p224_fiat64.go

     1  // Code generated by Fiat Cryptography. DO NOT EDIT.
     2  //
     3  // Autogenerated: word_by_word_montgomery --lang Go --no-wide-int --cmovznz-by-mul --relax-primitive-carry-to-bitwidth 32,64 --internal-static --public-function-case camelCase --public-type-case camelCase --private-function-case camelCase --private-type-case camelCase --doc-text-before-function-name '' --doc-newline-before-package-declaration --doc-prepend-header 'Code generated by Fiat Cryptography. DO NOT EDIT.' --package-name fiat --no-prefix-fiat p224 64 '2^224 - 2^96 + 1' mul square add sub one from_montgomery to_montgomery selectznz to_bytes from_bytes
     4  //
     5  // curve description: p224
     6  //
     7  // machine_wordsize = 64 (from "64")
     8  //
     9  // requested operations: mul, square, add, sub, one, from_montgomery, to_montgomery, selectznz, to_bytes, from_bytes
    10  //
    11  // m = 0xffffffffffffffffffffffffffffffff000000000000000000000001 (from "2^224 - 2^96 + 1")
    12  //
    13  //
    14  //
    15  // NOTE: In addition to the bounds specified above each function, all
    16  //
    17  //   functions synthesized for this Montgomery arithmetic require the
    18  //
    19  //   input to be strictly less than the prime modulus (m), and also
    20  //
    21  //   require the input to be in the unique saturated representation.
    22  //
    23  //   All functions also ensure that these two properties are true of
    24  //
    25  //   return values.
    26  //
    27  //
    28  //
    29  // Computed values:
    30  //
    31  //   eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192)
    32  //
    33  //   bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216)
    34  //
    35  //   twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in
    36  //
    37  //                            if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256
    38  
    39  package fiat
    40  
    41  import "math/bits"
    42  
    43  type p224Uint1 uint64 // We use uint64 instead of a more narrow type for performance reasons; see https://github.com/mit-plv/fiat-crypto/pull/1006#issuecomment-892625927
    44  type p224Int1 int64   // We use uint64 instead of a more narrow type for performance reasons; see https://github.com/mit-plv/fiat-crypto/pull/1006#issuecomment-892625927
    45  
    46  // The type p224MontgomeryDomainFieldElement is a field element in the Montgomery domain.
    47  //
    48  // Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
    49  type p224MontgomeryDomainFieldElement [4]uint64
    50  
    51  // The type p224NonMontgomeryDomainFieldElement is a field element NOT in the Montgomery domain.
    52  //
    53  // Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
    54  type p224NonMontgomeryDomainFieldElement [4]uint64
    55  
    56  // p224CmovznzU64 is a single-word conditional move.
    57  //
    58  // Postconditions:
    59  //   out1 = (if arg1 = 0 then arg2 else arg3)
    60  //
    61  // Input Bounds:
    62  //   arg1: [0x0 ~> 0x1]
    63  //   arg2: [0x0 ~> 0xffffffffffffffff]
    64  //   arg3: [0x0 ~> 0xffffffffffffffff]
    65  // Output Bounds:
    66  //   out1: [0x0 ~> 0xffffffffffffffff]
    67  func p224CmovznzU64(out1 *uint64, arg1 p224Uint1, arg2 uint64, arg3 uint64) {
    68  	x1 := (uint64(arg1) * 0xffffffffffffffff)
    69  	x2 := ((x1 & arg3) | ((^x1) & arg2))
    70  	*out1 = x2
    71  }
    72  
    73  // p224Mul multiplies two field elements in the Montgomery domain.
    74  //
    75  // Preconditions:
    76  //   0 ≤ eval arg1 < m
    77  //   0 ≤ eval arg2 < m
    78  // Postconditions:
    79  //   eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
    80  //   0 ≤ eval out1 < m
    81  //
    82  func p224Mul(out1 *p224MontgomeryDomainFieldElement, arg1 *p224MontgomeryDomainFieldElement, arg2 *p224MontgomeryDomainFieldElement) {
    83  	x1 := arg1[1]
    84  	x2 := arg1[2]
    85  	x3 := arg1[3]
    86  	x4 := arg1[0]
    87  	var x5 uint64
    88  	var x6 uint64
    89  	x6, x5 = bits.Mul64(x4, arg2[3])
    90  	var x7 uint64
    91  	var x8 uint64
    92  	x8, x7 = bits.Mul64(x4, arg2[2])
    93  	var x9 uint64
    94  	var x10 uint64
    95  	x10, x9 = bits.Mul64(x4, arg2[1])
    96  	var x11 uint64
    97  	var x12 uint64
    98  	x12, x11 = bits.Mul64(x4, arg2[0])
    99  	var x13 uint64
   100  	var x14 uint64
   101  	x13, x14 = bits.Add64(x12, x9, uint64(0x0))
   102  	var x15 uint64
   103  	var x16 uint64
   104  	x15, x16 = bits.Add64(x10, x7, uint64(p224Uint1(x14)))
   105  	var x17 uint64
   106  	var x18 uint64
   107  	x17, x18 = bits.Add64(x8, x5, uint64(p224Uint1(x16)))
   108  	x19 := (uint64(p224Uint1(x18)) + x6)
   109  	var x20 uint64
   110  	_, x20 = bits.Mul64(x11, 0xffffffffffffffff)
   111  	var x22 uint64
   112  	var x23 uint64
   113  	x23, x22 = bits.Mul64(x20, 0xffffffff)
   114  	var x24 uint64
   115  	var x25 uint64
   116  	x25, x24 = bits.Mul64(x20, 0xffffffffffffffff)
   117  	var x26 uint64
   118  	var x27 uint64
   119  	x27, x26 = bits.Mul64(x20, 0xffffffff00000000)
   120  	var x28 uint64
   121  	var x29 uint64
   122  	x28, x29 = bits.Add64(x27, x24, uint64(0x0))
   123  	var x30 uint64
   124  	var x31 uint64
   125  	x30, x31 = bits.Add64(x25, x22, uint64(p224Uint1(x29)))
   126  	x32 := (uint64(p224Uint1(x31)) + x23)
   127  	var x34 uint64
   128  	_, x34 = bits.Add64(x11, x20, uint64(0x0))
   129  	var x35 uint64
   130  	var x36 uint64
   131  	x35, x36 = bits.Add64(x13, x26, uint64(p224Uint1(x34)))
   132  	var x37 uint64
   133  	var x38 uint64
   134  	x37, x38 = bits.Add64(x15, x28, uint64(p224Uint1(x36)))
   135  	var x39 uint64
   136  	var x40 uint64
   137  	x39, x40 = bits.Add64(x17, x30, uint64(p224Uint1(x38)))
   138  	var x41 uint64
   139  	var x42 uint64
   140  	x41, x42 = bits.Add64(x19, x32, uint64(p224Uint1(x40)))
   141  	var x43 uint64
   142  	var x44 uint64
   143  	x44, x43 = bits.Mul64(x1, arg2[3])
   144  	var x45 uint64
   145  	var x46 uint64
   146  	x46, x45 = bits.Mul64(x1, arg2[2])
   147  	var x47 uint64
   148  	var x48 uint64
   149  	x48, x47 = bits.Mul64(x1, arg2[1])
   150  	var x49 uint64
   151  	var x50 uint64
   152  	x50, x49 = bits.Mul64(x1, arg2[0])
   153  	var x51 uint64
   154  	var x52 uint64
   155  	x51, x52 = bits.Add64(x50, x47, uint64(0x0))
   156  	var x53 uint64
   157  	var x54 uint64
   158  	x53, x54 = bits.Add64(x48, x45, uint64(p224Uint1(x52)))
   159  	var x55 uint64
   160  	var x56 uint64
   161  	x55, x56 = bits.Add64(x46, x43, uint64(p224Uint1(x54)))
   162  	x57 := (uint64(p224Uint1(x56)) + x44)
   163  	var x58 uint64
   164  	var x59 uint64
   165  	x58, x59 = bits.Add64(x35, x49, uint64(0x0))
   166  	var x60 uint64
   167  	var x61 uint64
   168  	x60, x61 = bits.Add64(x37, x51, uint64(p224Uint1(x59)))
   169  	var x62 uint64
   170  	var x63 uint64
   171  	x62, x63 = bits.Add64(x39, x53, uint64(p224Uint1(x61)))
   172  	var x64 uint64
   173  	var x65 uint64
   174  	x64, x65 = bits.Add64(x41, x55, uint64(p224Uint1(x63)))
   175  	var x66 uint64
   176  	var x67 uint64
   177  	x66, x67 = bits.Add64(uint64(p224Uint1(x42)), x57, uint64(p224Uint1(x65)))
   178  	var x68 uint64
   179  	_, x68 = bits.Mul64(x58, 0xffffffffffffffff)
   180  	var x70 uint64
   181  	var x71 uint64
   182  	x71, x70 = bits.Mul64(x68, 0xffffffff)
   183  	var x72 uint64
   184  	var x73 uint64
