1#![doc = " fiat-crypto output postprocessed by fiat-constify: https://github.com/rustcrypto/utils"]
2#![doc = " Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p384 64 '2^384 - 2^128 - 2^96 + 2^32 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp"]
3#![doc = " curve description: p384"]
4#![doc = " machine_wordsize = 64 (from \"64\")"]
5#![doc = " requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp"]
6#![doc = " m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from \"2^384 - 2^128 - 2^96 + 2^32 - 1\")"]
7#![doc = ""]
8#![doc = " NOTE: In addition to the bounds specified above each function, all"]
9#![doc = " functions synthesized for this Montgomery arithmetic require the"]
10#![doc = " input to be strictly less than the prime modulus (m), and also"]
11#![doc = " require the input to be in the unique saturated representation."]
12#![doc = " All functions also ensure that these two properties are true of"]
13#![doc = " return values."]
14#![doc = ""]
15#![doc = " Computed values:"]
16#![doc = " eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140)"]
17#![doc = " bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178)"]
18#![doc = " twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) in"]
19#![doc = " if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384"]
20#![allow(unused_parens)]
21#![allow(non_camel_case_types)]
22#![allow(
23 dead_code,
24 rustdoc::bare_urls,
25 rustdoc::broken_intra_doc_links,
26 unused_assignments,
27 unused_mut,
28 unused_variables
29)]
30pub type fiat_p384_u1 = u8;
31pub type fiat_p384_i1 = i8;
32pub type fiat_p384_u2 = u8;
33pub type fiat_p384_i2 = i8;
34pub type fiat_p384_montgomery_domain_field_element = [u64; 6];
35pub type fiat_p384_non_montgomery_domain_field_element = [u64; 6];
36#[doc = " The function fiat_p384_addcarryx_u64 is an addition with carry."]
37#[doc = ""]
38#[doc = " Postconditions:"]
39#[doc = " out1 = (arg1 + arg2 + arg3) mod 2^64"]
40#[doc = " out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋"]
41#[doc = ""]
42#[doc = " Input Bounds:"]
43#[doc = " arg1: [0x0 ~> 0x1]"]
44#[doc = " arg2: [0x0 ~> 0xffffffffffffffff]"]
45#[doc = " arg3: [0x0 ~> 0xffffffffffffffff]"]
46#[doc = " Output Bounds:"]
47#[doc = " out1: [0x0 ~> 0xffffffffffffffff]"]
48#[doc = " out2: [0x0 ~> 0x1]"]
49#[inline]
50pub const fn fiat_p384_addcarryx_u64(
51 arg1: fiat_p384_u1,
52 arg2: u64,
53 arg3: u64,
54) -> (u64, fiat_p384_u1) {
55 let mut out1: u64 = 0;
56 let mut out2: fiat_p384_u1 = 0;
57 let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128));
58 let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64);
59 let x3: fiat_p384_u1 = ((x1 >> 64) as fiat_p384_u1);
60 out1 = x2;
61 out2 = x3;
62 (out1, out2)
63}
64#[doc = " The function fiat_p384_subborrowx_u64 is a subtraction with borrow."]
65#[doc = ""]
66#[doc = " Postconditions:"]
67#[doc = " out1 = (-arg1 + arg2 + -arg3) mod 2^64"]
68#[doc = " out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋"]
69#[doc = ""]
70#[doc = " Input Bounds:"]
71#[doc = " arg1: [0x0 ~> 0x1]"]
72#[doc = " arg2: [0x0 ~> 0xffffffffffffffff]"]
73#[doc = " arg3: [0x0 ~> 0xffffffffffffffff]"]
74#[doc = " Output Bounds:"]
75#[doc = " out1: [0x0 ~> 0xffffffffffffffff]"]
76#[doc = " out2: [0x0 ~> 0x1]"]
77#[inline]
78pub const fn fiat_p384_subborrowx_u64(
79 arg1: fiat_p384_u1,
80 arg2: u64,
81 arg3: u64,
82) -> (u64, fiat_p384_u1) {
83 let mut out1: u64 = 0;
84 let mut out2: fiat_p384_u1 = 0;
85 let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128));
86 let x2: fiat_p384_i1 = ((x1 >> 64) as fiat_p384_i1);
87 let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64);
88 out1 = x3;
89 out2 = (((0x0 as fiat_p384_i2) - (x2 as fiat_p384_i2)) as fiat_p384_u1);
90 (out1, out2)
91}
92#[doc = " The function fiat_p384_mulx_u64 is a multiplication, returning the full double-width result."]
93#[doc = ""]
94#[doc = " Postconditions:"]
95#[doc = " out1 = (arg1 * arg2) mod 2^64"]
96#[doc = " out2 = ⌊arg1 * arg2 / 2^64⌋"]
97#[doc = ""]
98#[doc = " Input Bounds:"]
99#[doc = " arg1: [0x0 ~> 0xffffffffffffffff]"]
100#[doc = " arg2: [0x0 ~> 0xffffffffffffffff]"]
101#[doc = " Output Bounds:"]
102#[doc = " out1: [0x0 ~> 0xffffffffffffffff]"]
103#[doc = " out2: [0x0 ~> 0xffffffffffffffff]"]
104#[inline]
105pub const fn fiat_p384_mulx_u64(arg1: u64, arg2: u64) -> (u64, u64) {
106 let mut out1: u64 = 0;
107 let mut out2: u64 = 0;
108 let x1: u128 = ((arg1 as u128) * (arg2 as u128));
109 let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64);
110 let x3: u64 = ((x1 >> 64) as u64);
111 out1 = x2;
112 out2 = x3;
113 (out1, out2)
114}
115#[doc = " The function fiat_p384_cmovznz_u64 is a single-word conditional move."]
116#[doc = ""]
117#[doc = " Postconditions:"]
118#[doc = " out1 = (if arg1 = 0 then arg2 else arg3)"]
119#[doc = ""]
120#[doc = " Input Bounds:"]
121#[doc = " arg1: [0x0 ~> 0x1]"]
122#[doc = " arg2: [0x0 ~> 0xffffffffffffffff]"]
123#[doc = " arg3: [0x0 ~> 0xffffffffffffffff]"]
124#[doc = " Output Bounds:"]
125#[doc = " out1: [0x0 ~> 0xffffffffffffffff]"]
126#[inline]
127pub const fn fiat_p384_cmovznz_u64(arg1: fiat_p384_u1, arg2: u64, arg3: u64) -> u64 {
128 let mut out1: u64 = 0;
129 let x1: fiat_p384_u1 = (!(!arg1));
130 let x2: u64 = ((((((0x0 as fiat_p384_i2) - (x1 as fiat_p384_i2)) as fiat_p384_i1) as i128)
131 & (0xffffffffffffffff as i128)) as u64);
132 let x3: u64 = ((x2 & arg3) | ((!x2) & arg2));
133 out1 = x3;
134 out1
135}
136#[doc = " The function fiat_p384_mul multiplies two field elements in the Montgomery domain."]
137#[doc = ""]
138#[doc = " Preconditions:"]
139#[doc = " 0 ≤ eval arg1 < m"]
140#[doc = " 0 ≤ eval arg2 < m"]
141#[doc = " Postconditions:"]
142#[doc = " eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m"]
143#[doc = " 0 ≤ eval out1 < m"]
144#[doc = ""]
145#[inline]
146pub const fn fiat_p384_mul(
147 arg1: &fiat_p384_montgomery_domain_field_element,
148 arg2: &fiat_p384_montgomery_domain_field_element,
149) -> fiat_p384_montgomery_domain_field_element {
150 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
151 let x1: u64 = (arg1[1]);
152 let x2: u64 = (arg1[2]);
153 let x3: u64 = (arg1[3]);
154 let x4: u64 = (arg1[4]);
155 let x5: u64 = (arg1[5]);
156 let x6: u64 = (arg1[0]);
157 let (x7, x8) = fiat_p384_mulx_u64(x6, (arg2[5]));
158 let (x9, x10) = fiat_p384_mulx_u64(x6, (arg2[4]));
159 let (x11, x12) = fiat_p384_mulx_u64(x6, (arg2[3]));
160 let (x13, x14) = fiat_p384_mulx_u64(x6, (arg2[2]));
161 let (x15, x16) = fiat_p384_mulx_u64(x6, (arg2[1]));
162 let (x17, x18) = fiat_p384_mulx_u64(x6, (arg2[0]));
163 let (x19, x20) = fiat_p384_addcarryx_u64(0x0, x18, x15);
164 let (x21, x22) = fiat_p384_addcarryx_u64(x20, x16, x13);
165 let (x23, x24) = fiat_p384_addcarryx_u64(x22, x14, x11);
166 let (x25, x26) = fiat_p384_addcarryx_u64(x24, x12, x9);
167 let (x27, x28) = fiat_p384_addcarryx_u64(x26, x10, x7);
168 let x29: u64 = ((x28 as u64) + x8);
169 let (x30, x31) = fiat_p384_mulx_u64(x17, 0x100000001);
170 let (x32, x33) = fiat_p384_mulx_u64(x30, 0xffffffffffffffff);
171 let (x34, x35) = fiat_p384_mulx_u64(x30, 0xffffffffffffffff);
172 let (x36, x37) = fiat_p384_mulx_u64(x30, 0xffffffffffffffff);
173 let (x38, x39) = fiat_p384_mulx_u64(x30, 0xfffffffffffffffe);
174 let (x40, x41) = fiat_p384_mulx_u64(x30, 0xffffffff00000000);
175 let (x42, x43) = fiat_p384_mulx_u64(x30, 0xffffffff);
176 let (x44, x45) = fiat_p384_addcarryx_u64(0x0, x43, x40);
177 let (x46, x47) = fiat_p384_addcarryx_u64(x45, x41, x38);
178 let (x48, x49) = fiat_p384_addcarryx_u64(x47, x39, x36);
179 let (x50, x51) = fiat_p384_addcarryx_u64(x49, x37, x34);
180 let (x52, x53) = fiat_p384_addcarryx_u64(x51, x35, x32);
181 let x54: u64 = ((x53 as u64) + x33);
182 let (x55, x56) = fiat_p384_addcarryx_u64(0x0, x17, x42);
183 let (x57, x58) = fiat_p384_addcarryx_u64(x56, x19, x44);
184 let (x59, x60) = fiat_p384_addcarryx_u64(x58, x21, x46);
185 let (x61, x62) = fiat_p384_addcarryx_u64(x60, x23, x48);
186 let (x63, x64) = fiat_p384_addcarryx_u64(x62, x25, x50);
187 let (x65, x66) = fiat_p384_addcarryx_u64(x64, x27, x52);
188 let (x67, x68) = fiat_p384_addcarryx_u64(x66, x29, x54);
189 let (x69, x70) = fiat_p384_mulx_u64(x1, (arg2[5]));
190 let (x71, x72) = fiat_p384_mulx_u64(x1, (arg2[4]));
191 let (x73, x74) = fiat_p384_mulx_u64(x1, (arg2[3]));
192 let (x75, x76) = fiat_p384_mulx_u64(x1, (arg2[2]));
193 let (x77, x78) = fiat_p384_mulx_u64(x1, (arg2[1]));
194 let (x79, x80) = fiat_p384_mulx_u64(x1, (arg2[0]));
195 let (x81, x82) = fiat_p384_addcarryx_u64(0x0, x80, x77);
196 let (x83, x84) = fiat_p384_addcarryx_u64(x82, x78, x75);
197 let (x85, x86) = fiat_p384_addcarryx_u64(x84, x76, x73);
198 let (x87, x88) = fiat_p384_addcarryx_u64(x86, x74, x71);
199 let (x89, x90) = fiat_p384_addcarryx_u64(x88, x72, x69);
200 let x91: u64 = ((x90 as u64) + x70);
201 let (x92, x93) = fiat_p384_addcarryx_u64(0x0, x57, x79);
202 let (x94, x95) = fiat_p384_addcarryx_u64(x93, x59, x81);
203 let (x96, x97) = fiat_p384_addcarryx_u64(x95, x61, x83);
204 let (x98, x99) = fiat_p384_addcarryx_u64(x97, x63, x85);
205 let (x100, x101) = fiat_p384_addcarryx_u64(x99, x65, x87);
206 let (x102, x103) = fiat_p384_addcarryx_u64(x101, x67, x89);
207 let (x104, x105) = fiat_p384_addcarryx_u64(x103, (x68 as u64), x91);
208 let (x106, x107) = fiat_p384_mulx_u64(x92, 0x100000001);
209 let (x108, x109) = fiat_p384_mulx_u64(x106, 0xffffffffffffffff);
210 let (x110, x111) = fiat_p384_mulx_u64(x106, 0xffffffffffffffff);
211 let (x112, x113) = fiat_p384_mulx_u64(x106, 0xffffffffffffffff);
212 let (x114, x115) = fiat_p384_mulx_u64(x106, 0xfffffffffffffffe);
213 let (x116, x117) = fiat_p384_mulx_u64(x106, 0xffffffff00000000);
214 let (x118, x119) = fiat_p384_mulx_u64(x106, 0xffffffff);
215 let (x120, x121) = fiat_p384_addcarryx_u64(0x0, x119, x116);
216 let (x122, x123) = fiat_p384_addcarryx_u64(x121, x117, x114);
217 let (x124, x125) = fiat_p384_addcarryx_u64(x123, x115, x112);
218 let (x126, x127) = fiat_p384_addcarryx_u64(x125, x113, x110);
219 let (x128, x129) = fiat_p384_addcarryx_u64(x127, x111, x108);
220 let x130: u64 = ((x129 as u64) + x109);
221 let (x131, x132) = fiat_p384_addcarryx_u64(0x0, x92, x118);
222 let (x133, x134) = fiat_p384_addcarryx_u64(x132, x94, x120);
223 let (x135, x136) = fiat_p384_addcarryx_u64(x134, x96, x122);
224 let (x137, x138) = fiat_p384_addcarryx_u64(x136, x98, x124);
225 let (x139, x140) = fiat_p384_addcarryx_u64(x138, x100, x126);
226 let (x141, x142) = fiat_p384_addcarryx_u64(x140, x102, x128);
227 let (x143, x144) = fiat_p384_addcarryx_u64(x142, x104, x130);
228 let x145: u64 = ((x144 as u64) + (x105 as u64));
229 let (x146, x147) = fiat_p384_mulx_u64(x2, (arg2[5]));
230 let (x148, x149) = fiat_p384_mulx_u64(x2, (arg2[4]));
231 let (x150, x151) = fiat_p384_mulx_u64(x2, (arg2[3]));
232 let (x152, x153) = fiat_p384_mulx_u64(x2, (arg2[2]));
233 let (x154, x155) = fiat_p384_mulx_u64(x2, (arg2[1]));
234 let (x156, x157) = fiat_p384_mulx_u64(x2, (arg2[0]));
