Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: 55ea2facdd
Branches Tags
wolfssl
/
wolfcrypt
/
src
/
sp_armthumb.c

sp_armthumb.c 629 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731 
  1. /* sp.c
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2006-2020 wolfSSL Inc.
    4. 

  4.  *
    5. 

  5.  * This file is part of wolfSSL.
    6. 

  6.  *
    7. 

  7.  * wolfSSL is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * wolfSSL is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
    20. 

  20.  */
    21. 

  21. 

  22. /* Implementation by Sean Parkinson. */
    23. 

  23. 

  24. #ifdef HAVE_CONFIG_H
    25. 

  25.     #include <config.h>
    26. 

  26. #endif
    27. 

  27. 

  28. #include <wolfssl/wolfcrypt/settings.h>
    29. 

  29. #include <wolfssl/wolfcrypt/error-crypt.h>
    30. 

  30. #include <wolfssl/wolfcrypt/cpuid.h>
    31. 

  31. #ifdef NO_INLINE
    32. 

  32.     #include <wolfssl/wolfcrypt/misc.h>
    33. 

  33. #else
    34. 

  34.     #define WOLFSSL_MISC_INCLUDED
    35. 

  35.     #include <wolfcrypt/src/misc.c>
    36. 

  36. #endif
    37. 

  37. 

  38. #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
    39. 

  39.                                     defined(WOLFSSL_HAVE_SP_ECC)
    40. 

  40. 

  41. #ifdef RSA_LOW_MEM
    42. 

  42. #ifndef WOLFSSL_SP_SMALL
    43. 

  43. #define WOLFSSL_SP_SMALL
    44. 

  44. #endif
    45. 

  45. #endif
    46. 

  46. 

  47. #include <wolfssl/wolfcrypt/sp.h>
    48. 

  48. 

  49. #ifdef WOLFSSL_SP_ARM_THUMB_ASM
    50. 

  50. #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
    51. 

  51. #ifndef WOLFSSL_SP_NO_2048
    52. 

  52. /* Read big endian unsigned byte array into r.
    53. 

  53.  *
    54. 

  54.  * r  A single precision integer.
    55. 

  55.  * size  Maximum number of bytes to convert
    56. 

  56.  * a  Byte array.
    57. 

  57.  * n  Number of bytes in array to read.
    58. 

  58.  */
    59. 

  59. static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n)
    60. 

  60. {
    61. 

  61.     int i, j = 0;
    62. 

  62.     word32 s = 0;
    63. 

  63. 

  64.     r[0] = 0;
    65. 

  65.     for (i = n-1; i >= 0; i--) {
    66. 

  66.         r[j] |= (((sp_digit)a[i]) << s);
    67. 

  67.         if (s >= 24U) {
    68. 

  68.             r[j] &= 0xffffffff;
    69. 

  69.             s = 32U - s;
    70. 

  70.             if (j + 1 >= size) {
    71. 

  71.                 break;
    72. 

  72.             }
    73. 

  73.             r[++j] = (sp_digit)a[i] >> s;
    74. 

  74.             s = 8U - s;
    75. 

  75.         }
    76. 

  76.         else {
    77. 

  77.             s += 8U;
    78. 

  78.         }
    79. 

  79.     }
    80. 

  80. 

  81.     for (j++; j < size; j++) {
    82. 

  82.         r[j] = 0;
    83. 

  83.     }
    84. 

  84. }
    85. 

  85. 

  86. /* Convert an mp_int to an array of sp_digit.
    87. 

  87.  *
    88. 

  88.  * r  A single precision integer.
    89. 

  89.  * size  Maximum number of bytes to convert
    90. 

  90.  * a  A multi-precision integer.
    91. 

  91.  */
    92. 

  92. static void sp_2048_from_mp(sp_digit* r, int size, const mp_int* a)
    93. 

  93. {
    94. 

  94. #if DIGIT_BIT == 32
    95. 

  95.     int j;
    96. 

  96. 

  97.     XMEMCPY(r, a->dp, sizeof(sp_digit) * a->used);
    98. 

  98. 

  99.     for (j = a->used; j < size; j++) {
    100. 

  100.         r[j] = 0;
    101. 

  101.     }
    102. 

  102. #elif DIGIT_BIT > 32
    103. 

  103.     int i, j = 0;
    104. 

  104.     word32 s = 0;
    105. 

  105. 

  106.     r[0] = 0;
    107. 

  107.     for (i = 0; i < a->used && j < size; i++) {
    108. 

  108.         r[j] |= ((sp_digit)a->dp[i] << s);
    109. 

  109.         r[j] &= 0xffffffff;
    110. 

  110.         s = 32U - s;
    111. 

  111.         if (j + 1 >= size) {
    112. 

  112.             break;
    113. 

  113.         }
    114. 

  114.         /* lint allow cast of mismatch word32 and mp_digit */
    115. 

  115.         r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    116. 

  116.         while ((s + 32U) <= (word32)DIGIT_BIT) {
    117. 

  117.             s += 32U;
    118. 

  118.             r[j] &= 0xffffffff;
    119. 

  119.             if (j + 1 >= size) {
    120. 

  120.                 break;
    121. 

  121.             }
    122. 

  122.             if (s < (word32)DIGIT_BIT) {
    123. 

  123.                 /* lint allow cast of mismatch word32 and mp_digit */
    124. 

  124.                 r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    125. 

  125.             }
    126. 

  126.             else {
    127. 

  127.                 r[++j] = 0L;
    128. 

  128.             }
    129. 

  129.         }
    130. 

  130.         s = (word32)DIGIT_BIT - s;
    131. 

  131.     }
    132. 

  132. 

  133.     for (j++; j < size; j++) {
    134. 

  134.         r[j] = 0;
    135. 

  135.     }
    136. 

  136. #else
    137. 

  137.     int i, j = 0, s = 0;
    138. 

  138. 

  139.     r[0] = 0;
    140. 

  140.     for (i = 0; i < a->used && j < size; i++) {
    141. 

  141.         r[j] |= ((sp_digit)a->dp[i]) << s;
    142. 

  142.         if (s + DIGIT_BIT >= 32) {
    143. 

  143.             r[j] &= 0xffffffff;
    144. 

  144.             if (j + 1 >= size) {
    145. 

  145.                 break;
    146. 

  146.             }
    147. 

  147.             s = 32 - s;
    148. 

  148.             if (s == DIGIT_BIT) {
    149. 

  149.                 r[++j] = 0;
    150. 

  150.                 s = 0;
    151. 

  151.             }
    152. 

  152.             else {
    153. 

  153.                 r[++j] = a->dp[i] >> s;
    154. 

  154.                 s = DIGIT_BIT - s;
    155. 

  155.             }
    156. 

  156.         }
    157. 

  157.         else {
    158. 

  158.             s += DIGIT_BIT;
    159. 

  159.         }
    160. 

  160.     }
    161. 

  161. 

  162.     for (j++; j < size; j++) {
    163. 

  163.         r[j] = 0;
    164. 

  164.     }
    165. 

  165. #endif
    166. 

  166. }
    167. 

  167. 

  168. /* Write r as big endian to byte array.
    169. 

  169.  * Fixed length number of bytes written: 256
    170. 

  170.  *
    171. 

  171.  * r  A single precision integer.
    172. 

  172.  * a  Byte array.
    173. 

  173.  */
    174. 

  174. static void sp_2048_to_bin(sp_digit* r, byte* a)
    175. 

  175. {
    176. 

  176.     int i, j, s = 0, b;
    177. 

  177. 

  178.     j = 2048 / 8 - 1;
    179. 

  179.     a[j] = 0;
    180. 

  180.     for (i=0; i<64 && j>=0; i++) {
    181. 

  181.         b = 0;
    182. 

  182.         /* lint allow cast of mismatch sp_digit and int */
    183. 

  183.         a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
    184. 

  184.         if (j < 0) {
    185. 

  185.             break;
    186. 

  186.         }
    187. 

  187.         while (b < 32) {
    188. 

  188.             a[j--] = r[i] >> b; b += 8;
    189. 

  189.             if (j < 0) {
    190. 

  190.                 break;
    191. 

  191.             }
    192. 

  192.         }
    193. 

  193.         s = 8 - (b - 32);
    194. 

  194.         if (j >= 0) {
    195. 

  195.             a[j] = 0;
    196. 

  196.         }
    197. 

  197.         if (s != 0) {
    198. 

  198.             j++;
    199. 

  199.         }
    200. 

  200.     }
    201. 

  201. }
    202. 

  202. 

  203. #ifndef WOLFSSL_SP_SMALL
    204. 

  204. /* Multiply a and b into r. (r = a * b)
    205. 

  205.  *
    206. 

  206.  * r  A single precision integer.
    207. 

  207.  * a  A single precision integer.
    208. 

  208.  * b  A single precision integer.
    209. 

  209.  */
    210. 

  210. SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a,
    211. 

  211.         const sp_digit* b)
    212. 

  212. {
    213. 

  213.     sp_digit tmp[8 * 2];
    214. 

  214.     __asm__ __volatile__ (
    215. 

  215.         "mov	r3, #0\n\t"
    216. 

  216.         "mov	r4, #0\n\t"
    217. 

  217.         "mov	r8, r3\n\t"
    218. 

  218.         "mov	r11, %[r]\n\t"
    219. 

  219.         "mov	r9, %[a]\n\t"
    220. 

  220.         "mov	r10, %[b]\n\t"
    221. 

  221.         "mov	r6, #32\n\t"
    222. 

  222.         "add	r6, r9\n\t"
    223. 

  223.         "mov	r12, r6\n\t"
    224. 

  224.         "\n1:\n\t"
    225. 

  225.         "mov	%[r], #0\n\t"
    226. 

  226.         "mov	r5, #0\n\t"
    227. 

  227.         "mov	r6, #28\n\t"
    228. 

  228.         "mov	%[a], r8\n\t"
    229. 

  229.         "sub	%[a], r6\n\t"
    230. 

  230.         "sbc	r6, r6\n\t"
    231. 

  231.         "mvn	r6, r6\n\t"
    232. 

  232.         "and	%[a], r6\n\t"
    233. 

  233.         "mov	%[b], r8\n\t"
    234. 

  234.         "sub	%[b], %[a]\n\t"
    235. 

  235.         "add	%[a], r9\n\t"
    236. 

  236.         "add	%[b], r10\n\t"
    237. 

  237.         "\n2:\n\t"
    238. 

  238.         "# Multiply Start\n\t"
    239. 

  239.         "ldr	r6, [%[a]]\n\t"
    240. 

  240.         "ldr	r7, [%[b]]\n\t"
    241. 

  241.         "lsl	r6, r6, #16\n\t"
    242. 

  242.         "lsl	r7, r7, #16\n\t"
    243. 

  243.         "lsr	r6, r6, #16\n\t"
    244. 

  244.         "lsr	r7, r7, #16\n\t"
    245. 

  245.         "mul	r7, r6\n\t"
    246. 

  246.         "add	r3, r7\n\t"
    247. 

  247.         "adc	r4, %[r]\n\t"
    248. 

  248.         "adc	r5, %[r]\n\t"
    249. 

  249.         "ldr	r7, [%[b]]\n\t"
    250. 

  250.         "lsr	r7, r7, #16\n\t"
    251. 

  251.         "mul	r6, r7\n\t"
    252. 

  252.         "lsr	r7, r6, #16\n\t"
    253. 

  253.         "lsl	r6, r6, #16\n\t"
    254. 

  254.         "add	r3, r6\n\t"
    255. 

  255.         "adc	r4, r7\n\t"
    256. 

  256.         "adc	r5, %[r]\n\t"
    257. 

  257.         "ldr	r6, [%[a]]\n\t"
    258. 

  258.         "ldr	r7, [%[b]]\n\t"
    259. 

  259.         "lsr	r6, r6, #16\n\t"
    260. 

  260.         "lsr	r7, r7, #16\n\t"
    261. 

  261.         "mul	r7, r6\n\t"
    262. 

  262.         "add	r4, r7\n\t"
    263. 

  263.         "adc	r5, %[r]\n\t"
    264. 

  264.         "ldr	r7, [%[b]]\n\t"
    265. 

  265.         "lsl	r7, r7, #16\n\t"
    266. 

  266.         "lsr	r7, r7, #16\n\t"
    267. 

  267.         "mul	r6, r7\n\t"
    268. 

  268.         "lsr	r7, r6, #16\n\t"
    269. 

  269.         "lsl	r6, r6, #16\n\t"
    270. 

  270.         "add	r3, r6\n\t"
    271. 

  271.         "adc	r4, r7\n\t"
    272. 

  272.         "adc	r5, %[r]\n\t"
    273. 

  273.         "# Multiply Done\n\t"
    274. 

  274.         "add	%[a], #4\n\t"
    275. 

  275.         "sub	%[b], #4\n\t"
    276. 

  276.         "cmp	%[a], r12\n\t"
    277. 

  277.         "beq	3f\n\t"
    278. 

  278.         "mov	r6, r8\n\t"
    279. 

  279.         "add	r6, r9\n\t"
    280. 

  280.         "cmp	%[a], r6\n\t"
    281. 

  281.         "ble	2b\n\t"
    282. 

  282.         "\n3:\n\t"
    283. 

  283.         "mov	%[r], r11\n\t"
    284. 

  284.         "mov	r7, r8\n\t"
    285. 

  285.         "str	r3, [%[r], r7]\n\t"
    286. 

  286.         "mov	r3, r4\n\t"
    287. 

  287.         "mov	r4, r5\n\t"
    288. 

  288.         "add	r7, #4\n\t"
    289. 

  289.         "mov	r8, r7\n\t"
    290. 

  290.         "mov	r6, #56\n\t"
    291. 

  291.         "cmp	r7, r6\n\t"
    292. 

  292.         "ble	1b\n\t"
    293. 

  293.         "str	r3, [%[r], r7]\n\t"
    294. 

  294.         "mov	%[a], r9\n\t"
    295. 

  295.         "mov	%[b], r10\n\t"
    296. 

  296.         :
    297. 

  297.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    298. 

  298.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    299. 

  299.     );
    300. 

  300. 

  301.     XMEMCPY(r, tmp, sizeof(tmp));
    302. 

  302. }
    303. 

  303. 

  304. /* Square a and put result in r. (r = a * a)
    305. 

  305.  *
    306. 

  306.  * r  A single precision integer.
    307. 

  307.  * a  A single precision integer.
    308. 

  308.  */
    309. 

  309. SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a)
    310. 

  310. {
    311. 

  311.     __asm__ __volatile__ (
    312. 

  312.         "mov	r3, #0\n\t"
    313. 

  313.         "mov	r4, #0\n\t"
    314. 

  314.         "mov	r5, #0\n\t"
    315. 

  315.         "mov	r8, r3\n\t"
    316. 

  316.         "mov	r11, %[r]\n\t"
    317. 

  317.         "mov	r6, #64\n\t"
    318. 

  318.         "neg	r6, r6\n\t"
    319. 

  319.         "add	sp, r6\n\t"
    320. 

  320.         "mov	r10, sp\n\t"
    321. 

  321.         "mov	r9, %[a]\n\t"
    322. 

  322.         "\n1:\n\t"
    323. 

  323.         "mov	%[r], #0\n\t"
    324. 

  324.         "mov	r6, #28\n\t"
    325. 

  325.         "mov	%[a], r8\n\t"
    326. 

  326.         "sub	%[a], r6\n\t"
    327. 

  327.         "sbc	r6, r6\n\t"
    328. 

  328.         "mvn	r6, r6\n\t"
    329. 

  329.         "and	%[a], r6\n\t"
    330. 

  330.         "mov	r2, r8\n\t"
    331. 

  331.         "sub	r2, %[a]\n\t"
    332. 

  332.         "add	%[a], r9\n\t"
    333. 

  333.         "add	r2, r9\n\t"
    334. 

  334.         "\n2:\n\t"
    335. 

  335.         "cmp	r2, %[a]\n\t"
    336. 

  336.         "beq	4f\n\t"
    337. 

  337.         "# Multiply * 2: Start\n\t"
    338. 

  338.         "ldr	r6, [%[a]]\n\t"
    339. 

  339.         "ldr	r7, [r2]\n\t"
    340. 

  340.         "lsl	r6, r6, #16\n\t"
    341. 

  341.         "lsl	r7, r7, #16\n\t"
    342. 

  342.         "lsr	r6, r6, #16\n\t"
    343. 

  343.         "lsr	r7, r7, #16\n\t"
    344. 

  344.         "mul	r7, r6\n\t"
    345. 

  345.         "add	r3, r7\n\t"
    346. 

  346.         "adc	r4, %[r]\n\t"
    347. 

  347.         "adc	r5, %[r]\n\t"
    348. 

  348.         "add	r3, r7\n\t"
    349. 

  349.         "adc	r4, %[r]\n\t"
    350. 

  350.         "adc	r5, %[r]\n\t"
    351. 

  351.         "ldr	r7, [r2]\n\t"
    352. 

  352.         "lsr	r7, r7, #16\n\t"
    353. 

  353.         "mul	r6, r7\n\t"
    354. 

  354.         "lsr	r7, r6, #16\n\t"
    355. 

  355.         "lsl	r6, r6, #16\n\t"
    356. 

  356.         "add	r3, r6\n\t"
    357. 

  357.         "adc	r4, r7\n\t"
    358. 

  358.         "adc	r5, %[r]\n\t"
    359. 

  359.         "add	r3, r6\n\t"
    360. 

  360.         "adc	r4, r7\n\t"
    361. 

  361.         "adc	r5, %[r]\n\t"
    362. 

  362.         "ldr	r6, [%[a]]\n\t"
    363. 

  363.         "ldr	r7, [r2]\n\t"
    364. 

  364.         "lsr	r6, r6, #16\n\t"
    365. 

  365.         "lsr	r7, r7, #16\n\t"
    366. 

  366.         "mul	r7, r6\n\t"
    367. 

  367.         "add	r4, r7\n\t"
    368. 

  368.         "adc	r5, %[r]\n\t"
    369. 

  369.         "add	r4, r7\n\t"
    370. 

  370.         "adc	r5, %[r]\n\t"
    371. 

  371.         "ldr	r7, [r2]\n\t"
    372. 

  372.         "lsl	r7, r7, #16\n\t"
    373. 

  373.         "lsr	r7, r7, #16\n\t"
    374. 

  374.         "mul	r6, r7\n\t"
    375. 

  375.         "lsr	r7, r6, #16\n\t"
    376. 

  376.         "lsl	r6, r6, #16\n\t"
    377. 

  377.         "add	r3, r6\n\t"
    378. 

  378.         "adc	r4, r7\n\t"
    379. 

  379.         "adc	r5, %[r]\n\t"
    380. 

  380.         "add	r3, r6\n\t"
    381. 

  381.         "adc	r4, r7\n\t"
    382. 

  382.         "adc	r5, %[r]\n\t"
    383. 

  383.         "# Multiply * 2: Done\n\t"
    384. 

  384.         "bal	5f\n\t"
    385. 

  385.         "\n4:\n\t"
    386. 

  386.         "# Square: Start\n\t"
    387. 

  387.         "ldr	r6, [%[a]]\n\t"
    388. 

  388.         "lsr	r7, r6, #16\n\t"
    389. 

  389.         "lsl	r6, r6, #16\n\t"
    390. 

  390.         "lsr	r6, r6, #16\n\t"
    391. 

  391.         "mul	r6, r6\n\t"
    392. 

  392.         "add	r3, r6\n\t"
    393. 

  393.         "adc	r4, %[r]\n\t"
    394. 

  394.         "adc	r5, %[r]\n\t"
    395. 

  395.         "mul	r7, r7\n\t"
    396. 

  396.         "add	r4, r7\n\t"
    397. 

  397.         "adc	r5, %[r]\n\t"
    398. 

  398.         "ldr	r6, [%[a]]\n\t"
    399. 

  399.         "lsr	r7, r6, #16\n\t"
    400. 

  400.         "lsl	r6, r6, #16\n\t"
    401. 

  401.         "lsr	r6, r6, #16\n\t"
    402. 

  402.         "mul	r6, r7\n\t"
    403. 

  403.         "lsr	r7, r6, #15\n\t"
    404. 

  404.         "lsl	r6, r6, #17\n\t"
    405. 

  405.         "add	r3, r6\n\t"
    406. 

  406.         "adc	r4, r7\n\t"
    407. 

  407.         "adc	r5, %[r]\n\t"
    408. 

  408.         "# Square: Done\n\t"
    409. 

  409.         "\n5:\n\t"
    410. 

  410.         "add	%[a], #4\n\t"
    411. 

  411.         "sub	r2, #4\n\t"
    412. 

  412.         "mov	r6, #32\n\t"
    413. 

  413.         "add	r6, r9\n\t"
    414. 

  414.         "cmp	%[a], r6\n\t"
    415. 

  415.         "beq	3f\n\t"
    416. 

  416.         "cmp	%[a], r2\n\t"
    417. 

  417.         "bgt	3f\n\t"
    418. 

  418.         "mov	r7, r8\n\t"
    419. 

  419.         "add	r7, r9\n\t"
    420. 

  420.         "cmp	%[a], r7\n\t"
    421. 

  421.         "ble	2b\n\t"
    422. 

  422.         "\n3:\n\t"
    423. 

  423.         "mov	%[r], r10\n\t"
    424. 

  424.         "mov	r7, r8\n\t"
    425. 

  425.         "str	r3, [%[r], r7]\n\t"
    426. 

  426.         "mov	r3, r4\n\t"
    427. 

  427.         "mov	r4, r5\n\t"
    428. 

  428.         "mov	r5, #0\n\t"
    429. 

  429.         "add	r7, #4\n\t"
    430. 

  430.         "mov	r8, r7\n\t"
    431. 

  431.         "mov	r6, #56\n\t"
    432. 

  432.         "cmp	r7, r6\n\t"
    433. 

  433.         "ble	1b\n\t"
    434. 

  434.         "mov	%[a], r9\n\t"
    435. 

  435.         "str	r3, [%[r], r7]\n\t"
    436. 

  436.         "mov	%[r], r11\n\t"
    437. 

  437.         "mov	%[a], r10\n\t"
    438. 

  438.         "mov	r3, #60\n\t"
    439. 

  439.         "\n4:\n\t"
    440. 

  440.         "ldr	r6, [%[a], r3]\n\t"
    441. 

  441.         "str	r6, [%[r], r3]\n\t"
    442. 

  442.         "sub	r3, #4\n\t"
    443. 

  443.         "bge	4b\n\t"
    444. 

  444.         "mov	r6, #64\n\t"
    445. 

  445.         "add	sp, r6\n\t"
    446. 

  446.         :
    447. 

  447.         : [r] "r" (r), [a] "r" (a)
    448. 

  448.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    449. 

  449.     );
    450. 

  450. }
    451. 

  451. 

  452. /* Add b to a into r. (r = a + b)
    453. 

  453.  *
    454. 

  454.  * r  A single precision integer.
    455. 

  455.  * a  A single precision integer.
    456. 

  456.  * b  A single precision integer.
    457. 

  457.  */
    458. 

  458. SP_NOINLINE static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a,
    459. 

  459.         const sp_digit* b)
    460. 

  460. {
    461. 

  461.     sp_digit c = 0;
    462. 

  462. 

  463.     __asm__ __volatile__ (
    464. 

  464.         "ldr	r4, [%[a], #0]\n\t"
    465. 

  465.         "ldr	r5, [%[b], #0]\n\t"
    466. 

  466.         "add	r4, r5\n\t"
    467. 

  467.         "str	r4, [%[r], #0]\n\t"
    468. 

  468.         "ldr	r4, [%[a], #4]\n\t"
    469. 

  469.         "ldr	r5, [%[b], #4]\n\t"
    470. 

  470.         "adc	r4, r5\n\t"
    471. 

  471.         "str	r4, [%[r], #4]\n\t"
    472. 

  472.         "ldr	r4, [%[a], #8]\n\t"
    473. 

  473.         "ldr	r5, [%[b], #8]\n\t"
    474. 

  474.         "adc	r4, r5\n\t"
    475. 

  475.         "str	r4, [%[r], #8]\n\t"
    476. 

  476.         "ldr	r4, [%[a], #12]\n\t"
    477. 

  477.         "ldr	r5, [%[b], #12]\n\t"
    478. 

  478.         "adc	r4, r5\n\t"
    479. 

  479.         "str	r4, [%[r], #12]\n\t"
    480. 

  480.         "ldr	r4, [%[a], #16]\n\t"
    481. 

  481.         "ldr	r5, [%[b], #16]\n\t"
    482. 

  482.         "adc	r4, r5\n\t"
    483. 

  483.         "str	r4, [%[r], #16]\n\t"
    484. 

  484.         "ldr	r4, [%[a], #20]\n\t"
    485. 

  485.         "ldr	r5, [%[b], #20]\n\t"
    486. 

  486.         "adc	r4, r5\n\t"
    487. 

  487.         "str	r4, [%[r], #20]\n\t"
    488. 

  488.         "ldr	r4, [%[a], #24]\n\t"
    489. 

  489.         "ldr	r5, [%[b], #24]\n\t"
    490. 

  490.         "adc	r4, r5\n\t"
    491. 

  491.         "str	r4, [%[r], #24]\n\t"
    492. 

  492.         "ldr	r4, [%[a], #28]\n\t"
    493. 

  493.         "ldr	r5, [%[b], #28]\n\t"
    494. 

  494.         "adc	r4, r5\n\t"
    495. 

  495.         "str	r4, [%[r], #28]\n\t"
    496. 

  496.         "mov	%[c], #0\n\t"
    497. 

  497.         "adc	%[c], %[c]\n\t"
    498. 

  498.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    499. 

  499.         :
    500. 

  500.         : "memory", "r4", "r5"
    501. 

  501.     );
    502. 

  502. 

  503.     return c;
    504. 

  504. }
    505. 

  505. 

  506. /* Sub b from a into r. (r = a - b)
    507. 

  507.  *
    508. 

  508.  * r  A single precision integer.
    509. 

  509.  * a  A single precision integer.
    510. 

  510.  * b  A single precision integer.
    511. 

  511.  */
    512. 

  512. SP_NOINLINE static sp_digit sp_2048_sub_in_place_16(sp_digit* a,
    513. 

  513.         const sp_digit* b)
    514. 

  514. {
    515. 

  515.     sp_digit c = 0;
    516. 

  516. 

  517.     __asm__ __volatile__ (
    518. 

  518.         "ldr	r3, [%[a], #0]\n\t"
    519. 

  519.         "ldr	r4, [%[a], #4]\n\t"
    520. 

  520.         "ldr	r5, [%[b], #0]\n\t"
    521. 

  521.         "ldr	r6, [%[b], #4]\n\t"
    522. 

  522.         "sub	r3, r5\n\t"
    523. 

  523.         "sbc	r4, r6\n\t"
    524. 

  524.         "str	r3, [%[a], #0]\n\t"
    525. 

  525.         "str	r4, [%[a], #4]\n\t"
    526. 

  526.         "ldr	r3, [%[a], #8]\n\t"
    527. 

  527.         "ldr	r4, [%[a], #12]\n\t"
    528. 

  528.         "ldr	r5, [%[b], #8]\n\t"
    529. 

  529.         "ldr	r6, [%[b], #12]\n\t"
    530. 

  530.         "sbc	r3, r5\n\t"
    531. 

  531.         "sbc	r4, r6\n\t"
    532. 

  532.         "str	r3, [%[a], #8]\n\t"
    533. 

  533.         "str	r4, [%[a], #12]\n\t"
    534. 

  534.         "ldr	r3, [%[a], #16]\n\t"
    535. 

  535.         "ldr	r4, [%[a], #20]\n\t"
    536. 

  536.         "ldr	r5, [%[b], #16]\n\t"
    537. 

  537.         "ldr	r6, [%[b], #20]\n\t"
    538. 

  538.         "sbc	r3, r5\n\t"
    539. 

  539.         "sbc	r4, r6\n\t"
    540. 

  540.         "str	r3, [%[a], #16]\n\t"
    541. 

  541.         "str	r4, [%[a], #20]\n\t"
    542. 

  542.         "ldr	r3, [%[a], #24]\n\t"
    543. 

  543.         "ldr	r4, [%[a], #28]\n\t"
    544. 

  544.         "ldr	r5, [%[b], #24]\n\t"
    545. 

  545.         "ldr	r6, [%[b], #28]\n\t"
    546. 

  546.         "sbc	r3, r5\n\t"
    547. 

  547.         "sbc	r4, r6\n\t"
    548. 

  548.         "str	r3, [%[a], #24]\n\t"
    549. 

  549.         "str	r4, [%[a], #28]\n\t"
    550. 

  550.         "ldr	r3, [%[a], #32]\n\t"
    551. 

