studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity
Files
dce085cd0cf33d6d90dbe8861908ac32d718e3af
cli/vendor/aws-lc-sys/aws-lc/third_party/fiat/p521_32.h

3417 lines
106 KiB
C
Raw Blame History

/* Autogenerated: unsaturated_solinas --static --use-value-barrier secp521r1 32 '(auto)' '2^521 - 1' */
/* curve description: secp521r1 */
/* machine_wordsize = 32 (from "32") */
/* requested operations: (all) */
/* n = 19 (from "(auto)") */
/* s-c = 2^521 - [(1, 1)] (from "2^521 - 1") */
/* tight_bounds_multiplier = 1 (from "") */
/* */
/* Computed values: */
/* carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 0, 1] */
/* eval z = z[0] + (z[1] << 28) + (z[2] << 55) + (z[3] << 83) + (z[4] << 110) + (z[5] << 138) + (z[6] << 165) + (z[7] << 192) + (z[8] << 220) + (z[9] << 247) + (z[10] << 0x113) + (z[11] << 0x12e) + (z[12] << 0x14a) + (z[13] << 0x165) + (z[14] << 0x180) + (z[15] << 0x19c) + (z[16] << 0x1b7) + (z[17] << 0x1d3) + (z[18] << 0x1ee) */
/* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) + (z[56] << 0x1c0) + (z[57] << 0x1c8) + (z[58] << 0x1d0) + (z[59] << 0x1d8) + (z[60] << 0x1e0) + (z[61] << 0x1e8) + (z[62] << 0x1f0) + (z[63] << 0x1f8) + (z[64] << 2^9) + (z[65] << 0x208) */
/* balance = [0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0xffffffe] */
#include <stdint.h>
typedef unsigned char fiat_secp521r1_uint1;
typedef signed char fiat_secp521r1_int1;
#ifdef __GNUC__
#define FIAT_SECP521R1_FIAT_INLINE __inline__
#else
#define FIAT_SECP521R1_FIAT_INLINE
#endif
/* The type fiat_secp521r1_loose_field_element is a field element with loose bounds. */
/* Bounds: [[0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x18000000]] */
typedef uint32_t fiat_secp521r1_loose_field_element[19];
/* The type fiat_secp521r1_tight_field_element is a field element with tight bounds. */
/* Bounds: [[0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x8000000]] */
typedef uint32_t fiat_secp521r1_tight_field_element[19];
#if (-1 & 3) != 3
#error "This code only works on a two's complement system"
#endif
OPENSSL_UNUSED static void fiat_secp521r1_selectznz(uint32_t out1[19],
fiat_secp521r1_uint1 arg1,
const uint32_t arg2[19],
const uint32_t arg3[19]);
/*
* The function fiat_secp521r1_addcarryx_u28 is an addition with carry.
*
* Postconditions:
* out1 = (arg1 + arg2 + arg3) mod 2^28
* out2 = ⌊(arg1 + arg2 + arg3) / 2^28⌋
*
* Input Bounds:
* arg1: [0x0 ~> 0x1]
* arg2: [0x0 ~> 0xfffffff]
* arg3: [0x0 ~> 0xfffffff]
* Output Bounds:
* out1: [0x0 ~> 0xfffffff]
* out2: [0x0 ~> 0x1]
*/
static void fiat_secp521r1_addcarryx_u28(uint32_t *out1,
fiat_secp521r1_uint1 *out2,
fiat_secp521r1_uint1 arg1,
uint32_t arg2, uint32_t arg3) {
uint32_t x1;
uint32_t x2;
fiat_secp521r1_uint1 x3;
x1 = ((arg1 + arg2) + arg3);
x2 = (x1 & UINT32_C(0xfffffff));
x3 = (fiat_secp521r1_uint1)(x1 >> 28);
*out1 = x2;
*out2 = x3;
}
/*
* The function fiat_secp521r1_subborrowx_u28 is a subtraction with borrow.
*
* Postconditions:
* out1 = (-arg1 + arg2 + -arg3) mod 2^28
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^28⌋
*
* Input Bounds:
* arg1: [0x0 ~> 0x1]
* arg2: [0x0 ~> 0xfffffff]
* arg3: [0x0 ~> 0xfffffff]
* Output Bounds:
* out1: [0x0 ~> 0xfffffff]
* out2: [0x0 ~> 0x1]
*/
static void fiat_secp521r1_subborrowx_u28(uint32_t *out1,
fiat_secp521r1_uint1 *out2,
fiat_secp521r1_uint1 arg1,
uint32_t arg2, uint32_t arg3) {
int32_t x1;
fiat_secp521r1_int1 x2;
uint32_t x3;
x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
x2 = (fiat_secp521r1_int1)(x1 >> 28);
x3 = (x1 & UINT32_C(0xfffffff));
*out1 = x3;
*out2 = (fiat_secp521r1_uint1)(0x0 - x2);
}
/*
* The function fiat_secp521r1_addcarryx_u27 is an addition with carry.
*
* Postconditions:
* out1 = (arg1 + arg2 + arg3) mod 2^27
* out2 = ⌊(arg1 + arg2 + arg3) / 2^27⌋
*
* Input Bounds:
* arg1: [0x0 ~> 0x1]
* arg2: [0x0 ~> 0x7ffffff]
* arg3: [0x0 ~> 0x7ffffff]
* Output Bounds:
* out1: [0x0 ~> 0x7ffffff]
* out2: [0x0 ~> 0x1]
*/
static void fiat_secp521r1_addcarryx_u27(uint32_t *out1,
fiat_secp521r1_uint1 *out2,
fiat_secp521r1_uint1 arg1,
uint32_t arg2, uint32_t arg3) {
uint32_t x1;
uint32_t x2;
fiat_secp521r1_uint1 x3;
x1 = ((arg1 + arg2) + arg3);
x2 = (x1 & UINT32_C(0x7ffffff));
x3 = (fiat_secp521r1_uint1)(x1 >> 27);
*out1 = x2;
*out2 = x3;
}
/*
* The function fiat_secp521r1_subborrowx_u27 is a subtraction with borrow.
*
* Postconditions:
* out1 = (-arg1 + arg2 + -arg3) mod 2^27
* out2 = -⌊(-arg1 + arg2 + -arg3) / 2^27⌋
*
* Input Bounds:
* arg1: [0x0 ~> 0x1]
* arg2: [0x0 ~> 0x7ffffff]
* arg3: [0x0 ~> 0x7ffffff]
* Output Bounds:
* out1: [0x0 ~> 0x7ffffff]
* out2: [0x0 ~> 0x1]
*/
static void fiat_secp521r1_subborrowx_u27(uint32_t *out1,
fiat_secp521r1_uint1 *out2,
fiat_secp521r1_uint1 arg1,
uint32_t arg2, uint32_t arg3) {
int32_t x1;
fiat_secp521r1_int1 x2;
uint32_t x3;
x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
x2 = (fiat_secp521r1_int1)(x1 >> 27);
x3 = (x1 & UINT32_C(0x7ffffff));
*out1 = x3;
*out2 = (fiat_secp521r1_uint1)(0x0 - x2);
}
/*
* The function fiat_secp521r1_cmovznz_u32 is a single-word conditional move.
*
* Postconditions:
* out1 = (if arg1 = 0 then arg2 else arg3)
*
* Input Bounds:
* arg1: [0x0 ~> 0x1]
* arg2: [0x0 ~> 0xffffffff]
* arg3: [0x0 ~> 0xffffffff]
* Output Bounds:
* out1: [0x0 ~> 0xffffffff]
*/
static void fiat_secp521r1_cmovznz_u32(uint32_t *out1,
fiat_secp521r1_uint1 arg1, uint32_t arg2,
uint32_t arg3) {
fiat_secp521r1_uint1 x1;
uint32_t x2;
uint32_t x3;
x1 = (!(!arg1));
x2 = ((fiat_secp521r1_int1)(0x0 - x1) & UINT32_C(0xffffffff));
x3 = ((value_barrier_u32(x2) & arg3) |
(value_barrier_u32((~x2)) & arg2));
*out1 = x3;
}
/*
* The function fiat_secp521r1_carry_mul multiplies two field elements and reduces the result.
*
* Postconditions:
* eval out1 mod m = (eval arg1 * eval arg2) mod m
*
*/
static void fiat_secp521r1_carry_mul(
fiat_secp521r1_tight_field_element out1,
const fiat_secp521r1_loose_field_element arg1,
const fiat_secp521r1_loose_field_element arg2) {
uint64_t x1;
uint64_t x2;
uint64_t x3;
uint64_t x4;
uint64_t x5;
uint64_t x6;
uint64_t x7;
uint64_t x8;
uint64_t x9;
uint64_t x10;
uint64_t x11;
uint64_t x12;
uint64_t x13;
uint64_t x14;
uint64_t x15;
uint64_t x16;
uint64_t x17;
uint64_t x18;
uint64_t x19;
uint64_t x20;
uint64_t x21;
uint64_t x22;
uint64_t x23;
uint64_t x24;
uint64_t x25;
uint64_t x26;
uint64_t x27;
uint64_t x28;
uint64_t x29;
uint64_t x30;
uint64_t x31;
uint64_t x32;
uint64_t x33;
uint64_t x34;
uint64_t x35;
uint64_t x36;
uint64_t x37;
uint64_t x38;
uint64_t x39;
uint64_t x40;
uint64_t x41;
uint64_t x42;
uint64_t x43;
uint64_t x44;
uint64_t x45;
uint64_t x46;
uint64_t x47;
uint64_t x48;
uint64_t x49;
uint64_t x50;
uint64_t x51;
uint64_t x52;
uint64_t x53;
uint64_t x54;
uint64_t x55;
uint64_t x56;
uint64_t x57;
uint64_t x58;
uint64_t x59;
uint64_t x60;
uint64_t x61;
uint64_t x62;
uint64_t x63;
uint64_t x64;
uint64_t x65;
uint64_t x66;
uint64_t x67;
uint64_t x68;
uint64_t x69;
uint64_t x70;
uint64_t x71;
uint64_t x72;
uint64_t x73;
uint64_t x74;
uint64_t x75;
uint64_t x76;
uint64_t x77;
uint64_t x78;
uint64_t x79;
uint64_t x80;
uint64_t x81;
uint64_t x82;
uint64_t x83;
uint64_t x84;
uint64_t x85;
uint64_t x86;
uint64_t x87;
uint64_t x88;
uint64_t x89;
uint64_t x90;
uint64_t x91;
uint64_t x92;
uint64_t x93;
uint64_t x94;
uint64_t x95;
uint64_t x96;
uint64_t x97;
uint64_t x98;
uint64_t x99;
uint64_t x100;
uint64_t x101;
uint64_t x102;
uint64_t x103;
uint64_t x104;
uint64_t x105;
uint64_t x106;
uint64_t x107;
uint64_t x108;
uint64_t x109;
uint64_t x110;
uint64_t x111;
uint64_t x112;
uint64_t x113;
uint64_t x114;
uint64_t x115;
uint64_t x116;
uint64_t x117;
uint64_t x118;
uint64_t x119;
uint64_t x120;
uint64_t x121;
uint64_t x122;
uint64_t x123;
uint64_t x124;
uint64_t x125;
uint64_t x126;
uint64_t x127;
uint64_t x128;
uint64_t x129;
uint64_t x130;
uint64_t x131;
uint64_t x132;
uint64_t x133;
uint64_t x134;
uint64_t x135;
uint64_t x136;
uint64_t x137;
uint64_t x138;
uint64_t x139;
uint64_t x140;
uint64_t x141;
uint64_t x142;
uint64_t x143;
uint64_t x144;
uint64_t x145;
uint64_t x146;
uint64_t x147;
uint64_t x148;
uint64_t x149;
uint64_t x150;
uint64_t x151;
uint64_t x152;
uint64_t x153;
uint64_t x154;
uint64_t x155;
uint64_t x156;
uint64_t x157;
uint64_t x158;
uint64_t x159;
uint64_t x160;
uint64_t x161;
uint64_t x162;
uint64_t x163;
uint64_t x164;
uint64_t x165;
uint64_t x166;
uint64_t x167;
uint64_t x168;
uint64_t x169;
uint64_t x170;
uint64_t x171;
uint64_t x172;
uint64_t x173;
uint64_t x174;
uint64_t x175;
uint64_t x176;
uint64_t x177;
uint64_t x178;
uint64_t x179;
uint64_t x180;
uint64_t x181;
uint64_t x182;
uint64_t x183;
uint64_t x184;
uint64_t x185;
uint64_t x186;
uint64_t x187;
uint64_t x188;
uint64_t x189;
uint64_t x190;
uint64_t x191;
uint64_t x192;
uint64_t x193;
uint64_t x194;
uint64_t x195;
uint64_t x196;
uint64_t x197;
uint64_t x198;
uint64_t x199;
uint64_t x200;
uint64_t x201;
uint64_t x202;
uint64_t x203;
uint64_t x204;
uint64_t x205;
uint64_t x206;
uint64_t x207;
uint64_t x208;
uint64_t x209;
uint64_t x210;
uint64_t x211;
uint64_t x212;
uint64_t x213;
uint64_t x214;
uint64_t x215;
uint64_t x216;
uint64_t x217;
uint64_t x218;
uint64_t x219;
uint64_t x220;
uint64_t x221;
uint64_t x222;
uint64_t x223;
uint64_t x224;
uint64_t x225;
uint64_t x226;
uint64_t x227;
uint64_t x228;
uint64_t x229;
uint64_t x230;
uint64_t x231;
uint64_t x232;
uint64_t x233;
uint64_t x234;
uint64_t x235;
uint64_t x236;
uint64_t x237;
uint64_t x238;
uint64_t x239;
uint64_t x240;
uint64_t x241;
uint64_t x242;
uint64_t x243;
uint64_t x244;
uint64_t x245;
uint64_t x246;
uint64_t x247;
uint64_t x248;
uint64_t x249;
uint64_t x250;
uint64_t x251;
uint64_t x252;
uint64_t x253;
uint64_t x254;
uint64_t x255;
uint64_t x256;
uint64_t x257;
uint64_t x258;
uint64_t x259;
uint64_t x260;
uint64_t x261;
uint64_t x262;
uint64_t x263;
uint64_t x264;
uint64_t x265;
uint64_t x266;
uint64_t x267;
uint64_t x268;
uint64_t x269;
uint64_t x270;
uint64_t x271;
uint64_t x272;
uint64_t x273;
uint64_t x274;
uint64_t x275;
uint64_t x276;
uint64_t x277;
uint64_t x278;
uint64_t x279;
uint64_t x280;
uint64_t x281;
uint64_t x282;
uint64_t x283;
uint64_t x284;
uint64_t x285;
uint64_t x286;
uint64_t x287;
uint64_t x288;
uint64_t x289;
uint64_t x290;
uint64_t x291;
uint64_t x292;
uint64_t x293;
uint64_t x294;
uint64_t x295;
uint64_t x296;
uint64_t x297;
uint64_t x298;
uint64_t x299;
uint64_t x300;
uint64_t x301;
uint64_t x302;