235 let (x158, x159) = fiat_p384_addcarryx_u64(0x0, x157, x154);
236 let (x160, x161) = fiat_p384_addcarryx_u64(x159, x155, x152);
237 let (x162, x163) = fiat_p384_addcarryx_u64(x161, x153, x150);
238 let (x164, x165) = fiat_p384_addcarryx_u64(x163, x151, x148);
239 let (x166, x167) = fiat_p384_addcarryx_u64(x165, x149, x146);
240 let x168: u64 = ((x167 as u64) + x147);
241 let (x169, x170) = fiat_p384_addcarryx_u64(0x0, x133, x156);
242 let (x171, x172) = fiat_p384_addcarryx_u64(x170, x135, x158);
243 let (x173, x174) = fiat_p384_addcarryx_u64(x172, x137, x160);
244 let (x175, x176) = fiat_p384_addcarryx_u64(x174, x139, x162);
245 let (x177, x178) = fiat_p384_addcarryx_u64(x176, x141, x164);
246 let (x179, x180) = fiat_p384_addcarryx_u64(x178, x143, x166);
247 let (x181, x182) = fiat_p384_addcarryx_u64(x180, x145, x168);
248 let (x183, x184) = fiat_p384_mulx_u64(x169, 0x100000001);
249 let (x185, x186) = fiat_p384_mulx_u64(x183, 0xffffffffffffffff);
250 let (x187, x188) = fiat_p384_mulx_u64(x183, 0xffffffffffffffff);
251 let (x189, x190) = fiat_p384_mulx_u64(x183, 0xffffffffffffffff);
252 let (x191, x192) = fiat_p384_mulx_u64(x183, 0xfffffffffffffffe);
253 let (x193, x194) = fiat_p384_mulx_u64(x183, 0xffffffff00000000);
254 let (x195, x196) = fiat_p384_mulx_u64(x183, 0xffffffff);
255 let (x197, x198) = fiat_p384_addcarryx_u64(0x0, x196, x193);
256 let (x199, x200) = fiat_p384_addcarryx_u64(x198, x194, x191);
257 let (x201, x202) = fiat_p384_addcarryx_u64(x200, x192, x189);
258 let (x203, x204) = fiat_p384_addcarryx_u64(x202, x190, x187);
259 let (x205, x206) = fiat_p384_addcarryx_u64(x204, x188, x185);
260 let x207: u64 = ((x206 as u64) + x186);
261 let (x208, x209) = fiat_p384_addcarryx_u64(0x0, x169, x195);
262 let (x210, x211) = fiat_p384_addcarryx_u64(x209, x171, x197);
263 let (x212, x213) = fiat_p384_addcarryx_u64(x211, x173, x199);
264 let (x214, x215) = fiat_p384_addcarryx_u64(x213, x175, x201);
265 let (x216, x217) = fiat_p384_addcarryx_u64(x215, x177, x203);
266 let (x218, x219) = fiat_p384_addcarryx_u64(x217, x179, x205);
267 let (x220, x221) = fiat_p384_addcarryx_u64(x219, x181, x207);
268 let x222: u64 = ((x221 as u64) + (x182 as u64));
269 let (x223, x224) = fiat_p384_mulx_u64(x3, (arg2[5]));
270 let (x225, x226) = fiat_p384_mulx_u64(x3, (arg2[4]));
271 let (x227, x228) = fiat_p384_mulx_u64(x3, (arg2[3]));
272 let (x229, x230) = fiat_p384_mulx_u64(x3, (arg2[2]));
273 let (x231, x232) = fiat_p384_mulx_u64(x3, (arg2[1]));
274 let (x233, x234) = fiat_p384_mulx_u64(x3, (arg2[0]));
275 let (x235, x236) = fiat_p384_addcarryx_u64(0x0, x234, x231);
276 let (x237, x238) = fiat_p384_addcarryx_u64(x236, x232, x229);
277 let (x239, x240) = fiat_p384_addcarryx_u64(x238, x230, x227);
278 let (x241, x242) = fiat_p384_addcarryx_u64(x240, x228, x225);
279 let (x243, x244) = fiat_p384_addcarryx_u64(x242, x226, x223);
280 let x245: u64 = ((x244 as u64) + x224);
281 let (x246, x247) = fiat_p384_addcarryx_u64(0x0, x210, x233);
282 let (x248, x249) = fiat_p384_addcarryx_u64(x247, x212, x235);
283 let (x250, x251) = fiat_p384_addcarryx_u64(x249, x214, x237);
284 let (x252, x253) = fiat_p384_addcarryx_u64(x251, x216, x239);
285 let (x254, x255) = fiat_p384_addcarryx_u64(x253, x218, x241);
286 let (x256, x257) = fiat_p384_addcarryx_u64(x255, x220, x243);
287 let (x258, x259) = fiat_p384_addcarryx_u64(x257, x222, x245);
288 let (x260, x261) = fiat_p384_mulx_u64(x246, 0x100000001);
289 let (x262, x263) = fiat_p384_mulx_u64(x260, 0xffffffffffffffff);
290 let (x264, x265) = fiat_p384_mulx_u64(x260, 0xffffffffffffffff);
291 let (x266, x267) = fiat_p384_mulx_u64(x260, 0xffffffffffffffff);
292 let (x268, x269) = fiat_p384_mulx_u64(x260, 0xfffffffffffffffe);
293 let (x270, x271) = fiat_p384_mulx_u64(x260, 0xffffffff00000000);
294 let (x272, x273) = fiat_p384_mulx_u64(x260, 0xffffffff);
295 let (x274, x275) = fiat_p384_addcarryx_u64(0x0, x273, x270);
296 let (x276, x277) = fiat_p384_addcarryx_u64(x275, x271, x268);
297 let (x278, x279) = fiat_p384_addcarryx_u64(x277, x269, x266);
298 let (x280, x281) = fiat_p384_addcarryx_u64(x279, x267, x264);
299 let (x282, x283) = fiat_p384_addcarryx_u64(x281, x265, x262);
300 let x284: u64 = ((x283 as u64) + x263);
301 let (x285, x286) = fiat_p384_addcarryx_u64(0x0, x246, x272);
302 let (x287, x288) = fiat_p384_addcarryx_u64(x286, x248, x274);
303 let (x289, x290) = fiat_p384_addcarryx_u64(x288, x250, x276);
304 let (x291, x292) = fiat_p384_addcarryx_u64(x290, x252, x278);
305 let (x293, x294) = fiat_p384_addcarryx_u64(x292, x254, x280);
306 let (x295, x296) = fiat_p384_addcarryx_u64(x294, x256, x282);
307 let (x297, x298) = fiat_p384_addcarryx_u64(x296, x258, x284);
308 let x299: u64 = ((x298 as u64) + (x259 as u64));
309 let (x300, x301) = fiat_p384_mulx_u64(x4, (arg2[5]));
310 let (x302, x303) = fiat_p384_mulx_u64(x4, (arg2[4]));
311 let (x304, x305) = fiat_p384_mulx_u64(x4, (arg2[3]));
312 let (x306, x307) = fiat_p384_mulx_u64(x4, (arg2[2]));
313 let (x308, x309) = fiat_p384_mulx_u64(x4, (arg2[1]));
314 let (x310, x311) = fiat_p384_mulx_u64(x4, (arg2[0]));
315 let (x312, x313) = fiat_p384_addcarryx_u64(0x0, x311, x308);
316 let (x314, x315) = fiat_p384_addcarryx_u64(x313, x309, x306);
317 let (x316, x317) = fiat_p384_addcarryx_u64(x315, x307, x304);
318 let (x318, x319) = fiat_p384_addcarryx_u64(x317, x305, x302);
319 let (x320, x321) = fiat_p384_addcarryx_u64(x319, x303, x300);
320 let x322: u64 = ((x321 as u64) + x301);
321 let (x323, x324) = fiat_p384_addcarryx_u64(0x0, x287, x310);
322 let (x325, x326) = fiat_p384_addcarryx_u64(x324, x289, x312);
323 let (x327, x328) = fiat_p384_addcarryx_u64(x326, x291, x314);
324 let (x329, x330) = fiat_p384_addcarryx_u64(x328, x293, x316);
325 let (x331, x332) = fiat_p384_addcarryx_u64(x330, x295, x318);
326 let (x333, x334) = fiat_p384_addcarryx_u64(x332, x297, x320);
327 let (x335, x336) = fiat_p384_addcarryx_u64(x334, x299, x322);
328 let (x337, x338) = fiat_p384_mulx_u64(x323, 0x100000001);
329 let (x339, x340) = fiat_p384_mulx_u64(x337, 0xffffffffffffffff);
330 let (x341, x342) = fiat_p384_mulx_u64(x337, 0xffffffffffffffff);
331 let (x343, x344) = fiat_p384_mulx_u64(x337, 0xffffffffffffffff);
332 let (x345, x346) = fiat_p384_mulx_u64(x337, 0xfffffffffffffffe);
333 let (x347, x348) = fiat_p384_mulx_u64(x337, 0xffffffff00000000);
334 let (x349, x350) = fiat_p384_mulx_u64(x337, 0xffffffff);
335 let (x351, x352) = fiat_p384_addcarryx_u64(0x0, x350, x347);
336 let (x353, x354) = fiat_p384_addcarryx_u64(x352, x348, x345);
337 let (x355, x356) = fiat_p384_addcarryx_u64(x354, x346, x343);
338 let (x357, x358) = fiat_p384_addcarryx_u64(x356, x344, x341);
339 let (x359, x360) = fiat_p384_addcarryx_u64(x358, x342, x339);
340 let x361: u64 = ((x360 as u64) + x340);
341 let (x362, x363) = fiat_p384_addcarryx_u64(0x0, x323, x349);
342 let (x364, x365) = fiat_p384_addcarryx_u64(x363, x325, x351);
343 let (x366, x367) = fiat_p384_addcarryx_u64(x365, x327, x353);
344 let (x368, x369) = fiat_p384_addcarryx_u64(x367, x329, x355);
345 let (x370, x371) = fiat_p384_addcarryx_u64(x369, x331, x357);
346 let (x372, x373) = fiat_p384_addcarryx_u64(x371, x333, x359);
347 let (x374, x375) = fiat_p384_addcarryx_u64(x373, x335, x361);
348 let x376: u64 = ((x375 as u64) + (x336 as u64));
349 let (x377, x378) = fiat_p384_mulx_u64(x5, (arg2[5]));
350 let (x379, x380) = fiat_p384_mulx_u64(x5, (arg2[4]));
351 let (x381, x382) = fiat_p384_mulx_u64(x5, (arg2[3]));
352 let (x383, x384) = fiat_p384_mulx_u64(x5, (arg2[2]));
353 let (x385, x386) = fiat_p384_mulx_u64(x5, (arg2[1]));
354 let (x387, x388) = fiat_p384_mulx_u64(x5, (arg2[0]));
355 let (x389, x390) = fiat_p384_addcarryx_u64(0x0, x388, x385);
356 let (x391, x392) = fiat_p384_addcarryx_u64(x390, x386, x383);
357 let (x393, x394) = fiat_p384_addcarryx_u64(x392, x384, x381);
358 let (x395, x396) = fiat_p384_addcarryx_u64(x394, x382, x379);
359 let (x397, x398) = fiat_p384_addcarryx_u64(x396, x380, x377);
360 let x399: u64 = ((x398 as u64) + x378);
361 let (x400, x401) = fiat_p384_addcarryx_u64(0x0, x364, x387);
362 let (x402, x403) = fiat_p384_addcarryx_u64(x401, x366, x389);
363 let (x404, x405) = fiat_p384_addcarryx_u64(x403, x368, x391);
364 let (x406, x407) = fiat_p384_addcarryx_u64(x405, x370, x393);
365 let (x408, x409) = fiat_p384_addcarryx_u64(x407, x372, x395);
366 let (x410, x411) = fiat_p384_addcarryx_u64(x409, x374, x397);
367 let (x412, x413) = fiat_p384_addcarryx_u64(x411, x376, x399);
368 let (x414, x415) = fiat_p384_mulx_u64(x400, 0x100000001);
369 let (x416, x417) = fiat_p384_mulx_u64(x414, 0xffffffffffffffff);
370 let (x418, x419) = fiat_p384_mulx_u64(x414, 0xffffffffffffffff);
371 let (x420, x421) = fiat_p384_mulx_u64(x414, 0xffffffffffffffff);
372 let (x422, x423) = fiat_p384_mulx_u64(x414, 0xfffffffffffffffe);
373 let (x424, x425) = fiat_p384_mulx_u64(x414, 0xffffffff00000000);
374 let (x426, x427) = fiat_p384_mulx_u64(x414, 0xffffffff);
375 let (x428, x429) = fiat_p384_addcarryx_u64(0x0, x427, x424);
376 let (x430, x431) = fiat_p384_addcarryx_u64(x429, x425, x422);
377 let (x432, x433) = fiat_p384_addcarryx_u64(x431, x423, x420);
378 let (x434, x435) = fiat_p384_addcarryx_u64(x433, x421, x418);
379 let (x436, x437) = fiat_p384_addcarryx_u64(x435, x419, x416);
380 let x438: u64 = ((x437 as u64) + x417);
381 let (x439, x440) = fiat_p384_addcarryx_u64(0x0, x400, x426);
382 let (x441, x442) = fiat_p384_addcarryx_u64(x440, x402, x428);
383 let (x443, x444) = fiat_p384_addcarryx_u64(x442, x404, x430);
384 let (x445, x446) = fiat_p384_addcarryx_u64(x444, x406, x432);
385 let (x447, x448) = fiat_p384_addcarryx_u64(x446, x408, x434);
386 let (x449, x450) = fiat_p384_addcarryx_u64(x448, x410, x436);
387 let (x451, x452) = fiat_p384_addcarryx_u64(x450, x412, x438);
388 let x453: u64 = ((x452 as u64) + (x413 as u64));
389 let (x454, x455) = fiat_p384_subborrowx_u64(0x0, x441, 0xffffffff);
390 let (x456, x457) = fiat_p384_subborrowx_u64(x455, x443, 0xffffffff00000000);
391 let (x458, x459) = fiat_p384_subborrowx_u64(x457, x445, 0xfffffffffffffffe);
392 let (x460, x461) = fiat_p384_subborrowx_u64(x459, x447, 0xffffffffffffffff);
393 let (x462, x463) = fiat_p384_subborrowx_u64(x461, x449, 0xffffffffffffffff);
394 let (x464, x465) = fiat_p384_subborrowx_u64(x463, x451, 0xffffffffffffffff);
395 let (x466, x467) = fiat_p384_subborrowx_u64(x465, x453, (0x0 as u64));
396 let (x468) = fiat_p384_cmovznz_u64(x467, x454, x441);
397 let (x469) = fiat_p384_cmovznz_u64(x467, x456, x443);
398 let (x470) = fiat_p384_cmovznz_u64(x467, x458, x445);
399 let (x471) = fiat_p384_cmovznz_u64(x467, x460, x447);
400 let (x472) = fiat_p384_cmovznz_u64(x467, x462, x449);
401 let (x473) = fiat_p384_cmovznz_u64(x467, x464, x451);
402 out1[0] = x468;
403 out1[1] = x469;
404 out1[2] = x470;
405 out1[3] = x471;
406 out1[4] = x472;
407 out1[5] = x473;
408 out1
409}
410#[doc = " The function fiat_p384_square squares a field element in the Montgomery domain."]