  551.         "ldr	r4, [%[a], #36]\n\t"
    552. 

  552.         "ldr	r5, [%[b], #32]\n\t"
    553. 

  553.         "ldr	r6, [%[b], #36]\n\t"
    554. 

  554.         "sbc	r3, r5\n\t"
    555. 

  555.         "sbc	r4, r6\n\t"
    556. 

  556.         "str	r3, [%[a], #32]\n\t"
    557. 

  557.         "str	r4, [%[a], #36]\n\t"
    558. 

  558.         "ldr	r3, [%[a], #40]\n\t"
    559. 

  559.         "ldr	r4, [%[a], #44]\n\t"
    560. 

  560.         "ldr	r5, [%[b], #40]\n\t"
    561. 

  561.         "ldr	r6, [%[b], #44]\n\t"
    562. 

  562.         "sbc	r3, r5\n\t"
    563. 

  563.         "sbc	r4, r6\n\t"
    564. 

  564.         "str	r3, [%[a], #40]\n\t"
    565. 

  565.         "str	r4, [%[a], #44]\n\t"
    566. 

  566.         "ldr	r3, [%[a], #48]\n\t"
    567. 

  567.         "ldr	r4, [%[a], #52]\n\t"
    568. 

  568.         "ldr	r5, [%[b], #48]\n\t"
    569. 

  569.         "ldr	r6, [%[b], #52]\n\t"
    570. 

  570.         "sbc	r3, r5\n\t"
    571. 

  571.         "sbc	r4, r6\n\t"
    572. 

  572.         "str	r3, [%[a], #48]\n\t"
    573. 

  573.         "str	r4, [%[a], #52]\n\t"
    574. 

  574.         "ldr	r3, [%[a], #56]\n\t"
    575. 

  575.         "ldr	r4, [%[a], #60]\n\t"
    576. 

  576.         "ldr	r5, [%[b], #56]\n\t"
    577. 

  577.         "ldr	r6, [%[b], #60]\n\t"
    578. 

  578.         "sbc	r3, r5\n\t"
    579. 

  579.         "sbc	r4, r6\n\t"
    580. 

  580.         "str	r3, [%[a], #56]\n\t"
    581. 

  581.         "str	r4, [%[a], #60]\n\t"
    582. 

  582.         "sbc	%[c], %[c]\n\t"
    583. 

  583.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    584. 

  584.         :
    585. 

  585.         : "memory", "r3", "r4", "r5", "r6"
    586. 

  586.     );
    587. 

  587. 

  588.     return c;
    589. 

  589. }
    590. 

  590. 

  591. /* Add b to a into r. (r = a + b)
    592. 

  592.  *
    593. 

  593.  * r  A single precision integer.
    594. 

  594.  * a  A single precision integer.
    595. 

  595.  * b  A single precision integer.
    596. 

  596.  */
    597. 

  597. SP_NOINLINE static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a,
    598. 

  598.         const sp_digit* b)
    599. 

  599. {
    600. 

  600.     sp_digit c = 0;
    601. 

  601. 

  602.     __asm__ __volatile__ (
    603. 

  603.         "ldr	r4, [%[a], #0]\n\t"
    604. 

  604.         "ldr	r5, [%[b], #0]\n\t"
    605. 

  605.         "add	r4, r5\n\t"
    606. 

  606.         "str	r4, [%[r], #0]\n\t"
    607. 

  607.         "ldr	r4, [%[a], #4]\n\t"
    608. 

  608.         "ldr	r5, [%[b], #4]\n\t"
    609. 

  609.         "adc	r4, r5\n\t"
    610. 

  610.         "str	r4, [%[r], #4]\n\t"
    611. 

  611.         "ldr	r4, [%[a], #8]\n\t"
    612. 

  612.         "ldr	r5, [%[b], #8]\n\t"
    613. 

  613.         "adc	r4, r5\n\t"
    614. 

  614.         "str	r4, [%[r], #8]\n\t"
    615. 

  615.         "ldr	r4, [%[a], #12]\n\t"
    616. 

  616.         "ldr	r5, [%[b], #12]\n\t"
    617. 

  617.         "adc	r4, r5\n\t"
    618. 

  618.         "str	r4, [%[r], #12]\n\t"
    619. 

  619.         "ldr	r4, [%[a], #16]\n\t"
    620. 

  620.         "ldr	r5, [%[b], #16]\n\t"
    621. 

  621.         "adc	r4, r5\n\t"
    622. 

  622.         "str	r4, [%[r], #16]\n\t"
    623. 

  623.         "ldr	r4, [%[a], #20]\n\t"
    624. 

  624.         "ldr	r5, [%[b], #20]\n\t"
    625. 

  625.         "adc	r4, r5\n\t"
    626. 

  626.         "str	r4, [%[r], #20]\n\t"
    627. 

  627.         "ldr	r4, [%[a], #24]\n\t"
    628. 

  628.         "ldr	r5, [%[b], #24]\n\t"
    629. 

  629.         "adc	r4, r5\n\t"
    630. 

  630.         "str	r4, [%[r], #24]\n\t"
    631. 

  631.         "ldr	r4, [%[a], #28]\n\t"
    632. 

  632.         "ldr	r5, [%[b], #28]\n\t"
    633. 

  633.         "adc	r4, r5\n\t"
    634. 

  634.         "str	r4, [%[r], #28]\n\t"
    635. 

  635.         "ldr	r4, [%[a], #32]\n\t"
    636. 

  636.         "ldr	r5, [%[b], #32]\n\t"
    637. 

  637.         "adc	r4, r5\n\t"
    638. 

  638.         "str	r4, [%[r], #32]\n\t"
    639. 

  639.         "ldr	r4, [%[a], #36]\n\t"
    640. 

  640.         "ldr	r5, [%[b], #36]\n\t"
    641. 

  641.         "adc	r4, r5\n\t"
    642. 

  642.         "str	r4, [%[r], #36]\n\t"
    643. 

  643.         "ldr	r4, [%[a], #40]\n\t"
    644. 

  644.         "ldr	r5, [%[b], #40]\n\t"
    645. 

  645.         "adc	r4, r5\n\t"
    646. 

  646.         "str	r4, [%[r], #40]\n\t"
    647. 

  647.         "ldr	r4, [%[a], #44]\n\t"
    648. 

  648.         "ldr	r5, [%[b], #44]\n\t"
    649. 

  649.         "adc	r4, r5\n\t"
    650. 

  650.         "str	r4, [%[r], #44]\n\t"
    651. 

  651.         "ldr	r4, [%[a], #48]\n\t"
    652. 

  652.         "ldr	r5, [%[b], #48]\n\t"
    653. 

  653.         "adc	r4, r5\n\t"
    654. 

  654.         "str	r4, [%[r], #48]\n\t"
    655. 

  655.         "ldr	r4, [%[a], #52]\n\t"
    656. 

  656.         "ldr	r5, [%[b], #52]\n\t"
    657. 

  657.         "adc	r4, r5\n\t"
    658. 

  658.         "str	r4, [%[r], #52]\n\t"
    659. 

  659.         "ldr	r4, [%[a], #56]\n\t"
    660. 

  660.         "ldr	r5, [%[b], #56]\n\t"
    661. 

  661.         "adc	r4, r5\n\t"
    662. 

  662.         "str	r4, [%[r], #56]\n\t"
    663. 

  663.         "ldr	r4, [%[a], #60]\n\t"
    664. 

  664.         "ldr	r5, [%[b], #60]\n\t"
    665. 

  665.         "adc	r4, r5\n\t"
    666. 

  666.         "str	r4, [%[r], #60]\n\t"
    667. 

  667.         "mov	%[c], #0\n\t"
    668. 

  668.         "adc	%[c], %[c]\n\t"
    669. 

  669.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    670. 

  670.         :
    671. 

  671.         : "memory", "r4", "r5"
    672. 

  672.     );
    673. 

  673. 

  674.     return c;
    675. 

  675. }
    676. 

  676. 

  677. /* AND m into each word of a and store in r.
    678. 

  678.  *
    679. 

  679.  * r  A single precision integer.
    680. 

  680.  * a  A single precision integer.
    681. 

  681.  * m  Mask to AND against each digit.
    682. 

  682.  */
    683. 

  683. static void sp_2048_mask_8(sp_digit* r, const sp_digit* a, sp_digit m)
    684. 

  684. {
    685. 

  685. #ifdef WOLFSSL_SP_SMALL
    686. 

  686.     int i;
    687. 

  687. 

  688.     for (i=0; i<8; i++) {
    689. 

  689.         r[i] = a[i] & m;
    690. 

  690.     }
    691. 

  691. #else
    692. 

  692.     r[0] = a[0] & m;
    693. 

  693.     r[1] = a[1] & m;
    694. 

  694.     r[2] = a[2] & m;
    695. 

  695.     r[3] = a[3] & m;
    696. 

  696.     r[4] = a[4] & m;
    697. 

  697.     r[5] = a[5] & m;
    698. 

  698.     r[6] = a[6] & m;
    699. 

  699.     r[7] = a[7] & m;
    700. 

  700. #endif
    701. 

  701. }
    702. 

  702. 

  703. /* Multiply a and b into r. (r = a * b)
    704. 

  704.  *
    705. 

  705.  * r  A single precision integer.
    706. 

  706.  * a  A single precision integer.
    707. 

  707.  * b  A single precision integer.
    708. 

  708.  */
    709. 

  709. SP_NOINLINE static void sp_2048_mul_16(sp_digit* r, const sp_digit* a,
    710. 

  710.         const sp_digit* b)
    711. 

  711. {
    712. 

  712.     sp_digit* z0 = r;
    713. 

  713.     sp_digit z1[16];
    714. 

  714.     sp_digit a1[8];
    715. 

  715.     sp_digit b1[8];
    716. 

  716.     sp_digit z2[16];
    717. 

  717.     sp_digit u, ca, cb;
    718. 

  718. 

  719.     ca = sp_2048_add_8(a1, a, &a[8]);
    720. 

  720.     cb = sp_2048_add_8(b1, b, &b[8]);
    721. 

  721.     u  = ca & cb;
    722. 

  722.     sp_2048_mul_8(z1, a1, b1);
    723. 

  723.     sp_2048_mul_8(z2, &a[8], &b[8]);
    724. 

  724.     sp_2048_mul_8(z0, a, b);
    725. 

  725.     sp_2048_mask_8(r + 16, a1, 0 - cb);
    726. 

  726.     sp_2048_mask_8(b1, b1, 0 - ca);
    727. 

  727.     u += sp_2048_add_8(r + 16, r + 16, b1);
    728. 

  728.     u += sp_2048_sub_in_place_16(z1, z2);
    729. 

  729.     u += sp_2048_sub_in_place_16(z1, z0);
    730. 

  730.     u += sp_2048_add_16(r + 8, r + 8, z1);
    731. 

  731.     r[24] = u;
    732. 

  732.     XMEMSET(r + 24 + 1, 0, sizeof(sp_digit) * (8 - 1));
    733. 

  733.     (void)sp_2048_add_16(r + 16, r + 16, z2);
    734. 

  734. }
    735. 

  735. 

  736. /* Square a and put result in r. (r = a * a)
    737. 

  737.  *
    738. 

  738.  * r  A single precision integer.
    739. 

  739.  * a  A single precision integer.
    740. 

  740.  */
    741. 

  741. SP_NOINLINE static void sp_2048_sqr_16(sp_digit* r, const sp_digit* a)
    742. 

  742. {
    743. 

  743.     sp_digit* z0 = r;
    744. 

  744.     sp_digit z2[16];
    745. 

  745.     sp_digit z1[16];
    746. 

  746.     sp_digit a1[8];
    747. 

  747.     sp_digit u;
    748. 

  748. 

  749.     u = sp_2048_add_8(a1, a, &a[8]);
    750. 

  750.     sp_2048_sqr_8(z1, a1);
    751. 

  751.     sp_2048_sqr_8(z2, &a[8]);
    752. 

  752.     sp_2048_sqr_8(z0, a);
    753. 

  753.     sp_2048_mask_8(r + 16, a1, 0 - u);
    754. 

  754.     u += sp_2048_add_8(r + 16, r + 16, r + 16);
    755. 

  755.     u += sp_2048_sub_in_place_16(z1, z2);
    756. 

  756.     u += sp_2048_sub_in_place_16(z1, z0);
    757. 

  757.     u += sp_2048_add_16(r + 8, r + 8, z1);
    758. 

  758.     r[24] = u;
    759. 

  759.     XMEMSET(r + 24 + 1, 0, sizeof(sp_digit) * (8 - 1));
    760. 

  760.     (void)sp_2048_add_16(r + 16, r + 16, z2);
    761. 

  761. }
    762. 

  762. 

  763. /* Sub b from a into r. (r = a - b)
    764. 

  764.  *
    765. 

  765.  * r  A single precision integer.
    766. 

  766.  * a  A single precision integer.
    767. 

  767.  * b  A single precision integer.
    768. 

  768.  */
    769. 

  769. SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
    770. 

  770.         const sp_digit* b)
    771. 

  771. {
    772. 

  772.     sp_digit c = 0;
    773. 

  773. 

  774.     __asm__ __volatile__ (
    775. 

  775.         "ldr	r3, [%[a], #0]\n\t"
    776. 

  776.         "ldr	r4, [%[a], #4]\n\t"
    777. 

  777.         "ldr	r5, [%[b], #0]\n\t"
    778. 

  778.         "ldr	r6, [%[b], #4]\n\t"
    779. 

  779.         "sub	r3, r5\n\t"
    780. 

  780.         "sbc	r4, r6\n\t"
    781. 

  781.         "str	r3, [%[a], #0]\n\t"
    782. 

  782.         "str	r4, [%[a], #4]\n\t"
    783. 

  783.         "ldr	r3, [%[a], #8]\n\t"
    784. 

  784.         "ldr	r4, [%[a], #12]\n\t"
    785. 

  785.         "ldr	r5, [%[b], #8]\n\t"
    786. 

  786.         "ldr	r6, [%[b], #12]\n\t"
    787. 

  787.         "sbc	r3, r5\n\t"
    788. 

  788.         "sbc	r4, r6\n\t"
    789. 

  789.         "str	r3, [%[a], #8]\n\t"
    790. 

  790.         "str	r4, [%[a], #12]\n\t"
    791. 

  791.         "ldr	r3, [%[a], #16]\n\t"
    792. 

  792.         "ldr	r4, [%[a], #20]\n\t"
    793. 

  793.         "ldr	r5, [%[b], #16]\n\t"
    794. 

  794.         "ldr	r6, [%[b], #20]\n\t"
    795. 

  795.         "sbc	r3, r5\n\t"
    796. 

  796.         "sbc	r4, r6\n\t"
    797. 

  797.         "str	r3, [%[a], #16]\n\t"
    798. 

  798.         "str	r4, [%[a], #20]\n\t"
    799. 

  799.         "ldr	r3, [%[a], #24]\n\t"
    800. 

  800.         "ldr	r4, [%[a], #28]\n\t"
    801. 

  801.         "ldr	r5, [%[b], #24]\n\t"
    802. 

  802.         "ldr	r6, [%[b], #28]\n\t"
    803. 

  803.         "sbc	r3, r5\n\t"
    804. 

  804.         "sbc	r4, r6\n\t"
    805. 

  805.         "str	r3, [%[a], #24]\n\t"
    806. 

  806.         "str	r4, [%[a], #28]\n\t"
    807. 

  807.         "ldr	r3, [%[a], #32]\n\t"
    808. 

  808.         "ldr	r4, [%[a], #36]\n\t"
    809. 

  809.         "ldr	r5, [%[b], #32]\n\t"
    810. 

  810.         "ldr	r6, [%[b], #36]\n\t"
    811. 

  811.         "sbc	r3, r5\n\t"
    812. 

  812.         "sbc	r4, r6\n\t"
    813. 

  813.         "str	r3, [%[a], #32]\n\t"
    814. 

  814.         "str	r4, [%[a], #36]\n\t"
    815. 

  815.         "ldr	r3, [%[a], #40]\n\t"
    816. 

  816.         "ldr	r4, [%[a], #44]\n\t"
    817. 

  817.         "ldr	r5, [%[b], #40]\n\t"
    818. 

  818.         "ldr	r6, [%[b], #44]\n\t"
    819. 

  819.         "sbc	r3, r5\n\t"
    820. 

  820.         "sbc	r4, r6\n\t"
    821. 

  821.         "str	r3, [%[a], #40]\n\t"
    822. 

  822.         "str	r4, [%[a], #44]\n\t"
    823. 

  823.         "ldr	r3, [%[a], #48]\n\t"
    824. 

  824.         "ldr	r4, [%[a], #52]\n\t"
    825. 

  825.         "ldr	r5, [%[b], #48]\n\t"
    826. 

  826.         "ldr	r6, [%[b], #52]\n\t"
    827. 

  827.         "sbc	r3, r5\n\t"
    828. 

  828.         "sbc	r4, r6\n\t"
    829. 

  829.         "str	r3, [%[a], #48]\n\t"
    830. 

  830.         "str	r4, [%[a], #52]\n\t"
    831. 

  831.         "ldr	r3, [%[a], #56]\n\t"
    832. 

  832.         "ldr	r4, [%[a], #60]\n\t"
    833. 

  833.         "ldr	r5, [%[b], #56]\n\t"
    834. 

  834.         "ldr	r6, [%[b], #60]\n\t"
    835. 

  835.         "sbc	r3, r5\n\t"
    836. 

  836.         "sbc	r4, r6\n\t"
    837. 

  837.         "str	r3, [%[a], #56]\n\t"
    838. 

  838.         "str	r4, [%[a], #60]\n\t"
    839. 

  839.         "ldr	r3, [%[a], #64]\n\t"
    840. 

  840.         "ldr	r4, [%[a], #68]\n\t"
    841. 

  841.         "ldr	r5, [%[b], #64]\n\t"
    842. 

  842.         "ldr	r6, [%[b], #68]\n\t"
    843. 

  843.         "sbc	r3, r5\n\t"
    844. 

  844.         "sbc	r4, r6\n\t"
    845. 

  845.         "str	r3, [%[a], #64]\n\t"
    846. 

  846.         "str	r4, [%[a], #68]\n\t"
    847. 

  847.         "ldr	r3, [%[a], #72]\n\t"
    848. 

  848.         "ldr	r4, [%[a], #76]\n\t"
    849. 

  849.         "ldr	r5, [%[b], #72]\n\t"
    850. 

  850.         "ldr	r6, [%[b], #76]\n\t"
    851. 

  851.         "sbc	r3, r5\n\t"
    852. 

  852.         "sbc	r4, r6\n\t"
    853. 

  853.         "str	r3, [%[a], #72]\n\t"
    854. 

  854.         "str	r4, [%[a], #76]\n\t"
    855. 

  855.         "ldr	r3, [%[a], #80]\n\t"
    856. 

  856.         "ldr	r4, [%[a], #84]\n\t"
    857. 

  857.         "ldr	r5, [%[b], #80]\n\t"
    858. 

  858.         "ldr	r6, [%[b], #84]\n\t"
    859. 

  859.         "sbc	r3, r5\n\t"
    860. 

  860.         "sbc	r4, r6\n\t"
    861. 

  861.         "str	r3, [%[a], #80]\n\t"
    862. 

  862.         "str	r4, [%[a], #84]\n\t"
    863. 

  863.         "ldr	r3, [%[a], #88]\n\t"
    864. 

  864.         "ldr	r4, [%[a], #92]\n\t"
    865. 

  865.         "ldr	r5, [%[b], #88]\n\t"
    866. 

  866.         "ldr	r6, [%[b], #92]\n\t"
    867. 

  867.         "sbc	r3, r5\n\t"
    868. 

  868.         "sbc	r4, r6\n\t"
    869. 

  869.         "str	r3, [%[a], #88]\n\t"
    870. 

  870.         "str	r4, [%[a], #92]\n\t"
    871. 

  871.         "ldr	r3, [%[a], #96]\n\t"
    872. 

  872.         "ldr	r4, [%[a], #100]\n\t"
    873. 

  873.         "ldr	r5, [%[b], #96]\n\t"
    874. 

  874.         "ldr	r6, [%[b], #100]\n\t"
    875. 

  875.         "sbc	r3, r5\n\t"
    876. 

  876.         "sbc	r4, r6\n\t"
    877. 

  877.         "str	r3, [%[a], #96]\n\t"
    878. 

  878.         "str	r4, [%[a], #100]\n\t"
    879. 

  879.         "ldr	r3, [%[a], #104]\n\t"
    880. 

  880.         "ldr	r4, [%[a], #108]\n\t"
    881. 

  881.         "ldr	r5, [%[b], #104]\n\t"
    882. 

  882.         "ldr	r6, [%[b], #108]\n\t"
    883. 

  883.         "sbc	r3, r5\n\t"
    884. 

  884.         "sbc	r4, r6\n\t"
    885. 

  885.         "str	r3, [%[a], #104]\n\t"
    886. 

  886.         "str	r4, [%[a], #108]\n\t"
    887. 

  887.         "ldr	r3, [%[a], #112]\n\t"
    888. 

  888.         "ldr	r4, [%[a], #116]\n\t"
    889. 

  889.         "ldr	r5, [%[b], #112]\n\t"
    890. 

  890.         "ldr	r6, [%[b], #116]\n\t"
    891. 

  891.         "sbc	r3, r5\n\t"
    892. 

  892.         "sbc	r4, r6\n\t"
    893. 

  893.         "str	r3, [%[a], #112]\n\t"
    894. 

  894.         "str	r4, [%[a], #116]\n\t"
    895. 

  895.         "ldr	r3, [%[a], #120]\n\t"
    896. 

  896.         "ldr	r4, [%[a], #124]\n\t"
    897. 

  897.         "ldr	r5, [%[b], #120]\n\t"
    898. 

  898.         "ldr	r6, [%[b], #124]\n\t"
    899. 

  899.         "sbc	r3, r5\n\t"
    900. 

  900.         "sbc	r4, r6\n\t"
    901. 

  901.         "str	r3, [%[a], #120]\n\t"
    902. 

  902.         "str	r4, [%[a], #124]\n\t"
    903. 

  903.         "sbc	%[c], %[c]\n\t"
    904. 

  904.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    905. 

  905.         :
    906. 

  906.         : "memory", "r3", "r4", "r5", "r6"
    907. 

  907.     );
    908. 

  908. 

  909.     return c;
    910. 

  910. }
    911. 

  911. 

  912. /* Add b to a into r. (r = a + b)
    913. 

  913.  *
    914. 

  914.  * r  A single precision integer.
    915. 

  915.  * a  A single precision integer.
    916. 

  916.  * b  A single precision integer.
    917. 

  917.  */
    918. 

  918. SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
    919. 

  919.         const sp_digit* b)
    920. 

  920. {
    921. 

  921.     sp_digit c = 0;
    922. 

  922. 

  923.     __asm__ __volatile__ (
    924. 

  924.         "ldr	r4, [%[a], #0]\n\t"
    925. 

  925.         "ldr	r5, [%[b], #0]\n\t"
    926. 

  926.         "add	r4, r5\n\t"
    927. 

  927.         "str	r4, [%[r], #0]\n\t"
    928. 

  928.         "ldr	r4, [%[a], #4]\n\t"
    929. 

  929.         "ldr	r5, [%[b], #4]\n\t"
    930. 

  930.         "adc	r4, r5\n\t"
    931. 

  931.         "str	r4, [%[r], #4]\n\t"
    932. 

  932.         "ldr	r4, [%[a], #8]\n\t"
    933. 

  933.         "ldr	r5, [%[b], #8]\n\t"
    934. 

  934.         "adc	r4, r5\n\t"
    935. 

  935.         "str	r4, [%[r], #8]\n\t"
    936. 

  936.         "ldr	r4, [%[a], #12]\n\t"
    937. 

  937.         "ldr	r5, [%[b], #12]\n\t"
    938. 

  938.         "adc	r4, r5\n\t"
    939. 

  939.         "str	r4, [%[r], #12]\n\t"
    940. 

  940.         "ldr	r4, [%[a], #16]\n\t"
    941. 

  941.         "ldr	r5, [%[b], #16]\n\t"
    942. 

  942.         "adc	r4, r5\n\t"
    943. 

  943.         "str	r4, [%[r], #16]\n\t"
    944. 

  944.         "ldr	r4, [%[a], #20]\n\t"
    945. 

  945.         "ldr	r5, [%[b], #20]\n\t"
    946. 

  946.         "adc	r4, r5\n\t"
    947. 

  947.         "str	r4, [%[r], #20]\n\t"
    948. 

  948.         "ldr	r4, [%[a], #24]\n\t"
    949. 

  949.         "ldr	r5, [%[b], #24]\n\t"
    950. 

  950.         "adc	r4, r5\n\t"
    951. 

  951.         "str	r4, [%[r], #24]\n\t"
    952. 

  952.         "ldr	r4, [%[a], #28]\n\t"
    953. 

  953.         "ldr	r5, [%[b], #28]\n\t"
    954. 

  954.         "adc	r4, r5\n\t"
    955. 

  955.         "str	r4, [%[r], #28]\n\t"
    956. 

  956.         "ldr	r4, [%[a], #32]\n\t"
    957. 

  957.         "ldr	r5, [%[b], #32]\n\t"
    958. 

  958.         "adc	r4, r5\n\t"
    959. 

  959.         "str	r4, [%[r], #32]\n\t"
    960. 

  960.         "ldr	r4, [%[a], #36]\n\t"
    961. 

  961.         "ldr	r5, [%[b], #36]\n\t"
    962. 

  962.         "adc	r4, r5\n\t"
    963. 

  963.         "str	r4, [%[r], #36]\n\t"
    964. 

  964.         "ldr	r4, [%[a], #40]\n\t"
    965. 

  965.         "ldr	r5, [%[b], #40]\n\t"
    966. 

  966.         "adc	r4, r5\n\t"
    967. 

  967.         "str	r4, [%[r], #40]\n\t"
    968. 

  968.         "ldr	r4, [%[a], #44]\n\t"
    969. 

  969.         "ldr	r5, [%[b], #44]\n\t"
    970. 

  970.         "adc	r4, r5\n\t"
    971. 

  971.         "str	r4, [%[r], #44]\n\t"
    972. 

  972.         "ldr	r4, [%[a], #48]\n\t"
    973. 

  973.         "ldr	r5, [%[b], #48]\n\t"
    974. 

  974.         "adc	r4, r5\n\t"
    975. 

  975.         "str	r4, [%[r], #48]\n\t"
    976. 

  976.         "ldr	r4, [%[a], #52]\n\t"
    977. 

  977.         "ldr	r5, [%[b], #52]\n\t"
    978. 

  978.         "adc	r4, r5\n\t"
    979. 

  979.         "str	r4, [%[r], #52]\n\t"
    980. 

  980.         "ldr	r4, [%[a], #56]\n\t"
    981. 

  981.         "ldr	r5, [%[b], #56]\n\t"
    982. 

  982.         "adc	r4, r5\n\t"
    983. 

  983.         "str	r4, [%[r], #56]\n\t"
    984. 

  984.         "ldr	r4, [%[a], #60]\n\t"
    985. 

  985.         "ldr	r5, [%[b], #60]\n\t"
    986. 

  986.         "adc	r4, r5\n\t"
    987. 

  987.         "str	r4, [%[r], #60]\n\t"
    988. 

  988.         "ldr	r4, [%[a], #64]\n\t"
    989. 

  989.         "ldr	r5, [%[b], #64]\n\t"
    990. 

  990.         "adc	r4, r5\n\t"
    991. 

  991.         "str	r4, [%[r], #64]\n\t"
    992. 

  992.         "ldr	r4, [%[a], #68]\n\t"
    993. 

  993.         "ldr	r5, [%[b], #68]\n\t"
    994. 

  994.         "adc	r4, r5\n\t"
    995. 

  995.         "str	r4, [%[r], #68]\n\t"
    996. 

  996.         "ldr	r4, [%[a], #72]\n\t"
    997. 

  997.         "ldr	r5, [%[b], #72]\n\t"
    998. 

  998.         "adc	r4, r5\n\t"
    999. 

  999.         "str	r4, [%[r], #72]\n\t"
    1000. 

  1000.         "ldr	r4, [%[a], #76]\n\t"
    1001. 

  1001.         "ldr	r5, [%[b], #76]\n\t"
    1002. 

  1002.         "adc	r4, r5\n\t"
    1003. 

  1003.         "str	r4, [%[r], #76]\n\t"
    1004. 

  1004.         "ldr	r4, [%[a], #80]\n\t"
    1005. 

  1005.         "ldr	r5, [%[b], #80]\n\t"
    1006. 

  1006.         "adc	r4, r5\n\t"
    1007. 

  1007.         "str	r4, [%[r], #80]\n\t"
    1008. 