uint64_t x303;
uint64_t x304;
uint64_t x305;
uint64_t x306;
uint64_t x307;
uint64_t x308;
uint64_t x309;
uint64_t x310;
uint64_t x311;
uint64_t x312;
uint64_t x313;
uint64_t x314;
uint64_t x315;
uint64_t x316;
uint64_t x317;
uint64_t x318;
uint64_t x319;
uint64_t x320;
uint64_t x321;
uint64_t x322;
uint64_t x323;
uint64_t x324;
uint64_t x325;
uint64_t x326;
uint64_t x327;
uint64_t x328;
uint64_t x329;
uint64_t x330;
uint64_t x331;
uint64_t x332;
uint64_t x333;
uint64_t x334;
uint64_t x335;
uint64_t x336;
uint64_t x337;
uint64_t x338;
uint64_t x339;
uint64_t x340;
uint64_t x341;
uint64_t x342;
uint64_t x343;
uint64_t x344;
uint64_t x345;
uint64_t x346;
uint64_t x347;
uint64_t x348;
uint64_t x349;
uint64_t x350;
uint64_t x351;
uint64_t x352;
uint64_t x353;
uint64_t x354;
uint64_t x355;
uint64_t x356;
uint64_t x357;
uint64_t x358;
uint64_t x359;
uint64_t x360;
uint64_t x361;
uint64_t x362;
uint64_t x363;
uint32_t x364;
uint64_t x365;
uint64_t x366;
uint64_t x367;
uint64_t x368;
uint64_t x369;
uint64_t x370;
uint64_t x371;
uint64_t x372;
uint64_t x373;
uint64_t x374;
uint64_t x375;
uint64_t x376;
uint64_t x377;
uint64_t x378;
uint64_t x379;
uint64_t x380;
uint64_t x381;
uint64_t x382;
uint64_t x383;
uint64_t x384;
uint32_t x385;
uint64_t x386;
uint64_t x387;
uint32_t x388;
uint64_t x389;
uint64_t x390;
uint32_t x391;
uint64_t x392;
uint64_t x393;
uint32_t x394;
uint64_t x395;
uint64_t x396;
uint32_t x397;
uint64_t x398;
uint64_t x399;
uint32_t x400;
uint64_t x401;
uint64_t x402;
uint32_t x403;
uint64_t x404;
uint64_t x405;
uint32_t x406;
uint64_t x407;
uint64_t x408;
uint32_t x409;
uint64_t x410;
uint64_t x411;
uint32_t x412;
uint64_t x413;
uint64_t x414;
uint32_t x415;
uint64_t x416;
uint64_t x417;
uint32_t x418;
uint64_t x419;
uint64_t x420;
uint32_t x421;
uint64_t x422;
uint64_t x423;
uint32_t x424;
uint64_t x425;
uint64_t x426;
uint32_t x427;
uint64_t x428;
uint64_t x429;
uint32_t x430;
uint64_t x431;
uint64_t x432;
uint32_t x433;
uint64_t x434;
uint64_t x435;
uint32_t x436;
uint64_t x437;
uint32_t x438;
uint32_t x439;
uint32_t x440;
fiat_secp521r1_uint1 x441;
uint32_t x442;
uint32_t x443;
x1 = ((uint64_t)(arg1[18]) * (arg2[18]));
x2 = ((uint64_t)(arg1[18]) * ((arg2[17]) * 0x2));
x3 = ((uint64_t)(arg1[18]) * (arg2[16]));
x4 = ((uint64_t)(arg1[18]) * ((arg2[15]) * 0x2));
x5 = ((uint64_t)(arg1[18]) * (arg2[14]));
x6 = ((uint64_t)(arg1[18]) * (arg2[13]));
x7 = ((uint64_t)(arg1[18]) * ((arg2[12]) * 0x2));
x8 = ((uint64_t)(arg1[18]) * (arg2[11]));
x9 = ((uint64_t)(arg1[18]) * ((arg2[10]) * 0x2));
x10 = ((uint64_t)(arg1[18]) * (arg2[9]));
x11 = ((uint64_t)(arg1[18]) * ((arg2[8]) * 0x2));
x12 = ((uint64_t)(arg1[18]) * (arg2[7]));
x13 = ((uint64_t)(arg1[18]) * (arg2[6]));
x14 = ((uint64_t)(arg1[18]) * ((arg2[5]) * 0x2));
x15 = ((uint64_t)(arg1[18]) * (arg2[4]));
x16 = ((uint64_t)(arg1[18]) * ((arg2[3]) * 0x2));
x17 = ((uint64_t)(arg1[18]) * (arg2[2]));
x18 = ((uint64_t)(arg1[18]) * ((arg2[1]) * 0x2));
x19 = ((uint64_t)(arg1[17]) * ((arg2[18]) * 0x2));
x20 = ((uint64_t)(arg1[17]) * ((arg2[17]) * 0x2));
x21 = ((uint64_t)(arg1[17]) * ((arg2[16]) * 0x2));
x22 = ((uint64_t)(arg1[17]) * ((arg2[15]) * 0x2));
x23 = ((uint64_t)(arg1[17]) * (arg2[14]));
x24 = ((uint64_t)(arg1[17]) * ((arg2[13]) * 0x2));
x25 = ((uint64_t)(arg1[17]) * ((arg2[12]) * 0x2));
x26 = ((uint64_t)(arg1[17]) * ((arg2[11]) * 0x2));
x27 = ((uint64_t)(arg1[17]) * ((arg2[10]) * 0x2));
x28 = ((uint64_t)(arg1[17]) * ((arg2[9]) * 0x2));
x29 = ((uint64_t)(arg1[17]) * ((arg2[8]) * 0x2));
x30 = ((uint64_t)(arg1[17]) * (arg2[7]));
x31 = ((uint64_t)(arg1[17]) * ((arg2[6]) * 0x2));
x32 = ((uint64_t)(arg1[17]) * ((arg2[5]) * 0x2));
x33 = ((uint64_t)(arg1[17]) * ((arg2[4]) * 0x2));
x34 = ((uint64_t)(arg1[17]) * ((arg2[3]) * 0x2));
x35 = ((uint64_t)(arg1[17]) * ((arg2[2]) * 0x2));
x36 = ((uint64_t)(arg1[16]) * (arg2[18]));
x37 = ((uint64_t)(arg1[16]) * ((arg2[17]) * 0x2));
x38 = ((uint64_t)(arg1[16]) * (arg2[16]));
x39 = ((uint64_t)(arg1[16]) * (arg2[15]));
x40 = ((uint64_t)(arg1[16]) * (arg2[14]));
x41 = ((uint64_t)(arg1[16]) * (arg2[13]));
x42 = ((uint64_t)(arg1[16]) * ((arg2[12]) * 0x2));
x43 = ((uint64_t)(arg1[16]) * (arg2[11]));
x44 = ((uint64_t)(arg1[16]) * ((arg2[10]) * 0x2));
x45 = ((uint64_t)(arg1[16]) * (arg2[9]));
x46 = ((uint64_t)(arg1[16]) * (arg2[8]));
x47 = ((uint64_t)(arg1[16]) * (arg2[7]));
x48 = ((uint64_t)(arg1[16]) * (arg2[6]));
x49 = ((uint64_t)(arg1[16]) * ((arg2[5]) * 0x2));
x50 = ((uint64_t)(arg1[16]) * (arg2[4]));
x51 = ((uint64_t)(arg1[16]) * ((arg2[3]) * 0x2));
x52 = ((uint64_t)(arg1[15]) * ((arg2[18]) * 0x2));
x53 = ((uint64_t)(arg1[15]) * ((arg2[17]) * 0x2));
x54 = ((uint64_t)(arg1[15]) * (arg2[16]));
x55 = ((uint64_t)(arg1[15]) * ((arg2[15]) * 0x2));
x56 = ((uint64_t)(arg1[15]) * (arg2[14]));
x57 = ((uint64_t)(arg1[15]) * ((arg2[13]) * 0x2));
x58 = ((uint64_t)(arg1[15]) * ((arg2[12]) * 0x2));
x59 = ((uint64_t)(arg1[15]) * ((arg2[11]) * 0x2));
x60 = ((uint64_t)(arg1[15]) * ((arg2[10]) * 0x2));
x61 = ((uint64_t)(arg1[15]) * (arg2[9]));
x62 = ((uint64_t)(arg1[15]) * ((arg2[8]) * 0x2));
x63 = ((uint64_t)(arg1[15]) * (arg2[7]));
x64 = ((uint64_t)(arg1[15]) * ((arg2[6]) * 0x2));
x65 = ((uint64_t)(arg1[15]) * ((arg2[5]) * 0x2));
x66 = ((uint64_t)(arg1[15]) * ((arg2[4]) * 0x2));
x67 = ((uint64_t)(arg1[14]) * (arg2[18]));
x68 = ((uint64_t)(arg1[14]) * (arg2[17]));
x69 = ((uint64_t)(arg1[14]) * (arg2[16]));
x70 = ((uint64_t)(arg1[14]) * (arg2[15]));
x71 = ((uint64_t)(arg1[14]) * (arg2[14]));
x72 = ((uint64_t)(arg1[14]) * (arg2[13]));
x73 = ((uint64_t)(arg1[14]) * ((arg2[12]) * 0x2));
x74 = ((uint64_t)(arg1[14]) * (arg2[11]));
x75 = ((uint64_t)(arg1[14]) * (arg2[10]));
x76 = ((uint64_t)(arg1[14]) * (arg2[9]));
x77 = ((uint64_t)(arg1[14]) * (arg2[8]));
x78 = ((uint64_t)(arg1[14]) * (arg2[7]));
x79 = ((uint64_t)(arg1[14]) * (arg2[6]));
x80 = ((uint64_t)(arg1[14]) * ((arg2[5]) * 0x2));
x81 = ((uint64_t)(arg1[13]) * (arg2[18]));
x82 = ((uint64_t)(arg1[13]) * ((arg2[17]) * 0x2));
x83 = ((uint64_t)(arg1[13]) * (arg2[16]));
x84 = ((uint64_t)(arg1[13]) * ((arg2[15]) * 0x2));
x85 = ((uint64_t)(arg1[13]) * (arg2[14]));
x86 = ((uint64_t)(arg1[13]) * ((arg2[13]) * 0x2));
x87 = ((uint64_t)(arg1[13]) * ((arg2[12]) * 0x2));
x88 = ((uint64_t)(arg1[13]) * (arg2[11]));
x89 = ((uint64_t)(arg1[13]) * ((arg2[10]) * 0x2));
x90 = ((uint64_t)(arg1[13]) * (arg2[9]));
x91 = ((uint64_t)(arg1[13]) * ((arg2[8]) * 0x2));
x92 = ((uint64_t)(arg1[13]) * (arg2[7]));
x93 = ((uint64_t)(arg1[13]) * ((arg2[6]) * 0x2));
x94 = ((uint64_t)(arg1[12]) * ((arg2[18]) * 0x2));
x95 = ((uint64_t)(arg1[12]) * ((arg2[17]) * 0x2));
x96 = ((uint64_t)(arg1[12]) * ((arg2[16]) * 0x2));
x97 = ((uint64_t)(arg1[12]) * ((arg2[15]) * 0x2));
x98 = ((uint64_t)(arg1[12]) * ((arg2[14]) * 0x2));
x99 = ((uint64_t)(arg1[12]) * ((arg2[13]) * 0x2));
x100 = ((uint64_t)(arg1[12]) * ((arg2[12]) * 0x2));
x101 = ((uint64_t)(arg1[12]) * ((arg2[11]) * 0x2));
x102 = ((uint64_t)(arg1[12]) * ((arg2[10]) * 0x2));
x103 = ((uint64_t)(arg1[12]) * ((arg2[9]) * 0x2));
x104 = ((uint64_t)(arg1[12]) * ((arg2[8]) * 0x2));
x105 = ((uint64_t)(arg1[12]) * ((arg2[7]) * 0x2));
x106 = ((uint64_t)(arg1[11]) * (arg2[18]));
x107 = ((uint64_t)(arg1[11]) * ((arg2[17]) * 0x2));
x108 = ((uint64_t)(arg1[11]) * (arg2[16]));
x109 = ((uint64_t)(arg1[11]) * ((arg2[15]) * 0x2));
x110 = ((uint64_t)(arg1[11]) * (arg2[14]));
x111 = ((uint64_t)(arg1[11]) * (arg2[13]));
x112 = ((uint64_t)(arg1[11]) * ((arg2[12]) * 0x2));
x113 = ((uint64_t)(arg1[11]) * (arg2[11]));
x114 = ((uint64_t)(arg1[11]) * ((arg2[10]) * 0x2));
x115 = ((uint64_t)(arg1[11]) * (arg2[9]));
x116 = ((uint64_t)(arg1[11]) * ((arg2[8]) * 0x2));
x117 = ((uint64_t)(arg1[10]) * ((arg2[18]) * 0x2));
x118 = ((uint64_t)(arg1[10]) * ((arg2[17]) * 0x2));
x119 = ((uint64_t)(arg1[10]) * ((arg2[16]) * 0x2));
x120 = ((uint64_t)(arg1[10]) * ((arg2[15]) * 0x2));
x121 = ((uint64_t)(arg1[10]) * (arg2[14]));
x122 = ((uint64_t)(arg1[10]) * ((arg2[13]) * 0x2));
x123 = ((uint64_t)(arg1[10]) * ((arg2[12]) * 0x2));
x124 = ((uint64_t)(arg1[10]) * ((arg2[11]) * 0x2));
x125 = ((uint64_t)(arg1[10]) * ((arg2[10]) * 0x2));
x126 = ((uint64_t)(arg1[10]) * ((arg2[9]) * 0x2));
x127 = ((uint64_t)(arg1[9]) * (arg2[18]));
x128 = ((uint64_t)(arg1[9]) * ((arg2[17]) * 0x2));
x129 = ((uint64_t)(arg1[9]) * (arg2[16]));
x130 = ((uint64_t)(arg1[9]) * (arg2[15]));
x131 = ((uint64_t)(arg1[9]) * (arg2[14]));
x132 = ((uint64_t)(arg1[9]) * (arg2[13]));
x133 = ((uint64_t)(arg1[9]) * ((arg2[12]) * 0x2));
x134 = ((uint64_t)(arg1[9]) * (arg2[11]));
x135 = ((uint64_t)(arg1[9]) * ((arg2[10]) * 0x2));
x136 = ((uint64_t)(arg1[8]) * ((arg2[18]) * 0x2));
x137 = ((uint64_t)(arg1[8]) * ((arg2[17]) * 0x2));
x138 = ((uint64_t)(arg1[8]) * (arg2[16]));
x139 = ((uint64_t)(arg1[8]) * ((arg2[15]) * 0x2));
x140 = ((uint64_t)(arg1[8]) * (arg2[14]));
x141 = ((uint64_t)(arg1[8]) * ((arg2[13]) * 0x2));
x142 = ((uint64_t)(arg1[8]) * ((arg2[12]) * 0x2));
x143 = ((uint64_t)(arg1[8]) * ((arg2[11]) * 0x2));
x144 = ((uint64_t)(arg1[7]) * (arg2[18]));
x145 = ((uint64_t)(arg1[7]) * (arg2[17]));
x146 = ((uint64_t)(arg1[7]) * (arg2[16]));
x147 = ((uint64_t)(arg1[7]) * (arg2[15]));
x148 = ((uint64_t)(arg1[7]) * (arg2[14]));
x149 = ((uint64_t)(arg1[7]) * (arg2[13]));
x150 = ((uint64_t)(arg1[7]) * ((arg2[12]) * 0x2));
x151 = ((uint64_t)(arg1[6]) * (arg2[18]));
x152 = ((uint64_t)(arg1[6]) * ((arg2[17]) * 0x2));
x153 = ((uint64_t)(arg1[6]) * (arg2[16]));
x154 = ((uint64_t)(arg1[6]) * ((arg2[15]) * 0x2));
x155 = ((uint64_t)(arg1[6]) * (arg2[14]));
x156 = ((uint64_t)(arg1[6]) * ((arg2[13]) * 0x2));
x157 = ((uint64_t)(arg1[5]) * ((arg2[18]) * 0x2));
x158 = ((uint64_t)(arg1[5]) * ((arg2[17]) * 0x2));
x159 = ((uint64_t)(arg1[5]) * ((arg2[16]) * 0x2));
x160 = ((uint64_t)(arg1[5]) * ((arg2[15]) * 0x2));
x161 = ((uint64_t)(arg1[5]) * ((arg2[14]) * 0x2));
x162 = ((uint64_t)(arg1[4]) * (arg2[18]));
x163 = ((uint64_t)(arg1[4]) * ((arg2[17]) * 0x2));
x164 = ((uint64_t)(arg1[4]) * (arg2[16]));
x165 = ((uint64_t)(arg1[4]) * ((arg2[15]) * 0x2));
x166 = ((uint64_t)(arg1[3]) * ((arg2[18]) * 0x2));
x167 = ((uint64_t)(arg1[3]) * ((arg2[17]) * 0x2));
x168 = ((uint64_t)(arg1[3]) * ((arg2[16]) * 0x2));
x169 = ((uint64_t)(arg1[2]) * (arg2[18]));
x170 = ((uint64_t)(arg1[2]) * ((arg2[17]) * 0x2));
x171 = ((uint64_t)(arg1[1]) * ((arg2[18]) * 0x2));
x172 = ((uint64_t)(arg1[18]) * (arg2[0]));
x173 = ((uint64_t)(arg1[17]) * ((arg2[1]) * 0x2));