411#[doc = ""]
412#[doc = " Preconditions:"]
413#[doc = " 0 ≤ eval arg1 < m"]
414#[doc = " Postconditions:"]
415#[doc = " eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m"]
416#[doc = " 0 ≤ eval out1 < m"]
417#[doc = ""]
418#[inline]
419pub const fn fiat_p384_square(
420 arg1: &fiat_p384_montgomery_domain_field_element,
421) -> fiat_p384_montgomery_domain_field_element {
422 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
423 let x1: u64 = (arg1[1]);
424 let x2: u64 = (arg1[2]);
425 let x3: u64 = (arg1[3]);
426 let x4: u64 = (arg1[4]);
427 let x5: u64 = (arg1[5]);
428 let x6: u64 = (arg1[0]);
429 let (x7, x8) = fiat_p384_mulx_u64(x6, (arg1[5]));
430 let (x9, x10) = fiat_p384_mulx_u64(x6, (arg1[4]));
431 let (x11, x12) = fiat_p384_mulx_u64(x6, (arg1[3]));
432 let (x13, x14) = fiat_p384_mulx_u64(x6, (arg1[2]));
433 let (x15, x16) = fiat_p384_mulx_u64(x6, (arg1[1]));
434 let (x17, x18) = fiat_p384_mulx_u64(x6, (arg1[0]));
435 let (x19, x20) = fiat_p384_addcarryx_u64(0x0, x18, x15);
436 let (x21, x22) = fiat_p384_addcarryx_u64(x20, x16, x13);
437 let (x23, x24) = fiat_p384_addcarryx_u64(x22, x14, x11);
438 let (x25, x26) = fiat_p384_addcarryx_u64(x24, x12, x9);
439 let (x27, x28) = fiat_p384_addcarryx_u64(x26, x10, x7);
440 let x29: u64 = ((x28 as u64) + x8);
441 let (x30, x31) = fiat_p384_mulx_u64(x17, 0x100000001);
442 let (x32, x33) = fiat_p384_mulx_u64(x30, 0xffffffffffffffff);
443 let (x34, x35) = fiat_p384_mulx_u64(x30, 0xffffffffffffffff);
444 let (x36, x37) = fiat_p384_mulx_u64(x30, 0xffffffffffffffff);
445 let (x38, x39) = fiat_p384_mulx_u64(x30, 0xfffffffffffffffe);
446 let (x40, x41) = fiat_p384_mulx_u64(x30, 0xffffffff00000000);
447 let (x42, x43) = fiat_p384_mulx_u64(x30, 0xffffffff);
448 let (x44, x45) = fiat_p384_addcarryx_u64(0x0, x43, x40);
449 let (x46, x47) = fiat_p384_addcarryx_u64(x45, x41, x38);
450 let (x48, x49) = fiat_p384_addcarryx_u64(x47, x39, x36);
451 let (x50, x51) = fiat_p384_addcarryx_u64(x49, x37, x34);
452 let (x52, x53) = fiat_p384_addcarryx_u64(x51, x35, x32);
453 let x54: u64 = ((x53 as u64) + x33);
454 let (x55, x56) = fiat_p384_addcarryx_u64(0x0, x17, x42);
455 let (x57, x58) = fiat_p384_addcarryx_u64(x56, x19, x44);
456 let (x59, x60) = fiat_p384_addcarryx_u64(x58, x21, x46);
457 let (x61, x62) = fiat_p384_addcarryx_u64(x60, x23, x48);
458 let (x63, x64) = fiat_p384_addcarryx_u64(x62, x25, x50);
459 let (x65, x66) = fiat_p384_addcarryx_u64(x64, x27, x52);
460 let (x67, x68) = fiat_p384_addcarryx_u64(x66, x29, x54);
461 let (x69, x70) = fiat_p384_mulx_u64(x1, (arg1[5]));
462 let (x71, x72) = fiat_p384_mulx_u64(x1, (arg1[4]));
463 let (x73, x74) = fiat_p384_mulx_u64(x1, (arg1[3]));
464 let (x75, x76) = fiat_p384_mulx_u64(x1, (arg1[2]));
465 let (x77, x78) = fiat_p384_mulx_u64(x1, (arg1[1]));
466 let (x79, x80) = fiat_p384_mulx_u64(x1, (arg1[0]));
467 let (x81, x82) = fiat_p384_addcarryx_u64(0x0, x80, x77);
468 let (x83, x84) = fiat_p384_addcarryx_u64(x82, x78, x75);
469 let (x85, x86) = fiat_p384_addcarryx_u64(x84, x76, x73);
470 let (x87, x88) = fiat_p384_addcarryx_u64(x86, x74, x71);
471 let (x89, x90) = fiat_p384_addcarryx_u64(x88, x72, x69);
472 let x91: u64 = ((x90 as u64) + x70);
473 let (x92, x93) = fiat_p384_addcarryx_u64(0x0, x57, x79);
474 let (x94, x95) = fiat_p384_addcarryx_u64(x93, x59, x81);
475 let (x96, x97) = fiat_p384_addcarryx_u64(x95, x61, x83);
476 let (x98, x99) = fiat_p384_addcarryx_u64(x97, x63, x85);
477 let (x100, x101) = fiat_p384_addcarryx_u64(x99, x65, x87);
478 let (x102, x103) = fiat_p384_addcarryx_u64(x101, x67, x89);
479 let (x104, x105) = fiat_p384_addcarryx_u64(x103, (x68 as u64), x91);
480 let (x106, x107) = fiat_p384_mulx_u64(x92, 0x100000001);
481 let (x108, x109) = fiat_p384_mulx_u64(x106, 0xffffffffffffffff);
482 let (x110, x111) = fiat_p384_mulx_u64(x106, 0xffffffffffffffff);
483 let (x112, x113) = fiat_p384_mulx_u64(x106, 0xffffffffffffffff);
484 let (x114, x115) = fiat_p384_mulx_u64(x106, 0xfffffffffffffffe);
485 let (x116, x117) = fiat_p384_mulx_u64(x106, 0xffffffff00000000);
486 let (x118, x119) = fiat_p384_mulx_u64(x106, 0xffffffff);
487 let (x120, x121) = fiat_p384_addcarryx_u64(0x0, x119, x116);
488 let (x122, x123) = fiat_p384_addcarryx_u64(x121, x117, x114);
489 let (x124, x125) = fiat_p384_addcarryx_u64(x123, x115, x112);
490 let (x126, x127) = fiat_p384_addcarryx_u64(x125, x113, x110);
491 let (x128, x129) = fiat_p384_addcarryx_u64(x127, x111, x108);
492 let x130: u64 = ((x129 as u64) + x109);
493 let (x131, x132) = fiat_p384_addcarryx_u64(0x0, x92, x118);
494 let (x133, x134) = fiat_p384_addcarryx_u64(x132, x94, x120);
495 let (x135, x136) = fiat_p384_addcarryx_u64(x134, x96, x122);
496 let (x137, x138) = fiat_p384_addcarryx_u64(x136, x98, x124);
497 let (x139, x140) = fiat_p384_addcarryx_u64(x138, x100, x126);
498 let (x141, x142) = fiat_p384_addcarryx_u64(x140, x102, x128);
499 let (x143, x144) = fiat_p384_addcarryx_u64(x142, x104, x130);
500 let x145: u64 = ((x144 as u64) + (x105 as u64));
501 let (x146, x147) = fiat_p384_mulx_u64(x2, (arg1[5]));
502 let (x148, x149) = fiat_p384_mulx_u64(x2, (arg1[4]));
503 let (x150, x151) = fiat_p384_mulx_u64(x2, (arg1[3]));
504 let (x152, x153) = fiat_p384_mulx_u64(x2, (arg1[2]));
505 let (x154, x155) = fiat_p384_mulx_u64(x2, (arg1[1]));
506 let (x156, x157) = fiat_p384_mulx_u64(x2, (arg1[0]));
507 let (x158, x159) = fiat_p384_addcarryx_u64(0x0, x157, x154);
508 let (x160, x161) = fiat_p384_addcarryx_u64(x159, x155, x152);
509 let (x162, x163) = fiat_p384_addcarryx_u64(x161, x153, x150);
510 let (x164, x165) = fiat_p384_addcarryx_u64(x163, x151, x148);
511 let (x166, x167) = fiat_p384_addcarryx_u64(x165, x149, x146);
512 let x168: u64 = ((x167 as u64) + x147);
513 let (x169, x170) = fiat_p384_addcarryx_u64(0x0, x133, x156);
514 let (x171, x172) = fiat_p384_addcarryx_u64(x170, x135, x158);
515 let (x173, x174) = fiat_p384_addcarryx_u64(x172, x137, x160);
516 let (x175, x176) = fiat_p384_addcarryx_u64(x174, x139, x162);
517 let (x177, x178) = fiat_p384_addcarryx_u64(x176, x141, x164);
518 let (x179, x180) = fiat_p384_addcarryx_u64(x178, x143, x166);
519 let (x181, x182) = fiat_p384_addcarryx_u64(x180, x145, x168);
520 let (x183, x184) = fiat_p384_mulx_u64(x169, 0x100000001);
521 let (x185, x186) = fiat_p384_mulx_u64(x183, 0xffffffffffffffff);
522 let (x187, x188) = fiat_p384_mulx_u64(x183, 0xffffffffffffffff);
523 let (x189, x190) = fiat_p384_mulx_u64(x183, 0xffffffffffffffff);
524 let (x191, x192) = fiat_p384_mulx_u64(x183, 0xfffffffffffffffe);
525 let (x193, x194) = fiat_p384_mulx_u64(x183, 0xffffffff00000000);
526 let (x195, x196) = fiat_p384_mulx_u64(x183, 0xffffffff);
527 let (x197, x198) = fiat_p384_addcarryx_u64(0x0, x196, x193);
528 let (x199, x200) = fiat_p384_addcarryx_u64(x198, x194, x191);
529 let (x201, x202) = fiat_p384_addcarryx_u64(x200, x192, x189);
530 let (x203, x204) = fiat_p384_addcarryx_u64(x202, x190, x187);
531 let (x205, x206) = fiat_p384_addcarryx_u64(x204, x188, x185);
532 let x207: u64 = ((x206 as u64) + x186);
533 let (x208, x209) = fiat_p384_addcarryx_u64(0x0, x169, x195);
534 let (x210, x211) = fiat_p384_addcarryx_u64(x209, x171, x197);
535 let (x212, x213) = fiat_p384_addcarryx_u64(x211, x173, x199);
536 let (x214, x215) = fiat_p384_addcarryx_u64(x213, x175, x201);
537 let (x216, x217) = fiat_p384_addcarryx_u64(x215, x177, x203);
538 let (x218, x219) = fiat_p384_addcarryx_u64(x217, x179, x205);
539 let (x220, x221) = fiat_p384_addcarryx_u64(x219, x181, x207);
540 let x222: u64 = ((x221 as u64) + (x182 as u64));
541 let (x223, x224) = fiat_p384_mulx_u64(x3, (arg1[5]));
542 let (x225, x226) = fiat_p384_mulx_u64(x3, (arg1[4]));
543 let (x227, x228) = fiat_p384_mulx_u64(x3, (arg1[3]));
544 let (x229, x230) = fiat_p384_mulx_u64(x3, (arg1[2]));
545 let (x231, x232) = fiat_p384_mulx_u64(x3, (arg1[1]));
546 let (x233, x234) = fiat_p384_mulx_u64(x3, (arg1[0]));
547 let (x235, x236) = fiat_p384_addcarryx_u64(0x0, x234, x231);
548 let (x237, x238) = fiat_p384_addcarryx_u64(x236, x232, x229);
549 let (x239, x240) = fiat_p384_addcarryx_u64(x238, x230, x227);
550 let (x241, x242) = fiat_p384_addcarryx_u64(x240, x228, x225);
551 let (x243, x244) = fiat_p384_addcarryx_u64(x242, x226, x223);
552 let x245: u64 = ((x244 as u64) + x224);
553 let (x246, x247) = fiat_p384_addcarryx_u64(0x0, x210, x233);
554 let (x248, x249) = fiat_p384_addcarryx_u64(x247, x212, x235);
555 let (x250, x251) = fiat_p384_addcarryx_u64(x249, x214, x237);
556 let (x252, x253) = fiat_p384_addcarryx_u64(x251, x216, x239);
557 let (x254, x255) = fiat_p384_addcarryx_u64(x253, x218, x241);
558 let (x256, x257) = fiat_p384_addcarryx_u64(x255, x220, x243);
559 let (x258, x259) = fiat_p384_addcarryx_u64(x257, x222, x245);
560 let (x260, x261) = fiat_p384_mulx_u64(x246, 0x100000001);
561 let (x262, x263) = fiat_p384_mulx_u64(x260, 0xffffffffffffffff);
562 let (x264, x265) = fiat_p384_mulx_u64(x260, 0xffffffffffffffff);
563 let (x266, x267) = fiat_p384_mulx_u64(x260, 0xffffffffffffffff);
564 let (x268, x269) = fiat_p384_mulx_u64(x260, 0xfffffffffffffffe);
565 let (x270, x271) = fiat_p384_mulx_u64(x260, 0xffffffff00000000);
566 let (x272, x273) = fiat_p384_mulx_u64(x260, 0xffffffff);
567 let (x274, x275) = fiat_p384_addcarryx_u64(0x0, x273, x270);
568 let (x276, x277) = fiat_p384_addcarryx_u64(x275, x271, x268);
569 let (x278, x279) = fiat_p384_addcarryx_u64(x277, x269, x266);
570 let (x280, x281) = fiat_p384_addcarryx_u64(x279, x267, x264);
571 let (x282, x283) = fiat_p384_addcarryx_u64(x281, x265, x262);
572 let x284: u64 = ((x283 as u64) + x263);
573 let (x285, x286) = fiat_p384_addcarryx_u64(0x0, x246, x272);
574 let (x287, x288) = fiat_p384_addcarryx_u64(x286, x248, x274);
575 let (x289, x290) = fiat_p384_addcarryx_u64(x288, x250, x276);
576 let (x291, x292) = fiat_p384_addcarryx_u64(x290, x252, x278);
577 let (x293, x294) = fiat_p384_addcarryx_u64(x292, x254, x280);
578 let (x295, x296) = fiat_p384_addcarryx_u64(x294, x256, x282);
579 let (x297, x298) = fiat_p384_addcarryx_u64(x296, x258, x284);
580 let x299: u64 = ((x298 as u64) + (x259 as u64));
581 let (x300, x301) = fiat_p384_mulx_u64(x4, (arg1[5]));
582 let (x302, x303) = fiat_p384_mulx_u64(x4, (arg1[4]));
583 let (x304, x305) = fiat_p384_mulx_u64(x4, (arg1[3]));
584 let (x306, x307) = fiat_p384_mulx_u64(x4, (arg1[2]));
585 let (x308, x309) = fiat_p384_mulx_u64(x4, (arg1[1]));
586 let (x310, x311) = fiat_p384_mulx_u64(x4, (arg1[0]));
587 let (x312, x313) = fiat_p384_addcarryx_u64(0x0, x311, x308);
588 let (x314, x315) = fiat_p384_addcarryx_u64(x313, x309, x306);
589 let (x316, x317) = fiat_p384_addcarryx_u64(x315, x307, x304);
590 let (x318, x319) = fiat_p384_addcarryx_u64(x317, x305, x302);
591 let (x320, x321) = fiat_p384_addcarryx_u64(x319, x303, x300);
592 let x322: u64 = ((x321 as u64) + x301);
593 let (x323, x324) = fiat_p384_addcarryx_u64(0x0, x287, x310);
594 let (x325, x326) = fiat_p384_addcarryx_u64(x324, x289, x312);
595 let (x327, x328) = fiat_p384_addcarryx_u64(x326, x291, x314);
596 let (x329, x330) = fiat_p384_addcarryx_u64(x328, x293, x316);
597 let (x331, x332) = fiat_p384_addcarryx_u64(x330, x295, x318);
598 let (x333, x334) = fiat_p384_addcarryx_u64(x332, x297, x320);
599 let (x335, x336) = fiat_p384_addcarryx_u64(x334, x299, x322);
600 let (x337, x338) = fiat_p384_mulx_u64(x323, 0x100000001);
601 let (x339, x340) = fiat_p384_mulx_u64(x337, 0xffffffffffffffff);
602 let (x341, x342) = fiat_p384_mulx_u64(x337, 0xffffffffffffffff);
603 let (x343, x344) = fiat_p384_mulx_u64(x337, 0xffffffffffffffff);
604 let (x345, x346) = fiat_p384_mulx_u64(x337, 0xfffffffffffffffe);
605 let (x347, x348) = fiat_p384_mulx_u64(x337, 0xffffffff00000000);
606 let (x349, x350) = fiat_p384_mulx_u64(x337, 0xffffffff);
607 let (x351, x352) = fiat_p384_addcarryx_u64(0x0, x350, x347);
608 let (x353, x354) = fiat_p384_addcarryx_u64(x352, x348, x345);
609 let (x355, x356) = fiat_p384_addcarryx_u64(x354, x346, x343);
610 let (x357, x358) = fiat_p384_addcarryx_u64(x356, x344, x341);
611 let (x359, x360) = fiat_p384_addcarryx_u64(x358, x342, x339);
612 let x361: u64 = ((x360 as u64) + x340);
613 let (x362, x363) = fiat_p384_addcarryx_u64(0x0, x323, x349);
614 let (x364, x365) = fiat_p384_addcarryx_u64(x363, x325, x351);
615 let (x366, x367) = fiat_p384_addcarryx_u64(x365, x327, x353);
616 let (x368, x369) = fiat_p384_addcarryx_u64(x367, x329, x355);
617 let (x370, x371) = fiat_p384_addcarryx_u64(x369, x331, x357);
618 let (x372, x373) = fiat_p384_addcarryx_u64(x371, x333, x359);
619 let (x374, x375) = fiat_p384_addcarryx_u64(x373, x335, x361);
620 let x376: u64 = ((x375 as u64) + (x336 as u64));
621 let (x377, x378) = fiat_p384_mulx_u64(x5, (arg1[5]));
622 let (x379, x380) = fiat_p384_mulx_u64(x5, (arg1[4]));
623 let (x381, x382) = fiat_p384_mulx_u64(x5, (arg1[3]));
624 let (x383, x384) = fiat_p384_mulx_u64(x5, (arg1[2]));
625 let (x385, x386) = fiat_p384_mulx_u64(x5, (arg1[1]));
626 let (x387, x388) = fiat_p384_mulx_u64(x5, (arg1[0]));
627 let (x389, x390) = fiat_p384_addcarryx_u64(0x0, x388, x385);
628 let (x391, x392) = fiat_p384_addcarryx_u64(x390, x386, x383);
629 let (x393, x394) = fiat_p384_addcarryx_u64(x392, x384, x381);
630 let (x395, x396) = fiat_p384_addcarryx_u64(x394, x382, x379);
631 let (x397, x398) = fiat_p384_addcarryx_u64(x396, x380, x377);
632 let x399: u64 = ((x398 as u64) + x378);
633 let (x400, x401) = fiat_p384_addcarryx_u64(0x0, x364, x387);
634 let (x402, x403) = fiat_p384_addcarryx_u64(x401, x366, x389);
635 let (x404, x405) = fiat_p384_addcarryx_u64(x403, x368, x391);
636 let (x406, x407) = fiat_p384_addcarryx_u64(x405, x370, x393);
637 let (x408, x409) = fiat_p384_addcarryx_u64(x407, x372, x395);
638 let (x410, x411) = fiat_p384_addcarryx_u64(x409, x374, x397);
639 let (x412, x413) = fiat_p384_addcarryx_u64(x411, x376, x399);
640 let (x414, x415) = fiat_p384_mulx_u64(x400, 0x100000001);
641 let (x416, x417) = fiat_p384_mulx_u64(x414, 0xffffffffffffffff);
642 let (x418, x419) = fiat_p384_mulx_u64(x414, 0xffffffffffffffff);
643 let (x420, x421) = fiat_p384_mulx_u64(x414, 0xffffffffffffffff);
644 let (x422, x423) = fiat_p384_mulx_u64(x414, 0xfffffffffffffffe);
645 let (x424, x425) = fiat_p384_mulx_u64(x414, 0xffffffff00000000);
646 let (x426, x427) = fiat_p384_mulx_u64(x414, 0xffffffff);
647 let (x428, x429) = fiat_p384_addcarryx_u64(0x0, x427, x424);
648 let (x430, x431) = fiat_p384_addcarryx_u64(x429, x425, x422);
649 let (x432, x433) = fiat_p384_addcarryx_u64(x431, x423, x420);
650 let (x434, x435) = fiat_p384_addcarryx_u64(x433, x421, x418);
651 let (x436, x437) = fiat_p384_addcarryx_u64(x435, x419, x416);
652 let x438: u64 = ((x437 as u64) + x417);
653 let (x439, x440) = fiat_p384_addcarryx_u64(0x0, x400, x426);
654 let (x441, x442) = fiat_p384_addcarryx_u64(x440, x402, x428);
655 let (x443, x444) = fiat_p384_addcarryx_u64(x442, x404, x430);
656 let (x445, x446) = fiat_p384_addcarryx_u64(x444, x406, x432);
657 let (x447, x448) = fiat_p384_addcarryx_u64(x446, x408, x434);
658 let (x449, x450) = fiat_p384_addcarryx_u64(x448, x410, x436);
659 let (x451, x452) = fiat_p384_addcarryx_u64(x450, x412, x438);
660 let x453: u64 = ((x452 as u64) + (x413 as u64));
661 let (x454, x455) = fiat_p384_subborrowx_u64(0x0, x441, 0xffffffff);
662 let (x456, x457) = fiat_p384_subborrowx_u64(x455, x443, 0xffffffff00000000);
663 let (x458, x459) = fiat_p384_subborrowx_u64(x457, x445, 0xfffffffffffffffe);
664 let (x460, x461) = fiat_p384_subborrowx_u64(x459, x447, 0xffffffffffffffff);
665 let (x462, x463) = fiat_p384_subborrowx_u64(x461, x449, 0xffffffffffffffff);
666 let (x464, x465) = fiat_p384_subborrowx_u64(x463, x451, 0xffffffffffffffff);
667 let (x466, x467) = fiat_p384_subborrowx_u64(x465, x453, (0x0 as u64));
668 let (x468) = fiat_p384_cmovznz_u64(x467, x454, x441);
669 let (x469) = fiat_p384_cmovznz_u64(x467, x456, x443);
670 let (x470) = fiat_p384_cmovznz_u64(x467, x458, x445);
671 let (x471) = fiat_p384_cmovznz_u64(x467, x460, x447);
672 let (x472) = fiat_p384_cmovznz_u64(x467, x462, x449);
673 let (x473) = fiat_p384_cmovznz_u64(x467, x464, x451);
674 out1[0] = x468;
675 out1[1] = x469;
676 out1[2] = x470;
677 out1[3] = x471;
678 out1[4] = x472;
679 out1[5] = x473;
680 out1
681}
682#[doc = " The function fiat_p384_add adds two field elements in the Montgomery domain."]