  1008.         "ldr	r4, [%[a], #84]\n\t"
    1009. 

  1009.         "ldr	r5, [%[b], #84]\n\t"
    1010. 

  1010.         "adc	r4, r5\n\t"
    1011. 

  1011.         "str	r4, [%[r], #84]\n\t"
    1012. 

  1012.         "ldr	r4, [%[a], #88]\n\t"
    1013. 

  1013.         "ldr	r5, [%[b], #88]\n\t"
    1014. 

  1014.         "adc	r4, r5\n\t"
    1015. 

  1015.         "str	r4, [%[r], #88]\n\t"
    1016. 

  1016.         "ldr	r4, [%[a], #92]\n\t"
    1017. 

  1017.         "ldr	r5, [%[b], #92]\n\t"
    1018. 

  1018.         "adc	r4, r5\n\t"
    1019. 

  1019.         "str	r4, [%[r], #92]\n\t"
    1020. 

  1020.         "ldr	r4, [%[a], #96]\n\t"
    1021. 

  1021.         "ldr	r5, [%[b], #96]\n\t"
    1022. 

  1022.         "adc	r4, r5\n\t"
    1023. 

  1023.         "str	r4, [%[r], #96]\n\t"
    1024. 

  1024.         "ldr	r4, [%[a], #100]\n\t"
    1025. 

  1025.         "ldr	r5, [%[b], #100]\n\t"
    1026. 

  1026.         "adc	r4, r5\n\t"
    1027. 

  1027.         "str	r4, [%[r], #100]\n\t"
    1028. 

  1028.         "ldr	r4, [%[a], #104]\n\t"
    1029. 

  1029.         "ldr	r5, [%[b], #104]\n\t"
    1030. 

  1030.         "adc	r4, r5\n\t"
    1031. 

  1031.         "str	r4, [%[r], #104]\n\t"
    1032. 

  1032.         "ldr	r4, [%[a], #108]\n\t"
    1033. 

  1033.         "ldr	r5, [%[b], #108]\n\t"
    1034. 

  1034.         "adc	r4, r5\n\t"
    1035. 

  1035.         "str	r4, [%[r], #108]\n\t"
    1036. 

  1036.         "ldr	r4, [%[a], #112]\n\t"
    1037. 

  1037.         "ldr	r5, [%[b], #112]\n\t"
    1038. 

  1038.         "adc	r4, r5\n\t"
    1039. 

  1039.         "str	r4, [%[r], #112]\n\t"
    1040. 

  1040.         "ldr	r4, [%[a], #116]\n\t"
    1041. 

  1041.         "ldr	r5, [%[b], #116]\n\t"
    1042. 

  1042.         "adc	r4, r5\n\t"
    1043. 

  1043.         "str	r4, [%[r], #116]\n\t"
    1044. 

  1044.         "ldr	r4, [%[a], #120]\n\t"
    1045. 

  1045.         "ldr	r5, [%[b], #120]\n\t"
    1046. 

  1046.         "adc	r4, r5\n\t"
    1047. 

  1047.         "str	r4, [%[r], #120]\n\t"
    1048. 

  1048.         "ldr	r4, [%[a], #124]\n\t"
    1049. 

  1049.         "ldr	r5, [%[b], #124]\n\t"
    1050. 

  1050.         "adc	r4, r5\n\t"
    1051. 

  1051.         "str	r4, [%[r], #124]\n\t"
    1052. 

  1052.         "mov	%[c], #0\n\t"
    1053. 

  1053.         "adc	%[c], %[c]\n\t"
    1054. 

  1054.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    1055. 

  1055.         :
    1056. 

  1056.         : "memory", "r4", "r5"
    1057. 

  1057.     );
    1058. 

  1058. 

  1059.     return c;
    1060. 

  1060. }
    1061. 

  1061. 

  1062. /* AND m into each word of a and store in r.
    1063. 

  1063.  *
    1064. 

  1064.  * r  A single precision integer.
    1065. 

  1065.  * a  A single precision integer.
    1066. 

  1066.  * m  Mask to AND against each digit.
    1067. 

  1067.  */
    1068. 

  1068. static void sp_2048_mask_16(sp_digit* r, const sp_digit* a, sp_digit m)
    1069. 

  1069. {
    1070. 

  1070. #ifdef WOLFSSL_SP_SMALL
    1071. 

  1071.     int i;
    1072. 

  1072. 

  1073.     for (i=0; i<16; i++) {
    1074. 

  1074.         r[i] = a[i] & m;
    1075. 

  1075.     }
    1076. 

  1076. #else
    1077. 

  1077.     int i;
    1078. 

  1078. 

  1079.     for (i = 0; i < 16; i += 8) {
    1080. 

  1080.         r[i+0] = a[i+0] & m;
    1081. 

  1081.         r[i+1] = a[i+1] & m;
    1082. 

  1082.         r[i+2] = a[i+2] & m;
    1083. 

  1083.         r[i+3] = a[i+3] & m;
    1084. 

  1084.         r[i+4] = a[i+4] & m;
    1085. 

  1085.         r[i+5] = a[i+5] & m;
    1086. 

  1086.         r[i+6] = a[i+6] & m;
    1087. 

  1087.         r[i+7] = a[i+7] & m;
    1088. 

  1088.     }
    1089. 

  1089. #endif
    1090. 

  1090. }
    1091. 

  1091. 

  1092. /* Multiply a and b into r. (r = a * b)
    1093. 

  1093.  *
    1094. 

  1094.  * r  A single precision integer.
    1095. 

  1095.  * a  A single precision integer.
    1096. 

  1096.  * b  A single precision integer.
    1097. 

  1097.  */
    1098. 

  1098. SP_NOINLINE static void sp_2048_mul_32(sp_digit* r, const sp_digit* a,
    1099. 

  1099.         const sp_digit* b)
    1100. 

  1100. {
    1101. 

  1101.     sp_digit* z0 = r;
    1102. 

  1102.     sp_digit z1[32];
    1103. 

  1103.     sp_digit a1[16];
    1104. 

  1104.     sp_digit b1[16];
    1105. 

  1105.     sp_digit z2[32];
    1106. 

  1106.     sp_digit u, ca, cb;
    1107. 

  1107. 

  1108.     ca = sp_2048_add_16(a1, a, &a[16]);
    1109. 

  1109.     cb = sp_2048_add_16(b1, b, &b[16]);
    1110. 

  1110.     u  = ca & cb;
    1111. 

  1111.     sp_2048_mul_16(z1, a1, b1);
    1112. 

  1112.     sp_2048_mul_16(z2, &a[16], &b[16]);
    1113. 

  1113.     sp_2048_mul_16(z0, a, b);
    1114. 

  1114.     sp_2048_mask_16(r + 32, a1, 0 - cb);
    1115. 

  1115.     sp_2048_mask_16(b1, b1, 0 - ca);
    1116. 

  1116.     u += sp_2048_add_16(r + 32, r + 32, b1);
    1117. 

  1117.     u += sp_2048_sub_in_place_32(z1, z2);
    1118. 

  1118.     u += sp_2048_sub_in_place_32(z1, z0);
    1119. 

  1119.     u += sp_2048_add_32(r + 16, r + 16, z1);
    1120. 

  1120.     r[48] = u;
    1121. 

  1121.     XMEMSET(r + 48 + 1, 0, sizeof(sp_digit) * (16 - 1));
    1122. 

  1122.     (void)sp_2048_add_32(r + 32, r + 32, z2);
    1123. 

  1123. }
    1124. 

  1124. 

  1125. /* Square a and put result in r. (r = a * a)
    1126. 

  1126.  *
    1127. 

  1127.  * r  A single precision integer.
    1128. 

  1128.  * a  A single precision integer.
    1129. 

  1129.  */
    1130. 

  1130. SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
    1131. 

  1131. {
    1132. 

  1132.     sp_digit* z0 = r;
    1133. 

  1133.     sp_digit z2[32];
    1134. 

  1134.     sp_digit z1[32];
    1135. 

  1135.     sp_digit a1[16];
    1136. 

  1136.     sp_digit u;
    1137. 

  1137. 

  1138.     u = sp_2048_add_16(a1, a, &a[16]);
    1139. 

  1139.     sp_2048_sqr_16(z1, a1);
    1140. 

  1140.     sp_2048_sqr_16(z2, &a[16]);
    1141. 

  1141.     sp_2048_sqr_16(z0, a);
    1142. 

  1142.     sp_2048_mask_16(r + 32, a1, 0 - u);
    1143. 

  1143.     u += sp_2048_add_16(r + 32, r + 32, r + 32);
    1144. 

  1144.     u += sp_2048_sub_in_place_32(z1, z2);
    1145. 

  1145.     u += sp_2048_sub_in_place_32(z1, z0);
    1146. 

  1146.     u += sp_2048_add_32(r + 16, r + 16, z1);
    1147. 

  1147.     r[48] = u;
    1148. 

  1148.     XMEMSET(r + 48 + 1, 0, sizeof(sp_digit) * (16 - 1));
    1149. 

  1149.     (void)sp_2048_add_32(r + 32, r + 32, z2);
    1150. 

  1150. }
    1151. 

  1151. 

  1152. /* Sub b from a into r. (r = a - b)
    1153. 

  1153.  *
    1154. 

  1154.  * r  A single precision integer.
    1155. 

  1155.  * a  A single precision integer.
    1156. 

  1156.  * b  A single precision integer.
    1157. 

  1157.  */
    1158. 

  1158. SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
    1159. 

  1159.         const sp_digit* b)
    1160. 

  1160. {
    1161. 

  1161.     sp_digit c = 0;
    1162. 

  1162. 

  1163.     __asm__ __volatile__ (
    1164. 

  1164.         "ldr	r3, [%[a], #0]\n\t"
    1165. 

  1165.         "ldr	r4, [%[a], #4]\n\t"
    1166. 

  1166.         "ldr	r5, [%[b], #0]\n\t"
    1167. 

  1167.         "ldr	r6, [%[b], #4]\n\t"
    1168. 

  1168.         "sub	r3, r5\n\t"
    1169. 

  1169.         "sbc	r4, r6\n\t"
    1170. 

  1170.         "str	r3, [%[a], #0]\n\t"
    1171. 

  1171.         "str	r4, [%[a], #4]\n\t"
    1172. 

  1172.         "ldr	r3, [%[a], #8]\n\t"
    1173. 

  1173.         "ldr	r4, [%[a], #12]\n\t"
    1174. 

  1174.         "ldr	r5, [%[b], #8]\n\t"
    1175. 

  1175.         "ldr	r6, [%[b], #12]\n\t"
    1176. 

  1176.         "sbc	r3, r5\n\t"
    1177. 

  1177.         "sbc	r4, r6\n\t"
    1178. 

  1178.         "str	r3, [%[a], #8]\n\t"
    1179. 

  1179.         "str	r4, [%[a], #12]\n\t"
    1180. 

  1180.         "ldr	r3, [%[a], #16]\n\t"
    1181. 

  1181.         "ldr	r4, [%[a], #20]\n\t"
    1182. 

  1182.         "ldr	r5, [%[b], #16]\n\t"
    1183. 

  1183.         "ldr	r6, [%[b], #20]\n\t"
    1184. 

  1184.         "sbc	r3, r5\n\t"
    1185. 

  1185.         "sbc	r4, r6\n\t"
    1186. 

  1186.         "str	r3, [%[a], #16]\n\t"
    1187. 

  1187.         "str	r4, [%[a], #20]\n\t"
    1188. 

  1188.         "ldr	r3, [%[a], #24]\n\t"
    1189. 

  1189.         "ldr	r4, [%[a], #28]\n\t"
    1190. 

  1190.         "ldr	r5, [%[b], #24]\n\t"
    1191. 

  1191.         "ldr	r6, [%[b], #28]\n\t"
    1192. 

  1192.         "sbc	r3, r5\n\t"
    1193. 

  1193.         "sbc	r4, r6\n\t"
    1194. 

  1194.         "str	r3, [%[a], #24]\n\t"
    1195. 

  1195.         "str	r4, [%[a], #28]\n\t"
    1196. 

  1196.         "ldr	r3, [%[a], #32]\n\t"
    1197. 

  1197.         "ldr	r4, [%[a], #36]\n\t"
    1198. 

  1198.         "ldr	r5, [%[b], #32]\n\t"
    1199. 

  1199.         "ldr	r6, [%[b], #36]\n\t"
    1200. 

  1200.         "sbc	r3, r5\n\t"
    1201. 

  1201.         "sbc	r4, r6\n\t"
    1202. 

  1202.         "str	r3, [%[a], #32]\n\t"
    1203. 

  1203.         "str	r4, [%[a], #36]\n\t"
    1204. 

  1204.         "ldr	r3, [%[a], #40]\n\t"
    1205. 

  1205.         "ldr	r4, [%[a], #44]\n\t"
    1206. 

  1206.         "ldr	r5, [%[b], #40]\n\t"
    1207. 

  1207.         "ldr	r6, [%[b], #44]\n\t"
    1208. 

  1208.         "sbc	r3, r5\n\t"
    1209. 

  1209.         "sbc	r4, r6\n\t"
    1210. 

  1210.         "str	r3, [%[a], #40]\n\t"
    1211. 

  1211.         "str	r4, [%[a], #44]\n\t"
    1212. 

  1212.         "ldr	r3, [%[a], #48]\n\t"
    1213. 

  1213.         "ldr	r4, [%[a], #52]\n\t"
    1214. 

  1214.         "ldr	r5, [%[b], #48]\n\t"
    1215. 

  1215.         "ldr	r6, [%[b], #52]\n\t"
    1216. 

  1216.         "sbc	r3, r5\n\t"
    1217. 

  1217.         "sbc	r4, r6\n\t"
    1218. 

  1218.         "str	r3, [%[a], #48]\n\t"
    1219. 

  1219.         "str	r4, [%[a], #52]\n\t"
    1220. 

  1220.         "ldr	r3, [%[a], #56]\n\t"
    1221. 

  1221.         "ldr	r4, [%[a], #60]\n\t"
    1222. 

  1222.         "ldr	r5, [%[b], #56]\n\t"
    1223. 

  1223.         "ldr	r6, [%[b], #60]\n\t"
    1224. 

  1224.         "sbc	r3, r5\n\t"
    1225. 

  1225.         "sbc	r4, r6\n\t"
    1226. 

  1226.         "str	r3, [%[a], #56]\n\t"
    1227. 

  1227.         "str	r4, [%[a], #60]\n\t"
    1228. 

  1228.         "ldr	r3, [%[a], #64]\n\t"
    1229. 

  1229.         "ldr	r4, [%[a], #68]\n\t"
    1230. 

  1230.         "ldr	r5, [%[b], #64]\n\t"
    1231. 

  1231.         "ldr	r6, [%[b], #68]\n\t"
    1232. 

  1232.         "sbc	r3, r5\n\t"
    1233. 

  1233.         "sbc	r4, r6\n\t"
    1234. 

  1234.         "str	r3, [%[a], #64]\n\t"
    1235. 

  1235.         "str	r4, [%[a], #68]\n\t"
    1236. 

  1236.         "ldr	r3, [%[a], #72]\n\t"
    1237. 

  1237.         "ldr	r4, [%[a], #76]\n\t"
    1238. 

  1238.         "ldr	r5, [%[b], #72]\n\t"
    1239. 

  1239.         "ldr	r6, [%[b], #76]\n\t"
    1240. 

  1240.         "sbc	r3, r5\n\t"
    1241. 

  1241.         "sbc	r4, r6\n\t"
    1242. 

  1242.         "str	r3, [%[a], #72]\n\t"
    1243. 

  1243.         "str	r4, [%[a], #76]\n\t"
    1244. 

  1244.         "ldr	r3, [%[a], #80]\n\t"
    1245. 

  1245.         "ldr	r4, [%[a], #84]\n\t"
    1246. 

  1246.         "ldr	r5, [%[b], #80]\n\t"
    1247. 

  1247.         "ldr	r6, [%[b], #84]\n\t"
    1248. 

  1248.         "sbc	r3, r5\n\t"
    1249. 

  1249.         "sbc	r4, r6\n\t"
    1250. 

  1250.         "str	r3, [%[a], #80]\n\t"
    1251. 

  1251.         "str	r4, [%[a], #84]\n\t"
    1252. 

  1252.         "ldr	r3, [%[a], #88]\n\t"
    1253. 

  1253.         "ldr	r4, [%[a], #92]\n\t"
    1254. 

  1254.         "ldr	r5, [%[b], #88]\n\t"
    1255. 

  1255.         "ldr	r6, [%[b], #92]\n\t"
    1256. 

  1256.         "sbc	r3, r5\n\t"
    1257. 

  1257.         "sbc	r4, r6\n\t"
    1258. 

  1258.         "str	r3, [%[a], #88]\n\t"
    1259. 

  1259.         "str	r4, [%[a], #92]\n\t"
    1260. 

  1260.         "ldr	r3, [%[a], #96]\n\t"
    1261. 

  1261.         "ldr	r4, [%[a], #100]\n\t"
    1262. 

  1262.         "ldr	r5, [%[b], #96]\n\t"
    1263. 

  1263.         "ldr	r6, [%[b], #100]\n\t"
    1264. 

  1264.         "sbc	r3, r5\n\t"
    1265. 

  1265.         "sbc	r4, r6\n\t"
    1266. 

  1266.         "str	r3, [%[a], #96]\n\t"
    1267. 

  1267.         "str	r4, [%[a], #100]\n\t"
    1268. 

  1268.         "ldr	r3, [%[a], #104]\n\t"
    1269. 

  1269.         "ldr	r4, [%[a], #108]\n\t"
    1270. 

  1270.         "ldr	r5, [%[b], #104]\n\t"
    1271. 

  1271.         "ldr	r6, [%[b], #108]\n\t"
    1272. 

  1272.         "sbc	r3, r5\n\t"
    1273. 

  1273.         "sbc	r4, r6\n\t"
    1274. 

  1274.         "str	r3, [%[a], #104]\n\t"
    1275. 

  1275.         "str	r4, [%[a], #108]\n\t"
    1276. 

  1276.         "ldr	r3, [%[a], #112]\n\t"
    1277. 

  1277.         "ldr	r4, [%[a], #116]\n\t"
    1278. 

  1278.         "ldr	r5, [%[b], #112]\n\t"
    1279. 

  1279.         "ldr	r6, [%[b], #116]\n\t"
    1280. 

  1280.         "sbc	r3, r5\n\t"
    1281. 

  1281.         "sbc	r4, r6\n\t"
    1282. 

  1282.         "str	r3, [%[a], #112]\n\t"
    1283. 

  1283.         "str	r4, [%[a], #116]\n\t"
    1284. 

  1284.         "ldr	r3, [%[a], #120]\n\t"
    1285. 

  1285.         "ldr	r4, [%[a], #124]\n\t"
    1286. 

  1286.         "ldr	r5, [%[b], #120]\n\t"
    1287. 

  1287.         "ldr	r6, [%[b], #124]\n\t"
    1288. 

  1288.         "sbc	r3, r5\n\t"
    1289. 

  1289.         "sbc	r4, r6\n\t"
    1290. 

  1290.         "str	r3, [%[a], #120]\n\t"
    1291. 

  1291.         "str	r4, [%[a], #124]\n\t"
    1292. 

  1292.         "sbc	%[c], %[c]\n\t"
    1293. 

  1293.         "add	%[a], #0x80\n\t"
    1294. 

  1294.         "add	%[b], #0x80\n\t"
    1295. 

  1295.         "mov	r5, #0\n\t"
    1296. 

  1296.         "sub	r5, %[c]\n\t"
    1297. 

  1297.         "ldr	r3, [%[a], #0]\n\t"
    1298. 

  1298.         "ldr	r4, [%[a], #4]\n\t"
    1299. 

  1299.         "ldr	r5, [%[b], #0]\n\t"
    1300. 

  1300.         "ldr	r6, [%[b], #4]\n\t"
    1301. 

  1301.         "sbc	r3, r5\n\t"
    1302. 

  1302.         "sbc	r4, r6\n\t"
    1303. 

  1303.         "str	r3, [%[a], #0]\n\t"
    1304. 

  1304.         "str	r4, [%[a], #4]\n\t"
    1305. 

  1305.         "ldr	r3, [%[a], #8]\n\t"
    1306. 

  1306.         "ldr	r4, [%[a], #12]\n\t"
    1307. 

  1307.         "ldr	r5, [%[b], #8]\n\t"
    1308. 

  1308.         "ldr	r6, [%[b], #12]\n\t"
    1309. 

  1309.         "sbc	r3, r5\n\t"
    1310. 

  1310.         "sbc	r4, r6\n\t"
    1311. 

  1311.         "str	r3, [%[a], #8]\n\t"
    1312. 

  1312.         "str	r4, [%[a], #12]\n\t"
    1313. 

  1313.         "ldr	r3, [%[a], #16]\n\t"
    1314. 

  1314.         "ldr	r4, [%[a], #20]\n\t"
    1315. 

  1315.         "ldr	r5, [%[b], #16]\n\t"
    1316. 

  1316.         "ldr	r6, [%[b], #20]\n\t"
    1317. 

  1317.         "sbc	r3, r5\n\t"
    1318. 

  1318.         "sbc	r4, r6\n\t"
    1319. 

  1319.         "str	r3, [%[a], #16]\n\t"
    1320. 

  1320.         "str	r4, [%[a], #20]\n\t"
    1321. 

  1321.         "ldr	r3, [%[a], #24]\n\t"
    1322. 

  1322.         "ldr	r4, [%[a], #28]\n\t"
    1323. 

  1323.         "ldr	r5, [%[b], #24]\n\t"
    1324. 

  1324.         "ldr	r6, [%[b], #28]\n\t"
    1325. 

  1325.         "sbc	r3, r5\n\t"
    1326. 

  1326.         "sbc	r4, r6\n\t"
    1327. 

  1327.         "str	r3, [%[a], #24]\n\t"
    1328. 

  1328.         "str	r4, [%[a], #28]\n\t"
    1329. 

  1329.         "ldr	r3, [%[a], #32]\n\t"
    1330. 

  1330.         "ldr	r4, [%[a], #36]\n\t"
    1331. 

  1331.         "ldr	r5, [%[b], #32]\n\t"
    1332. 

  1332.         "ldr	r6, [%[b], #36]\n\t"
    1333. 

  1333.         "sbc	r3, r5\n\t"
    1334. 

  1334.         "sbc	r4, r6\n\t"
    1335. 

  1335.         "str	r3, [%[a], #32]\n\t"
    1336. 

  1336.         "str	r4, [%[a], #36]\n\t"
    1337. 

  1337.         "ldr	r3, [%[a], #40]\n\t"
    1338. 

  1338.         "ldr	r4, [%[a], #44]\n\t"
    1339. 

  1339.         "ldr	r5, [%[b], #40]\n\t"
    1340. 

  1340.         "ldr	r6, [%[b], #44]\n\t"
    1341. 

  1341.         "sbc	r3, r5\n\t"
    1342. 

  1342.         "sbc	r4, r6\n\t"
    1343. 

  1343.         "str	r3, [%[a], #40]\n\t"
    1344. 

  1344.         "str	r4, [%[a], #44]\n\t"
    1345. 

  1345.         "ldr	r3, [%[a], #48]\n\t"
    1346. 

  1346.         "ldr	r4, [%[a], #52]\n\t"
    1347. 

  1347.         "ldr	r5, [%[b], #48]\n\t"
    1348. 

  1348.         "ldr	r6, [%[b], #52]\n\t"
    1349. 

  1349.         "sbc	r3, r5\n\t"
    1350. 

  1350.         "sbc	r4, r6\n\t"
    1351. 

  1351.         "str	r3, [%[a], #48]\n\t"
    1352. 

  1352.         "str	r4, [%[a], #52]\n\t"
    1353. 

  1353.         "ldr	r3, [%[a], #56]\n\t"
    1354. 

  1354.         "ldr	r4, [%[a], #60]\n\t"
    1355. 

  1355.         "ldr	r5, [%[b], #56]\n\t"
    1356. 

  1356.         "ldr	r6, [%[b], #60]\n\t"
    1357. 

  1357.         "sbc	r3, r5\n\t"
    1358. 

  1358.         "sbc	r4, r6\n\t"
    1359. 

  1359.         "str	r3, [%[a], #56]\n\t"
    1360. 

  1360.         "str	r4, [%[a], #60]\n\t"
    1361. 

  1361.         "ldr	r3, [%[a], #64]\n\t"
    1362. 

  1362.         "ldr	r4, [%[a], #68]\n\t"
    1363. 

  1363.         "ldr	r5, [%[b], #64]\n\t"
    1364. 

  1364.         "ldr	r6, [%[b], #68]\n\t"
    1365. 

  1365.         "sbc	r3, r5\n\t"
    1366. 

  1366.         "sbc	r4, r6\n\t"
    1367. 

  1367.         "str	r3, [%[a], #64]\n\t"
    1368. 

  1368.         "str	r4, [%[a], #68]\n\t"
    1369. 

  1369.         "ldr	r3, [%[a], #72]\n\t"
    1370. 

  1370.         "ldr	r4, [%[a], #76]\n\t"
    1371. 

  1371.         "ldr	r5, [%[b], #72]\n\t"
    1372. 

  1372.         "ldr	r6, [%[b], #76]\n\t"
    1373. 

  1373.         "sbc	r3, r5\n\t"
    1374. 

  1374.         "sbc	r4, r6\n\t"
    1375. 

  1375.         "str	r3, [%[a], #72]\n\t"
    1376. 

  1376.         "str	r4, [%[a], #76]\n\t"
    1377. 

  1377.         "ldr	r3, [%[a], #80]\n\t"
    1378. 

  1378.         "ldr	r4, [%[a], #84]\n\t"
    1379. 

  1379.         "ldr	r5, [%[b], #80]\n\t"
    1380. 

  1380.         "ldr	r6, [%[b], #84]\n\t"
    1381. 

  1381.         "sbc	r3, r5\n\t"
    1382. 

  1382.         "sbc	r4, r6\n\t"
    1383. 

  1383.         "str	r3, [%[a], #80]\n\t"
    1384. 

  1384.         "str	r4, [%[a], #84]\n\t"
    1385. 

  1385.         "ldr	r3, [%[a], #88]\n\t"
    1386. 

  1386.         "ldr	r4, [%[a], #92]\n\t"
    1387. 

  1387.         "ldr	r5, [%[b], #88]\n\t"
    1388. 

  1388.         "ldr	r6, [%[b], #92]\n\t"
    1389. 

  1389.         "sbc	r3, r5\n\t"
    1390. 

  1390.         "sbc	r4, r6\n\t"
    1391. 

  1391.         "str	r3, [%[a], #88]\n\t"
    1392. 

  1392.         "str	r4, [%[a], #92]\n\t"
    1393. 

  1393.         "ldr	r3, [%[a], #96]\n\t"
    1394. 

  1394.         "ldr	r4, [%[a], #100]\n\t"
    1395. 

  1395.         "ldr	r5, [%[b], #96]\n\t"
    1396. 

  1396.         "ldr	r6, [%[b], #100]\n\t"
    1397. 

  1397.         "sbc	r3, r5\n\t"
    1398. 

  1398.         "sbc	r4, r6\n\t"
    1399. 

  1399.         "str	r3, [%[a], #96]\n\t"
    1400. 

  1400.         "str	r4, [%[a], #100]\n\t"
    1401. 

  1401.         "ldr	r3, [%[a], #104]\n\t"
    1402. 

  1402.         "ldr	r4, [%[a], #108]\n\t"
    1403. 

  1403.         "ldr	r5, [%[b], #104]\n\t"
    1404. 

  1404.         "ldr	r6, [%[b], #108]\n\t"
    1405. 

  1405.         "sbc	r3, r5\n\t"
    1406. 

  1406.         "sbc	r4, r6\n\t"
    1407. 

  1407.         "str	r3, [%[a], #104]\n\t"
    1408. 

  1408.         "str	r4, [%[a], #108]\n\t"
    1409. 

  1409.         "ldr	r3, [%[a], #112]\n\t"
    1410. 

  1410.         "ldr	r4, [%[a], #116]\n\t"
    1411. 

  1411.         "ldr	r5, [%[b], #112]\n\t"
    1412. 

  1412.         "ldr	r6, [%[b], #116]\n\t"
    1413. 

  1413.         "sbc	r3, r5\n\t"
    1414. 

  1414.         "sbc	r4, r6\n\t"
    1415. 

  1415.         "str	r3, [%[a], #112]\n\t"
    1416. 

  1416.         "str	r4, [%[a], #116]\n\t"
    1417. 

  1417.         "ldr	r3, [%[a], #120]\n\t"
    1418. 

  1418.         "ldr	r4, [%[a], #124]\n\t"
    1419. 