   185  	x73, x72 = bits.Mul64(x68, 0xffffffffffffffff)
   186  	var x74 uint64
   187  	var x75 uint64
   188  	x75, x74 = bits.Mul64(x68, 0xffffffff00000000)
   189  	var x76 uint64
   190  	var x77 uint64
   191  	x76, x77 = bits.Add64(x75, x72, uint64(0x0))
   192  	var x78 uint64
   193  	var x79 uint64
   194  	x78, x79 = bits.Add64(x73, x70, uint64(p224Uint1(x77)))
   195  	x80 := (uint64(p224Uint1(x79)) + x71)
   196  	var x82 uint64
   197  	_, x82 = bits.Add64(x58, x68, uint64(0x0))
   198  	var x83 uint64
   199  	var x84 uint64
   200  	x83, x84 = bits.Add64(x60, x74, uint64(p224Uint1(x82)))
   201  	var x85 uint64
   202  	var x86 uint64
   203  	x85, x86 = bits.Add64(x62, x76, uint64(p224Uint1(x84)))
   204  	var x87 uint64
   205  	var x88 uint64
   206  	x87, x88 = bits.Add64(x64, x78, uint64(p224Uint1(x86)))
   207  	var x89 uint64
   208  	var x90 uint64
   209  	x89, x90 = bits.Add64(x66, x80, uint64(p224Uint1(x88)))
   210  	x91 := (uint64(p224Uint1(x90)) + uint64(p224Uint1(x67)))
   211  	var x92 uint64
   212  	var x93 uint64
   213  	x93, x92 = bits.Mul64(x2, arg2[3])
   214  	var x94 uint64
   215  	var x95 uint64
   216  	x95, x94 = bits.Mul64(x2, arg2[2])
   217  	var x96 uint64
   218  	var x97 uint64
   219  	x97, x96 = bits.Mul64(x2, arg2[1])
   220  	var x98 uint64
   221  	var x99 uint64
   222  	x99, x98 = bits.Mul64(x2, arg2[0])
   223  	var x100 uint64
   224  	var x101 uint64
   225  	x100, x101 = bits.Add64(x99, x96, uint64(0x0))
   226  	var x102 uint64
   227  	var x103 uint64
   228  	x102, x103 = bits.Add64(x97, x94, uint64(p224Uint1(x101)))
   229  	var x104 uint64
   230  	var x105 uint64
   231  	x104, x105 = bits.Add64(x95, x92, uint64(p224Uint1(x103)))
   232  	x106 := (uint64(p224Uint1(x105)) + x93)
   233  	var x107 uint64
   234  	var x108 uint64
   235  	x107, x108 = bits.Add64(x83, x98, uint64(0x0))
   236  	var x109 uint64
   237  	var x110 uint64
   238  	x109, x110 = bits.Add64(x85, x100, uint64(p224Uint1(x108)))
   239  	var x111 uint64
   240  	var x112 uint64
   241  	x111, x112 = bits.Add64(x87, x102, uint64(p224Uint1(x110)))
   242  	var x113 uint64
   243  	var x114 uint64
   244  	x113, x114 = bits.Add64(x89, x104, uint64(p224Uint1(x112)))
   245  	var x115 uint64
   246  	var x116 uint64
   247  	x115, x116 = bits.Add64(x91, x106, uint64(p224Uint1(x114)))
   248  	var x117 uint64
   249  	_, x117 = bits.Mul64(x107, 0xffffffffffffffff)
   250  	var x119 uint64
   251  	var x120 uint64
   252  	x120, x119 = bits.Mul64(x117, 0xffffffff)
   253  	var x121 uint64
   254  	var x122 uint64
   255  	x122, x121 = bits.Mul64(x117, 0xffffffffffffffff)
   256  	var x123 uint64
   257  	var x124 uint64
   258  	x124, x123 = bits.Mul64(x117, 0xffffffff00000000)
   259  	var x125 uint64
   260  	var x126 uint64
   261  	x125, x126 = bits.Add64(x124, x121, uint64(0x0))
   262  	var x127 uint64
   263  	var x128 uint64
   264  	x127, x128 = bits.Add64(x122, x119, uint64(p224Uint1(x126)))
   265  	x129 := (uint64(p224Uint1(x128)) + x120)
   266  	var x131 uint64
   267  	_, x131 = bits.Add64(x107, x117, uint64(0x0))
   268  	var x132 uint64
   269  	var x133 uint64
   270  	x132, x133 = bits.Add64(x109, x123, uint64(p224Uint1(x131)))
   271  	var x134 uint64
   272  	var x135 uint64
   273  	x134, x135 = bits.Add64(x111, x125, uint64(p224Uint1(x133)))
   274  	var x136 uint64
   275  	var x137 uint64
   276  	x136, x137 = bits.Add64(x113, x127, uint64(p224Uint1(x135)))
   277  	var x138 uint64
   278  	var x139 uint64
   279  	x138, x139 = bits.Add64(x115, x129, uint64(p224Uint1(x137)))
   280  	x140 := (uint64(p224Uint1(x139)) + uint64(p224Uint1(x116)))
   281  	var x141 uint64
   282  	var x142 uint64
   283  	x142, x141 = bits.Mul64(x3, arg2[3])
   284  	var x143 uint64
   285  	var x144 uint64
   286  	x144, x143 = bits.Mul64(x3, arg2[2])
   287  	var x145 uint64
   288  	var x146 uint64
   289  	x146, x145 = bits.Mul64(x3, arg2[1])
   290  	var x147 uint64
   291  	var x148 uint64
   292  	x148, x147 = bits.Mul64(x3, arg2[0])
   293  	var x149 uint64
   294  	var x150 uint64
   295  	x149, x150 = bits.Add64(x148, x145, uint64(0x0))
   296  	var x151 uint64
   297  	var x152 uint64
   298  	x151, x152 = bits.Add64(x146, x143, uint64(p224Uint1(x150)))
   299  	var x153 uint64
   300  	var x154 uint64
   301  	x153, x154 = bits.Add64(x144, x141, uint64(p224Uint1(x152)))
   302  	x155 := (uint64(p224Uint1(x154)) + x142)
   303  	var x156 uint64
   304  	var x157 uint64
   305  	x156, x157 = bits.Add64(x132, x147, uint64(0x0))
   306  	var x158 uint64
   307  	var x159 uint64
   308  	x158, x159 = bits.Add64(x134, x149, uint64(p224Uint1(x157)))
   309  	var x160 uint64
   310  	var x161 uint64
   311  	x160, x161 = bits.Add64(x136, x151, uint64(p224Uint1(x159)))
   312  	var x162 uint64
   313  	var x163 uint64
   314  	x162, x163 = bits.Add64(x138, x153, uint64(p224Uint1(x161)))
   315  	var x164 uint64
   316  	var x165 uint64
   317  	x164, x165 = bits.Add64(x140, x155, uint64(p224Uint1(x163)))
   318  	var x166 uint64
   319  	_, x166 = bits.Mul64(x156, 0xffffffffffffffff)
   320  	var x168 uint64
   321  	var x169 uint64
   322  	x169, x168 = bits.Mul64(x166, 0xffffffff)
   323  	var x170 uint64
   324  	var x171 uint64
   325  	x171, x170 = bits.Mul64(x166, 0xffffffffffffffff)
   326  	var x172 uint64
   327  	var x173 uint64
   328  	x173, x172 = bits.Mul64(x166, 0xffffffff00000000)
   329  	var x174 uint64
   330  	var x175 uint64
   331  	x174, x175 = bits.Add64(x173, x170, uint64(0x0))
   332  	var x176 uint64
   333  	var x177 uint64
   334  	x176, x177 = bits.Add64(x171, x168, uint64(p224Uint1(x175)))
   335  	x178 := (uint64(p224Uint1(x177)) + x169)
   336  	var x180 uint64
   337  	_, x180 = bits.Add64(x156, x166, uint64(0x0))
   338  	var x181 uint64
   339  	var x182 uint64
   340  	x181, x182 = bits.Add64(x158, x172, uint64(p224Uint1(x180)))
   341  	var x183 uint64
   342  	var x184 uint64
   343  	x183, x184 = bits.Add64(x160, x174, uint64(p224Uint1(x182)))
   344  	var x185 uint64
   345  	var x186 uint64
   346  	x185, x186 = bits.Add64(x162, x176, uint64(p224Uint1(x184)))
   347  	var x187 uint64
   348  	var x188 uint64
   349  	x187, x188 = bits.Add64(x164, x178, uint64(p224Uint1(x186)))
   350  	x189 := (uint64(p224Uint1(x188)) + uint64(p224Uint1(x165)))
   351  	var x190 uint64
   352  	var x191 uint64
   353  	x190, x191 = bits.Sub64(x181, uint64(0x1), uint64(0x0))
   354  	var x192 uint64
   355  	var x193 uint64
   356  	x192, x193 = bits.Sub64(x183, 0xffffffff00000000, uint64(p224Uint1(x191)))
   357  	var x194 uint64
   358  	var x195 uint64
   359  	x194, x195 = bits.Sub64(x185, 0xffffffffffffffff, uint64(p224Uint1(x193)))
   360  	var x196 uint64
   361  	var x197 uint64
   362  	x196, x197 = bits.Sub64(x187, 0xffffffff, uint64(p224Uint1(x195)))
   363  	var x199 uint64
   364  	_, x199 = bits.Sub64(x189, uint64(0x0), uint64(p224Uint1(x197)))
   365  	var x200 uint64
   366  	p224CmovznzU64(&x200, p224Uint1(x199), x190, x181)
   367  	var x201 uint64
   368  	p224CmovznzU64(&x201, p224Uint1(x199), x192, x183)
   369  	var x202 uint64
   370  	p224CmovznzU64(&x202, p224Uint1(x199), x194, x185)
   371  	var x203 uint64
   372  	p224CmovznzU64(&x203, p224Uint1(x199), x196, x187)
   373  	out1[0] = x200
   374  	out1[1] = x201
   375  	out1[2] = x202
   376  	out1[3] = x203
   377  }
   378  
   379  // p224Square squares a field element in the Montgomery domain.
