(&x616, &x617, x615, x607, x604); @@ -1300,7 +1300,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x620, &x621, x619, x603, x600); fiat_secp256k1_addcarryx_u32(&x622, &x623, x621, x601, x598); fiat_secp256k1_addcarryx_u32(&x624, &x625, x623, x599, x596); - x626 = (x625 + x597); + x626 = x625 + x597; fiat_secp256k1_addcarryx_u32(&x627, &x628, 0x0, x579, x610); fiat_secp256k1_addcarryx_u32(&x629, &x630, x628, x581, x612); fiat_secp256k1_addcarryx_u32(&x631, &x632, x630, x583, x614); @@ -1326,7 +1326,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x671, &x672, x670, x654, x651); fiat_secp256k1_addcarryx_u32(&x673, &x674, x672, x652, x649); fiat_secp256k1_addcarryx_u32(&x675, &x676, x674, x650, x647); - x677 = (x676 + x648); + x677 = x676 + x648; fiat_secp256k1_addcarryx_u32(&x678, &x679, 0x0, x627, x661); fiat_secp256k1_addcarryx_u32(&x680, &x681, x679, x629, x663); fiat_secp256k1_addcarryx_u32(&x682, &x683, x681, x631, x665); @@ -1336,15 +1336,15 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x690, &x691, x689, x639, x673); fiat_secp256k1_addcarryx_u32(&x692, &x693, x691, x641, x675); fiat_secp256k1_addcarryx_u32(&x694, &x695, x693, x643, x677); - x696 = ((uint32_t)x695 + x644); - fiat_secp256k1_mulx_u32(&x697, &x698, x7, (arg2[7])); - fiat_secp256k1_mulx_u32(&x699, &x700, x7, (arg2[6])); - fiat_secp256k1_mulx_u32(&x701, &x702, x7, (arg2[5])); - fiat_secp256k1_mulx_u32(&x703, &x704, x7, (arg2[4])); - fiat_secp256k1_mulx_u32(&x705, &x706, x7, (arg2[3])); - fiat_secp256k1_mulx_u32(&x707, &x708, x7, (arg2[2])); - fiat_secp256k1_mulx_u32(&x709, &x710, x7, (arg2[1])); - fiat_secp256k1_mulx_u32(&x711, &x712, x7, (arg2[0])); + x696 = (uint32_t)x695 + x644; + fiat_secp256k1_mulx_u32(&x697, &x698, x7, arg2[7]); + fiat_secp256k1_mulx_u32(&x699, &x700, x7, arg2[6]); + fiat_secp256k1_mulx_u32(&x701, &x702, x7, arg2[5]); + fiat_secp256k1_mulx_u32(&x703, &x704, x7, arg2[4]); + fiat_secp256k1_mulx_u32(&x705, &x706, x7, arg2[3]); + fiat_secp256k1_mulx_u32(&x707, &x708, x7, arg2[2]); + fiat_secp256k1_mulx_u32(&x709, &x710, x7, arg2[1]); + fiat_secp256k1_mulx_u32(&x711, &x712, x7, arg2[0]); fiat_secp256k1_addcarryx_u32(&x713, &x714, 0x0, x712, x709); fiat_secp256k1_addcarryx_u32(&x715, &x716, x714, x710, x707); fiat_secp256k1_addcarryx_u32(&x717, &x718, x716, x708, x705); @@ -1352,7 +1352,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x721, &x722, x720, x704, x701); fiat_secp256k1_addcarryx_u32(&x723, &x724, x722, x702, x699); fiat_secp256k1_addcarryx_u32(&x725, &x726, x724, x700, x697); - x727 = (x726 + x698); + x727 = x726 + x698; fiat_secp256k1_addcarryx_u32(&x728, &x729, 0x0, x680, x711); fiat_secp256k1_addcarryx_u32(&x730, &x731, x729, x682, x713); fiat_secp256k1_addcarryx_u32(&x732, &x733, x731, x684, x715); @@ -1378,7 +1378,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x772, &x773, x771, x755, x752); fiat_secp256k1_addcarryx_u32(&x774, &x775, x773, x753, x750); fiat_secp256k1_addcarryx_u32(&x776, &x777, x775, x751, x748); - x778 = (x777 + x749); + x778 = x777 + x749; fiat_secp256k1_addcarryx_u32(&x779, &x780, 0x0, x728, x762); fiat_secp256k1_addcarryx_u32(&x781, &x782, x780, x730, x764); fiat_secp256k1_addcarryx_u32(&x783, &x784, x782, x732, x766); @@ -1388,7 +1388,7 @@ static void fiat_secp256k1_mul(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_addcarryx_u32(&x791, &x792, x790, x740, x774); fiat_secp256k1_addcarryx_u32(&x793, &x794, x792, x742, x776); fiat_secp256k1_addcarryx_u32(&x795, &x796, x794, x744, x778); - x797 = ((uint32_t)x796 + x745); + x797 = (uint32_t)x796 + x745; fiat_secp256k1_subborrowx_u32(&x798, &x799, 0x0, x781, UINT32_C(0xfffffc2f)); fiat_secp256k1_subborrowx_u32(&x800, &x801, x799, x783, UINT32_C(0xfffffffe)); fiat_secp256k1_subborrowx_u32(&x802, &x803, x801, x785, UINT32_C(0xffffffff)); @@ -2254,22 +2254,22 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { uint32_t x821; uint32_t x822; uint32_t x823; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[0]); - fiat_secp256k1_mulx_u32(&x9, &x10, x8, (arg1[7])); - fiat_secp256k1_mulx_u32(&x11, &x12, x8, (arg1[6])); - fiat_secp256k1_mulx_u32(&x13, &x14, x8, (arg1[5])); - fiat_secp256k1_mulx_u32(&x15, &x16, x8, (arg1[4])); - fiat_secp256k1_mulx_u32(&x17, &x18, x8, (arg1[3])); - fiat_secp256k1_mulx_u32(&x19, &x20, x8, (arg1[2])); - fiat_secp256k1_mulx_u32(&x21, &x22, x8, (arg1[1])); - fiat_secp256k1_mulx_u32(&x23, &x24, x8, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[0]; + fiat_secp256k1_mulx_u32(&x9, &x10, x8, arg1[7]); + fiat_secp256k1_mulx_u32(&x11, &x12, x8, arg1[6]); + fiat_secp256k1_mulx_u32(&x13, &x14, x8, arg1[5]); + fiat_secp256k1_mulx_u32(&x15, &x16, x8, arg1[4]); + fiat_secp256k1_mulx_u32(&x17, &x18, x8, arg1[3]); + fiat_secp256k1_mulx_u32(&x19, &x20, x8, arg1[2]); + fiat_secp256k1_mulx_u32(&x21, &x22, x8, arg1[1]); + fiat_secp256k1_mulx_u32(&x23, &x24, x8, arg1[0]); fiat_secp256k1_addcarryx_u32(&x25, &x26, 0x0, x24, x21); fiat_secp256k1_addcarryx_u32(&x27, &x28, x26, x22, x19); fiat_secp256k1_addcarryx_u32(&x29, &x30, x28, x20, x17); @@ -2277,7 +2277,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x33, &x34, x32, x16, x13); fiat_secp256k1_addcarryx_u32(&x35, &x36, x34, x14, x11); fiat_secp256k1_addcarryx_u32(&x37, &x38, x36, x12, x9); - x39 = (x38 + x10); + x39 = x38 + x10; fiat_secp256k1_mulx_u32(&x40, &x41, x23, UINT32_C(0xd2253531)); fiat_secp256k1_mulx_u32(&x42, &x43, x40, UINT32_C(0xffffffff)); fiat_secp256k1_mulx_u32(&x44, &x45, x40, UINT32_C(0xffffffff)); @@ -2294,7 +2294,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x66, &x67, x65, x49, x46); fiat_secp256k1_addcarryx_u32(&x68, &x69, x67, x47, x44); fiat_secp256k1_addcarryx_u32(&x70, &x71, x69, x45, x42); - x72 = (x71 + x43); + x72 = x71 + x43; fiat_secp256k1_addcarryx_u32(&x73, &x74, 0x0, x23, x56); fiat_secp256k1_addcarryx_u32(&x75, &x76, x74, x25, x58); fiat_secp256k1_addcarryx_u32(&x77, &x78, x76, x27, x60); @@ -2304,14 +2304,14 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x85, &x86, x84, x35, x68); fiat_secp256k1_addcarryx_u32(&x87, &x88, x86, x37, x70); fiat_secp256k1_addcarryx_u32(&x89, &x90, x88, x39, x72); - fiat_secp256k1_mulx_u32(&x91, &x92, x1, (arg1[7])); - fiat_secp256k1_mulx_u32(&x93, &x94, x1, (arg1[6])); - fiat_secp256k1_mulx_u32(&x95, &x96, x1, (arg1[5])); - fiat_secp256k1_mulx_u32(&x97, &x98, x1, (arg1[4])); - fiat_secp256k1_mulx_u32(&x99, &x100, x1, (arg1[3])); - fiat_secp256k1_mulx_u32(&x101, &x102, x1, (arg1[2])); - fiat_secp256k1_mulx_u32(&x103, &x104, x1, (arg1[1])); - fiat_secp256k1_mulx_u32(&x105, &x106, x1, (arg1[0])); + fiat_secp256k1_mulx_u32(&x91, &x92, x1, arg1[7]); + fiat_secp256k1_mulx_u32(&x93, &x94, x1, arg1[6]); + fiat_secp256k1_mulx_u32(&x95, &x96, x1, arg1[5]); + fiat_secp256k1_mulx_u32(&x97, &x98, x1, arg1[4]); + fiat_secp256k1_mulx_u32(&x99, &x100, x1, arg1[3]); + fiat_secp256k1_mulx_u32(&x101, &x102, x1, arg1[2]); + fiat_secp256k1_mulx_u32(&x103, &x104, x1, arg1[1]); + fiat_secp256k1_mulx_u32(&x105, &x106, x1, arg1[0]); fiat_secp256k1_addcarryx_u32(&x107, &x108, 0x0, x106, x103); fiat_secp256k1_addcarryx_u32(&x109, &x110, x108, x104, x101); fiat_secp256k1_addcarryx_u32(&x111, &x112, x110, x102, x99); @@ -2319,7 +2319,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x115, &x116, x114, x98, x95); fiat_secp256k1_addcarryx_u32(&x117, &x118, x116, x96, x93); fiat_secp256k1_addcarryx_u32(&x119, &x120, x118, x94, x91); - x121 = (x120 + x92); + x121 = x120 + x92; fiat_secp256k1_addcarryx_u32(&x122, &x123, 0x0, x75, x105); fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x77, x107); fiat_secp256k1_addcarryx_u32(&x126, &x127, x125, x79, x109); @@ -2345,7 +2345,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x166, &x167, x165, x149, x146); fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x147, x144); fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x145, x142); - x172 = (x171 + x143); + x172 = x171 + x143; fiat_secp256k1_addcarryx_u32(&x173, &x174, 0x0, x122, x156); fiat_secp256k1_addcarryx_u32(&x175, &x176, x174, x124, x158); fiat_secp256k1_addcarryx_u32(&x177, &x178, x176, x126, x160); @@ -2355,15 +2355,15 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x185, &x186, x184, x134, x168); fiat_secp256k1_addcarryx_u32(&x187, &x188, x186, x136, x170); fiat_secp256k1_addcarryx_u32(&x189, &x190, x188, x138, x172); - x191 = ((uint32_t)x190 + x139); - fiat_secp256k1_mulx_u32(&x192, &x193, x2, (arg1[7])); - fiat_secp256k1_mulx_u32(&x194, &x195, x2, (arg1[6])); - fiat_secp256k1_mulx_u32(&x196, &x197, x2, (arg1[5])); - fiat_secp256k1_mulx_u32(&x198, &x199, x2, (arg1[4])); - fiat_secp256k1_mulx_u32(&x200, &x201, x2, (arg1[3])); - fiat_secp256k1_mulx_u32(&x202, &x203, x2, (arg1[2])); - fiat_secp256k1_mulx_u32(&x204, &x205, x2, (arg1[1])); - fiat_secp256k1_mulx_u32(&x206, &x207, x2, (arg1[0])); + x191 = (uint32_t)x190 + x139; + fiat_secp256k1_mulx_u32(&x192, &x193, x2, arg1[7]); + fiat_secp256k1_mulx_u32(&x194, &x195, x2, arg1[6]); + fiat_secp256k1_mulx_u32(&x196, &x197, x2, arg1[5]); + fiat_secp256k1_mulx_u32(&x198, &x199, x2, arg1[4]); + fiat_secp256k1_mulx_u32(&x200, &x201, x2, arg1[3]); + fiat_secp256k1_mulx_u32(&x202, &x203, x2, arg1[2]); + fiat_secp256k1_mulx_u32(&x204, &x205, x2, arg1[1]); + fiat_secp256k1_mulx_u32(&x206, &x207, x2, arg1[0]); fiat_secp256k1_addcarryx_u32(&x208, &x209, 0x0, x207, x204); fiat_secp256k1_addcarryx_u32(&x210, &x211, x209, x205, x202); fiat_secp256k1_addcarryx_u32(&x212, &x213, x211, x203, x200); @@ -2371,7 +2371,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x216, &x217, x215, x199, x196); fiat_secp256k1_addcarryx_u32(&x218, &x219, x217, x197, x194); fiat_secp256k1_addcarryx_u32(&x220, &x221, x219, x195, x192); - x222 = (x221 + x193); + x222 = x221 + x193; fiat_secp256k1_addcarryx_u32(&x223, &x224, 0x0, x175, x206); fiat_secp256k1_addcarryx_u32(&x225, &x226, x224, x177, x208); fiat_secp256k1_addcarryx_u32(&x227, &x228, x226, x179, x210); @@ -2397,7 +2397,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x267, &x268, x266, x250, x247); fiat_secp256k1_addcarryx_u32(&x269, &x270, x268, x248, x245); fiat_secp256k1_addcarryx_u32(&x271, &x272, x270, x246, x243); - x273 = (x272 + x244); + x273 = x272 + x244; fiat_secp256k1_addcarryx_u32(&x274, &x275, 0x0, x223, x257); fiat_secp256k1_addcarryx_u32(&x276, &x277, x275, x225, x259); fiat_secp256k1_addcarryx_u32(&x278, &x279, x277, x227, x261); @@ -2407,15 +2407,15 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x286, &x287, x285, x235, x269); fiat_secp256k1_addcarryx_u32(&x288, &x289, x287, x237, x271); fiat_secp256k1_addcarryx_u32(&x290, &x291, x289, x239, x273); - x292 = ((uint32_t)x291 + x240); - fiat_secp256k1_mulx_u32(&x293, &x294, x3, (arg1[7])); - fiat_secp256k1_mulx_u32(&x295, &x296, x3, (arg1[6])); - fiat_secp256k1_mulx_u32(&x297, &x298, x3, (arg1[5])); - fiat_secp256k1_mulx_u32(&x299, &x300, x3, (arg1[4])); - fiat_secp256k1_mulx_u32(&x301, &x302, x3, (arg1[3])); - fiat_secp256k1_mulx_u32(&x303, &x304, x3, (arg1[2])); - fiat_secp256k1_mulx_u32(&x305, &x306, x3, (arg1[1])); - fiat_secp256k1_mulx_u32(&x307, &x308, x3, (arg1[0])); + x292 = (uint32_t)x291 + x240; + fiat_secp256k1_mulx_u32(&x293, &x294, x3, arg1[7]); + fiat_secp256k1_mulx_u32(&x295, &x296, x3, arg1[6]); + fiat_secp256k1_mulx_u32(&x297, &x298, x3, arg1[5]); + fiat_secp256k1_mulx_u32(&x299, &x300, x3, arg1[4]); + fiat_secp256k1_mulx_u32(&x301, &x302, x3, arg1[3]); + fiat_secp256k1_mulx_u32(&x303, &x304, x3, arg1[2]); + fiat_secp256k1_mulx_u32(&x305, &x306, x3, arg1[1]); + fiat_secp256k1_mulx_u32(&x307, &x308, x3, arg1[0]); fiat_secp256k1_addcarryx_u32(&x309, &x310, 0x0, x308, x305); fiat_secp256k1_addcarryx_u32(&x311, &x312, x310, x306, x303); fiat_secp256k1_addcarryx_u32(&x313, &x314, x312, x304, x301); @@ -2423,7 +2423,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x317, &x318, x316, x300, x297); fiat_secp256k1_addcarryx_u32(&x319, &x320, x318, x298, x295); fiat_secp256k1_addcarryx_u32(&x321, &x322, x320, x296, x293); - x323 = (x322 + x294); + x323 = x322 + x294; fiat_secp256k1_addcarryx_u32(&x324, &x325, 0x0, x276, x307); fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x278, x309); fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x280, x311); @@ -2449,7 +2449,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x368, &x369, x367, x351, x348); fiat_secp256k1_addcarryx_u32(&x370, &x371, x369, x349, x346); fiat_secp256k1_addcarryx_u32(&x372, &x373, x371, x347, x344); - x374 = (x373 + x345); + x374 = x373 + x345; fiat_secp256k1_addcarryx_u32(&x375, &x376, 0x0, x324, x358); fiat_secp256k1_addcarryx_u32(&x377, &x378, x376, x326, x360); fiat_secp256k1_addcarryx_u32(&x379, &x380, x378, x328, x362); @@ -2459,15 +2459,15 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x387, &x388, x386, x336, x370); fiat_secp256k1_addcarryx_u32(&x389, &x390, x388, x338, x372); fiat_secp256k1_addcarryx_u32(&x391, &x392, x390, x340, x374); - x393 = ((uint32_t)x392 + x341); - fiat_secp256k1_mulx_u32(&x394, &x395, x4, (arg1[7])); - fiat_secp256k1_mulx_u32(&x396, &x397, x4, (arg1[6])); - fiat_secp256k1_mulx_u32(&x398, &x399, x4, (arg1[5])); - fiat_secp256k1_mulx_u32(&x400, &x401, x4, (arg1[4])); - fiat_secp256k1_mulx_u32(&x402, &x403, x4, (arg1[3])); - fiat_secp256k1_mulx_u32(&x404, &x405, x4, (arg1[2])); - fiat_secp256k1_mulx_u32(&x406, &x407, x4, (arg1[1])); - fiat_secp256k1_mulx_u32(&x408, &x409, x4, (arg1[0])); + x393 = (uint32_t)x392 + x341; + fiat_secp256k1_mulx_u32(&x394, &x395, x4, arg1[7]); + fiat_secp256k1_mulx_u32(&x396, &x397, x4, arg1[6]); + fiat_secp256k1_mulx_u32(&x398, &x399, x4, arg1[5]); + fiat_secp256k1_mulx_u32(&x400, &x401, x4, arg1[4]); + fiat_secp256k1_mulx_u32(&x402, &x403, x4, arg1[3]); + fiat_secp256k1_mulx_u32(&x404, &x405, x4, arg1[2]); + fiat_secp256k1_mulx_u32(&x406, &x407, x4, arg1[1]); + fiat_secp256k1_mulx_u32(&x408, &x409, x4, arg1[0]); fiat_secp256k1_addcarryx_u32(&x410, &x411, 