Remove DECAF_NOINLINE

extern "C" {

#endif

/** @cond internal */

#if defined(DOXYGEN) && !defined(__attribute__)

#define __attribute__((x))

#endif

#define DECAF_NOINLINE  __attribute__((noinline))

/** @endcond */

/* Internal word types.

 *

 * Somewhat tricky.  This could be decided separately per platform.  However,

/** identity = (0,1) */

const curve448_point_t curve448_point_identity = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}};

static DECAF_NOINLINE void

static void

point_double_internal (

    curve448_point_t p,

    const curve448_point_t q,

    gf_cond_neg(n->c, neg);

}

static DECAF_NOINLINE void pt_to_pniels (

static void pt_to_pniels (

    pniels_t b,

    const curve448_point_t a

) {

    gf_add ( b->z, a->z, a->z );

}

static DECAF_NOINLINE void pniels_to_pt (

static void pniels_to_pt (

    curve448_point_t e,

    const pniels_t d

) {

    gf_sqr ( e->z, d->z );

}

static DECAF_NOINLINE void

static void

niels_to_pt (

    curve448_point_t e,

    const niels_t n

    gf_copy ( e->z, ONE );

}

static DECAF_NOINLINE void

static void

add_niels_to_pt (

    curve448_point_t d,

    const niels_t e,

    if (!before_double) gf_mul ( d->t, b, c );

}

static DECAF_NOINLINE void

static void

sub_niels_from_pt (

    curve448_point_t d,

    const niels_t e,

void decaf_ed448_derive_public_key (

    uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],

    const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES]

) DECAF_NOINLINE;

);

/**

 * @brief EdDSA signing.

    uint8_t prehashed,

    const uint8_t *context,

    uint8_t context_len

) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE;

) __attribute__((nonnull(1,2,3)));

/**

 * @brief EdDSA signing with prehash.

    const decaf_ed448_prehash_ctx_t hash,

    const uint8_t *context,

    uint8_t context_len

) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE;

) __attribute__((nonnull(1,2,3,4)));

/**

 * @brief Prehash initialization, with contexts if supported.

 */

void decaf_ed448_prehash_init (

    decaf_ed448_prehash_ctx_t hash

) __attribute__((nonnull(1))) DECAF_NOINLINE;

) __attribute__((nonnull(1)));

/**

 * @brief EdDSA signature verification.

    uint8_t prehashed,

    const uint8_t *context,

    uint8_t context_len

) __attribute__((nonnull(1,2))) DECAF_NOINLINE;

) __attribute__((nonnull(1,2)));

/**

 * @brief EdDSA signature verification.

    const decaf_ed448_prehash_ctx_t hash,

    const uint8_t *context,

    uint8_t context_len

) __attribute__((nonnull(1,2))) DECAF_NOINLINE;

) __attribute__((nonnull(1,2)));

/**

 * @brief EdDSA point encoding.  Used internally, exposed externally.

void curve448_point_mul_by_ratio_and_encode_like_eddsa (

    uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES],

    const curve448_point_t p

) DECAF_NOINLINE;

);

/**

 * @brief EdDSA point decoding.  Multiplies by DECAF_448_EDDSA_DECODE_RATIO,

decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio (

    curve448_point_t p,

    const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]

) DECAF_NOINLINE;

);

/**

 * @brief EdDSA to ECDH public key conversion

void decaf_ed448_convert_public_key_to_x448 (

    uint8_t x[DECAF_X448_PUBLIC_BYTES],

    const uint8_t ed[DECAF_EDDSA_448_PUBLIC_BYTES]

) DECAF_NOINLINE;

);

/**

 * @brief EdDSA to ECDH private key conversion

void decaf_ed448_convert_private_key_to_x448 (

    uint8_t x[DECAF_X448_PRIVATE_BYTES],

    const uint8_t ed[DECAF_EDDSA_448_PRIVATE_BYTES]

) DECAF_NOINLINE;

);

#ifdef __cplusplus

} /* extern "C" */

__owur decaf_error_t curve448_scalar_decode (

    curve448_scalar_t out,

    const unsigned char ser[DECAF_448_SCALAR_BYTES]

) DECAF_NOINLINE;

);

/**

 * @brief Read a scalar from wire format or from bytes.  Reduces mod

    curve448_scalar_t out,

    const unsigned char *ser,

    size_t ser_len

) DECAF_NOINLINE;

);

/**

 * @brief Serialize a scalar to wire format.

void curve448_scalar_encode (

    unsigned char ser[DECAF_448_SCALAR_BYTES],

    const curve448_scalar_t s

) DECAF_NOINLINE DECAF_NOINLINE;

);

/**

 * @brief Add two scalars.  The scalars may use the same memory.

    curve448_scalar_t out,

    const curve448_scalar_t a,

    const curve448_scalar_t b

) DECAF_NOINLINE;

);

/**

 * @brief Subtract two scalars.  The scalars may use the same memory.

    curve448_scalar_t out,

    const curve448_scalar_t a,

    const curve448_scalar_t b

) DECAF_NOINLINE;

);

/**

 * @brief Multiply two scalars.  The scalars may use the same memory.

    curve448_scalar_t out,

    const curve448_scalar_t a,

    const curve448_scalar_t b

) DECAF_NOINLINE;

);

/**

* @brief Halve a scalar.  The scalars may use the same memory.

void curve448_scalar_halve (

   curve448_scalar_t out,

   const curve448_scalar_t a

) DECAF_NOINLINE;

);

/**

 * @brief Copy a scalar.  The scalars may use the same memory, in which

__owur decaf_bool_t curve448_point_eq (

    const curve448_point_t a,

    const curve448_point_t b

) DECAF_NOINLINE;

);

/**

 * @brief Double a point.  Equivalent to

    uint8_t out[DECAF_X448_PUBLIC_BYTES],

    const uint8_t base[DECAF_X448_PUBLIC_BYTES],

    const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]

) DECAF_NOINLINE;

);

/**

 * @brief Multiply a point by DECAF_X448_ENCODE_RATIO,

void decaf_x448_derive_public_key (

    uint8_t out[DECAF_X448_PUBLIC_BYTES],

    const uint8_t scalar[DECAF_X448_PRIVATE_BYTES]

) DECAF_NOINLINE;

);

/**

    curve448_point_t scaled,

    const curve448_precomputed_s *base,

    const curve448_scalar_t scalar

) DECAF_NOINLINE;

);

/**

    const curve448_scalar_t scalar1,

    const curve448_point_t base2,

    const curve448_scalar_t scalar2

) DECAF_NOINLINE;

);

/**

 * @brief Test that a point is valid, for debugging purposes.

 */

__owur decaf_bool_t curve448_point_valid (

    const curve448_point_t to_test

) DECAF_NOINLINE;

);

/**

 * @brief Overwrite scalar with zeros.

/** {extra,accum} - sub +? p

 * Must have extra <= 1

 */

static DECAF_NOINLINE void sc_subx(

static void sc_subx(

    curve448_scalar_t out,

    const decaf_word_t accum[DECAF_448_SCALAR_LIMBS],

    const curve448_scalar_t sub,

    }

}

static DECAF_NOINLINE void sc_montmul (

static void sc_montmul (

    curve448_scalar_t out,

    const curve448_scalar_t a,

    const curve448_scalar_t b