   380  //
   381  // Preconditions:
   382  //   0 ≤ eval arg1 < m
   383  // Postconditions:
   384  //   eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
   385  //   0 ≤ eval out1 < m
   386  //
   387  func p224Square(out1 *p224MontgomeryDomainFieldElement, arg1 *p224MontgomeryDomainFieldElement) {
   388  	x1 := arg1[1]
   389  	x2 := arg1[2]
   390  	x3 := arg1[3]
   391  	x4 := arg1[0]
   392  	var x5 uint64
   393  	var x6 uint64
   394  	x6, x5 = bits.Mul64(x4, arg1[3])
   395  	var x7 uint64
   396  	var x8 uint64
   397  	x8, x7 = bits.Mul64(x4, arg1[2])
   398  	var x9 uint64
   399  	var x10 uint64
   400  	x10, x9 = bits.Mul64(x4, arg1[1])
   401  	var x11 uint64
   402  	var x12 uint64
   403  	x12, x11 = bits.Mul64(x4, arg1[0])
   404  	var x13 uint64
   405  	var x14 uint64
   406  	x13, x14 = bits.Add64(x12, x9, uint64(0x0))
   407  	var x15 uint64
   408  	var x16 uint64
   409  	x15, x16 = bits.Add64(x10, x7, uint64(p224Uint1(x14)))
   410  	var x17 uint64
   411  	var x18 uint64
   412  	x17, x18 = bits.Add64(x8, x5, uint64(p224Uint1(x16)))
   413  	x19 := (uint64(p224Uint1(x18)) + x6)
   414  	var x20 uint64
   415  	_, x20 = bits.Mul64(x11, 0xffffffffffffffff)
   416  	var x22 uint64
   417  	var x23 uint64
   418  	x23, x22 = bits.Mul64(x20, 0xffffffff)
   419  	var x24 uint64
   420  	var x25 uint64
   421  	x25, x24 = bits.Mul64(x20, 0xffffffffffffffff)
   422  	var x26 uint64
   423  	var x27 uint64
   424  	x27, x26 = bits.Mul64(x20, 0xffffffff00000000)
   425  	var x28 uint64
   426  	var x29 uint64
   427  	x28, x29 = bits.Add64(x27, x24, uint64(0x0))
   428  	var x30 uint64
   429  	var x31 uint64
   430  	x30, x31 = bits.Add64(x25, x22, uint64(p224Uint1(x29)))
   431  	x32 := (uint64(p224Uint1(x31)) + x23)
   432  	var x34 uint64
   433  	_, x34 = bits.Add64(x11, x20, uint64(0x0))
   434  	var x35 uint64
   435  	var x36 uint64
   436  	x35, x36 = bits.Add64(x13, x26, uint64(p224Uint1(x34)))
   437  	var x37 uint64
   438  	var x38 uint64
   439  	x37, x38 = bits.Add64(x15, x28, uint64(p224Uint1(x36)))
   440  	var x39 uint64
   441  	var x40 uint64
   442  	x39, x40 = bits.Add64(x17, x30, uint64(p224Uint1(x38)))
   443  	var x41 uint64
   444  	var x42 uint64
   445  	x41, x42 = bits.Add64(x19, x32, uint64(p224Uint1(x40)))
   446  	var x43 uint64
   447  	var x44 uint64
   448  	x44, x43 = bits.Mul64(x1, arg1[3])
   449  	var x45 uint64
   450  	var x46 uint64
   451  	x46, x45 = bits.Mul64(x1, arg1[2])
   452  	var x47 uint64
   453  	var x48 uint64
   454  	x48, x47 = bits.Mul64(x1, arg1[1])
   455  	var x49 uint64
   456  	var x50 uint64
   457  	x50, x49 = bits.Mul64(x1, arg1[0])
   458  	var x51 uint64
   459  	var x52 uint64
   460  	x51, x52 = bits.Add64(x50, x47, uint64(0x0))
   461  	var x53 uint64
   462  	var x54 uint64
   463  	x53, x54 = bits.Add64(x48, x45, uint64(p224Uint1(x52)))
   464  	var x55 uint64
   465  	var x56 uint64
   466  	x55, x56 = bits.Add64(x46, x43, uint64(p224Uint1(x54)))
   467  	x57 := (uint64(p224Uint1(x56)) + x44)
   468  	var x58 uint64
   469  	var x59 uint64
   470  	x58, x59 = bits.Add64(x35, x49, uint64(0x0))
   471  	var x60 uint64
   472  	var x61 uint64
   473  	x60, x61 = bits.Add64(x37, x51, uint64(p224Uint1(x59)))
   474  	var x62 uint64
   475  	var x63 uint64
   476  	x62, x63 = bits.Add64(x39, x53, uint64(p224Uint1(x61)))
   477  	var x64 uint64
   478  	var x65 uint64
   479  	x64, x65 = bits.Add64(x41, x55, uint64(p224Uint1(x63)))
   480  	var x66 uint64
   481  	var x67 uint64
   482  	x66, x67 = bits.Add64(uint64(p224Uint1(x42)), x57, uint64(p224Uint1(x65)))
   483  	var x68 uint64
   484  	_, x68 = bits.Mul64(x58, 0xffffffffffffffff)
   485  	var x70 uint64
   486  	var x71 uint64
   487  	x71, x70 = bits.Mul64(x68, 0xffffffff)
   488  	var x72 uint64
   489  	var x73 uint64
   490  	x73, x72 = bits.Mul64(x68, 0xffffffffffffffff)
   491  	var x74 uint64
   492  	var x75 uint64
   493  	x75, x74 = bits.Mul64(x68, 0xffffffff00000000)
   494  	var x76 uint64
   495  	var x77 uint64
   496  	x76, x77 = bits.Add64(x75, x72, uint64(0x0))
   497  	var x78 uint64
   498  	var x79 uint64
   499  	x78, x79 = bits.Add64(x73, x70, uint64(p224Uint1(x77)))
   500  	x80 := (uint64(p224Uint1(x79)) + x71)
   501  	var x82 uint64
   502  	_, x82 = bits.Add64(x58, x68, uint64(0x0))
   503  	var x83 uint64
   504  	var x84 uint64
   505  	x83, x84 = bits.Add64(x60, x74, uint64(p224Uint1(x82)))
   506  	var x85 uint64
   507  	var x86 uint64
   508  	x85, x86 = bits.Add64(x62, x76, uint64(p224Uint1(x84)))
   509  	var x87 uint64
   510  	var x88 uint64
   511  	x87, x88 = bits.Add64(x64, x78, uint64(p224Uint1(x86)))
   512  	var x89 uint64
   513  	var x90 uint64
   514  	x89, x90 = bits.Add64(x66, x80, uint64(p224Uint1(x88)))
   515  	x91 := (uint64(p224Uint1(x90)) + uint64(p224Uint1(x67)))
   516  	var x92 uint64
   517  	var x93 uint64
   518  	x93, x92 = bits.Mul64(x2, arg1[3])
   519  	var x94 uint64
   520  	var x95 uint64
   521  	x95, x94 = bits.Mul64(x2, arg1[2])
   522  	var x96 uint64
   523  	var x97 uint64
   524  	x97, x96 = bits.Mul64(x2, arg1[1])
   525  	var x98 uint64
   526  	var x99 uint64
   527  	x99, x98 = bits.Mul64(x2, arg1[0])
   528  	var x100 uint64
   529  	var x101 uint64
   530  	x100, x101 = bits.Add64(x99, x96, uint64(0x0))
   531  	var x102 uint64
   532  	var x103 uint64
   533  	x102, x103 = bits.Add64(x97, x94, uint64(p224Uint1(x101)))
   534  	var x104 uint64
   535  	var x105 uint64
   536  	x104, x105 = bits.Add64(x95, x92, uint64(p224Uint1(x103)))
   537  	x106 := (uint64(p224Uint1(x105)) + x93)
   538  	var x107 uint64
   539  	var x108 uint64
   540  	x107, x108 = bits.Add64(x83, x98, uint64(0x0))
   541  	var x109 uint64
   542  	var x110 uint64
   543  	x109, x110 = bits.Add64(x85, x100, uint64(p224Uint1(x108)))
   544  	var x111 uint64
   545  	var x112 uint64
   546  	x111, x112 = bits.Add64(x87, x102, uint64(p224Uint1(x110)))
   547  	var x113 uint64
   548  	var x114 uint64
   549  	x113, x114 = bits.Add64(x89, x104, uint64(p224Uint1(x112)))
   550  	var x115 uint64
   551  	var x116 uint64
   552  	x115, x116 = bits.Add64(x91, x106, uint64(p224Uint1(x114)))
   553  	var x117 uint64
   554  	_, x117 = bits.Mul64(x107, 0xffffffffffffffff)
   555  	var x119 uint64
   556  	var x120 uint64
   557  	x120, x119 = bits.Mul64(x117, 0xffffffff)
   558  	var x121 uint64
   559  	var x122 uint64
   560  	x122, x121 = bits.Mul64(x117, 0xffffffffffffffff)
   561  	var x123 uint64
   562  	var x124 uint64
   563  	x124, x123 = bits.Mul64(x117, 0xffffffff00000000)
   564  	var x125 uint64