0x0, x409, x406); fiat_secp256k1_addcarryx_u32(&x412, &x413, x411, x407, x404); fiat_secp256k1_addcarryx_u32(&x414, &x415, x413, x405, x402); @@ -2475,7 +2475,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, x401, x398); fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, x399, x396); fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, x397, x394); - x424 = (x423 + x395); + x424 = x423 + x395; fiat_secp256k1_addcarryx_u32(&x425, &x426, 0x0, x377, x408); fiat_secp256k1_addcarryx_u32(&x427, &x428, x426, x379, x410); fiat_secp256k1_addcarryx_u32(&x429, &x430, x428, x381, x412); @@ -2501,7 +2501,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x469, &x470, x468, x452, x449); fiat_secp256k1_addcarryx_u32(&x471, &x472, x470, x450, x447); fiat_secp256k1_addcarryx_u32(&x473, &x474, x472, x448, x445); - x475 = (x474 + x446); + x475 = x474 + x446; fiat_secp256k1_addcarryx_u32(&x476, &x477, 0x0, x425, x459); fiat_secp256k1_addcarryx_u32(&x478, &x479, x477, x427, x461); fiat_secp256k1_addcarryx_u32(&x480, &x481, x479, x429, x463); @@ -2511,15 +2511,15 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, x437, x471); fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, x439, x473); fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, x441, x475); - x494 = ((uint32_t)x493 + x442); - fiat_secp256k1_mulx_u32(&x495, &x496, x5, (arg1[7])); - fiat_secp256k1_mulx_u32(&x497, &x498, x5, (arg1[6])); - fiat_secp256k1_mulx_u32(&x499, &x500, x5, (arg1[5])); - fiat_secp256k1_mulx_u32(&x501, &x502, x5, (arg1[4])); - fiat_secp256k1_mulx_u32(&x503, &x504, x5, (arg1[3])); - fiat_secp256k1_mulx_u32(&x505, &x506, x5, (arg1[2])); - fiat_secp256k1_mulx_u32(&x507, &x508, x5, (arg1[1])); - fiat_secp256k1_mulx_u32(&x509, &x510, x5, (arg1[0])); + x494 = (uint32_t)x493 + x442; + fiat_secp256k1_mulx_u32(&x495, &x496, x5, arg1[7]); + fiat_secp256k1_mulx_u32(&x497, &x498, x5, arg1[6]); + fiat_secp256k1_mulx_u32(&x499, &x500, x5, arg1[5]); + fiat_secp256k1_mulx_u32(&x501, &x502, x5, arg1[4]); + fiat_secp256k1_mulx_u32(&x503, &x504, x5, arg1[3]); + fiat_secp256k1_mulx_u32(&x505, &x506, x5, arg1[2]); + fiat_secp256k1_mulx_u32(&x507, &x508, x5, arg1[1]); + fiat_secp256k1_mulx_u32(&x509, &x510, x5, arg1[0]); fiat_secp256k1_addcarryx_u32(&x511, &x512, 0x0, x510, x507); fiat_secp256k1_addcarryx_u32(&x513, &x514, x512, x508, x505); fiat_secp256k1_addcarryx_u32(&x515, &x516, x514, x506, x503); @@ -2527,7 +2527,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x519, &x520, x518, x502, x499); fiat_secp256k1_addcarryx_u32(&x521, &x522, x520, x500, x497); fiat_secp256k1_addcarryx_u32(&x523, &x524, x522, x498, x495); - x525 = (x524 + x496); + x525 = x524 + x496; fiat_secp256k1_addcarryx_u32(&x526, &x527, 0x0, x478, x509); fiat_secp256k1_addcarryx_u32(&x528, &x529, x527, x480, x511); fiat_secp256k1_addcarryx_u32(&x530, &x531, x529, x482, x513); @@ -2553,7 +2553,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x570, &x571, x569, x553, x550); fiat_secp256k1_addcarryx_u32(&x572, &x573, x571, x551, x548); fiat_secp256k1_addcarryx_u32(&x574, &x575, x573, x549, x546); - x576 = (x575 + x547); + x576 = x575 + x547; fiat_secp256k1_addcarryx_u32(&x577, &x578, 0x0, x526, x560); fiat_secp256k1_addcarryx_u32(&x579, &x580, x578, x528, x562); fiat_secp256k1_addcarryx_u32(&x581, &x582, x580, x530, x564); @@ -2563,15 +2563,15 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x589, &x590, x588, x538, x572); fiat_secp256k1_addcarryx_u32(&x591, &x592, x590, x540, x574); fiat_secp256k1_addcarryx_u32(&x593, &x594, x592, x542, x576); - x595 = ((uint32_t)x594 + x543); - fiat_secp256k1_mulx_u32(&x596, &x597, x6, (arg1[7])); - fiat_secp256k1_mulx_u32(&x598, &x599, x6, (arg1[6])); - fiat_secp256k1_mulx_u32(&x600, &x601, x6, (arg1[5])); - fiat_secp256k1_mulx_u32(&x602, &x603, x6, (arg1[4])); - fiat_secp256k1_mulx_u32(&x604, &x605, x6, (arg1[3])); - fiat_secp256k1_mulx_u32(&x606, &x607, x6, (arg1[2])); - fiat_secp256k1_mulx_u32(&x608, &x609, x6, (arg1[1])); - fiat_secp256k1_mulx_u32(&x610, &x611, x6, (arg1[0])); + x595 = (uint32_t)x594 + x543; + fiat_secp256k1_mulx_u32(&x596, &x597, x6, arg1[7]); + fiat_secp256k1_mulx_u32(&x598, &x599, x6, arg1[6]); + fiat_secp256k1_mulx_u32(&x600, &x601, x6, arg1[5]); + fiat_secp256k1_mulx_u32(&x602, &x603, x6, arg1[4]); + fiat_secp256k1_mulx_u32(&x604, &x605, x6, arg1[3]); + fiat_secp256k1_mulx_u32(&x606, &x607, x6, arg1[2]); + fiat_secp256k1_mulx_u32(&x608, &x609, x6, arg1[1]); + fiat_secp256k1_mulx_u32(&x610, &x611, x6, arg1[0]); fiat_secp256k1_addcarryx_u32(&x612, &x613, 0x0, x611, x608); fiat_secp256k1_addcarryx_u32(&x614, &x615, x613, x609, x606); fiat_secp256k1_addcarryx_u32(&x616, &x617, x615, x607, x604); @@ -2579,7 +2579,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x620, &x621, x619, x603, x600); fiat_secp256k1_addcarryx_u32(&x622, &x623, x621, x601, x598); fiat_secp256k1_addcarryx_u32(&x624, &x625, x623, x599, x596); - x626 = (x625 + x597); + x626 = x625 + x597; fiat_secp256k1_addcarryx_u32(&x627, &x628, 0x0, x579, x610); fiat_secp256k1_addcarryx_u32(&x629, &x630, x628, x581, x612); fiat_secp256k1_addcarryx_u32(&x631, &x632, x630, x583, x614); @@ -2605,7 +2605,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x671, &x672, x670, x654, x651); fiat_secp256k1_addcarryx_u32(&x673, &x674, x672, x652, x649); fiat_secp256k1_addcarryx_u32(&x675, &x676, x674, x650, x647); - x677 = (x676 + x648); + x677 = x676 + x648; fiat_secp256k1_addcarryx_u32(&x678, &x679, 0x0, x627, x661); fiat_secp256k1_addcarryx_u32(&x680, &x681, x679, x629, x663); fiat_secp256k1_addcarryx_u32(&x682, &x683, x681, x631, x665); @@ -2615,15 +2615,15 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x690, &x691, x689, x639, x673); fiat_secp256k1_addcarryx_u32(&x692, &x693, x691, x641, x675); fiat_secp256k1_addcarryx_u32(&x694, &x695, x693, x643, x677); - x696 = ((uint32_t)x695 + x644); - fiat_secp256k1_mulx_u32(&x697, &x698, x7, (arg1[7])); - fiat_secp256k1_mulx_u32(&x699, &x700, x7, (arg1[6])); - fiat_secp256k1_mulx_u32(&x701, &x702, x7, (arg1[5])); - fiat_secp256k1_mulx_u32(&x703, &x704, x7, (arg1[4])); - fiat_secp256k1_mulx_u32(&x705, &x706, x7, (arg1[3])); - fiat_secp256k1_mulx_u32(&x707, &x708, x7, (arg1[2])); - fiat_secp256k1_mulx_u32(&x709, &x710, x7, (arg1[1])); - fiat_secp256k1_mulx_u32(&x711, &x712, x7, (arg1[0])); + x696 = (uint32_t)x695 + x644; + fiat_secp256k1_mulx_u32(&x697, &x698, x7, arg1[7]); + fiat_secp256k1_mulx_u32(&x699, &x700, x7, arg1[6]); + fiat_secp256k1_mulx_u32(&x701, &x702, x7, arg1[5]); + fiat_secp256k1_mulx_u32(&x703, &x704, x7, arg1[4]); + fiat_secp256k1_mulx_u32(&x705, &x706, x7, arg1[3]); + fiat_secp256k1_mulx_u32(&x707, &x708, x7, arg1[2]); + fiat_secp256k1_mulx_u32(&x709, &x710, x7, arg1[1]); + fiat_secp256k1_mulx_u32(&x711, &x712, x7, arg1[0]); fiat_secp256k1_addcarryx_u32(&x713, &x714, 0x0, x712, x709); fiat_secp256k1_addcarryx_u32(&x715, &x716, x714, x710, x707); fiat_secp256k1_addcarryx_u32(&x717, &x718, x716, x708, x705); @@ -2631,7 +2631,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x721, &x722, x720, x704, x701); fiat_secp256k1_addcarryx_u32(&x723, &x724, x722, x702, x699); fiat_secp256k1_addcarryx_u32(&x725, &x726, x724, x700, x697); - x727 = (x726 + x698); + x727 = x726 + x698; fiat_secp256k1_addcarryx_u32(&x728, &x729, 0x0, x680, x711); fiat_secp256k1_addcarryx_u32(&x730, &x731, x729, x682, x713); fiat_secp256k1_addcarryx_u32(&x732, &x733, x731, x684, x715); @@ -2657,7 +2657,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x772, &x773, x771, x755, x752); fiat_secp256k1_addcarryx_u32(&x774, &x775, x773, x753, x750); fiat_secp256k1_addcarryx_u32(&x776, &x777, x775, x751, x748); - x778 = (x777 + x749); + x778 = x777 + x749; fiat_secp256k1_addcarryx_u32(&x779, &x780, 0x0, x728, x762); fiat_secp256k1_addcarryx_u32(&x781, &x782, x780, x730, x764); fiat_secp256k1_addcarryx_u32(&x783, &x784, x782, x732, x766); @@ -2667,7 +2667,7 @@ static void fiat_secp256k1_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_addcarryx_u32(&x791, &x792, x790, x740, x774); fiat_secp256k1_addcarryx_u32(&x793, &x794, x792, x742, x776); fiat_secp256k1_addcarryx_u32(&x795, &x796, x794, x744, x778); - x797 = ((uint32_t)x796 + x745); + x797 = (uint32_t)x796 + x745; fiat_secp256k1_subborrowx_u32(&x798, &x799, 0x0, x781, UINT32_C(0xfffffc2f)); fiat_secp256k1_subborrowx_u32(&x800, &x801, x799, x783, UINT32_C(0xfffffffe)); fiat_secp256k1_subborrowx_u32(&x802, &x803, x801, x785, UINT32_C(0xffffffff)); @@ -2754,14 +2754,14 @@ static void fiat_secp256k1_add(uint32_t out1[8], const uint32_t arg1[8], const u uint32_t x40; uint32_t x41; uint32_t x42; - fiat_secp256k1_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_secp256k1_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_secp256k1_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_secp256k1_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_secp256k1_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_secp256k1_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_secp256k1_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); - fiat_secp256k1_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_secp256k1_addcarryx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_secp256k1_addcarryx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_secp256k1_addcarryx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_secp256k1_addcarryx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_secp256k1_addcarryx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_secp256k1_addcarryx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_secp256k1_addcarryx_u32(&x13, &x14, x12, arg1[6], arg2[6]); + fiat_secp256k1_addcarryx_u32(&x15, &x16, x14, arg1[7], arg2[7]); fiat_secp256k1_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xfffffc2f)); fiat_secp256k1_subborrowx_u32(&x19, &x20, x18, x3, UINT32_C(0xfffffffe)); fiat_secp256k1_subborrowx_u32(&x21, &x22, x20, x5, UINT32_C(0xffffffff)); @@ -2839,17 +2839,17 @@ static void fiat_secp256k1_sub(uint32_t out1[8], const uint32_t arg1[8], const u fiat_secp256k1_uint1 x31; uint32_t x32; fiat_secp256k1_uint1 x33; - fiat_secp256k1_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_secp256k1_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_secp256k1_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_secp256k1_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); - fiat_secp256k1_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); - fiat_secp256k1_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); - fiat_secp256k1_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); - fiat_secp256k1_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + fiat_secp256k1_subborrowx_u32(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_secp256k1_subborrowx_u32(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_secp256k1_subborrowx_u32(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_secp256k1_subborrowx_u32(&x7, &x8, x6, arg1[3], arg2[3]); + fiat_secp256k1_subborrowx_u32(&x9, &x10, x8, arg1[4], arg2[4]); + fiat_secp256k1_subborrowx_u32(&x11, &x12, x10, arg1[5], arg2[5]); + fiat_secp256k1_subborrowx_u32(&x13, &x14, x12, arg1[6], arg2[6]); + fiat_secp256k1_subborrowx_u32(&x15, &x16, x14, arg1[7], arg2[7]); fiat_secp256k1_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); - fiat_secp256k1_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xfffffc2f))); - fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xfffffffe))); + fiat_secp256k1_addcarryx_u32(&x18, &x19, 0x0, x1, x17 & UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, x3, x17 & UINT32_C(0xfffffffe)); fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, x5, x17); fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, x7, x17); fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, x9, x17); @@ -2914,17 +2914,17 @@ static void fiat_secp256k1_opp(uint32_t out1[8], const uint32_t arg1[8]) { fiat_secp256k1_uint1 x31; uint32_t x32; fiat_secp256k1_uint1 x33; - fiat_secp256k1_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_secp256k1_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_secp256k1_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_secp256k1_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); - fiat_secp256k1_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); - fiat_secp256k1_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); - fiat_secp256k1_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); - fiat_secp256k1_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); + fiat_secp256k1_subborrowx_u32(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_secp256k1_subborrowx_u32(&x3, &x4, x2, 0x0, arg1[1]); + fiat_secp256k1_subborrowx_u32(&x5, &x6, x4, 0x0, arg1[2]); + fiat_secp256k1_subborrowx_u32(&x7, &x8, x6, 0x0, arg1[3]); + fiat_secp256k1_subborrowx_u32(&x9, &x10, x8, 0x0, arg1[4]); + fiat_secp256k1_subborrowx_u32(&x11, &x12, x10, 0x0, arg1[5]); + fiat_secp256k1_subborrowx_u32(&x13, &x14, x12, 0x0, arg1[6]); + fiat_secp256k1_subborrowx_u32(&x15, &x16, x14, 0x0, arg1[7]); fiat_secp256k1_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); - fiat_secp256k1_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xfffffc2f))); - fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xfffffffe))); + fiat_secp256k1_addcarryx_u32(&x18, &x19, 0x0, x1, x17 & UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, x3, x17 & UINT32_C(0xfffffffe)); fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, x5, x17); fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, x7, x17); fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, x9, x17); @@ -3495,7 +3495,7 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 uint32_t x537; uint32_t x538; uint32_t x539; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_secp256k1_mulx_u32(&x2, &x3, x1, UINT32_C(0xd2253531)); fiat_secp256k1_mulx_u32(&x4, &x5, x2, UINT32_C(0xffffffff)); fiat_secp256k1_mulx_u32(&x6, &x7, x2, UINT32_C(0xffffffff)); @@ -3520,8 +3520,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x44, &x45, x43, 0x0, x28); fiat_secp256k1_addcarryx_u32(&x46, &x47, x45, 0x0, x30); fiat_secp256k1_addcarryx_u32(&x48, &x49, x47, 0x0, x32); - fiat_secp256k1_addcarryx_u32(&x50, &x51, x49, 0x0, (x33 + x5)); - fiat_secp256k1_addcarryx_u32(&x52, &x53, 0x0, x36, (arg1[1])); + fiat_secp256k1_addcarryx_u32(&x50, &x51, x49, 0x0, x33 + x5); + fiat_secp256k1_addcarryx_u32(&x52, &x53, 0x0, x36, arg1[1]); fiat_secp256k1_addcarryx_u32(&x54, &x55, x53, x38, 0x0); fiat_secp256k1_addcarryx_u32(&x56, &x57, x55, x40, 0x0); fiat_secp256k1_addcarryx_u32(&x58, &x59, x57, x42, 0x0); @@ -3553,8 +3553,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x110, &x111, x109, x62, x94); fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x64, x96); fiat_secp256k1_addcarryx_u32(&x114, &x115, x113, x66, x98); - fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, ((uint32_t)x67 + x51), (x99 + x71)); - fiat_secp256k1_addcarryx_u32(&x118, &x119, 0x0, x102, (arg1[2])); + fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, (uint32_t)x67 + x51, x99 + x71); + fiat_secp256k1_addcarryx_u32(&x118, &x119, 0x0, x102, arg1[2]); fiat_secp256k1_addcarryx_u32(&x120, &x121, x119, x104, 0x0); fiat_secp256k1_addcarryx_u32(&x122, &x123, x121, x106, 0x0); fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x108, 0x0); @@ -3586,8 +3586,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x176, &x177, x175, x128, x160); fiat_secp256k1_addcarryx_u32(&x178, &x179, x177, x130, x162); fiat_secp256k1_addcarryx_u32(&x180, &x181, x179, x132, x164); - fiat_secp256k1_addcarryx_u32(&x182, &x183, x181, ((uint32_t)x133 + x117), (x165 + x137)); - fiat_secp256k1_addcarryx_u32(&x184, &x185, 0x0, x168, (arg1[3])); + fiat_secp256k1_addcarryx_u32(&x182, &x183, x181, (uint32_t)x133 + x117, x165 + x137); + fiat_secp256k1_addcarryx_u32(&x184, &x185, 0x0, x168, arg1[3]); fiat_secp256k1_addcarryx_u32(&x186, &x187, x185, x170, 0x0); fiat_secp256k1_addcarryx_u32(&x188, &x189, x187, x172, 0x0); fiat_secp256k1_addcarryx_u32(&x190, &x191, x189, x174, 0x0); @@ -3619,8 +3619,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x242, &x243, x241, x194, x226); fiat_secp256k1_addcarryx_u32(&x244, &x245, x243, x196, x228); fiat_secp256k1_addcarryx_u32(&x246, &x247, x245, x198, x230); - fiat_secp256k1_addcarryx_u32(&x248, &x249, x247, ((uint32_t)x199 + x183), (x231 + x203)); - fiat_secp256k1_addcarryx_u32(&x250, &x251, 0x0, x234, (arg1[4])); + fiat_secp256k1_addcarryx_u32(&x248, &x249, x247, (uint32_t)x199 + x183, x231 + x203); + fiat_secp256k1_addcarryx_u32(&x250, &x251, 0x0, x234, arg1[4]); fiat_secp256k1_addcarryx_u32(&x252, &x253, x251, x236, 0x0); fiat_secp256k1_addcarryx_u32(&x254, &x255, x253, x238, 0x0); fiat_secp256k1_addcarryx_u32(&x256, &x257, x255, x240, 0x0); @@ -3652,8 +3652,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x308, &x309, x307, x260, x292); fiat_secp256k1_addcarryx_u32(&x310, &x311, x309, x262, x294); fiat_secp256k1_addcarryx_u32(&x312, &x313, x311, x264, x296); - fiat_secp256k1_addcarryx_u32(&x314, &x315, x313, ((uint32_t)x265 + x249), (x297 + x269)); - fiat_secp256k1_addcarryx_u32(&x316, &x317, 0x0, x300, (arg1[5])); + fiat_secp256k1_addcarryx_u32(&x314, &x315, x313, (uint32_t)x265 + x249, x297 + x269); + fiat_secp256k1_addcarryx_u32(&x316, &x317, 0x0, x300, arg1[5]); fiat_secp256k1_addcarryx_u32(&x318, &x319, x317, x302, 0x0); fiat_secp256k1_addcarryx_u32(&x320, &x321, x319, x304, 0x0); fiat_secp256k1_addcarryx_u32(&x322, &x323, x321, x306, 0x0); @@ -3685,8 +3685,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x374, &x375, x373, x326, x358); fiat_secp256k1_addcarryx_u32(&x376, &x377, x375, x328, x360); fiat_secp256k1_addcarryx_u32(&x378, &x379, x377, x330, x362); - fiat_secp256k1_addcarryx_u32(&x380, &x381, x379, ((uint32_t)x331 + x315), (x363 + x335)); - fiat_secp256k1_addcarryx_u32(&x382, &x383, 0x0, x366, (arg1[6])); + fiat_secp256k1_addcarryx_u32(&x380, &x381, x379, (uint32_t)x331 + x315, x363 + x335); + fiat_secp256k1_addcarryx_u32(&x382, &x383, 0x0, x366, arg1[6]); fiat_secp256k1_addcarryx_u32(&x384, &x385, x383, x368, 0x0); fiat_secp256k1_addcarryx_u32(&x386, &x387, x385, x370, 0x0); fiat_secp256k1_addcarryx_u32(&x388, &x389, x387, x372, 0x0); @@ -3718,8 +3718,8 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x440, &x441, x439, x392, x424); fiat_secp256k1_addcarryx_u32(&x442, &x443, x441, x394, x426); fiat_secp256k1_addcarryx_u32(&x444, &x445, x443, x396, x428); - fiat_secp256k1_addcarryx_u32(&x446, &x447, x445, ((uint32_t)x397 + x381), (x429 + x401)); - fiat_secp256k1_addcarryx_u32(&x448, &x449, 0x0, x432, (arg1[7])); + fiat_secp256k1_addcarryx_u32(&x446, &x447, x445, (uint32_t)x397 + x381, x429 + x401); + fiat_secp256k1_addcarryx_u32(&x448, &x449, 0x0, x432, arg1[7]); fiat_secp256k1_addcarryx_u32(&x450, &x451, x449, x434, 0x0); fiat_secp256k1_addcarryx_u32(&x452, &x453, x451, x436, 0x0); fiat_secp256k1_addcarryx_u32(&x454, &x455, x453, x438, 0x0); @@ -3751,7 +3751,7 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_addcarryx_u32(&x506, &x507, x505, x458, x490); fiat_secp256k1_addcarryx_u32(&x508, &x509, x507, x460, x492); fiat_secp256k1_addcarryx_u32(&x510, &x511, x509, x462, x494); - fiat_secp256k1_addcarryx_u32(&x512, &x513, x511, ((uint32_t)x463 + x447), (x495 + x467)); + fiat_secp256k1_addcarryx_u32(&x512, &x513, x511, (uint32_t)x463 + x447, x495 + x467); fiat_secp256k1_subborrowx_u32(&x514, &x515, 0x0, x498, UINT32_C(0xfffffc2f)); fiat_secp256k1_subborrowx_u32(&x516, &x517, x515, x500, UINT32_C(0xfffffffe)); fiat_secp256k1_subborrowx_u32(&x518, &x519, x517, x502, UINT32_C(0xffffffff)); @@ -4404,14 +4404,14 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 uint32_t x608; uint32_t x609; uint32_t x610; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[4]); - x5 = (arg1[5]); - x6 = (arg1[6]); - x7 = (arg1[7]); - x8 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[4]; + x5 = arg1[5]; + x6 = arg1[6]; + x7 = arg1[7]; + x8 = arg1[0]; fiat_secp256k1_mulx_u32(&x9, &x10, x8, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x11, &x12, x8, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x13, &x14, 0x0, x12, x9); @@ -4440,7 +4440,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x59, &x60, x58, 0x0, x43); fiat_secp256k1_addcarryx_u32(&x61, &x62, x60, 0x0, x45); fiat_secp256k1_addcarryx_u32(&x63, &x64, x62, 0x0, x47); - fiat_secp256k1_addcarryx_u32(&x65, &x66, x64, 0x0, (x48 + x20)); + fiat_secp256k1_addcarryx_u32(&x65, &x66, x64, 0x0, x48 + x20); fiat_secp256k1_mulx_u32(&x67, &x68, x1, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x69, &x70, x1, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x71, &x72, 0x0, x70, x67); @@ -4477,7 +4477,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x133, &x134, x132, x85, x117); fiat_secp256k1_addcarryx_u32(&x135, &x136, x134, x87, x119); fiat_secp256k1_addcarryx_u32(&x137, &x138, x136, x89, x121); - fiat_secp256k1_addcarryx_u32(&x139, &x140, x138, ((uint32_t)x90 + x66), (x122 + x94)); + fiat_secp256k1_addcarryx_u32(&x139, &x140, x138, (uint32_t)x90 + x66, x122 + x94); fiat_secp256k1_mulx_u32(&x141, &x142, x2, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x143, &x144, x2, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x145, &x146, 0x0, x144, x141); @@ -4514,7 +4514,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x207, &x208, x206, x159, x191); fiat_secp256k1_addcarryx_u32(&x209, &x210, x208, x161, x193); fiat_secp256k1_addcarryx_u32(&x211, &x212, x210, x163, x195); - fiat_secp256k1_addcarryx_u32(&x213, &x214, x212, ((uint32_t)x164 + x140), (x196 + x168)); + fiat_secp256k1_addcarryx_u32(&x213, &x214, x212, (uint32_t)x164 + x140, x196 + x168); fiat_secp256k1_mulx_u32(&x215, &x216, x3, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x217, &x218, x3, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x219, &x220, 0x0, x218, x215); @@ -4551,7 +4551,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x281, &x282, x280, x233, x265); fiat_secp256k1_addcarryx_u32(&x283, &x284, x282, x235, x267); fiat_secp256k1_addcarryx_u32(&x285, &x286, x284, x237, x269); - fiat_secp256k1_addcarryx_u32(&x287, &x288, x286, ((uint32_t)x238 + x214), (x270 + x242)); + fiat_secp256k1_addcarryx_u32(&x287, &x288, x286, (uint32_t)x238 + x214, x270 + x242); fiat_secp256k1_mulx_u32(&x289, &x290, x4, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x291, &x292, x4, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x293, &x294, 0x0, x292, x289); @@ -4588,7 +4588,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x355, &x356, x354, x307, x339); fiat_secp256k1_addcarryx_u32(&x357, &x358, x356, x309, x341); fiat_secp256k1_addcarryx_u32(&x359, &x360, x358, x311, x343); - fiat_secp256k1_addcarryx_u32(&x361, &x362, x360, ((uint32_t)x312 + x288), (x344 + x316)); + fiat_secp256k1_addcarryx_u32(&x361, &x362, x360, (uint32_t)x312 + x288, x344 + x316); fiat_secp256k1_mulx_u32(&x363, &x364, x5, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x365, &x366, x5, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x367, &x368, 0x0, x366, x363); @@ -4625,7 +4625,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x429, &x430, x428, x381, x413); fiat_secp256k1_addcarryx_u32(&x431, &x432, x430, x383, x415); fiat_secp256k1_addcarryx_u32(&x433, &x434, x432, x385, x417); - fiat_secp256k1_addcarryx_u32(&x435, &x436, x434, ((uint32_t)x386 + x362), (x418 + x390)); + fiat_secp256k1_addcarryx_u32(&x435, &x436, x434, (uint32_t)x386 + x362, x418 + x390); fiat_secp256k1_mulx_u32(&x437, &x438, x6, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x439, &x440, x6, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x441, &x442, 0x0, x440, x437); @@ -4662,7 +4662,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x503, &x504, x502, x455, x487); fiat_secp256k1_addcarryx_u32(&x505, &x506, x504, x457, x489); fiat_secp256k1_addcarryx_u32(&x507, &x508, x506, x459, x491); - fiat_secp256k1_addcarryx_u32(&x509, &x510, x508, ((uint32_t)x460 + x436), (x492 + x464)); + fiat_secp256k1_addcarryx_u32(&x509, &x510, x508, (uint32_t)x460 + x436, x492 + x464); fiat_secp256k1_mulx_u32(&x511, &x512, x7, UINT16_C(0x7a2)); fiat_secp256k1_mulx_u32(&x513, &x514, x7, UINT32_C(0xe90a1)); fiat_secp256k1_addcarryx_u32(&x515, &x516, 0x0, x514, x511); @@ -4699,7 +4699,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 fiat_secp256k1_addcarryx_u32(&x577, &x578, x576, x529, x561); fiat_secp256k1_addcarryx_u32(&x579, &x580, x578, x531, x563); fiat_secp256k1_addcarryx_u32(&x581, &x582, x580, x533, x565); - fiat_secp256k1_addcarryx_u32(&x583, &x584, x582, ((uint32_t)x534 + x510), (x566 + x538)); + fiat_secp256k1_addcarryx_u32(&x583, &x584, x582, (uint32_t)x534 + x510, x566 + x538); fiat_secp256k1_subborrowx_u32(&x585, &x586, 0x0, x569, UINT32_C(0xfffffc2f)); fiat_secp256k1_subborrowx_u32(&x587, &x588, x586, x571, UINT32_C(0xfffffffe)); fiat_secp256k1_subborrowx_u32(&x589, &x590, x588, x573, UINT32_C(0xffffffff)); @@ -4742,7 +4742,7 @@ static void fiat_secp256k1_to_montgomery(uint32_t out1[8], const uint32_t arg1[8 */ static void fiat_secp256k1_nonzero(uint32_t* out1, const uint32_t arg1[8]) { uint32_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | (arg1[3] | (arg1[4] | (arg1[5] | (arg1[6] | arg1[7])))))); *out1 = x1; } @@ -4768,14 +4768,14 @@ static void fiat_secp256k1_selectznz(uint32_t out1[8], fiat_secp256k1_uint1 arg1 uint32_t x6; uint32_t x7; uint32_t x8; - fiat_secp256k1_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_secp256k1_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_secp256k1_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_secp256k1_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); - fiat_secp256k1_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); - fiat_secp256k1_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); - fiat_secp256k1_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); - fiat_secp256k1_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + fiat_secp256k1_cmovznz_u32(&x1, arg1, arg2[0], arg3[0]); + fiat_secp256k1_cmovznz_u32(&x2, arg1, arg2[1], arg3[1]); + fiat_secp256k1_cmovznz_u32(&x3, arg1, arg2[2], arg3[2]); + fiat_secp256k1_cmovznz_u32(&x4, arg1, arg2[3], arg3[3]); + fiat_secp256k1_cmovznz_u32(&x5, arg1, arg2[4], arg3[4]); + fiat_secp256k1_cmovznz_u32(&x6, arg1, arg2[5], arg3[5]); + fiat_secp256k1_cmovznz_u32(&x7, arg1, arg2[6], arg3[6]); + fiat_secp256k1_cmovznz_u32(&x8, arg1, arg2[7], arg3[7]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -4856,60 +4856,60 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { uint32_t x54; uint8_t x55; uint8_t x56; - x1 = (arg1[7]); - x2 = (arg1[6]); - x3 = (arg1[5]); - x4 = (arg1[4]); - x5 = (arg1[3]); - x6 = (arg1[2]); - x7 = (arg1[1]); - x8 = (arg1[0]); + x1 = arg1[7]; + x2 = arg1[6]; + x3 = arg1[5]; + x4 = arg1[4]; + x5 = arg1[3]; + x6 = arg1[2]; + x7 = arg1[1]; + x8 = arg1[0]; x9 = (uint8_t)(x8 & UINT8_C(0xff)); - x10 = (x8 >> 8); + x10 = x8 >> 8; x11 = (uint8_t)(x10 & UINT8_C(0xff)); - x12 = (x10 >> 8); + x12 = x10 >> 8; x13 = (uint8_t)(x12 & UINT8_C(0xff)); x14 = (uint8_t)(x12 >> 8); x15 = (uint8_t)(x7 & UINT8_C(0xff)); - x16 = (x7 >> 8); + x16 = x7 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); - x18 = (x16 >> 8); + x18 = x16 >> 8; x19 = (uint8_t)(x18 & UINT8_C(0xff)); x20 = (uint8_t)(x18 >> 8); x21 = (uint8_t)(x6 & UINT8_C(0xff)); - x22 = (x6 >> 8); + x22 = x6 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); - x24 = (x22 >> 8); + x24 = x22 >> 8; x25 = (uint8_t)(x24 & UINT8_C(0xff)); x26 = (uint8_t)(x24 >> 8); x27 = (uint8_t)(x5 & UINT8_C(0xff)); - x28 = (x5 >> 8); + x28 = x5 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); x32 = (uint8_t)(x30 >> 8); x33 = (uint8_t)(x4 & UINT8_C(0xff)); - x34 = (x4 >> 8); + x34 = x4 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); - x36 = (x34 >> 8); + x36 = x34 >> 8; x37 = (uint8_t)(x36 & UINT8_C(0xff)); x38 = (uint8_t)(x36 >> 8); x39 = (uint8_t)(x3 & UINT8_C(0xff)); - x40 = (x3 >> 8); + x40 = x3 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); x44 = (uint8_t)(x42 >> 8); x45 = (uint8_t)(x2 & UINT8_C(0xff)); - x46 = (x2 >> 8); + x46 = x2 >> 8; x47 = (uint8_t)(x46 & UINT8_C(0xff)); - x48 = (x46 >> 8); + x48 = x46 >> 8; x49 = (uint8_t)(x48 & UINT8_C(0xff)); x50 = (uint8_t)(x48 >> 8); x51 = (uint8_t)(x1 & UINT8_C(0xff)); - x52 = (x1 >> 8); + x52 = x1 >> 8; x53 = (uint8_t)(x52 & UINT8_C(0xff)); - x54 = (x52 >> 8); + x54 = x52 >> 8; x55 = (uint8_t)(x54 & UINT8_C(0xff)); x56 = (uint8_t)(x54 >> 8); out1[0] = x9; @@ -5017,62 +5017,62 @@ static void fiat_secp256k1_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) uint32_t x54; uint32_t x55; uint32_t x56; - x1 = ((uint32_t)(arg1[31]) << 24); - x2 = ((uint32_t)(arg1[30]) << 16); - x3 = ((uint32_t)(arg1[29]) << 8); - x4 = (arg1[28]); - x5 = ((uint32_t)(arg1[27]) << 24); - x6 = ((uint32_t)(arg1[26]) << 16); - x7 = ((uint32_t)(arg1[25]) << 8); - x8 = (arg1[24]); - x9 = ((uint32_t)(arg1[23]) << 24); - x10 = ((uint32_t)(arg1[22]) << 16); - x11 = ((uint32_t)(arg1[21]) << 8); - x12 = (arg1[20]); - x13 = ((uint32_t)(arg1[19]) << 24); - x14 = ((uint32_t)(arg1[18]) << 16); - x15 = ((uint32_t)(arg1[17]) << 8); - x16 = (arg1[16]); - x17 = ((uint32_t)(arg1[15]) << 24); - x18 = ((uint32_t)(arg1[14]) << 16); - x19 = ((uint32_t)(arg1[13]) << 8); - x20 = (arg1[12]); - x21 = ((uint32_t)(arg1[11]) << 24); - x22 = ((uint32_t)(arg1[10]) << 16); - x23 = ((uint32_t)(arg1[9]) << 8); - x24 = (arg1[8]); - x25 = ((uint32_t)(arg1[7]) << 24); - x26 = ((uint32_t)(arg1[6]) << 16); - x27 = ((uint32_t)(arg1[5]) << 8); - x28 = (arg1[4]); - x29 = ((uint32_t)(arg1[3]) << 24); - x30 = ((uint32_t)(arg1[2]) << 16); - x31 = ((uint32_t)(arg1[1]) << 8); - x32 = (arg1[0]); - x33 = (x31 + (uint32_t)x32); - x34 = (x30 + x33); - x35 = (x29 + x34); - x36 = (x27 + (uint32_t)x28); - x37 = (x26 + x36); - x38 = (x25 + x37); - x39 = (x23 + (uint32_t)x24); - x40 = (x22 + x39); - x41 = (x21 + x40); - x42 = (x19 + (uint32_t)x20); - x43 = (x18 + x42); - x44 = (x17 + x43); - x45 = (x15 + (uint32_t)x16); - x46 = (x14 + x45); - x47 = (x13 + x46); - x48 = (x11 + (uint32_t)x12); - x49 = (x10 + x48); - x50 = (x9 + x49); - x51 = (x7 + (uint32_t)x8); - x52 = (x6 + x51); - x53 = (x5 + x52); - x54 = (x3 + (uint32_t)x4); - x55 = (x2 + x54); - x56 = (x1 + x55); + x1 = (uint32_t)arg1[31] << 24; + x2 = (uint32_t)arg1[30] << 16; + x3 = (uint32_t)arg1[29] << 8; + x4 = arg1[28]; + x5 = (uint32_t)arg1[27] << 24; + x6 = (uint32_t)arg1[26] << 16; + x7 = (uint32_t)arg1[25] << 8; + x8 = arg1[24]; + x9 = (uint32_t)arg1[23] << 24; + x10 = (uint32_t)arg1[22] << 16; + x11 = (uint32_t)arg1[21] << 8; + x12 = arg1[20]; + x13 = (uint32_t)arg1[19] << 24; + x14 = (uint32_t)arg1[18] << 16; + x15 = (uint32_t)arg1[17] << 8; + x16 = arg1[16]; + x17 = (uint32_t)arg1[15] << 24; + x18 = (uint32_t)arg1[14] << 16; + x19 = (uint32_t)arg1[13] << 8; + x20 = arg1[12]; + x21 = (uint32_t)arg1[11] << 24; + x22 = (uint32_t)arg1[10] << 16; + x23 = (uint32_t)arg1[9] << 8; + x24 = arg1[8]; + x25 = (uint32_t)arg1[7] << 24; + x26 = (uint32_t)arg1[6] << 16; + x27 = (uint32_t)arg1[5] << 8; + x28 = arg1[4]; + x29 = (uint32_t)arg1[3] << 24; + x30 = (uint32_t)arg1[2] << 16; + x31 = (uint32_t)arg1[1] << 8; + x32 = arg1[0]; + x33 = x31 + (uint32_t)x32; + x34 = x30 + x33; + x35 = x29 + x34; + x36 = x27 + (uint32_t)x28; + x37 = x26 + x36; + x38 = x25 + x37; + x39 = x23 + (uint32_t)x24; + x40 = x22 + x39; + x41 = x21 + x40; + x42 = x19 + (uint32_t)x20; + x43 = x18 + x42; + x44 = x17 + x43; + x45 = x15 + (uint32_t)x16; + x46 = x14 + x45; + x47 = x13 + x46; + x48 = x11 + (uint32_t)x12; + x49 = x10 + x48; + x50 = x9 + x49; + x51 = x7 + (uint32_t)x8; + x52 = x6 + x51; + x53 = x5 + x52; + x54 = x3 + (uint32_t)x4; + x55 = x2 + x54; + x56 = x1 + x55; out1[0] = x35; out1[1] = x38; out1[2] = x41; @@ -5389,45 +5389,45 @@ static void fiat_secp256k1_divstep(uint32_t* out1, uint32_t out2[9], uint32_t ou uint32_t x228; uint32_t x229; uint32_t x230; - fiat_secp256k1_addcarryx_u32(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint1)(x1 >> 31) & (fiat_secp256k1_uint1)((arg3[0]) & 0x1)); - fiat_secp256k1_addcarryx_u32(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_secp256k1_addcarryx_u32(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint1)(x1 >> 31) & (fiat_secp256k1_uint1)(arg3[0] & 0x1)); + fiat_secp256k1_addcarryx_u32(&x4, &x5, 0x0, ~arg1, 0x1); fiat_secp256k1_cmovznz_u32(&x6, x3, arg1, x4); - fiat_secp256k1_cmovznz_u32(&x7, x3, (arg2[0]), (arg3[0])); - fiat_secp256k1_cmovznz_u32(&x8, x3, (arg2[1]), (arg3[1])); - fiat_secp256k1_cmovznz_u32(&x9, x3, (arg2[2]), (arg3[2])); - fiat_secp256k1_cmovznz_u32(&x10, x3, (arg2[3]), (arg3[3])); - fiat_secp256k1_cmovznz_u32(&x11, x3, (arg2[4]), (arg3[4])); - fiat_secp256k1_cmovznz_u32(&x12, x3, (arg2[5]), (arg3[5])); - fiat_secp256k1_cmovznz_u32(&x13, x3, (arg2[6]), (arg3[6])); - fiat_secp256k1_cmovznz_u32(&x14, x3, (arg2[7]), (arg3[7])); - fiat_secp256k1_cmovznz_u32(&x15, x3, (arg2[8]), (arg3[8])); - fiat_secp256k1_addcarryx_u32(&x16, &x17, 0x0, 0x1, (~(arg2[0]))); - fiat_secp256k1_addcarryx_u32(&x18, &x19, x17, 0x0, (~(arg2[1]))); - fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, 0x0, (~(arg2[2]))); - fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, 0x0, (~(arg2[3]))); - fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, 0x0, (~(arg2[4]))); - fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, 0x0, (~(arg2[5]))); - fiat_secp256k1_addcarryx_u32(&x28, &x29, x27, 0x0, (~(arg2[6]))); - fiat_secp256k1_addcarryx_u32(&x30, &x31, x29, 0x0, (~(arg2[7]))); - fiat_secp256k1_addcarryx_u32(&x32, &x33, x31, 0x0, (~(arg2[8]))); - fiat_secp256k1_cmovznz_u32(&x34, x3, (arg3[0]), x16); - fiat_secp256k1_cmovznz_u32(&x35, x3, (arg3[1]), x18); - fiat_secp256k1_cmovznz_u32(&x36, x3, (arg3[2]), x20); - fiat_secp256k1_cmovznz_u32(&x37, x3, (arg3[3]), x22); - fiat_secp256k1_cmovznz_u32(&x38, x3, (arg3[4]), x24); - fiat_secp256k1_cmovznz_u32(&x39, x3, (arg3[5]), x26); - fiat_secp256k1_cmovznz_u32(&x40, x3, (arg3[6]), x28); - fiat_secp256k1_cmovznz_u32(&x41, x3, (arg3[7]), x30); - fiat_secp256k1_cmovznz_u32(&x42, x3, (arg3[8]), x32); - fiat_secp256k1_cmovznz_u32(&x43, x3, (arg4[0]), (arg5[0])); - fiat_secp256k1_cmovznz_u32(&x44, x3, (arg4[1]), (arg5[1])); - fiat_secp256k1_cmovznz_u32(&x45, x3, (arg4[2]), (arg5[2])); - fiat_secp256k1_cmovznz_u32(&x46, x3, (arg4[3]), (arg5[3])); - fiat_secp256k1_cmovznz_u32(&x47, x3, (arg4[4]), (arg5[4])); - fiat_secp256k1_cmovznz_u32(&x48, x3, (arg4[5]), (arg5[5])); - fiat_secp256k1_cmovznz_u32(&x49, x3, (arg4[6]), (arg5[6])); - fiat_secp256k1_cmovznz_u32(&x50, x3, (arg4[7]), (arg5[7])); + fiat_secp256k1_cmovznz_u32(&x7, x3, arg2[0], arg3[0]); + fiat_secp256k1_cmovznz_u32(&x8, x3, arg2[1], arg3[1]); + fiat_secp256k1_cmovznz_u32(&x9, x3, arg2[2], arg3[2]); + fiat_secp256k1_cmovznz_u32(&x10, x3, arg2[3], arg3[3]); + fiat_secp256k1_cmovznz_u32(&x11, x3, arg2[4], arg3[4]); + fiat_secp256k1_cmovznz_u32(&x12, x3, arg2[5], arg3[5]); + fiat_secp256k1_cmovznz_u32(&x13, x3, arg2[6], arg3[6]); + fiat_secp256k1_cmovznz_u32(&x14, x3, arg2[7], arg3[7]); + fiat_secp256k1_cmovznz_u32(&x15, x3, arg2[8], arg3[8]); + fiat_secp256k1_addcarryx_u32(&x16, &x17, 0x0, 0x1, ~arg2[0]); + fiat_secp256k1_addcarryx_u32(&x18, &x19, x17, 0x0, ~arg2[1]); + fiat_secp256k1_addcarryx_u32(&x20, &x21, x19, 0x0, ~arg2[2]); + fiat_secp256k1_addcarryx_u32(&x22, &x23, x21, 0x0, ~arg2[3]); + fiat_secp256k1_addcarryx_u32(&x24, &x25, x23, 0x0, ~arg2[4]); + fiat_secp256k1_addcarryx_u32(&x26, &x27, x25, 0x0, ~arg2[5]); + fiat_secp256k1_addcarryx_u32(&x28, &x29, x27, 0x0, ~arg2[6]); + fiat_secp256k1_addcarryx_u32(&x30, &x31, x29, 0x0, ~arg2[7]); + fiat_secp256k1_addcarryx_u32(&x32, &x33, x31, 0x0, ~arg2[8]); + fiat_secp256k1_cmovznz_u32(&x34, x3, arg3[0], x16); + fiat_secp256k1_cmovznz_u32(&x35, x3, arg3[1], x18); + fiat_secp256k1_cmovznz_u32(&x36, x3, arg3[2], x20); + fiat_secp256k1_cmovznz_u32(&x37, x3, arg3[3], x22); + fiat_secp256k1_cmovznz_u32(&x38, x3, arg3[4], x24); + fiat_secp256k1_cmovznz_u32(&x39, x3, arg3[5], x26); + fiat_secp256k1_cmovznz_u32(&x40, x3, arg3[6], x28); + fiat_secp256k1_cmovznz_u32(&x41, x3, arg3[7], x30); + fiat_secp256k1_cmovznz_u32(&x42, x3, arg3[8], x32); + fiat_secp256k1_cmovznz_u32(&x43, x3, arg4[0], arg5[0]); + fiat_secp256k1_cmovznz_u32(&x44, x3, arg4[1], arg5[1]); + fiat_secp256k1_cmovznz_u32(&x45, x3, arg4[2], arg5[2]); + fiat_secp256k1_cmovznz_u32(&x46, x3, arg4[3], arg5[3]); + fiat_secp256k1_cmovznz_u32(&x47, x3, arg4[4], arg5[4]); + fiat_secp256k1_cmovznz_u32(&x48, x3, arg4[5], arg5[5]); + fiat_secp256k1_cmovznz_u32(&x49, x3, arg4[6], arg5[6]); + fiat_secp256k1_cmovznz_u32(&x50, x3, arg4[7], arg5[7]); fiat_secp256k1_addcarryx_u32(&x51, &x52, 0x0, x43, x43); fiat_secp256k1_addcarryx_u32(&x53, &x54, x52, x44, x44); fiat_secp256k1_addcarryx_u32(&x55, &x56, x54, x45, x45); @@ -5445,14 +5445,14 @@ static void fiat_secp256k1_divstep(uint32_t* out1, uint32_t out2[9], uint32_t ou fiat_secp256k1_subborrowx_u32(&x79, &x80, x78, x63, UINT32_C(0xffffffff)); fiat_secp256k1_subborrowx_u32(&x81, &x82, x80, x65, UINT32_C(0xffffffff)); fiat_secp256k1_subborrowx_u32(&x83, &x84, x82, x66, 0x0); - x85 = (arg4[7]); - x86 = (arg4[6]); - x87 = (arg4[5]); - x88 = (arg4[4]); - x89 = (arg4[3]); - x90 = (arg4[2]); - x91 = (arg4[1]); - x92 = (arg4[0]); + x85 = arg4[7]; + x86 = arg4[6]; + x87 = arg4[5]; + x88 = arg4[4]; + x89 = arg4[3]; + x90 = arg4[2]; + x91 = arg4[1]; + x92 = arg4[0]; fiat_secp256k1_subborrowx_u32(&x93, &x94, 0x0, 0x0, x92); fiat_secp256k1_subborrowx_u32(&x95, &x96, x94, 0x0, x91); fiat_secp256k1_subborrowx_u32(&x97, &x98, x96, 0x0, x90); @@ -5462,22 +5462,22 @@ static void fiat_secp256k1_divstep(uint32_t* out1, uint32_t out2[9], uint32_t ou fiat_secp256k1_subborrowx_u32(&x105, &x106, x104, 0x0, x86); fiat_secp256k1_subborrowx_u32(&x107, &x108, x106, 0x0, x85); fiat_secp256k1_cmovznz_u32(&x109, x108, 0x0, UINT32_C(0xffffffff)); - fiat_secp256k1_addcarryx_u32(&x110, &x111, 0x0, x93, (x109 & UINT32_C(0xfffffc2f))); - fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x95, (x109 & UINT32_C(0xfffffffe))); + fiat_secp256k1_addcarryx_u32(&x110, &x111, 0x0, x93, x109 & UINT32_C(0xfffffc2f)); + fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x95, x109 & UINT32_C(0xfffffffe)); fiat_secp256k1_addcarryx_u32(&x114, &x115, x113, x97, x109); fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, x99, x109); fiat_secp256k1_addcarryx_u32(&x118, &x119, x117, x101, x109); fiat_secp256k1_addcarryx_u32(&x120, &x121, x119, x103, x109); fiat_secp256k1_addcarryx_u32(&x122, &x123, x121, x105, x109); fiat_secp256k1_addcarryx_u32(&x124, &x125, x123, x107, x109); - fiat_secp256k1_cmovznz_u32(&x126, x3, (arg5[0]), x110); - fiat_secp256k1_cmovznz_u32(&x127, x3, (arg5[1]), x112); - fiat_secp256k1_cmovznz_u32(&x128, x3, (arg5[2]), x114); - fiat_secp256k1_cmovznz_u32(&x129, x3, (arg5[3]), x116); - fiat_secp256k1_cmovznz_u32(&x130, x3, (arg5[4]), x118); - fiat_secp256k1_cmovznz_u32(&x131, x3, (arg5[5]), x120); - fiat_secp256k1_cmovznz_u32(&x132, x3, (arg5[6]), x122); - fiat_secp256k1_cmovznz_u32(&x133, x3, (arg5[7]), x124); + fiat_secp256k1_cmovznz_u32(&x126, x3, arg5[0], x110); + fiat_secp256k1_cmovznz_u32(&x127, x3, arg5[1], x112); + fiat_secp256k1_cmovznz_u32(&x128, x3, arg5[2], x114); + fiat_secp256k1_cmovznz_u32(&x129, x3, arg5[3], x116); + fiat_secp256k1_cmovznz_u32(&x130, x3, arg5[4], x118); + fiat_secp256k1_cmovznz_u32(&x131, x3, arg5[5], x120); + fiat_secp256k1_cmovznz_u32(&x132, x3, arg5[6], x122); + fiat_secp256k1_cmovznz_u32(&x133, x3, arg5[7], x124); x134 = (fiat_secp256k1_uint1)(x34 & 0x1); fiat_secp256k1_cmovznz_u32(&x135, x134, 0x0, x7); fiat_secp256k1_cmovznz_u32(&x136, x134, 0x0, x8); @@ -5523,15 +5523,15 @@ static void fiat_secp256k1_divstep(uint32_t* out1, uint32_t out2[9], uint32_t ou fiat_secp256k1_subborrowx_u32(&x200, &x201, x199, x184, UINT32_C(0xffffffff)); fiat_secp256k1_subborrowx_u32(&x202, &x203, x201, x185, 0x0); fiat_secp256k1_addcarryx_u32(&x204, &x205, 0x0, x6, 0x1); - x206 = ((x144 >> 1) | ((x146 << 31) & UINT32_C(0xffffffff))); - x207 = ((x146 >> 1) | ((x148 << 31) & UINT32_C(0xffffffff))); - x208 = ((x148 >> 1) | ((x150 << 31) & UINT32_C(0xffffffff))); - x209 = ((x150 >> 1) | ((x152 << 31) & UINT32_C(0xffffffff))); - x210 = ((x152 >> 1) | ((x154 << 31) & UINT32_C(0xffffffff))); - x211 = ((x154 >> 1) | ((x156 << 31) & UINT32_C(0xffffffff))); - x212 = ((x156 >> 1) | ((x158 << 31) & UINT32_C(0xffffffff))); - x213 = ((x158 >> 1) | ((x160 << 31) & UINT32_C(0xffffffff))); - x214 = ((x160 & UINT32_C(0x80000000)) | (x160 >> 1)); + x206 = x144 >> 1 | x146 << 31 & UINT32_C(0xffffffff); + x207 = x146 >> 1 | x148 << 31 & UINT32_C(0xffffffff); + x208 = x148 >> 1 | x150 << 31 & UINT32_C(0xffffffff); + x209 = x150 >> 1 | x152 << 31 & UINT32_C(0xffffffff); + x210 = x152 >> 1 | x154 << 31 & UINT32_C(0xffffffff); + x211 = x154 >> 1 | x156 << 31 & UINT32_C(0xffffffff); + x212 = x156 >> 1 | x158 << 31 & UINT32_C(0xffffffff); + x213 = x158 >> 1 | x160 << 31 & UINT32_C(0xffffffff); + x214 = x160 & UINT32_C(0x80000000) | x160 >> 1; fiat_secp256k1_cmovznz_u32(&x215, x84, x67, x51); fiat_secp256k1_cmovznz_u32(&x216, x84, x69, x53); fiat_secp256k1_cmovznz_u32(&x217, x84, x71, x55); diff --git a/fiat-c/src/secp256k1_64.c b/fiat-c/src/secp256k1_64.c index 505b319b0e..cec2fadbbb 100644 --- a/fiat-c/src/secp256k1_64.c +++ b/fiat-c/src/secp256k1_64.c @@ -62,7 +62,7 @@ static void fiat_secp256k1_addcarryx_u64(uint64_t* out1, fiat_secp256k1_uint1* o fiat_secp256k1_uint128 x1; uint64_t x2; fiat_secp256k1_uint1 x3; - x1 = ((arg1 + (fiat_secp256k1_uint128)arg2) + arg3); + x1 = arg1 + (fiat_secp256k1_uint128)arg2 + arg3; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (fiat_secp256k1_uint1)(x1 >> 64); *out1 = x2; @@ -88,7 +88,7 @@ static void fiat_secp256k1_subborrowx_u64(uint64_t* out1, fiat_secp256k1_uint1* fiat_secp256k1_int128 x1; fiat_secp256k1_int1 x2; uint64_t x3; - x1 = ((arg2 - (fiat_secp256k1_int128)arg1) - arg3); + x1 = arg2 - (fiat_secp256k1_int128)arg1 - arg3; x2 = (fiat_secp256k1_int1)(x1 >> 64); x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); *out1 = x3; @@ -113,7 +113,7 @@ static void fiat_secp256k1_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg fiat_secp256k1_uint128 x1; uint64_t x2; uint64_t x3; - x1 = ((fiat_secp256k1_uint128)arg1 * arg2); + x1 = (fiat_secp256k1_uint128)arg1 * arg2; x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); x3 = (uint64_t)(x1 >> 64); *out1 = x2; @@ -137,9 +137,9 @@ static void fiat_secp256k1_cmovznz_u64(uint64_t* out1, fiat_secp256k1_uint1 arg1 fiat_secp256k1_uint1 x1; uint64_t x2; uint64_t x3; - x1 = (!