  1419.         "ldr	r5, [%[b], #120]\n\t"
    1420. 

  1420.         "ldr	r6, [%[b], #124]\n\t"
    1421. 

  1421.         "sbc	r3, r5\n\t"
    1422. 

  1422.         "sbc	r4, r6\n\t"
    1423. 

  1423.         "str	r3, [%[a], #120]\n\t"
    1424. 

  1424.         "str	r4, [%[a], #124]\n\t"
    1425. 

  1425.         "sbc	%[c], %[c]\n\t"
    1426. 

  1426.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    1427. 

  1427.         :
    1428. 

  1428.         : "memory", "r3", "r4", "r5", "r6"
    1429. 

  1429.     );
    1430. 

  1430. 

  1431.     return c;
    1432. 

  1432. }
    1433. 

  1433. 

  1434. /* Add b to a into r. (r = a + b)
    1435. 

  1435.  *
    1436. 

  1436.  * r  A single precision integer.
    1437. 

  1437.  * a  A single precision integer.
    1438. 

  1438.  * b  A single precision integer.
    1439. 

  1439.  */
    1440. 

  1440. SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
    1441. 

  1441.         const sp_digit* b)
    1442. 

  1442. {
    1443. 

  1443.     sp_digit c = 0;
    1444. 

  1444. 

  1445.     __asm__ __volatile__ (
    1446. 

  1446.         "mov	r7, #0\n\t"
    1447. 

  1447.         "mvn	r7, r7\n\t"
    1448. 

  1448.         "ldr	r4, [%[a], #0]\n\t"
    1449. 

  1449.         "ldr	r5, [%[b], #0]\n\t"
    1450. 

  1450.         "add	r4, r5\n\t"
    1451. 

  1451.         "str	r4, [%[r], #0]\n\t"
    1452. 

  1452.         "ldr	r4, [%[a], #4]\n\t"
    1453. 

  1453.         "ldr	r5, [%[b], #4]\n\t"
    1454. 

  1454.         "adc	r4, r5\n\t"
    1455. 

  1455.         "str	r4, [%[r], #4]\n\t"
    1456. 

  1456.         "ldr	r4, [%[a], #8]\n\t"
    1457. 

  1457.         "ldr	r5, [%[b], #8]\n\t"
    1458. 

  1458.         "adc	r4, r5\n\t"
    1459. 

  1459.         "str	r4, [%[r], #8]\n\t"
    1460. 

  1460.         "ldr	r4, [%[a], #12]\n\t"
    1461. 

  1461.         "ldr	r5, [%[b], #12]\n\t"
    1462. 

  1462.         "adc	r4, r5\n\t"
    1463. 

  1463.         "str	r4, [%[r], #12]\n\t"
    1464. 

  1464.         "ldr	r4, [%[a], #16]\n\t"
    1465. 

  1465.         "ldr	r5, [%[b], #16]\n\t"
    1466. 

  1466.         "adc	r4, r5\n\t"
    1467. 

  1467.         "str	r4, [%[r], #16]\n\t"
    1468. 

  1468.         "ldr	r4, [%[a], #20]\n\t"
    1469. 

  1469.         "ldr	r5, [%[b], #20]\n\t"
    1470. 

  1470.         "adc	r4, r5\n\t"
    1471. 

  1471.         "str	r4, [%[r], #20]\n\t"
    1472. 

  1472.         "ldr	r4, [%[a], #24]\n\t"
    1473. 

  1473.         "ldr	r5, [%[b], #24]\n\t"
    1474. 

  1474.         "adc	r4, r5\n\t"
    1475. 

  1475.         "str	r4, [%[r], #24]\n\t"
    1476. 

  1476.         "ldr	r4, [%[a], #28]\n\t"
    1477. 

  1477.         "ldr	r5, [%[b], #28]\n\t"
    1478. 

  1478.         "adc	r4, r5\n\t"
    1479. 

  1479.         "str	r4, [%[r], #28]\n\t"
    1480. 

  1480.         "ldr	r4, [%[a], #32]\n\t"
    1481. 

  1481.         "ldr	r5, [%[b], #32]\n\t"
    1482. 

  1482.         "adc	r4, r5\n\t"
    1483. 

  1483.         "str	r4, [%[r], #32]\n\t"
    1484. 

  1484.         "ldr	r4, [%[a], #36]\n\t"
    1485. 

  1485.         "ldr	r5, [%[b], #36]\n\t"
    1486. 

  1486.         "adc	r4, r5\n\t"
    1487. 

  1487.         "str	r4, [%[r], #36]\n\t"
    1488. 

  1488.         "ldr	r4, [%[a], #40]\n\t"
    1489. 

  1489.         "ldr	r5, [%[b], #40]\n\t"
    1490. 

  1490.         "adc	r4, r5\n\t"
    1491. 

  1491.         "str	r4, [%[r], #40]\n\t"
    1492. 

  1492.         "ldr	r4, [%[a], #44]\n\t"
    1493. 

  1493.         "ldr	r5, [%[b], #44]\n\t"
    1494. 

  1494.         "adc	r4, r5\n\t"
    1495. 

  1495.         "str	r4, [%[r], #44]\n\t"
    1496. 

  1496.         "ldr	r4, [%[a], #48]\n\t"
    1497. 

  1497.         "ldr	r5, [%[b], #48]\n\t"
    1498. 

  1498.         "adc	r4, r5\n\t"
    1499. 

  1499.         "str	r4, [%[r], #48]\n\t"
    1500. 

  1500.         "ldr	r4, [%[a], #52]\n\t"
    1501. 

  1501.         "ldr	r5, [%[b], #52]\n\t"
    1502. 

  1502.         "adc	r4, r5\n\t"
    1503. 

  1503.         "str	r4, [%[r], #52]\n\t"
    1504. 

  1504.         "ldr	r4, [%[a], #56]\n\t"
    1505. 

  1505.         "ldr	r5, [%[b], #56]\n\t"
    1506. 

  1506.         "adc	r4, r5\n\t"
    1507. 

  1507.         "str	r4, [%[r], #56]\n\t"
    1508. 

  1508.         "ldr	r4, [%[a], #60]\n\t"
    1509. 

  1509.         "ldr	r5, [%[b], #60]\n\t"
    1510. 

  1510.         "adc	r4, r5\n\t"
    1511. 

  1511.         "str	r4, [%[r], #60]\n\t"
    1512. 

  1512.         "ldr	r4, [%[a], #64]\n\t"
    1513. 

  1513.         "ldr	r5, [%[b], #64]\n\t"
    1514. 

  1514.         "adc	r4, r5\n\t"
    1515. 

  1515.         "str	r4, [%[r], #64]\n\t"
    1516. 

  1516.         "ldr	r4, [%[a], #68]\n\t"
    1517. 

  1517.         "ldr	r5, [%[b], #68]\n\t"
    1518. 

  1518.         "adc	r4, r5\n\t"
    1519. 

  1519.         "str	r4, [%[r], #68]\n\t"
    1520. 

  1520.         "ldr	r4, [%[a], #72]\n\t"
    1521. 

  1521.         "ldr	r5, [%[b], #72]\n\t"
    1522. 

  1522.         "adc	r4, r5\n\t"
    1523. 

  1523.         "str	r4, [%[r], #72]\n\t"
    1524. 

  1524.         "ldr	r4, [%[a], #76]\n\t"
    1525. 

  1525.         "ldr	r5, [%[b], #76]\n\t"
    1526. 

  1526.         "adc	r4, r5\n\t"
    1527. 

  1527.         "str	r4, [%[r], #76]\n\t"
    1528. 

  1528.         "ldr	r4, [%[a], #80]\n\t"
    1529. 

  1529.         "ldr	r5, [%[b], #80]\n\t"
    1530. 

  1530.         "adc	r4, r5\n\t"
    1531. 

  1531.         "str	r4, [%[r], #80]\n\t"
    1532. 

  1532.         "ldr	r4, [%[a], #84]\n\t"
    1533. 

  1533.         "ldr	r5, [%[b], #84]\n\t"
    1534. 

  1534.         "adc	r4, r5\n\t"
    1535. 

  1535.         "str	r4, [%[r], #84]\n\t"
    1536. 

  1536.         "ldr	r4, [%[a], #88]\n\t"
    1537. 

  1537.         "ldr	r5, [%[b], #88]\n\t"
    1538. 

  1538.         "adc	r4, r5\n\t"
    1539. 

  1539.         "str	r4, [%[r], #88]\n\t"
    1540. 

  1540.         "ldr	r4, [%[a], #92]\n\t"
    1541. 

  1541.         "ldr	r5, [%[b], #92]\n\t"
    1542. 

  1542.         "adc	r4, r5\n\t"
    1543. 

  1543.         "str	r4, [%[r], #92]\n\t"
    1544. 

  1544.         "ldr	r4, [%[a], #96]\n\t"
    1545. 

  1545.         "ldr	r5, [%[b], #96]\n\t"
    1546. 

  1546.         "adc	r4, r5\n\t"
    1547. 

  1547.         "str	r4, [%[r], #96]\n\t"
    1548. 

  1548.         "ldr	r4, [%[a], #100]\n\t"
    1549. 

  1549.         "ldr	r5, [%[b], #100]\n\t"
    1550. 

  1550.         "adc	r4, r5\n\t"
    1551. 

  1551.         "str	r4, [%[r], #100]\n\t"
    1552. 

  1552.         "ldr	r4, [%[a], #104]\n\t"
    1553. 

  1553.         "ldr	r5, [%[b], #104]\n\t"
    1554. 

  1554.         "adc	r4, r5\n\t"
    1555. 

  1555.         "str	r4, [%[r], #104]\n\t"
    1556. 

  1556.         "ldr	r4, [%[a], #108]\n\t"
    1557. 

  1557.         "ldr	r5, [%[b], #108]\n\t"
    1558. 

  1558.         "adc	r4, r5\n\t"
    1559. 

  1559.         "str	r4, [%[r], #108]\n\t"
    1560. 

  1560.         "ldr	r4, [%[a], #112]\n\t"
    1561. 

  1561.         "ldr	r5, [%[b], #112]\n\t"
    1562. 

  1562.         "adc	r4, r5\n\t"
    1563. 

  1563.         "str	r4, [%[r], #112]\n\t"
    1564. 

  1564.         "ldr	r4, [%[a], #116]\n\t"
    1565. 

  1565.         "ldr	r5, [%[b], #116]\n\t"
    1566. 

  1566.         "adc	r4, r5\n\t"
    1567. 

  1567.         "str	r4, [%[r], #116]\n\t"
    1568. 

  1568.         "ldr	r4, [%[a], #120]\n\t"
    1569. 

  1569.         "ldr	r5, [%[b], #120]\n\t"
    1570. 

  1570.         "adc	r4, r5\n\t"
    1571. 

  1571.         "str	r4, [%[r], #120]\n\t"
    1572. 

  1572.         "ldr	r4, [%[a], #124]\n\t"
    1573. 

  1573.         "ldr	r5, [%[b], #124]\n\t"
    1574. 

  1574.         "adc	r4, r5\n\t"
    1575. 

  1575.         "str	r4, [%[r], #124]\n\t"
    1576. 

  1576.         "mov	%[c], #0\n\t"
    1577. 

  1577.         "adc	%[c], %[c]\n\t"
    1578. 

  1578.         "add	%[a], #0x80\n\t"
    1579. 

  1579.         "add	%[b], #0x80\n\t"
    1580. 

  1580.         "add	%[r], #0x80\n\t"
    1581. 

  1581.         "add	%[c], r7\n\t"
    1582. 

  1582.         "ldr	r4, [%[a], #0]\n\t"
    1583. 

  1583.         "ldr	r5, [%[b], #0]\n\t"
    1584. 

  1584.         "adc	r4, r5\n\t"
    1585. 

  1585.         "str	r4, [%[r], #0]\n\t"
    1586. 

  1586.         "ldr	r4, [%[a], #4]\n\t"
    1587. 

  1587.         "ldr	r5, [%[b], #4]\n\t"
    1588. 

  1588.         "adc	r4, r5\n\t"
    1589. 

  1589.         "str	r4, [%[r], #4]\n\t"
    1590. 

  1590.         "ldr	r4, [%[a], #8]\n\t"
    1591. 

  1591.         "ldr	r5, [%[b], #8]\n\t"
    1592. 

  1592.         "adc	r4, r5\n\t"
    1593. 

  1593.         "str	r4, [%[r], #8]\n\t"
    1594. 

  1594.         "ldr	r4, [%[a], #12]\n\t"
    1595. 

  1595.         "ldr	r5, [%[b], #12]\n\t"
    1596. 

  1596.         "adc	r4, r5\n\t"
    1597. 

  1597.         "str	r4, [%[r], #12]\n\t"
    1598. 

  1598.         "ldr	r4, [%[a], #16]\n\t"
    1599. 

  1599.         "ldr	r5, [%[b], #16]\n\t"
    1600. 

  1600.         "adc	r4, r5\n\t"
    1601. 

  1601.         "str	r4, [%[r], #16]\n\t"
    1602. 

  1602.         "ldr	r4, [%[a], #20]\n\t"
    1603. 

  1603.         "ldr	r5, [%[b], #20]\n\t"
    1604. 

  1604.         "adc	r4, r5\n\t"
    1605. 

  1605.         "str	r4, [%[r], #20]\n\t"
    1606. 

  1606.         "ldr	r4, [%[a], #24]\n\t"
    1607. 

  1607.         "ldr	r5, [%[b], #24]\n\t"
    1608. 

  1608.         "adc	r4, r5\n\t"
    1609. 

  1609.         "str	r4, [%[r], #24]\n\t"
    1610. 

  1610.         "ldr	r4, [%[a], #28]\n\t"
    1611. 

  1611.         "ldr	r5, [%[b], #28]\n\t"
    1612. 

  1612.         "adc	r4, r5\n\t"
    1613. 

  1613.         "str	r4, [%[r], #28]\n\t"
    1614. 

  1614.         "ldr	r4, [%[a], #32]\n\t"
    1615. 

  1615.         "ldr	r5, [%[b], #32]\n\t"
    1616. 

  1616.         "adc	r4, r5\n\t"
    1617. 

  1617.         "str	r4, [%[r], #32]\n\t"
    1618. 

  1618.         "ldr	r4, [%[a], #36]\n\t"
    1619. 

  1619.         "ldr	r5, [%[b], #36]\n\t"
    1620. 

  1620.         "adc	r4, r5\n\t"
    1621. 

  1621.         "str	r4, [%[r], #36]\n\t"
    1622. 

  1622.         "ldr	r4, [%[a], #40]\n\t"
    1623. 

  1623.         "ldr	r5, [%[b], #40]\n\t"
    1624. 

  1624.         "adc	r4, r5\n\t"
    1625. 

  1625.         "str	r4, [%[r], #40]\n\t"
    1626. 

  1626.         "ldr	r4, [%[a], #44]\n\t"
    1627. 

  1627.         "ldr	r5, [%[b], #44]\n\t"
    1628. 

  1628.         "adc	r4, r5\n\t"
    1629. 

  1629.         "str	r4, [%[r], #44]\n\t"
    1630. 

  1630.         "ldr	r4, [%[a], #48]\n\t"
    1631. 

  1631.         "ldr	r5, [%[b], #48]\n\t"
    1632. 

  1632.         "adc	r4, r5\n\t"
    1633. 

  1633.         "str	r4, [%[r], #48]\n\t"
    1634. 

  1634.         "ldr	r4, [%[a], #52]\n\t"
    1635. 

  1635.         "ldr	r5, [%[b], #52]\n\t"
    1636. 

  1636.         "adc	r4, r5\n\t"
    1637. 

  1637.         "str	r4, [%[r], #52]\n\t"
    1638. 

  1638.         "ldr	r4, [%[a], #56]\n\t"
    1639. 

  1639.         "ldr	r5, [%[b], #56]\n\t"
    1640. 

  1640.         "adc	r4, r5\n\t"
    1641. 

  1641.         "str	r4, [%[r], #56]\n\t"
    1642. 

  1642.         "ldr	r4, [%[a], #60]\n\t"
    1643. 

  1643.         "ldr	r5, [%[b], #60]\n\t"
    1644. 

  1644.         "adc	r4, r5\n\t"
    1645. 

  1645.         "str	r4, [%[r], #60]\n\t"
    1646. 

  1646.         "ldr	r4, [%[a], #64]\n\t"
    1647. 

  1647.         "ldr	r5, [%[b], #64]\n\t"
    1648. 

  1648.         "adc	r4, r5\n\t"
    1649. 

  1649.         "str	r4, [%[r], #64]\n\t"
    1650. 

  1650.         "ldr	r4, [%[a], #68]\n\t"
    1651. 

  1651.         "ldr	r5, [%[b], #68]\n\t"
    1652. 

  1652.         "adc	r4, r5\n\t"
    1653. 

  1653.         "str	r4, [%[r], #68]\n\t"
    1654. 

  1654.         "ldr	r4, [%[a], #72]\n\t"
    1655. 

  1655.         "ldr	r5, [%[b], #72]\n\t"
    1656. 

  1656.         "adc	r4, r5\n\t"
    1657. 

  1657.         "str	r4, [%[r], #72]\n\t"
    1658. 

  1658.         "ldr	r4, [%[a], #76]\n\t"
    1659. 

  1659.         "ldr	r5, [%[b], #76]\n\t"
    1660. 

  1660.         "adc	r4, r5\n\t"
    1661. 

  1661.         "str	r4, [%[r], #76]\n\t"
    1662. 

  1662.         "ldr	r4, [%[a], #80]\n\t"
    1663. 

  1663.         "ldr	r5, [%[b], #80]\n\t"
    1664. 

  1664.         "adc	r4, r5\n\t"
    1665. 

  1665.         "str	r4, [%[r], #80]\n\t"
    1666. 

  1666.         "ldr	r4, [%[a], #84]\n\t"
    1667. 

  1667.         "ldr	r5, [%[b], #84]\n\t"
    1668. 

  1668.         "adc	r4, r5\n\t"
    1669. 

  1669.         "str	r4, [%[r], #84]\n\t"
    1670. 

  1670.         "ldr	r4, [%[a], #88]\n\t"
    1671. 

  1671.         "ldr	r5, [%[b], #88]\n\t"
    1672. 

  1672.         "adc	r4, r5\n\t"
    1673. 

  1673.         "str	r4, [%[r], #88]\n\t"
    1674. 

  1674.         "ldr	r4, [%[a], #92]\n\t"
    1675. 

  1675.         "ldr	r5, [%[b], #92]\n\t"
    1676. 

  1676.         "adc	r4, r5\n\t"
    1677. 

  1677.         "str	r4, [%[r], #92]\n\t"
    1678. 

  1678.         "ldr	r4, [%[a], #96]\n\t"
    1679. 

  1679.         "ldr	r5, [%[b], #96]\n\t"
    1680. 

  1680.         "adc	r4, r5\n\t"
    1681. 

  1681.         "str	r4, [%[r], #96]\n\t"
    1682. 

  1682.         "ldr	r4, [%[a], #100]\n\t"
    1683. 

  1683.         "ldr	r5, [%[b], #100]\n\t"
    1684. 

  1684.         "adc	r4, r5\n\t"
    1685. 

  1685.         "str	r4, [%[r], #100]\n\t"
    1686. 

  1686.         "ldr	r4, [%[a], #104]\n\t"
    1687. 

  1687.         "ldr	r5, [%[b], #104]\n\t"
    1688. 

  1688.         "adc	r4, r5\n\t"
    1689. 

  1689.         "str	r4, [%[r], #104]\n\t"
    1690. 

  1690.         "ldr	r4, [%[a], #108]\n\t"
    1691. 

  1691.         "ldr	r5, [%[b], #108]\n\t"
    1692. 

  1692.         "adc	r4, r5\n\t"
    1693. 

  1693.         "str	r4, [%[r], #108]\n\t"
    1694. 

  1694.         "ldr	r4, [%[a], #112]\n\t"
    1695. 

  1695.         "ldr	r5, [%[b], #112]\n\t"
    1696. 

  1696.         "adc	r4, r5\n\t"
    1697. 

  1697.         "str	r4, [%[r], #112]\n\t"
    1698. 

  1698.         "ldr	r4, [%[a], #116]\n\t"
    1699. 

  1699.         "ldr	r5, [%[b], #116]\n\t"
    1700. 

  1700.         "adc	r4, r5\n\t"
    1701. 

  1701.         "str	r4, [%[r], #116]\n\t"
    1702. 

  1702.         "ldr	r4, [%[a], #120]\n\t"
    1703. 

  1703.         "ldr	r5, [%[b], #120]\n\t"
    1704. 

  1704.         "adc	r4, r5\n\t"
    1705. 

  1705.         "str	r4, [%[r], #120]\n\t"
    1706. 

  1706.         "ldr	r4, [%[a], #124]\n\t"
    1707. 

  1707.         "ldr	r5, [%[b], #124]\n\t"
    1708. 

  1708.         "adc	r4, r5\n\t"
    1709. 

  1709.         "str	r4, [%[r], #124]\n\t"
    1710. 

  1710.         "mov	%[c], #0\n\t"
    1711. 

  1711.         "adc	%[c], %[c]\n\t"
    1712. 

  1712.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    1713. 

  1713.         :
    1714. 

  1714.         : "memory", "r4", "r5", "r7"
    1715. 

  1715.     );
    1716. 

  1716. 

  1717.     return c;
    1718. 

  1718. }
    1719. 

  1719. 

  1720. /* AND m into each word of a and store in r.
    1721. 

  1721.  *
    1722. 

  1722.  * r  A single precision integer.
    1723. 

  1723.  * a  A single precision integer.
    1724. 

  1724.  * m  Mask to AND against each digit.
    1725. 

  1725.  */
    1726. 

  1726. static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m)
    1727. 

  1727. {
    1728. 

  1728. #ifdef WOLFSSL_SP_SMALL
    1729. 

  1729.     int i;
    1730. 

  1730. 

  1731.     for (i=0; i<32; i++) {
    1732. 

  1732.         r[i] = a[i] & m;
    1733. 

  1733.     }
    1734. 

  1734. #else
    1735. 

  1735.     int i;
    1736. 

  1736. 

  1737.     for (i = 0; i < 32; i += 8) {
    1738. 

  1738.         r[i+0] = a[i+0] & m;
    1739. 

  1739.         r[i+1] = a[i+1] & m;
    1740. 

  1740.         r[i+2] = a[i+2] & m;
    1741. 

  1741.         r[i+3] = a[i+3] & m;
    1742. 

  1742.         r[i+4] = a[i+4] & m;
    1743. 

  1743.         r[i+5] = a[i+5] & m;
    1744. 

  1744.         r[i+6] = a[i+6] & m;
    1745. 

  1745.         r[i+7] = a[i+7] & m;
    1746. 

  1746.     }
    1747. 

  1747. #endif
    1748. 

  1748. }
    1749. 

  1749. 

  1750. /* Multiply a and b into r. (r = a * b)
    1751. 

  1751.  *
    1752. 

  1752.  * r  A single precision integer.
    1753. 

  1753.  * a  A single precision integer.
    1754. 

  1754.  * b  A single precision integer.
    1755. 

  1755.  */
    1756. 

  1756. SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a,
    1757. 

  1757.         const sp_digit* b)
    1758. 

  1758. {
    1759. 

  1759.     sp_digit* z0 = r;
    1760. 

  1760.     sp_digit z1[64];
    1761. 

  1761.     sp_digit a1[32];
    1762. 

  1762.     sp_digit b1[32];
    1763. 

  1763.     sp_digit z2[64];
    1764. 

  1764.     sp_digit u, ca, cb;
    1765. 

  1765. 

  1766.     ca = sp_2048_add_32(a1, a, &a[32]);
    1767. 

  1767.     cb = sp_2048_add_32(b1, b, &b[32]);
    1768. 

  1768.     u  = ca & cb;
    1769. 

  1769.     sp_2048_mul_32(z1, a1, b1);
    1770. 

  1770.     sp_2048_mul_32(z2, &a[32], &b[32]);
    1771. 

  1771.     sp_2048_mul_32(z0, a, b);
    1772. 

  1772.     sp_2048_mask_32(r + 64, a1, 0 - cb);
    1773. 

  1773.     sp_2048_mask_32(b1, b1, 0 - ca);
    1774. 

  1774.     u += sp_2048_add_32(r + 64, r + 64, b1);
    1775. 

  1775.     u += sp_2048_sub_in_place_64(z1, z2);
    1776. 

  1776.     u += sp_2048_sub_in_place_64(z1, z0);
    1777. 

  1777.     u += sp_2048_add_64(r + 32, r + 32, z1);
    1778. 

  1778.     r[96] = u;
    1779. 

  1779.     XMEMSET(r + 96 + 1, 0, sizeof(sp_digit) * (32 - 1));
    1780. 

  1780.     (void)sp_2048_add_64(r + 64, r + 64, z2);
    1781. 

  1781. }
    1782. 

  1782. 

  1783. /* Square a and put result in r. (r = a * a)
    1784. 

  1784.  *
    1785. 

  1785.  * r  A single precision integer.
    1786. 

  1786.  * a  A single precision integer.
    1787. 

  1787.  */
    1788. 

  1788. SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
    1789. 

  1789. {
    1790. 

  1790.     sp_digit* z0 = r;
    1791. 

  1791.     sp_digit z2[64];
    1792. 

  1792.     sp_digit z1[64];
    1793. 

  1793.     sp_digit a1[32];
    1794. 

  1794.     sp_digit u;
    1795. 

  1795. 

  1796.     u = sp_2048_add_32(a1, a, &a[32]);
    1797. 

  1797.     sp_2048_sqr_32(z1, a1);
    1798. 

  1798.     sp_2048_sqr_32(z2, &a[32]);
    1799. 

  1799.     sp_2048_sqr_32(z0, a);
    1800. 

  1800.     sp_2048_mask_32(r + 64, a1, 0 - u);
    1801. 

  1801.     u += sp_2048_add_32(r + 64, r + 64, r + 64);
    1802. 

  1802.     u += sp_2048_sub_in_place_64(z1, z2);
    1803. 

  1803.     u += sp_2048_sub_in_place_64(z1, z0);
    1804. 

  1804.     u += sp_2048_add_64(r + 32, r + 32, z1);
    1805. 

  1805.     r[96] = u;
    1806. 

  1806.     XMEMSET(r + 96 + 1, 0, sizeof(sp_digit) * (32 - 1));
    1807. 

  1807.     (void)sp_2048_add_64(r + 64, r + 64, z2);
    1808. 

  1808. }
    1809. 

  1809. 

  1810. #endif /* !WOLFSSL_SP_SMALL */
    1811. 

  1811. #ifdef WOLFSSL_SP_SMALL
    1812. 

  1812. /* Add b to a into r. (r = a + b)
    1813. 

  1813.  *
    1814. 

  1814.  * r  A single precision integer.
    1815. 

  1815.  * a  A single precision integer.
    1816. 

  1816.  * b  A single precision integer.
    1817. 

  1817.  */
    1818. 

  1818. SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a,
    1819. 

  1819.         const sp_digit* b)
    1820. 

  1820. {
    1821. 

  1821.     sp_digit c = 0;
    1822. 

  1822. 

  1823.     __asm__ __volatile__ (
    1824. 

  1824.         "mov	r6, %[a]\n\t"
    1825. 

  1825.         "mov	r7, #0\n\t"
    1826. 

  1826.         "mov	r4, #1\n\t"
    1827. 

  1827.         "lsl	r4, #8\n\t"
    1828. 

  1828.         "sub	r7, #1\n\t"
    1829. 

  1829.         "add	r6, r4\n\t"
    1830. 

  1830.         "\n1:\n\t"
    1831. 

  1831.         "add	%[c], r7\n\t"
    1832. 

  1832.         "ldr	r4, [%[a]]\n\t"
    1833. 

  1833.         "ldr	r5, [%[b]]\n\t"
    1834. 

  1834.         "adc	r4, r5\n\t"
    1835. 

  1835.         "str	r4, [%[r]]\n\t"
    1836. 

  1836.         "mov	%[c], #0\n\t"
    1837. 

  1837.         "adc	%[c], %[c]\n\t"
    1838. 

  1838.         "add	%[a], #4\n\t"
    1839. 

  1839.         "add	%[b], #4\n\t"
    1840. 

  1840.         "add	%[r], #4\n\t"
    1841. 

  1841.         "cmp	%[a], r6\n\t"
    1842. 

  1842.         "bne	1b\n\t"
    1843. 

  1843.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    1844. 

  1844.         :
    1845. 

  1845.         : "memory", "r4", "r5", "r6", "r7"
    1846. 

  1846.     );
    1847. 

  1847. 

  1848.     return c;
    1849. 

  1849. }
    1850. 

  1850. 

  1851. #endif /* WOLFSSL_SP_SMALL */
    1852. 