683#[doc = ""]
684#[doc = " Preconditions:"]
685#[doc = " 0 ≤ eval arg1 < m"]
686#[doc = " 0 ≤ eval arg2 < m"]
687#[doc = " Postconditions:"]
688#[doc = " eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m"]
689#[doc = " 0 ≤ eval out1 < m"]
690#[doc = ""]
691#[inline]
692pub const fn fiat_p384_add(
693 arg1: &fiat_p384_montgomery_domain_field_element,
694 arg2: &fiat_p384_montgomery_domain_field_element,
695) -> fiat_p384_montgomery_domain_field_element {
696 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
697 let (x1, x2) = fiat_p384_addcarryx_u64(0x0, (arg1[0]), (arg2[0]));
698 let (x3, x4) = fiat_p384_addcarryx_u64(x2, (arg1[1]), (arg2[1]));
699 let (x5, x6) = fiat_p384_addcarryx_u64(x4, (arg1[2]), (arg2[2]));
700 let (x7, x8) = fiat_p384_addcarryx_u64(x6, (arg1[3]), (arg2[3]));
701 let (x9, x10) = fiat_p384_addcarryx_u64(x8, (arg1[4]), (arg2[4]));
702 let (x11, x12) = fiat_p384_addcarryx_u64(x10, (arg1[5]), (arg2[5]));
703 let (x13, x14) = fiat_p384_subborrowx_u64(0x0, x1, 0xffffffff);
704 let (x15, x16) = fiat_p384_subborrowx_u64(x14, x3, 0xffffffff00000000);
705 let (x17, x18) = fiat_p384_subborrowx_u64(x16, x5, 0xfffffffffffffffe);
706 let (x19, x20) = fiat_p384_subborrowx_u64(x18, x7, 0xffffffffffffffff);
707 let (x21, x22) = fiat_p384_subborrowx_u64(x20, x9, 0xffffffffffffffff);
708 let (x23, x24) = fiat_p384_subborrowx_u64(x22, x11, 0xffffffffffffffff);
709 let (x25, x26) = fiat_p384_subborrowx_u64(x24, (x12 as u64), (0x0 as u64));
710 let (x27) = fiat_p384_cmovznz_u64(x26, x13, x1);
711 let (x28) = fiat_p384_cmovznz_u64(x26, x15, x3);
712 let (x29) = fiat_p384_cmovznz_u64(x26, x17, x5);
713 let (x30) = fiat_p384_cmovznz_u64(x26, x19, x7);
714 let (x31) = fiat_p384_cmovznz_u64(x26, x21, x9);
715 let (x32) = fiat_p384_cmovznz_u64(x26, x23, x11);
716 out1[0] = x27;
717 out1[1] = x28;
718 out1[2] = x29;
719 out1[3] = x30;
720 out1[4] = x31;
721 out1[5] = x32;
722 out1
723}
724#[doc = " The function fiat_p384_sub subtracts two field elements in the Montgomery domain."]
725#[doc = ""]
726#[doc = " Preconditions:"]
727#[doc = " 0 ≤ eval arg1 < m"]
728#[doc = " 0 ≤ eval arg2 < m"]
729#[doc = " Postconditions:"]
730#[doc = " eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m"]
731#[doc = " 0 ≤ eval out1 < m"]
732#[doc = ""]
733#[inline]
734pub const fn fiat_p384_sub(
735 arg1: &fiat_p384_montgomery_domain_field_element,
736 arg2: &fiat_p384_montgomery_domain_field_element,
737) -> fiat_p384_montgomery_domain_field_element {
738 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
739 let (x1, x2) = fiat_p384_subborrowx_u64(0x0, (arg1[0]), (arg2[0]));
740 let (x3, x4) = fiat_p384_subborrowx_u64(x2, (arg1[1]), (arg2[1]));
741 let (x5, x6) = fiat_p384_subborrowx_u64(x4, (arg1[2]), (arg2[2]));
742 let (x7, x8) = fiat_p384_subborrowx_u64(x6, (arg1[3]), (arg2[3]));
743 let (x9, x10) = fiat_p384_subborrowx_u64(x8, (arg1[4]), (arg2[4]));
744 let (x11, x12) = fiat_p384_subborrowx_u64(x10, (arg1[5]), (arg2[5]));
745 let (x13) = fiat_p384_cmovznz_u64(x12, (0x0 as u64), 0xffffffffffffffff);
746 let (x14, x15) = fiat_p384_addcarryx_u64(0x0, x1, (x13 & 0xffffffff));
747 let (x16, x17) = fiat_p384_addcarryx_u64(x15, x3, (x13 & 0xffffffff00000000));
748 let (x18, x19) = fiat_p384_addcarryx_u64(x17, x5, (x13 & 0xfffffffffffffffe));
749 let (x20, x21) = fiat_p384_addcarryx_u64(x19, x7, x13);
750 let (x22, x23) = fiat_p384_addcarryx_u64(x21, x9, x13);
751 let (x24, x25) = fiat_p384_addcarryx_u64(x23, x11, x13);
752 out1[0] = x14;
753 out1[1] = x16;
754 out1[2] = x18;
755 out1[3] = x20;
756 out1[4] = x22;
757 out1[5] = x24;
758 out1
759}
760#[doc = " The function fiat_p384_opp negates a field element in the Montgomery domain."]
761#[doc = ""]
762#[doc = " Preconditions:"]
763#[doc = " 0 ≤ eval arg1 < m"]
764#[doc = " Postconditions:"]
765#[doc = " eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m"]
766#[doc = " 0 ≤ eval out1 < m"]
767#[doc = ""]
768#[inline]
769pub const fn fiat_p384_opp(
770 arg1: &fiat_p384_montgomery_domain_field_element,
771) -> fiat_p384_montgomery_domain_field_element {
772 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
773 let (x1, x2) = fiat_p384_subborrowx_u64(0x0, (0x0 as u64), (arg1[0]));
774 let (x3, x4) = fiat_p384_subborrowx_u64(x2, (0x0 as u64), (arg1[1]));
775 let (x5, x6) = fiat_p384_subborrowx_u64(x4, (0x0 as u64), (arg1[2]));
776 let (x7, x8) = fiat_p384_subborrowx_u64(x6, (0x0 as u64), (arg1[3]));
777 let (x9, x10) = fiat_p384_subborrowx_u64(x8, (0x0 as u64), (arg1[4]));
778 let (x11, x12) = fiat_p384_subborrowx_u64(x10, (0x0 as u64), (arg1[5]));
779 let (x13) = fiat_p384_cmovznz_u64(x12, (0x0 as u64), 0xffffffffffffffff);
780 let (x14, x15) = fiat_p384_addcarryx_u64(0x0, x1, (x13 & 0xffffffff));
781 let (x16, x17) = fiat_p384_addcarryx_u64(x15, x3, (x13 & 0xffffffff00000000));
782 let (x18, x19) = fiat_p384_addcarryx_u64(x17, x5, (x13 & 0xfffffffffffffffe));
783 let (x20, x21) = fiat_p384_addcarryx_u64(x19, x7, x13);
784 let (x22, x23) = fiat_p384_addcarryx_u64(x21, x9, x13);
785 let (x24, x25) = fiat_p384_addcarryx_u64(x23, x11, x13);
786 out1[0] = x14;
787 out1[1] = x16;
788 out1[2] = x18;
789 out1[3] = x20;
790 out1[4] = x22;
791 out1[5] = x24;
792 out1
793}
794#[doc = " The function fiat_p384_from_montgomery translates a field element out of the Montgomery domain."]
795#[doc = ""]
796#[doc = " Preconditions:"]
797#[doc = " 0 ≤ eval arg1 < m"]
798#[doc = " Postconditions:"]
799#[doc = " eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m"]
800#[doc = " 0 ≤ eval out1 < m"]
801#[doc = ""]
802#[inline]
803pub const fn fiat_p384_from_montgomery(
804 arg1: &fiat_p384_montgomery_domain_field_element,
805) -> fiat_p384_non_montgomery_domain_field_element {
806 let mut out1: fiat_p384_non_montgomery_domain_field_element = [0; 6];
807 let x1: u64 = (arg1[0]);
808 let (x2, x3) = fiat_p384_mulx_u64(x1, 0x100000001);
809 let (x4, x5) = fiat_p384_mulx_u64(x2, 0xffffffffffffffff);
810 let (x6, x7) = fiat_p384_mulx_u64(x2, 0xffffffffffffffff);
811 let (x8, x9) = fiat_p384_mulx_u64(x2, 0xffffffffffffffff);
812 let (x10, x11) = fiat_p384_mulx_u64(x2, 0xfffffffffffffffe);
813 let (x12, x13) = fiat_p384_mulx_u64(x2, 0xffffffff00000000);
814 let (x14, x15) = fiat_p384_mulx_u64(x2, 0xffffffff);
815 let (x16, x17) = fiat_p384_addcarryx_u64(0x0, x15, x12);
816 let (x18, x19) = fiat_p384_addcarryx_u64(x17, x13, x10);
817 let (x20, x21) = fiat_p384_addcarryx_u64(x19, x11, x8);
818 let (x22, x23) = fiat_p384_addcarryx_u64(x21, x9, x6);
819 let (x24, x25) = fiat_p384_addcarryx_u64(x23, x7, x4);
820 let (x26, x27) = fiat_p384_addcarryx_u64(0x0, x1, x14);
821 let (x28, x29) = fiat_p384_addcarryx_u64(x27, (0x0 as u64), x16);
822 let (x30, x31) = fiat_p384_addcarryx_u64(x29, (0x0 as u64), x18);
823 let (x32, x33) = fiat_p384_addcarryx_u64(x31, (0x0 as u64), x20);
824 let (x34, x35) = fiat_p384_addcarryx_u64(x33, (0x0 as u64), x22);
825 let (x36, x37) = fiat_p384_addcarryx_u64(x35, (0x0 as u64), x24);
826 let (x38, x39) = fiat_p384_addcarryx_u64(x37, (0x0 as u64), ((x25 as u64) + x5));
827 let (x40, x41) = fiat_p384_addcarryx_u64(0x0, x28, (arg1[1]));
828 let (x42, x43) = fiat_p384_addcarryx_u64(x41, x30, (0x0 as u64));
829 let (x44, x45) = fiat_p384_addcarryx_u64(x43, x32, (0x0 as u64));
830 let (x46, x47) = fiat_p384_addcarryx_u64(x45, x34, (0x0 as u64));
831 let (x48, x49) = fiat_p384_addcarryx_u64(x47, x36, (0x0 as u64));
832 let (x50, x51) = fiat_p384_addcarryx_u64(x49, x38, (0x0 as u64));
833 let (x52, x53) = fiat_p384_mulx_u64(x40, 0x100000001);
834 let (x54, x55) = fiat_p384_mulx_u64(x52, 0xffffffffffffffff);
835 let (x56, x57) = fiat_p384_mulx_u64(x52, 0xffffffffffffffff);
836 let (x58, x59) = fiat_p384_mulx_u64(x52, 0xffffffffffffffff);
837 let (x60, x61) = fiat_p384_mulx_u64(x52, 0xfffffffffffffffe);
838 let (x62, x63) = fiat_p384_mulx_u64(x52, 0xffffffff00000000);
839 let (x64, x65) = fiat_p384_mulx_u64(x52, 0xffffffff);
840 let (x66, x67) = fiat_p384_addcarryx_u64(0x0, x65, x62);
841 let (x68, x69) = fiat_p384_addcarryx_u64(x67, x63, x60);
842 let (x70, x71) = fiat_p384_addcarryx_u64(x69, x61, x58);
843 let (x72, x73) = fiat_p384_addcarryx_u64(x71, x59, x56);
844 let (x74, x75) = fiat_p384_addcarryx_u64(x73, x57, x54);
845 let (x76, x77) = fiat_p384_addcarryx_u64(0x0, x40, x64);
846 let (x78, x79) = fiat_p384_addcarryx_u64(x77, x42, x66);
847 let (x80, x81) = fiat_p384_addcarryx_u64(x79, x44, x68);
848 let (x82, x83) = fiat_p384_addcarryx_u64(x81, x46, x70);
849 let (x84, x85) = fiat_p384_addcarryx_u64(x83, x48, x72);
850 let (x86, x87) = fiat_p384_addcarryx_u64(x85, x50, x74);
851 let (x88, x89) =
852 fiat_p384_addcarryx_u64(x87, ((x51 as u64) + (x39 as u64)), ((x75 as u64) + x55));
853 let (x90, x91) = fiat_p384_addcarryx_u64(0x0, x78, (arg1[2]));
854 let (x92, x93) = fiat_p384_addcarryx_u64(x91, x80, (0x0 as u64));
855 let (x94, x95) = fiat_p384_addcarryx_u64(x93, x82, (0x0 as u64));
856 let (x96, x97) = fiat_p384_addcarryx_u64(x95, x84, (0x0 as u64));
857 let (x98, x99) = fiat_p384_addcarryx_u64(x97, x86, (0x0 as u64));
858 let (x100, x101) = fiat_p384_addcarryx_u64(x99, x88, (0x0 as u64));
859 let (x102, x103) = fiat_p384_mulx_u64(x90, 0x100000001);
860 let (x104, x105) = fiat_p384_mulx_u64(x102, 0xffffffffffffffff);
861 let (x106, x107) = fiat_p384_mulx_u64(x102, 0xffffffffffffffff);
862 let (x108, x109) = fiat_p384_mulx_u64(x102, 0xffffffffffffffff);
863 let (x110, x111) = fiat_p384_mulx_u64(x102, 0xfffffffffffffffe);
864 let (x112, x113) = fiat_p384_mulx_u64(x102, 0xffffffff00000000);
865 let (x114, x115) = fiat_p384_mulx_u64(x102, 0xffffffff);
866 let (x116, x117) = fiat_p384_addcarryx_u64(0x0, x115, x112);
867 let (x118, x119) = fiat_p384_addcarryx_u64(x117, x113, x110);
868 let (x120, x121) = fiat_p384_addcarryx_u64(x119, x111, x108);
869 let (x122, x123) = fiat_p384_addcarryx_u64(x121, x109, x106);
870 let (x124, x125) = fiat_p384_addcarryx_u64(x123, x107, x104);
871 let (x126, x127) = fiat_p384_addcarryx_u64(0x0, x90, x114);
872 let (x128, x129) = fiat_p384_addcarryx_u64(x127, x92, x116);
873 let (x130, x131) = fiat_p384_addcarryx_u64(x129, x94, x118);
874 let (x132, x133) = fiat_p384_addcarryx_u64(x131, x96, x120);
875 let (x134, x135) = fiat_p384_addcarryx_u64(x133, x98, x122);
876 let (x136, x137) = fiat_p384_addcarryx_u64(x135, x100, x124);
877 let (x138, x139) =
878 fiat_p384_addcarryx_u64(x137, ((x101 as u64) + (x89 as u64)), ((x125 as u64) + x105));
879 let (x140, x141) = fiat_p384_addcarryx_u64(0x0, x128, (arg1[3]));
880 let (x142, x143) = fiat_p384_addcarryx_u64(x141, x130, (0x0 as u64));
881 let (x144, x145) = fiat_p384_addcarryx_u64(x143, x132, (0x0 as u64));
882 let (x146, x147) = fiat_p384_addcarryx_u64(x145, x134, (0x0 as u64));
883 let (x148, x149) = fiat_p384_addcarryx_u64(x147, x136, (0x0 as u64));