x174 = ((uint64_t)(arg1[17]) * (arg2[0]));
x175 = ((uint64_t)(arg1[16]) * (arg2[2]));
x176 = ((uint64_t)(arg1[16]) * (arg2[1]));
x177 = ((uint64_t)(arg1[16]) * (arg2[0]));
x178 = ((uint64_t)(arg1[15]) * ((arg2[3]) * 0x2));
x179 = ((uint64_t)(arg1[15]) * (arg2[2]));
x180 = ((uint64_t)(arg1[15]) * ((arg2[1]) * 0x2));
x181 = ((uint64_t)(arg1[15]) * (arg2[0]));
x182 = ((uint64_t)(arg1[14]) * (arg2[4]));
x183 = ((uint64_t)(arg1[14]) * (arg2[3]));
x184 = ((uint64_t)(arg1[14]) * (arg2[2]));
x185 = ((uint64_t)(arg1[14]) * (arg2[1]));
x186 = ((uint64_t)(arg1[14]) * (arg2[0]));
x187 = ((uint64_t)(arg1[13]) * ((arg2[5]) * 0x2));
x188 = ((uint64_t)(arg1[13]) * (arg2[4]));
x189 = ((uint64_t)(arg1[13]) * ((arg2[3]) * 0x2));
x190 = ((uint64_t)(arg1[13]) * (arg2[2]));
x191 = ((uint64_t)(arg1[13]) * ((arg2[1]) * 0x2));
x192 = ((uint64_t)(arg1[13]) * (arg2[0]));
x193 = ((uint64_t)(arg1[12]) * ((arg2[6]) * 0x2));
x194 = ((uint64_t)(arg1[12]) * ((arg2[5]) * 0x2));
x195 = ((uint64_t)(arg1[12]) * ((arg2[4]) * 0x2));
x196 = ((uint64_t)(arg1[12]) * ((arg2[3]) * 0x2));
x197 = ((uint64_t)(arg1[12]) * ((arg2[2]) * 0x2));
x198 = ((uint64_t)(arg1[12]) * ((arg2[1]) * 0x2));
x199 = ((uint64_t)(arg1[12]) * (arg2[0]));
x200 = ((uint64_t)(arg1[11]) * (arg2[7]));
x201 = ((uint64_t)(arg1[11]) * (arg2[6]));
x202 = ((uint64_t)(arg1[11]) * ((arg2[5]) * 0x2));
x203 = ((uint64_t)(arg1[11]) * (arg2[4]));
x204 = ((uint64_t)(arg1[11]) * ((arg2[3]) * 0x2));
x205 = ((uint64_t)(arg1[11]) * (arg2[2]));
x206 = ((uint64_t)(arg1[11]) * (arg2[1]));
x207 = ((uint64_t)(arg1[11]) * (arg2[0]));
x208 = ((uint64_t)(arg1[10]) * ((arg2[8]) * 0x2));
x209 = ((uint64_t)(arg1[10]) * (arg2[7]));
x210 = ((uint64_t)(arg1[10]) * ((arg2[6]) * 0x2));
x211 = ((uint64_t)(arg1[10]) * ((arg2[5]) * 0x2));
x212 = ((uint64_t)(arg1[10]) * ((arg2[4]) * 0x2));
x213 = ((uint64_t)(arg1[10]) * ((arg2[3]) * 0x2));
x214 = ((uint64_t)(arg1[10]) * (arg2[2]));
x215 = ((uint64_t)(arg1[10]) * ((arg2[1]) * 0x2));
x216 = ((uint64_t)(arg1[10]) * (arg2[0]));
x217 = ((uint64_t)(arg1[9]) * (arg2[9]));
x218 = ((uint64_t)(arg1[9]) * (arg2[8]));
x219 = ((uint64_t)(arg1[9]) * (arg2[7]));
x220 = ((uint64_t)(arg1[9]) * (arg2[6]));
x221 = ((uint64_t)(arg1[9]) * ((arg2[5]) * 0x2));
x222 = ((uint64_t)(arg1[9]) * (arg2[4]));
x223 = ((uint64_t)(arg1[9]) * (arg2[3]));
x224 = ((uint64_t)(arg1[9]) * (arg2[2]));
x225 = ((uint64_t)(arg1[9]) * (arg2[1]));
x226 = ((uint64_t)(arg1[9]) * (arg2[0]));
x227 = ((uint64_t)(arg1[8]) * ((arg2[10]) * 0x2));
x228 = ((uint64_t)(arg1[8]) * (arg2[9]));
x229 = ((uint64_t)(arg1[8]) * ((arg2[8]) * 0x2));
x230 = ((uint64_t)(arg1[8]) * (arg2[7]));
x231 = ((uint64_t)(arg1[8]) * ((arg2[6]) * 0x2));
x232 = ((uint64_t)(arg1[8]) * ((arg2[5]) * 0x2));
x233 = ((uint64_t)(arg1[8]) * (arg2[4]));
x234 = ((uint64_t)(arg1[8]) * ((arg2[3]) * 0x2));
x235 = ((uint64_t)(arg1[8]) * (arg2[2]));
x236 = ((uint64_t)(arg1[8]) * ((arg2[1]) * 0x2));
x237 = ((uint64_t)(arg1[8]) * (arg2[0]));
x238 = ((uint64_t)(arg1[7]) * (arg2[11]));
x239 = ((uint64_t)(arg1[7]) * (arg2[10]));
x240 = ((uint64_t)(arg1[7]) * (arg2[9]));
x241 = ((uint64_t)(arg1[7]) * (arg2[8]));
x242 = ((uint64_t)(arg1[7]) * (arg2[7]));
x243 = ((uint64_t)(arg1[7]) * (arg2[6]));
x244 = ((uint64_t)(arg1[7]) * (arg2[5]));
x245 = ((uint64_t)(arg1[7]) * (arg2[4]));
x246 = ((uint64_t)(arg1[7]) * (arg2[3]));
x247 = ((uint64_t)(arg1[7]) * (arg2[2]));
x248 = ((uint64_t)(arg1[7]) * (arg2[1]));
x249 = ((uint64_t)(arg1[7]) * (arg2[0]));
x250 = ((uint64_t)(arg1[6]) * ((arg2[12]) * 0x2));
x251 = ((uint64_t)(arg1[6]) * (arg2[11]));
x252 = ((uint64_t)(arg1[6]) * ((arg2[10]) * 0x2));
x253 = ((uint64_t)(arg1[6]) * (arg2[9]));
x254 = ((uint64_t)(arg1[6]) * ((arg2[8]) * 0x2));
x255 = ((uint64_t)(arg1[6]) * (arg2[7]));
x256 = ((uint64_t)(arg1[6]) * (arg2[6]));
x257 = ((uint64_t)(arg1[6]) * ((arg2[5]) * 0x2));
x258 = ((uint64_t)(arg1[6]) * (arg2[4]));
x259 = ((uint64_t)(arg1[6]) * ((arg2[3]) * 0x2));
x260 = ((uint64_t)(arg1[6]) * (arg2[2]));
x261 = ((uint64_t)(arg1[6]) * ((arg2[1]) * 0x2));
x262 = ((uint64_t)(arg1[6]) * (arg2[0]));
x263 = ((uint64_t)(arg1[5]) * ((arg2[13]) * 0x2));
x264 = ((uint64_t)(arg1[5]) * ((arg2[12]) * 0x2));
x265 = ((uint64_t)(arg1[5]) * ((arg2[11]) * 0x2));
x266 = ((uint64_t)(arg1[5]) * ((arg2[10]) * 0x2));
x267 = ((uint64_t)(arg1[5]) * ((arg2[9]) * 0x2));
x268 = ((uint64_t)(arg1[5]) * ((arg2[8]) * 0x2));
x269 = ((uint64_t)(arg1[5]) * (arg2[7]));
x270 = ((uint64_t)(arg1[5]) * ((arg2[6]) * 0x2));
x271 = ((uint64_t)(arg1[5]) * ((arg2[5]) * 0x2));
x272 = ((uint64_t)(arg1[5]) * ((arg2[4]) * 0x2));
x273 = ((uint64_t)(arg1[5]) * ((arg2[3]) * 0x2));
x274 = ((uint64_t)(arg1[5]) * ((arg2[2]) * 0x2));
x275 = ((uint64_t)(arg1[5]) * ((arg2[1]) * 0x2));
x276 = ((uint64_t)(arg1[5]) * (arg2[0]));
x277 = ((uint64_t)(arg1[4]) * (arg2[14]));
x278 = ((uint64_t)(arg1[4]) * (arg2[13]));
x279 = ((uint64_t)(arg1[4]) * ((arg2[12]) * 0x2));
x280 = ((uint64_t)(arg1[4]) * (arg2[11]));
x281 = ((uint64_t)(arg1[4]) * ((arg2[10]) * 0x2));
x282 = ((uint64_t)(arg1[4]) * (arg2[9]));
x283 = ((uint64_t)(arg1[4]) * (arg2[8]));
x284 = ((uint64_t)(arg1[4]) * (arg2[7]));
x285 = ((uint64_t)(arg1[4]) * (arg2[6]));
x286 = ((uint64_t)(arg1[4]) * ((arg2[5]) * 0x2));
x287 = ((uint64_t)(arg1[4]) * (arg2[4]));
x288 = ((uint64_t)(arg1[4]) * ((arg2[3]) * 0x2));
x289 = ((uint64_t)(arg1[4]) * (arg2[2]));
x290 = ((uint64_t)(arg1[4]) * (arg2[1]));
x291 = ((uint64_t)(arg1[4]) * (arg2[0]));
x292 = ((uint64_t)(arg1[3]) * ((arg2[15]) * 0x2));
x293 = ((uint64_t)(arg1[3]) * (arg2[14]));
x294 = ((uint64_t)(arg1[3]) * ((arg2[13]) * 0x2));
x295 = ((uint64_t)(arg1[3]) * ((arg2[12]) * 0x2));
x296 = ((uint64_t)(arg1[3]) * ((arg2[11]) * 0x2));
x297 = ((uint64_t)(arg1[3]) * ((arg2[10]) * 0x2));
x298 = ((uint64_t)(arg1[3]) * (arg2[9]));
x299 = ((uint64_t)(arg1[3]) * ((arg2[8]) * 0x2));
x300 = ((uint64_t)(arg1[3]) * (arg2[7]));
x301 = ((uint64_t)(arg1[3]) * ((arg2[6]) * 0x2));
x302 = ((uint64_t)(arg1[3]) * ((arg2[5]) * 0x2));
x303 = ((uint64_t)(arg1[3]) * ((arg2[4]) * 0x2));
x304 = ((uint64_t)(arg1[3]) * ((arg2[3]) * 0x2));
x305 = ((uint64_t)(arg1[3]) * (arg2[2]));
x306 = ((uint64_t)(arg1[3]) * ((arg2[1]) * 0x2));
x307 = ((uint64_t)(arg1[3]) * (arg2[0]));
x308 = ((uint64_t)(arg1[2]) * (arg2[16]));
x309 = ((uint64_t)(arg1[2]) * (arg2[15]));
x310 = ((uint64_t)(arg1[2]) * (arg2[14]));
x311 = ((uint64_t)(arg1[2]) * (arg2[13]));
x312 = ((uint64_t)(arg1[2]) * ((arg2[12]) * 0x2));
x313 = ((uint64_t)(arg1[2]) * (arg2[11]));
x314 = ((uint64_t)(arg1[2]) * (arg2[10]));
x315 = ((uint64_t)(arg1[2]) * (arg2[9]));
x316 = ((uint64_t)(arg1[2]) * (arg2[8]));
x317 = ((uint64_t)(arg1[2]) * (arg2[7]));
x318 = ((uint64_t)(arg1[2]) * (arg2[6]));
x319 = ((uint64_t)(arg1[2]) * ((arg2[5]) * 0x2));
x320 = ((uint64_t)(arg1[2]) * (arg2[4]));
x321 = ((uint64_t)(arg1[2]) * (arg2[3]));
x322 = ((uint64_t)(arg1[2]) * (arg2[2]));
x323 = ((uint64_t)(arg1[2]) * (arg2[1]));
x324 = ((uint64_t)(arg1[2]) * (arg2[0]));
x325 = ((uint64_t)(arg1[1]) * ((arg2[17]) * 0x2));
x326 = ((uint64_t)(arg1[1]) * (arg2[16]));
x327 = ((uint64_t)(arg1[1]) * ((arg2[15]) * 0x2));
x328 = ((uint64_t)(arg1[1]) * (arg2[14]));
x329 = ((uint64_t)(arg1[1]) * ((arg2[13]) * 0x2));
x330 = ((uint64_t)(arg1[1]) * ((arg2[12]) * 0x2));
x331 = ((uint64_t)(arg1[1]) * (arg2[11]));
x332 = ((uint64_t)(arg1[1]) * ((arg2[10]) * 0x2));
x333 = ((uint64_t)(arg1[1]) * (arg2[9]));
x334 = ((uint64_t)(arg1[1]) * ((arg2[8]) * 0x2));
x335 = ((uint64_t)(arg1[1]) * (arg2[7]));
x336 = ((uint64_t)(arg1[1]) * ((arg2[6]) * 0x2));
x337 = ((uint64_t)(arg1[1]) * ((arg2[5]) * 0x2));
x338 = ((uint64_t)(arg1[1]) * (arg2[4]));
x339 = ((uint64_t)(arg1[1]) * ((arg2[3]) * 0x2));
x340 = ((uint64_t)(arg1[1]) * (arg2[2]));
x341 = ((uint64_t)(arg1[1]) * ((arg2[1]) * 0x2));
x342 = ((uint64_t)(arg1[1]) * (arg2[0]));
x343 = ((uint64_t)(arg1[0]) * (arg2[18]));
x344 = ((uint64_t)(arg1[0]) * (arg2[17]));
x345 = ((uint64_t)(arg1[0]) * (arg2[16]));
x346 = ((uint64_t)(arg1[0]) * (arg2[15]));
x347 = ((uint64_t)(arg1[0]) * (arg2[14]));
x348 = ((uint64_t)(arg1[0]) * (arg2[13]));
x349 = ((uint64_t)(arg1[0]) * (arg2[12]));
x350 = ((uint64_t)(arg1[0]) * (arg2[11]));
x351 = ((uint64_t)(arg1[0]) * (arg2[10]));
x352 = ((uint64_t)(arg1[0]) * (arg2[9]));
x353 = ((uint64_t)(arg1[0]) * (arg2[8]));
x354 = ((uint64_t)(arg1[0]) * (arg2[7]));
x355 = ((uint64_t)(arg1[0]) * (arg2[6]));
x356 = ((uint64_t)(arg1[0]) * (arg2[5]));
x357 = ((uint64_t)(arg1[0]) * (arg2[4]));
x358 = ((uint64_t)(arg1[0]) * (arg2[3]));
x359 = ((uint64_t)(arg1[0]) * (arg2[2]));
x360 = ((uint64_t)(arg1[0]) * (arg2[1]));
x361 = ((uint64_t)(arg1[0]) * (arg2[0]));
x362 =
(x361 +
(x171 +
(x170 +
(x168 +
(x165 +
(x161 +
(x156 +
(x150 +
(x143 +
(x135 +
(x126 +
(x116 +
(x105 +
(x93 + (x80 + (x66 + (x51 + (x35 + x18))))))))))))))))));
x363 = (x362 >> 28);
x364 = (uint32_t)(x362 & UINT32_C(0xfffffff));
x365 = (x343 +
(x325 +
(x308 +
(x292 +
(x277 +
(x263 +
(x250 +
(x238 +
(x227 +
(x217 +
(x208 +
(x200 +
(x193 +
(x187 +
(x182 + (x178 + (x175 + (x173 + x172))))))))))))))))));
x366 = (x344 +
(x326 +
(x309 +
(x293 +
(x278 +
(x264 +
(x251 +
(x239 +
(x228 +
(x218 +
(x209 +
(x201 +
(x194 +
(x188 +
(x183 + (x179 + (x176 + (x174 + x1))))))))))))))))));
x367 = (x345 +
(x327 +
(x310 +
(x294 +
(x279 +
(x265 +
(x252 +
(x240 +
(x229 +
(x219 +
(x210 +
(x202 +
(x195 +
(x189 +
(x184 + (x180 + (x177 + (x19 + x2))))))))))))))))));
x368 =
(x346 +
(x328 +
(x311 +
(x295 +
(x280 +
(x266 +
(x253 +
(x241 +
(x230 +
(x220 +
(x211 +
(x203 +
(x196 +
(x190 + (x185 + (x181 + (x36 + (x20 + x3))))))))))))))))));
x369 =
(x347 +
(x329 +
(x312 +
(x296 +
(x281 +
(x267 +
(x254 +
(x242 +
(x231 +
(x221 +
(x212 +
(x204 +
(x197 +
(x191 + (x186 + (x52 + (x37 + (x21 + x4))))))))))))))))));
x370 =
(x348 +
(x330 +
(x313 +
(x297 +
(x282 +
(x268 +
(x255 +
(x243 +
(x232 +
(x222 +
(x213 +
(x205 +
(x198 +
(x192 + (x67 + (x53 + (x38 + (x22 + x5))))))))))))))))));
x371 = (x349 +
(x331 +
(x314 +
(x298 +
(x283 +
(x269 +
(x256 +
(x244 +
(x233 +
(x223 +
(x214 +
(x206 +
(x199 +
(x81 + (x68 + (x54 + (x39 + (x23 + x6))))))))))))))))));
x372 = (x350 +
(x332 +
(x315 +
(x299 +
(x284 +
(x270 +
(x257 +
(x245 +
(x234 +
(x224 +
(x215 +
(x207 +
(x94 +
(x82 + (x69 + (x55 + (x40 + (x24 + x7))))))))))))))))));
x373 = (x351 +
(x333 +
(x316 +
(x300 +
(x285 +
(x271 +
(x258 +
(x246 +
(x235 +
(x225 +
(x216 +
(x106 +
(x95 +
(x83 + (x70 + (x56 + (x41 + (x25 + x8))))))))))))))))));
x374 = (x352 +
(x334 +
(x317 +
(x301 +