  1852. #ifdef WOLFSSL_SP_SMALL
    1853. 

  1853. /* Sub b from a into a. (a -= b)
    1854. 

  1854.  *
    1855. 

  1855.  * a  A single precision integer.
    1856. 

  1856.  * b  A single precision integer.
    1857. 

  1857.  */
    1858. 

  1858. SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a,
    1859. 

  1859.         const sp_digit* b)
    1860. 

  1860. {
    1861. 

  1861.     sp_digit c = 0;
    1862. 

  1862.     __asm__ __volatile__ (
    1863. 

  1863.         "mov	r7, %[a]\n\t"
    1864. 

  1864.         "mov	r5, #1\n\t"
    1865. 

  1865.         "lsl	r5, #8\n\t"
    1866. 

  1866.         "add	r7, r5\n\t"
    1867. 

  1867.         "\n1:\n\t"
    1868. 

  1868.         "mov	r5, #0\n\t"
    1869. 

  1869.         "sub	r5, %[c]\n\t"
    1870. 

  1870.         "ldr	r3, [%[a]]\n\t"
    1871. 

  1871.         "ldr	r4, [%[a], #4]\n\t"
    1872. 

  1872.         "ldr	r5, [%[b]]\n\t"
    1873. 

  1873.         "ldr	r6, [%[b], #4]\n\t"
    1874. 

  1874.         "sbc	r3, r5\n\t"
    1875. 

  1875.         "sbc	r4, r6\n\t"
    1876. 

  1876.         "str	r3, [%[a]]\n\t"
    1877. 

  1877.         "str	r4, [%[a], #4]\n\t"
    1878. 

  1878.         "sbc	%[c], %[c]\n\t"
    1879. 

  1879.         "add	%[a], #8\n\t"
    1880. 

  1880.         "add	%[b], #8\n\t"
    1881. 

  1881.         "cmp	%[a], r7\n\t"
    1882. 

  1882.         "bne	1b\n\t"
    1883. 

  1883.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    1884. 

  1884.         :
    1885. 

  1885.         : "memory", "r3", "r4", "r5", "r6", "r7"
    1886. 

  1886.     );
    1887. 

  1887. 

  1888.     return c;
    1889. 

  1889. }
    1890. 

  1890. 

  1891. #endif /* WOLFSSL_SP_SMALL */
    1892. 

  1892. #ifdef WOLFSSL_SP_SMALL
    1893. 

  1893. /* Multiply a and b into r. (r = a * b)
    1894. 

  1894.  *
    1895. 

  1895.  * r  A single precision integer.
    1896. 

  1896.  * a  A single precision integer.
    1897. 

  1897.  * b  A single precision integer.
    1898. 

  1898.  */
    1899. 

  1899. SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a,
    1900. 

  1900.         const sp_digit* b)
    1901. 

  1901. {
    1902. 

  1902.     sp_digit tmp[64 * 2];
    1903. 

  1903.     __asm__ __volatile__ (
    1904. 

  1904.         "mov	r3, #0\n\t"
    1905. 

  1905.         "mov	r4, #0\n\t"
    1906. 

  1906.         "mov	r8, r3\n\t"
    1907. 

  1907.         "mov	r11, %[r]\n\t"
    1908. 

  1908.         "mov	r9, %[a]\n\t"
    1909. 

  1909.         "mov	r10, %[b]\n\t"
    1910. 

  1910.         "mov	r6, #1\n\t"
    1911. 

  1911.         "lsl	r6, r6, #8\n\t"
    1912. 

  1912.         "add	r6, r9\n\t"
    1913. 

  1913.         "mov	r12, r6\n\t"
    1914. 

  1914.         "\n1:\n\t"
    1915. 

  1915.         "mov	%[r], #0\n\t"
    1916. 

  1916.         "mov	r5, #0\n\t"
    1917. 

  1917.         "mov	r6, #252\n\t"
    1918. 

  1918.         "mov	%[a], r8\n\t"
    1919. 

  1919.         "sub	%[a], r6\n\t"
    1920. 

  1920.         "sbc	r6, r6\n\t"
    1921. 

  1921.         "mvn	r6, r6\n\t"
    1922. 

  1922.         "and	%[a], r6\n\t"
    1923. 

  1923.         "mov	%[b], r8\n\t"
    1924. 

  1924.         "sub	%[b], %[a]\n\t"
    1925. 

  1925.         "add	%[a], r9\n\t"
    1926. 

  1926.         "add	%[b], r10\n\t"
    1927. 

  1927.         "\n2:\n\t"
    1928. 

  1928.         "# Multiply Start\n\t"
    1929. 

  1929.         "ldr	r6, [%[a]]\n\t"
    1930. 

  1930.         "ldr	r7, [%[b]]\n\t"
    1931. 

  1931.         "lsl	r6, r6, #16\n\t"
    1932. 

  1932.         "lsl	r7, r7, #16\n\t"
    1933. 

  1933.         "lsr	r6, r6, #16\n\t"
    1934. 

  1934.         "lsr	r7, r7, #16\n\t"
    1935. 

  1935.         "mul	r7, r6\n\t"
    1936. 

  1936.         "add	r3, r7\n\t"
    1937. 

  1937.         "adc	r4, %[r]\n\t"
    1938. 

  1938.         "adc	r5, %[r]\n\t"
    1939. 

  1939.         "ldr	r7, [%[b]]\n\t"
    1940. 

  1940.         "lsr	r7, r7, #16\n\t"
    1941. 

  1941.         "mul	r6, r7\n\t"
    1942. 

  1942.         "lsr	r7, r6, #16\n\t"
    1943. 

  1943.         "lsl	r6, r6, #16\n\t"
    1944. 

  1944.         "add	r3, r6\n\t"
    1945. 

  1945.         "adc	r4, r7\n\t"
    1946. 

  1946.         "adc	r5, %[r]\n\t"
    1947. 

  1947.         "ldr	r6, [%[a]]\n\t"
    1948. 

  1948.         "ldr	r7, [%[b]]\n\t"
    1949. 

  1949.         "lsr	r6, r6, #16\n\t"
    1950. 

  1950.         "lsr	r7, r7, #16\n\t"
    1951. 

  1951.         "mul	r7, r6\n\t"
    1952. 

  1952.         "add	r4, r7\n\t"
    1953. 

  1953.         "adc	r5, %[r]\n\t"
    1954. 

  1954.         "ldr	r7, [%[b]]\n\t"
    1955. 

  1955.         "lsl	r7, r7, #16\n\t"
    1956. 

  1956.         "lsr	r7, r7, #16\n\t"
    1957. 

  1957.         "mul	r6, r7\n\t"
    1958. 

  1958.         "lsr	r7, r6, #16\n\t"
    1959. 

  1959.         "lsl	r6, r6, #16\n\t"
    1960. 

  1960.         "add	r3, r6\n\t"
    1961. 

  1961.         "adc	r4, r7\n\t"
    1962. 

  1962.         "adc	r5, %[r]\n\t"
    1963. 

  1963.         "# Multiply Done\n\t"
    1964. 

  1964.         "add	%[a], #4\n\t"
    1965. 

  1965.         "sub	%[b], #4\n\t"
    1966. 

  1966.         "cmp	%[a], r12\n\t"
    1967. 

  1967.         "beq	3f\n\t"
    1968. 

  1968.         "mov	r6, r8\n\t"
    1969. 

  1969.         "add	r6, r9\n\t"
    1970. 

  1970.         "cmp	%[a], r6\n\t"
    1971. 

  1971.         "ble	2b\n\t"
    1972. 

  1972.         "\n3:\n\t"
    1973. 

  1973.         "mov	%[r], r11\n\t"
    1974. 

  1974.         "mov	r7, r8\n\t"
    1975. 

  1975.         "str	r3, [%[r], r7]\n\t"
    1976. 

  1976.         "mov	r3, r4\n\t"
    1977. 

  1977.         "mov	r4, r5\n\t"
    1978. 

  1978.         "add	r7, #4\n\t"
    1979. 

  1979.         "mov	r8, r7\n\t"
    1980. 

  1980.         "mov	r6, #1\n\t"
    1981. 

  1981.         "lsl	r6, r6, #8\n\t"
    1982. 

  1982.         "add	r6, #248\n\t"
    1983. 

  1983.         "cmp	r7, r6\n\t"
    1984. 

  1984.         "ble	1b\n\t"
    1985. 

  1985.         "str	r3, [%[r], r7]\n\t"
    1986. 

  1986.         "mov	%[a], r9\n\t"
    1987. 

  1987.         "mov	%[b], r10\n\t"
    1988. 

  1988.         :
    1989. 

  1989.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    1990. 

  1990.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    1991. 

  1991.     );
    1992. 

  1992. 

  1993.     XMEMCPY(r, tmp, sizeof(tmp));
    1994. 

  1994. }
    1995. 

  1995. 

  1996. /* Square a and put result in r. (r = a * a)
    1997. 

  1997.  *
    1998. 

  1998.  * r  A single precision integer.
    1999. 

  1999.  * a  A single precision integer.
    2000. 

  2000.  */
    2001. 

  2001. SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a)
    2002. 

  2002. {
    2003. 

  2003.     __asm__ __volatile__ (
    2004. 

  2004.         "mov	r3, #0\n\t"
    2005. 

  2005.         "mov	r4, #0\n\t"
    2006. 

  2006.         "mov	r5, #0\n\t"
    2007. 

  2007.         "mov	r8, r3\n\t"
    2008. 

  2008.         "mov	r11, %[r]\n\t"
    2009. 

  2009.         "mov	r6, #2\n\t"
    2010. 

  2010.         "lsl	r6, r6, #8\n\t"
    2011. 

  2011.         "neg	r6, r6\n\t"
    2012. 

  2012.         "add	sp, r6\n\t"
    2013. 

  2013.         "mov	r10, sp\n\t"
    2014. 

  2014.         "mov	r9, %[a]\n\t"
    2015. 

  2015.         "\n1:\n\t"
    2016. 

  2016.         "mov	%[r], #0\n\t"
    2017. 

  2017.         "mov	r6, #252\n\t"
    2018. 

  2018.         "mov	%[a], r8\n\t"
    2019. 

  2019.         "sub	%[a], r6\n\t"
    2020. 

  2020.         "sbc	r6, r6\n\t"
    2021. 

  2021.         "mvn	r6, r6\n\t"
    2022. 

  2022.         "and	%[a], r6\n\t"
    2023. 

  2023.         "mov	r2, r8\n\t"
    2024. 

  2024.         "sub	r2, %[a]\n\t"
    2025. 

  2025.         "add	%[a], r9\n\t"
    2026. 

  2026.         "add	r2, r9\n\t"
    2027. 

  2027.         "\n2:\n\t"
    2028. 

  2028.         "cmp	r2, %[a]\n\t"
    2029. 

  2029.         "beq	4f\n\t"
    2030. 

  2030.         "# Multiply * 2: Start\n\t"
    2031. 

  2031.         "ldr	r6, [%[a]]\n\t"
    2032. 

  2032.         "ldr	r7, [r2]\n\t"
    2033. 

  2033.         "lsl	r6, r6, #16\n\t"
    2034. 

  2034.         "lsl	r7, r7, #16\n\t"
    2035. 

  2035.         "lsr	r6, r6, #16\n\t"
    2036. 

  2036.         "lsr	r7, r7, #16\n\t"
    2037. 

  2037.         "mul	r7, r6\n\t"
    2038. 

  2038.         "add	r3, r7\n\t"
    2039. 

  2039.         "adc	r4, %[r]\n\t"
    2040. 

  2040.         "adc	r5, %[r]\n\t"
    2041. 

  2041.         "add	r3, r7\n\t"
    2042. 

  2042.         "adc	r4, %[r]\n\t"
    2043. 

  2043.         "adc	r5, %[r]\n\t"
    2044. 

  2044.         "ldr	r7, [r2]\n\t"
    2045. 

  2045.         "lsr	r7, r7, #16\n\t"
    2046. 

  2046.         "mul	r6, r7\n\t"
    2047. 

  2047.         "lsr	r7, r6, #16\n\t"
    2048. 

  2048.         "lsl	r6, r6, #16\n\t"
    2049. 

  2049.         "add	r3, r6\n\t"
    2050. 

  2050.         "adc	r4, r7\n\t"
    2051. 

  2051.         "adc	r5, %[r]\n\t"
    2052. 

  2052.         "add	r3, r6\n\t"
    2053. 

  2053.         "adc	r4, r7\n\t"
    2054. 

  2054.         "adc	r5, %[r]\n\t"
    2055. 

  2055.         "ldr	r6, [%[a]]\n\t"
    2056. 

  2056.         "ldr	r7, [r2]\n\t"
    2057. 

  2057.         "lsr	r6, r6, #16\n\t"
    2058. 

  2058.         "lsr	r7, r7, #16\n\t"
    2059. 

  2059.         "mul	r7, r6\n\t"
    2060. 

  2060.         "add	r4, r7\n\t"
    2061. 

  2061.         "adc	r5, %[r]\n\t"
    2062. 

  2062.         "add	r4, r7\n\t"
    2063. 

  2063.         "adc	r5, %[r]\n\t"
    2064. 

  2064.         "ldr	r7, [r2]\n\t"
    2065. 

  2065.         "lsl	r7, r7, #16\n\t"
    2066. 

  2066.         "lsr	r7, r7, #16\n\t"
    2067. 

  2067.         "mul	r6, r7\n\t"
    2068. 

  2068.         "lsr	r7, r6, #16\n\t"
    2069. 

  2069.         "lsl	r6, r6, #16\n\t"
    2070. 

  2070.         "add	r3, r6\n\t"
    2071. 

  2071.         "adc	r4, r7\n\t"
    2072. 

  2072.         "adc	r5, %[r]\n\t"
    2073. 

  2073.         "add	r3, r6\n\t"
    2074. 

  2074.         "adc	r4, r7\n\t"
    2075. 

  2075.         "adc	r5, %[r]\n\t"
    2076. 

  2076.         "# Multiply * 2: Done\n\t"
    2077. 

  2077.         "bal	5f\n\t"
    2078. 

  2078.         "\n4:\n\t"
    2079. 

  2079.         "# Square: Start\n\t"
    2080. 

  2080.         "ldr	r6, [%[a]]\n\t"
    2081. 

  2081.         "lsr	r7, r6, #16\n\t"
    2082. 

  2082.         "lsl	r6, r6, #16\n\t"
    2083. 

  2083.         "lsr	r6, r6, #16\n\t"
    2084. 

  2084.         "mul	r6, r6\n\t"
    2085. 

  2085.         "add	r3, r6\n\t"
    2086. 

  2086.         "adc	r4, %[r]\n\t"
    2087. 

  2087.         "adc	r5, %[r]\n\t"
    2088. 

  2088.         "mul	r7, r7\n\t"
    2089. 

  2089.         "add	r4, r7\n\t"
    2090. 

  2090.         "adc	r5, %[r]\n\t"
    2091. 

  2091.         "ldr	r6, [%[a]]\n\t"
    2092. 

  2092.         "lsr	r7, r6, #16\n\t"
    2093. 

  2093.         "lsl	r6, r6, #16\n\t"
    2094. 

  2094.         "lsr	r6, r6, #16\n\t"
    2095. 

  2095.         "mul	r6, r7\n\t"
    2096. 

  2096.         "lsr	r7, r6, #15\n\t"
    2097. 

  2097.         "lsl	r6, r6, #17\n\t"
    2098. 

  2098.         "add	r3, r6\n\t"
    2099. 

  2099.         "adc	r4, r7\n\t"
    2100. 

  2100.         "adc	r5, %[r]\n\t"
    2101. 

  2101.         "# Square: Done\n\t"
    2102. 

  2102.         "\n5:\n\t"
    2103. 

  2103.         "add	%[a], #4\n\t"
    2104. 

  2104.         "sub	r2, #4\n\t"
    2105. 

  2105.         "mov	r6, #1\n\t"
    2106. 

  2106.         "lsl	r6, r6, #8\n\t"
    2107. 

  2107.         "add	r6, r9\n\t"
    2108. 

  2108.         "cmp	%[a], r6\n\t"
    2109. 

  2109.         "beq	3f\n\t"
    2110. 

  2110.         "cmp	%[a], r2\n\t"
    2111. 

  2111.         "bgt	3f\n\t"
    2112. 

  2112.         "mov	r7, r8\n\t"
    2113. 

  2113.         "add	r7, r9\n\t"
    2114. 

  2114.         "cmp	%[a], r7\n\t"
    2115. 

  2115.         "ble	2b\n\t"
    2116. 

  2116.         "\n3:\n\t"
    2117. 

  2117.         "mov	%[r], r10\n\t"
    2118. 

  2118.         "mov	r7, r8\n\t"
    2119. 

  2119.         "str	r3, [%[r], r7]\n\t"
    2120. 

  2120.         "mov	r3, r4\n\t"
    2121. 

  2121.         "mov	r4, r5\n\t"
    2122. 

  2122.         "mov	r5, #0\n\t"
    2123. 

  2123.         "add	r7, #4\n\t"
    2124. 

  2124.         "mov	r8, r7\n\t"
    2125. 

  2125.         "mov	r6, #1\n\t"
    2126. 

  2126.         "lsl	r6, r6, #8\n\t"
    2127. 

  2127.         "add	r6, #248\n\t"
    2128. 

  2128.         "cmp	r7, r6\n\t"
    2129. 

  2129.         "ble	1b\n\t"
    2130. 

  2130.         "mov	%[a], r9\n\t"
    2131. 

  2131.         "str	r3, [%[r], r7]\n\t"
    2132. 

  2132.         "mov	%[r], r11\n\t"
    2133. 

  2133.         "mov	%[a], r10\n\t"
    2134. 

  2134.         "mov	r3, #1\n\t"
    2135. 

  2135.         "lsl	r3, r3, #8\n\t"
    2136. 

  2136.         "add	r3, #252\n\t"
    2137. 

  2137.         "\n4:\n\t"
    2138. 

  2138.         "ldr	r6, [%[a], r3]\n\t"
    2139. 

  2139.         "str	r6, [%[r], r3]\n\t"
    2140. 

  2140.         "sub	r3, #4\n\t"
    2141. 

  2141.         "bge	4b\n\t"
    2142. 

  2142.         "mov	r6, #2\n\t"
    2143. 

  2143.         "lsl	r6, r6, #8\n\t"
    2144. 

  2144.         "add	sp, r6\n\t"
    2145. 

  2145.         :
    2146. 

  2146.         : [r] "r" (r), [a] "r" (a)
    2147. 

  2147.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    2148. 

  2148.     );
    2149. 

  2149. }
    2150. 

  2150. 

  2151. #endif /* WOLFSSL_SP_SMALL */
    2152. 

  2152. #if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
    2153. 

  2153. #ifdef WOLFSSL_SP_SMALL
    2154. 

  2154. /* AND m into each word of a and store in r.
    2155. 

  2155.  *
    2156. 

  2156.  * r  A single precision integer.
    2157. 

  2157.  * a  A single precision integer.
    2158. 

  2158.  * m  Mask to AND against each digit.
    2159. 

  2159.  */
    2160. 

  2160. static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m)
    2161. 

  2161. {
    2162. 

  2162.     int i;
    2163. 

  2163. 

  2164.     for (i=0; i<32; i++) {
    2165. 

  2165.         r[i] = a[i] & m;
    2166. 

  2166.     }
    2167. 

  2167. }
    2168. 

  2168. 

  2169. #endif /* WOLFSSL_SP_SMALL */
    2170. 

  2170. #ifdef WOLFSSL_SP_SMALL
    2171. 

  2171. /* Add b to a into r. (r = a + b)
    2172. 

  2172.  *
    2173. 

  2173.  * r  A single precision integer.
    2174. 

  2174.  * a  A single precision integer.
    2175. 

  2175.  * b  A single precision integer.
    2176. 

  2176.  */
    2177. 

  2177. SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a,
    2178. 

  2178.         const sp_digit* b)
    2179. 

  2179. {
    2180. 

  2180.     sp_digit c = 0;
    2181. 

  2181. 

  2182.     __asm__ __volatile__ (
    2183. 

  2183.         "mov	r6, %[a]\n\t"
    2184. 

  2184.         "mov	r7, #0\n\t"
    2185. 

  2185.         "add	r6, #128\n\t"
    2186. 

  2186.         "sub	r7, #1\n\t"
    2187. 

  2187.         "\n1:\n\t"
    2188. 

  2188.         "add	%[c], r7\n\t"
    2189. 

  2189.         "ldr	r4, [%[a]]\n\t"
    2190. 

  2190.         "ldr	r5, [%[b]]\n\t"
    2191. 

  2191.         "adc	r4, r5\n\t"
    2192. 

  2192.         "str	r4, [%[r]]\n\t"
    2193. 

  2193.         "mov	%[c], #0\n\t"
    2194. 

  2194.         "adc	%[c], %[c]\n\t"
    2195. 

  2195.         "add	%[a], #4\n\t"
    2196. 

  2196.         "add	%[b], #4\n\t"
    2197. 

  2197.         "add	%[r], #4\n\t"
    2198. 

  2198.         "cmp	%[a], r6\n\t"
    2199. 

  2199.         "bne	1b\n\t"
    2200. 

  2200.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    2201. 

  2201.         :
    2202. 

  2202.         : "memory", "r4", "r5", "r6", "r7"
    2203. 

  2203.     );
    2204. 

  2204. 

  2205.     return c;
    2206. 

  2206. }
    2207. 

  2207. 

  2208. #endif /* WOLFSSL_SP_SMALL */
    2209. 

  2209. #ifdef WOLFSSL_SP_SMALL
    2210. 

  2210. /* Sub b from a into a. (a -= b)
    2211. 

  2211.  *
    2212. 

  2212.  * a  A single precision integer.
    2213. 

  2213.  * b  A single precision integer.
    2214. 

  2214.  */
    2215. 

  2215. SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a,
    2216. 

  2216.         const sp_digit* b)
    2217. 

  2217. {
    2218. 

  2218.     sp_digit c = 0;
    2219. 

  2219.     __asm__ __volatile__ (
    2220. 

  2220.         "mov	r7, %[a]\n\t"
    2221. 

  2221.         "add	r7, #128\n\t"
    2222. 

  2222.         "\n1:\n\t"
    2223. 

  2223.         "mov	r5, #0\n\t"
    2224. 

  2224.         "sub	r5, %[c]\n\t"
    2225. 

  2225.         "ldr	r3, [%[a]]\n\t"
    2226. 

  2226.         "ldr	r4, [%[a], #4]\n\t"
    2227. 

  2227.         "ldr	r5, [%[b]]\n\t"
    2228. 

  2228.         "ldr	r6, [%[b], #4]\n\t"
    2229. 

  2229.         "sbc	r3, r5\n\t"
    2230. 

  2230.         "sbc	r4, r6\n\t"
    2231. 

  2231.         "str	r3, [%[a]]\n\t"
    2232. 

  2232.         "str	r4, [%[a], #4]\n\t"
    2233. 

  2233.         "sbc	%[c], %[c]\n\t"
    2234. 

  2234.         "add	%[a], #8\n\t"
    2235. 

  2235.         "add	%[b], #8\n\t"
    2236. 

  2236.         "cmp	%[a], r7\n\t"
    2237. 

  2237.         "bne	1b\n\t"
    2238. 

  2238.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    2239. 

  2239.         :
    2240. 

  2240.         : "memory", "r3", "r4", "r5", "r6", "r7"
    2241. 

  2241.     );
    2242. 

  2242. 

  2243.     return c;
    2244. 

  2244. }
    2245. 

  2245. 

  2246. #endif /* WOLFSSL_SP_SMALL */
    2247. 

  2247. #ifdef WOLFSSL_SP_SMALL
    2248. 

  2248. /* Multiply a and b into r. (r = a * b)
    2249. 

  2249.  *
    2250. 

  2250.  * r  A single precision integer.
    2251. 

  2251.  * a  A single precision integer.
    2252. 

  2252.  * b  A single precision integer.
    2253. 

  2253.  */
    2254. 

  2254. SP_NOINLINE static void sp_2048_mul_32(sp_digit* r, const sp_digit* a,
    2255. 

  2255.         const sp_digit* b)
    2256. 

  2256. {
    2257. 

  2257.     sp_digit tmp[32 * 2];
    2258. 

  2258.     __asm__ __volatile__ (
    2259. 

  2259.         "mov	r3, #0\n\t"
    2260. 

  2260.         "mov	r4, #0\n\t"
    2261. 

  2261.         "mov	r8, r3\n\t"
    2262. 

  2262.         "mov	r11, %[r]\n\t"
    2263. 

  2263.         "mov	r9, %[a]\n\t"
    2264. 

  2264.         "mov	r10, %[b]\n\t"
    2265. 

  2265.         "mov	r6, #128\n\t"
    2266. 

  2266.         "add	r6, r9\n\t"
    2267. 

  2267.         "mov	r12, r6\n\t"
    2268. 

  2268.         "\n1:\n\t"
    2269. 

  2269.         "mov	%[r], #0\n\t"
    2270. 

  2270.         "mov	r5, #0\n\t"
    2271. 

  2271.         "mov	r6, #124\n\t"
    2272. 

  2272.         "mov	%[a], r8\n\t"
    2273. 

  2273.         "sub	%[a], r6\n\t"
    2274. 

  2274.         "sbc	r6, r6\n\t"
    2275. 

  2275.         "mvn	r6, r6\n\t"
    2276. 

  2276.         "and	%[a], r6\n\t"
    2277. 

  2277.         "mov	%[b], r8\n\t"
    2278. 

  2278.         "sub	%[b], %[a]\n\t"
    2279. 

  2279.         "add	%[a], r9\n\t"
    2280. 

  2280.         "add	%[b], r10\n\t"
    2281. 

  2281.         "\n2:\n\t"
    2282. 

  2282.         "# Multiply Start\n\t"
    2283. 

  2283.         "ldr	r6, [%[a]]\n\t"
    2284. 

  2284.         "ldr	r7, [%[b]]\n\t"
    2285. 

  2285.         "lsl	r6, r6, #16\n\t"
    2286. 

  2286.         "lsl	r7, r7, #16\n\t"
    2287. 

  2287.         "lsr	r6, r6, #16\n\t"
    2288. 

  2288.         "lsr	r7, r7, #16\n\t"
    2289. 

  2289.         "mul	r7, r6\n\t"
    2290. 

  2290.         "add	r3, r7\n\t"
    2291. 

  2291.         "adc	r4, %[r]\n\t"
    2292. 

  2292.         "adc	r5, %[r]\n\t"
    2293. 

  2293.         "ldr	r7, [%[b]]\n\t"
    2294. 

  2294.         "lsr	r7, r7, #16\n\t"
    2295. 

  2295.         "mul	r6, r7\n\t"
    2296. 

  2296.         "lsr	r7, r6, #16\n\t"
    2297. 

  2297.         "lsl	r6, r6, #16\n\t"
    2298. 

  2298.         "add	r3, r6\n\t"
    2299. 

  2299.         "adc	r4, r7\n\t"
    2300. 

  2300.         "adc	r5, %[r]\n\t"
    2301. 

  2301.         "ldr	r6, [%[a]]\n\t"
    2302. 

  2302.         "ldr	r7, [%[b]]\n\t"
    2303. 

  2303.         "lsr	r6, r6, #16\n\t"
    2304. 

  2304.         "lsr	r7, r7, #16\n\t"
    2305. 

  2305.         "mul	r7, r6\n\t"
    2306. 

  2306.         "add	r4, r7\n\t"
    2307. 

  2307.         "adc	r5, %[r]\n\t"
    2308. 

  2308.         "ldr	r7, [%[b]]\n\t"
    2309. 

  2309.         "lsl	r7, r7, #16\n\t"
    2310. 

  2310.         "lsr	r7, r7, #16\n\t"
    2311. 

  2311.         "mul	r6, r7\n\t"
    2312. 

  2312.         "lsr	r7, r6, #16\n\t"
    2313. 

  2313.         "lsl	r6, r6, #16\n\t"
    2314. 

  2314.         "add	r3, r6\n\t"
    2315. 

  2315.         "adc	r4, r7\n\t"
    2316. 

  2316.         "adc	r5, %[r]\n\t"
    2317. 

  2317.         "# Multiply Done\n\t"
    2318. 

  2318.         "add	%[a], #4\n\t"
    2319. 

  2319.         "sub	%[b], #4\n\t"
    2320. 

  2320.         "cmp	%[a], r12\n\t"
    2321. 

  2321.         "beq	3f\n\t"
    2322. 

  2322.         "mov	r6, r8\n\t"
    2323. 

  2323.         "add	r6, r9\n\t"
    2324. 

  2324.         "cmp	%[a], r6\n\t"
    2325. 