884 let (x150, x151) = fiat_p384_addcarryx_u64(x149, x138, (0x0 as u64));
885 let (x152, x153) = fiat_p384_mulx_u64(x140, 0x100000001);
886 let (x154, x155) = fiat_p384_mulx_u64(x152, 0xffffffffffffffff);
887 let (x156, x157) = fiat_p384_mulx_u64(x152, 0xffffffffffffffff);
888 let (x158, x159) = fiat_p384_mulx_u64(x152, 0xffffffffffffffff);
889 let (x160, x161) = fiat_p384_mulx_u64(x152, 0xfffffffffffffffe);
890 let (x162, x163) = fiat_p384_mulx_u64(x152, 0xffffffff00000000);
891 let (x164, x165) = fiat_p384_mulx_u64(x152, 0xffffffff);
892 let (x166, x167) = fiat_p384_addcarryx_u64(0x0, x165, x162);
893 let (x168, x169) = fiat_p384_addcarryx_u64(x167, x163, x160);
894 let (x170, x171) = fiat_p384_addcarryx_u64(x169, x161, x158);
895 let (x172, x173) = fiat_p384_addcarryx_u64(x171, x159, x156);
896 let (x174, x175) = fiat_p384_addcarryx_u64(x173, x157, x154);
897 let (x176, x177) = fiat_p384_addcarryx_u64(0x0, x140, x164);
898 let (x178, x179) = fiat_p384_addcarryx_u64(x177, x142, x166);
899 let (x180, x181) = fiat_p384_addcarryx_u64(x179, x144, x168);
900 let (x182, x183) = fiat_p384_addcarryx_u64(x181, x146, x170);
901 let (x184, x185) = fiat_p384_addcarryx_u64(x183, x148, x172);
902 let (x186, x187) = fiat_p384_addcarryx_u64(x185, x150, x174);
903 let (x188, x189) = fiat_p384_addcarryx_u64(
904 x187,
905 ((x151 as u64) + (x139 as u64)),
906 ((x175 as u64) + x155),
907 );
908 let (x190, x191) = fiat_p384_addcarryx_u64(0x0, x178, (arg1[4]));
909 let (x192, x193) = fiat_p384_addcarryx_u64(x191, x180, (0x0 as u64));
910 let (x194, x195) = fiat_p384_addcarryx_u64(x193, x182, (0x0 as u64));
911 let (x196, x197) = fiat_p384_addcarryx_u64(x195, x184, (0x0 as u64));
912 let (x198, x199) = fiat_p384_addcarryx_u64(x197, x186, (0x0 as u64));
913 let (x200, x201) = fiat_p384_addcarryx_u64(x199, x188, (0x0 as u64));
914 let (x202, x203) = fiat_p384_mulx_u64(x190, 0x100000001);
915 let (x204, x205) = fiat_p384_mulx_u64(x202, 0xffffffffffffffff);
916 let (x206, x207) = fiat_p384_mulx_u64(x202, 0xffffffffffffffff);
917 let (x208, x209) = fiat_p384_mulx_u64(x202, 0xffffffffffffffff);
918 let (x210, x211) = fiat_p384_mulx_u64(x202, 0xfffffffffffffffe);
919 let (x212, x213) = fiat_p384_mulx_u64(x202, 0xffffffff00000000);
920 let (x214, x215) = fiat_p384_mulx_u64(x202, 0xffffffff);
921 let (x216, x217) = fiat_p384_addcarryx_u64(0x0, x215, x212);
922 let (x218, x219) = fiat_p384_addcarryx_u64(x217, x213, x210);
923 let (x220, x221) = fiat_p384_addcarryx_u64(x219, x211, x208);
924 let (x222, x223) = fiat_p384_addcarryx_u64(x221, x209, x206);
925 let (x224, x225) = fiat_p384_addcarryx_u64(x223, x207, x204);
926 let (x226, x227) = fiat_p384_addcarryx_u64(0x0, x190, x214);
927 let (x228, x229) = fiat_p384_addcarryx_u64(x227, x192, x216);
928 let (x230, x231) = fiat_p384_addcarryx_u64(x229, x194, x218);
929 let (x232, x233) = fiat_p384_addcarryx_u64(x231, x196, x220);
930 let (x234, x235) = fiat_p384_addcarryx_u64(x233, x198, x222);
931 let (x236, x237) = fiat_p384_addcarryx_u64(x235, x200, x224);
932 let (x238, x239) = fiat_p384_addcarryx_u64(
933 x237,
934 ((x201 as u64) + (x189 as u64)),
935 ((x225 as u64) + x205),
936 );
937 let (x240, x241) = fiat_p384_addcarryx_u64(0x0, x228, (arg1[5]));
938 let (x242, x243) = fiat_p384_addcarryx_u64(x241, x230, (0x0 as u64));
939 let (x244, x245) = fiat_p384_addcarryx_u64(x243, x232, (0x0 as u64));
940 let (x246, x247) = fiat_p384_addcarryx_u64(x245, x234, (0x0 as u64));
941 let (x248, x249) = fiat_p384_addcarryx_u64(x247, x236, (0x0 as u64));
942 let (x250, x251) = fiat_p384_addcarryx_u64(x249, x238, (0x0 as u64));
943 let (x252, x253) = fiat_p384_mulx_u64(x240, 0x100000001);
944 let (x254, x255) = fiat_p384_mulx_u64(x252, 0xffffffffffffffff);
945 let (x256, x257) = fiat_p384_mulx_u64(x252, 0xffffffffffffffff);
946 let (x258, x259) = fiat_p384_mulx_u64(x252, 0xffffffffffffffff);
947 let (x260, x261) = fiat_p384_mulx_u64(x252, 0xfffffffffffffffe);
948 let (x262, x263) = fiat_p384_mulx_u64(x252, 0xffffffff00000000);
949 let (x264, x265) = fiat_p384_mulx_u64(x252, 0xffffffff);
950 let (x266, x267) = fiat_p384_addcarryx_u64(0x0, x265, x262);
951 let (x268, x269) = fiat_p384_addcarryx_u64(x267, x263, x260);
952 let (x270, x271) = fiat_p384_addcarryx_u64(x269, x261, x258);
953 let (x272, x273) = fiat_p384_addcarryx_u64(x271, x259, x256);
954 let (x274, x275) = fiat_p384_addcarryx_u64(x273, x257, x254);
955 let (x276, x277) = fiat_p384_addcarryx_u64(0x0, x240, x264);
956 let (x278, x279) = fiat_p384_addcarryx_u64(x277, x242, x266);
957 let (x280, x281) = fiat_p384_addcarryx_u64(x279, x244, x268);
958 let (x282, x283) = fiat_p384_addcarryx_u64(x281, x246, x270);
959 let (x284, x285) = fiat_p384_addcarryx_u64(x283, x248, x272);
960 let (x286, x287) = fiat_p384_addcarryx_u64(x285, x250, x274);
961 let (x288, x289) = fiat_p384_addcarryx_u64(
962 x287,
963 ((x251 as u64) + (x239 as u64)),
964 ((x275 as u64) + x255),
965 );
966 let (x290, x291) = fiat_p384_subborrowx_u64(0x0, x278, 0xffffffff);
967 let (x292, x293) = fiat_p384_subborrowx_u64(x291, x280, 0xffffffff00000000);
968 let (x294, x295) = fiat_p384_subborrowx_u64(x293, x282, 0xfffffffffffffffe);
969 let (x296, x297) = fiat_p384_subborrowx_u64(x295, x284, 0xffffffffffffffff);
970 let (x298, x299) = fiat_p384_subborrowx_u64(x297, x286, 0xffffffffffffffff);
971 let (x300, x301) = fiat_p384_subborrowx_u64(x299, x288, 0xffffffffffffffff);
972 let (x302, x303) = fiat_p384_subborrowx_u64(x301, (x289 as u64), (0x0 as u64));
973 let (x304) = fiat_p384_cmovznz_u64(x303, x290, x278);
974 let (x305) = fiat_p384_cmovznz_u64(x303, x292, x280);
975 let (x306) = fiat_p384_cmovznz_u64(x303, x294, x282);
976 let (x307) = fiat_p384_cmovznz_u64(x303, x296, x284);
977 let (x308) = fiat_p384_cmovznz_u64(x303, x298, x286);
978 let (x309) = fiat_p384_cmovznz_u64(x303, x300, x288);
979 out1[0] = x304;
980 out1[1] = x305;
981 out1[2] = x306;
982 out1[3] = x307;
983 out1[4] = x308;
984 out1[5] = x309;
985 out1
986}
987#[doc = " The function fiat_p384_to_montgomery translates a field element into the Montgomery domain."]
988#[doc = ""]
989#[doc = " Preconditions:"]
990#[doc = " 0 ≤ eval arg1 < m"]
991#[doc = " Postconditions:"]
992#[doc = " eval (from_montgomery out1) mod m = eval arg1 mod m"]
993#[doc = " 0 ≤ eval out1 < m"]
994#[doc = ""]
995#[inline]
996pub const fn fiat_p384_to_montgomery(
997 arg1: &fiat_p384_non_montgomery_domain_field_element,
998) -> fiat_p384_montgomery_domain_field_element {
999 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
1000 let x1: u64 = (arg1[1]);
1001 let x2: u64 = (arg1[2]);
1002 let x3: u64 = (arg1[3]);
1003 let x4: u64 = (arg1[4]);
1004 let x5: u64 = (arg1[5]);
1005 let x6: u64 = (arg1[0]);
1006 let (x7, x8) = fiat_p384_mulx_u64(x6, 0x200000000);
1007 let (x9, x10) = fiat_p384_mulx_u64(x6, 0xfffffffe00000000);
1008 let (x11, x12) = fiat_p384_mulx_u64(x6, 0x200000000);
1009 let (x13, x14) = fiat_p384_mulx_u64(x6, 0xfffffffe00000001);
1010 let (x15, x16) = fiat_p384_addcarryx_u64(0x0, x14, x11);
1011 let (x17, x18) = fiat_p384_addcarryx_u64(x16, x12, x9);
1012 let (x19, x20) = fiat_p384_addcarryx_u64(x18, x10, x7);
1013 let (x21, x22) = fiat_p384_addcarryx_u64(x20, x8, x6);
1014 let (x23, x24) = fiat_p384_mulx_u64(x13, 0x100000001);
1015 let (x25, x26) = fiat_p384_mulx_u64(x23, 0xffffffffffffffff);
1016 let (x27, x28) = fiat_p384_mulx_u64(x23, 0xffffffffffffffff);
1017 let (x29, x30) = fiat_p384_mulx_u64(x23, 0xffffffffffffffff);
1018 let (x31, x32) = fiat_p384_mulx_u64(x23, 0xfffffffffffffffe);
1019 let (x33, x34) = fiat_p384_mulx_u64(x23, 0xffffffff00000000);
1020 let (x35, x36) = fiat_p384_mulx_u64(x23, 0xffffffff);
1021 let (x37, x38) = fiat_p384_addcarryx_u64(0x0, x36, x33);
1022 let (x39, x40) = fiat_p384_addcarryx_u64(x38, x34, x31);
1023 let (x41, x42) = fiat_p384_addcarryx_u64(x40, x32, x29);
1024 let (x43, x44) = fiat_p384_addcarryx_u64(x42, x30, x27);
1025 let (x45, x46) = fiat_p384_addcarryx_u64(x44, x28, x25);
1026 let (x47, x48) = fiat_p384_addcarryx_u64(0x0, x13, x35);
1027 let (x49, x50) = fiat_p384_addcarryx_u64(x48, x15, x37);
1028 let (x51, x52) = fiat_p384_addcarryx_u64(x50, x17, x39);
1029 let (x53, x54) = fiat_p384_addcarryx_u64(x52, x19, x41);
1030 let (x55, x56) = fiat_p384_addcarryx_u64(x54, x21, x43);
1031 let (x57, x58) = fiat_p384_addcarryx_u64(x56, (x22 as u64), x45);
1032 let (x59, x60) = fiat_p384_addcarryx_u64(x58, (0x0 as u64), ((x46 as u64) + x26));
1033 let (x61, x62) = fiat_p384_mulx_u64(x1, 0x200000000);
1034 let (x63, x64) = fiat_p384_mulx_u64(x1, 0xfffffffe00000000);
1035 let (x65, x66) = fiat_p384_mulx_u64(x1, 0x200000000);
1036 let (x67, x68) = fiat_p384_mulx_u64(x1, 0xfffffffe00000001);
1037 let (x69, x70) = fiat_p384_addcarryx_u64(0x0, x68, x65);
1038 let (x71, x72) = fiat_p384_addcarryx_u64(x70, x66, x63);
1039 let (x73, x74) = fiat_p384_addcarryx_u64(x72, x64, x61);
1040 let (x75, x76) = fiat_p384_addcarryx_u64(x74, x62, x1);
1041 let (x77, x78) = fiat_p384_addcarryx_u64(0x0, x49, x67);
1042 let (x79, x80) = fiat_p384_addcarryx_u64(x78, x51, x69);
1043 let (x81, x82) = fiat_p384_addcarryx_u64(x80, x53, x71);
1044 let (x83, x84) = fiat_p384_addcarryx_u64(x82, x55, x73);
1045 let (x85, x86) = fiat_p384_addcarryx_u64(x84, x57, x75);
1046 let (x87, x88) = fiat_p384_addcarryx_u64(x86, x59, (x76 as u64));
1047 let (x89, x90) = fiat_p384_mulx_u64(x77, 0x100000001);
1048 let (x91, x92) = fiat_p384_mulx_u64(x89, 0xffffffffffffffff);
1049 let (x93, x94) = fiat_p384_mulx_u64(x89, 0xffffffffffffffff);
1050 let (x95, x96) = fiat_p384_mulx_u64(x89, 0xffffffffffffffff);
1051 let (x97, x98) = fiat_p384_mulx_u64(x89, 0xfffffffffffffffe);
1052 let (x99, x100) = fiat_p384_mulx_u64(x89, 0xffffffff00000000);
1053 let (x101, x102) = fiat_p384_mulx_u64(x89, 0xffffffff);
1054 let (x103, x104) = fiat_p384_addcarryx_u64(0x0, x102, x99);
1055 let (x105, x106) = fiat_p384_addcarryx_u64(x104, x100, x97);
1056 let (x107, x108) = fiat_p384_addcarryx_u64(x106, x98, x95);
1057 let (x109, x110) = fiat_p384_addcarryx_u64(x108, x96, x93);
1058 let (x111, x112) = fiat_p384_addcarryx_u64(x110, x94, x91);
1059 let (x113, x114) = fiat_p384_addcarryx_u64(0x0, x77, x101);
1060 let (x115, x116) = fiat_p384_addcarryx_u64(x114, x79, x103);
1061 let (x117, x118) = fiat_p384_addcarryx_u64(x116, x81, x105);
1062 let (x119, x120) = fiat_p384_addcarryx_u64(x118, x83, x107);
1063 let (x121, x122) = fiat_p384_addcarryx_u64(x120, x85, x109);
1064 let (x123, x124) = fiat_p384_addcarryx_u64(x122, x87, x111);
1065 let (x125, x126) =
1066 fiat_p384_addcarryx_u64(x124, ((x88 as u64) + (x60 as u64)), ((x112 as u64) + x92));
1067 let (x127, x128) = fiat_p384_mulx_u64(x2, 0x200000000);
1068 let (x129, x130) = fiat_p384_mulx_u64(x2, 0xfffffffe00000000);
1069 let (x131, x132) = fiat_p384_mulx_u64(x2, 0x200000000);