(x286 +
(x272 +
(x259 +
(x247 +
(x236 +
(x226 +
(x117 +
(x107 +
(x96 +
(x84 + (x71 + (x57 + (x42 + (x26 + x9))))))))))))))))));
x375 =
(x353 +
(x335 +
(x318 +
(x302 +
(x287 +
(x273 +
(x260 +
(x248 +
(x237 +
(x127 +
(x118 +
(x108 +
(x97 +
(x85 + (x72 + (x58 + (x43 + (x27 + x10))))))))))))))))));
x376 =
(x354 +
(x336 +
(x319 +
(x303 +
(x288 +
(x274 +
(x261 +
(x249 +
(x136 +
(x128 +
(x119 +
(x109 +
(x98 +
(x86 + (x73 + (x59 + (x44 + (x28 + x11))))))))))))))))));
x377 =
(x355 +
(x337 +
(x320 +
(x304 +
(x289 +
(x275 +
(x262 +
(x144 +
(x137 +
(x129 +
(x120 +
(x110 +
(x99 +
(x87 + (x74 + (x60 + (x45 + (x29 + x12))))))))))))))))));
x378 =
(x356 +
(x338 +
(x321 +
(x305 +
(x290 +
(x276 +
(x151 +
(x145 +
(x138 +
(x130 +
(x121 +
(x111 +
(x100 +
(x88 + (x75 + (x61 + (x46 + (x30 + x13))))))))))))))))));
x379 =
(x357 +
(x339 +
(x322 +
(x306 +
(x291 +
(x157 +
(x152 +
(x146 +
(x139 +
(x131 +
(x122 +
(x112 +
(x101 +
(x89 + (x76 + (x62 + (x47 + (x31 + x14))))))))))))))))));
x380 =
(x358 +
(x340 +
(x323 +
(x307 +
(x162 +
(x158 +
(x153 +
(x147 +
(x140 +
(x132 +
(x123 +
(x113 +
(x102 +
(x90 + (x77 + (x63 + (x48 + (x32 + x15))))))))))))))))));
x381 =
(x359 +
(x341 +
(x324 +
(x166 +
(x163 +
(x159 +
(x154 +
(x148 +
(x141 +
(x133 +
(x124 +
(x114 +
(x103 +
(x91 + (x78 + (x64 + (x49 + (x33 + x16))))))))))))))))));
x382 =
(x360 +
(x342 +
(x169 +
(x167 +
(x164 +
(x160 +
(x155 +
(x149 +
(x142 +
(x134 +
(x125 +
(x115 +
(x104 +
(x92 + (x79 + (x65 + (x50 + (x34 + x17))))))))))))))))));
x383 = (x363 + x382);
x384 = (x383 >> 27);
x385 = (uint32_t)(x383 & UINT32_C(0x7ffffff));
x386 = (x384 + x381);
x387 = (x386 >> 28);
x388 = (uint32_t)(x386 & UINT32_C(0xfffffff));
x389 = (x387 + x380);
x390 = (x389 >> 27);
x391 = (uint32_t)(x389 & UINT32_C(0x7ffffff));
x392 = (x390 + x379);
x393 = (x392 >> 28);
x394 = (uint32_t)(x392 & UINT32_C(0xfffffff));
x395 = (x393 + x378);
x396 = (x395 >> 27);
x397 = (uint32_t)(x395 & UINT32_C(0x7ffffff));
x398 = (x396 + x377);
x399 = (x398 >> 27);
x400 = (uint32_t)(x398 & UINT32_C(0x7ffffff));
x401 = (x399 + x376);
x402 = (x401 >> 28);
x403 = (uint32_t)(x401 & UINT32_C(0xfffffff));
x404 = (x402 + x375);
x405 = (x404 >> 27);
x406 = (uint32_t)(x404 & UINT32_C(0x7ffffff));
x407 = (x405 + x374);
x408 = (x407 >> 28);
x409 = (uint32_t)(x407 & UINT32_C(0xfffffff));
x410 = (x408 + x373);
x411 = (x410 >> 27);
x412 = (uint32_t)(x410 & UINT32_C(0x7ffffff));
x413 = (x411 + x372);
x414 = (x413 >> 28);
x415 = (uint32_t)(x413 & UINT32_C(0xfffffff));
x416 = (x414 + x371);
x417 = (x416 >> 27);
x418 = (uint32_t)(x416 & UINT32_C(0x7ffffff));
x419 = (x417 + x370);
x420 = (x419 >> 27);
x421 = (uint32_t)(x419 & UINT32_C(0x7ffffff));
x422 = (x420 + x369);
x423 = (x422 >> 28);
x424 = (uint32_t)(x422 & UINT32_C(0xfffffff));
x425 = (x423 + x368);
x426 = (x425 >> 27);
x427 = (uint32_t)(x425 & UINT32_C(0x7ffffff));
x428 = (x426 + x367);
x429 = (x428 >> 28);
x430 = (uint32_t)(x428 & UINT32_C(0xfffffff));
x431 = (x429 + x366);
x432 = (x431 >> 27);
x433 = (uint32_t)(x431 & UINT32_C(0x7ffffff));
x434 = (x432 + x365);
x435 = (x434 >> 27);
x436 = (uint32_t)(x434 & UINT32_C(0x7ffffff));
x437 = (x364 + x435);
x438 = (uint32_t)(x437 >> 28);
x439 = (uint32_t)(x437 & UINT32_C(0xfffffff));
x440 = (x438 + x385);
x441 = (fiat_secp521r1_uint1)(x440 >> 27);
x442 = (x440 & UINT32_C(0x7ffffff));
x443 = (x441 + x388);
out1[0] = x439;
out1[1] = x442;
out1[2] = x443;
out1[3] = x391;
out1[4] = x394;
out1[5] = x397;
out1[6] = x400;
out1[7] = x403;
out1[8] = x406;
out1[9] = x409;
out1[10] = x412;
out1[11] = x415;
out1[12] = x418;
out1[13] = x421;
out1[14] = x424;
out1[15] = x427;
out1[16] = x430;
out1[17] = x433;
out1[18] = x436;
}
/*
* The function fiat_secp521r1_carry_square squares a field element and reduces the result.
*
* Postconditions:
* eval out1 mod m = (eval arg1 * eval arg1) mod m
*
*/
static void fiat_secp521r1_carry_square(
fiat_secp521r1_tight_field_element out1,
const fiat_secp521r1_loose_field_element arg1) {
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint32_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t x16;
uint32_t x17;
uint32_t x18;
uint32_t x19;
uint32_t x20;
uint32_t x21;
uint32_t x22;
uint32_t x23;
uint32_t x24;
uint32_t x25;
uint32_t x26;
uint32_t x27;
uint32_t x28;
uint32_t x29;
uint32_t x30;
uint32_t x31;
uint32_t x32;
uint32_t x33;
uint32_t x34;
uint32_t x35;
uint32_t x36;
uint64_t x37;
uint64_t x38;
uint64_t x39;
uint64_t x40;
uint64_t x41;
uint64_t x42;
uint64_t x43;
uint64_t x44;
uint64_t x45;
uint64_t x46;
uint64_t x47;
uint64_t x48;
uint64_t x49;
uint64_t x50;
uint64_t x51;
uint64_t x52;
uint64_t x53;
uint64_t x54;
uint64_t x55;
uint64_t x56;
uint64_t x57;
uint64_t x58;
uint64_t x59;
uint64_t x60;
uint64_t x61;
uint64_t x62;
uint64_t x63;
uint64_t x64;
uint64_t x65;
uint64_t x66;
uint64_t x67;
uint64_t x68;
uint64_t x69;
uint64_t x70;
uint64_t x71;
uint64_t x72;
uint64_t x73;
uint64_t x74;
uint64_t x75;
uint64_t x76;
uint64_t x77;
uint64_t x78;
uint64_t x79;
uint64_t x80;
uint64_t x81;
uint64_t x82;
uint64_t x83;
uint64_t x84;
uint64_t x85;
uint64_t x86;
uint64_t x87;
uint64_t x88;
uint64_t x89;
uint64_t x90;
uint64_t x91;
uint64_t x92;
uint64_t x93;
uint64_t x94;
uint64_t x95;
uint64_t x96;
uint64_t x97;
uint64_t x98;
uint64_t x99;
uint64_t x100;
uint64_t x101;
uint64_t x102;
uint64_t x103;
uint64_t x104;
uint64_t x105;
uint64_t x106;
uint64_t x107;
uint64_t x108;
uint64_t x109;
uint64_t x110;
uint64_t x111;
uint64_t x112;
uint64_t x113;
uint64_t x114;
uint64_t x115;
uint64_t x116;
uint64_t x117;
uint64_t x118;
uint64_t x119;
uint64_t x120;
uint64_t x121;
uint64_t x122;
uint64_t x123;
uint64_t x124;
uint64_t x125;
uint64_t x126;
uint64_t x127;
uint64_t x128;
uint64_t x129;
uint64_t x130;
uint64_t x131;
uint64_t x132;
uint64_t x133;
uint64_t x134;
uint64_t x135;
uint64_t x136;
uint64_t x137;
uint64_t x138;
uint64_t x139;
uint64_t x140;
uint64_t x141;
uint64_t x142;
uint64_t x143;
uint64_t x144;
uint64_t x145;
uint64_t x146;
uint64_t x147;
uint64_t x148;
uint64_t x149;
uint64_t x150;
uint64_t x151;
uint64_t x152;
uint64_t x153;
uint64_t x154;
uint64_t x155;
uint64_t x156;
uint64_t x157;
uint64_t x158;
uint64_t x159;
uint64_t x160;
uint64_t x161;
uint64_t x162;
uint64_t x163;
uint64_t x164;
uint64_t x165;
uint64_t x166;
uint64_t x167;
uint64_t x168;
uint64_t x169;
uint64_t x170;
uint64_t x171;
uint64_t x172;
uint64_t x173;
uint64_t x174;
uint64_t x175;
uint64_t x176;
uint64_t x177;
uint64_t x178;
uint64_t x179;
uint64_t x180;
uint64_t x181;
uint64_t x182;
uint64_t x183;
uint64_t x184;
uint64_t x185;
uint64_t x186;
uint64_t x187;
uint64_t x188;
uint64_t x189;
uint64_t x190;
uint64_t x191;
uint64_t x192;
uint64_t x193;
uint64_t x194;
uint64_t x195;
uint64_t x196;
uint64_t x197;
uint64_t x198;
uint64_t x199;
uint64_t x200;
uint64_t x201;
uint64_t x202;
uint64_t x203;
uint64_t x204;
uint64_t x205;
uint64_t x206;
uint64_t x207;
uint64_t x208;
uint64_t x209;
uint64_t x210;
uint64_t x211;
uint64_t x212;
uint64_t x213;
uint64_t x214;
uint64_t x215;
uint64_t x216;
uint64_t x217;
uint64_t x218;
uint64_t x219;
uint64_t x220;
uint64_t x221;
uint64_t x222;
uint64_t x223;
uint64_t x224;
uint64_t x225;
uint64_t x226;
uint64_t x227;
uint64_t x228;
uint32_t x229;
uint64_t x230;
uint64_t x231;
uint64_t x232;
uint64_t x233;
uint64_t x234;
uint64_t x235;
uint64_t x236;
uint64_t x237;
uint64_t x238;
uint64_t x239;
uint64_t x240;
uint64_t x241;
uint64_t x242;
uint64_t x243;
uint64_t x244;
uint64_t x245;
uint64_t x246;
uint64_t x247;
uint64_t x248;
uint64_t x249;
uint32_t x250;
uint64_t x251;
uint64_t x252;
uint32_t x253;
uint64_t x254;
uint64_t x255;
uint32_t x256;
uint64_t x257;
uint64_t x258;
uint32_t x259;
uint64_t x260;
uint64_t x261;
uint32_t x262;
uint64_t x263;
uint64_t x264;
uint32_t x265;
uint64_t x266;
uint64_t x267;
uint32_t x268;
uint64_t x269;
uint64_t x270;
uint32_t x271;
uint64_t x272;
uint64_t x273;
uint32_t x274;
uint64_t x275;
uint64_t x276;
uint32_t x277;
uint64_t x278;
uint64_t x279;
uint32_t x280;
uint64_t x281;
uint64_t x282;
uint32_t x283;
uint64_t x284;
uint64_t x285;
uint32_t x286;
uint64_t x287;
uint64_t x288;
uint32_t x289;
uint64_t x290;
uint64_t x291;
uint32_t x292;
uint64_t x293;
uint64_t x294;
uint32_t x295;
uint64_t x296;
uint64_t x297;
uint32_t x298;
uint64_t x299;
uint64_t x300;
uint32_t x301;
uint64_t x302;
uint32_t x303;
uint32_t x304;
uint32_t x305;
fiat_secp521r1_uint1 x306;
uint32_t x307;
uint32_t x308;
x1 = (arg1[18]);
x2 = (x1 * 0x2);
x3 = ((arg1[18]) * 0x2);
x4 = (arg1[17]);
x5 = (x4 * 0x2);
x6 = ((arg1[17]) * 0x2);
x7 = (arg1[16]);
x8 = (x7 * 0x2);
x9 = ((arg1[16]) * 0x2);
x10 = (arg1[15]);
x11 = (x10 * 0x2);
x12 = ((arg1[15]) * 0x2);
x13 = (arg1[14]);
x14 = (x13 * 0x2);
x15 = ((arg1[14]) * 0x2);
x16 = (arg1[13]);
x17 = (x16 * 0x2);
x18 = ((arg1[13]) * 0x2);
x19 = (arg1[12]);
x20 = (x19 * 0x2);
x21 = ((arg1[12]) * 0x2);
x22 = (arg1[11]);
x23 = (x22 * 0x2);
x24 = ((arg1[11]) * 0x2);
x25 = (arg1[10]);
x26 = (x25 * 0x2);
x27 = ((arg1[10]) * 0x2);
x28 = ((arg1[9]) * 0x2);
x29 = ((arg1[8]) * 0x2);
x30 = ((arg1[7]) * 0x2);
x31 = ((arg1[6]) * 0x2);
x32 = ((arg1[5]) * 0x2);
x33 = ((arg1[4]) * 0x2);
x34 = ((arg1[3]) * 0x2);
x35 = ((arg1[2]) * 0x2);
x36 = ((arg1[1]) * 0x2);
x37 = ((uint64_t)(arg1[18]) * x1);
x38 = ((uint64_t)(arg1[17]) * (x2 * 0x2));
x39 = ((uint64_t)(arg1[17]) * (x4 * 0x2));
x40 = ((uint64_t)(arg1[16]) * x2);
x41 = ((uint64_t)(arg1[16]) * (x5 * 0x2));
x42 = ((uint64_t)(arg1[16]) * x7);
x43 = ((uint64_t)(arg1[15]) * (x2 * 0x2));
x44 = ((uint64_t)(arg1[15]) * (x5 * 0x2));
x45 = ((uint64_t)(arg1[15]) * x8);
x46 = ((uint64_t)(arg1[15]) * (x10 * 0x2));
x47 = ((uint64_t)(arg1[14]) * x2);
x48 = ((uint64_t)(arg1[14]) * x5);
x49 = ((uint64_t)(arg1[14]) * x8);
x50 = ((uint64_t)(arg1[14]) * x11);
x51 = ((uint64_t)(arg1[14]) * x13);
x52 = ((uint64_t)(arg1[13]) * x2);
x53 = ((uint64_t)(arg1[13]) * (x5 * 0x2));
x54 = ((uint64_t)(arg1[13]) * x8);
x55 = ((uint64_t)(arg1[13]) * (x11 * 0x2));
x56 = ((uint64_t)(arg1[13]) * x14);
x57 = ((uint64_t)(arg1[13]) * (x16 * 0x2));
x58 = ((uint64_t)(arg1[12]) * (x2 * 0x2));
x59 = ((uint64_t)(arg1[12]) * (x5 * 0x2));
x60 = ((uint64_t)(arg1[12]) * (x8 * 0x2));
x61 = ((uint64_t)(arg1[12]) * (x11 * 0x2));
x62 = ((uint64_t)(arg1[12]) * (x14 * 0x2));
x63 = ((uint64_t)(arg1[12]) * (x17 * 0x2));
x64 = ((uint64_t)(arg1[12]) * (x19 * 0x2));
x65 = ((uint64_t)(arg1[11]) * x2);
x66 = ((uint64_t)(arg1[11]) * (x5 * 0x2));