(!arg1)); - x2 = ((fiat_secp256k1_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - x3 = ((fiat_secp256k1_value_barrier_u64(x2) & arg3) | (fiat_secp256k1_value_barrier_u64((~x2)) & arg2)); + x1 = !!arg1; + x2 = (fiat_secp256k1_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); + x3 = fiat_secp256k1_value_barrier_u64(x2) & arg3 | fiat_secp256k1_value_barrier_u64(~x2) & arg2; *out1 = x3; } @@ -379,18 +379,18 @@ static void fiat_secp256k1_mul(uint64_t out1[4], const uint64_t arg1[4], const u uint64_t x217; uint64_t x218; uint64_t x219; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); - fiat_secp256k1_mulx_u64(&x5, &x6, x4, (arg2[3])); - fiat_secp256k1_mulx_u64(&x7, &x8, x4, (arg2[2])); - fiat_secp256k1_mulx_u64(&x9, &x10, x4, (arg2[1])); - fiat_secp256k1_mulx_u64(&x11, &x12, x4, (arg2[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; + fiat_secp256k1_mulx_u64(&x5, &x6, x4, arg2[3]); + fiat_secp256k1_mulx_u64(&x7, &x8, x4, arg2[2]); + fiat_secp256k1_mulx_u64(&x9, &x10, x4, arg2[1]); + fiat_secp256k1_mulx_u64(&x11, &x12, x4, arg2[0]); fiat_secp256k1_addcarryx_u64(&x13, &x14, 0x0, x12, x9); fiat_secp256k1_addcarryx_u64(&x15, &x16, x14, x10, x7); fiat_secp256k1_addcarryx_u64(&x17, &x18, x16, x8, x5); - x19 = (x18 + x6); + x19 = x18 + x6; fiat_secp256k1_mulx_u64(&x20, &x21, x11, UINT64_C(0xd838091dd2253531)); fiat_secp256k1_mulx_u64(&x22, &x23, x20, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_mulx_u64(&x24, &x25, x20, UINT64_C(0xffffffffffffffff)); @@ -399,20 +399,20 @@ static void fiat_secp256k1_mul(uint64_t out1[4], const uint64_t arg1[4], const u fiat_secp256k1_addcarryx_u64(&x30, &x31, 0x0, x29, x26); fiat_secp256k1_addcarryx_u64(&x32, &x33, x31, x27, x24); fiat_secp256k1_addcarryx_u64(&x34, &x35, x33, x25, x22); - x36 = (x35 + x23); + x36 = x35 + x23; fiat_secp256k1_addcarryx_u64(&x37, &x38, 0x0, x11, x28); fiat_secp256k1_addcarryx_u64(&x39, &x40, x38, x13, x30); fiat_secp256k1_addcarryx_u64(&x41, &x42, x40, x15, x32); fiat_secp256k1_addcarryx_u64(&x43, &x44, x42, x17, x34); fiat_secp256k1_addcarryx_u64(&x45, &x46, x44, x19, x36); - fiat_secp256k1_mulx_u64(&x47, &x48, x1, (arg2[3])); - fiat_secp256k1_mulx_u64(&x49, &x50, x1, (arg2[2])); - fiat_secp256k1_mulx_u64(&x51, &x52, x1, (arg2[1])); - fiat_secp256k1_mulx_u64(&x53, &x54, x1, (arg2[0])); + fiat_secp256k1_mulx_u64(&x47, &x48, x1, arg2[3]); + fiat_secp256k1_mulx_u64(&x49, &x50, x1, arg2[2]); + fiat_secp256k1_mulx_u64(&x51, &x52, x1, arg2[1]); + fiat_secp256k1_mulx_u64(&x53, &x54, x1, arg2[0]); fiat_secp256k1_addcarryx_u64(&x55, &x56, 0x0, x54, x51); fiat_secp256k1_addcarryx_u64(&x57, &x58, x56, x52, x49); fiat_secp256k1_addcarryx_u64(&x59, &x60, x58, x50, x47); - x61 = (x60 + x48); + x61 = x60 + x48; fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x39, x53); fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x41, x55); fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x43, x57); @@ -426,21 +426,21 @@ static void fiat_secp256k1_mul(uint64_t out1[4], const uint64_t arg1[4], const u fiat_secp256k1_addcarryx_u64(&x82, &x83, 0x0, x81, x78); fiat_secp256k1_addcarryx_u64(&x84, &x85, x83, x79, x76); fiat_secp256k1_addcarryx_u64(&x86, &x87, x85, x77, x74); - x88 = (x87 + x75); + x88 = x87 + x75; fiat_secp256k1_addcarryx_u64(&x89, &x90, 0x0, x62, x80); fiat_secp256k1_addcarryx_u64(&x91, &x92, x90, x64, x82); fiat_secp256k1_addcarryx_u64(&x93, &x94, x92, x66, x84); fiat_secp256k1_addcarryx_u64(&x95, &x96, x94, x68, x86); fiat_secp256k1_addcarryx_u64(&x97, &x98, x96, x70, x88); - x99 = ((uint64_t)x98 + x71); - fiat_secp256k1_mulx_u64(&x100, &x101, x2, (arg2[3])); - fiat_secp256k1_mulx_u64(&x102, &x103, x2, (arg2[2])); - fiat_secp256k1_mulx_u64(&x104, &x105, x2, (arg2[1])); - fiat_secp256k1_mulx_u64(&x106, &x107, x2, (arg2[0])); + x99 = (uint64_t)x98 + x71; + fiat_secp256k1_mulx_u64(&x100, &x101, x2, arg2[3]); + fiat_secp256k1_mulx_u64(&x102, &x103, x2, arg2[2]); + fiat_secp256k1_mulx_u64(&x104, &x105, x2, arg2[1]); + fiat_secp256k1_mulx_u64(&x106, &x107, x2, arg2[0]); fiat_secp256k1_addcarryx_u64(&x108, &x109, 0x0, x107, x104); fiat_secp256k1_addcarryx_u64(&x110, &x111, x109, x105, x102); fiat_secp256k1_addcarryx_u64(&x112, &x113, x111, x103, x100); - x114 = (x113 + x101); + x114 = x113 + x101; fiat_secp256k1_addcarryx_u64(&x115, &x116, 0x0, x91, x106); fiat_secp256k1_addcarryx_u64(&x117, &x118, x116, x93, x108); fiat_secp256k1_addcarryx_u64(&x119, &x120, x118, x95, x110); @@ -454,21 +454,21 @@ static void fiat_secp256k1_mul(uint64_t out1[4], const uint64_t arg1[4], const u fiat_secp256k1_addcarryx_u64(&x135, &x136, 0x0, x134, x131); fiat_secp256k1_addcarryx_u64(&x137, &x138, x136, x132, x129); fiat_secp256k1_addcarryx_u64(&x139, &x140, x138, x130, x127); - x141 = (x140 + x128); + x141 = x140 + x128; fiat_secp256k1_addcarryx_u64(&x142, &x143, 0x0, x115, x133); fiat_secp256k1_addcarryx_u64(&x144, &x145, x143, x117, x135); fiat_secp256k1_addcarryx_u64(&x146, &x147, x145, x119, x137); fiat_secp256k1_addcarryx_u64(&x148, &x149, x147, x121, x139); fiat_secp256k1_addcarryx_u64(&x150, &x151, x149, x123, x141); - x152 = ((uint64_t)x151 + x124); - fiat_secp256k1_mulx_u64(&x153, &x154, x3, (arg2[3])); - fiat_secp256k1_mulx_u64(&x155, &x156, x3, (arg2[2])); - fiat_secp256k1_mulx_u64(&x157, &x158, x3, (arg2[1])); - fiat_secp256k1_mulx_u64(&x159, &x160, x3, (arg2[0])); + x152 = (uint64_t)x151 + x124; + fiat_secp256k1_mulx_u64(&x153, &x154, x3, arg2[3]); + fiat_secp256k1_mulx_u64(&x155, &x156, x3, arg2[2]); + fiat_secp256k1_mulx_u64(&x157, &x158, x3, arg2[1]); + fiat_secp256k1_mulx_u64(&x159, &x160, x3, arg2[0]); fiat_secp256k1_addcarryx_u64(&x161, &x162, 0x0, x160, x157); fiat_secp256k1_addcarryx_u64(&x163, &x164, x162, x158, x155); fiat_secp256k1_addcarryx_u64(&x165, &x166, x164, x156, x153); - x167 = (x166 + x154); + x167 = x166 + x154; fiat_secp256k1_addcarryx_u64(&x168, &x169, 0x0, x144, x159); fiat_secp256k1_addcarryx_u64(&x170, &x171, x169, x146, x161); fiat_secp256k1_addcarryx_u64(&x172, &x173, x171, x148, x163); @@ -482,13 +482,13 @@ static void fiat_secp256k1_mul(uint64_t out1[4], const uint64_t arg1[4], const u fiat_secp256k1_addcarryx_u64(&x188, &x189, 0x0, x187, x184); fiat_secp256k1_addcarryx_u64(&x190, &x191, x189, x185, x182); fiat_secp256k1_addcarryx_u64(&x192, &x193, x191, x183, x180); - x194 = (x193 + x181); + x194 = x193 + x181; fiat_secp256k1_addcarryx_u64(&x195, &x196, 0x0, x168, x186); fiat_secp256k1_addcarryx_u64(&x197, &x198, x196, x170, x188); fiat_secp256k1_addcarryx_u64(&x199, &x200, x198, x172, x190); fiat_secp256k1_addcarryx_u64(&x201, &x202, x200, x174, x192); fiat_secp256k1_addcarryx_u64(&x203, &x204, x202, x176, x194); - x205 = ((uint64_t)x204 + x177); + x205 = (uint64_t)x204 + x177; fiat_secp256k1_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xffffffffffffffff)); @@ -738,18 +738,18 @@ static void fiat_secp256k1_square(uint64_t out1[4], const uint64_t arg1[4]) { uint64_t x217; uint64_t x218; uint64_t x219; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); - fiat_secp256k1_mulx_u64(&x5, &x6, x4, (arg1[3])); - fiat_secp256k1_mulx_u64(&x7, &x8, x4, (arg1[2])); - fiat_secp256k1_mulx_u64(&x9, &x10, x4, (arg1[1])); - fiat_secp256k1_mulx_u64(&x11, &x12, x4, (arg1[0])); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; + fiat_secp256k1_mulx_u64(&x5, &x6, x4, arg1[3]); + fiat_secp256k1_mulx_u64(&x7, &x8, x4, arg1[2]); + fiat_secp256k1_mulx_u64(&x9, &x10, x4, arg1[1]); + fiat_secp256k1_mulx_u64(&x11, &x12, x4, arg1[0]); fiat_secp256k1_addcarryx_u64(&x13, &x14, 0x0, x12, x9); fiat_secp256k1_addcarryx_u64(&x15, &x16, x14, x10, x7); fiat_secp256k1_addcarryx_u64(&x17, &x18, x16, x8, x5); - x19 = (x18 + x6); + x19 = x18 + x6; fiat_secp256k1_mulx_u64(&x20, &x21, x11, UINT64_C(0xd838091dd2253531)); fiat_secp256k1_mulx_u64(&x22, &x23, x20, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_mulx_u64(&x24, &x25, x20, UINT64_C(0xffffffffffffffff)); @@ -758,20 +758,20 @@ static void fiat_secp256k1_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_secp256k1_addcarryx_u64(&x30, &x31, 0x0, x29, x26); fiat_secp256k1_addcarryx_u64(&x32, &x33, x31, x27, x24); fiat_secp256k1_addcarryx_u64(&x34, &x35, x33, x25, x22); - x36 = (x35 + x23); + x36 = x35 + x23; fiat_secp256k1_addcarryx_u64(&x37, &x38, 0x0, x11, x28); fiat_secp256k1_addcarryx_u64(&x39, &x40, x38, x13, x30); fiat_secp256k1_addcarryx_u64(&x41, &x42, x40, x15, x32); fiat_secp256k1_addcarryx_u64(&x43, &x44, x42, x17, x34); fiat_secp256k1_addcarryx_u64(&x45, &x46, x44, x19, x36); - fiat_secp256k1_mulx_u64(&x47, &x48, x1, (arg1[3])); - fiat_secp256k1_mulx_u64(&x49, &x50, x1, (arg1[2])); - fiat_secp256k1_mulx_u64(&x51, &x52, x1, (arg1[1])); - fiat_secp256k1_mulx_u64(&x53, &x54, x1, (arg1[0])); + fiat_secp256k1_mulx_u64(&x47, &x48, x1, arg1[3]); + fiat_secp256k1_mulx_u64(&x49, &x50, x1, arg1[2]); + fiat_secp256k1_mulx_u64(&x51, &x52, x1, arg1[1]); + fiat_secp256k1_mulx_u64(&x53, &x54, x1, arg1[0]); fiat_secp256k1_addcarryx_u64(&x55, &x56, 0x0, x54, x51); fiat_secp256k1_addcarryx_u64(&x57, &x58, x56, x52, x49); fiat_secp256k1_addcarryx_u64(&x59, &x60, x58, x50, x47); - x61 = (x60 + x48); + x61 = x60 + x48; fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x39, x53); fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x41, x55); fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x43, x57); @@ -785,21 +785,21 @@ static void fiat_secp256k1_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_secp256k1_addcarryx_u64(&x82, &x83, 0x0, x81, x78); fiat_secp256k1_addcarryx_u64(&x84, &x85, x83, x79, x76); fiat_secp256k1_addcarryx_u64(&x86, &x87, x85, x77, x74); - x88 = (x87 + x75); + x88 = x87 + x75; fiat_secp256k1_addcarryx_u64(&x89, &x90, 0x0, x62, x80); fiat_secp256k1_addcarryx_u64(&x91, &x92, x90, x64, x82); fiat_secp256k1_addcarryx_u64(&x93, &x94, x92, x66, x84); fiat_secp256k1_addcarryx_u64(&x95, &x96, x94, x68, x86); fiat_secp256k1_addcarryx_u64(&x97, &x98, x96, x70, x88); - x99 = ((uint64_t)x98 + x71); - fiat_secp256k1_mulx_u64(&x100, &x101, x2, (arg1[3])); - fiat_secp256k1_mulx_u64(&x102, &x103, x2, (arg1[2])); - fiat_secp256k1_mulx_u64(&x104, &x105, x2, (arg1[1])); - fiat_secp256k1_mulx_u64(&x106, &x107, x2, (arg1[0])); + x99 = (uint64_t)x98 + x71; + fiat_secp256k1_mulx_u64(&x100, &x101, x2, arg1[3]); + fiat_secp256k1_mulx_u64(&x102, &x103, x2, arg1[2]); + fiat_secp256k1_mulx_u64(&x104, &x105, x2, arg1[1]); + fiat_secp256k1_mulx_u64(&x106, &x107, x2, arg1[0]); fiat_secp256k1_addcarryx_u64(&x108, &x109, 0x0, x107, x104); fiat_secp256k1_addcarryx_u64(&x110, &x111, x109, x105, x102); fiat_secp256k1_addcarryx_u64(&x112, &x113, x111, x103, x100); - x114 = (x113 + x101); + x114 = x113 + x101; fiat_secp256k1_addcarryx_u64(&x115, &x116, 0x0, x91, x106); fiat_secp256k1_addcarryx_u64(&x117, &x118, x116, x93, x108); fiat_secp256k1_addcarryx_u64(&x119, &x120, x118, x95, x110); @@ -813,21 +813,21 @@ static void fiat_secp256k1_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_secp256k1_addcarryx_u64(&x135, &x136, 0x0, x134, x131); fiat_secp256k1_addcarryx_u64(&x137, &x138, x136, x132, x129); fiat_secp256k1_addcarryx_u64(&x139, &x140, x138, x130, x127); - x141 = (x140 + x128); + x141 = x140 + x128; fiat_secp256k1_addcarryx_u64(&x142, &x143, 0x0, x115, x133); fiat_secp256k1_addcarryx_u64(&x144, &x145, x143, x117, x135); fiat_secp256k1_addcarryx_u64(&x146, &x147, x145, x119, x137); fiat_secp256k1_addcarryx_u64(&x148, &x149, x147, x121, x139); fiat_secp256k1_addcarryx_u64(&x150, &x151, x149, x123, x141); - x152 = ((uint64_t)x151 + x124); - fiat_secp256k1_mulx_u64(&x153, &x154, x3, (arg1[3])); - fiat_secp256k1_mulx_u64(&x155, &x156, x3, (arg1[2])); - fiat_secp256k1_mulx_u64(&x157, &x158, x3, (arg1[1])); - fiat_secp256k1_mulx_u64(&x159, &x160, x3, (arg1[0])); + x152 = (uint64_t)x151 + x124; + fiat_secp256k1_mulx_u64(&x153, &x154, x3, arg1[3]); + fiat_secp256k1_mulx_u64(&x155, &x156, x3, arg1[2]); + fiat_secp256k1_mulx_u64(&x157, &x158, x3, arg1[1]); + fiat_secp256k1_mulx_u64(&x159, &x160, x3, arg1[0]); fiat_secp256k1_addcarryx_u64(&x161, &x162, 0x0, x160, x157); fiat_secp256k1_addcarryx_u64(&x163, &x164, x162, x158, x155); fiat_secp256k1_addcarryx_u64(&x165, &x166, x164, x156, x153); - x167 = (x166 + x154); + x167 = x166 + x154; fiat_secp256k1_addcarryx_u64(&x168, &x169, 0x0, x144, x159); fiat_secp256k1_addcarryx_u64(&x170, &x171, x169, x146, x161); fiat_secp256k1_addcarryx_u64(&x172, &x173, x171, x148, x163); @@ -841,13 +841,13 @@ static void fiat_secp256k1_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_secp256k1_addcarryx_u64(&x188, &x189, 0x0, x187, x184); fiat_secp256k1_addcarryx_u64(&x190, &x191, x189, x185, x182); fiat_secp256k1_addcarryx_u64(&x192, &x193, x191, x183, x180); - x194 = (x193 + x181); + x194 = x193 + x181; fiat_secp256k1_addcarryx_u64(&x195, &x196, 0x0, x168, x186); fiat_secp256k1_addcarryx_u64(&x197, &x198, x196, x170, x188); fiat_secp256k1_addcarryx_u64(&x199, &x200, x198, x172, x190); fiat_secp256k1_addcarryx_u64(&x201, &x202, x200, x174, x192); fiat_secp256k1_addcarryx_u64(&x203, &x204, x202, x176, x194); - x205 = ((uint64_t)x204 + x177); + x205 = (uint64_t)x204 + x177; fiat_secp256k1_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xffffffffffffffff)); @@ -902,10 +902,10 @@ static void fiat_secp256k1_add(uint64_t out1[4], const uint64_t arg1[4], const u uint64_t x20; uint64_t x21; uint64_t x22; - fiat_secp256k1_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_secp256k1_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_secp256k1_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_secp256k1_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_addcarryx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_secp256k1_addcarryx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_secp256k1_addcarryx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_secp256k1_addcarryx_u64(&x7, &x8, x6, arg1[3], arg2[3]); fiat_secp256k1_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_subborrowx_u64(&x11, &x12, x10, x3, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x13, &x14, x12, x5, UINT64_C(0xffffffffffffffff)); @@ -955,12 +955,12 @@ static void fiat_secp256k1_sub(uint64_t out1[4], const uint64_t arg1[4], const u fiat_secp256k1_uint1 x15; uint64_t x16; fiat_secp256k1_uint1 x17; - fiat_secp256k1_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); - fiat_secp256k1_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); - fiat_secp256k1_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); - fiat_secp256k1_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + fiat_secp256k1_subborrowx_u64(&x1, &x2, 0x0, arg1[0], arg2[0]); + fiat_secp256k1_subborrowx_u64(&x3, &x4, x2, arg1[1], arg2[1]); + fiat_secp256k1_subborrowx_u64(&x5, &x6, x4, arg1[2], arg2[2]); + fiat_secp256k1_subborrowx_u64(&x7, &x8, x6, arg1[3], arg2[3]); fiat_secp256k1_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_secp256k1_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xfffffffefffffc2f))); + fiat_secp256k1_addcarryx_u64(&x10, &x11, 0x0, x1, x9 & UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_addcarryx_u64(&x12, &x13, x11, x3, x9); fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, x5, x9); fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, x7, x9); @@ -1002,12 +1002,12 @@ static void fiat_secp256k1_opp(uint64_t out1[4], const uint64_t arg1[4]) { fiat_secp256k1_uint1 x15; uint64_t x16; fiat_secp256k1_uint1 x17; - fiat_secp256k1_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); - fiat_secp256k1_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); - fiat_secp256k1_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); - fiat_secp256k1_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + fiat_secp256k1_subborrowx_u64(&x1, &x2, 0x0, 0x0, arg1[0]); + fiat_secp256k1_subborrowx_u64(&x3, &x4, x2, 0x0, arg1[1]); + fiat_secp256k1_subborrowx_u64(&x5, &x6, x4, 0x0, arg1[2]); + fiat_secp256k1_subborrowx_u64(&x7, &x8, x6, 0x0, arg1[3]); fiat_secp256k1_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_secp256k1_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xfffffffefffffc2f))); + fiat_secp256k1_addcarryx_u64(&x10, &x11, 0x0, x1, x9 & UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_addcarryx_u64(&x12, &x13, x11, x3, x9); fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, x5, x9); fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, x7, x9); @@ -1175,7 +1175,7 @@ static void fiat_secp256k1_from_montgomery(uint64_t out1[4], const uint64_t arg1 uint64_t x141; uint64_t x142; uint64_t x143; - x1 = (arg1[0]); + x1 = arg1[0]; fiat_secp256k1_mulx_u64(&x2, &x3, x1, UINT64_C(0xd838091dd2253531)); fiat_secp256k1_mulx_u64(&x4, &x5, x2, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_mulx_u64(&x6, &x7, x2, UINT64_C(0xffffffffffffffff)); @@ -1188,8 +1188,8 @@ static void fiat_secp256k1_from_montgomery(uint64_t out1[4], const uint64_t arg1 fiat_secp256k1_addcarryx_u64(&x20, &x21, x19, 0x0, x12); fiat_secp256k1_addcarryx_u64(&x22, &x23, x21, 0x0, x14); fiat_secp256k1_addcarryx_u64(&x24, &x25, x23, 0x0, x16); - fiat_secp256k1_addcarryx_u64(&x26, &x27, x25, 0x0, (x17 + x5)); - fiat_secp256k1_addcarryx_u64(&x28, &x29, 0x0, x20, (arg1[1])); + fiat_secp256k1_addcarryx_u64(&x26, &x27, x25, 0x0, x17 + x5); + fiat_secp256k1_addcarryx_u64(&x28, &x29, 0x0, x20, arg1[1]); fiat_secp256k1_addcarryx_u64(&x30, &x31, x29, x22, 0x0); fiat_secp256k1_addcarryx_u64(&x32, &x33, x31, x24, 0x0); fiat_secp256k1_addcarryx_u64(&x34, &x35, x33, x26, 0x0); @@ -1205,8 +1205,8 @@ static void fiat_secp256k1_from_montgomery(uint64_t out1[4], const uint64_t arg1 fiat_secp256k1_addcarryx_u64(&x54, &x55, x53, x30, x46); fiat_secp256k1_addcarryx_u64(&x56, &x57, x55, x32, x48); fiat_secp256k1_addcarryx_u64(&x58, &x59, x57, x34, x50); - fiat_secp256k1_addcarryx_u64(&x60, &x61, x59, ((uint64_t)x35 + x27), (x51 + x39)); - fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x54, (arg1[2])); + fiat_secp256k1_addcarryx_u64(&x60, &x61, x59, (uint64_t)x35 + x27, x51 + x39); + fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x54, arg1[2]); fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x56, 0x0); fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x58, 0x0); fiat_secp256k1_addcarryx_u64(&x68, &x69, x67, x60, 0x0); @@ -1222,8 +1222,8 @@ static void fiat_secp256k1_from_montgomery(uint64_t out1[4], const uint64_t arg1 fiat_secp256k1_addcarryx_u64(&x88, &x89, x87, x64, x80); fiat_secp256k1_addcarryx_u64(&x90, &x91, x89, x66, x82); fiat_secp256k1_addcarryx_u64(&x92, &x93, x91, x68, x84); - fiat_secp256k1_addcarryx_u64(&x94, &x95, x93, ((uint64_t)x69 + x61), (x85 + x73)); - fiat_secp256k1_addcarryx_u64(&x96, &x97, 0x0, x88, (arg1[3])); + fiat_secp256k1_addcarryx_u64(&x94, &x95, x93, (uint64_t)x69 + x61, x85 + x73); + fiat_secp256k1_addcarryx_u64(&x96, &x97, 0x0, x88, arg1[3]); fiat_secp256k1_addcarryx_u64(&x98, &x99, x97, x90, 0x0); fiat_secp256k1_addcarryx_u64(&x100, &x101, x99, x92, 0x0); fiat_secp256k1_addcarryx_u64(&x102, &x103, x101, x94, 0x0); @@ -1239,7 +1239,7 @@ static void fiat_secp256k1_from_montgomery(uint64_t out1[4], const uint64_t arg1 fiat_secp256k1_addcarryx_u64(&x122, &x123, x121, x98, x114); fiat_secp256k1_addcarryx_u64(&x124, &x125, x123, x100, x116); fiat_secp256k1_addcarryx_u64(&x126, &x127, x125, x102, x118); - fiat_secp256k1_addcarryx_u64(&x128, &x129, x127, ((uint64_t)x103 + x95), (x119 + x107)); + fiat_secp256k1_addcarryx_u64(&x128, &x129, x127, (uint64_t)x103 + x95, x119 + x107); fiat_secp256k1_subborrowx_u64(&x130, &x131, 0x0, x122, UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_subborrowx_u64(&x132, &x133, x131, x124, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x134, &x135, x133, x126, UINT64_C(0xffffffffffffffff)); @@ -1432,10 +1432,10 @@ static void fiat_secp256k1_to_montgomery(uint64_t out1[4], const uint64_t arg1[4 uint64_t x160; uint64_t x161; uint64_t x162; - x1 = (arg1[1]); - x2 = (arg1[2]); - x3 = (arg1[3]); - x4 = (arg1[0]); + x1 = arg1[1]; + x2 = arg1[2]; + x3 = arg1[3]; + x4 = arg1[0]; fiat_secp256k1_mulx_u64(&x5, &x6, x4, UINT64_C(0x7a2000e90a1)); fiat_secp256k1_addcarryx_u64(&x7, &x8, 0x0, x6, x4); fiat_secp256k1_mulx_u64(&x9, &x10, x5, UINT64_C(0xd838091dd2253531)); @@ -1450,7 +1450,7 @@ static void fiat_secp256k1_to_montgomery(uint64_t out1[4], const uint64_t arg1[4 fiat_secp256k1_addcarryx_u64(&x27, &x28, x26, x7, x19); fiat_secp256k1_addcarryx_u64(&x29, &x30, x28, x8, x21); fiat_secp256k1_addcarryx_u64(&x31, &x32, x30, 0x0, x23); - fiat_secp256k1_addcarryx_u64(&x33, &x34, x32, 0x0, (x24 + x12)); + fiat_secp256k1_addcarryx_u64(&x33, &x34, x32, 0x0, x24 + x12); fiat_secp256k1_mulx_u64(&x35, &x36, x1, UINT64_C(0x7a2000e90a1)); fiat_secp256k1_addcarryx_u64(&x37, &x38, 0x0, x36, x1); fiat_secp256k1_addcarryx_u64(&x39, &x40, 0x0, x27, x35); @@ -1469,7 +1469,7 @@ static void fiat_secp256k1_to_montgomery(uint64_t out1[4], const uint64_t arg1[4 fiat_secp256k1_addcarryx_u64(&x65, &x66, x64, x41, x57); fiat_secp256k1_addcarryx_u64(&x67, &x68, x66, x43, x59); fiat_secp256k1_addcarryx_u64(&x69, &x70, x68, x45, x61); - fiat_secp256k1_addcarryx_u64(&x71, &x72, x70, ((uint64_t)x46 + x34), (x62 + x50)); + fiat_secp256k1_addcarryx_u64(&x71, &x72, x70, (uint64_t)x46 + x34, x62 + x50); fiat_secp256k1_mulx_u64(&x73, &x74, x2, UINT64_C(0x7a2000e90a1)); fiat_secp256k1_addcarryx_u64(&x75, &x76, 0x0, x74, x2); fiat_secp256k1_addcarryx_u64(&x77, &x78, 0x0, x65, x73); @@ -1488,7 +1488,7 @@ static void fiat_secp256k1_to_montgomery(uint64_t out1[4], const uint64_t arg1[4 fiat_secp256k1_addcarryx_u64(&x103, &x104, x102, x79, x95); fiat_secp256k1_addcarryx_u64(&x105, &x106, x104, x81, x97); fiat_secp256k1_addcarryx_u64(&x107, &x108, x106, x83, x99); - fiat_secp256k1_addcarryx_u64(&x109, &x110, x108, ((uint64_t)x84 + x72), (x100 + x88)); + fiat_secp256k1_addcarryx_u64(&x109, &x110, x108, (uint64_t)x84 + x72, x100 + x88); fiat_secp256k1_mulx_u64(&x111, &x112, x3, UINT64_C(0x7a2000e90a1)); fiat_secp256k1_addcarryx_u64(&x113, &x114, 0x0, x112, x3); fiat_secp256k1_addcarryx_u64(&x115, &x116, 0x0, x103, x111); @@ -1507,7 +1507,7 @@ static void fiat_secp256k1_to_montgomery(uint64_t out1[4], const uint64_t arg1[4 fiat_secp256k1_addcarryx_u64(&x141, &x142, x140, x117, x133); fiat_secp256k1_addcarryx_u64(&x143, &x144, x142, x119, x135); fiat_secp256k1_addcarryx_u64(&x145, &x146, x144, x121, x137); - fiat_secp256k1_addcarryx_u64(&x147, &x148, x146, ((uint64_t)x122 + x110), (x138 + x126)); + fiat_secp256k1_addcarryx_u64(&x147, &x148, x146, (uint64_t)x122 + x110, x138 + x126); fiat_secp256k1_subborrowx_u64(&x149, &x150, 0x0, x141, UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_subborrowx_u64(&x151, &x152, x150, x143, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x153, &x154, x152, x145, UINT64_C(0xffffffffffffffff)); @@ -1538,7 +1538,7 @@ static void fiat_secp256k1_to_montgomery(uint64_t out1[4], const uint64_t arg1[4 */ static void fiat_secp256k1_nonzero(uint64_t* out1, const uint64_t arg1[4]) { uint64_t x1; - x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + x1 = arg1[0] | (arg1[1] | (arg1[2] | arg1[3])); *out1 = x1; } @@ -1560,10 +1560,10 @@ static void fiat_secp256k1_selectznz(uint64_t out1[4], fiat_secp256k1_uint1 arg1 uint64_t x2; uint64_t x3; uint64_t x4; - fiat_secp256k1_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); - fiat_secp256k1_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); - fiat_secp256k1_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); - fiat_secp256k1_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + fiat_secp256k1_cmovznz_u64(&x1, arg1, arg2[0], arg3[0]); + fiat_secp256k1_cmovznz_u64(&x2, arg1, arg2[1], arg3[1]); + fiat_secp256k1_cmovznz_u64(&x3, arg1, arg2[2], arg3[2]); + fiat_secp256k1_cmovznz_u64(&x4, arg1, arg2[3], arg3[3]); out1[0] = x1; out1[1] = x2; out1[2] = x3; @@ -1644,64 +1644,64 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint64_t x58; uint8_t x59; uint8_t x60; - x1 = (arg1[3]); - x2 = (arg1[2]); - x3 = (arg1[1]); - x4 = (arg1[0]); + x1 = arg1[3]; + x2 = arg1[2]; + x3 = arg1[1]; + x4 = arg1[0]; x5 = (uint8_t)(x4 & UINT8_C(0xff)); - x6 = (x4 >> 8); + x6 = x4 >> 8; x7 = (uint8_t)(x6 & UINT8_C(0xff)); - x8 = (x6 >> 8); + x8 = x6 >> 8; x9 = (uint8_t)(x8 & UINT8_C(0xff)); - x10 = (x8 >> 8); + x10 = x8 >> 8; x11 = (uint8_t)(x10 & UINT8_C(0xff)); - x12 = (x10 >> 8); + x12 = x10 >> 8; x13 = (uint8_t)(x12 & UINT8_C(0xff)); - x14 = (x12 >> 8); + x14 = x12 >> 8; x15 = (uint8_t)(x14 & UINT8_C(0xff)); - x16 = (x14 >> 8); + x16 = x14 >> 8; x17 = (uint8_t)(x16 & UINT8_C(0xff)); x18 = (uint8_t)(x16 >> 8); x19 = (uint8_t)(x3 & UINT8_C(0xff)); - x20 = (x3 >> 8); + x20 = x3 >> 8; x21 = (uint8_t)(x20 & UINT8_C(0xff)); - x22 = (x20 >> 8); + x22 = x20 >> 8; x23 = (uint8_t)(x22 & UINT8_C(0xff)); - x24 = (x22 >> 8); + x24 = x22 >> 8; x25 = (uint8_t)(x24 & UINT8_C(0xff)); - x26 = (x24 >> 8); + x26 = x24 >> 8; x27 = (uint8_t)(x26 & UINT8_C(0xff)); - x28 = (x26 >> 8); + x28 = x26 >> 8; x29 = (uint8_t)(x28 & UINT8_C(0xff)); - x30 = (x28 >> 8); + x30 = x28 >> 8; x31 = (uint8_t)(x30 & UINT8_C(0xff)); x32 = (uint8_t)(x30 >> 8); x33 = (uint8_t)(x2 & UINT8_C(0xff)); - x34 = (x2 >> 8); + x34 = x2 >> 8; x35 = (uint8_t)(x34 & UINT8_C(0xff)); - x36 = (x34 >> 8); + x36 = x34 >> 8; x37 = (uint8_t)(x36 & UINT8_C(0xff)); - x38 = (x36 >> 8); + x38 = x36 >> 8; x39 = (uint8_t)(x38 & UINT8_C(0xff)); - x40 = (x38 >> 8); + x40 = x38 >> 8; x41 = (uint8_t)(x40 & UINT8_C(0xff)); - x42 = (x40 >> 8); + x42 = x40 >> 8; x43 = (uint8_t)(x42 & UINT8_C(0xff)); - x44 = (x42 >> 8); + x44 = x42 >> 8; x45 = (uint8_t)(x44 & UINT8_C(0xff)); x46 = (uint8_t)(x44 >> 8); x47 = (uint8_t)(x1 & UINT8_C(0xff)); - x48 = (x1 >> 8); + x48 = x1 >> 8; x49 = (uint8_t)(x48 & UINT8_C(0xff)); - x50 = (x48 >> 8); + x50 = x48 >> 8; x51 = (uint8_t)(x50 & UINT8_C(0xff)); - x52 = (x50 >> 8); + x52 = x50 >> 8; x53 = (uint8_t)(x52 & UINT8_C(0xff)); - x54 = (x52 >> 8); + x54 = x52 >> 8; x55 = (uint8_t)(x54 & UINT8_C(0xff)); - x56 = (x54 >> 8); + x56 = x54 >> 8; x57 = (uint8_t)(x56 & UINT8_C(0xff)); - x58 = (x56 >> 8); + x58 = x56 >> 8; x59 = (uint8_t)(x58 & UINT8_C(0xff)); x60 = (uint8_t)(x58 >> 8); out1[0] = x5; @@ -1813,66 +1813,66 @@ static void fiat_secp256k1_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) uint64_t x58; uint64_t x59; uint64_t x60; - x1 = ((uint64_t)(arg1[31]) << 56); - x2 = ((uint64_t)(arg1[30]) << 48); - x3 = ((uint64_t)(arg1[29]) << 40); - x4 = ((uint64_t)(arg1[28]) << 32); - x5 = ((uint64_t)(arg1[27]) << 24); - x6 = ((uint64_t)(arg1[26]) << 16); - x7 = ((uint64_t)(arg1[25]) << 8); - x8 = (arg1[24]); - x9 = ((uint64_t)(arg1[23]) << 56); - x10 = ((uint64_t)(arg1[22]) << 48); - x11 = ((uint64_t)(arg1[21]) << 40); - x12 = ((uint64_t)(arg1[20]) << 32); - x13 = ((uint64_t)(arg1[19]) << 24); - x14 = ((uint64_t)(arg1[18]) << 16); - x15 = ((uint64_t)(arg1[17]) << 8); - x16 = (arg1[16]); - x17 = ((uint64_t)(arg1[15]) << 56); - x18 = ((uint64_t)(arg1[14]) << 48); - x19 = ((uint64_t)(arg1[13]) << 40); - x20 = ((uint64_t)(arg1[12]) << 