  2325.         "ble	2b\n\t"
    2326. 

  2326.         "\n3:\n\t"
    2327. 

  2327.         "mov	%[r], r11\n\t"
    2328. 

  2328.         "mov	r7, r8\n\t"
    2329. 

  2329.         "str	r3, [%[r], r7]\n\t"
    2330. 

  2330.         "mov	r3, r4\n\t"
    2331. 

  2331.         "mov	r4, r5\n\t"
    2332. 

  2332.         "add	r7, #4\n\t"
    2333. 

  2333.         "mov	r8, r7\n\t"
    2334. 

  2334.         "mov	r6, #248\n\t"
    2335. 

  2335.         "cmp	r7, r6\n\t"
    2336. 

  2336.         "ble	1b\n\t"
    2337. 

  2337.         "str	r3, [%[r], r7]\n\t"
    2338. 

  2338.         "mov	%[a], r9\n\t"
    2339. 

  2339.         "mov	%[b], r10\n\t"
    2340. 

  2340.         :
    2341. 

  2341.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    2342. 

  2342.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    2343. 

  2343.     );
    2344. 

  2344. 

  2345.     XMEMCPY(r, tmp, sizeof(tmp));
    2346. 

  2346. }
    2347. 

  2347. 

  2348. /* Square a and put result in r. (r = a * a)
    2349. 

  2349.  *
    2350. 

  2350.  * r  A single precision integer.
    2351. 

  2351.  * a  A single precision integer.
    2352. 

  2352.  */
    2353. 

  2353. SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a)
    2354. 

  2354. {
    2355. 

  2355.     __asm__ __volatile__ (
    2356. 

  2356.         "mov	r3, #0\n\t"
    2357. 

  2357.         "mov	r4, #0\n\t"
    2358. 

  2358.         "mov	r5, #0\n\t"
    2359. 

  2359.         "mov	r8, r3\n\t"
    2360. 

  2360.         "mov	r11, %[r]\n\t"
    2361. 

  2361.         "mov	r6, #1\n\t"
    2362. 

  2362.         "lsl	r6, r6, #8\n\t"
    2363. 

  2363.         "neg	r6, r6\n\t"
    2364. 

  2364.         "add	sp, r6\n\t"
    2365. 

  2365.         "mov	r10, sp\n\t"
    2366. 

  2366.         "mov	r9, %[a]\n\t"
    2367. 

  2367.         "\n1:\n\t"
    2368. 

  2368.         "mov	%[r], #0\n\t"
    2369. 

  2369.         "mov	r6, #124\n\t"
    2370. 

  2370.         "mov	%[a], r8\n\t"
    2371. 

  2371.         "sub	%[a], r6\n\t"
    2372. 

  2372.         "sbc	r6, r6\n\t"
    2373. 

  2373.         "mvn	r6, r6\n\t"
    2374. 

  2374.         "and	%[a], r6\n\t"
    2375. 

  2375.         "mov	r2, r8\n\t"
    2376. 

  2376.         "sub	r2, %[a]\n\t"
    2377. 

  2377.         "add	%[a], r9\n\t"
    2378. 

  2378.         "add	r2, r9\n\t"
    2379. 

  2379.         "\n2:\n\t"
    2380. 

  2380.         "cmp	r2, %[a]\n\t"
    2381. 

  2381.         "beq	4f\n\t"
    2382. 

  2382.         "# Multiply * 2: Start\n\t"
    2383. 

  2383.         "ldr	r6, [%[a]]\n\t"
    2384. 

  2384.         "ldr	r7, [r2]\n\t"
    2385. 

  2385.         "lsl	r6, r6, #16\n\t"
    2386. 

  2386.         "lsl	r7, r7, #16\n\t"
    2387. 

  2387.         "lsr	r6, r6, #16\n\t"
    2388. 

  2388.         "lsr	r7, r7, #16\n\t"
    2389. 

  2389.         "mul	r7, r6\n\t"
    2390. 

  2390.         "add	r3, r7\n\t"
    2391. 

  2391.         "adc	r4, %[r]\n\t"
    2392. 

  2392.         "adc	r5, %[r]\n\t"
    2393. 

  2393.         "add	r3, r7\n\t"
    2394. 

  2394.         "adc	r4, %[r]\n\t"
    2395. 

  2395.         "adc	r5, %[r]\n\t"
    2396. 

  2396.         "ldr	r7, [r2]\n\t"
    2397. 

  2397.         "lsr	r7, r7, #16\n\t"
    2398. 

  2398.         "mul	r6, r7\n\t"
    2399. 

  2399.         "lsr	r7, r6, #16\n\t"
    2400. 

  2400.         "lsl	r6, r6, #16\n\t"
    2401. 

  2401.         "add	r3, r6\n\t"
    2402. 

  2402.         "adc	r4, r7\n\t"
    2403. 

  2403.         "adc	r5, %[r]\n\t"
    2404. 

  2404.         "add	r3, r6\n\t"
    2405. 

  2405.         "adc	r4, r7\n\t"
    2406. 

  2406.         "adc	r5, %[r]\n\t"
    2407. 

  2407.         "ldr	r6, [%[a]]\n\t"
    2408. 

  2408.         "ldr	r7, [r2]\n\t"
    2409. 

  2409.         "lsr	r6, r6, #16\n\t"
    2410. 

  2410.         "lsr	r7, r7, #16\n\t"
    2411. 

  2411.         "mul	r7, r6\n\t"
    2412. 

  2412.         "add	r4, r7\n\t"
    2413. 

  2413.         "adc	r5, %[r]\n\t"
    2414. 

  2414.         "add	r4, r7\n\t"
    2415. 

  2415.         "adc	r5, %[r]\n\t"
    2416. 

  2416.         "ldr	r7, [r2]\n\t"
    2417. 

  2417.         "lsl	r7, r7, #16\n\t"
    2418. 

  2418.         "lsr	r7, r7, #16\n\t"
    2419. 

  2419.         "mul	r6, r7\n\t"
    2420. 

  2420.         "lsr	r7, r6, #16\n\t"
    2421. 

  2421.         "lsl	r6, r6, #16\n\t"
    2422. 

  2422.         "add	r3, r6\n\t"
    2423. 

  2423.         "adc	r4, r7\n\t"
    2424. 

  2424.         "adc	r5, %[r]\n\t"
    2425. 

  2425.         "add	r3, r6\n\t"
    2426. 

  2426.         "adc	r4, r7\n\t"
    2427. 

  2427.         "adc	r5, %[r]\n\t"
    2428. 

  2428.         "# Multiply * 2: Done\n\t"
    2429. 

  2429.         "bal	5f\n\t"
    2430. 

  2430.         "\n4:\n\t"
    2431. 

  2431.         "# Square: Start\n\t"
    2432. 

  2432.         "ldr	r6, [%[a]]\n\t"
    2433. 

  2433.         "lsr	r7, r6, #16\n\t"
    2434. 

  2434.         "lsl	r6, r6, #16\n\t"
    2435. 

  2435.         "lsr	r6, r6, #16\n\t"
    2436. 

  2436.         "mul	r6, r6\n\t"
    2437. 

  2437.         "add	r3, r6\n\t"
    2438. 

  2438.         "adc	r4, %[r]\n\t"
    2439. 

  2439.         "adc	r5, %[r]\n\t"
    2440. 

  2440.         "mul	r7, r7\n\t"
    2441. 

  2441.         "add	r4, r7\n\t"
    2442. 

  2442.         "adc	r5, %[r]\n\t"
    2443. 

  2443.         "ldr	r6, [%[a]]\n\t"
    2444. 

  2444.         "lsr	r7, r6, #16\n\t"
    2445. 

  2445.         "lsl	r6, r6, #16\n\t"
    2446. 

  2446.         "lsr	r6, r6, #16\n\t"
    2447. 

  2447.         "mul	r6, r7\n\t"
    2448. 

  2448.         "lsr	r7, r6, #15\n\t"
    2449. 

  2449.         "lsl	r6, r6, #17\n\t"
    2450. 

  2450.         "add	r3, r6\n\t"
    2451. 

  2451.         "adc	r4, r7\n\t"
    2452. 

  2452.         "adc	r5, %[r]\n\t"
    2453. 

  2453.         "# Square: Done\n\t"
    2454. 

  2454.         "\n5:\n\t"
    2455. 

  2455.         "add	%[a], #4\n\t"
    2456. 

  2456.         "sub	r2, #4\n\t"
    2457. 

  2457.         "mov	r6, #128\n\t"
    2458. 

  2458.         "add	r6, r9\n\t"
    2459. 

  2459.         "cmp	%[a], r6\n\t"
    2460. 

  2460.         "beq	3f\n\t"
    2461. 

  2461.         "cmp	%[a], r2\n\t"
    2462. 

  2462.         "bgt	3f\n\t"
    2463. 

  2463.         "mov	r7, r8\n\t"
    2464. 

  2464.         "add	r7, r9\n\t"
    2465. 

  2465.         "cmp	%[a], r7\n\t"
    2466. 

  2466.         "ble	2b\n\t"
    2467. 

  2467.         "\n3:\n\t"
    2468. 

  2468.         "mov	%[r], r10\n\t"
    2469. 

  2469.         "mov	r7, r8\n\t"
    2470. 

  2470.         "str	r3, [%[r], r7]\n\t"
    2471. 

  2471.         "mov	r3, r4\n\t"
    2472. 

  2472.         "mov	r4, r5\n\t"
    2473. 

  2473.         "mov	r5, #0\n\t"
    2474. 

  2474.         "add	r7, #4\n\t"
    2475. 

  2475.         "mov	r8, r7\n\t"
    2476. 

  2476.         "mov	r6, #248\n\t"
    2477. 

  2477.         "cmp	r7, r6\n\t"
    2478. 

  2478.         "ble	1b\n\t"
    2479. 

  2479.         "mov	%[a], r9\n\t"
    2480. 

  2480.         "str	r3, [%[r], r7]\n\t"
    2481. 

  2481.         "mov	%[r], r11\n\t"
    2482. 

  2482.         "mov	%[a], r10\n\t"
    2483. 

  2483.         "mov	r3, #252\n\t"
    2484. 

  2484.         "\n4:\n\t"
    2485. 

  2485.         "ldr	r6, [%[a], r3]\n\t"
    2486. 

  2486.         "str	r6, [%[r], r3]\n\t"
    2487. 

  2487.         "sub	r3, #4\n\t"
    2488. 

  2488.         "bge	4b\n\t"
    2489. 

  2489.         "mov	r6, #1\n\t"
    2490. 

  2490.         "lsl	r6, r6, #8\n\t"
    2491. 

  2491.         "add	sp, r6\n\t"
    2492. 

  2492.         :
    2493. 

  2493.         : [r] "r" (r), [a] "r" (a)
    2494. 

  2494.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    2495. 

  2495.     );
    2496. 

  2496. }
    2497. 

  2497. 

  2498. #endif /* WOLFSSL_SP_SMALL */
    2499. 

  2499. #endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */
    2500. 

  2500. 

  2501. /* Caclulate the bottom digit of -1/a mod 2^n.
    2502. 

  2502.  *
    2503. 

  2503.  * a    A single precision number.
    2504. 

  2504.  * rho  Bottom word of inverse.
    2505. 

  2505.  */
    2506. 

  2506. static void sp_2048_mont_setup(const sp_digit* a, sp_digit* rho)
    2507. 

  2507. {
    2508. 

  2508.     sp_digit x, b;
    2509. 

  2509. 

  2510.     b = a[0];
    2511. 

  2511.     x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
    2512. 

  2512.     x *= 2 - b * x;               /* here x*a==1 mod 2**8 */
    2513. 

  2513.     x *= 2 - b * x;               /* here x*a==1 mod 2**16 */
    2514. 

  2514.     x *= 2 - b * x;               /* here x*a==1 mod 2**32 */
    2515. 

  2515. 

  2516.     /* rho = -1/m mod b */
    2517. 

  2517.     *rho = -x;
    2518. 

  2518. }
    2519. 

  2519. 

  2520. /* Mul a by digit b into r. (r = a * b)
    2521. 

  2521.  *
    2522. 

  2522.  * r  A single precision integer.
    2523. 

  2523.  * a  A single precision integer.
    2524. 

  2524.  * b  A single precision digit.
    2525. 

  2525.  */
    2526. 

  2526. SP_NOINLINE static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a,
    2527. 

  2527.         sp_digit b)
    2528. 

  2528. {
    2529. 

  2529.     __asm__ __volatile__ (
    2530. 

  2530.         "mov	r6, #1\n\t"
    2531. 

  2531.         "lsl	r6, r6, #8\n\t"
    2532. 

  2532.         "add	r6, %[a]\n\t"
    2533. 

  2533.         "mov	r8, %[r]\n\t"
    2534. 

  2534.         "mov	r9, r6\n\t"
    2535. 

  2535.         "mov	r3, #0\n\t"
    2536. 

  2536.         "mov	r4, #0\n\t"
    2537. 

  2537.         "1:\n\t"
    2538. 

  2538.         "mov	%[r], #0\n\t"
    2539. 

  2539.         "mov	r5, #0\n\t"
    2540. 

  2540.         "# A[] * B\n\t"
    2541. 

  2541.         "ldr	r6, [%[a]]\n\t"
    2542. 

  2542.         "lsl	r6, r6, #16\n\t"
    2543. 

  2543.         "lsl	r7, %[b], #16\n\t"
    2544. 

  2544.         "lsr	r6, r6, #16\n\t"
    2545. 

  2545.         "lsr	r7, r7, #16\n\t"
    2546. 

  2546.         "mul	r7, r6\n\t"
    2547. 

  2547.         "add	r3, r7\n\t"
    2548. 

  2548.         "adc	r4, %[r]\n\t"
    2549. 

  2549.         "adc	r5, %[r]\n\t"
    2550. 

  2550.         "lsr	r7, %[b], #16\n\t"
    2551. 

  2551.         "mul	r6, r7\n\t"
    2552. 

  2552.         "lsr	r7, r6, #16\n\t"
    2553. 

  2553.         "lsl	r6, r6, #16\n\t"
    2554. 

  2554.         "add	r3, r6\n\t"
    2555. 

  2555.         "adc	r4, r7\n\t"
    2556. 

  2556.         "adc	r5, %[r]\n\t"
    2557. 

  2557.         "ldr	r6, [%[a]]\n\t"
    2558. 

  2558.         "lsr	r6, r6, #16\n\t"
    2559. 

  2559.         "lsr	r7, %[b], #16\n\t"
    2560. 

  2560.         "mul	r7, r6\n\t"
    2561. 

  2561.         "add	r4, r7\n\t"
    2562. 

  2562.         "adc	r5, %[r]\n\t"
    2563. 

  2563.         "lsl	r7, %[b], #16\n\t"
    2564. 

  2564.         "lsr	r7, r7, #16\n\t"
    2565. 

  2565.         "mul	r6, r7\n\t"
    2566. 

  2566.         "lsr	r7, r6, #16\n\t"
    2567. 

  2567.         "lsl	r6, r6, #16\n\t"
    2568. 

  2568.         "add	r3, r6\n\t"
    2569. 

  2569.         "adc	r4, r7\n\t"
    2570. 

  2570.         "adc	r5, %[r]\n\t"
    2571. 

  2571.         "# A[] * B - Done\n\t"
    2572. 

  2572.         "mov	%[r], r8\n\t"
    2573. 

  2573.         "str	r3, [%[r]]\n\t"
    2574. 

  2574.         "mov	r3, r4\n\t"
    2575. 

  2575.         "mov	r4, r5\n\t"
    2576. 

  2576.         "add	%[r], #4\n\t"
    2577. 

  2577.         "add	%[a], #4\n\t"
    2578. 

  2578.         "mov	r8, %[r]\n\t"
    2579. 

  2579.         "cmp	%[a], r9\n\t"
    2580. 

  2580.         "blt	1b\n\t"
    2581. 

  2581.         "str	r3, [%[r]]\n\t"
    2582. 

  2582.         : [r] "+r" (r), [a] "+r" (a)
    2583. 

  2583.         : [b] "r" (b)
    2584. 

  2584.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
    2585. 

  2585.     );
    2586. 

  2586. }
    2587. 

  2587. 

  2588. #if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
    2589. 

  2589. /* r = 2^n mod m where n is the number of bits to reduce by.
    2590. 

  2590.  * Given m must be 2048 bits, just need to subtract.
    2591. 

  2591.  *
    2592. 

  2592.  * r  A single precision number.
    2593. 

  2593.  * m  A single precision number.
    2594. 

  2594.  */
    2595. 

  2595. static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m)
    2596. 

  2596. {
    2597. 

  2597.     XMEMSET(r, 0, sizeof(sp_digit) * 32);
    2598. 

  2598. 

  2599.     /* r = 2^n mod m */
    2600. 

  2600.     sp_2048_sub_in_place_32(r, m);
    2601. 

  2601. }
    2602. 

  2602. 

  2603. /* Conditionally subtract b from a using the mask m.
    2604. 

  2604.  * m is -1 to subtract and 0 when not copying.
    2605. 

  2605.  *
    2606. 

  2606.  * r  A single precision number representing condition subtract result.
    2607. 

  2607.  * a  A single precision number to subtract from.
    2608. 

  2608.  * b  A single precision number to subtract.
    2609. 

  2609.  * m  Mask value to apply.
    2610. 

  2610.  */
    2611. 

  2611. SP_NOINLINE static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a,
    2612. 

  2612.         const sp_digit* b, sp_digit m)
    2613. 

  2613. {
    2614. 

  2614.     sp_digit c = 0;
    2615. 

  2615. 

  2616.     __asm__ __volatile__ (
    2617. 

  2617.         "mov	r5, #128\n\t"
    2618. 

  2618.         "mov	r8, r5\n\t"
    2619. 

  2619.         "mov	r7, #0\n\t"
    2620. 

  2620.         "1:\n\t"
    2621. 

  2621.         "ldr	r6, [%[b], r7]\n\t"
    2622. 

  2622.         "and	r6, %[m]\n\t"
    2623. 

  2623.         "mov	r5, #0\n\t"
    2624. 

  2624.         "sub	r5, %[c]\n\t"
    2625. 

  2625.         "ldr	r5, [%[a], r7]\n\t"
    2626. 

  2626.         "sbc	r5, r6\n\t"
    2627. 

  2627.         "sbc	%[c], %[c]\n\t"
    2628. 

  2628.         "str	r5, [%[r], r7]\n\t"
    2629. 

  2629.         "add	r7, #4\n\t"
    2630. 

  2630.         "cmp	r7, r8\n\t"
    2631. 

  2631.         "blt	1b\n\t"
    2632. 

  2632.         : [c] "+r" (c)
    2633. 

  2633.         : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
    2634. 

  2634.         : "memory", "r5", "r6", "r7", "r8"
    2635. 

  2635.     );
    2636. 

  2636. 

  2637.     return c;
    2638. 

  2638. }
    2639. 

  2639. 

  2640. /* Reduce the number back to 2048 bits using Montgomery reduction.
    2641. 

  2641.  *
    2642. 

  2642.  * a   A single precision number to reduce in place.
    2643. 

  2643.  * m   The single precision number representing the modulus.
    2644. 

  2644.  * mp  The digit representing the negative inverse of m mod 2^n.
    2645. 

  2645.  */
    2646. 

  2646. SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m,
    2647. 

  2647.         sp_digit mp)
    2648. 

  2648. {
    2649. 

  2649.     sp_digit ca = 0;
    2650. 

  2650. 

  2651.     __asm__ __volatile__ (
    2652. 

  2652.         "mov	r8, %[mp]\n\t"
    2653. 

  2653.         "mov	r12, %[ca]\n\t"
    2654. 

  2654.         "mov	r14, %[m]\n\t"
    2655. 

  2655.         "mov	r9, %[a]\n\t"
    2656. 

  2656.         "mov	r4, #0\n\t"
    2657. 

  2657.         "# i = 0\n\t"
    2658. 

  2658.         "mov	r11, r4\n\t"
    2659. 

  2659.         "\n1:\n\t"
    2660. 

  2660.         "mov	r5, #0\n\t"
    2661. 

  2661.         "mov	%[ca], #0\n\t"
    2662. 

  2662.         "# mu = a[i] * mp\n\t"
    2663. 

  2663.         "mov	%[mp], r8\n\t"
    2664. 

  2664.         "ldr	%[a], [%[a]]\n\t"
    2665. 

  2665.         "mul	%[mp], %[a]\n\t"
    2666. 

  2666.         "mov	%[m], r14\n\t"
    2667. 

  2667.         "mov	r10, r9\n\t"
    2668. 

  2668.         "\n2:\n\t"
    2669. 

  2669.         "# a[i+j] += m[j] * mu\n\t"
    2670. 

  2670.         "mov	%[a], r10\n\t"
    2671. 

  2671.         "ldr	%[a], [%[a]]\n\t"
    2672. 

  2672.         "mov	%[ca], #0\n\t"
    2673. 

  2673.         "mov	r4, r5\n\t"
    2674. 

  2674.         "mov	r5, #0\n\t"
    2675. 

  2675.         "# Multiply m[j] and mu - Start\n\t"
    2676. 

  2676.         "ldr	r7, [%[m]]\n\t"
    2677. 

  2677.         "lsl	r6, %[mp], #16\n\t"
    2678. 

  2678.         "lsl	r7, r7, #16\n\t"
    2679. 

  2679.         "lsr	r6, r6, #16\n\t"
    2680. 

  2680.         "lsr	r7, r7, #16\n\t"
    2681. 

  2681.         "mul	r7, r6\n\t"
    2682. 

  2682.         "add	%[a], r7\n\t"
    2683. 

  2683.         "adc	r5, %[ca]\n\t"
    2684. 

  2684.         "ldr	r7, [%[m]]\n\t"
    2685. 

  2685.         "lsr	r7, r7, #16\n\t"
    2686. 

  2686.         "mul	r6, r7\n\t"
    2687. 

  2687.         "lsr	r7, r6, #16\n\t"
    2688. 

  2688.         "lsl	r6, r6, #16\n\t"
    2689. 

  2689.         "add	%[a], r6\n\t"
    2690. 

  2690.         "adc	r5, r7\n\t"
    2691. 

  2691.         "ldr	r7, [%[m]]\n\t"
    2692. 

  2692.         "lsr	r6, %[mp], #16\n\t"
    2693. 

  2693.         "lsr	r7, r7, #16\n\t"
    2694. 

  2694.         "mul	r7, r6\n\t"
    2695. 

  2695.         "add	r5, r7\n\t"
    2696. 

  2696.         "ldr	r7, [%[m]]\n\t"
    2697. 

  2697.         "lsl	r7, r7, #16\n\t"
    2698. 

  2698.         "lsr	r7, r7, #16\n\t"
    2699. 

  2699.         "mul	r6, r7\n\t"
    2700. 

  2700.         "lsr	r7, r6, #16\n\t"
    2701. 

  2701.         "lsl	r6, r6, #16\n\t"
    2702. 

  2702.         "add	%[a], r6\n\t"
    2703. 

  2703.         "adc	r5, r7\n\t"
    2704. 

  2704.         "# Multiply m[j] and mu - Done\n\t"
    2705. 

  2705.         "add	r4, %[a]\n\t"
    2706. 

  2706.         "adc	r5, %[ca]\n\t"
    2707. 

  2707.         "mov	%[a], r10\n\t"
    2708. 

  2708.         "str	r4, [%[a]]\n\t"
    2709. 

  2709.         "mov	r6, #4\n\t"
    2710. 

  2710.         "add	%[m], #4\n\t"
    2711. 

  2711.         "add	r10, r6\n\t"
    2712. 

  2712.         "mov	r4, #124\n\t"
    2713. 

  2713.         "add	r4, r9\n\t"
    2714. 

  2714.         "cmp	r10, r4\n\t"
    2715. 

  2715.         "blt	2b\n\t"
    2716. 

  2716.         "# a[i+31] += m[31] * mu\n\t"
    2717. 

  2717.         "mov	%[ca], #0\n\t"
    2718. 

  2718.         "mov	r4, r12\n\t"
    2719. 

  2719.         "mov	%[a], #0\n\t"
    2720. 

  2720.         "# Multiply m[31] and mu - Start\n\t"
    2721. 

  2721.         "ldr	r7, [%[m]]\n\t"
    2722. 

  2722.         "lsl	r6, %[mp], #16\n\t"
    2723. 

  2723.         "lsl	r7, r7, #16\n\t"
    2724. 

  2724.         "lsr	r6, r6, #16\n\t"
    2725. 

  2725.         "lsr	r7, r7, #16\n\t"
    2726. 

  2726.         "mul	r7, r6\n\t"
    2727. 

  2727.         "add	r5, r7\n\t"
    2728. 

  2728.         "adc	r4, %[ca]\n\t"
    2729. 

  2729.         "adc	%[a], %[ca]\n\t"
    2730. 

  2730.         "ldr	r7, [%[m]]\n\t"
    2731. 

  2731.         "lsr	r7, r7, #16\n\t"
    2732. 

  2732.         "mul	r6, r7\n\t"
    2733. 

  2733.         "lsr	r7, r6, #16\n\t"
    2734. 

  2734.         "lsl	r6, r6, #16\n\t"
    2735. 

  2735.         "add	r5, r6\n\t"
    2736. 

  2736.         "adc	r4, r7\n\t"
    2737. 

  2737.         "adc	%[a], %[ca]\n\t"
    2738. 

  2738.         "ldr	r7, [%[m]]\n\t"
    2739. 

  2739.         "lsr	r6, %[mp], #16\n\t"
    2740. 

  2740.         "lsr	r7, r7, #16\n\t"
    2741. 

  2741.         "mul	r7, r6\n\t"
    2742. 

  2742.         "add	r4, r7\n\t"
    2743. 

  2743.         "adc	%[a], %[ca]\n\t"
    2744. 

  2744.         "ldr	r7, [%[m]]\n\t"
    2745. 

  2745.         "lsl	r7, r7, #16\n\t"
    2746. 

  2746.         "lsr	r7, r7, #16\n\t"
    2747. 

  2747.         "mul	r6, r7\n\t"
    2748. 

  2748.         "lsr	r7, r6, #16\n\t"
    2749. 

  2749.         "lsl	r6, r6, #16\n\t"
    2750. 

  2750.         "add	r5, r6\n\t"
    2751. 

  2751.         "adc	r4, r7\n\t"
    2752. 

  2752.         "adc	%[a], %[ca]\n\t"
    2753. 

  2753.         "# Multiply m[31] and mu - Done\n\t"
    2754. 

  2754.         "mov	%[ca], %[a]\n\t"
    2755. 

  2755.         "mov	%[a], r10\n\t"
    2756. 

  2756.         "ldr	r7, [%[a], #4]\n\t"
    2757. 

  2757.         "ldr	%[a], [%[a]]\n\t"
    2758. 

  2758.         "mov	r6, #0\n\t"
    2759. 

  2759.         "add	r5, %[a]\n\t"
    2760. 

  2760.         "adc	r7, r4\n\t"
    2761. 

  2761.         "adc	%[ca], r6\n\t"
    2762. 

  2762.         "mov	%[a], r10\n\t"
    2763. 

  2763.         "str	r5, [%[a]]\n\t"
    2764. 

  2764.         "str	r7, [%[a], #4]\n\t"
    2765. 

  2765.         "# i += 1\n\t"
    2766. 

  2766.         "mov	r6, #4\n\t"
    2767. 

  2767.         "add	r9, r6\n\t"
    2768. 

  2768.         "add	r11, r6\n\t"
    2769. 

  2769.         "mov	r12, %[ca]\n\t"
    2770. 

  2770.         "mov	%[a], r9\n\t"
    2771. 

  2771.         "mov	r4, #128\n\t"
    2772. 

  2772.         "cmp	r11, r4\n\t"
    2773. 

  2773.         "blt	1b\n\t"
    2774. 

  2774.         "mov	%[m], r14\n\t"
    2775. 

  2775.         : [ca] "+r" (ca), [a] "+r" (a)
    2776. 

  2776.         : [m] "r" (m), [mp] "r" (mp)
    2777. 

  2777.         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    2778. 

  2778.     );
    2779. 

  2779. 

  2780.     sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - ca);
    2781. 

  2781. }
    2782. 

  2782. 

  2783. /* Multiply two Montogmery form numbers mod the modulus (prime).
    2784. 

  2784.  * (r = a * b mod m)
    2785. 

  2785.  *
    2786. 

  2786.  * r   Result of multiplication.
    2787. 

  2787.  * a   First number to multiply in Montogmery form.
    2788. 

  2788.  * b   Second number to multiply in Montogmery form.
    2789. 

  2789.  * m   Modulus (prime).
    2790. 

  2790.  * mp  Montogmery mulitplier.
    2791. 

  2791.  */
    2792. 