x67 = ((uint64_t)(arg1[11]) * x8);
x68 = ((uint64_t)(arg1[11]) * (x11 * 0x2));
x69 = ((uint64_t)(arg1[11]) * x14);
x70 = ((uint64_t)(arg1[11]) * x17);
x71 = ((uint64_t)(arg1[11]) * (x20 * 0x2));
x72 = ((uint64_t)(arg1[11]) * x22);
x73 = ((uint64_t)(arg1[10]) * (x2 * 0x2));
x74 = ((uint64_t)(arg1[10]) * (x5 * 0x2));
x75 = ((uint64_t)(arg1[10]) * (x8 * 0x2));
x76 = ((uint64_t)(arg1[10]) * (x11 * 0x2));
x77 = ((uint64_t)(arg1[10]) * x14);
x78 = ((uint64_t)(arg1[10]) * (x17 * 0x2));
x79 = ((uint64_t)(arg1[10]) * (x20 * 0x2));
x80 = ((uint64_t)(arg1[10]) * (x23 * 0x2));
x81 = ((uint64_t)(arg1[10]) * (x25 * 0x2));
x82 = ((uint64_t)(arg1[9]) * x2);
x83 = ((uint64_t)(arg1[9]) * (x5 * 0x2));
x84 = ((uint64_t)(arg1[9]) * x8);
x85 = ((uint64_t)(arg1[9]) * x11);
x86 = ((uint64_t)(arg1[9]) * x14);
x87 = ((uint64_t)(arg1[9]) * x17);
x88 = ((uint64_t)(arg1[9]) * (x20 * 0x2));
x89 = ((uint64_t)(arg1[9]) * x23);
x90 = ((uint64_t)(arg1[9]) * (x26 * 0x2));
x91 = ((uint64_t)(arg1[9]) * (arg1[9]));
x92 = ((uint64_t)(arg1[8]) * (x2 * 0x2));
x93 = ((uint64_t)(arg1[8]) * (x5 * 0x2));
x94 = ((uint64_t)(arg1[8]) * x8);
x95 = ((uint64_t)(arg1[8]) * (x11 * 0x2));
x96 = ((uint64_t)(arg1[8]) * x14);
x97 = ((uint64_t)(arg1[8]) * (x17 * 0x2));
x98 = ((uint64_t)(arg1[8]) * (x20 * 0x2));
x99 = ((uint64_t)(arg1[8]) * (x23 * 0x2));
x100 = ((uint64_t)(arg1[8]) * (x27 * 0x2));
x101 = ((uint64_t)(arg1[8]) * x28);
x102 = ((uint64_t)(arg1[8]) * ((arg1[8]) * 0x2));
x103 = ((uint64_t)(arg1[7]) * x2);
x104 = ((uint64_t)(arg1[7]) * x5);
x105 = ((uint64_t)(arg1[7]) * x8);
x106 = ((uint64_t)(arg1[7]) * x11);
x107 = ((uint64_t)(arg1[7]) * x14);
x108 = ((uint64_t)(arg1[7]) * x17);
x109 = ((uint64_t)(arg1[7]) * (x20 * 0x2));
x110 = ((uint64_t)(arg1[7]) * x24);
x111 = ((uint64_t)(arg1[7]) * x27);
x112 = ((uint64_t)(arg1[7]) * x28);
x113 = ((uint64_t)(arg1[7]) * x29);
x114 = ((uint64_t)(arg1[7]) * (arg1[7]));
x115 = ((uint64_t)(arg1[6]) * x2);
x116 = ((uint64_t)(arg1[6]) * (x5 * 0x2));
x117 = ((uint64_t)(arg1[6]) * x8);
x118 = ((uint64_t)(arg1[6]) * (x11 * 0x2));
x119 = ((uint64_t)(arg1[6]) * x14);
x120 = ((uint64_t)(arg1[6]) * (x17 * 0x2));
x121 = ((uint64_t)(arg1[6]) * (x21 * 0x2));
x122 = ((uint64_t)(arg1[6]) * x24);
x123 = ((uint64_t)(arg1[6]) * (x27 * 0x2));
x124 = ((uint64_t)(arg1[6]) * x28);
x125 = ((uint64_t)(arg1[6]) * (x29 * 0x2));
x126 = ((uint64_t)(arg1[6]) * x30);
x127 = ((uint64_t)(arg1[6]) * (arg1[6]));
x128 = ((uint64_t)(arg1[5]) * (x2 * 0x2));
x129 = ((uint64_t)(arg1[5]) * (x5 * 0x2));
x130 = ((uint64_t)(arg1[5]) * (x8 * 0x2));
x131 = ((uint64_t)(arg1[5]) * (x11 * 0x2));
x132 = ((uint64_t)(arg1[5]) * (x14 * 0x2));
x133 = ((uint64_t)(arg1[5]) * (x18 * 0x2));
x134 = ((uint64_t)(arg1[5]) * (x21 * 0x2));
x135 = ((uint64_t)(arg1[5]) * (x24 * 0x2));
x136 = ((uint64_t)(arg1[5]) * (x27 * 0x2));
x137 = ((uint64_t)(arg1[5]) * (x28 * 0x2));
x138 = ((uint64_t)(arg1[5]) * (x29 * 0x2));
x139 = ((uint64_t)(arg1[5]) * x30);
x140 = ((uint64_t)(arg1[5]) * (x31 * 0x2));
x141 = ((uint64_t)(arg1[5]) * ((arg1[5]) * 0x2));
x142 = ((uint64_t)(arg1[4]) * x2);
x143 = ((uint64_t)(arg1[4]) * (x5 * 0x2));
x144 = ((uint64_t)(arg1[4]) * x8);
x145 = ((uint64_t)(arg1[4]) * (x11 * 0x2));
x146 = ((uint64_t)(arg1[4]) * x15);
x147 = ((uint64_t)(arg1[4]) * x18);
x148 = ((uint64_t)(arg1[4]) * (x21 * 0x2));
x149 = ((uint64_t)(arg1[4]) * x24);
x150 = ((uint64_t)(arg1[4]) * (x27 * 0x2));
x151 = ((uint64_t)(arg1[4]) * x28);
x152 = ((uint64_t)(arg1[4]) * x29);
x153 = ((uint64_t)(arg1[4]) * x30);
x154 = ((uint64_t)(arg1[4]) * x31);
x155 = ((uint64_t)(arg1[4]) * (x32 * 0x2));
x156 = ((uint64_t)(arg1[4]) * (arg1[4]));
x157 = ((uint64_t)(arg1[3]) * (x2 * 0x2));
x158 = ((uint64_t)(arg1[3]) * (x5 * 0x2));
x159 = ((uint64_t)(arg1[3]) * (x8 * 0x2));
x160 = ((uint64_t)(arg1[3]) * (x12 * 0x2));
x161 = ((uint64_t)(arg1[3]) * x15);
x162 = ((uint64_t)(arg1[3]) * (x18 * 0x2));
x163 = ((uint64_t)(arg1[3]) * (x21 * 0x2));
x164 = ((uint64_t)(arg1[3]) * (x24 * 0x2));
x165 = ((uint64_t)(arg1[3]) * (x27 * 0x2));
x166 = ((uint64_t)(arg1[3]) * x28);
x167 = ((uint64_t)(arg1[3]) * (x29 * 0x2));
x168 = ((uint64_t)(arg1[3]) * x30);
x169 = ((uint64_t)(arg1[3]) * (x31 * 0x2));
x170 = ((uint64_t)(arg1[3]) * (x32 * 0x2));
x171 = ((uint64_t)(arg1[3]) * (x33 * 0x2));
x172 = ((uint64_t)(arg1[3]) * ((arg1[3]) * 0x2));
x173 = ((uint64_t)(arg1[2]) * x2);
x174 = ((uint64_t)(arg1[2]) * (x5 * 0x2));
x175 = ((uint64_t)(arg1[2]) * x9);
x176 = ((uint64_t)(arg1[2]) * x12);
x177 = ((uint64_t)(arg1[2]) * x15);
x178 = ((uint64_t)(arg1[2]) * x18);
x179 = ((uint64_t)(arg1[2]) * (x21 * 0x2));
x180 = ((uint64_t)(arg1[2]) * x24);
x181 = ((uint64_t)(arg1[2]) * x27);
x182 = ((uint64_t)(arg1[2]) * x28);
x183 = ((uint64_t)(arg1[2]) * x29);
x184 = ((uint64_t)(arg1[2]) * x30);
x185 = ((uint64_t)(arg1[2]) * x31);
x186 = ((uint64_t)(arg1[2]) * (x32 * 0x2));
x187 = ((uint64_t)(arg1[2]) * x33);
x188 = ((uint64_t)(arg1[2]) * x34);
x189 = ((uint64_t)(arg1[2]) * (arg1[2]));
x190 = ((uint64_t)(arg1[1]) * (x2 * 0x2));
x191 = ((uint64_t)(arg1[1]) * (x6 * 0x2));
x192 = ((uint64_t)(arg1[1]) * x9);
x193 = ((uint64_t)(arg1[1]) * (x12 * 0x2));
x194 = ((uint64_t)(arg1[1]) * x15);
x195 = ((uint64_t)(arg1[1]) * (x18 * 0x2));
x196 = ((uint64_t)(arg1[1]) * (x21 * 0x2));
x197 = ((uint64_t)(arg1[1]) * x24);
x198 = ((uint64_t)(arg1[1]) * (x27 * 0x2));
x199 = ((uint64_t)(arg1[1]) * x28);
x200 = ((uint64_t)(arg1[1]) * (x29 * 0x2));
x201 = ((uint64_t)(arg1[1]) * x30);
x202 = ((uint64_t)(arg1[1]) * (x31 * 0x2));
x203 = ((uint64_t)(arg1[1]) * (x32 * 0x2));
x204 = ((uint64_t)(arg1[1]) * x33);
x205 = ((uint64_t)(arg1[1]) * (x34 * 0x2));
x206 = ((uint64_t)(arg1[1]) * x35);
x207 = ((uint64_t)(arg1[1]) * ((arg1[1]) * 0x2));
x208 = ((uint64_t)(arg1[0]) * x3);
x209 = ((uint64_t)(arg1[0]) * x6);
x210 = ((uint64_t)(arg1[0]) * x9);
x211 = ((uint64_t)(arg1[0]) * x12);
x212 = ((uint64_t)(arg1[0]) * x15);
x213 = ((uint64_t)(arg1[0]) * x18);
x214 = ((uint64_t)(arg1[0]) * x21);
x215 = ((uint64_t)(arg1[0]) * x24);
x216 = ((uint64_t)(arg1[0]) * x27);
x217 = ((uint64_t)(arg1[0]) * x28);
x218 = ((uint64_t)(arg1[0]) * x29);
x219 = ((uint64_t)(arg1[0]) * x30);
x220 = ((uint64_t)(arg1[0]) * x31);
x221 = ((uint64_t)(arg1[0]) * x32);
x222 = ((uint64_t)(arg1[0]) * x33);
x223 = ((uint64_t)(arg1[0]) * x34);
x224 = ((uint64_t)(arg1[0]) * x35);
x225 = ((uint64_t)(arg1[0]) * x36);
x226 = ((uint64_t)(arg1[0]) * (arg1[0]));
x227 =
(x226 +
(x190 +
(x174 + (x159 + (x145 + (x132 + (x120 + (x109 + (x99 + x90)))))))));
x228 = (x227 >> 28);
x229 = (uint32_t)(x227 & UINT32_C(0xfffffff));
x230 =
(x208 +
(x191 +
(x175 + (x160 + (x146 + (x133 + (x121 + (x110 + (x100 + x91)))))))));
x231 =
(x209 +
(x192 +
(x176 + (x161 + (x147 + (x134 + (x122 + (x111 + (x101 + x37)))))))));
x232 =
(x210 +
(x193 +
(x177 + (x162 + (x148 + (x135 + (x123 + (x112 + (x102 + x38)))))))));
x233 =
(x211 +
(x194 +
(x178 + (x163 + (x149 + (x136 + (x124 + (x113 + (x40 + x39)))))))));
x234 =
(x212 +
(x195 +
(x179 + (x164 + (x150 + (x137 + (x125 + (x114 + (x43 + x41)))))))));
x235 = (x213 +
(x196 +
(x180 + (x165 + (x151 + (x138 + (x126 + (x47 + (x44 + x42)))))))));
x236 = (x214 +
(x197 +
(x181 + (x166 + (x152 + (x139 + (x127 + (x52 + (x48 + x45)))))))));
x237 = (x215 +
(x198 +
(x182 + (x167 + (x153 + (x140 + (x58 + (x53 + (x49 + x46)))))))));
x238 = (x216 +
(x199 +
(x183 + (x168 + (x154 + (x141 + (x65 + (x59 + (x54 + x50)))))))));
x239 = (x217 +
(x200 +
(x184 + (x169 + (x155 + (x73 + (x66 + (x60 + (x55 + x51)))))))));
x240 = (x218 +
(x201 +
(x185 + (x170 + (x156 + (x82 + (x74 + (x67 + (x61 + x56)))))))));
x241 = (x219 +
(x202 +
(x186 + (x171 + (x92 + (x83 + (x75 + (x68 + (x62 + x57)))))))));
x242 = (x220 +
(x203 +
(x187 + (x172 + (x103 + (x93 + (x84 + (x76 + (x69 + x63)))))))));
x243 = (x221 +
(x204 +
(x188 + (x115 + (x104 + (x94 + (x85 + (x77 + (x70 + x64)))))))));
x244 = (x222 +
(x205 +
(x189 + (x128 + (x116 + (x105 + (x95 + (x86 + (x78 + x71)))))))));
x245 = (x223 +
(x206 +
(x142 + (x129 + (x117 + (x106 + (x96 + (x87 + (x79 + x72)))))))));
x246 = (x224 +
(x207 +
(x157 + (x143 + (x130 + (x118 + (x107 + (x97 + (x88 + x80)))))))));
x247 = (x225 +
(x173 +
(x158 + (x144 + (x131 + (x119 + (x108 + (x98 + (x89 + x81)))))))));
x248 = (x228 + x247);
x249 = (x248 >> 27);
x250 = (uint32_t)(x248 & UINT32_C(0x7ffffff));
x251 = (x249 + x246);
x252 = (x251 >> 28);
x253 = (uint32_t)(x251 & UINT32_C(0xfffffff));
x254 = (x252 + x245);
x255 = (x254 >> 27);
x256 = (uint32_t)(x254 & UINT32_C(0x7ffffff));
x257 = (x255 + x244);
x258 = (x257 >> 28);
x259 = (uint32_t)(x257 & UINT32_C(0xfffffff));
x260 = (x258 + x243);
x261 = (x260 >> 27);
x262 = (uint32_t)(x260 & UINT32_C(0x7ffffff));
x263 = (x261 + x242);
x264 = (x263 >> 27);
x265 = (uint32_t)(x263 & UINT32_C(0x7ffffff));
x266 = (x264 + x241);
x267 = (x266 >> 28);
x268 = (uint32_t)(x266 & UINT32_C(0xfffffff));
x269 = (x267 + x240);
x270 = (x269 >> 27);
x271 = (uint32_t)(x269 & UINT32_C(0x7ffffff));
x272 = (x270 + x239);
x273 = (x272 >> 28);
x274 = (uint32_t)(x272 & UINT32_C(0xfffffff));
x275 = (x273 + x238);
x276 = (x275 >> 27);
x277 = (uint32_t)(x275 & UINT32_C(0x7ffffff));
x278 = (x276 + x237);
x279 = (x278 >> 28);
x280 = (uint32_t)(x278 & UINT32_C(0xfffffff));
x281 = (x279 + x236);
x282 = (x281 >> 27);
x283 = (uint32_t)(x281 & UINT32_C(0x7ffffff));
x284 = (x282 + x235);
x285 = (x284 >> 27);
x286 = (uint32_t)(x284 & UINT32_C(0x7ffffff));
x287 = (x285 + x234);
x288 = (x287 >> 28);
x289 = (uint32_t)(x287 & UINT32_C(0xfffffff));
x290 = (x288 + x233);
x291 = (x290 >> 27);
x292 = (uint32_t)(x290 & UINT32_C(0x7ffffff));
x293 = (x291 + x232);
x294 = (x293 >> 28);
x295 = (uint32_t)(x293 & UINT32_C(0xfffffff));
x296 = (x294 + x231);
x297 = (x296 >> 27);
x298 = (uint32_t)(x296 & UINT32_C(0x7ffffff));
x299 = (x297 + x230);
x300 = (x299 >> 27);
x301 = (uint32_t)(x299 & UINT32_C(0x7ffffff));
x302 = (x229 + x300);
x303 = (uint32_t)(x302 >> 28);
x304 = (uint32_t)(x302 & UINT32_C(0xfffffff));
x305 = (x303 + x250);
x306 = (fiat_secp521r1_uint1)(x305 >> 27);
x307 = (x305 & UINT32_C(0x7ffffff));
x308 = (x306 + x253);
out1[0] = x304;
out1[1] = x307;
out1[2] = x308;
out1[3] = x256;
out1[4] = x259;
out1[5] = x262;
out1[6] = x265;
out1[7] = x268;
out1[8] = x271;
out1[9] = x274;
out1[10] = x277;
out1[11] = x280;
out1[12] = x283;
out1[13] = x286;
out1[14] = x289;
out1[15] = x292;
out1[16] = x295;
out1[17] = x298;
out1[18] = x301;
}
/*
* The function fiat_secp521r1_carry reduces a field element.