1070 let (x133, x134) = fiat_p384_mulx_u64(x2, 0xfffffffe00000001);
1071 let (x135, x136) = fiat_p384_addcarryx_u64(0x0, x134, x131);
1072 let (x137, x138) = fiat_p384_addcarryx_u64(x136, x132, x129);
1073 let (x139, x140) = fiat_p384_addcarryx_u64(x138, x130, x127);
1074 let (x141, x142) = fiat_p384_addcarryx_u64(x140, x128, x2);
1075 let (x143, x144) = fiat_p384_addcarryx_u64(0x0, x115, x133);
1076 let (x145, x146) = fiat_p384_addcarryx_u64(x144, x117, x135);
1077 let (x147, x148) = fiat_p384_addcarryx_u64(x146, x119, x137);
1078 let (x149, x150) = fiat_p384_addcarryx_u64(x148, x121, x139);
1079 let (x151, x152) = fiat_p384_addcarryx_u64(x150, x123, x141);
1080 let (x153, x154) = fiat_p384_addcarryx_u64(x152, x125, (x142 as u64));
1081 let (x155, x156) = fiat_p384_mulx_u64(x143, 0x100000001);
1082 let (x157, x158) = fiat_p384_mulx_u64(x155, 0xffffffffffffffff);
1083 let (x159, x160) = fiat_p384_mulx_u64(x155, 0xffffffffffffffff);
1084 let (x161, x162) = fiat_p384_mulx_u64(x155, 0xffffffffffffffff);
1085 let (x163, x164) = fiat_p384_mulx_u64(x155, 0xfffffffffffffffe);
1086 let (x165, x166) = fiat_p384_mulx_u64(x155, 0xffffffff00000000);
1087 let (x167, x168) = fiat_p384_mulx_u64(x155, 0xffffffff);
1088 let (x169, x170) = fiat_p384_addcarryx_u64(0x0, x168, x165);
1089 let (x171, x172) = fiat_p384_addcarryx_u64(x170, x166, x163);
1090 let (x173, x174) = fiat_p384_addcarryx_u64(x172, x164, x161);
1091 let (x175, x176) = fiat_p384_addcarryx_u64(x174, x162, x159);
1092 let (x177, x178) = fiat_p384_addcarryx_u64(x176, x160, x157);
1093 let (x179, x180) = fiat_p384_addcarryx_u64(0x0, x143, x167);
1094 let (x181, x182) = fiat_p384_addcarryx_u64(x180, x145, x169);
1095 let (x183, x184) = fiat_p384_addcarryx_u64(x182, x147, x171);
1096 let (x185, x186) = fiat_p384_addcarryx_u64(x184, x149, x173);
1097 let (x187, x188) = fiat_p384_addcarryx_u64(x186, x151, x175);
1098 let (x189, x190) = fiat_p384_addcarryx_u64(x188, x153, x177);
1099 let (x191, x192) = fiat_p384_addcarryx_u64(
1100 x190,
1101 ((x154 as u64) + (x126 as u64)),
1102 ((x178 as u64) + x158),
1103 );
1104 let (x193, x194) = fiat_p384_mulx_u64(x3, 0x200000000);
1105 let (x195, x196) = fiat_p384_mulx_u64(x3, 0xfffffffe00000000);
1106 let (x197, x198) = fiat_p384_mulx_u64(x3, 0x200000000);
1107 let (x199, x200) = fiat_p384_mulx_u64(x3, 0xfffffffe00000001);
1108 let (x201, x202) = fiat_p384_addcarryx_u64(0x0, x200, x197);
1109 let (x203, x204) = fiat_p384_addcarryx_u64(x202, x198, x195);
1110 let (x205, x206) = fiat_p384_addcarryx_u64(x204, x196, x193);
1111 let (x207, x208) = fiat_p384_addcarryx_u64(x206, x194, x3);
1112 let (x209, x210) = fiat_p384_addcarryx_u64(0x0, x181, x199);
1113 let (x211, x212) = fiat_p384_addcarryx_u64(x210, x183, x201);
1114 let (x213, x214) = fiat_p384_addcarryx_u64(x212, x185, x203);
1115 let (x215, x216) = fiat_p384_addcarryx_u64(x214, x187, x205);
1116 let (x217, x218) = fiat_p384_addcarryx_u64(x216, x189, x207);
1117 let (x219, x220) = fiat_p384_addcarryx_u64(x218, x191, (x208 as u64));
1118 let (x221, x222) = fiat_p384_mulx_u64(x209, 0x100000001);
1119 let (x223, x224) = fiat_p384_mulx_u64(x221, 0xffffffffffffffff);
1120 let (x225, x226) = fiat_p384_mulx_u64(x221, 0xffffffffffffffff);
1121 let (x227, x228) = fiat_p384_mulx_u64(x221, 0xffffffffffffffff);
1122 let (x229, x230) = fiat_p384_mulx_u64(x221, 0xfffffffffffffffe);
1123 let (x231, x232) = fiat_p384_mulx_u64(x221, 0xffffffff00000000);
1124 let (x233, x234) = fiat_p384_mulx_u64(x221, 0xffffffff);
1125 let (x235, x236) = fiat_p384_addcarryx_u64(0x0, x234, x231);
1126 let (x237, x238) = fiat_p384_addcarryx_u64(x236, x232, x229);
1127 let (x239, x240) = fiat_p384_addcarryx_u64(x238, x230, x227);
1128 let (x241, x242) = fiat_p384_addcarryx_u64(x240, x228, x225);
1129 let (x243, x244) = fiat_p384_addcarryx_u64(x242, x226, x223);
1130 let (x245, x246) = fiat_p384_addcarryx_u64(0x0, x209, x233);
1131 let (x247, x248) = fiat_p384_addcarryx_u64(x246, x211, x235);
1132 let (x249, x250) = fiat_p384_addcarryx_u64(x248, x213, x237);
1133 let (x251, x252) = fiat_p384_addcarryx_u64(x250, x215, x239);
1134 let (x253, x254) = fiat_p384_addcarryx_u64(x252, x217, x241);
1135 let (x255, x256) = fiat_p384_addcarryx_u64(x254, x219, x243);
1136 let (x257, x258) = fiat_p384_addcarryx_u64(
1137 x256,
1138 ((x220 as u64) + (x192 as u64)),
1139 ((x244 as u64) + x224),
1140 );
1141 let (x259, x260) = fiat_p384_mulx_u64(x4, 0x200000000);
1142 let (x261, x262) = fiat_p384_mulx_u64(x4, 0xfffffffe00000000);
1143 let (x263, x264) = fiat_p384_mulx_u64(x4, 0x200000000);
1144 let (x265, x266) = fiat_p384_mulx_u64(x4, 0xfffffffe00000001);
1145 let (x267, x268) = fiat_p384_addcarryx_u64(0x0, x266, x263);
1146 let (x269, x270) = fiat_p384_addcarryx_u64(x268, x264, x261);
1147 let (x271, x272) = fiat_p384_addcarryx_u64(x270, x262, x259);
1148 let (x273, x274) = fiat_p384_addcarryx_u64(x272, x260, x4);
1149 let (x275, x276) = fiat_p384_addcarryx_u64(0x0, x247, x265);
1150 let (x277, x278) = fiat_p384_addcarryx_u64(x276, x249, x267);
1151 let (x279, x280) = fiat_p384_addcarryx_u64(x278, x251, x269);
1152 let (x281, x282) = fiat_p384_addcarryx_u64(x280, x253, x271);
1153 let (x283, x284) = fiat_p384_addcarryx_u64(x282, x255, x273);
1154 let (x285, x286) = fiat_p384_addcarryx_u64(x284, x257, (x274 as u64));
1155 let (x287, x288) = fiat_p384_mulx_u64(x275, 0x100000001);
1156 let (x289, x290) = fiat_p384_mulx_u64(x287, 0xffffffffffffffff);
1157 let (x291, x292) = fiat_p384_mulx_u64(x287, 0xffffffffffffffff);
1158 let (x293, x294) = fiat_p384_mulx_u64(x287, 0xffffffffffffffff);
1159 let (x295, x296) = fiat_p384_mulx_u64(x287, 0xfffffffffffffffe);
1160 let (x297, x298) = fiat_p384_mulx_u64(x287, 0xffffffff00000000);
1161 let (x299, x300) = fiat_p384_mulx_u64(x287, 0xffffffff);
1162 let (x301, x302) = fiat_p384_addcarryx_u64(0x0, x300, x297);
1163 let (x303, x304) = fiat_p384_addcarryx_u64(x302, x298, x295);
1164 let (x305, x306) = fiat_p384_addcarryx_u64(x304, x296, x293);
1165 let (x307, x308) = fiat_p384_addcarryx_u64(x306, x294, x291);
1166 let (x309, x310) = fiat_p384_addcarryx_u64(x308, x292, x289);
1167 let (x311, x312) = fiat_p384_addcarryx_u64(0x0, x275, x299);
1168 let (x313, x314) = fiat_p384_addcarryx_u64(x312, x277, x301);
1169 let (x315, x316) = fiat_p384_addcarryx_u64(x314, x279, x303);
1170 let (x317, x318) = fiat_p384_addcarryx_u64(x316, x281, x305);
1171 let (x319, x320) = fiat_p384_addcarryx_u64(x318, x283, x307);
1172 let (x321, x322) = fiat_p384_addcarryx_u64(x320, x285, x309);
1173 let (x323, x324) = fiat_p384_addcarryx_u64(
1174 x322,
1175 ((x286 as u64) + (x258 as u64)),
1176 ((x310 as u64) + x290),
1177 );
1178 let (x325, x326) = fiat_p384_mulx_u64(x5, 0x200000000);
1179 let (x327, x328) = fiat_p384_mulx_u64(x5, 0xfffffffe00000000);
1180 let (x329, x330) = fiat_p384_mulx_u64(x5, 0x200000000);
1181 let (x331, x332) = fiat_p384_mulx_u64(x5, 0xfffffffe00000001);
1182 let (x333, x334) = fiat_p384_addcarryx_u64(0x0, x332, x329);
1183 let (x335, x336) = fiat_p384_addcarryx_u64(x334, x330, x327);
1184 let (x337, x338) = fiat_p384_addcarryx_u64(x336, x328, x325);
1185 let (x339, x340) = fiat_p384_addcarryx_u64(x338, x326, x5);
1186 let (x341, x342) = fiat_p384_addcarryx_u64(0x0, x313, x331);
1187 let (x343, x344) = fiat_p384_addcarryx_u64(x342, x315, x333);
1188 let (x345, x346) = fiat_p384_addcarryx_u64(x344, x317, x335);
1189 let (x347, x348) = fiat_p384_addcarryx_u64(x346, x319, x337);
1190 let (x349, x350) = fiat_p384_addcarryx_u64(x348, x321, x339);
1191 let (x351, x352) = fiat_p384_addcarryx_u64(x350, x323, (x340 as u64));
1192 let (x353, x354) = fiat_p384_mulx_u64(x341, 0x100000001);
1193 let (x355, x356) = fiat_p384_mulx_u64(x353, 0xffffffffffffffff);
1194 let (x357, x358) = fiat_p384_mulx_u64(x353, 0xffffffffffffffff);
1195 let (x359, x360) = fiat_p384_mulx_u64(x353, 0xffffffffffffffff);
1196 let (x361, x362) = fiat_p384_mulx_u64(x353, 0xfffffffffffffffe);
1197 let (x363, x364) = fiat_p384_mulx_u64(x353, 0xffffffff00000000);
1198 let (x365, x366) = fiat_p384_mulx_u64(x353, 0xffffffff);
1199 let (x367, x368) = fiat_p384_addcarryx_u64(0x0, x366, x363);
1200 let (x369, x370) = fiat_p384_addcarryx_u64(x368, x364, x361);
1201 let (x371, x372) = fiat_p384_addcarryx_u64(x370, x362, x359);
1202 let (x373, x374) = fiat_p384_addcarryx_u64(x372, x360, x357);
1203 let (x375, x376) = fiat_p384_addcarryx_u64(x374, x358, x355);
1204 let (x377, x378) = fiat_p384_addcarryx_u64(0x0, x341, x365);
1205 let (x379, x380) = fiat_p384_addcarryx_u64(x378, x343, x367);
1206 let (x381, x382) = fiat_p384_addcarryx_u64(x380, x345, x369);
1207 let (x383, x384) = fiat_p384_addcarryx_u64(x382, x347, x371);
1208 let (x385, x386) = fiat_p384_addcarryx_u64(x384, x349, x373);
1209 let (x387, x388) = fiat_p384_addcarryx_u64(x386, x351, x375);
1210 let (x389, x390) = fiat_p384_addcarryx_u64(
1211 x388,
1212 ((x352 as u64) + (x324 as u64)),
1213 ((x376 as u64) + x356),
1214 );
1215 let (x391, x392) = fiat_p384_subborrowx_u64(0x0, x379, 0xffffffff);
1216 let (x393, x394) = fiat_p384_subborrowx_u64(x392, x381, 0xffffffff00000000);
1217 let (x395, x396) = fiat_p384_subborrowx_u64(x394, x383, 0xfffffffffffffffe);
1218 let (x397, x398) = fiat_p384_subborrowx_u64(x396, x385, 0xffffffffffffffff);
1219 let (x399, x400) = fiat_p384_subborrowx_u64(x398, x387, 0xffffffffffffffff);
1220 let (x401, x402) = fiat_p384_subborrowx_u64(x400, x389, 0xffffffffffffffff);
1221 let (x403, x404) = fiat_p384_subborrowx_u64(x402, (x390 as u64), (0x0 as u64));
1222 let (x405) = fiat_p384_cmovznz_u64(x404, x391, x379);
1223 let (x406) = fiat_p384_cmovznz_u64(x404, x393, x381);
1224 let (x407) = fiat_p384_cmovznz_u64(x404, x395, x383);
1225 let (x408) = fiat_p384_cmovznz_u64(x404, x397, x385);
1226 let (x409) = fiat_p384_cmovznz_u64(x404, x399, x387);
1227 let (x410) = fiat_p384_cmovznz_u64(x404, x401, x389);
1228 out1[0] = x405;
1229 out1[1] = x406;
1230 out1[2] = x407;
1231 out1[3] = x408;
1232 out1[4] = x409;
1233 out1[5] = x410;
1234 out1
1235}
1236#[doc = " The function fiat_p384_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise."]
1237#[doc = ""]
1238#[doc = " Preconditions:"]
1239#[doc = " 0 ≤ eval arg1 < m"]
1240#[doc = " Postconditions:"]
1241#[doc = " out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0"]
1242#[doc = ""]
1243#[doc = " Input Bounds:"]
1244#[doc = " arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1245#[doc = " Output Bounds:"]
1246#[doc = " out1: [0x0 ~> 0xffffffffffffffff]"]
1247#[inline]
1248pub const fn fiat_p384_nonzero(arg1: &[u64; 6]) -> u64 {
1249 let mut out1: u64 = 0;
1250 let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5]))))));
1251 out1 = x1;
1252 out1
1253}
1254#[doc = " The function fiat_p384_selectznz is a multi-limb conditional select."]