  2792. static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b,
    2793. 

  2793.         const sp_digit* m, sp_digit mp)
    2794. 

  2794. {
    2795. 

  2795.     sp_2048_mul_32(r, a, b);
    2796. 

  2796.     sp_2048_mont_reduce_32(r, m, mp);
    2797. 

  2797. }
    2798. 

  2798. 

  2799. /* Square the Montgomery form number. (r = a * a mod m)
    2800. 

  2800.  *
    2801. 

  2801.  * r   Result of squaring.
    2802. 

  2802.  * a   Number to square in Montogmery form.
    2803. 

  2803.  * m   Modulus (prime).
    2804. 

  2804.  * mp  Montogmery mulitplier.
    2805. 

  2805.  */
    2806. 

  2806. static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m,
    2807. 

  2807.         sp_digit mp)
    2808. 

  2808. {
    2809. 

  2809.     sp_2048_sqr_32(r, a);
    2810. 

  2810.     sp_2048_mont_reduce_32(r, m, mp);
    2811. 

  2811. }
    2812. 

  2812. 

  2813. /* Mul a by digit b into r. (r = a * b)
    2814. 

  2814.  *
    2815. 

  2815.  * r  A single precision integer.
    2816. 

  2816.  * a  A single precision integer.
    2817. 

  2817.  * b  A single precision digit.
    2818. 

  2818.  */
    2819. 

  2819. SP_NOINLINE static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a,
    2820. 

  2820.         sp_digit b)
    2821. 

  2821. {
    2822. 

  2822.     __asm__ __volatile__ (
    2823. 

  2823.         "mov	r6, #128\n\t"
    2824. 

  2824.         "add	r6, %[a]\n\t"
    2825. 

  2825.         "mov	r8, %[r]\n\t"
    2826. 

  2826.         "mov	r9, r6\n\t"
    2827. 

  2827.         "mov	r3, #0\n\t"
    2828. 

  2828.         "mov	r4, #0\n\t"
    2829. 

  2829.         "1:\n\t"
    2830. 

  2830.         "mov	%[r], #0\n\t"
    2831. 

  2831.         "mov	r5, #0\n\t"
    2832. 

  2832.         "# A[] * B\n\t"
    2833. 

  2833.         "ldr	r6, [%[a]]\n\t"
    2834. 

  2834.         "lsl	r6, r6, #16\n\t"
    2835. 

  2835.         "lsl	r7, %[b], #16\n\t"
    2836. 

  2836.         "lsr	r6, r6, #16\n\t"
    2837. 

  2837.         "lsr	r7, r7, #16\n\t"
    2838. 

  2838.         "mul	r7, r6\n\t"
    2839. 

  2839.         "add	r3, r7\n\t"
    2840. 

  2840.         "adc	r4, %[r]\n\t"
    2841. 

  2841.         "adc	r5, %[r]\n\t"
    2842. 

  2842.         "lsr	r7, %[b], #16\n\t"
    2843. 

  2843.         "mul	r6, r7\n\t"
    2844. 

  2844.         "lsr	r7, r6, #16\n\t"
    2845. 

  2845.         "lsl	r6, r6, #16\n\t"
    2846. 

  2846.         "add	r3, r6\n\t"
    2847. 

  2847.         "adc	r4, r7\n\t"
    2848. 

  2848.         "adc	r5, %[r]\n\t"
    2849. 

  2849.         "ldr	r6, [%[a]]\n\t"
    2850. 

  2850.         "lsr	r6, r6, #16\n\t"
    2851. 

  2851.         "lsr	r7, %[b], #16\n\t"
    2852. 

  2852.         "mul	r7, r6\n\t"
    2853. 

  2853.         "add	r4, r7\n\t"
    2854. 

  2854.         "adc	r5, %[r]\n\t"
    2855. 

  2855.         "lsl	r7, %[b], #16\n\t"
    2856. 

  2856.         "lsr	r7, r7, #16\n\t"
    2857. 

  2857.         "mul	r6, r7\n\t"
    2858. 

  2858.         "lsr	r7, r6, #16\n\t"
    2859. 

  2859.         "lsl	r6, r6, #16\n\t"
    2860. 

  2860.         "add	r3, r6\n\t"
    2861. 

  2861.         "adc	r4, r7\n\t"
    2862. 

  2862.         "adc	r5, %[r]\n\t"
    2863. 

  2863.         "# A[] * B - Done\n\t"
    2864. 

  2864.         "mov	%[r], r8\n\t"
    2865. 

  2865.         "str	r3, [%[r]]\n\t"
    2866. 

  2866.         "mov	r3, r4\n\t"
    2867. 

  2867.         "mov	r4, r5\n\t"
    2868. 

  2868.         "add	%[r], #4\n\t"
    2869. 

  2869.         "add	%[a], #4\n\t"
    2870. 

  2870.         "mov	r8, %[r]\n\t"
    2871. 

  2871.         "cmp	%[a], r9\n\t"
    2872. 

  2872.         "blt	1b\n\t"
    2873. 

  2873.         "str	r3, [%[r]]\n\t"
    2874. 

  2874.         : [r] "+r" (r), [a] "+r" (a)
    2875. 

  2875.         : [b] "r" (b)
    2876. 

  2876.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
    2877. 

  2877.     );
    2878. 

  2878. }
    2879. 

  2879. 

  2880. /* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
    2881. 

  2881.  *
    2882. 

  2882.  * d1   The high order half of the number to divide.
    2883. 

  2883.  * d0   The low order half of the number to divide.
    2884. 

  2884.  * div  The dividend.
    2885. 

  2885.  * returns the result of the division.
    2886. 

  2886.  *
    2887. 

  2887.  * Note that this is an approximate div. It may give an answer 1 larger.
    2888. 

  2888.  */
    2889. 

  2889. SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
    2890. 

  2890.         sp_digit div)
    2891. 

  2891. {
    2892. 

  2892.     sp_digit r = 0;
    2893. 

  2893. 

  2894.     __asm__ __volatile__ (
    2895. 

  2895.         "lsr	r5, %[div], #1\n\t"
    2896. 

  2896.         "add	r5, #1\n\t"
    2897. 

  2897.         "mov	r8, %[d0]\n\t"
    2898. 

  2898.         "mov	r9, %[d1]\n\t"
    2899. 

  2899.         "# Do top 32\n\t"
    2900. 

  2900.         "mov	r6, r5\n\t"
    2901. 

  2901.         "sub	r6, %[d1]\n\t"
    2902. 

  2902.         "sbc	r6, r6\n\t"
    2903. 

  2903.         "add	%[r], %[r]\n\t"
    2904. 

  2904.         "sub	%[r], r6\n\t"
    2905. 

  2905.         "and	r6, r5\n\t"
    2906. 

  2906.         "sub	%[d1], r6\n\t"
    2907. 

  2907.         "# Next 30 bits\n\t"
    2908. 

  2908.         "mov	r4, #29\n\t"
    2909. 

  2909.         "1:\n\t"
    2910. 

  2910.         "lsl	%[d0], %[d0], #1\n\t"
    2911. 

  2911.         "adc	%[d1], %[d1]\n\t"
    2912. 

  2912.         "mov	r6, r5\n\t"
    2913. 

  2913.         "sub	r6, %[d1]\n\t"
    2914. 

  2914.         "sbc	r6, r6\n\t"
    2915. 

  2915.         "add	%[r], %[r]\n\t"
    2916. 

  2916.         "sub	%[r], r6\n\t"
    2917. 

  2917.         "and	r6, r5\n\t"
    2918. 

  2918.         "sub	%[d1], r6\n\t"
    2919. 

  2919.         "sub	r4, #1\n\t"
    2920. 

  2920.         "bpl	1b\n\t"
    2921. 

  2921.         "mov	r7, #0\n\t"
    2922. 

  2922.         "add	%[r], %[r]\n\t"
    2923. 

  2923.         "add	%[r], #1\n\t"
    2924. 

  2924.         "# r * div - Start\n\t"
    2925. 

  2925.         "lsl	%[d1], %[r], #16\n\t"
    2926. 

  2926.         "lsl	r4, %[div], #16\n\t"
    2927. 

  2927.         "lsr	%[d1], %[d1], #16\n\t"
    2928. 

  2928.         "lsr	r4, r4, #16\n\t"
    2929. 

  2929.         "mul	r4, %[d1]\n\t"
    2930. 

  2930.         "lsr	r6, %[div], #16\n\t"
    2931. 

  2931.         "mul	%[d1], r6\n\t"
    2932. 

  2932.         "lsr	r5, %[d1], #16\n\t"
    2933. 

  2933.         "lsl	%[d1], %[d1], #16\n\t"
    2934. 

  2934.         "add	r4, %[d1]\n\t"
    2935. 

  2935.         "adc	r5, r7\n\t"
    2936. 

  2936.         "lsr	%[d1], %[r], #16\n\t"
    2937. 

  2937.         "mul	r6, %[d1]\n\t"
    2938. 

  2938.         "add	r5, r6\n\t"
    2939. 

  2939.         "lsl	r6, %[div], #16\n\t"
    2940. 

  2940.         "lsr	r6, r6, #16\n\t"
    2941. 

  2941.         "mul	%[d1], r6\n\t"
    2942. 

  2942.         "lsr	r6, %[d1], #16\n\t"
    2943. 

  2943.         "lsl	%[d1], %[d1], #16\n\t"
    2944. 

  2944.         "add	r4, %[d1]\n\t"
    2945. 

  2945.         "adc	r5, r6\n\t"
    2946. 

  2946.         "# r * div - Done\n\t"
    2947. 

  2947.         "mov	%[d1], r8\n\t"
    2948. 

  2948.         "sub	%[d1], r4\n\t"
    2949. 

  2949.         "mov	r4, %[d1]\n\t"
    2950. 

  2950.         "mov	%[d1], r9\n\t"
    2951. 

  2951.         "sbc	%[d1], r5\n\t"
    2952. 

  2952.         "mov	r5, %[d1]\n\t"
    2953. 

  2953.         "add	%[r], r5\n\t"
    2954. 

  2954.         "# r * div - Start\n\t"
    2955. 

  2955.         "lsl	%[d1], %[r], #16\n\t"
    2956. 

  2956.         "lsl	r4, %[div], #16\n\t"
    2957. 

  2957.         "lsr	%[d1], %[d1], #16\n\t"
    2958. 

  2958.         "lsr	r4, r4, #16\n\t"
    2959. 

  2959.         "mul	r4, %[d1]\n\t"
    2960. 

  2960.         "lsr	r6, %[div], #16\n\t"
    2961. 

  2961.         "mul	%[d1], r6\n\t"
    2962. 

  2962.         "lsr	r5, %[d1], #16\n\t"
    2963. 

  2963.         "lsl	%[d1], %[d1], #16\n\t"
    2964. 

  2964.         "add	r4, %[d1]\n\t"
    2965. 

  2965.         "adc	r5, r7\n\t"
    2966. 

  2966.         "lsr	%[d1], %[r], #16\n\t"
    2967. 

  2967.         "mul	r6, %[d1]\n\t"
    2968. 

  2968.         "add	r5, r6\n\t"
    2969. 

  2969.         "lsl	r6, %[div], #16\n\t"
    2970. 

  2970.         "lsr	r6, r6, #16\n\t"
    2971. 

  2971.         "mul	%[d1], r6\n\t"
    2972. 

  2972.         "lsr	r6, %[d1], #16\n\t"
    2973. 

  2973.         "lsl	%[d1], %[d1], #16\n\t"
    2974. 

  2974.         "add	r4, %[d1]\n\t"
    2975. 

  2975.         "adc	r5, r6\n\t"
    2976. 

  2976.         "# r * div - Done\n\t"
    2977. 

  2977.         "mov	%[d1], r8\n\t"
    2978. 

  2978.         "mov	r6, r9\n\t"
    2979. 

  2979.         "sub	r4, %[d1], r4\n\t"
    2980. 

  2980.         "sbc	r6, r5\n\t"
    2981. 

  2981.         "mov	r5, r6\n\t"
    2982. 

  2982.         "add	%[r], r5\n\t"
    2983. 

  2983.         "# r * div - Start\n\t"
    2984. 

  2984.         "lsl	%[d1], %[r], #16\n\t"
    2985. 

  2985.         "lsl	r4, %[div], #16\n\t"
    2986. 

  2986.         "lsr	%[d1], %[d1], #16\n\t"
    2987. 

  2987.         "lsr	r4, r4, #16\n\t"
    2988. 

  2988.         "mul	r4, %[d1]\n\t"
    2989. 

  2989.         "lsr	r6, %[div], #16\n\t"
    2990. 

  2990.         "mul	%[d1], r6\n\t"
    2991. 

  2991.         "lsr	r5, %[d1], #16\n\t"
    2992. 

  2992.         "lsl	%[d1], %[d1], #16\n\t"
    2993. 

  2993.         "add	r4, %[d1]\n\t"
    2994. 

  2994.         "adc	r5, r7\n\t"
    2995. 

  2995.         "lsr	%[d1], %[r], #16\n\t"
    2996. 

  2996.         "mul	r6, %[d1]\n\t"
    2997. 

  2997.         "add	r5, r6\n\t"
    2998. 

  2998.         "lsl	r6, %[div], #16\n\t"
    2999. 

  2999.         "lsr	r6, r6, #16\n\t"
    3000. 

  3000.         "mul	%[d1], r6\n\t"
    3001. 

  3001.         "lsr	r6, %[d1], #16\n\t"
    3002. 

  3002.         "lsl	%[d1], %[d1], #16\n\t"
    3003. 

  3003.         "add	r4, %[d1]\n\t"
    3004. 

  3004.         "adc	r5, r6\n\t"
    3005. 

  3005.         "# r * div - Done\n\t"
    3006. 

  3006.         "mov	%[d1], r8\n\t"
    3007. 

  3007.         "mov	r6, r9\n\t"
    3008. 

  3008.         "sub	r4, %[d1], r4\n\t"
    3009. 

  3009.         "sbc	r6, r5\n\t"
    3010. 

  3010.         "mov	r5, r6\n\t"
    3011. 

  3011.         "add	%[r], r5\n\t"
    3012. 

  3012.         "mov	r6, %[div]\n\t"
    3013. 

  3013.         "sub	r6, r4\n\t"
    3014. 

  3014.         "sbc	r6, r6\n\t"
    3015. 

  3015.         "sub	%[r], r6\n\t"
    3016. 

  3016.         : [r] "+r" (r)
    3017. 

  3017.         : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div)
    3018. 

  3018.         : "r4", "r5", "r7", "r6", "r8", "r9"
    3019. 

  3019.     );
    3020. 

  3020.     return r;
    3021. 

  3021. }
    3022. 

  3022. 

  3023. /* Compare a with b in constant time.
    3024. 

  3024.  *
    3025. 

  3025.  * a  A single precision integer.
    3026. 

  3026.  * b  A single precision integer.
    3027. 

  3027.  * return -ve, 0 or +ve if a is less than, equal to or greater than b
    3028. 

  3028.  * respectively.
    3029. 

  3029.  */
    3030. 

  3030. SP_NOINLINE static int32_t sp_2048_cmp_32(const sp_digit* a, const sp_digit* b)
    3031. 

  3031. {
    3032. 

  3032.     sp_digit r = 0;
    3033. 

  3033. 

  3034. 

  3035.     __asm__ __volatile__ (
    3036. 

  3036.         "mov	r3, #0\n\t"
    3037. 

  3037.         "mvn	r3, r3\n\t"
    3038. 

  3038.         "mov	r6, #124\n\t"
    3039. 

  3039.         "1:\n\t"
    3040. 

  3040.         "ldr	r7, [%[a], r6]\n\t"
    3041. 

  3041.         "ldr	r5, [%[b], r6]\n\t"
    3042. 

  3042.         "and	r7, r3\n\t"
    3043. 

  3043.         "and	r5, r3\n\t"
    3044. 

  3044.         "mov	r4, r7\n\t"
    3045. 

  3045.         "sub	r7, r5\n\t"
    3046. 

  3046.         "sbc	r7, r7\n\t"
    3047. 

  3047.         "add	%[r], r7\n\t"
    3048. 

  3048.         "mvn	r7, r7\n\t"
    3049. 

  3049.         "and	r3, r7\n\t"
    3050. 

  3050.         "sub	r5, r4\n\t"
    3051. 

  3051.         "sbc	r7, r7\n\t"
    3052. 

  3052.         "sub	%[r], r7\n\t"
    3053. 

  3053.         "mvn	r7, r7\n\t"
    3054. 

  3054.         "and	r3, r7\n\t"
    3055. 

  3055.         "sub	r6, #4\n\t"
    3056. 

  3056.         "cmp	r6, #0\n\t"
    3057. 

  3057.         "bge	1b\n\t"
    3058. 

  3058.         : [r] "+r" (r)
    3059. 

  3059.         : [a] "r" (a), [b] "r" (b)
    3060. 

  3060.         : "r3", "r4", "r5", "r6", "r7"
    3061. 

  3061.     );
    3062. 

  3062. 

  3063.     return r;
    3064. 

  3064. }
    3065. 

  3065. 

  3066. /* Divide d in a and put remainder into r (m*d + r = a)
    3067. 

  3067.  * m is not calculated as it is not needed at this time.
    3068. 

  3068.  *
    3069. 

  3069.  * a  Nmber to be divided.
    3070. 

  3070.  * d  Number to divide with.
    3071. 

  3071.  * m  Multiplier result.
    3072. 

  3072.  * r  Remainder from the division.
    3073. 

  3073.  * returns MP_OKAY indicating success.
    3074. 

  3074.  */
    3075. 

  3075. static WC_INLINE int sp_2048_div_32(const sp_digit* a, const sp_digit* d, sp_digit* m,
    3076. 

  3076.         sp_digit* r)
    3077. 

  3077. {
    3078. 

  3078.     sp_digit t1[64], t2[33];
    3079. 

  3079.     sp_digit div, r1;
    3080. 

  3080.     int i;
    3081. 

  3081. 

  3082.     (void)m;
    3083. 

  3083. 

  3084.     div = d[31];
    3085. 

  3085.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 32);
    3086. 

  3086.     for (i=31; i>=0; i--) {
    3087. 

  3087.         r1 = div_2048_word_32(t1[32 + i], t1[32 + i - 1], div);
    3088. 

  3088. 

  3089.         sp_2048_mul_d_32(t2, d, r1);
    3090. 

  3090.         t1[32 + i] += sp_2048_sub_in_place_32(&t1[i], t2);
    3091. 

  3091.         t1[32 + i] -= t2[32];
    3092. 

  3092.         sp_2048_mask_32(t2, d, t1[32 + i]);
    3093. 

  3093.         t1[32 + i] += sp_2048_add_32(&t1[i], &t1[i], t2);
    3094. 

  3094.         sp_2048_mask_32(t2, d, t1[32 + i]);
    3095. 

  3095.         t1[32 + i] += sp_2048_add_32(&t1[i], &t1[i], t2);
    3096. 

  3096.     }
    3097. 

  3097. 

  3098.     r1 = sp_2048_cmp_32(t1, d) >= 0;
    3099. 

  3099.     sp_2048_cond_sub_32(r, t1, d, (sp_digit)0 - r1);
    3100. 

  3100. 

  3101.     return MP_OKAY;
    3102. 

  3102. }
    3103. 

  3103. 

  3104. /* Reduce a modulo m into r. (r = a mod m)
    3105. 

  3105.  *
    3106. 

  3106.  * r  A single precision number that is the reduced result.
    3107. 

  3107.  * a  A single precision number that is to be reduced.
    3108. 

  3108.  * m  A single precision number that is the modulus to reduce with.
    3109. 

  3109.  * returns MP_OKAY indicating success.
    3110. 

  3110.  */
    3111. 

  3111. static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, const sp_digit* m)
    3112. 

  3112. {
    3113. 

  3113.     return sp_2048_div_32(a, m, NULL, r);
    3114. 

  3114. }
    3115. 

  3115. 

  3116. #ifdef WOLFSSL_SP_SMALL
    3117. 

  3117. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    3118. 

  3118.  *
    3119. 

  3119.  * r     A single precision number that is the result of the operation.
    3120. 

  3120.  * a     A single precision number being exponentiated.
    3121. 

  3121.  * e     A single precision number that is the exponent.
    3122. 

  3122.  * bits  The number of bits in the exponent.
    3123. 

  3123.  * m     A single precision number that is the modulus.
    3124. 

  3124.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    3125. 

  3125.  */
    3126. 

  3126. static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
    3127. 

  3127.         int bits, const sp_digit* m, int reduceA)
    3128. 

  3128. {
    3129. 

  3129. #ifndef WOLFSSL_SMALL_STACK
    3130. 

  3130.     sp_digit t[16][64];
    3131. 

  3131. #else
    3132. 

  3132.     sp_digit* t[16];
    3133. 

  3133.     sp_digit* td;
    3134. 

  3134. #endif
    3135. 

  3135.     sp_digit* norm;
    3136. 

  3136.     sp_digit mp = 1;
    3137. 

  3137.     sp_digit n;
    3138. 

  3138.     sp_digit mask;
    3139. 

  3139.     int i;
    3140. 

  3140.     int c, y;
    3141. 

  3141.     int err = MP_OKAY;
    3142. 

  3142. 

  3143. #ifdef WOLFSSL_SMALL_STACK
    3144. 

  3144.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 64, NULL,
    3145. 

  3145.                             DYNAMIC_TYPE_TMP_BUFFER);
    3146. 

  3146.     if (td == NULL) {
    3147. 

  3147.         err = MEMORY_E;
    3148. 

  3148.     }
    3149. 

  3149. #endif
    3150. 

  3150. 

  3151.     if (err == MP_OKAY) {
    3152. 

  3152. #ifdef WOLFSSL_SMALL_STACK
    3153. 

  3153.         for (i=0; i<16; i++) {
    3154. 

  3154.             t[i] = td + i * 64;
    3155. 

  3155.         }
    3156. 

  3156. #endif
    3157. 

  3157.         norm = t[0];
    3158. 

  3158. 

  3159.         sp_2048_mont_setup(m, &mp);
    3160. 

  3160.         sp_2048_mont_norm_32(norm, m);
    3161. 

  3161. 

  3162.         XMEMSET(t[1], 0, sizeof(sp_digit) * 32U);
    3163. 

  3163.         if (reduceA != 0) {
    3164. 

  3164.             err = sp_2048_mod_32(t[1] + 32, a, m);
    3165. 

  3165.             if (err == MP_OKAY) {
    3166. 

  3166.                 err = sp_2048_mod_32(t[1], t[1], m);
    3167. 

  3167.             }
    3168. 

  3168.         }
    3169. 

  3169.         else {
    3170. 

  3170.             XMEMCPY(t[1] + 32, a, sizeof(sp_digit) * 32);
    3171. 

  3171.             err = sp_2048_mod_32(t[1], t[1], m);
    3172. 

  3172.         }
    3173. 

  3173.     }
    3174. 

  3174. 

  3175.     if (err == MP_OKAY) {
    3176. 

  3176.         sp_2048_mont_sqr_32(t[ 2], t[ 1], m, mp);
    3177. 

  3177.         sp_2048_mont_mul_32(t[ 3], t[ 2], t[ 1], m, mp);
    3178. 

  3178.         sp_2048_mont_sqr_32(t[ 4], t[ 2], m, mp);
    3179. 

  3179.         sp_2048_mont_mul_32(t[ 5], t[ 3], t[ 2], m, mp);
    3180. 

  3180.         sp_2048_mont_sqr_32(t[ 6], t[ 3], m, mp);
    3181. 

  3181.         sp_2048_mont_mul_32(t[ 7], t[ 4], t[ 3], m, mp);
    3182. 

  3182.         sp_2048_mont_sqr_32(t[ 8], t[ 4], m, mp);
    3183. 

  3183.         sp_2048_mont_mul_32(t[ 9], t[ 5], t[ 4], m, mp);
    3184. 

  3184.         sp_2048_mont_sqr_32(t[10], t[ 5], m, mp);
    3185. 

  3185.         sp_2048_mont_mul_32(t[11], t[ 6], t[ 5], m, mp);
    3186. 

  3186.         sp_2048_mont_sqr_32(t[12], t[ 6], m, mp);
    3187. 

  3187.         sp_2048_mont_mul_32(t[13], t[ 7], t[ 6], m, mp);
    3188. 

  3188.         sp_2048_mont_sqr_32(t[14], t[ 7], m, mp);
    3189. 

  3189.         sp_2048_mont_mul_32(t[15], t[ 8], t[ 7], m, mp);
    3190. 

  3190. 

  3191.         i = (bits - 1) / 32;
    3192. 

  3192.         n = e[i--];
    3193. 

  3193.         c = bits & 31;
    3194. 

  3194.         if (c == 0) {
    3195. 

  3195.             c = 32;
    3196. 

  3196.         }
    3197. 

  3197.         c -= bits % 4;
    3198. 

  3198.         if (c == 32) {
    3199. 

  3199.             c = 28;
    3200. 

  3200.         }
    3201. 

  3201.         y = (int)(n >> c);
    3202. 

  3202.         n <<= 32 - c;
    3203. 

  3203.         XMEMCPY(r, t[y], sizeof(sp_digit) * 32);
    3204. 

  3204.         for (; i>=0 || c>=4; ) {
    3205. 

  3205.             if (c == 0) {
    3206. 

  3206.                 n = e[i--];
    3207. 

  3207.                 y = n >> 28;
    3208. 

  3208.                 n <<= 4;
    3209. 

  3209.                 c = 28;
    3210. 

  3210.             }
    3211. 

  3211.             else if (c < 4) {
    3212. 

  3212.                 y = n >> 28;
    3213. 

  3213.                 n = e[i--];
    3214. 

  3214.                 c = 4 - c;
    3215. 

  3215.                 y |= n >> (32 - c);
    3216. 

  3216.                 n <<= c;
    3217. 

  3217.                 c = 32 - c;
    3218. 

  3218.             }
    3219. 

  3219.             else {
    3220. 

  3220.                 y = (n >> 28) & 0xf;
    3221. 

  3221.                 n <<= 4;
    3222. 

  3222.                 c -= 4;
    3223. 

  3223.             }
    3224. 

  3224. 

  3225.             sp_2048_mont_sqr_32(r, r, m, mp);
    3226. 

  3226.             sp_2048_mont_sqr_32(r, r, m, mp);
    3227. 

  3227.             sp_2048_mont_sqr_32(r, r, m, mp);
    3228. 

  3228.             sp_2048_mont_sqr_32(r, r, m, mp);
    3229. 

  3229. 

  3230.             sp_2048_mont_mul_32(r, r, t[y], m, mp);
    3231. 

  3231.         }
    3232. 

  3232. 

  3233.         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
    3234. 

  3234.         sp_2048_mont_reduce_32(r, m, mp);
    3235. 

  3235. 

  3236.         mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
    3237. 

  3237.         sp_2048_cond_sub_32(r, r, m, mask);
    3238. 

  3238.     }
    3239. 

  3239. 

  3240. #ifdef WOLFSSL_SMALL_STACK
    3241. 

  3241.     if (td != NULL) {
    3242. 

  3242.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    3243. 

  3243.     }
    3244. 

  3244. #endif
    3245. 

  3245. 

  3246.     return err;
    3247. 

  3247. }
    3248. 

  3248. #else
    3249. 

  3249. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    3250. 

  3250.  *
    3251. 

  3251.  * r     A single precision number that is the result of the operation.
    3252. 

  3252.  * a     A single precision number being exponentiated.
    3253. 

  3253.  * e     A single precision number that is the exponent.
    3254. 

  3254.  * bits  The number of bits in the exponent.
    3255. 

  3255.  * m     A single precision number that is the modulus.
    3256. 

  3256.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    3257. 

  3257.  */
    3258. 

  3258. static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
    3259. 

  3259.         int bits, const sp_digit* m, int reduceA)
    3260. 

  3260. {
    3261. 

  3261. #ifndef WOLFSSL_SMALL_STACK
    3262. 

  3262.     sp_digit t[32][64];
    3263. 

  3263. #else
    3264. 

  3264.     sp_digit* t[32];
    3265. 

  3265.     sp_digit* td;
    3266. 

  3266. #endif
    3267. 

  3267.     sp_digit* norm;
    3268. 

  3268.     sp_digit mp = 1;
    3269. 

  3269.     sp_digit n;
    3270. 

  3270.     sp_digit mask;
    3271. 

  3271.     int i;
    3272. 

  3272.     int c, y;
    3273. 

  3273.     int err = MP_OKAY;
    3274. 

  3274. 

  3275. #ifdef WOLFSSL_SMALL_STACK
    3276. 

  3276.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 64, NULL,
    3277. 

  3277.                             DYNAMIC_TYPE_TMP_BUFFER);
    3278. 

  3278.     if (td == NULL) {
    3279. 