   565  	var x126 uint64
   566  	x125, x126 = bits.Add64(x124, x121, uint64(0x0))
   567  	var x127 uint64
   568  	var x128 uint64
   569  	x127, x128 = bits.Add64(x122, x119, uint64(p224Uint1(x126)))
   570  	x129 := (uint64(p224Uint1(x128)) + x120)
   571  	var x131 uint64
   572  	_, x131 = bits.Add64(x107, x117, uint64(0x0))
   573  	var x132 uint64
   574  	var x133 uint64
   575  	x132, x133 = bits.Add64(x109, x123, uint64(p224Uint1(x131)))
   576  	var x134 uint64
   577  	var x135 uint64
   578  	x134, x135 = bits.Add64(x111, x125, uint64(p224Uint1(x133)))
   579  	var x136 uint64
   580  	var x137 uint64
   581  	x136, x137 = bits.Add64(x113, x127, uint64(p224Uint1(x135)))
   582  	var x138 uint64
   583  	var x139 uint64
   584  	x138, x139 = bits.Add64(x115, x129, uint64(p224Uint1(x137)))
   585  	x140 := (uint64(p224Uint1(x139)) + uint64(p224Uint1(x116)))
   586  	var x141 uint64
   587  	var x142 uint64
   588  	x142, x141 = bits.Mul64(x3, arg1[3])
   589  	var x143 uint64
   590  	var x144 uint64
   591  	x144, x143 = bits.Mul64(x3, arg1[2])
   592  	var x145 uint64
   593  	var x146 uint64
   594  	x146, x145 = bits.Mul64(x3, arg1[1])
   595  	var x147 uint64
   596  	var x148 uint64
   597  	x148, x147 = bits.Mul64(x3, arg1[0])
   598  	var x149 uint64
   599  	var x150 uint64
   600  	x149, x150 = bits.Add64(x148, x145, uint64(0x0))
   601  	var x151 uint64
   602  	var x152 uint64
   603  	x151, x152 = bits.Add64(x146, x143, uint64(p224Uint1(x150)))
   604  	var x153 uint64
   605  	var x154 uint64
   606  	x153, x154 = bits.Add64(x144, x141, uint64(p224Uint1(x152)))
   607  	x155 := (uint64(p224Uint1(x154)) + x142)
   608  	var x156 uint64
   609  	var x157 uint64
   610  	x156, x157 = bits.Add64(x132, x147, uint64(0x0))
   611  	var x158 uint64
   612  	var x159 uint64
   613  	x158, x159 = bits.Add64(x134, x149, uint64(p224Uint1(x157)))
   614  	var x160 uint64
   615  	var x161 uint64
   616  	x160, x161 = bits.Add64(x136, x151, uint64(p224Uint1(x159)))
   617  	var x162 uint64
   618  	var x163 uint64
   619  	x162, x163 = bits.Add64(x138, x153, uint64(p224Uint1(x161)))
   620  	var x164 uint64
   621  	var x165 uint64
   622  	x164, x165 = bits.Add64(x140, x155, uint64(p224Uint1(x163)))
   623  	var x166 uint64
   624  	_, x166 = bits.Mul64(x156, 0xffffffffffffffff)
   625  	var x168 uint64
   626  	var x169 uint64
   627  	x169, x168 = bits.Mul64(x166, 0xffffffff)
   628  	var x170 uint64
   629  	var x171 uint64
   630  	x171, x170 = bits.Mul64(x166, 0xffffffffffffffff)
   631  	var x172 uint64
   632  	var x173 uint64
   633  	x173, x172 = bits.Mul64(x166, 0xffffffff00000000)
   634  	var x174 uint64
   635  	var x175 uint64
   636  	x174, x175 = bits.Add64(x173, x170, uint64(0x0))
   637  	var x176 uint64
   638  	var x177 uint64
   639  	x176, x177 = bits.Add64(x171, x168, uint64(p224Uint1(x175)))
   640  	x178 := (uint64(p224Uint1(x177)) + x169)
   641  	var x180 uint64
   642  	_, x180 = bits.Add64(x156, x166, uint64(0x0))
   643  	var x181 uint64
   644  	var x182 uint64
   645  	x181, x182 = bits.Add64(x158, x172, uint64(p224Uint1(x180)))
   646  	var x183 uint64
   647  	var x184 uint64
   648  	x183, x184 = bits.Add64(x160, x174, uint64(p224Uint1(x182)))
   649  	var x185 uint64
   650  	var x186 uint64
   651  	x185, x186 = bits.Add64(x162, x176, uint64(p224Uint1(x184)))
   652  	var x187 uint64
   653  	var x188 uint64
   654  	x187, x188 = bits.Add64(x164, x178, uint64(p224Uint1(x186)))
   655  	x189 := (uint64(p224Uint1(x188)) + uint64(p224Uint1(x165)))
   656  	var x190 uint64
   657  	var x191 uint64
   658  	x190, x191 = bits.Sub64(x181, uint64(0x1), uint64(0x0))
   659  	var x192 uint64
   660  	var x193 uint64
   661  	x192, x193 = bits.Sub64(x183, 0xffffffff00000000, uint64(p224Uint1(x191)))
   662  	var x194 uint64
   663  	var x195 uint64
   664  	x194, x195 = bits.Sub64(x185, 0xffffffffffffffff, uint64(p224Uint1(x193)))
   665  	var x196 uint64
   666  	var x197 uint64
   667  	x196, x197 = bits.Sub64(x187, 0xffffffff, uint64(p224Uint1(x195)))
   668  	var x199 uint64
   669  	_, x199 = bits.Sub64(x189, uint64(0x0), uint64(p224Uint1(x197)))
   670  	var x200 uint64
   671  	p224CmovznzU64(&x200, p224Uint1(x199), x190, x181)
   672  	var x201 uint64
   673  	p224CmovznzU64(&x201, p224Uint1(x199), x192, x183)
   674  	var x202 uint64
   675  	p224CmovznzU64(&x202, p224Uint1(x199), x194, x185)
   676  	var x203 uint64
   677  	p224CmovznzU64(&x203, p224Uint1(x199), x196, x187)
   678  	out1[0] = x200
   679  	out1[1] = x201
   680  	out1[2] = x202
   681  	out1[3] = x203
   682  }
   683  
   684  // p224Add adds two field elements in the Montgomery domain.
   685  //
   686  // Preconditions:
   687  //   0 ≤ eval arg1 < m
   688  //   0 ≤ eval arg2 < m
   689  // Postconditions:
   690  //   eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
   691  //   0 ≤ eval out1 < m
   692  //
   693  func p224Add(out1 *p224MontgomeryDomainFieldElement, arg1 *p224MontgomeryDomainFieldElement, arg2 *p224MontgomeryDomainFieldElement) {
   694  	var x1 uint64
   695  	var x2 uint64
   696  	x1, x2 = bits.Add64(arg1[0], arg2[0], uint64(0x0))
   697  	var x3 uint64
   698  	var x4 uint64
   699  	x3, x4 = bits.Add64(arg1[1], arg2[1], uint64(p224Uint1(x2)))
   700  	var x5 uint64
   701  	var x6 uint64
   702  	x5, x6 = bits.Add64(arg1[2], arg2[2], uint64(p224Uint1(x4)))
   703  	var x7 uint64
   704  	var x8 uint64
   705  	x7, x8 = bits.Add64(arg1[3], arg2[3], uint64(p224Uint1(x6)))
   706  	var x9 uint64
   707  	var x10 uint64
   708  	x9, x10 = bits.Sub64(x1, uint64(0x1), uint64(0x0))
   709  	var x11 uint64
   710  	var x12 uint64
   711  	x11, x12 = bits.Sub64(x3, 0xffffffff00000000, uint64(p224Uint1(x10)))
   712  	var x13 uint64
   713  	var x14 uint64
   714  	x13, x14 = bits.Sub64(x5, 0xffffffffffffffff, uint64(p224Uint1(x12)))
   715  	var x15 uint64
   716  	var x16 uint64
   717  	x15, x16 = bits.Sub64(x7, 0xffffffff, uint64(p224Uint1(x14)))
   718  	var x18 uint64
   719  	_, x18 = bits.Sub64(uint64(p224Uint1(x8)), uint64(0x0), uint64(p224Uint1(x16)))
   720  	var x19 uint64
   721  	p224CmovznzU64(&x19, p224Uint1(x18), x9, x1)
   722  	var x20 uint64
   723  	p224CmovznzU64(&x20, p224Uint1(x18), x11, x3)
   724  	var x21 uint64
   725  	p224CmovznzU64(&x21, p224Uint1(x18), x13, x5)
   726  	var x22 uint64
   727  	p224CmovznzU64(&x22, p224Uint1(x18), x15, x7)
   728  	out1[0] = x19
   729  	out1[1] = x20
   730  	out1[2] = x21
   731  	out1[3] = x22
   732  }
   733  
   734  // p224Sub subtracts two field elements in the Montgomery domain.