*
* Postconditions:
* eval out1 mod m = eval arg1 mod m
*
*/
/*
* The function fiat_secp521r1_add adds two field elements.
*
* Postconditions:
* eval out1 mod m = (eval arg1 + eval arg2) mod m
*
*/
/*
* The function fiat_secp521r1_sub subtracts two field elements.
*
* Postconditions:
* eval out1 mod m = (eval arg1 - eval arg2) mod m
*
*/
/*
* The function fiat_secp521r1_opp negates a field element.
*
* Postconditions:
* eval out1 mod m = -eval arg1 mod m
*
*/
/*
* The function fiat_secp521r1_carry_add adds two field elements.
*
* Postconditions:
* eval out1 mod m = (eval arg1 + eval arg2) mod m
*
*/
static void fiat_secp521r1_carry_add(
fiat_secp521r1_tight_field_element out1,
const fiat_secp521r1_tight_field_element arg1,
const fiat_secp521r1_tight_field_element arg2) {
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint32_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t x16;
uint32_t x17;
uint32_t x18;
uint32_t x19;
uint32_t x20;
uint32_t x21;
uint32_t x22;
uint32_t x23;
uint32_t x24;
uint32_t x25;
uint32_t x26;
uint32_t x27;
uint32_t x28;
uint32_t x29;
uint32_t x30;
uint32_t x31;
uint32_t x32;
uint32_t x33;
uint32_t x34;
uint32_t x35;
uint32_t x36;
uint32_t x37;
uint32_t x38;
uint32_t x39;
uint32_t x40;
x1 = ((arg1[0]) + (arg2[0]));
x2 = ((x1 >> 28) + ((arg1[1]) + (arg2[1])));
x3 = ((x2 >> 27) + ((arg1[2]) + (arg2[2])));
x4 = ((x3 >> 28) + ((arg1[3]) + (arg2[3])));
x5 = ((x4 >> 27) + ((arg1[4]) + (arg2[4])));
x6 = ((x5 >> 28) + ((arg1[5]) + (arg2[5])));
x7 = ((x6 >> 27) + ((arg1[6]) + (arg2[6])));
x8 = ((x7 >> 27) + ((arg1[7]) + (arg2[7])));
x9 = ((x8 >> 28) + ((arg1[8]) + (arg2[8])));
x10 = ((x9 >> 27) + ((arg1[9]) + (arg2[9])));
x11 = ((x10 >> 28) + ((arg1[10]) + (arg2[10])));
x12 = ((x11 >> 27) + ((arg1[11]) + (arg2[11])));
x13 = ((x12 >> 28) + ((arg1[12]) + (arg2[12])));
x14 = ((x13 >> 27) + ((arg1[13]) + (arg2[13])));
x15 = ((x14 >> 27) + ((arg1[14]) + (arg2[14])));
x16 = ((x15 >> 28) + ((arg1[15]) + (arg2[15])));
x17 = ((x16 >> 27) + ((arg1[16]) + (arg2[16])));
x18 = ((x17 >> 28) + ((arg1[17]) + (arg2[17])));
x19 = ((x18 >> 27) + ((arg1[18]) + (arg2[18])));
x20 = ((x1 & UINT32_C(0xfffffff)) + (x19 >> 27));
x21 = ((fiat_secp521r1_uint1)(x20 >> 28) + (x2 & UINT32_C(0x7ffffff)));
x22 = (x20 & UINT32_C(0xfffffff));
x23 = (x21 & UINT32_C(0x7ffffff));
x24 = ((fiat_secp521r1_uint1)(x21 >> 27) + (x3 & UINT32_C(0xfffffff)));
x25 = (x4 & UINT32_C(0x7ffffff));
x26 = (x5 & UINT32_C(0xfffffff));
x27 = (x6 & UINT32_C(0x7ffffff));
x28 = (x7 & UINT32_C(0x7ffffff));
x29 = (x8 & UINT32_C(0xfffffff));
x30 = (x9 & UINT32_C(0x7ffffff));
x31 = (x10 & UINT32_C(0xfffffff));
x32 = (x11 & UINT32_C(0x7ffffff));
x33 = (x12 & UINT32_C(0xfffffff));
x34 = (x13 & UINT32_C(0x7ffffff));
x35 = (x14 & UINT32_C(0x7ffffff));
x36 = (x15 & UINT32_C(0xfffffff));
x37 = (x16 & UINT32_C(0x7ffffff));
x38 = (x17 & UINT32_C(0xfffffff));
x39 = (x18 & UINT32_C(0x7ffffff));
x40 = (x19 & UINT32_C(0x7ffffff));
out1[0] = x22;
out1[1] = x23;
out1[2] = x24;
out1[3] = x25;
out1[4] = x26;
out1[5] = x27;
out1[6] = x28;
out1[7] = x29;
out1[8] = x30;
out1[9] = x31;
out1[10] = x32;
out1[11] = x33;
out1[12] = x34;
out1[13] = x35;
out1[14] = x36;
out1[15] = x37;
out1[16] = x38;
out1[17] = x39;
out1[18] = x40;
}
/*
* The function fiat_secp521r1_carry_sub subtracts two field elements.
*
* Postconditions:
* eval out1 mod m = (eval arg1 - eval arg2) mod m
*
*/
static void fiat_secp521r1_carry_sub(
fiat_secp521r1_tight_field_element out1,
const fiat_secp521r1_tight_field_element arg1,
const fiat_secp521r1_tight_field_element arg2) {
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint32_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t x16;
uint32_t x17;
uint32_t x18;
uint32_t x19;
uint32_t x20;
uint32_t x21;
uint32_t x22;
uint32_t x23;
uint32_t x24;
uint32_t x25;
uint32_t x26;
uint32_t x27;
uint32_t x28;
uint32_t x29;
uint32_t x30;
uint32_t x31;
uint32_t x32;
uint32_t x33;
uint32_t x34;
uint32_t x35;
uint32_t x36;
uint32_t x37;
uint32_t x38;
uint32_t x39;
uint32_t x40;
x1 = ((UINT32_C(0x1ffffffe) + (arg1[0])) - (arg2[0]));
x2 = ((x1 >> 28) + ((UINT32_C(0xffffffe) + (arg1[1])) - (arg2[1])));
x3 = ((x2 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[2])) - (arg2[2])));
x4 = ((x3 >> 28) + ((UINT32_C(0xffffffe) + (arg1[3])) - (arg2[3])));
x5 = ((x4 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[4])) - (arg2[4])));
x6 = ((x5 >> 28) + ((UINT32_C(0xffffffe) + (arg1[5])) - (arg2[5])));
x7 = ((x6 >> 27) + ((UINT32_C(0xffffffe) + (arg1[6])) - (arg2[6])));
x8 = ((x7 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[7])) - (arg2[7])));
x9 = ((x8 >> 28) + ((UINT32_C(0xffffffe) + (arg1[8])) - (arg2[8])));
x10 = ((x9 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[9])) - (arg2[9])));
x11 = ((x10 >> 28) + ((UINT32_C(0xffffffe) + (arg1[10])) - (arg2[10])));
x12 = ((x11 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[11])) - (arg2[11])));
x13 = ((x12 >> 28) + ((UINT32_C(0xffffffe) + (arg1[12])) - (arg2[12])));
x14 = ((x13 >> 27) + ((UINT32_C(0xffffffe) + (arg1[13])) - (arg2[13])));
x15 = ((x14 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[14])) - (arg2[14])));
x16 = ((x15 >> 28) + ((UINT32_C(0xffffffe) + (arg1[15])) - (arg2[15])));
x17 = ((x16 >> 27) + ((UINT32_C(0x1ffffffe) + (arg1[16])) - (arg2[16])));
x18 = ((x17 >> 28) + ((UINT32_C(0xffffffe) + (arg1[17])) - (arg2[17])));
x19 = ((x18 >> 27) + ((UINT32_C(0xffffffe) + (arg1[18])) - (arg2[18])));
x20 = ((x1 & UINT32_C(0xfffffff)) + (x19 >> 27));
x21 = ((fiat_secp521r1_uint1)(x20 >> 28) + (x2 & UINT32_C(0x7ffffff)));
x22 = (x20 & UINT32_C(0xfffffff));
x23 = (x21 & UINT32_C(0x7ffffff));
x24 = ((fiat_secp521r1_uint1)(x21 >> 27) + (x3 & UINT32_C(0xfffffff)));
x25 = (x4 & UINT32_C(0x7ffffff));
x26 = (x5 & UINT32_C(0xfffffff));
x27 = (x6 & UINT32_C(0x7ffffff));
x28 = (x7 & UINT32_C(0x7ffffff));
x29 = (x8 & UINT32_C(0xfffffff));
x30 = (x9 & UINT32_C(0x7ffffff));
x31 = (x10 & UINT32_C(0xfffffff));
x32 = (x11 & UINT32_C(0x7ffffff));
x33 = (x12 & UINT32_C(0xfffffff));
x34 = (x13 & UINT32_C(0x7ffffff));
x35 = (x14 & UINT32_C(0x7ffffff));
x36 = (x15 & UINT32_C(0xfffffff));
x37 = (x16 & UINT32_C(0x7ffffff));
x38 = (x17 & UINT32_C(0xfffffff));
x39 = (x18 & UINT32_C(0x7ffffff));
x40 = (x19 & UINT32_C(0x7ffffff));
out1[0] = x22;
out1[1] = x23;
out1[2] = x24;
out1[3] = x25;
out1[4] = x26;
out1[5] = x27;
out1[6] = x28;
out1[7] = x29;
out1[8] = x30;
out1[9] = x31;
out1[10] = x32;
out1[11] = x33;
out1[12] = x34;
out1[13] = x35;
out1[14] = x36;
out1[15] = x37;
out1[16] = x38;
out1[17] = x39;
out1[18] = x40;
}
/*
* The function fiat_secp521r1_carry_opp negates a field element.
*
* Postconditions:
* eval out1 mod m = -eval arg1 mod m
*
*/
static void fiat_secp521r1_carry_opp(
fiat_secp521r1_tight_field_element out1,
const fiat_secp521r1_tight_field_element arg1) {
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint32_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t x16;
uint32_t x17;
uint32_t x18;
uint32_t x19;
uint32_t x20;
uint32_t x21;
uint32_t x22;
uint32_t x23;
uint32_t x24;
uint32_t x25;
uint32_t x26;
uint32_t x27;
uint32_t x28;
uint32_t x29;
uint32_t x30;
uint32_t x31;
uint32_t x32;
uint32_t x33;
uint32_t x34;
uint32_t x35;
uint32_t x36;
uint32_t x37;
uint32_t x38;
uint32_t x39;
uint32_t x40;
x1 = (UINT32_C(0x1ffffffe) - (arg1[0]));
x2 = ((fiat_secp521r1_uint1)(x1 >> 28) + (UINT32_C(0xffffffe) - (arg1[1])));
x3 =
((fiat_secp521r1_uint1)(x2 >> 27) + (UINT32_C(0x1ffffffe) - (arg1[2])));
x4 = ((fiat_secp521r1_uint1)(x3 >> 28) + (UINT32_C(0xffffffe) - (arg1[3])));
x5 =
((fiat_secp521r1_uint1)(x4 >> 27) + (UINT32_C(0x1ffffffe) - (arg1[4])));
x6 = ((fiat_secp521r1_uint1)(x5 >> 28) + (UINT32_C(0xffffffe) - (arg1[5])));
x7 = ((fiat_secp521r1_uint1)(x6 >> 27) + (UINT32_C(0xffffffe) - (arg1[6])));
x8 =
((fiat_secp521r1_uint1)(x7 >> 27) + (UINT32_C(0x1ffffffe) - (arg1[7])));
x9 = ((fiat_secp521r1_uint1)(x8 >> 28) + (UINT32_C(0xffffffe) - (arg1[8])));
x10 =
((fiat_secp521r1_uint1)(x9 >> 27) + (UINT32_C(0x1ffffffe) - (arg1[9])));
x11 = ((fiat_secp521r1_uint1)(x10 >> 28) +
(UINT32_C(0xffffffe) - (arg1[10])));
x12 = ((fiat_secp521r1_uint1)(x11 >> 27) +
(UINT32_C(0x1ffffffe) - (arg1[11])));
x13 = ((fiat_secp521r1_uint1)(x12 >> 28) +
(UINT32_C(0xffffffe) - (arg1[12])));
x14 = ((fiat_secp521r1_uint1)(x13 >> 27) +
(UINT32_C(0xffffffe) - (arg1[13])));
x15 = ((fiat_secp521r1_uint1)(x14 >> 27) +
(UINT32_C(0x1ffffffe) - (arg1[14])));
x16 = ((fiat_secp521r1_uint1)(x15 >> 28) +
(UINT32_C(0xffffffe) - (arg1[15])));
x17 = ((fiat_secp521r1_uint1)(x16 >> 27) +
(UINT32_C(0x1ffffffe) - (arg1[16])));
x18 = ((fiat_secp521r1_uint1)(x17 >> 28) +
(UINT32_C(0xffffffe) - (arg1[17])));
x19 = ((fiat_secp521r1_uint1)(x18 >> 27) +
(UINT32_C(0xffffffe) - (arg1[18])));
x20 = ((x1 & UINT32_C(0xfffffff)) +
(uint32_t)(fiat_secp521r1_uint1)(x19 >> 27));
x21 = ((fiat_secp521r1_uint1)(x20 >> 28) + (x2 & UINT32_C(0x7ffffff)));
x22 = (x20 & UINT32_C(0xfffffff));
x23 = (x21 & UINT32_C(0x7ffffff));
x24 = ((fiat_secp521r1_uint1)(x21 >> 27) + (x3 & UINT32_C(0xfffffff)));
x25 = (x4 & UINT32_C(0x7ffffff));
x26 = (x5 & UINT32_C(0xfffffff));
x27 = (x6 & UINT32_C(0x7ffffff));
x28 = (x7 & UINT32_C(0x7ffffff));
x29 = (x8 & UINT32_C(0xfffffff));
x30 = (x9 & UINT32_C(0x7ffffff));
x31 = (x10 & UINT32_C(0xfffffff));
x32 = (x11 & UINT32_C(0x7ffffff));
x33 = (x12 & UINT32_C(0xfffffff));
x34 = (x13 & UINT32_C(0x7ffffff));
x35 = (x14 & UINT32_C(0x7ffffff));
x36 = (x15 & UINT32_C(0xfffffff));
x37 = (x16 & UINT32_C(0x7ffffff));
x38 = (x17 & UINT32_C(0xfffffff));
x39 = (x18 & UINT32_C(0x7ffffff));
x40 = (x19 & UINT32_C(0x7ffffff));
out1[0] = x22;
out1[1] = x23;
out1[2] = x24;
out1[3] = x25;
out1[4] = x26;
out1[5] = x27;
out1[6] = x28;
out1[7] = x29;
out1[8] = x30;
out1[9] = x31;
out1[10] = x32;
out1[11] = x33;
out1[12] = x34;
out1[13] = x35;
out1[14] = x36;
out1[15] = x37;
out1[16] = x38;
out1[17] = x39;
out1[18] = x40;
}
/*
* The function fiat_secp521r1_relax is the identity function converting from tight field elements to loose field elements.
*
* Postconditions:
* out1 = arg1
*
*/
/*
* The function fiat_secp521r1_selectznz is a multi-limb conditional select.