1255#[doc = ""]
1256#[doc = " Postconditions:"]
1257#[doc = " eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)"]
1258#[doc = ""]
1259#[doc = " Input Bounds:"]
1260#[doc = " arg1: [0x0 ~> 0x1]"]
1261#[doc = " arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1262#[doc = " arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1263#[doc = " Output Bounds:"]
1264#[doc = " out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1265#[inline]
1266pub const fn fiat_p384_selectznz(arg1: fiat_p384_u1, arg2: &[u64; 6], arg3: &[u64; 6]) -> [u64; 6] {
1267 let mut out1: [u64; 6] = [0; 6];
1268 let (x1) = fiat_p384_cmovznz_u64(arg1, (arg2[0]), (arg3[0]));
1269 let (x2) = fiat_p384_cmovznz_u64(arg1, (arg2[1]), (arg3[1]));
1270 let (x3) = fiat_p384_cmovznz_u64(arg1, (arg2[2]), (arg3[2]));
1271 let (x4) = fiat_p384_cmovznz_u64(arg1, (arg2[3]), (arg3[3]));
1272 let (x5) = fiat_p384_cmovznz_u64(arg1, (arg2[4]), (arg3[4]));
1273 let (x6) = fiat_p384_cmovznz_u64(arg1, (arg2[5]), (arg3[5]));
1274 out1[0] = x1;
1275 out1[1] = x2;
1276 out1[2] = x3;
1277 out1[3] = x4;
1278 out1[4] = x5;
1279 out1[5] = x6;
1280 out1
1281}
1282#[doc = " The function fiat_p384_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order."]
1283#[doc = ""]
1284#[doc = " Preconditions:"]
1285#[doc = " 0 ≤ eval arg1 < m"]
1286#[doc = " Postconditions:"]
1287#[doc = " out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47]"]
1288#[doc = ""]
1289#[doc = " Input Bounds:"]
1290#[doc = " arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1291#[doc = " Output Bounds:"]
1292#[doc = " out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]"]
1293#[inline]
1294pub const fn fiat_p384_to_bytes(arg1: &[u64; 6]) -> [u8; 48] {
1295 let mut out1: [u8; 48] = [0; 48];
1296 let x1: u64 = (arg1[5]);
1297 let x2: u64 = (arg1[4]);
1298 let x3: u64 = (arg1[3]);
1299 let x4: u64 = (arg1[2]);
1300 let x5: u64 = (arg1[1]);
1301 let x6: u64 = (arg1[0]);
1302 let x7: u8 = ((x6 & (0xff as u64)) as u8);
1303 let x8: u64 = (x6 >> 8);
1304 let x9: u8 = ((x8 & (0xff as u64)) as u8);
1305 let x10: u64 = (x8 >> 8);
1306 let x11: u8 = ((x10 & (0xff as u64)) as u8);
1307 let x12: u64 = (x10 >> 8);
1308 let x13: u8 = ((x12 & (0xff as u64)) as u8);
1309 let x14: u64 = (x12 >> 8);
1310 let x15: u8 = ((x14 & (0xff as u64)) as u8);
1311 let x16: u64 = (x14 >> 8);
1312 let x17: u8 = ((x16 & (0xff as u64)) as u8);
1313 let x18: u64 = (x16 >> 8);
1314 let x19: u8 = ((x18 & (0xff as u64)) as u8);
1315 let x20: u8 = ((x18 >> 8) as u8);
1316 let x21: u8 = ((x5 & (0xff as u64)) as u8);
1317 let x22: u64 = (x5 >> 8);
1318 let x23: u8 = ((x22 & (0xff as u64)) as u8);
1319 let x24: u64 = (x22 >> 8);
1320 let x25: u8 = ((x24 & (0xff as u64)) as u8);
1321 let x26: u64 = (x24 >> 8);
1322 let x27: u8 = ((x26 & (0xff as u64)) as u8);
1323 let x28: u64 = (x26 >> 8);
1324 let x29: u8 = ((x28 & (0xff as u64)) as u8);
1325 let x30: u64 = (x28 >> 8);
1326 let x31: u8 = ((x30 & (0xff as u64)) as u8);
1327 let x32: u64 = (x30 >> 8);
1328 let x33: u8 = ((x32 & (0xff as u64)) as u8);
1329 let x34: u8 = ((x32 >> 8) as u8);
1330 let x35: u8 = ((x4 & (0xff as u64)) as u8);
1331 let x36: u64 = (x4 >> 8);
1332 let x37: u8 = ((x36 & (0xff as u64)) as u8);
1333 let x38: u64 = (x36 >> 8);
1334 let x39: u8 = ((x38 & (0xff as u64)) as u8);
1335 let x40: u64 = (x38 >> 8);
1336 let x41: u8 = ((x40 & (0xff as u64)) as u8);
1337 let x42: u64 = (x40 >> 8);
1338 let x43: u8 = ((x42 & (0xff as u64)) as u8);
1339 let x44: u64 = (x42 >> 8);
1340 let x45: u8 = ((x44 & (0xff as u64)) as u8);
1341 let x46: u64 = (x44 >> 8);
1342 let x47: u8 = ((x46 & (0xff as u64)) as u8);
1343 let x48: u8 = ((x46 >> 8) as u8);
1344 let x49: u8 = ((x3 & (0xff as u64)) as u8);
1345 let x50: u64 = (x3 >> 8);
1346 let x51: u8 = ((x50 & (0xff as u64)) as u8);
1347 let x52: u64 = (x50 >> 8);
1348 let x53: u8 = ((x52 & (0xff as u64)) as u8);
1349 let x54: u64 = (x52 >> 8);
1350 let x55: u8 = ((x54 & (0xff as u64)) as u8);
1351 let x56: u64 = (x54 >> 8);
1352 let x57: u8 = ((x56 & (0xff as u64)) as u8);
1353 let x58: u64 = (x56 >> 8);
1354 let x59: u8 = ((x58 & (0xff as u64)) as u8);
1355 let x60: u64 = (x58 >> 8);
1356 let x61: u8 = ((x60 & (0xff as u64)) as u8);
1357 let x62: u8 = ((x60 >> 8) as u8);
1358 let x63: u8 = ((x2 & (0xff as u64)) as u8);
1359 let x64: u64 = (x2 >> 8);
1360 let x65: u8 = ((x64 & (0xff as u64)) as u8);
1361 let x66: u64 = (x64 >> 8);
1362 let x67: u8 = ((x66 & (0xff as u64)) as u8);
1363 let x68: u64 = (x66 >> 8);
1364 let x69: u8 = ((x68 & (0xff as u64)) as u8);
1365 let x70: u64 = (x68 >> 8);
1366 let x71: u8 = ((x70 & (0xff as u64)) as u8);
1367 let x72: u64 = (x70 >> 8);
1368 let x73: u8 = ((x72 & (0xff as u64)) as u8);
1369 let x74: u64 = (x72 >> 8);
1370 let x75: u8 = ((x74 & (0xff as u64)) as u8);
1371 let x76: u8 = ((x74 >> 8) as u8);
1372 let x77: u8 = ((x1 & (0xff as u64)) as u8);
1373 let x78: u64 = (x1 >> 8);
1374 let x79: u8 = ((x78 & (0xff as u64)) as u8);
1375 let x80: u64 = (x78 >> 8);
1376 let x81: u8 = ((x80 & (0xff as u64)) as u8);
1377 let x82: u64 = (x80 >> 8);
1378 let x83: u8 = ((x82 & (0xff as u64)) as u8);
1379 let x84: u64 = (x82 >> 8);
1380 let x85: u8 = ((x84 & (0xff as u64)) as u8);
1381 let x86: u64 = (x84 >> 8);
1382 let x87: u8 = ((x86 & (0xff as u64)) as u8);
1383 let x88: u64 = (x86 >> 8);
1384 let x89: u8 = ((x88 & (0xff as u64)) as u8);
1385 let x90: u8 = ((x88 >> 8) as u8);
1386 out1[0] = x7;
1387 out1[1] = x9;
1388 out1[2] = x11;
1389 out1[3] = x13;
1390 out1[4] = x15;
1391 out1[5] = x17;
1392 out1[6] = x19;
1393 out1[7] = x20;
1394 out1[8] = x21;
1395 out1[9] = x23;
1396 out1[10] = x25;
1397 out1[11] = x27;
1398 out1[12] = x29;
1399 out1[13] = x31;
1400 out1[14] = x33;
1401 out1[15] = x34;
1402 out1[16] = x35;
1403 out1[17] = x37;
1404 out1[18] = x39;
1405 out1[19] = x41;
1406 out1[20] = x43;
1407 out1[21] = x45;
1408 out1[22] = x47;
1409 out1[23] = x48;
1410 out1[24] = x49;
1411 out1[25] = x51;
1412 out1[26] = x53;
1413 out1[27] = x55;
1414 out1[28] = x57;
1415 out1[29] = x59;
1416 out1[30] = x61;
1417 out1[31] = x62;
1418 out1[32] = x63;
1419 out1[33] = x65;
1420 out1[34] = x67;
1421 out1[35] = x69;
1422 out1[36] = x71;
1423 out1[37] = x73;
1424 out1[38] = x75;
1425 out1[39] = x76;
1426 out1[40] = x77;
1427 out1[41] = x79;
1428 out1[42] = x81;
1429 out1[43] = x83;
1430 out1[44] = x85;
1431 out1[45] = x87;
1432 out1[46] = x89;
1433 out1[47] = x90;
1434 out1
1435}
1436#[doc = " The function fiat_p384_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order."]
1437#[doc = ""]
1438#[doc = " Preconditions:"]
1439#[doc = " 0 ≤ bytes_eval arg1 < m"]
1440#[doc = " Postconditions:"]
1441#[doc = " eval out1 mod m = bytes_eval arg1 mod m"]
1442#[doc = " 0 ≤ eval out1 < m"]
1443#[doc = ""]
1444#[doc = " Input Bounds:"]
1445#[doc = " arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]"]
1446#[doc = " Output Bounds:"]
1447#[doc = " out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1448#[inline]
1449pub const fn fiat_p384_from_bytes(arg1: &[u8; 48]) -> [u64; 6] {
1450 let mut out1: [u64; 6] = [0; 6];
1451 let x1: u64 = (((arg1[47]) as u64) << 56);
1452 let x2: u64 = (((arg1[46]) as u64) << 48);
1453 let x3: u64 = (((arg1[45]) as u64) << 40);
1454 let x4: u64 = (((arg1[44]) as u64) << 32);
1455 let x5: u64 = (((arg1[43]) as u64) << 24);
1456 let x6: u64 = (((arg1[42]) as u64) << 16);
1457 let x7: u64 = (((arg1[41]) as u64) << 8);
1458 let x8: u8 = (arg1[40]);
1459 let x9: u64 = (((arg1[39]) as u64) << 56);
1460 let x10: u64 = (((arg1[38]) as u64) << 48);
1461 let x11: u64 = (((arg1[37]) as u64) << 40);
1462 let x12: u64 = (((arg1[36]) as u64) << 32);
1463 let x13: u64 = (((arg1[35]) as u64) << 24);
1464 let x14: u64 = (((arg1[34]) as u64) << 16);
1465 let x15: u64 = (((arg1[33]) as u64) << 8);
1466 let x16: u8 = (arg1[32]);
1467 let x17: u64 = (((arg1[31]) as u64) << 56);
1468 let x18: u64 = (((arg1[30]) as u64) << 48);
1469 let x19: u64 = (((arg1[29]) as u64) << 40);
1470 let x20: u64 = (((arg1[28]) as u64) << 32);
1471 let x21: u64 = (((arg1[27]) as u64) << 24);
1472 let x22: u64 = (((arg1[26]) as u64) << 16);
1473 let x23: u64 = (((arg1[25]) as u64) << 8);
1474 let x24: u8 = (arg1[24]);
1475 let x25: u64 = (((arg1[23]) as u64) << 56);
1476 let x26: u64 = (((arg1[22]) as u64) << 48);
1477 let x27: u64 = (((arg1[21]) as u64) << 40);
1478 let x28: u64 = (((arg1[20]) as u64) << 32);
1479 let x29: u64 = (((arg1[19]) as u64) << 24);
1480 let x30: u64 = (((arg1[18]) as u64) << 16);
1481 let x31: u64 = (((arg1[17]) as u64) << 8);
1482 let x32: u8 = (arg1[16]);
1483 let x33: u64 = (((arg1[15]) as u64) << 56);
1484 let x34: u64 = (((arg1[14]) as u64) << 48);
1485 let x35: u64 = (((arg1[13]) as u64) << 40);
1486 let x36: u64 = (((arg1[12]) as u64) << 32);
1487 let x37: u64 = (((arg1[11]) as u64) << 24);
1488 let x38: u64 = (((arg1[10]) as u64) << 16);
1489 let x39: u64 = (((arg1[9]) as u64) << 8);
1490 let x40: u8 = (arg1[8]);
1491 let x41: u64 = (((arg1[7]) as u64) << 56);
1492 let x42: u64 = (((arg1[6]) as u64) << 48);
1493 let x43: u64 = (((arg1[5]) as u64) << 40);
1494 let x44: u64 = (((arg1[4]) as u64) << 32);
1495 let x45: u64 = (((arg1[3]) as u64) << 24);
1496 let x46: u64 = (((arg1[2]) as u64) << 16);
1497 let x47: u64 = (((arg1[1]) as u64) << 8);
1498 let x48: u8 = (arg1[0]);
1499 let x49: u64 = (x47 + (x48 as u64));
1500 let x50: u64 = (x46 + x49);
1501 let x51: u64 = (x45 + x50);
1502 let x52: u64 = (x44 + x51);
1503 let x53: u64 = (x43 + x52);
1504 let x54: u64 = (x42 + x53);
1505 let x55: u64 = (x41 + x54);
1506 let x56: u64 = (x39 + (x40 as u64));
1507 let x57: u64 = (x38 + x56);
1508 let x58: u64 = (x37 + x57);
1509 let x59: u64 = (x36 + x58);
1510 let x60: u64 = (x35 + x59);
1511 let x61: u64 = (x34 + x60);
1512 let x62: u64 = (x33 + x61);
1513 let x63: u64 = (x31 + (x32 as u64));
1514 let x64: u64 = (x30 + x63);
1515 let x65: u64 = (x29 + x64);
1516 let x66: u64 = (x28 + x65);
1517 let x67: u64 = (x27 + x66);
1518 let x68: u64 = (x26 + x67);
1519 let x69: u64 = (x25 + x68);
1520 let x70: u64 = (x23 + (x24 as u64));
1521 let x71: u64 = (x22 + x70);
1522 let x72: u64 = (x21 + x71);
1523 let x73: u64 = (x20 + x72);
1524 let x74: u64 = (x19 + x73);
1525 let x75: u64 = (x18 + x74);
1526 let x76: u64 = (x17 + x75);
1527 let x77: u64 = (x15 + (x16 as u64));
1528 let x78: u64 = (x14 + x77);
1529 let x79: u64 = (x13 + x78);
1530 let x80: u64 = (x12 + x79);
1531 let x81: u64 = (x11 + x80);
1532 let x82: u64 = (x10 + x81);
1533 let x83: u64 = (x9 + x82);
1534 let x84: u64 = (x7 + (x8 as u64));
1535 let x85: u64 = (x6 + x84);
1536 let x86: u64 = (x5 + x85);
1537 let x87: u64 = (x4 + x86);
1538 let x88: u64 = (x3 + x87);
1539 let x89: u64 = (x2 + x88);
1540 let x90: u64 = (x1 + x89);
1541 out1[0] = x55;
1542 out1[1] = x62;
1543 out1[2] = x69;
1544 out1[3] = x76;
1545 out1[4] = x83;
1546 out1[5] = x90;
1547 out1
1548}
1549#[doc = " The function fiat_p384_set_one returns the field element one in the Montgomery domain."]