   735  //
   736  // Preconditions:
   737  //   0 ≤ eval arg1 < m
   738  //   0 ≤ eval arg2 < m
   739  // Postconditions:
   740  //   eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
   741  //   0 ≤ eval out1 < m
   742  //
   743  func p224Sub(out1 *p224MontgomeryDomainFieldElement, arg1 *p224MontgomeryDomainFieldElement, arg2 *p224MontgomeryDomainFieldElement) {
   744  	var x1 uint64
   745  	var x2 uint64
   746  	x1, x2 = bits.Sub64(arg1[0], arg2[0], uint64(0x0))
   747  	var x3 uint64
   748  	var x4 uint64
   749  	x3, x4 = bits.Sub64(arg1[1], arg2[1], uint64(p224Uint1(x2)))
   750  	var x5 uint64
   751  	var x6 uint64
   752  	x5, x6 = bits.Sub64(arg1[2], arg2[2], uint64(p224Uint1(x4)))
   753  	var x7 uint64
   754  	var x8 uint64
   755  	x7, x8 = bits.Sub64(arg1[3], arg2[3], uint64(p224Uint1(x6)))
   756  	var x9 uint64
   757  	p224CmovznzU64(&x9, p224Uint1(x8), uint64(0x0), 0xffffffffffffffff)
   758  	var x10 uint64
   759  	var x11 uint64
   760  	x10, x11 = bits.Add64(x1, uint64((p224Uint1(x9) & 0x1)), uint64(0x0))
   761  	var x12 uint64
   762  	var x13 uint64
   763  	x12, x13 = bits.Add64(x3, (x9 & 0xffffffff00000000), uint64(p224Uint1(x11)))
   764  	var x14 uint64
   765  	var x15 uint64
   766  	x14, x15 = bits.Add64(x5, x9, uint64(p224Uint1(x13)))
   767  	var x16 uint64
   768  	x16, _ = bits.Add64(x7, (x9 & 0xffffffff), uint64(p224Uint1(x15)))
   769  	out1[0] = x10
   770  	out1[1] = x12
   771  	out1[2] = x14
   772  	out1[3] = x16
   773  }
   774  
   775  // p224SetOne returns the field element one in the Montgomery domain.
   776  //
   777  // Postconditions:
   778  //   eval (from_montgomery out1) mod m = 1 mod m
   779  //   0 ≤ eval out1 < m
   780  //
   781  func p224SetOne(out1 *p224MontgomeryDomainFieldElement) {
   782  	out1[0] = 0xffffffff00000000
   783  	out1[1] = 0xffffffffffffffff
   784  	out1[2] = uint64(0x0)
   785  	out1[3] = uint64(0x0)
   786  }
   787  
   788  // p224FromMontgomery translates a field element out of the Montgomery domain.
   789  //
   790  // Preconditions:
   791  //   0 ≤ eval arg1 < m
   792  // Postconditions:
   793  //   eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m
   794  //   0 ≤ eval out1 < m
   795  //
   796  func p224FromMontgomery(out1 *p224NonMontgomeryDomainFieldElement, arg1 *p224MontgomeryDomainFieldElement) {
   797  	x1 := arg1[0]
   798  	var x2 uint64
   799  	_, x2 = bits.Mul64(x1, 0xffffffffffffffff)
   800  	var x4 uint64
   801  	var x5 uint64
   802  	x5, x4 = bits.Mul64(x2, 0xffffffff)
   803  	var x6 uint64
   804  	var x7 uint64
   805  	x7, x6 = bits.Mul64(x2, 0xffffffffffffffff)
   806  	var x8 uint64
   807  	var x9 uint64
   808  	x9, x8 = bits.Mul64(x2, 0xffffffff00000000)
   809  	var x10 uint64
   810  	var x11 uint64
   811  	x10, x11 = bits.Add64(x9, x6, uint64(0x0))
   812  	var x12 uint64
   813  	var x13 uint64
   814  	x12, x13 = bits.Add64(x7, x4, uint64(p224Uint1(x11)))
   815  	var x15 uint64
   816  	_, x15 = bits.Add64(x1, x2, uint64(0x0))
   817  	var x16 uint64
   818  	var x17 uint64
   819  	x16, x17 = bits.Add64(uint64(0x0), x8, uint64(p224Uint1(x15)))
   820  	var x18 uint64
   821  	var x19 uint64
   822  	x18, x19 = bits.Add64(uint64(0x0), x10, uint64(p224Uint1(x17)))
   823  	var x20 uint64
   824  	var x21 uint64
   825  	x20, x21 = bits.Add64(uint64(0x0), x12, uint64(p224Uint1(x19)))
   826  	var x22 uint64
   827  	var x23 uint64
   828  	x22, x23 = bits.Add64(x16, arg1[1], uint64(0x0))
   829  	var x24 uint64
   830  	var x25 uint64
   831  	x24, x25 = bits.Add64(x18, uint64(0x0), uint64(p224Uint1(x23)))
   832  	var x26 uint64
   833  	var x27 uint64
   834  	x26, x27 = bits.Add64(x20, uint64(0x0), uint64(p224Uint1(x25)))
   835  	var x28 uint64
   836  	_, x28 = bits.Mul64(x22, 0xffffffffffffffff)
   837  	var x30 uint64
   838  	var x31 uint64
   839  	x31, x30 = bits.Mul64(x28, 0xffffffff)
   840  	var x32 uint64
   841  	var x33 uint64
   842  	x33, x32 = bits.Mul64(x28, 0xffffffffffffffff)
   843  	var x34 uint64
   844  	var x35 uint64
   845  	x35, x34 = bits.Mul64(x28, 0xffffffff00000000)
   846  	var x36 uint64
   847  	var x37 uint64
   848  	x36, x37 = bits.Add64(x35, x32, uint64(0x0))
   849  	var x38 uint64
   850  	var x39 uint64
   851  	x38, x39 = bits.Add64(x33, x30, uint64(p224Uint1(x37)))
   852  	var x41 uint64
   853  	_, x41 = bits.Add64(x22, x28, uint64(0x0))
   854  	var x42 uint64
   855  	var x43 uint64
   856  	x42, x43 = bits.Add64(x24, x34, uint64(p224Uint1(x41)))
   857  	var x44 uint64
   858  	var x45 uint64
   859  	x44, x45 = bits.Add64(x26, x36, uint64(p224Uint1(x43)))
   860  	var x46 uint64
   861  	var x47 uint64
   862  	x46, x47 = bits.Add64((uint64(p224Uint1(x27)) + (uint64(p224Uint1(x21)) + (uint64(p224Uint1(x13)) + x5))), x38, uint64(p224Uint1(x45)))
   863  	var x48 uint64
   864  	var x49 uint64
   865  	x48, x49 = bits.Add64(x42, arg1[2], uint64(0x0))
   866  	var x50 uint64
   867  	var x51 uint64
   868  	x50, x51 = bits.Add64(x44, uint64(0x0), uint64(p224Uint1(x49)))
   869  	var x52 uint64
   870  	var x53 uint64
   871  	x52, x53 = bits.Add64(x46, uint64(0x0), uint64(p224Uint1(x51)))
   872  	var x54 uint64
   873  	_, x54 = bits.Mul64(x48, 0xffffffffffffffff)
   874  	var x56 uint64
   875  	var x57 uint64
   876  	x57, x56 = bits.Mul64(x54, 0xffffffff)
   877  	var x58 uint64
   878  	var x59 uint64
   879  	x59, x58 = bits.Mul64(x54, 0xffffffffffffffff)
   880  	var x60 uint64
   881  	var x61 uint64
   882  	x61, x60 = bits.Mul64(x54, 0xffffffff00000000)
   883  	var x62 uint64
   884  	var x63 uint64
   885  	x62, x63 = bits.Add64(x61, x58, uint64(0x0))
   886  	var x64 uint64
   887  	var x65 uint64
   888  	x64, x65 = bits.Add64(x59, x56, uint64(p224Uint1(x63)))
   889  	var x67 uint64
   890  	_, x67 = bits.Add64(x48, x54, uint64(0x0))
   891  	var x68 uint64
   892  	var x69 uint64
   893  	x68, x69 = bits.Add64(x50, x60, uint64(p224Uint1(x67)))
   894  	var x70 uint64
   895  	var x71 uint64
   896  	x70, x71 = bits.Add64(x52, x62, uint64(p224Uint1(x69)))
   897  	var x72 uint64
   898  	var x73 uint64
   899  	x72, x73 = bits.Add64((uint64(p224Uint1(x53)) + (uint64(p224Uint1(x47)) + (uint64(p224Uint1(x39)) + x31))), x64, uint64(p224Uint1(x71)))
   900  	var x74 uint64
   901  	var x75 uint64
   902  	x74, x75 = bits.Add64(x68, arg1[3], uint64(0x0))
   903  	var x76 uint64
   904  	var x77 uint64
   905  	x76, x77 = bits.Add64(x70, uint64(0x0), uint64(p224Uint1(x75)))