*
* Postconditions:
* eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
*
* Input Bounds:
* arg1: [0x0 ~> 0x1]
* arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
* arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
* Output Bounds:
* out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
*/
static void fiat_secp521r1_selectznz(uint32_t out1[19],
fiat_secp521r1_uint1 arg1,
const uint32_t arg2[19],
const uint32_t arg3[19]) {
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint32_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t x16;
uint32_t x17;
uint32_t x18;
uint32_t x19;
fiat_secp521r1_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0]));
fiat_secp521r1_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1]));
fiat_secp521r1_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2]));
fiat_secp521r1_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3]));
fiat_secp521r1_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4]));
fiat_secp521r1_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5]));
fiat_secp521r1_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6]));
fiat_secp521r1_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7]));
fiat_secp521r1_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8]));
fiat_secp521r1_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9]));
fiat_secp521r1_cmovznz_u32(&x11, arg1, (arg2[10]), (arg3[10]));
fiat_secp521r1_cmovznz_u32(&x12, arg1, (arg2[11]), (arg3[11]));
fiat_secp521r1_cmovznz_u32(&x13, arg1, (arg2[12]), (arg3[12]));
fiat_secp521r1_cmovznz_u32(&x14, arg1, (arg2[13]), (arg3[13]));
fiat_secp521r1_cmovznz_u32(&x15, arg1, (arg2[14]), (arg3[14]));
fiat_secp521r1_cmovznz_u32(&x16, arg1, (arg2[15]), (arg3[15]));
fiat_secp521r1_cmovznz_u32(&x17, arg1, (arg2[16]), (arg3[16]));
fiat_secp521r1_cmovznz_u32(&x18, arg1, (arg2[17]), (arg3[17]));
fiat_secp521r1_cmovznz_u32(&x19, arg1, (arg2[18]), (arg3[18]));
out1[0] = x1;
out1[1] = x2;
out1[2] = x3;
out1[3] = x4;
out1[4] = x5;
out1[5] = x6;
out1[6] = x7;
out1[7] = x8;
out1[8] = x9;
out1[9] = x10;
out1[10] = x11;
out1[11] = x12;
out1[12] = x13;
out1[13] = x14;
out1[14] = x15;
out1[15] = x16;
out1[16] = x17;
out1[17] = x18;
out1[18] = x19;
}
/*
* The function fiat_secp521r1_to_bytes serializes a field element to bytes in little-endian order.
*
* Postconditions:
* out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65]
*
* Output Bounds:
* out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]]
*/
static void fiat_secp521r1_to_bytes(
uint8_t out1[66], const fiat_secp521r1_tight_field_element arg1) {
uint32_t x1;
fiat_secp521r1_uint1 x2;
uint32_t x3;
fiat_secp521r1_uint1 x4;
uint32_t x5;
fiat_secp521r1_uint1 x6;
uint32_t x7;
fiat_secp521r1_uint1 x8;
uint32_t x9;
fiat_secp521r1_uint1 x10;
uint32_t x11;
fiat_secp521r1_uint1 x12;
uint32_t x13;
fiat_secp521r1_uint1 x14;
uint32_t x15;
fiat_secp521r1_uint1 x16;
uint32_t x17;
fiat_secp521r1_uint1 x18;
uint32_t x19;
fiat_secp521r1_uint1 x20;
uint32_t x21;
fiat_secp521r1_uint1 x22;
uint32_t x23;
fiat_secp521r1_uint1 x24;
uint32_t x25;
fiat_secp521r1_uint1 x26;
uint32_t x27;
fiat_secp521r1_uint1 x28;
uint32_t x29;
fiat_secp521r1_uint1 x30;
uint32_t x31;
fiat_secp521r1_uint1 x32;
uint32_t x33;
fiat_secp521r1_uint1 x34;
uint32_t x35;
fiat_secp521r1_uint1 x36;
uint32_t x37;
fiat_secp521r1_uint1 x38;
uint32_t x39;
uint32_t x40;
fiat_secp521r1_uint1 x41;
uint32_t x42;
fiat_secp521r1_uint1 x43;
uint32_t x44;
fiat_secp521r1_uint1 x45;
uint32_t x46;
fiat_secp521r1_uint1 x47;
uint32_t x48;
fiat_secp521r1_uint1 x49;
uint32_t x50;
fiat_secp521r1_uint1 x51;
uint32_t x52;
fiat_secp521r1_uint1 x53;
uint32_t x54;
fiat_secp521r1_uint1 x55;
uint32_t x56;
fiat_secp521r1_uint1 x57;
uint32_t x58;
fiat_secp521r1_uint1 x59;
uint32_t x60;
fiat_secp521r1_uint1 x61;
uint32_t x62;
fiat_secp521r1_uint1 x63;
uint32_t x64;
fiat_secp521r1_uint1 x65;
uint32_t x66;
fiat_secp521r1_uint1 x67;
uint32_t x68;
fiat_secp521r1_uint1 x69;
uint32_t x70;
fiat_secp521r1_uint1 x71;
uint32_t x72;
fiat_secp521r1_uint1 x73;
uint32_t x74;
fiat_secp521r1_uint1 x75;
uint32_t x76;
fiat_secp521r1_uint1 x77;
uint64_t x78;
uint32_t x79;
uint64_t x80;
uint32_t x81;
uint32_t x82;
uint32_t x83;
uint64_t x84;
uint32_t x85;
uint64_t x86;
uint32_t x87;
uint32_t x88;
uint32_t x89;
uint64_t x90;
uint32_t x91;
uint64_t x92;
uint32_t x93;
uint8_t x94;
uint32_t x95;
uint8_t x96;
uint32_t x97;
uint8_t x98;
uint8_t x99;
uint32_t x100;
uint8_t x101;
uint32_t x102;
uint8_t x103;
uint32_t x104;
uint8_t x105;
uint8_t x106;
uint64_t x107;
uint8_t x108;
uint32_t x109;
uint8_t x110;
uint32_t x111;
uint8_t x112;
uint32_t x113;
uint8_t x114;
uint8_t x115;
uint32_t x116;
uint8_t x117;
uint32_t x118;
uint8_t x119;
uint32_t x120;
uint8_t x121;
uint8_t x122;
uint64_t x123;
uint8_t x124;
uint32_t x125;
uint8_t x126;
uint32_t x127;
uint8_t x128;
uint32_t x129;
uint8_t x130;
uint8_t x131;
uint32_t x132;
uint8_t x133;
uint32_t x134;
uint8_t x135;
uint32_t x136;
uint8_t x137;
uint8_t x138;
uint32_t x139;
uint8_t x140;
uint32_t x141;
uint8_t x142;
uint32_t x143;
uint8_t x144;
uint8_t x145;
uint8_t x146;
uint32_t x147;
uint8_t x148;
uint32_t x149;
uint8_t x150;
uint8_t x151;
uint32_t x152;
uint8_t x153;
uint32_t x154;
uint8_t x155;
uint32_t x156;
uint8_t x157;
uint8_t x158;
uint64_t x159;
uint8_t x160;
uint32_t x161;
uint8_t x162;
uint32_t x163;
uint8_t x164;
uint32_t x165;
uint8_t x166;
uint8_t x167;
uint32_t x168;
uint8_t x169;
uint32_t x170;
uint8_t x171;
uint32_t x172;
uint8_t x173;
uint8_t x174;
uint64_t x175;
uint8_t x176;
uint32_t x177;
uint8_t x178;
uint32_t x179;
uint8_t x180;
uint32_t x181;
uint8_t x182;
uint8_t x183;
uint32_t x184;
uint8_t x185;
uint32_t x186;
uint8_t x187;
uint32_t x188;
uint8_t x189;
uint8_t x190;
uint32_t x191;
uint8_t x192;
uint32_t x193;
uint8_t x194;
uint32_t x195;
uint8_t x196;
uint8_t x197;
uint8_t x198;
uint32_t x199;
uint8_t x200;
uint32_t x201;
uint8_t x202;
uint8_t x203;
uint32_t x204;
uint8_t x205;
uint32_t x206;
uint8_t x207;
uint32_t x208;
uint8_t x209;
uint8_t x210;
uint64_t x211;
uint8_t x212;
uint32_t x213;
uint8_t x214;
uint32_t x215;
uint8_t x216;
uint32_t x217;
uint8_t x218;
uint8_t x219;
uint32_t x220;
uint8_t x221;
uint32_t x222;
uint8_t x223;
uint32_t x224;
uint8_t x225;
uint8_t x226;
uint64_t x227;
uint8_t x228;
uint32_t x229;
uint8_t x230;
uint32_t x231;
uint8_t x232;
uint32_t x233;
uint8_t x234;
fiat_secp521r1_uint1 x235;
fiat_secp521r1_subborrowx_u28(&x1, &x2, 0x0, (arg1[0]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x3, &x4, x2, (arg1[1]), UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x5, &x6, x4, (arg1[2]), UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x7, &x8, x6, (arg1[3]), UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x9, &x10, x8, (arg1[4]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x11, &x12, x10, (arg1[5]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u27(&x13, &x14, x12, (arg1[6]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x15, &x16, x14, (arg1[7]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x17, &x18, x16, (arg1[8]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x19, &x20, x18, (arg1[9]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x21, &x22, x20, (arg1[10]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x23, &x24, x22, (arg1[11]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x25, &x26, x24, (arg1[12]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u27(&x27, &x28, x26, (arg1[13]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x29, &x30, x28, (arg1[14]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x31, &x32, x30, (arg1[15]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u28(&x33, &x34, x32, (arg1[16]),
UINT32_C(0xfffffff));
fiat_secp521r1_subborrowx_u27(&x35, &x36, x34, (arg1[17]),
UINT32_C(0x7ffffff));
fiat_secp521r1_subborrowx_u27(&x37, &x38, x36, (arg1[18]),
UINT32_C(0x7ffffff));
fiat_secp521r1_cmovznz_u32(&x39, x38, 0x0, UINT32_C(0xffffffff));
fiat_secp521r1_addcarryx_u28(&x40, &x41, 0x0, x1,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x42, &x43, x41, x3,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x44, &x45, x43, x5,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x46, &x47, x45, x7,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x48, &x49, x47, x9,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x50, &x51, x49, x11,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u27(&x52, &x53, x51, x13,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x54, &x55, x53, x15,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x56, &x57, x55, x17,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x58, &x59, x57, x19,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x60, &x61, x59, x21,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x62, &x63, x61, x23,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x64, &x65, x63, x25,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u27(&x66, &x67, x65, x27,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x68, &x69, x67, x29,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x70, &x71, x69, x31,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u28(&x72, &x73, x71, x33,
(x39 & UINT32_C(0xfffffff)));
fiat_secp521r1_addcarryx_u27(&x74, &x75, x73, x35,
(x39 & UINT32_C(0x7ffffff)));
fiat_secp521r1_addcarryx_u27(&x76, &x77, x75, x37,
(x39 & UINT32_C(0x7ffffff)));
x78 = ((uint64_t)x76 << 6);
x79 = (x74 << 3);
x80 = ((uint64_t)x72 << 7);
x81 = (x70 << 4);
x82 = (x66 << 5);
x83 = (x64 << 2);
x84 = ((uint64_t)x62 << 6);
x85 = (x60 << 3);
x86 = ((uint64_t)x58 << 7);
x87 = (x56 << 4);
x88 = (x52 << 5);
x89 = (x50 << 2);
x90 = ((uint64_t)x48 << 6);
x91 = (x46 << 3);
x92 = ((uint64_t)x44 << 7);
x93 = (x42 << 4);
x94 = (uint8_t)(x40 & UINT8_C(0xff));
x95 = (x40 >> 8);
x96 = (uint8_t)(x95 & UINT8_C(0xff));
x97 = (x95 >> 8);
x98 = (uint8_t)(x97 & UINT8_C(0xff));
x99 = (uint8_t)(x97 >> 8);
x100 = (x93 + (uint32_t)x99);
x101 = (uint8_t)(x100 & UINT8_C(0xff));
x102 = (x100 >> 8);
x103 = (uint8_t)(x102 & UINT8_C(0xff));
x104 = (x102 >> 8);
x105 = (uint8_t)(x104 & UINT8_C(0xff));
x106 = (uint8_t)(x104 >> 8);
x107 = (x92 + (uint64_t)x106);
x108 = (uint8_t)(x107 & UINT8_C(0xff));
x109 = (uint32_t)(x107 >> 8);
x110 = (uint8_t)(x109 & UINT8_C(0xff));
x111 = (x109 >> 8);
x112 = (uint8_t)(x111 & UINT8_C(0xff));
x113 = (x111 >> 8);
x114 = (uint8_t)(x113 & UINT8_C(0xff));
x115 = (uint8_t)(x113 >> 8);
x116 = (x91 + (uint32_t)x115);
x117 = (uint8_t)(x116 & UINT8_C(0xff));
x118 = (x116 >> 8);
x119 = (uint8_t)(x118 & UINT8_C(0xff));
x120 = (x118 >> 8);
x121 = (uint8_t)(x120 & UINT8_C(0xff));
x122 = (uint8_t)(x120 >> 8);
x123 = (x90 + (uint64_t)x122);
x124 = (uint8_t)(x123 & UINT8_C(0xff));
x125 = (uint32_t)(x123 >> 8);
x126 = (uint8_t)(x125 & UINT8_C(0xff));
x127 = (x125 >> 8);
x128 = (uint8_t)(x127 & UINT8_C(0xff));
x129 = (x127 >> 8);
x130 = (uint8_t)(x129 & UINT8_C(0xff));
x131 = (uint8_t)(x129 >> 8);
x132 = (x89 + (uint32_t)x131);
x133 = (uint8_t)(x132 & UINT8_C(0xff));
x134 = (x132 >> 8);
x135 = (uint8_t)(x134 & UINT8_C(0xff));
x136 = (x134 >> 8);
x137 = (uint8_t)(x136 & UINT8_C(0xff));
x138 = (uint8_t)(x136 >> 8);
x139 = (x88 + (uint32_t)x138);
x140 = (uint8_t)(x139 & UINT8_C(0xff));
x141 = (x139 >> 8);
x142 = (uint8_t)(x141 & UINT8_C(0xff));
x143 = (x141 >> 8);
x144 = (uint8_t)(x143 & UINT8_C(0xff));
x145 = (uint8_t)(x143 >> 8);
x146 = (uint8_t)(x54 & UINT8_C(0xff));
x147 = (x54 >> 8);
x148 = (uint8_t)(x147 & UINT8_C(0xff));
x149 = (x147 >> 8);
x150 = (uint8_t)(x149 & UINT8_C(0xff));
x151 = (uint8_t)(x149 >> 8);
x152 = (x87 + (uint32_t)x151);
x153 = (uint8_t)(x152 & UINT8_C(0xff));
x154 = (x152 >> 8);
x155 = (uint8_t)(x154 & UINT8_C(0xff));
x156 = (x154 >> 8);
x157 = (uint8_t)(x156 & UINT8_C(0xff));
x158 = (uint8_t)(x156 >> 8);
x159 = (x86 + (uint64_t)x158);
x160 = (uint8_t)(x159 & UINT8_C(0xff));
x161 = (uint32_t)(x159 >> 8);
x162 = (uint8_t)(x161 & UINT8_C(0xff));
x163 = (x161 >> 8);
x164 = (uint8_t)(x163 & UINT8_C(0xff));
x165 = (x163 >> 8);
x166 = (uint8_t)(x165 & UINT8_C(0xff));
x167 = (uint8_t)(x165 >> 8);
x168 = (x85 + (uint32_t)x167);
x169 = (uint8_t)(x168 & UINT8_C(0xff));
x170 = (x168 >> 8);
x171 = (uint8_t)(x170 & UINT8_C(0xff));
x172 = (x170 >> 8);
x173 = (uint8_t)(x172 & UINT8_C(0xff));
x174 = (uint8_t)(x172 >> 8);
x175 = (x84 + (uint64_t)x174);
x176 = (uint8_t)(x175 & UINT8_C(0xff));
x177 = (uint32_t)(x175 >> 8);
x178 = (uint8_t)(x177 & UINT8_C(0xff));
x179 = (x177 >> 8);
x180 = (uint8_t)(x179 & UINT8_C(0xff));
x181 = (x179 >> 8);
x182 = (uint8_t)(x181 & UINT8_C(0xff));
x183 = (uint8_t)(x181 >> 8);
x184 = (x83 + (uint32_t)x183);
x185 = (uint8_t)(x184 & UINT8_C(0xff));
x186 = (x184 >> 8);
x187 = (uint8_t)(x186 & UINT8_C(0xff));
x188 = (x186 >> 8);
x189 = (uint8_t)(x188 & UINT8_C(0xff));
x190 = (uint8_t)(x188 >> 8);
x191 = (x82 + (uint32_t)x190);
x192 = (uint8_t)(x191 & UINT8_C(0xff));
x193 = (x191 >> 8);
x194 = (uint8_t)(x193 & UINT8_C(0xff));
x195 = (x193 >> 8);
x196 = (uint8_t)(x195 & UINT8_C(0xff));
x197 = (uint8_t)(x195 >> 8);
x198 = (uint8_t)(x68 & UINT8_C(0xff));
x199 = (x68 >> 8);
x200 = (uint8_t)(x199 & UINT8_C(0xff));
x201 = (x199 >> 8);
x202 = (uint8_t)(x201 & UINT8_C(0xff));
x203 = (uint8_t)(x201 >> 8);
x204 = (x81 + (uint32_t)x203);
x205 = (uint8_t)(x204 & UINT8_C(0xff));
x206 = (x204 >> 8);
x207 = (uint8_t)(x206 & UINT8_C(0xff));
x208 = (x206 >> 8);
x209 = (uint8_t)(x208 & UINT8_C(0xff));
x210 = (uint8_t)(x208 >> 8);
x211 = (x80 + (uint64_t)x210);
x212 = (uint8_t)(x211 & UINT8_C(0xff));
x213 = (uint32_t)(x211 >> 8);
x214 = (uint8_t)(x213 & UINT8_C(0xff));
x215 = (x213 >> 8);
x216 = (uint8_t)(x215 & UINT8_C(0xff));
x217 = (x215 >> 8);
x218 = (uint8_t)(x217 & UINT8_C(0xff));
x219 = (uint8_t)(x217 >> 8);
x220 = (x79 + (uint32_t)x219);
x221 = (uint8_t)(x220 & UINT8_C(0xff));
x222 = (x220 >> 8);
x223 = (uint8_t)(x222 & UINT8_C(0xff));
x224 = (x222 >> 8);
x225 = (uint8_t)(x224 & UINT8_C(0xff));
x226 = (uint8_t)(x224 >> 8);
x227 = (x78 + (uint64_t)x226);
x228 = (uint8_t)(x227 & UINT8_C(0xff));
x229 = (uint32_t)(x227 >> 8);
x230 = (uint8_t)(x229 & UINT8_C(0xff));
x231 = (x229 >> 8);
x232 = (uint8_t)(x231 & UINT8_C(0xff));
x233 = (x231 >> 8);
x234 = (uint8_t)(x233 & UINT8_C(0xff));
x235 = (fiat_secp521r1_uint1)(x233 >> 8);
out1[0] = x94;
out1[1] = x96;
out1[2] = x98;
out1[3] = x101;
out1[4] = x103;
out1[5] = x105;
out1[6] = x108;
out1[7] = x110;
out1[8] = x112;
out1[9] = x114;
out1[10] = x117;
out1[11] = x119;
out1[12] = x121;
out1[13] = x124;
out1[14] = x126;
out1[15] = x128;
out1[16] = x130;
out1[17] = x133;
out1[18] = x135;
out1[19] = x137;
out1[20] = x140;
out1[21] = x142;
out1[22] = x144;
out1[23] = x145;
out1[24] = x146;
out1[25] = x148;
out1[26] = x150;
out1[27] = x153;
out1[28] = x155;
out1[29] = x157;
out1[30] = x160;
out1[31] = x162;
out1[32] = x164;
out1[33] = x166;
out1[34] = x169;
out1[35] = x171;
out1[36] = x173;
out1[37] = x176;
out1[38] = x178;
out1[39] = x180;
out1[40] = x182;
out1[41] = x185;
out1[42] = x187;
out1[43] = x189;
out1[44] = x192;
out1[45] = x194;
out1[46] = x196;
out1[47] = x197;
out1[48] = x198;
out1[49] = x200;
out1[50] = x202;
out1[51] = x205;
out1[52] = x207;
out1[53] = x209;
out1[54] = x212;
out1[55] = x214;
out1[56] = x216;
out1[57] = x218;
out1[58] = x221;
out1[59] = x223;
out1[60] = x225;
out1[61] = x228;
out1[62] = x230;
out1[63] = x232;
out1[64] = x234;
out1[65] = x235;
}
/*
* The function fiat_secp521r1_from_bytes deserializes a field element from bytes in little-endian order.