1550#[doc = ""]
1551#[doc = " Postconditions:"]
1552#[doc = " eval (from_montgomery out1) mod m = 1 mod m"]
1553#[doc = " 0 ≤ eval out1 < m"]
1554#[doc = ""]
1555#[inline]
1556pub const fn fiat_p384_set_one() -> fiat_p384_montgomery_domain_field_element {
1557 let mut out1: fiat_p384_montgomery_domain_field_element = [0; 6];
1558 out1[0] = 0xffffffff00000001;
1559 out1[1] = 0xffffffff;
1560 out1[2] = (0x1 as u64);
1561 out1[3] = (0x0 as u64);
1562 out1[4] = (0x0 as u64);
1563 out1[5] = (0x0 as u64);
1564 out1
1565}
1566#[doc = " The function fiat_p384_msat returns the saturated representation of the prime modulus."]
1567#[doc = ""]
1568#[doc = " Postconditions:"]
1569#[doc = " twos_complement_eval out1 = m"]
1570#[doc = " 0 ≤ eval out1 < m"]
1571#[doc = ""]
1572#[doc = " Output Bounds:"]
1573#[doc = " out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1574#[inline]
1575pub const fn fiat_p384_msat() -> [u64; 7] {
1576 let mut out1: [u64; 7] = [0; 7];
1577 out1[0] = 0xffffffff;
1578 out1[1] = 0xffffffff00000000;
1579 out1[2] = 0xfffffffffffffffe;
1580 out1[3] = 0xffffffffffffffff;
1581 out1[4] = 0xffffffffffffffff;
1582 out1[5] = 0xffffffffffffffff;
1583 out1[6] = (0x0 as u64);
1584 out1
1585}
1586#[doc = " The function fiat_p384_divstep computes a divstep."]
1587#[doc = ""]
1588#[doc = " Preconditions:"]
1589#[doc = " 0 ≤ eval arg4 < m"]
1590#[doc = " 0 ≤ eval arg5 < m"]
1591#[doc = " Postconditions:"]
1592#[doc = " out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1)"]
1593#[doc = " twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2)"]
1594#[doc = " twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋)"]
1595#[doc = " eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m)"]
1596#[doc = " eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m)"]
1597#[doc = " 0 ≤ eval out5 < m"]
1598#[doc = " 0 ≤ eval out5 < m"]
1599#[doc = " 0 ≤ eval out2 < m"]
1600#[doc = " 0 ≤ eval out3 < m"]
1601#[doc = ""]
1602#[doc = " Input Bounds:"]
1603#[doc = " arg1: [0x0 ~> 0xffffffffffffffff]"]
1604#[doc = " arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1605#[doc = " arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1606#[doc = " arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1607#[doc = " arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1608#[doc = " Output Bounds:"]
1609#[doc = " out1: [0x0 ~> 0xffffffffffffffff]"]
1610#[doc = " out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1611#[doc = " out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1612#[doc = " out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1613#[doc = " out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1614#[inline]
1615pub const fn fiat_p384_divstep(
1616 arg1: u64,
1617 arg2: &[u64; 7],
1618 arg3: &[u64; 7],
1619 arg4: &[u64; 6],
1620 arg5: &[u64; 6],
1621) -> (u64, [u64; 7], [u64; 7], [u64; 6], [u64; 6]) {
1622 let mut out1: u64 = 0;
1623 let mut out2: [u64; 7] = [0; 7];
1624 let mut out3: [u64; 7] = [0; 7];
1625 let mut out4: [u64; 6] = [0; 6];
1626 let mut out5: [u64; 6] = [0; 6];
1627 let (x1, x2) = fiat_p384_addcarryx_u64(0x0, (!arg1), (0x1 as u64));
1628 let x3: fiat_p384_u1 =
1629 (((x1 >> 63) as fiat_p384_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p384_u1));
1630 let (x4, x5) = fiat_p384_addcarryx_u64(0x0, (!arg1), (0x1 as u64));
1631 let (x6) = fiat_p384_cmovznz_u64(x3, arg1, x4);
1632 let (x7) = fiat_p384_cmovznz_u64(x3, (arg2[0]), (arg3[0]));
1633 let (x8) = fiat_p384_cmovznz_u64(x3, (arg2[1]), (arg3[1]));
1634 let (x9) = fiat_p384_cmovznz_u64(x3, (arg2[2]), (arg3[2]));
1635 let (x10) = fiat_p384_cmovznz_u64(x3, (arg2[3]), (arg3[3]));
1636 let (x11) = fiat_p384_cmovznz_u64(x3, (arg2[4]), (arg3[4]));
1637 let (x12) = fiat_p384_cmovznz_u64(x3, (arg2[5]), (arg3[5]));
1638 let (x13) = fiat_p384_cmovznz_u64(x3, (arg2[6]), (arg3[6]));
1639 let (x14, x15) = fiat_p384_addcarryx_u64(0x0, (0x1 as u64), (!(arg2[0])));
1640 let (x16, x17) = fiat_p384_addcarryx_u64(x15, (0x0 as u64), (!(arg2[1])));
1641 let (x18, x19) = fiat_p384_addcarryx_u64(x17, (0x0 as u64), (!(arg2[2])));
1642 let (x20, x21) = fiat_p384_addcarryx_u64(x19, (0x0 as u64), (!(arg2[3])));
1643 let (x22, x23) = fiat_p384_addcarryx_u64(x21, (0x0 as u64), (!(arg2[4])));
1644 let (x24, x25) = fiat_p384_addcarryx_u64(x23, (0x0 as u64), (!(arg2[5])));
1645 let (x26, x27) = fiat_p384_addcarryx_u64(x25, (0x0 as u64), (!(arg2[6])));
1646 let (x28) = fiat_p384_cmovznz_u64(x3, (arg3[0]), x14);
1647 let (x29) = fiat_p384_cmovznz_u64(x3, (arg3[1]), x16);
1648 let (x30) = fiat_p384_cmovznz_u64(x3, (arg3[2]), x18);
1649 let (x31) = fiat_p384_cmovznz_u64(x3, (arg3[3]), x20);
1650 let (x32) = fiat_p384_cmovznz_u64(x3, (arg3[4]), x22);
1651 let (x33) = fiat_p384_cmovznz_u64(x3, (arg3[5]), x24);
1652 let (x34) = fiat_p384_cmovznz_u64(x3, (arg3[6]), x26);
1653 let (x35) = fiat_p384_cmovznz_u64(x3, (arg4[0]), (arg5[0]));
1654 let (x36) = fiat_p384_cmovznz_u64(x3, (arg4[1]), (arg5[1]));
1655 let (x37) = fiat_p384_cmovznz_u64(x3, (arg4[2]), (arg5[2]));
1656 let (x38) = fiat_p384_cmovznz_u64(x3, (arg4[3]), (arg5[3]));
1657 let (x39) = fiat_p384_cmovznz_u64(x3, (arg4[4]), (arg5[4]));
1658 let (x40) = fiat_p384_cmovznz_u64(x3, (arg4[5]), (arg5[5]));
1659 let (x41, x42) = fiat_p384_addcarryx_u64(0x0, x35, x35);
1660 let (x43, x44) = fiat_p384_addcarryx_u64(x42, x36, x36);
1661 let (x45, x46) = fiat_p384_addcarryx_u64(x44, x37, x37);
1662 let (x47, x48) = fiat_p384_addcarryx_u64(x46, x38, x38);
1663 let (x49, x50) = fiat_p384_addcarryx_u64(x48, x39, x39);
1664 let (x51, x52) = fiat_p384_addcarryx_u64(x50, x40, x40);
1665 let (x53, x54) = fiat_p384_subborrowx_u64(0x0, x41, 0xffffffff);
1666 let (x55, x56) = fiat_p384_subborrowx_u64(x54, x43, 0xffffffff00000000);
1667 let (x57, x58) = fiat_p384_subborrowx_u64(x56, x45, 0xfffffffffffffffe);
1668 let (x59, x60) = fiat_p384_subborrowx_u64(x58, x47, 0xffffffffffffffff);
1669 let (x61, x62) = fiat_p384_subborrowx_u64(x60, x49, 0xffffffffffffffff);
1670 let (x63, x64) = fiat_p384_subborrowx_u64(x62, x51, 0xffffffffffffffff);
1671 let (x65, x66) = fiat_p384_subborrowx_u64(x64, (x52 as u64), (0x0 as u64));
1672 let x67: u64 = (arg4[5]);
1673 let x68: u64 = (arg4[4]);
1674 let x69: u64 = (arg4[3]);
1675 let x70: u64 = (arg4[2]);
1676 let x71: u64 = (arg4[1]);
1677 let x72: u64 = (arg4[0]);
1678 let (x73, x74) = fiat_p384_subborrowx_u64(0x0, (0x0 as u64), x72);
1679 let (x75, x76) = fiat_p384_subborrowx_u64(x74, (0x0 as u64), x71);
1680 let (x77, x78) = fiat_p384_subborrowx_u64(x76, (0x0 as u64), x70);
1681 let (x79, x80) = fiat_p384_subborrowx_u64(x78, (0x0 as u64), x69);
1682 let (x81, x82) = fiat_p384_subborrowx_u64(x80, (0x0 as u64), x68);
1683 let (x83, x84) = fiat_p384_subborrowx_u64(x82, (0x0 as u64), x67);
1684 let (x85) = fiat_p384_cmovznz_u64(x84, (0x0 as u64), 0xffffffffffffffff);
1685 let (x86, x87) = fiat_p384_addcarryx_u64(0x0, x73, (x85 & 0xffffffff));
1686 let (x88, x89) = fiat_p384_addcarryx_u64(x87, x75, (x85 & 0xffffffff00000000));
1687 let (x90, x91) = fiat_p384_addcarryx_u64(x89, x77, (x85 & 0xfffffffffffffffe));
1688 let (x92, x93) = fiat_p384_addcarryx_u64(x91, x79, x85);
1689 let (x94, x95) = fiat_p384_addcarryx_u64(x93, x81, x85);
1690 let (x96, x97) = fiat_p384_addcarryx_u64(x95, x83, x85);
1691 let (x98) = fiat_p384_cmovznz_u64(x3, (arg5[0]), x86);
1692 let (x99) = fiat_p384_cmovznz_u64(x3, (arg5[1]), x88);
1693 let (x100) = fiat_p384_cmovznz_u64(x3, (arg5[2]), x90);
1694 let (x101) = fiat_p384_cmovznz_u64(x3, (arg5[3]), x92);
1695 let (x102) = fiat_p384_cmovznz_u64(x3, (arg5[4]), x94);
1696 let (x103) = fiat_p384_cmovznz_u64(x3, (arg5[5]), x96);
1697 let x104: fiat_p384_u1 = ((x28 & (0x1 as u64)) as fiat_p384_u1);
1698 let (x105) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x7);
1699 let (x106) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x8);
1700 let (x107) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x9);
1701 let (x108) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x10);
1702 let (x109) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x11);
1703 let (x110) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x12);
1704 let (x111) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x13);
1705 let (x112, x113) = fiat_p384_addcarryx_u64(0x0, x28, x105);
1706 let (x114, x115) = fiat_p384_addcarryx_u64(x113, x29, x106);
1707 let (x116, x117) = fiat_p384_addcarryx_u64(x115, x30, x107);
1708 let (x118, x119) = fiat_p384_addcarryx_u64(x117, x31, x108);
1709 let (x120, x121) = fiat_p384_addcarryx_u64(x119, x32, x109);
1710 let (x122, x123) = fiat_p384_addcarryx_u64(x121, x33, x110);
1711 let (x124, x125) = fiat_p384_addcarryx_u64(x123, x34, x111);
1712 let (x126) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x35);
1713 let (x127) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x36);
1714 let (x128) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x37);
1715 let (x129) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x38);
1716 let (x130) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x39);
1717 let (x131) = fiat_p384_cmovznz_u64(x104, (0x0 as u64), x40);
1718 let (x132, x133) = fiat_p384_addcarryx_u64(0x0, x98, x126);
1719 let (x134, x135) = fiat_p384_addcarryx_u64(x133, x99, x127);
1720 let (x136, x137) = fiat_p384_addcarryx_u64(x135, x100, x128);
1721 let (x138, x139) = fiat_p384_addcarryx_u64(x137, x101, x129);
1722 let (x140, x141) = fiat_p384_addcarryx_u64(x139, x102, x130);
1723 let (x142, x143) = fiat_p384_addcarryx_u64(x141, x103, x131);
1724 let (x144, x145) = fiat_p384_subborrowx_u64(0x0, x132, 0xffffffff);
1725 let (x146, x147) = fiat_p384_subborrowx_u64(x145, x134, 0xffffffff00000000);
1726 let (x148, x149) = fiat_p384_subborrowx_u64(x147, x136, 0xfffffffffffffffe);
1727 let (x150, x151) = fiat_p384_subborrowx_u64(x149, x138, 0xffffffffffffffff);
1728 let (x152, x153) = fiat_p384_subborrowx_u64(x151, x140, 0xffffffffffffffff);
1729 let (x154, x155) = fiat_p384_subborrowx_u64(x153, x142, 0xffffffffffffffff);
1730 let (x156, x157) = fiat_p384_subborrowx_u64(x155, (x143 as u64), (0x0 as u64));
1731 let (x158, x159) = fiat_p384_addcarryx_u64(0x0, x6, (0x1 as u64));
1732 let x160: u64 = ((x112 >> 1) | ((x114 << 63) & 0xffffffffffffffff));
1733 let x161: u64 = ((x114 >> 1) | ((x116 << 63) & 0xffffffffffffffff));
1734 let x162: u64 = ((x116 >> 1) | ((x118 << 63) & 0xffffffffffffffff));
1735 let x163: u64 = ((x118 >> 1) | ((x120 << 63) & 0xffffffffffffffff));
1736 let x164: u64 = ((x120 >> 1) | ((x122 << 63) & 0xffffffffffffffff));
1737 let x165: u64 = ((x122 >> 1) | ((x124 << 63) & 0xffffffffffffffff));
1738 let x166: u64 = ((x124 & 0x8000000000000000) | (x124 >> 1));
1739 let (x167) = fiat_p384_cmovznz_u64(x66, x53, x41);
1740 let (x168) = fiat_p384_cmovznz_u64(x66, x55, x43);
1741 let (x169) = fiat_p384_cmovznz_u64(x66, x57, x45);
1742 let (x170) = fiat_p384_cmovznz_u64(x66, x59, x47);
1743 let (x171) = fiat_p384_cmovznz_u64(x66, x61, x49);
1744 let (x172) = fiat_p384_cmovznz_u64(x66, x63, x51);
1745 let (x173) = fiat_p384_cmovznz_u64(x157, x144, x132);
1746 let (x174) = fiat_p384_cmovznz_u64(x157, x146, x134);
1747 let (x175) = fiat_p384_cmovznz_u64(x157, x148, x136);
1748 let (x176) = fiat_p384_cmovznz_u64(x157, x150, x138);
1749 let (x177) = fiat_p384_cmovznz_u64(x157, x152, x140);
1750 let (x178) = fiat_p384_cmovznz_u64(x157, x154, x142);
1751 out1 = x158;
1752 out2[0] = x7;
1753 out2[1] = x8;
1754 out2[2] = x9;
1755 out2[3] = x10;
1756 out2[4] = x11;
1757 out2[5] = x12;
1758 out2[6] = x13;
1759 out3[0] = x160;
1760 out3[1] = x161;
1761 out3[2] = x162;
1762 out3[3] = x163;
1763 out3[4] = x164;
1764 out3[5] = x165;
1765 out3[6] = x166;
1766 out4[0] = x167;
1767 out4[1] = x168;
1768 out4[2] = x169;
1769 out4[3] = x170;
1770 out4[4] = x171;
1771 out4[5] = x172;
1772 out5[0] = x173;
1773 out5[1] = x174;
1774 out5[2] = x175;
1775 out5[3] = x176;
1776 out5[4] = x177;
1777 out5[5] = x178;
1778 (out1, out2, out3, out4, out5)
1779}
1780#[doc = " The function fiat_p384_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form)."]
1781#[doc = ""]
1782#[doc = " Postconditions:"]
1783#[doc = " eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋)"]
1784#[doc = " 0 ≤ eval out1 < m"]
1785#[doc = ""]
1786#[doc = " Output Bounds:"]
1787#[doc = " out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]"]
1788#[inline]
1789pub const fn fiat_p384_divstep_precomp() -> [u64; 6] {
1790 let mut out1: [u64; 6] = [0; 6];
1791 out1[0] = 0xfff69400fff18fff;
1792 out1[1] = 0x2b7feffffd3ff;
1793 out1[2] = 0xfffedbfffffe97ff;
1794 out1[3] = 0x2840000002fff;
1795 out1[4] = 0x6040000050400;
1796 out1[5] = 0xfffc480000038000;
1797 out1
1798}