   906  	var x78 uint64
   907  	var x79 uint64
   908  	x78, x79 = bits.Add64(x72, uint64(0x0), uint64(p224Uint1(x77)))
   909  	var x80 uint64
   910  	_, x80 = bits.Mul64(x74, 0xffffffffffffffff)
   911  	var x82 uint64
   912  	var x83 uint64
   913  	x83, x82 = bits.Mul64(x80, 0xffffffff)
   914  	var x84 uint64
   915  	var x85 uint64
   916  	x85, x84 = bits.Mul64(x80, 0xffffffffffffffff)
   917  	var x86 uint64
   918  	var x87 uint64
   919  	x87, x86 = bits.Mul64(x80, 0xffffffff00000000)
   920  	var x88 uint64
   921  	var x89 uint64
   922  	x88, x89 = bits.Add64(x87, x84, uint64(0x0))
   923  	var x90 uint64
   924  	var x91 uint64
   925  	x90, x91 = bits.Add64(x85, x82, uint64(p224Uint1(x89)))
   926  	var x93 uint64
   927  	_, x93 = bits.Add64(x74, x80, uint64(0x0))
   928  	var x94 uint64
   929  	var x95 uint64
   930  	x94, x95 = bits.Add64(x76, x86, uint64(p224Uint1(x93)))
   931  	var x96 uint64
   932  	var x97 uint64
   933  	x96, x97 = bits.Add64(x78, x88, uint64(p224Uint1(x95)))
   934  	var x98 uint64
   935  	var x99 uint64
   936  	x98, x99 = bits.Add64((uint64(p224Uint1(x79)) + (uint64(p224Uint1(x73)) + (uint64(p224Uint1(x65)) + x57))), x90, uint64(p224Uint1(x97)))
   937  	x100 := (uint64(p224Uint1(x99)) + (uint64(p224Uint1(x91)) + x83))
   938  	var x101 uint64
   939  	var x102 uint64
   940  	x101, x102 = bits.Sub64(x94, uint64(0x1), uint64(0x0))
   941  	var x103 uint64
   942  	var x104 uint64
   943  	x103, x104 = bits.Sub64(x96, 0xffffffff00000000, uint64(p224Uint1(x102)))
   944  	var x105 uint64
   945  	var x106 uint64
   946  	x105, x106 = bits.Sub64(x98, 0xffffffffffffffff, uint64(p224Uint1(x104)))
   947  	var x107 uint64
   948  	var x108 uint64
   949  	x107, x108 = bits.Sub64(x100, 0xffffffff, uint64(p224Uint1(x106)))
   950  	var x110 uint64
   951  	_, x110 = bits.Sub64(uint64(0x0), uint64(0x0), uint64(p224Uint1(x108)))
   952  	var x111 uint64
   953  	p224CmovznzU64(&x111, p224Uint1(x110), x101, x94)
   954  	var x112 uint64
   955  	p224CmovznzU64(&x112, p224Uint1(x110), x103, x96)
   956  	var x113 uint64
   957  	p224CmovznzU64(&x113, p224Uint1(x110), x105, x98)
   958  	var x114 uint64
   959  	p224CmovznzU64(&x114, p224Uint1(x110), x107, x100)
   960  	out1[0] = x111
   961  	out1[1] = x112
   962  	out1[2] = x113
   963  	out1[3] = x114
   964  }
   965  
   966  // p224ToMontgomery translates a field element into the Montgomery domain.
   967  //
   968  // Preconditions:
   969  //   0 ≤ eval arg1 < m
   970  // Postconditions:
   971  //   eval (from_montgomery out1) mod m = eval arg1 mod m
   972  //   0 ≤ eval out1 < m
   973  //
   974  func p224ToMontgomery(out1 *p224MontgomeryDomainFieldElement, arg1 *p224NonMontgomeryDomainFieldElement) {
   975  	x1 := arg1[1]
   976  	x2 := arg1[2]
   977  	x3 := arg1[3]
   978  	x4 := arg1[0]
   979  	var x5 uint64
   980  	var x6 uint64
   981  	x6, x5 = bits.Mul64(x4, 0xffffffff)
   982  	var x7 uint64
   983  	var x8 uint64
   984  	x8, x7 = bits.Mul64(x4, 0xfffffffe00000000)
   985  	var x9 uint64
   986  	var x10 uint64
   987  	x10, x9 = bits.Mul64(x4, 0xffffffff00000000)
   988  	var x11 uint64
   989  	var x12 uint64
   990  	x12, x11 = bits.Mul64(x4, 0xffffffff00000001)
   991  	var x13 uint64
   992  	var x14 uint64
   993  	x13, x14 = bits.Add64(x12, x9, uint64(0x0))
   994  	var x15 uint64
   995  	var x16 uint64
   996  	x15, x16 = bits.Add64(x10, x7, uint64(p224Uint1(x14)))
   997  	var x17 uint64
   998  	var x18 uint64
   999  	x17, x18 = bits.Add64(x8, x5, uint64(p224Uint1(x16)))
  1000  	var x19 uint64
  1001  	_, x19 = bits.Mul64(x11, 0xffffffffffffffff)
  1002  	var x21 uint64
  1003  	var x22 uint64
  1004  	x22, x21 = bits.Mul64(x19, 0xffffffff)
  1005  	var x23 uint64
  1006  	var x24 uint64
  1007  	x24, x23 = bits.Mul64(x19, 0xffffffffffffffff)
  1008  	var x25 uint64
  1009  	var x26 uint64
  1010  	x26, x25 = bits.Mul64(x19, 0xffffffff00000000)
  1011  	var x27 uint64
  1012  	var x28 uint64
  1013  	x27, x28 = bits.Add64(x26, x23, uint64(0x0))
  1014  	var x29 uint64
  1015  	var x30 uint64
  1016  	x29, x30 = bits.Add64(x24, x21, uint64(p224Uint1(x28)))
  1017  	var x32 uint64
  1018  	_, x32 = bits.Add64(x11, x19, uint64(0x0))
  1019  	var x33 uint64
  1020  	var x34 uint64
  1021  	x33, x34 = bits.Add64(x13, x25, uint64(p224Uint1(x32)))
  1022  	var x35 uint64
  1023  	var x36 uint64
  1024  	x35, x36 = bits.Add64(x15, x27, uint64(p224Uint1(x34)))
  1025  	var x37 uint64
  1026  	var x38 uint64
  1027  	x37, x38 = bits.Add64(x17, x29, uint64(p224Uint1(x36)))
  1028  	var x39 uint64
  1029  	var x40 uint64
  1030  	x40, x39 = bits.Mul64(x1, 0xffffffff)
  1031  	var x41 uint64
  1032  	var x42 uint64
  1033  	x42, x41 = bits.Mul64(x1, 0xfffffffe00000000)
  1034  	var x43 uint64
  1035  	var x44 uint64
  1036  	x44, x43 = bits.Mul64(x1, 0xffffffff00000000)
  1037  	var x45 uint64
  1038  	var x46 uint64
  1039  	x46, x45 = bits.Mul64(x1, 0xffffffff00000001)
  1040  	var x47 uint64
  1041  	var x48 uint64
  1042  	x47, x48 = bits.Add64(x46, x43, uint64(0x0))
  1043  	var x49 uint64
  1044  	var x50 uint64
  1045  	x49, x50 = bits.Add64(x44, x41, uint64(p224Uint1(x48)))
  1046  	var x51 uint64
  1047  	var x52 uint64
  1048  	x51, x52 = bits.Add64(x42, x39, uint64(p224Uint1(x50)))
  1049  	var x53 uint64
  1050  	var x54 uint64
  1051  	x53, x54 = bits.Add64(x33, x45, uint64(0x0))
  1052  	var x55 uint64
  1053  	var x56 uint64
  1054  	x55, x56 = bits.Add64(x35, x47, uint64(p224Uint1(x54)))
  1055  	var x57 uint64
  1056  	var x58 uint64
  1057  	x57, x58 = bits.Add64(x37, x49, uint64(p224Uint1(x56)))
  1058  	var x59 uint64
  1059  	var x60 uint64
  1060  	x59, x60 = bits.Add64(((uint64(p224Uint1(x38)) + (uint64(p224Uint1(x18)) + x6)) + (uint64(p224Uint1(x30)) + x22)), x51, uint64(p224Uint1(x58)))
  1061  	var x61 uint64
  1062  	_, x61 = bits.Mul64(x53, 0xffffffffffffffff)
  1063  	var x63 uint64
  1064  	var x64 uint64
  1065  	x64, x63 = bits.Mul64(x61, 0xffffffff)
  1066  	var x65 uint64
  1067  	var x66 uint64
  1068  	x66, x65 = bits.Mul64(x61, 0xffffffffffffffff)
  1069  	var x67 uint64
  1070  	var x68 uint64
  1071  	x68, x67 = bits.Mul64(x61, 0xffffffff00000000)
  1072  	var x69 uint64
  1073  	var x70 uint64
  1074  	x69, x70 = bits.Add64(x68, x65, uint64(0x0))
  1075  	var x71 uint64
  1076  	var x72 uint64
  1077  	x71, x72 = bits.Add64(x66, x63, uint64(p224Uint1(x70)))