*
* Postconditions:
* eval out1 mod m = bytes_eval arg1 mod m
*
* Input Bounds:
* arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]]
*/
static void fiat_secp521r1_from_bytes(fiat_secp521r1_tight_field_element out1,
const uint8_t arg1[66]) {
uint32_t x1;
uint32_t x2;
uint32_t x3;
uint32_t x4;
uint32_t x5;
uint32_t x6;
uint32_t x7;
uint64_t x8;
uint32_t x9;
uint32_t x10;
uint32_t x11;
uint32_t x12;
uint32_t x13;
uint32_t x14;
uint32_t x15;
uint32_t x16;
uint32_t x17;
uint8_t x18;
uint32_t x19;
uint32_t x20;
uint32_t x21;
uint32_t x22;
uint32_t x23;
uint32_t x24;
uint64_t x25;
uint32_t x26;
uint32_t x27;
uint32_t x28;
uint32_t x29;
uint32_t x30;
uint32_t x31;
uint64_t x32;
uint32_t x33;
uint32_t x34;
uint32_t x35;
uint32_t x36;
uint32_t x37;
uint32_t x38;
uint32_t x39;
uint32_t x40;
uint32_t x41;
uint8_t x42;
uint32_t x43;
uint32_t x44;
uint32_t x45;
uint32_t x46;
uint32_t x47;
uint32_t x48;
uint64_t x49;
uint32_t x50;
uint32_t x51;
uint32_t x52;
uint32_t x53;
uint32_t x54;
uint32_t x55;
uint64_t x56;
uint32_t x57;
uint32_t x58;
uint32_t x59;
uint32_t x60;
uint32_t x61;
uint32_t x62;
uint32_t x63;
uint32_t x64;
uint32_t x65;
uint8_t x66;
uint32_t x67;
uint32_t x68;
uint32_t x69;
uint32_t x70;
uint8_t x71;
uint32_t x72;
uint32_t x73;
uint32_t x74;
uint32_t x75;
fiat_secp521r1_uint1 x76;
uint32_t x77;
uint32_t x78;
uint32_t x79;
uint64_t x80;
uint32_t x81;
uint8_t x82;
uint32_t x83;
uint32_t x84;
uint32_t x85;
uint32_t x86;
uint8_t x87;
uint32_t x88;
uint32_t x89;
uint32_t x90;
uint64_t x91;
uint32_t x92;
uint8_t x93;
uint32_t x94;
uint32_t x95;
uint32_t x96;
uint32_t x97;
uint8_t x98;
uint32_t x99;
uint32_t x100;
uint32_t x101;
uint32_t x102;
uint32_t x103;
uint32_t x104;
uint32_t x105;
uint8_t x106;
uint32_t x107;
uint32_t x108;
uint32_t x109;
uint32_t x110;
fiat_secp521r1_uint1 x111;
uint32_t x112;
uint32_t x113;
uint32_t x114;
uint64_t x115;
uint32_t x116;
uint8_t x117;
uint32_t x118;
uint32_t x119;
uint32_t x120;
uint32_t x121;
uint8_t x122;
uint32_t x123;
uint32_t x124;
uint32_t x125;
uint64_t x126;
uint32_t x127;
uint8_t x128;
uint32_t x129;
uint32_t x130;
uint32_t x131;
uint32_t x132;
uint8_t x133;
uint32_t x134;
uint32_t x135;
uint32_t x136;
uint32_t x137;
uint32_t x138;
uint32_t x139;
uint32_t x140;
uint8_t x141;
uint32_t x142;
uint32_t x143;
uint32_t x144;
uint32_t x145;
fiat_secp521r1_uint1 x146;
uint32_t x147;
uint32_t x148;
uint32_t x149;
uint64_t x150;
uint32_t x151;
uint8_t x152;
uint32_t x153;
uint32_t x154;
uint32_t x155;
uint32_t x156;
uint8_t x157;
uint32_t x158;
uint32_t x159;
uint32_t x160;
uint32_t x161;
x1 = ((uint32_t)(fiat_secp521r1_uint1)(arg1[65]) << 26);
x2 = ((uint32_t)(arg1[64]) << 18);
x3 = ((uint32_t)(arg1[63]) << 10);
x4 = ((uint32_t)(arg1[62]) << 2);
x5 = ((uint32_t)(arg1[61]) << 21);
x6 = ((uint32_t)(arg1[60]) << 13);
x7 = ((uint32_t)(arg1[59]) << 5);
x8 = ((uint64_t)(arg1[58]) << 25);
x9 = ((uint32_t)(arg1[57]) << 17);
x10 = ((uint32_t)(arg1[56]) << 9);
x11 = ((uint32_t)(arg1[55]) * 0x2);
x12 = ((uint32_t)(arg1[54]) << 20);
x13 = ((uint32_t)(arg1[53]) << 12);
x14 = ((uint32_t)(arg1[52]) << 4);
x15 = ((uint32_t)(arg1[51]) << 24);
x16 = ((uint32_t)(arg1[50]) << 16);
x17 = ((uint32_t)(arg1[49]) << 8);
x18 = (arg1[48]);
x19 = ((uint32_t)(arg1[47]) << 19);
x20 = ((uint32_t)(arg1[46]) << 11);
x21 = ((uint32_t)(arg1[45]) << 3);
x22 = ((uint32_t)(arg1[44]) << 22);
x23 = ((uint32_t)(arg1[43]) << 14);
x24 = ((uint32_t)(arg1[42]) << 6);
x25 = ((uint64_t)(arg1[41]) << 26);
x26 = ((uint32_t)(arg1[40]) << 18);
x27 = ((uint32_t)(arg1[39]) << 10);
x28 = ((uint32_t)(arg1[38]) << 2);
x29 = ((uint32_t)(arg1[37]) << 21);
x30 = ((uint32_t)(arg1[36]) << 13);
x31 = ((uint32_t)(arg1[35]) << 5);
x32 = ((uint64_t)(arg1[34]) << 25);
x33 = ((uint32_t)(arg1[33]) << 17);
x34 = ((uint32_t)(arg1[32]) << 9);
x35 = ((uint32_t)(arg1[31]) * 0x2);
x36 = ((uint32_t)(arg1[30]) << 20);
x37 = ((uint32_t)(arg1[29]) << 12);
x38 = ((uint32_t)(arg1[28]) << 4);
x39 = ((uint32_t)(arg1[27]) << 24);
x40 = ((uint32_t)(arg1[26]) << 16);
x41 = ((uint32_t)(arg1[25]) << 8);
x42 = (arg1[24]);
x43 = ((uint32_t)(arg1[23]) << 19);
x44 = ((uint32_t)(arg1[22]) << 11);
x45 = ((uint32_t)(arg1[21]) << 3);
x46 = ((uint32_t)(arg1[20]) << 22);
x47 = ((uint32_t)(arg1[19]) << 14);
x48 = ((uint32_t)(arg1[18]) << 6);
x49 = ((uint64_t)(arg1[17]) << 26);
x50 = ((uint32_t)(arg1[16]) << 18);
x51 = ((uint32_t)(arg1[15]) << 10);
x52 = ((uint32_t)(arg1[14]) << 2);
x53 = ((uint32_t)(arg1[13]) << 21);
x54 = ((uint32_t)(arg1[12]) << 13);
x55 = ((uint32_t)(arg1[11]) << 5);
x56 = ((uint64_t)(arg1[10]) << 25);
x57 = ((uint32_t)(arg1[9]) << 17);
x58 = ((uint32_t)(arg1[8]) << 9);
x59 = ((uint32_t)(arg1[7]) * 0x2);
x60 = ((uint32_t)(arg1[6]) << 20);
x61 = ((uint32_t)(arg1[5]) << 12);
x62 = ((uint32_t)(arg1[4]) << 4);
x63 = ((uint32_t)(arg1[3]) << 24);
x64 = ((uint32_t)(arg1[2]) << 16);
x65 = ((uint32_t)(arg1[1]) << 8);
x66 = (arg1[0]);
x67 = (x65 + (uint32_t)x66);
x68 = (x64 + x67);
x69 = (x63 + x68);
x70 = (x69 & UINT32_C(0xfffffff));
x71 = (uint8_t)(x69 >> 28);
x72 = (x62 + (uint32_t)x71);
x73 = (x61 + x72);
x74 = (x60 + x73);
x75 = (x74 & UINT32_C(0x7ffffff));
x76 = (fiat_secp521r1_uint1)(x74 >> 27);
x77 = (x59 + (uint32_t)x76);
x78 = (x58 + x77);
x79 = (x57 + x78);
x80 = (x56 + x79);
x81 = (uint32_t)(x80 & UINT32_C(0xfffffff));
x82 = (uint8_t)(x80 >> 28);
x83 = (x55 + (uint32_t)x82);
x84 = (x54 + x83);
x85 = (x53 + x84);
x86 = (x85 & UINT32_C(0x7ffffff));
x87 = (uint8_t)(x85 >> 27);
x88 = (x52 + (uint32_t)x87);
x89 = (x51 + x88);
x90 = (x50 + x89);
x91 = (x49 + x90);
x92 = (uint32_t)(x91 & UINT32_C(0xfffffff));
x93 = (uint8_t)(x91 >> 28);
x94 = (x48 + (uint32_t)x93);
x95 = (x47 + x94);
x96 = (x46 + x95);
x97 = (x96 & UINT32_C(0x7ffffff));
x98 = (uint8_t)(x96 >> 27);
x99 = (x45 + (uint32_t)x98);
x100 = (x44 + x99);
x101 = (x43 + x100);
x102 = (x41 + (uint32_t)x42);
x103 = (x40 + x102);
x104 = (x39 + x103);
x105 = (x104 & UINT32_C(0xfffffff));
x106 = (uint8_t)(x104 >> 28);
x107 = (x38 + (uint32_t)x106);
x108 = (x37 + x107);
x109 = (x36 + x108);
x110 = (x109 & UINT32_C(0x7ffffff));
x111 = (fiat_secp521r1_uint1)(x109 >> 27);
x112 = (x35 + (uint32_t)x111);
x113 = (x34 + x112);
x114 = (x33 + x113);
x115 = (x32 + x114);
x116 = (uint32_t)(x115 & UINT32_C(0xfffffff));
x117 = (uint8_t)(x115 >> 28);
x118 = (x31 + (uint32_t)x117);
x119 = (x30 + x118);
x120 = (x29 + x119);
x121 = (x120 & UINT32_C(0x7ffffff));
x122 = (uint8_t)(x120 >> 27);
x123 = (x28 + (uint32_t)x122);
x124 = (x27 + x123);
x125 = (x26 + x124);
x126 = (x25 + x125);
x127 = (uint32_t)(x126 & UINT32_C(0xfffffff));
x128 = (uint8_t)(x126 >> 28);
x129 = (x24 + (uint32_t)x128);
x130 = (x23 + x129);
x131 = (x22 + x130);
x132 = (x131 & UINT32_C(0x7ffffff));
x133 = (uint8_t)(x131 >> 27);
x134 = (x21 + (uint32_t)x133);
x135 = (x20 + x134);
x136 = (x19 + x135);
x137 = (x17 + (uint32_t)x18);
x138 = (x16 + x137);
x139 = (x15 + x138);
x140 = (x139 & UINT32_C(0xfffffff));
x141 = (uint8_t)(x139 >> 28);
x142 = (x14 + (uint32_t)x141);
x143 = (x13 + x142);
x144 = (x12 + x143);
x145 = (x144 & UINT32_C(0x7ffffff));
x146 = (fiat_secp521r1_uint1)(x144 >> 27);
x147 = (x11 + (uint32_t)x146);
x148 = (x10 + x147);
x149 = (x9 + x148);
x150 = (x8 + x149);
x151 = (uint32_t)(x150 & UINT32_C(0xfffffff));
x152 = (uint8_t)(x150 >> 28);
x153 = (x7 + (uint32_t)x152);
x154 = (x6 + x153);
x155 = (x5 + x154);
x156 = (x155 & UINT32_C(0x7ffffff));
x157 = (uint8_t)(x155 >> 27);
x158 = (x4 + (uint32_t)x157);
x159 = (x3 + x158);
x160 = (x2 + x159);
x161 = (x1 + x160);
out1[0] = x70;
out1[1] = x75;
out1[2] = x81;
out1[3] = x86;
out1[4] = x92;
out1[5] = x97;
out1[6] = x101;
out1[7] = x105;
out1[8] = x110;
out1[9] = x116;
out1[10] = x121;
out1[11] = x127;
out1[12] = x132;
out1[13] = x136;
out1[14] = x140;
out1[15] = x145;
out1[16] = x151;
out1[17] = x156;
out1[18] = x161;
}
Reference in New Issue View Git Blame Copy Permalink