32); - x21 = ((uint64_t)(arg1[11]) << 24); - x22 = ((uint64_t)(arg1[10]) << 16); - x23 = ((uint64_t)(arg1[9]) << 8); - x24 = (arg1[8]); - x25 = ((uint64_t)(arg1[7]) << 56); - x26 = ((uint64_t)(arg1[6]) << 48); - x27 = ((uint64_t)(arg1[5]) << 40); - x28 = ((uint64_t)(arg1[4]) << 32); - x29 = ((uint64_t)(arg1[3]) << 24); - x30 = ((uint64_t)(arg1[2]) << 16); - x31 = ((uint64_t)(arg1[1]) << 8); - x32 = (arg1[0]); - x33 = (x31 + (uint64_t)x32); - x34 = (x30 + x33); - x35 = (x29 + x34); - x36 = (x28 + x35); - x37 = (x27 + x36); - x38 = (x26 + x37); - x39 = (x25 + x38); - x40 = (x23 + (uint64_t)x24); - x41 = (x22 + x40); - x42 = (x21 + x41); - x43 = (x20 + x42); - x44 = (x19 + x43); - x45 = (x18 + x44); - x46 = (x17 + x45); - x47 = (x15 + (uint64_t)x16); - x48 = (x14 + x47); - x49 = (x13 + x48); - x50 = (x12 + x49); - x51 = (x11 + x50); - x52 = (x10 + x51); - x53 = (x9 + x52); - x54 = (x7 + (uint64_t)x8); - x55 = (x6 + x54); - x56 = (x5 + x55); - x57 = (x4 + x56); - x58 = (x3 + x57); - x59 = (x2 + x58); - x60 = (x1 + x59); + x1 = (uint64_t)arg1[31] << 56; + x2 = (uint64_t)arg1[30] << 48; + x3 = (uint64_t)arg1[29] << 40; + x4 = (uint64_t)arg1[28] << 32; + x5 = (uint64_t)arg1[27] << 24; + x6 = (uint64_t)arg1[26] << 16; + x7 = (uint64_t)arg1[25] << 8; + x8 = arg1[24]; + x9 = (uint64_t)arg1[23] << 56; + x10 = (uint64_t)arg1[22] << 48; + x11 = (uint64_t)arg1[21] << 40; + x12 = (uint64_t)arg1[20] << 32; + x13 = (uint64_t)arg1[19] << 24; + x14 = (uint64_t)arg1[18] << 16; + x15 = (uint64_t)arg1[17] << 8; + x16 = arg1[16]; + x17 = (uint64_t)arg1[15] << 56; + x18 = (uint64_t)arg1[14] << 48; + x19 = (uint64_t)arg1[13] << 40; + x20 = (uint64_t)arg1[12] << 32; + x21 = (uint64_t)arg1[11] << 24; + x22 = (uint64_t)arg1[10] << 16; + x23 = (uint64_t)arg1[9] << 8; + x24 = arg1[8]; + x25 = (uint64_t)arg1[7] << 56; + x26 = (uint64_t)arg1[6] << 48; + x27 = (uint64_t)arg1[5] << 40; + x28 = (uint64_t)arg1[4] << 32; + x29 = (uint64_t)arg1[3] << 24; + x30 = (uint64_t)arg1[2] << 16; + x31 = (uint64_t)arg1[1] << 8; + x32 = arg1[0]; + x33 = x31 + (uint64_t)x32; + x34 = x30 + x33; + x35 = x29 + x34; + x36 = x28 + x35; + x37 = x27 + x36; + x38 = x26 + x37; + x39 = x25 + x38; + x40 = x23 + (uint64_t)x24; + x41 = x22 + x40; + x42 = x21 + x41; + x43 = x20 + x42; + x44 = x19 + x43; + x45 = x18 + x44; + x46 = x17 + x45; + x47 = x15 + (uint64_t)x16; + x48 = x14 + x47; + x49 = x13 + x48; + x50 = x12 + x49; + x51 = x11 + x50; + x52 = x10 + x51; + x53 = x9 + x52; + x54 = x7 + (uint64_t)x8; + x55 = x6 + x54; + x56 = x5 + x55; + x57 = x4 + x56; + x58 = x3 + x57; + x59 = x2 + x58; + x60 = x1 + x59; out1[0] = x39; out1[1] = x46; out1[2] = x53; @@ -2073,29 +2073,29 @@ static void fiat_secp256k1_divstep(uint64_t* out1, uint64_t out2[5], uint64_t ou uint64_t x124; uint64_t x125; uint64_t x126; - fiat_secp256k1_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1); - x3 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint1)(x1 >> 63) & (fiat_secp256k1_uint1)((arg3[0]) & 0x1)); - fiat_secp256k1_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1); + fiat_secp256k1_addcarryx_u64(&x1, &x2, 0x0, ~arg1, 0x1); + x3 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint1)(x1 >> 63) & (fiat_secp256k1_uint1)(arg3[0] & 0x1)); + fiat_secp256k1_addcarryx_u64(&x4, &x5, 0x0, ~arg1, 0x1); fiat_secp256k1_cmovznz_u64(&x6, x3, arg1, x4); - fiat_secp256k1_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0])); - fiat_secp256k1_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1])); - fiat_secp256k1_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2])); - fiat_secp256k1_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3])); - fiat_secp256k1_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4])); - fiat_secp256k1_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0]))); - fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1]))); - fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2]))); - fiat_secp256k1_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3]))); - fiat_secp256k1_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4]))); - fiat_secp256k1_cmovznz_u64(&x22, x3, (arg3[0]), x12); - fiat_secp256k1_cmovznz_u64(&x23, x3, (arg3[1]), x14); - fiat_secp256k1_cmovznz_u64(&x24, x3, (arg3[2]), x16); - fiat_secp256k1_cmovznz_u64(&x25, x3, (arg3[3]), x18); - fiat_secp256k1_cmovznz_u64(&x26, x3, (arg3[4]), x20); - fiat_secp256k1_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0])); - fiat_secp256k1_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1])); - fiat_secp256k1_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2])); - fiat_secp256k1_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3])); + fiat_secp256k1_cmovznz_u64(&x7, x3, arg2[0], arg3[0]); + fiat_secp256k1_cmovznz_u64(&x8, x3, arg2[1], arg3[1]); + fiat_secp256k1_cmovznz_u64(&x9, x3, arg2[2], arg3[2]); + fiat_secp256k1_cmovznz_u64(&x10, x3, arg2[3], arg3[3]); + fiat_secp256k1_cmovznz_u64(&x11, x3, arg2[4], arg3[4]); + fiat_secp256k1_addcarryx_u64(&x12, &x13, 0x0, 0x1, ~arg2[0]); + fiat_secp256k1_addcarryx_u64(&x14, &x15, x13, 0x0, ~arg2[1]); + fiat_secp256k1_addcarryx_u64(&x16, &x17, x15, 0x0, ~arg2[2]); + fiat_secp256k1_addcarryx_u64(&x18, &x19, x17, 0x0, ~arg2[3]); + fiat_secp256k1_addcarryx_u64(&x20, &x21, x19, 0x0, ~arg2[4]); + fiat_secp256k1_cmovznz_u64(&x22, x3, arg3[0], x12); + fiat_secp256k1_cmovznz_u64(&x23, x3, arg3[1], x14); + fiat_secp256k1_cmovznz_u64(&x24, x3, arg3[2], x16); + fiat_secp256k1_cmovznz_u64(&x25, x3, arg3[3], x18); + fiat_secp256k1_cmovznz_u64(&x26, x3, arg3[4], x20); + fiat_secp256k1_cmovznz_u64(&x27, x3, arg4[0], arg5[0]); + fiat_secp256k1_cmovznz_u64(&x28, x3, arg4[1], arg5[1]); + fiat_secp256k1_cmovznz_u64(&x29, x3, arg4[2], arg5[2]); + fiat_secp256k1_cmovznz_u64(&x30, x3, arg4[3], arg5[3]); fiat_secp256k1_addcarryx_u64(&x31, &x32, 0x0, x27, x27); fiat_secp256k1_addcarryx_u64(&x33, &x34, x32, x28, x28); fiat_secp256k1_addcarryx_u64(&x35, &x36, x34, x29, x29); @@ -2105,23 +2105,23 @@ static void fiat_secp256k1_divstep(uint64_t* out1, uint64_t out2[5], uint64_t ou fiat_secp256k1_subborrowx_u64(&x43, &x44, x42, x35, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x45, &x46, x44, x37, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x47, &x48, x46, x38, 0x0); - x49 = (arg4[3]); - x50 = (arg4[2]); - x51 = (arg4[1]); - x52 = (arg4[0]); + x49 = arg4[3]; + x50 = arg4[2]; + x51 = arg4[1]; + x52 = arg4[0]; fiat_secp256k1_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52); fiat_secp256k1_subborrowx_u64(&x55, &x56, x54, 0x0, x51); fiat_secp256k1_subborrowx_u64(&x57, &x58, x56, 0x0, x50); fiat_secp256k1_subborrowx_u64(&x59, &x60, x58, 0x0, x49); fiat_secp256k1_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff)); - fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x53, (x61 & UINT64_C(0xfffffffefffffc2f))); + fiat_secp256k1_addcarryx_u64(&x62, &x63, 0x0, x53, x61 & UINT64_C(0xfffffffefffffc2f)); fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x55, x61); fiat_secp256k1_addcarryx_u64(&x66, &x67, x65, x57, x61); fiat_secp256k1_addcarryx_u64(&x68, &x69, x67, x59, x61); - fiat_secp256k1_cmovznz_u64(&x70, x3, (arg5[0]), x62); - fiat_secp256k1_cmovznz_u64(&x71, x3, (arg5[1]), x64); - fiat_secp256k1_cmovznz_u64(&x72, x3, (arg5[2]), x66); - fiat_secp256k1_cmovznz_u64(&x73, x3, (arg5[3]), x68); + fiat_secp256k1_cmovznz_u64(&x70, x3, arg5[0], x62); + fiat_secp256k1_cmovznz_u64(&x71, x3, arg5[1], x64); + fiat_secp256k1_cmovznz_u64(&x72, x3, arg5[2], x66); + fiat_secp256k1_cmovznz_u64(&x73, x3, arg5[3], x68); x74 = (fiat_secp256k1_uint1)(x22 & 0x1); fiat_secp256k1_cmovznz_u64(&x75, x74, 0x0, x7); fiat_secp256k1_cmovznz_u64(&x76, x74, 0x0, x8); @@ -2147,11 +2147,11 @@ static void fiat_secp256k1_divstep(uint64_t* out1, uint64_t out2[5], uint64_t ou fiat_secp256k1_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x110, &x111, x109, x101, 0x0); fiat_secp256k1_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); - x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff))); - x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff))); - x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff))); - x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff))); - x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1)); + x114 = x80 >> 1 | x82 << 63 & UINT64_C(0xffffffffffffffff); + x115 = x82 >> 1 | x84 << 63 & UINT64_C(0xffffffffffffffff); + x116 = x84 >> 1 | x86 << 63 & UINT64_C(0xffffffffffffffff); + x117 = x86 >> 1 | x88 << 63 & UINT64_C(0xffffffffffffffff); + x118 = x88 & UINT64_C(0x8000000000000000) | x88 >> 1; fiat_secp256k1_cmovznz_u64(&x119, x48, x39, x31); fiat_secp256k1_cmovznz_u64(&x120, x48, x41, x33); fiat_secp256k1_cmovznz_u64(&x121, x48, x43, x35); diff --git a/src/Stringification/C.v b/src/Stringification/C.v index 64093647f0..9c679c399f 100644 --- a/src/Stringification/C.v +++ b/src/Stringification/C.v @@ -136,89 +136,274 @@ Module Compilers. end. End primitive. - Fixpoint arith_to_string - {language_naming_conventions : language_naming_conventions_opt} (internal_static : bool) - (prefix : string) {t} (e : arith_expr t) : string - := let special_name_ty name ty := format_special_function_name_ty internal_static prefix name ty in - let special_name name bw := format_special_function_name internal_static prefix name false(*unsigned*) bw in - match e with - | (literal v @@@ _) => primitive.to_string prefix type.Z v - | (List_nth n @@@ Var _ v) - => "(" ++ v ++ "[" ++ Decimal.Z.to_string (Z.of_nat n) ++ "])" - | (Addr @@@ Var _ v) => "&" ++ v - | (Dereference @@@ e) => "( *" ++ arith_to_string internal_static prefix e ++ " )" - | (Z_shiftr offset @@@ e) - => "(" ++ arith_to_string internal_static prefix e ++ " >> " ++ Decimal.Z.to_string offset ++ ")" - | (Z_shiftl offset @@@ e) - => "(" ++ arith_to_string internal_static prefix e ++ " << " ++ Decimal.Z.to_string offset ++ ")" - | (Z_land @@@ (e1, e2)) - => "(" ++ arith_to_string internal_static prefix e1 ++ " & " ++ arith_to_string internal_static prefix e2 ++ ")" - | (Z_lor @@@ (e1, e2)) - => "(" ++ arith_to_string internal_static prefix e1 ++ " | " ++ arith_to_string internal_static prefix e2 ++ ")" - | (Z_lxor @@@ (e1, e2)) - => "(" ++ arith_to_string internal_static prefix e1 ++ " ^ " ++ arith_to_string internal_static prefix e2 ++ ")" - | (Z_add @@@ (x1, x2)) - => "(" ++ arith_to_string internal_static prefix x1 ++ " + " ++ arith_to_string internal_static prefix x2 ++ ")" - | (Z_mul @@@ (x1, x2)) - => "(" ++ arith_to_string internal_static prefix x1 ++ " * " ++ arith_to_string internal_static prefix x2 ++ ")" - | (Z_sub @@@ (x1, x2)) - => "(" ++ arith_to_string internal_static prefix x1 ++ " - " ++ arith_to_string internal_static prefix x2 ++ ")" - | (Z_lnot _ @@@ e) - => "(~" ++ arith_to_string internal_static prefix e ++ ")" - | (Z_bneg @@@ e) - => "(!" ++ arith_to_string internal_static prefix e ++ ")" - | (Z_value_barrier ty @@@ e) - => String.value_barrier_name internal_static prefix ty ++ "(" ++ arith_to_string internal_static prefix e ++ ")" - | (Z_mul_split lg2s @@@ args) - => special_name "mulx" lg2s ++ "(" ++ arith_to_string internal_static prefix args ++ ")" - | (Z_add_with_get_carry lg2s @@@ args) - => special_name "addcarryx" lg2s ++ "(" ++ arith_to_string internal_static prefix args ++ ")" - | (Z_sub_with_get_borrow lg2s @@@ args) - => special_name "subborrowx" lg2s ++ "(" ++ arith_to_string internal_static prefix args ++ ")" - | (Z_zselect ty @@@ args) - => special_name_ty "cmovznz" ty ++ "(" ++ arith_to_string internal_static prefix args ++ ")" - | (Z_add_modulo @@@ (x1, x2, x3)) => "#error addmodulo;" - | (Z_static_cast int_t @@@ e) - => "(" ++ String.type.primitive.to_string prefix type.Z (Some int_t) ++ ")" - ++ arith_to_string internal_static prefix e - | Var _ v => v - | Pair A B a b - => arith_to_string internal_static prefix a ++ ", " ++ arith_to_string internal_static prefix b - | (List_nth _ @@@ _) - | (Addr @@@ _) - | (Z_add @@@ _) - | (Z_mul @@@ _) - | (Z_sub @@@ _) - | (Z_land @@@ _) - | (Z_lor @@@ _) - | (Z_lxor @@@ _) - | (Z_add_modulo @@@ _) - => "#error bad_arg;" - | TT - => "#error tt;" - end%core%Cexpr. + (** Quoting https://en.cppreference.com/w/c/language/operator_precedence: + +<< +Precedence | Operator | Description | Associativity +----------------------------------------------------------------------------------- +1 | ++ -- | Suffix/postfix increment and decrement | Left-to-right + | () | Function call | + | [] | Array subscripting | + | . | Structure and union member access | + | -> | Structure and union member access | + | | through pointer | + | (type){list} | Compound literal(C99) | +-----------|--------------|-----------------------------------------|-------------- +2 | ++ -- | Prefix increment and decrement[note 1] | Right-to-left + | + - | Unary plus and minus | + | ! ~ | Logical NOT and bitwise NOT | + | (type) | Cast | + | * | Indirection (dereference) | + | & | Address-of | + | sizeof | Size-of[note 2] | + | _Alignof | Alignment requirement(C11) | +-----------|--------------|-----------------------------------------|-------------- +3 | * / % | Multiplication, division, and remainder | Left-to-right +-----------|--------------|-----------------------------------------| +4 | + - | Addition and subtraction | +-----------|--------------|-----------------------------------------| +5 | << >> | Bitwise left shift and right shift | +-----------|--------------|-----------------------------------------| +6 | < <= | For relational operators < and ≤ | + | | respectively | + | > >= | For relational operators > and ≥ | + | | respectively | +-----------|--------------|-----------------------------------------| +7 |== != | For relational = and ≠ respectively | +-----------|--------------|-----------------------------------------| +8 | & | Bitwise AND | +-----------|--------------|-----------------------------------------| +9 | ^ | Bitwise XOR (exclusive or) | +-----------|--------------|-----------------------------------------| +10 | | | Bitwise OR (inclusive or) | +-----------|--------------|-----------------------------------------| +11 | && | Logical AND | +-----------|--------------|-----------------------------------------| +12 | || | Logical OR | +-----------|--------------|-----------------------------------------|-------------- +13 | ?: | Ternary conditional[note 3] | Right-to-left +-----------|--------------|-----------------------------------------| +14[note 4] | = | Simple assignment | + | += -= | Assignment by sum and difference | + | *= /= %= | Assignment by product, quotient, and | + | | remainder | + | <<= >>= | Assignment by bitwise left shift and | + | | right shift | + | &= ^= |= | Assignment by bitwise AND, XOR, and OR | +-----------|--------------|-----------------------------------------|-------------- +15 | , | Comma | Left-to-right +>> + *) + (** + + 1. The operand of prefix ++ and -- can't be a type cast. This + rule grammatically forbids some expressions that would be + semantically invalid anyway. Some compilers ignore this rule + and detect the invalidity semantically. + + 2. The operand of sizeof can't be a type cast: the expression + sizeof (int) * p is unambiguously interpreted as + (sizeof(int)) * p, but not sizeof((int)*p). + + 3. The expression in the middle of the conditional operator + (between ? and :) is parsed as if parenthesized: its + precedence relative to ?: is ignored. + + 4. Assignment operators' left operands must be unary (level-2 + non-cast) expressions. This rule grammatically forbids some + expressions that would be semantically invalid anyway. Many + compilers ignore this rule and detect the invalidity + semantically. For example, e = a < d ? a++ : a = d is an + expression that cannot be parsed because of this + rule. However, many compilers ignore this rule and parse it + as e = ( ((a < d) ? (a++) : a) = d ), and then give an error + because it is semantically invalid. + + When parsing an expression, an operator which is listed on some + row will be bound tighter (as if by parentheses) to its + arguments than any operator that is listed on a row further + below it. For example, the expression *p++ is parsed as *(p++), + and not as ( *p )++. + + Operators that are in the same cell (there may be several rows + of operators listed in a cell) are evaluated with the same + precedence, in the given direction. For example, the expression + a=b=c is parsed as a=(b=c), and not as (a=b)=c because of + right-to-left associativity. *) + + (** Since unary operators are ambiguous (is --a -(-a) or --a?), we bind the arguments of -, --, +, ++ at one level lower so that they are always parenthesized *) + + Definition C_postop_precedence_table : list (string * (Associativity * Level)) + := [("++", (LeftAssoc, Level.level 1)); ("--", (LeftAssoc, Level.level 1)) (* Suffix/postfix increment and decrement *) + ; ("()", (LeftAssoc, Level.level 1)) (* Function call *) + ; ("[]", (LeftAssoc, Level.level 1)) (* Array subscripting *) + ; ("." , (LeftAssoc, Level.level 1)) (* Structure and union member access *) + ; ("->", (LeftAssoc, Level.level 1)) (* Structure and union member access through pointer *) + ; ("(type){list}", (LeftAssoc, Level.level 1)) (* Compound literal(C99) *) + ]. + Definition C_preop_precedence_table : list (string * (Associativity * Level)) + := [("++", (ExplicitAssoc 1 1, Level.level 2)); ("--", (ExplicitAssoc 1 1, Level.level 2)) (* Prefix increment and decrement *) + ; ("+", (ExplicitAssoc 1 1, Level.level 2)); ("-", (ExplicitAssoc 1 1, Level.level 2)) (* Unary plus and minus *) + ; ("!", (RightAssoc, Level.level 2)); ("~", (RightAssoc, Level.level 2)) (* Logical NOT and bitwise NOT *) + ; ("(type)", (RightAssoc, Level.level 2)) (* Cast *) + ; ("*", (RightAssoc, Level.level 2)) (* Indirection (dereference) *) + ; ("&", (RightAssoc, Level.level 2)) (* Address-of *) + ; ("sizeof", (RightAssoc, Level.level 2)) (* Size-of (* args at level below (type) cast because argument cannot be a type cast *) *) + ; ("_Alignof", (RightAssoc, Level.level 2)) + ]. + Definition C_binop_precedence_table : list (string * (Associativity * Level)) + := [("*", (LeftAssoc, Level.level 3)); ("/", (LeftAssoc, Level.level 3)); ("%", (LeftAssoc, Level.level 3)) (* Multiplication, division, and remainder *) + ; ("+", (LeftAssoc, Level.level 4)); ("-", (LeftAssoc, Level.level 4)) (* Addition and subtraction *) + ; ("<<", (LeftAssoc, Level.level 5)); (">>", (LeftAssoc, Level.level 5)) (* Bitwise left shift and right shift *) + ; ("<", (LeftAssoc, Level.level 6)); ("<=", (LeftAssoc, Level.level 6)) (* For relational operators < and ≤ respectively *) + ; (">", (LeftAssoc, Level.level 6)); (">=", (LeftAssoc, Level.level 6)) (* For relational operators > and ≥ respectively *) + ; ("==", (LeftAssoc, Level.level 7)); ("!=", (LeftAssoc, Level.level 7)) (* For relational = and ≠ respectively *) + ; ("&", (LeftAssoc, Level.level 8)) (* Bitwise AND *) + ; ("^", (LeftAssoc, Level.level 9)) (* Bitwise XOR (exclusive or) *) + ; ("|", (LeftAssoc, Level.level 10)) (* Bitwise OR (inclusive or) *) + ; ("&&", (LeftAssoc, Level.level 10)) (* Logical AND *) + ; ("||", (LeftAssoc, Level.level 10)) (* Logical OR *) + ; ("?:", (RightAssoc, Level.level 10)) (* Ternary conditional[note 3] *) + ; ("=", (ExplicitAssoc 2 14, Level.level 10)) (* Simple assignment; Assignment operators' left operands must be unary (level-2 non-cast) expressions. *) + ; ("+=", (ExplicitAssoc 2 14, Level.level 11)); ("-=", (ExplicitAssoc 2 14, Level.level 11)) (* Assignment by sum and difference *) + ; ("*=", (ExplicitAssoc 2 14, Level.level 12)); ("/=", (ExplicitAssoc 2 14, Level.level 12)); ("%=", (ExplicitAssoc 2 14, Level.level 12)) (* Assignment by product, quotient, and remainder *) + ; ("<<=", (ExplicitAssoc 2 14, Level.level 13)); (">>=", (ExplicitAssoc 2 14, Level.level 13)) (* Assignment by bitwise left shift and right shift *) + ; ("&=", (ExplicitAssoc 2 14, Level.level 14)); ("^=", (ExplicitAssoc 2 14, Level.level 14)); ("|=", (ExplicitAssoc 2 14, Level.level 14)) (* Assignment by bitwise AND, XOR, and OR *) + ; (", ", (LeftAssoc, Level.level 10)) (* Comma *) + ]. + + Definition ident_to_op_string {a b} (idc : ident a b) : string + := match idc with + | List_nth _ => "[]" + | Addr => "&" + | Dereference => "*" + | Z_shiftr _ => ">>" + | Z_shiftl _ => "<<" + | Z_lnot _ => "~" + | Z_bneg => "!" + | Z_land => "&" + | Z_lor => "|" + | Z_lxor => "^" + | Z_add => "+" + | Z_mul => "*" + | Z_sub => "-" + | Z_static_cast _ => "(type)" + | Z_mul_split _ + | Z_add_with_get_carry _ + | Z_sub_with_get_borrow _ + | Z_zselect _ + | Z_add_modulo + | Z_value_barrier _ + | literal _ + => "" + end. + + (* _s for string rather than ident *) + Local Notation show_lvl_binop_s_no_space binop := (PHOAS.ident.lookup_show_lvl_binop (with_space:=false) C_binop_precedence_table binop). + Local Notation show_lvl_binop_no_space idc := (show_lvl_binop_s_no_space (ident_to_op_string idc)). + Local Notation show_lvl_binop_s binop := (PHOAS.ident.lookup_show_lvl_binop (with_space:=true) C_binop_precedence_table binop). + Local Notation show_lvl_binop idc := (show_lvl_binop_s (ident_to_op_string idc)). + Local Notation show_lvl_preop idc := (PHOAS.ident.lookup_show_lvl_preop C_preop_precedence_table (ident_to_op_string idc)). + Local Notation show_lvl_postop idc := (PHOAS.ident.lookup_show_lvl_postop C_postop_precedence_table (ident_to_op_string idc)). + Local Notation lookup_preop_assoc idc := (PHOAS.ident.lookup_assoc C_preop_precedence_table (ident_to_op_string idc)). + Local Notation lookup_postop_assoc idc := (PHOAS.ident.lookup_assoc C_postop_precedence_table (ident_to_op_string idc)). + Local Notation lookup_binop_assoc_s binop := (PHOAS.ident.lookup_assoc C_binop_precedence_table binop). + Local Notation lookup_binop_assoc idc := (lookup_binop_assoc_s (ident_to_op_string idc)). + Local Notation lookup_preop_lvl idc := (PHOAS.ident.lookup_lvl C_preop_precedence_table (ident_to_op_string idc)). + Local Notation lookup_postop_lvl idc := (PHOAS.ident.lookup_lvl C_postop_precedence_table (ident_to_op_string idc)). + Local Notation lookup_binop_lvl_s binop := (PHOAS.ident.lookup_lvl C_binop_precedence_table binop). + Local Notation lookup_binop_lvl idc := (lookup_binop_lvl_s (ident_to_op_string idc)). + Local Notation fn_call_lvl := (PHOAS.ident.lookup_lvl C_postop_precedence_table "()"). + Local Notation fn_call f e := (lvl_wrap_parens fn_call_lvl (f ++ "(" ++ show_lvl e ∞ ++ ")")). + (** Use a [Definition] wrapped around a [fix] so that we get the + type of the definition to be [ShowLevel] while still + otherwise having the exact behavior as if we had used + [Fixpoint] *) + Definition arith_to_string + : forall {language_naming_conventions : language_naming_conventions_opt} (internal_static : bool) + (prefix : string) {t}, ShowLevel (arith_expr t) + := fix arith_to_string {language_naming_conventions : language_naming_conventions_opt} (internal_static : bool) + (prefix : string) {t} (e : arith_expr t) {struct e} : Level -> string + := let special_name_ty name ty := format_special_function_name_ty internal_static prefix name ty in + let special_name name bw := format_special_function_name internal_static prefix name false(*unsigned*) bw in + let _ (* for tc resolution *) : forall {t}, ShowLevel (arith_expr t) := fun t => arith_to_string internal_static prefix (t:=t) in + match e with + | (literal v @@@ _) => neg_wrap_parens (primitive.to_string prefix type.Z v) + | ((List_nth n as idc) @@@ Var _ v) + => show_lvl_postop_assoc (lookup_postop_assoc idc) (lookup_postop_lvl idc) (fun 'tt => v) ("[" ++ Decimal.Z.to_string (Z.of_nat n) ++ "]") + | ((Addr as idc) @@@ Var _ v) + => show_lvl_preop idc (neg_wrap_parens v) + | ((Dereference as idc) @@@ e) + | ((Z_lnot _ as idc) @@@ e) + | ((Z_bneg as idc) @@@ e) + => show_lvl_preop idc (show_lvl e) + | ((Z_shiftr offset as idc) @@@ e) + | ((Z_shiftl offset as idc) @@@ e) + => show_lvl_binop idc (show_lvl e) (neg_wrap_parens (Decimal.Z.to_string offset)) + | ((Z_land as idc) @@@ (e1, e2)) + | ((Z_lor as idc) @@@ (e1, e2)) + | ((Z_lxor as idc) @@@ (e1, e2)) + | ((Z_add as idc) @@@ (e1, e2)) + | ((Z_mul as idc) @@@ (e1, e2)) + | ((Z_sub as idc) @@@ (e1, e2)) + => show_lvl_binop idc (show_lvl e1) (show_lvl e2) + | (Z_value_barrier ty @@@ args) + => fn_call (String.value_barrier_name internal_static prefix ty) args + | (Z_mul_split lg2s @@@ args) + => fn_call (special_name "mulx" lg2s) args + | (Z_add_with_get_carry lg2s @@@ args) + => fn_call (special_name "addcarryx" lg2s) args + | (Z_sub_with_get_borrow lg2s @@@ args) + => fn_call (special_name "subborrowx" lg2s) args + | (Z_zselect ty @@@ args) + => fn_call (special_name_ty "cmovznz" ty) args + | (Z_add_modulo @@@ (x1, x2, x3)) => neg_wrap_parens "#error addmodulo;" + | ((Z_static_cast int_t as idc) @@@ e) + => show_lvl_preop_assoc + (lookup_preop_assoc idc) (lookup_preop_lvl idc) + ("(" ++ String.type.primitive.to_string prefix type.Z (Some int_t) ++ ")") + (show_lvl e) + | Var _ v => neg_wrap_parens v + | Pair A B a b + => Show.show_lvl_binop + FullyAssoc (* function call arguments can be passed in any order *) + (Level.prev (lookup_binop_lvl_s ", ")) (* function call [,] MUST bind more tightly than [,] as a binary operator in C, otherwise if we ever support [,] as a binary operator, we'll end up printing [f((_, x), (_, y))] as [f(_, x, _, y)] *) + a ", " b + | (List_nth _ @@@ _) + | (Addr @@@ _) + | (Z_add @@@ _) + | (Z_mul @@@ _) + | (Z_sub @@@ _) + | (Z_land @@@ _) + | (Z_lor @@@ _) + | (Z_lxor @@@ _) + | (Z_add_modulo @@@ _) + => neg_wrap_parens "#error bad_arg;" + | TT + => neg_wrap_parens "#error tt;" + end%core%Cexpr. Definition stmt_to_string - {language_naming_conventions : language_naming_conventions_opt} (internal_static : bool) - (prefix : string) - (e : stmt) - : string - := match e with - | Call val - => arith_to_string internal_static prefix val ++ ";" - | Assign true t sz name val - => String.type.primitive.to_string prefix t sz ++ " " ++ name ++ " = " ++ arith_to_string internal_static prefix val ++ ";" - | Assign false _ sz name val - => name ++ " = " ++ arith_to_string internal_static prefix val ++ ";" - | AssignZPtr name sz val - => "*" ++ name ++ " = " ++ arith_to_string internal_static prefix val ++ ";" - | DeclareVar t sz name - => String.type.primitive.to_string prefix t sz ++ " " ++ name ++ ";" - | Comment lines _ - => String.concat String.NewLine (comment_block (ToString.preprocess_comment_block lines)) - | AssignNth name n val - => name ++ "[" ++ Decimal.Z.to_string (Z.of_nat n) ++ "] = " ++ arith_to_string internal_static prefix val ++ ";" - end. + {language_naming_conventions : language_naming_conventions_opt} (internal_static : bool) + (prefix : string) + : Show stmt + := fun e + => match e with + | Call val + => arith_to_string internal_static prefix val ∞ ++ ";" + | Assign true t sz name val + => String.type.primitive.to_string prefix t sz ++ " " ++ name ++ " = " ++ arith_to_string internal_static prefix val (lookup_binop_lvl_s "=") ++ ";" + | Assign false _ sz name val + => name ++ " = " ++ arith_to_string internal_static prefix val (lookup_binop_lvl_s "=") ++ ";" + | AssignZPtr name sz val + => "*" ++ name ++ " = " ++ arith_to_string internal_static prefix val (lookup_binop_lvl_s "=") ++ ";" + | DeclareVar t sz name + => String.type.primitive.to_string prefix t sz ++ " " ++ name ++ ";" + | Comment lines _ + => String.concat String.NewLine (comment_block (ToString.preprocess_comment_block lines)) + | AssignNth name n val + => name ++ "[" ++ Decimal.Z.to_string (Z.of_nat n) ++ "] = " ++ arith_to_string internal_static prefix val (lookup_binop_lvl_s "=") ++ ";" + end. Definition to_strings {language_naming_conventions : language_naming_conventions_opt} (internal_static : bool) (prefix : string)