  1078  	var x74 uint64
  1079  	_, x74 = bits.Add64(x53, x61, uint64(0x0))
  1080  	var x75 uint64
  1081  	var x76 uint64
  1082  	x75, x76 = bits.Add64(x55, x67, uint64(p224Uint1(x74)))
  1083  	var x77 uint64
  1084  	var x78 uint64
  1085  	x77, x78 = bits.Add64(x57, x69, uint64(p224Uint1(x76)))
  1086  	var x79 uint64
  1087  	var x80 uint64
  1088  	x79, x80 = bits.Add64(x59, x71, uint64(p224Uint1(x78)))
  1089  	var x81 uint64
  1090  	var x82 uint64
  1091  	x82, x81 = bits.Mul64(x2, 0xffffffff)
  1092  	var x83 uint64
  1093  	var x84 uint64
  1094  	x84, x83 = bits.Mul64(x2, 0xfffffffe00000000)
  1095  	var x85 uint64
  1096  	var x86 uint64
  1097  	x86, x85 = bits.Mul64(x2, 0xffffffff00000000)
  1098  	var x87 uint64
  1099  	var x88 uint64
  1100  	x88, x87 = bits.Mul64(x2, 0xffffffff00000001)
  1101  	var x89 uint64
  1102  	var x90 uint64
  1103  	x89, x90 = bits.Add64(x88, x85, uint64(0x0))
  1104  	var x91 uint64
  1105  	var x92 uint64
  1106  	x91, x92 = bits.Add64(x86, x83, uint64(p224Uint1(x90)))
  1107  	var x93 uint64
  1108  	var x94 uint64
  1109  	x93, x94 = bits.Add64(x84, x81, uint64(p224Uint1(x92)))
  1110  	var x95 uint64
  1111  	var x96 uint64
  1112  	x95, x96 = bits.Add64(x75, x87, uint64(0x0))
  1113  	var x97 uint64
  1114  	var x98 uint64
  1115  	x97, x98 = bits.Add64(x77, x89, uint64(p224Uint1(x96)))
  1116  	var x99 uint64
  1117  	var x100 uint64
  1118  	x99, x100 = bits.Add64(x79, x91, uint64(p224Uint1(x98)))
  1119  	var x101 uint64
  1120  	var x102 uint64
  1121  	x101, x102 = bits.Add64(((uint64(p224Uint1(x80)) + (uint64(p224Uint1(x60)) + (uint64(p224Uint1(x52)) + x40))) + (uint64(p224Uint1(x72)) + x64)), x93, uint64(p224Uint1(x100)))
  1122  	var x103 uint64
  1123  	_, x103 = bits.Mul64(x95, 0xffffffffffffffff)
  1124  	var x105 uint64
  1125  	var x106 uint64
  1126  	x106, x105 = bits.Mul64(x103, 0xffffffff)
  1127  	var x107 uint64
  1128  	var x108 uint64
  1129  	x108, x107 = bits.Mul64(x103, 0xffffffffffffffff)
  1130  	var x109 uint64
  1131  	var x110 uint64
  1132  	x110, x109 = bits.Mul64(x103, 0xffffffff00000000)
  1133  	var x111 uint64
  1134  	var x112 uint64
  1135  	x111, x112 = bits.Add64(x110, x107, uint64(0x0))
  1136  	var x113 uint64
  1137  	var x114 uint64
  1138  	x113, x114 = bits.Add64(x108, x105, uint64(p224Uint1(x112)))
  1139  	var x116 uint64
  1140  	_, x116 = bits.Add64(x95, x103, uint64(0x0))
  1141  	var x117 uint64
  1142  	var x118 uint64
  1143  	x117, x118 = bits.Add64(x97, x109, uint64(p224Uint1(x116)))
  1144  	var x119 uint64
  1145  	var x120 uint64
  1146  	x119, x120 = bits.Add64(x99, x111, uint64(p224Uint1(x118)))
  1147  	var x121 uint64
  1148  	var x122 uint64
  1149  	x121, x122 = bits.Add64(x101, x113, uint64(p224Uint1(x120)))
  1150  	var x123 uint64
  1151  	var x124 uint64
  1152  	x124, x123 = bits.Mul64(x3, 0xffffffff)
  1153  	var x125 uint64
  1154  	var x126 uint64
  1155  	x126, x125 = bits.Mul64(x3, 0xfffffffe00000000)
  1156  	var x127 uint64
  1157  	var x128 uint64
  1158  	x128, x127 = bits.Mul64(x3, 0xffffffff00000000)
  1159  	var x129 uint64
  1160  	var x130 uint64
  1161  	x130, x129 = bits.Mul64(x3, 0xffffffff00000001)
  1162  	var x131 uint64
  1163  	var x132 uint64
  1164  	x131, x132 = bits.Add64(x130, x127, uint64(0x0))
  1165  	var x133 uint64
  1166  	var x134 uint64
  1167  	x133, x134 = bits.Add64(x128, x125, uint64(p224Uint1(x132)))
  1168  	var x135 uint64
  1169  	var x136 uint64
  1170  	x135, x136 = bits.Add64(x126, x123, uint64(p224Uint1(x134)))
  1171  	var x137 uint64
  1172  	var x138 uint64
  1173  	x137, x138 = bits.Add64(x117, x129, uint64(0x0))
  1174  	var x139 uint64
  1175  	var x140 uint64
  1176  	x139, x140 = bits.Add64(x119, x131, uint64(p224Uint1(x138)))
  1177  	var x141 uint64
  1178  	var x142 uint64
  1179  	x141, x142 = bits.Add64(x121, x133, uint64(p224Uint1(x140)))
  1180  	var x143 uint64
  1181  	var x144 uint64
  1182  	x143, x144 = bits.Add64(((uint64(p224Uint1(x122)) + (uint64(p224Uint1(x102)) + (uint64(p224Uint1(x94)) + x82))) + (uint64(p224Uint1(x114)) + x106)), x135, uint64(p224Uint1(x142)))
  1183  	var x145 uint64
  1184  	_, x145 = bits.Mul64(x137, 0xffffffffffffffff)
  1185  	var x147 uint64
  1186  	var x148 uint64
  1187  	x148, x147 = bits.Mul64(x145, 0xffffffff)
  1188  	var x149 uint64
  1189  	var x150 uint64
  1190  	x150, x149 = bits.Mul64(x145, 0xffffffffffffffff)
  1191  	var x151 uint64
  1192  	var x152 uint64
  1193  	x152, x151 = bits.Mul64(x145, 0xffffffff00000000)
  1194  	var x153 uint64
  1195  	var x154 uint64
  1196  	x153, x154 = bits.Add64(x152, x149, uint64(0x0))
  1197  	var x155 uint64
  1198  	var x156 uint64
  1199  	x155, x156 = bits.Add64(x150, x147, uint64(p224Uint1(x154)))
  1200  	var x158 uint64
  1201  	_, x158 = bits.Add64(x137, x145, uint64(0x0))
  1202  	var x159 uint64
  1203  	var x160 uint64
  1204  	x159, x160 = bits.Add64(x139, x151, uint64(p224Uint1(x158)))
  1205  	var x161 uint64
  1206  	var x162 uint64
  1207  	x161, x162 = bits.Add64(x141, x153, uint64(p224Uint1(x160)))
  1208  	var x163 uint64
  1209  	var x164 uint64
  1210  	x163, x164 = bits.Add64(x143, x155, uint64(p224Uint1(x162)))
  1211  	x165 := ((uint64(p224Uint1(x164)) + (uint64(p224Uint1(x144)) + (uint64(p224Uint1(x136)) + x124))) + (uint64(p224Uint1(x156)) + x148))
  1212  	var x166 uint64
  1213  	var x167 uint64
  1214  	x166, x167 = bits.Sub64(x159, uint64(0x1), uint64(0x0))
  1215  	var x168 uint64
  1216  	var x169 uint64
  1217  	x168, x169 = bits.Sub64(x161, 0xffffffff00000000, uint64(p224Uint1(x167)))
  1218  	var x170 uint64
  1219  	var x171 uint64
  1220  	x170, x171 = bits.Sub64(x163, 0xffffffffffffffff, uint64(p224Uint1(x169)))
  1221  	var x172 uint64
  1222  	var x173 uint64
  1223  	x172, x173 = bits.Sub64(x165, 0xffffffff, uint64(p224Uint1(x171)))
  1224  	var x175 uint64
  1225  	_, x175 = bits.Sub64(uint64(0x0), uint64(0x0), uint64(p224Uint1(x173)))
  1226  	var x176 uint64
  1227  	p224CmovznzU64(&x176, p224Uint1(x175), x166, x159)
  1228  	var x177 uint64
  1229  	p224CmovznzU64(&x177, p224Uint1(x175), x168, x161)
  1230  	var x178 uint64
  1231  	p224CmovznzU64(&x178, p224Uint1(x175), x170, x163)
  1232  	var x179 uint64
  1233  	p224CmovznzU64(&x179, p224Uint1(x175), x172, x165)
  1234  	out1[0] = x176
  1235  	out1[1] = x177
  1236  	out1[2] = x178
  1237  	out1[3] = x179
  1238  }
  1239  
  1240  // p224Selectznz is a multi-limb conditional select.
  1241  //
  1242  // Postconditions:
  1243  //   eval out1 = (if arg1 = 0 then eval arg2 else eval arg3)
  1244  //
  1245  // Input Bounds:
  1246  //   arg1: [0x0 ~> 0x1]
  1247  //   arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
  1248  //   arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
  1249  // Output Bounds:
  1250  //   out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
  1251  func p224Selectznz(out1 *[4]uint64, arg1 p224Uint1, arg2 *[4]uint64, arg3 *[4]uint64) {
  1252  	var x1 uint64
  1253  	p224CmovznzU64(&x1, arg1, arg2[0], arg3[0])
  1254  	var x2 uint64
  1255  	p224CmovznzU64(&x2, arg1, arg2[1], arg3[1])
  1256  	var x3 uint64
  1257  	p224CmovznzU64(&x3, arg1, arg2[2], arg3[2])
  1258  	var x4 uint64
  1259  	p224CmovznzU64(&x4, arg1, arg2[3], arg3[3])
  1260  	out1[0] = x1
  1261  	out1[1] = x2
  1262  	out1[2] = x3
  1263  	out1[3] = x4
  1264  }
  1265  
  1266  // p224ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order.
  1267  //
  1268  // Preconditions:
  1269  //   0 ≤ eval arg1 < m
  1270  // Postconditions:
  1271  //   out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..27]
  1272  //
  1273  // Input Bounds:
  1274  //   arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]]
  1275  // Output Bounds:
  1276  //   out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
  1277  func p224ToBytes(out1 *[28]uint8, arg1 *[4]uint64) {
  1278  	x1 := arg1[3]
  1279  	x2 := arg1[2]
  1280  	x3 := arg1[1]
  1281  	x4 := arg1[0]
  1282  	x5 := (uint8(x4) & 0xff)
  1283  	x6 := (x4 >> 8)
  1284  	x7 := (uint8(x6) & 0xff)
  1285  	x8 := (x6 >> 8)
  1286  	x9 := (uint8(x8) & 0xff)
  1287  	x10 := (x8 >> 8)
  1288  	x11 := (uint8(x10) & 0xff)
  1289  	x12 := (x10 >> 8)
  1290  	x13 := (uint8(x12) & 0xff)
  1291  	x14 := (x12 >> 8)
  1292  	x15 := (uint8(x14) & 0xff)
  1293  	x16 := (x14 >> 8)
  1294  	x17 := (uint8(x16) & 0xff)
  1295  	x18 := uint8((x16 >> 8))
  1296  	x19 := (uint8(x3) & 0xff)
  1297  	x20 := (x3 >> 8)
  1298  	x21 := (uint8(x20) & 0xff)
  1299  	x22 := (x20 >> 8)
  1300  	x23 := (uint8(x22) & 0xff)
  1301  	x24 := (x22 >> 8)
  1302  	x25 := (uint8(x24) & 0xff)
  1303  	x26 := (x24 >> 8)
  1304  	x27 := (uint8(x26) & 0xff)
  1305  	x28 := (x26 >> 8)
  1306  	x29 := (uint8(x28) & 0xff)
  1307  	x30 := (x28 >> 8)
  1308  	x31 := (uint8(x30) & 0xff)
  1309  	x32 := uint8((x30 >> 8))
  1310  	x33 := (uint8(x2) & 0xff)
  1311  	x34 := (x2 >> 8)
  1312  	x35 := (uint8(x34) & 0xff)
  1313  	x36 := (x34 >> 8)
  1314  	x37 := (uint8(x36) & 0xff)
  1315  	x38 := (x36 >> 8)
  1316  	x39 := (uint8(x38) & 0xff)
  1317  	x40 := (x38 >> 8)
  1318  	x41 := (uint8(x40) & 0xff)
  1319  	x42 := (x40 >> 8)
  1320  	x43 := (uint8(x42) & 0xff)
  1321  	x44 := (x42 >> 8)
  1322  	x45 := (uint8(x44) & 0xff)
  1323  	x46 := uint8((x44 >> 8))
  1324  	x47 := (uint8(x1) & 0xff)
  1325  	x48 := (x1 >> 8)
  1326  	x49 := (uint8(x48) & 0xff)
  1327  	x50 := (x48 >> 8)
  1328  	x51 := (uint8(x50) & 0xff)
  1329  	x52 := uint8((x50 >> 8))
  1330  	out1[0] = x5
  1331  	out1[1] = x7
  1332  	out1[2] = x9
  1333  	out1[3] = x11
  1334  	out1[4] = x13
  1335  	out1[5] = x15
  1336  	out1[6] = x17
  1337  	out1[7] = x18
  1338  	out1[8] = x19
  1339  	out1[9] = x21
  1340  	out1[10] = x23
  1341  	out1[11] = x25
  1342  	out1[12] = x27
  1343  	out1[13] = x29
  1344  	out1[14] = x31
  1345  	out1[15] = x32
  1346  	out1[16] = x33
  1347  	out1[17] = x35
  1348  	out1[18] = x37
  1349  	out1[19] = x39
  1350  	out1[20] = x41
  1351  	out1[21] = x43
  1352  	out1[22] = x45
  1353  	out1[23] = x46
  1354  	out1[24] = x47
  1355  	out1[25] = x49
  1356  	out1[26] = x51
  1357  	out1[27] = x52
  1358  }
  1359  
  1360  // p224FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order.
  1361  //
  1362  // Preconditions:
  1363  //   0 ≤ bytes_eval arg1 < m
  1364  // Postconditions:
  1365  //   eval out1 mod m = bytes_eval arg1 mod m
  1366  //   0 ≤ eval out1 < m
  1367  //
  1368  // Input Bounds:
  1369  //   arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
  1370  // Output Bounds:
  1371  //   out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]]
  1372  func p224FromBytes(out1 *[4]uint64, arg1 *[28]uint8) {
  1373  	x1 := (uint64(arg1[27]) << 24)
  1374  	x2 := (uint64(arg1[26]) << 16)
  1375  	x3 := (uint64(arg1[25]) << 8)
  1376  	x4 := arg1[24]
  1377  	x5 := (uint64(arg1[23]) << 56)
  1378  	x6 := (uint64(arg1[22]) << 48)
  1379  	x7 := (uint64(arg1[21]) << 40)
  1380  	x8 := (uint64(arg1[20]) << 32)
  1381  	x9 := (uint64(arg1[19]) << 24)
  1382  	x10 := (uint64(arg1[18]) << 16)
  1383  	x11 := (uint64(arg1[17]) << 8)
  1384  	x12 := arg1[16]
  1385  	x13 := (uint64(arg1[15]) << 56)
  1386  	x14 := (uint64(arg1[14]) << 48)
  1387  	x15 := (uint64(arg1[13]) << 40)
  1388  	x16 := (uint64(arg1[12]) << 32)
  1389  	x17 := (uint64(arg1[11]) << 24)
  1390  	x18 := (uint64(arg1[10]) << 16)
  1391  	x19 := (uint64(arg1[9]) << 8)
  1392  	x20 := arg1[8]
  1393  	x21 := (uint64(arg1[7]) << 56)
  1394  	x22 := (uint64(arg1[6]) << 48)
  1395  	x23 := (uint64(arg1[5]) << 40)
  1396  	x24 := (uint64(arg1[4]) << 32)
  1397  	x25 := (uint64(arg1[3]) << 24)
  1398  	x26 := (uint64(arg1[2]) << 16)
  1399  	x27 := (uint64(arg1[1]) << 8)
  1400  	x28 := arg1[0]
  1401  	x29 := (x27 + uint64(x28))
  1402  	x30 := (x26 + x29)
  1403  	x31 := (x25 + x30)
  1404  	x32 := (x24 + x31)
  1405  	x33 := (x23 + x32)
  1406  	x34 := (x22 + x33)
  1407  	x35 := (x21 + x34)
  1408  	x36 := (x19 + uint64(x20))
  1409  	x37 := (x18 + x36)
  1410  	x38 := (x17 + x37)
  1411  	x39 := (x16 + x38)
  1412  	x40 := (x15 + x39)
  1413  	x41 := (x14 + x40)
  1414  	x42 := (x13 + x41)
  1415  	x43 := (x11 + uint64(x12))
  1416  	x44 := (x10 + x43)
  1417  	x45 := (x9 + x44)
  1418  	x46 := (x8 + x45)
  1419  	x47 := (x7 + x46)
  1420  	x48 := (x6 + x47)
  1421  	x49 := (x5 + x48)
  1422  	x50 := (x3 + uint64(x4))
  1423  	x51 := (x2 + x50)
  1424  	x52 := (x1 + x51)
  1425  	out1[0] = x35
  1426  	out1[1] = x42
  1427  	out1[2] = x49
  1428  	out1[3] = x52
  1429  }
  1430
View as plain text