  3279.         err = MEMORY_E;
    3280. 

  3280.     }
    3281. 

  3281. #endif
    3282. 

  3282. 

  3283.     if (err == MP_OKAY) {
    3284. 

  3284. #ifdef WOLFSSL_SMALL_STACK
    3285. 

  3285.         for (i=0; i<32; i++) {
    3286. 

  3286.             t[i] = td + i * 64;
    3287. 

  3287.         }
    3288. 

  3288. #endif
    3289. 

  3289.         norm = t[0];
    3290. 

  3290. 

  3291.         sp_2048_mont_setup(m, &mp);
    3292. 

  3292.         sp_2048_mont_norm_32(norm, m);
    3293. 

  3293. 

  3294.         XMEMSET(t[1], 0, sizeof(sp_digit) * 32U);
    3295. 

  3295.         if (reduceA != 0) {
    3296. 

  3296.             err = sp_2048_mod_32(t[1] + 32, a, m);
    3297. 

  3297.             if (err == MP_OKAY) {
    3298. 

  3298.                 err = sp_2048_mod_32(t[1], t[1], m);
    3299. 

  3299.             }
    3300. 

  3300.         }
    3301. 

  3301.         else {
    3302. 

  3302.             XMEMCPY(t[1] + 32, a, sizeof(sp_digit) * 32);
    3303. 

  3303.             err = sp_2048_mod_32(t[1], t[1], m);
    3304. 

  3304.         }
    3305. 

  3305.     }
    3306. 

  3306. 

  3307.     if (err == MP_OKAY) {
    3308. 

  3308.         sp_2048_mont_sqr_32(t[ 2], t[ 1], m, mp);
    3309. 

  3309.         sp_2048_mont_mul_32(t[ 3], t[ 2], t[ 1], m, mp);
    3310. 

  3310.         sp_2048_mont_sqr_32(t[ 4], t[ 2], m, mp);
    3311. 

  3311.         sp_2048_mont_mul_32(t[ 5], t[ 3], t[ 2], m, mp);
    3312. 

  3312.         sp_2048_mont_sqr_32(t[ 6], t[ 3], m, mp);
    3313. 

  3313.         sp_2048_mont_mul_32(t[ 7], t[ 4], t[ 3], m, mp);
    3314. 

  3314.         sp_2048_mont_sqr_32(t[ 8], t[ 4], m, mp);
    3315. 

  3315.         sp_2048_mont_mul_32(t[ 9], t[ 5], t[ 4], m, mp);
    3316. 

  3316.         sp_2048_mont_sqr_32(t[10], t[ 5], m, mp);
    3317. 

  3317.         sp_2048_mont_mul_32(t[11], t[ 6], t[ 5], m, mp);
    3318. 

  3318.         sp_2048_mont_sqr_32(t[12], t[ 6], m, mp);
    3319. 

  3319.         sp_2048_mont_mul_32(t[13], t[ 7], t[ 6], m, mp);
    3320. 

  3320.         sp_2048_mont_sqr_32(t[14], t[ 7], m, mp);
    3321. 

  3321.         sp_2048_mont_mul_32(t[15], t[ 8], t[ 7], m, mp);
    3322. 

  3322.         sp_2048_mont_sqr_32(t[16], t[ 8], m, mp);
    3323. 

  3323.         sp_2048_mont_mul_32(t[17], t[ 9], t[ 8], m, mp);
    3324. 

  3324.         sp_2048_mont_sqr_32(t[18], t[ 9], m, mp);
    3325. 

  3325.         sp_2048_mont_mul_32(t[19], t[10], t[ 9], m, mp);
    3326. 

  3326.         sp_2048_mont_sqr_32(t[20], t[10], m, mp);
    3327. 

  3327.         sp_2048_mont_mul_32(t[21], t[11], t[10], m, mp);
    3328. 

  3328.         sp_2048_mont_sqr_32(t[22], t[11], m, mp);
    3329. 

  3329.         sp_2048_mont_mul_32(t[23], t[12], t[11], m, mp);
    3330. 

  3330.         sp_2048_mont_sqr_32(t[24], t[12], m, mp);
    3331. 

  3331.         sp_2048_mont_mul_32(t[25], t[13], t[12], m, mp);
    3332. 

  3332.         sp_2048_mont_sqr_32(t[26], t[13], m, mp);
    3333. 

  3333.         sp_2048_mont_mul_32(t[27], t[14], t[13], m, mp);
    3334. 

  3334.         sp_2048_mont_sqr_32(t[28], t[14], m, mp);
    3335. 

  3335.         sp_2048_mont_mul_32(t[29], t[15], t[14], m, mp);
    3336. 

  3336.         sp_2048_mont_sqr_32(t[30], t[15], m, mp);
    3337. 

  3337.         sp_2048_mont_mul_32(t[31], t[16], t[15], m, mp);
    3338. 

  3338. 

  3339.         i = (bits - 1) / 32;
    3340. 

  3340.         n = e[i--];
    3341. 

  3341.         c = bits & 31;
    3342. 

  3342.         if (c == 0) {
    3343. 

  3343.             c = 32;
    3344. 

  3344.         }
    3345. 

  3345.         c -= bits % 5;
    3346. 

  3346.         if (c == 32) {
    3347. 

  3347.             c = 27;
    3348. 

  3348.         }
    3349. 

  3349.         y = (int)(n >> c);
    3350. 

  3350.         n <<= 32 - c;
    3351. 

  3351.         XMEMCPY(r, t[y], sizeof(sp_digit) * 32);
    3352. 

  3352.         for (; i>=0 || c>=5; ) {
    3353. 

  3353.             if (c == 0) {
    3354. 

  3354.                 n = e[i--];
    3355. 

  3355.                 y = n >> 27;
    3356. 

  3356.                 n <<= 5;
    3357. 

  3357.                 c = 27;
    3358. 

  3358.             }
    3359. 

  3359.             else if (c < 5) {
    3360. 

  3360.                 y = n >> 27;
    3361. 

  3361.                 n = e[i--];
    3362. 

  3362.                 c = 5 - c;
    3363. 

  3363.                 y |= n >> (32 - c);
    3364. 

  3364.                 n <<= c;
    3365. 

  3365.                 c = 32 - c;
    3366. 

  3366.             }
    3367. 

  3367.             else {
    3368. 

  3368.                 y = (n >> 27) & 0x1f;
    3369. 

  3369.                 n <<= 5;
    3370. 

  3370.                 c -= 5;
    3371. 

  3371.             }
    3372. 

  3372. 

  3373.             sp_2048_mont_sqr_32(r, r, m, mp);
    3374. 

  3374.             sp_2048_mont_sqr_32(r, r, m, mp);
    3375. 

  3375.             sp_2048_mont_sqr_32(r, r, m, mp);
    3376. 

  3376.             sp_2048_mont_sqr_32(r, r, m, mp);
    3377. 

  3377.             sp_2048_mont_sqr_32(r, r, m, mp);
    3378. 

  3378. 

  3379.             sp_2048_mont_mul_32(r, r, t[y], m, mp);
    3380. 

  3380.         }
    3381. 

  3381. 

  3382.         XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U);
    3383. 

  3383.         sp_2048_mont_reduce_32(r, m, mp);
    3384. 

  3384. 

  3385.         mask = 0 - (sp_2048_cmp_32(r, m) >= 0);
    3386. 

  3386.         sp_2048_cond_sub_32(r, r, m, mask);
    3387. 

  3387.     }
    3388. 

  3388. 

  3389. #ifdef WOLFSSL_SMALL_STACK
    3390. 

  3390.     if (td != NULL) {
    3391. 

  3391.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    3392. 

  3392.     }
    3393. 

  3393. #endif
    3394. 

  3394. 

  3395.     return err;
    3396. 

  3396. }
    3397. 

  3397. #endif /* WOLFSSL_SP_SMALL */
    3398. 

  3398. 

  3399. #endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */
    3400. 

  3400. 

  3401. #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
    3402. 

  3402. /* r = 2^n mod m where n is the number of bits to reduce by.
    3403. 

  3403.  * Given m must be 2048 bits, just need to subtract.
    3404. 

  3404.  *
    3405. 

  3405.  * r  A single precision number.
    3406. 

  3406.  * m  A single precision number.
    3407. 

  3407.  */
    3408. 

  3408. static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m)
    3409. 

  3409. {
    3410. 

  3410.     XMEMSET(r, 0, sizeof(sp_digit) * 64);
    3411. 

  3411. 

  3412.     /* r = 2^n mod m */
    3413. 

  3413.     sp_2048_sub_in_place_64(r, m);
    3414. 

  3414. }
    3415. 

  3415. 

  3416. #endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH */
    3417. 

  3417. /* Conditionally subtract b from a using the mask m.
    3418. 

  3418.  * m is -1 to subtract and 0 when not copying.
    3419. 

  3419.  *
    3420. 

  3420.  * r  A single precision number representing condition subtract result.
    3421. 

  3421.  * a  A single precision number to subtract from.
    3422. 

  3422.  * b  A single precision number to subtract.
    3423. 

  3423.  * m  Mask value to apply.
    3424. 

  3424.  */
    3425. 

  3425. SP_NOINLINE static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a,
    3426. 

  3426.         const sp_digit* b, sp_digit m)
    3427. 

  3427. {
    3428. 

  3428.     sp_digit c = 0;
    3429. 

  3429. 

  3430.     __asm__ __volatile__ (
    3431. 

  3431.         "mov	r5, #1\n\t"
    3432. 

  3432.         "lsl	r5, r5, #8\n\t"
    3433. 

  3433.         "mov	r8, r5\n\t"
    3434. 

  3434.         "mov	r7, #0\n\t"
    3435. 

  3435.         "1:\n\t"
    3436. 

  3436.         "ldr	r6, [%[b], r7]\n\t"
    3437. 

  3437.         "and	r6, %[m]\n\t"
    3438. 

  3438.         "mov	r5, #0\n\t"
    3439. 

  3439.         "sub	r5, %[c]\n\t"
    3440. 

  3440.         "ldr	r5, [%[a], r7]\n\t"
    3441. 

  3441.         "sbc	r5, r6\n\t"
    3442. 

  3442.         "sbc	%[c], %[c]\n\t"
    3443. 

  3443.         "str	r5, [%[r], r7]\n\t"
    3444. 

  3444.         "add	r7, #4\n\t"
    3445. 

  3445.         "cmp	r7, r8\n\t"
    3446. 

  3446.         "blt	1b\n\t"
    3447. 

  3447.         : [c] "+r" (c)
    3448. 

  3448.         : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
    3449. 

  3449.         : "memory", "r5", "r6", "r7", "r8"
    3450. 

  3450.     );
    3451. 

  3451. 

  3452.     return c;
    3453. 

  3453. }
    3454. 

  3454. 

  3455. /* Reduce the number back to 2048 bits using Montgomery reduction.
    3456. 

  3456.  *
    3457. 

  3457.  * a   A single precision number to reduce in place.
    3458. 

  3458.  * m   The single precision number representing the modulus.
    3459. 

  3459.  * mp  The digit representing the negative inverse of m mod 2^n.
    3460. 

  3460.  */
    3461. 

  3461. SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m,
    3462. 

  3462.         sp_digit mp)
    3463. 

  3463. {
    3464. 

  3464.     sp_digit ca = 0;
    3465. 

  3465. 

  3466.     __asm__ __volatile__ (
    3467. 

  3467.         "mov	r8, %[mp]\n\t"
    3468. 

  3468.         "mov	r12, %[ca]\n\t"
    3469. 

  3469.         "mov	r14, %[m]\n\t"
    3470. 

  3470.         "mov	r9, %[a]\n\t"
    3471. 

  3471.         "mov	r4, #0\n\t"
    3472. 

  3472.         "# i = 0\n\t"
    3473. 

  3473.         "mov	r11, r4\n\t"
    3474. 

  3474.         "\n1:\n\t"
    3475. 

  3475.         "mov	r5, #0\n\t"
    3476. 

  3476.         "mov	%[ca], #0\n\t"
    3477. 

  3477.         "# mu = a[i] * mp\n\t"
    3478. 

  3478.         "mov	%[mp], r8\n\t"
    3479. 

  3479.         "ldr	%[a], [%[a]]\n\t"
    3480. 

  3480.         "mul	%[mp], %[a]\n\t"
    3481. 

  3481.         "mov	%[m], r14\n\t"
    3482. 

  3482.         "mov	r10, r9\n\t"
    3483. 

  3483.         "\n2:\n\t"
    3484. 

  3484.         "# a[i+j] += m[j] * mu\n\t"
    3485. 

  3485.         "mov	%[a], r10\n\t"
    3486. 

  3486.         "ldr	%[a], [%[a]]\n\t"
    3487. 

  3487.         "mov	%[ca], #0\n\t"
    3488. 

  3488.         "mov	r4, r5\n\t"
    3489. 

  3489.         "mov	r5, #0\n\t"
    3490. 

  3490.         "# Multiply m[j] and mu - Start\n\t"
    3491. 

  3491.         "ldr	r7, [%[m]]\n\t"
    3492. 

  3492.         "lsl	r6, %[mp], #16\n\t"
    3493. 

  3493.         "lsl	r7, r7, #16\n\t"
    3494. 

  3494.         "lsr	r6, r6, #16\n\t"
    3495. 

  3495.         "lsr	r7, r7, #16\n\t"
    3496. 

  3496.         "mul	r7, r6\n\t"
    3497. 

  3497.         "add	%[a], r7\n\t"
    3498. 

  3498.         "adc	r5, %[ca]\n\t"
    3499. 

  3499.         "ldr	r7, [%[m]]\n\t"
    3500. 

  3500.         "lsr	r7, r7, #16\n\t"
    3501. 

  3501.         "mul	r6, r7\n\t"
    3502. 

  3502.         "lsr	r7, r6, #16\n\t"
    3503. 

  3503.         "lsl	r6, r6, #16\n\t"
    3504. 

  3504.         "add	%[a], r6\n\t"
    3505. 

  3505.         "adc	r5, r7\n\t"
    3506. 

  3506.         "ldr	r7, [%[m]]\n\t"
    3507. 

  3507.         "lsr	r6, %[mp], #16\n\t"
    3508. 

  3508.         "lsr	r7, r7, #16\n\t"
    3509. 

  3509.         "mul	r7, r6\n\t"
    3510. 

  3510.         "add	r5, r7\n\t"
    3511. 

  3511.         "ldr	r7, [%[m]]\n\t"
    3512. 

  3512.         "lsl	r7, r7, #16\n\t"
    3513. 

  3513.         "lsr	r7, r7, #16\n\t"
    3514. 

  3514.         "mul	r6, r7\n\t"
    3515. 

  3515.         "lsr	r7, r6, #16\n\t"
    3516. 

  3516.         "lsl	r6, r6, #16\n\t"
    3517. 

  3517.         "add	%[a], r6\n\t"
    3518. 

  3518.         "adc	r5, r7\n\t"
    3519. 

  3519.         "# Multiply m[j] and mu - Done\n\t"
    3520. 

  3520.         "add	r4, %[a]\n\t"
    3521. 

  3521.         "adc	r5, %[ca]\n\t"
    3522. 

  3522.         "mov	%[a], r10\n\t"
    3523. 

  3523.         "str	r4, [%[a]]\n\t"
    3524. 

  3524.         "mov	r6, #4\n\t"
    3525. 

  3525.         "add	%[m], #4\n\t"
    3526. 

  3526.         "add	r10, r6\n\t"
    3527. 

  3527.         "mov	r4, #252\n\t"
    3528. 

  3528.         "add	r4, r9\n\t"
    3529. 

  3529.         "cmp	r10, r4\n\t"
    3530. 

  3530.         "blt	2b\n\t"
    3531. 

  3531.         "# a[i+63] += m[63] * mu\n\t"
    3532. 

  3532.         "mov	%[ca], #0\n\t"
    3533. 

  3533.         "mov	r4, r12\n\t"
    3534. 

  3534.         "mov	%[a], #0\n\t"
    3535. 

  3535.         "# Multiply m[63] and mu - Start\n\t"
    3536. 

  3536.         "ldr	r7, [%[m]]\n\t"
    3537. 

  3537.         "lsl	r6, %[mp], #16\n\t"
    3538. 

  3538.         "lsl	r7, r7, #16\n\t"
    3539. 

  3539.         "lsr	r6, r6, #16\n\t"
    3540. 

  3540.         "lsr	r7, r7, #16\n\t"
    3541. 

  3541.         "mul	r7, r6\n\t"
    3542. 

  3542.         "add	r5, r7\n\t"
    3543. 

  3543.         "adc	r4, %[ca]\n\t"
    3544. 

  3544.         "adc	%[a], %[ca]\n\t"
    3545. 

  3545.         "ldr	r7, [%[m]]\n\t"
    3546. 

  3546.         "lsr	r7, r7, #16\n\t"
    3547. 

  3547.         "mul	r6, r7\n\t"
    3548. 

  3548.         "lsr	r7, r6, #16\n\t"
    3549. 

  3549.         "lsl	r6, r6, #16\n\t"
    3550. 

  3550.         "add	r5, r6\n\t"
    3551. 

  3551.         "adc	r4, r7\n\t"
    3552. 

  3552.         "adc	%[a], %[ca]\n\t"
    3553. 

  3553.         "ldr	r7, [%[m]]\n\t"
    3554. 

  3554.         "lsr	r6, %[mp], #16\n\t"
    3555. 

  3555.         "lsr	r7, r7, #16\n\t"
    3556. 

  3556.         "mul	r7, r6\n\t"
    3557. 

  3557.         "add	r4, r7\n\t"
    3558. 

  3558.         "adc	%[a], %[ca]\n\t"
    3559. 

  3559.         "ldr	r7, [%[m]]\n\t"
    3560. 

  3560.         "lsl	r7, r7, #16\n\t"
    3561. 

  3561.         "lsr	r7, r7, #16\n\t"
    3562. 

  3562.         "mul	r6, r7\n\t"
    3563. 

  3563.         "lsr	r7, r6, #16\n\t"
    3564. 

  3564.         "lsl	r6, r6, #16\n\t"
    3565. 

  3565.         "add	r5, r6\n\t"
    3566. 

  3566.         "adc	r4, r7\n\t"
    3567. 

  3567.         "adc	%[a], %[ca]\n\t"
    3568. 

  3568.         "# Multiply m[63] and mu - Done\n\t"
    3569. 

  3569.         "mov	%[ca], %[a]\n\t"
    3570. 

  3570.         "mov	%[a], r10\n\t"
    3571. 

  3571.         "ldr	r7, [%[a], #4]\n\t"
    3572. 

  3572.         "ldr	%[a], [%[a]]\n\t"
    3573. 

  3573.         "mov	r6, #0\n\t"
    3574. 

  3574.         "add	r5, %[a]\n\t"
    3575. 

  3575.         "adc	r7, r4\n\t"
    3576. 

  3576.         "adc	%[ca], r6\n\t"
    3577. 

  3577.         "mov	%[a], r10\n\t"
    3578. 

  3578.         "str	r5, [%[a]]\n\t"
    3579. 

  3579.         "str	r7, [%[a], #4]\n\t"
    3580. 

  3580.         "# i += 1\n\t"
    3581. 

  3581.         "mov	r6, #4\n\t"
    3582. 

  3582.         "add	r9, r6\n\t"
    3583. 

  3583.         "add	r11, r6\n\t"
    3584. 

  3584.         "mov	r12, %[ca]\n\t"
    3585. 

  3585.         "mov	%[a], r9\n\t"
    3586. 

  3586.         "mov	r4, #1\n\t"
    3587. 

  3587.         "lsl	r4, r4, #8\n\t"
    3588. 

  3588.         "cmp	r11, r4\n\t"
    3589. 

  3589.         "blt	1b\n\t"
    3590. 

  3590.         "mov	%[m], r14\n\t"
    3591. 

  3591.         : [ca] "+r" (ca), [a] "+r" (a)
    3592. 

  3592.         : [m] "r" (m), [mp] "r" (mp)
    3593. 

  3593.         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    3594. 

  3594.     );
    3595. 

  3595. 

  3596.     sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - ca);
    3597. 

  3597. }
    3598. 

  3598. 

  3599. /* Multiply two Montogmery form numbers mod the modulus (prime).
    3600. 

  3600.  * (r = a * b mod m)
    3601. 

  3601.  *
    3602. 

  3602.  * r   Result of multiplication.
    3603. 

  3603.  * a   First number to multiply in Montogmery form.
    3604. 

  3604.  * b   Second number to multiply in Montogmery form.
    3605. 

  3605.  * m   Modulus (prime).
    3606. 

  3606.  * mp  Montogmery mulitplier.
    3607. 

  3607.  */
    3608. 

  3608. static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b,
    3609. 

  3609.         const sp_digit* m, sp_digit mp)
    3610. 

  3610. {
    3611. 

  3611.     sp_2048_mul_64(r, a, b);
    3612. 

  3612.     sp_2048_mont_reduce_64(r, m, mp);
    3613. 

  3613. }
    3614. 

  3614. 

  3615. /* Square the Montgomery form number. (r = a * a mod m)
    3616. 

  3616.  *
    3617. 

  3617.  * r   Result of squaring.
    3618. 

  3618.  * a   Number to square in Montogmery form.
    3619. 

  3619.  * m   Modulus (prime).
    3620. 

  3620.  * mp  Montogmery mulitplier.
    3621. 

  3621.  */
    3622. 

  3622. static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, const sp_digit* m,
    3623. 

  3623.         sp_digit mp)
    3624. 

  3624. {
    3625. 

  3625.     sp_2048_sqr_64(r, a);
    3626. 

  3626.     sp_2048_mont_reduce_64(r, m, mp);
    3627. 

  3627. }
    3628. 

  3628. 

  3629. /* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
    3630. 

  3630.  *
    3631. 

  3631.  * d1   The high order half of the number to divide.
    3632. 

  3632.  * d0   The low order half of the number to divide.
    3633. 

  3633.  * div  The dividend.
    3634. 

  3634.  * returns the result of the division.
    3635. 

  3635.  *
    3636. 

  3636.  * Note that this is an approximate div. It may give an answer 1 larger.
    3637. 

  3637.  */
    3638. 

  3638. SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0,
    3639. 

  3639.         sp_digit div)
    3640. 

  3640. {
    3641. 

  3641.     sp_digit r = 0;
    3642. 

  3642. 

  3643.     __asm__ __volatile__ (
    3644. 

  3644.         "lsr	r5, %[div], #1\n\t"
    3645. 

  3645.         "add	r5, #1\n\t"
    3646. 

  3646.         "mov	r8, %[d0]\n\t"
    3647. 

  3647.         "mov	r9, %[d1]\n\t"
    3648. 

  3648.         "# Do top 32\n\t"
    3649. 

  3649.         "mov	r6, r5\n\t"
    3650. 

  3650.         "sub	r6, %[d1]\n\t"
    3651. 

  3651.         "sbc	r6, r6\n\t"
    3652. 

  3652.         "add	%[r], %[r]\n\t"
    3653. 

  3653.         "sub	%[r], r6\n\t"
    3654. 

  3654.         "and	r6, r5\n\t"
    3655. 

  3655.         "sub	%[d1], r6\n\t"
    3656. 

  3656.         "# Next 30 bits\n\t"
    3657. 

  3657.         "mov	r4, #29\n\t"
    3658. 

  3658.         "1:\n\t"
    3659. 

  3659.         "lsl	%[d0], %[d0], #1\n\t"
    3660. 

  3660.         "adc	%[d1], %[d1]\n\t"
    3661. 

  3661.         "mov	r6, r5\n\t"
    3662. 

  3662.         "sub	r6, %[d1]\n\t"
    3663. 

  3663.         "sbc	r6, r6\n\t"
    3664. 

  3664.         "add	%[r], %[r]\n\t"
    3665. 

  3665.         "sub	%[r], r6\n\t"
    3666. 

  3666.         "and	r6, r5\n\t"
    3667. 

  3667.         "sub	%[d1], r6\n\t"
    3668. 

  3668.         "sub	r4, #1\n\t"
    3669. 

  3669.         "bpl	1b\n\t"
    3670. 

  3670.         "mov	r7, #0\n\t"
    3671. 

  3671.         "add	%[r], %[r]\n\t"
    3672. 

  3672.         "add	%[r], #1\n\t"
    3673. 

  3673.         "# r * div - Start\n\t"
    3674. 

  3674.         "lsl	%[d1], %[r], #16\n\t"
    3675. 

  3675.         "lsl	r4, %[div], #16\n\t"
    3676. 

  3676.         "lsr	%[d1], %[d1], #16\n\t"
    3677. 

  3677.         "lsr	r4, r4, #16\n\t"
    3678. 

  3678.         "mul	r4, %[d1]\n\t"
    3679. 

  3679.         "lsr	r6, %[div], #16\n\t"
    3680. 

  3680.         "mul	%[d1], r6\n\t"
    3681. 

  3681.         "lsr	r5, %[d1], #16\n\t"
    3682. 

  3682.         "lsl	%[d1], %[d1], #16\n\t"
    3683. 

  3683.         "add	r4, %[d1]\n\t"
    3684. 

  3684.         "adc	r5, r7\n\t"
    3685. 

  3685.         "lsr	%[d1], %[r], #16\n\t"
    3686. 

  3686.         "mul	r6, %[d1]\n\t"
    3687. 

  3687.         "add	r5, r6\n\t"
    3688. 

  3688.         "lsl	r6, %[div], #16\n\t"
    3689. 

  3689.         "lsr	r6, r6, #16\n\t"
    3690. 

  3690.         "mul	%[d1], r6\n\t"
    3691. 

  3691.         "lsr	r6, %[d1], #16\n\t"
    3692. 

  3692.         "lsl	%[d1], %[d1], #16\n\t"
    3693. 

  3693.         "add	r4, %[d1]\n\t"
    3694. 

  3694.         "adc	r5, r6\n\t"
    3695. 

  3695.         "# r * div - Done\n\t"
    3696. 

  3696.         "mov	%[d1], r8\n\t"
    3697. 

  3697.         "sub	%[d1], r4\n\t"
    3698. 

  3698.         "mov	r4, %[d1]\n\t"
    3699. 

  3699.         "mov	%[d1], r9\n\t"
    3700. 

  3700.         "sbc	%[d1], r5\n\t"
    3701. 

  3701.         "mov	r5, %[d1]\n\t"
    3702. 

  3702.         "add	%[r], r5\n\t"
    3703. 

  3703.         "# r * div - Start\n\t"
    3704. 

  3704.         "lsl	%[d1], %[r], #16\n\t"
    3705. 

  3705.         "lsl	r4, %[div], #16\n\t"
    3706. 

  3706.         "lsr	%[d1], %[d1], #16\n\t"
    3707. 

  3707.         "lsr	r4, r4, #16\n\t"
    3708. 

  3708.         "mul	r4, %[d1]\n\t"
    3709. 

  3709.         "lsr	r6, %[div], #16\n\t"
    3710. 

  3710.         "mul	%[d1], r6\n\t"
    3711. 

  3711.         "lsr	r5, %[d1], #16\n\t"
    3712. 

  3712.         "lsl	%[d1], %[d1], #16\n\t"
    3713. 

  3713.         "add	r4, %[d1]\n\t"
    3714. 

  3714.         "adc	r5, r7\n\t"
    3715. 

  3715.         "lsr	%[d1], %[r], #16\n\t"
    3716. 

  3716.         "mul	r6, %[d1]\n\t"
    3717. 

  3717.         "add	r5, r6\n\t"
    3718. 

  3718.         "lsl	r6, %[div], #16\n\t"
    3719. 

  3719.         "lsr	r6, r6, #16\n\t"
    3720. 

  3720.         "mul	%[d1], r6\n\t"
    3721. 

  3721.         "lsr	r6, %[d1], #16\n\t"
    3722. 

  3722.         "lsl	%[d1], %[d1], #16\n\t"
    3723. 

  3723.         "add	r4, %[d1]\n\t"
    3724. 

  3724.         "adc	r5, r6\n\t"
    3725. 

  3725.         "# r * div - Done\n\t"
    3726. 

  3726.         "mov	%[d1], r8\n\t"
    3727. 

  3727.         "mov	r6, r9\n\t"
    3728. 

  3728.         "sub	r4, %[d1], r4\n\t"
    3729. 

  3729.         "sbc	r6, r5\n\t"
    3730. 

  3730.         "mov	r5, r6\n\t"
    3731. 

  3731.         "add	%[r], r5\n\t"
    3732. 

  3732.         "# r * div - Start\n\t"
    3733. 

  3733.         "lsl	%[d1], %[r], #16\n\t"
    3734. 

  3734.         "lsl	r4, %[div], #16\n\t"
    3735. 

  3735.         "lsr	%[d1], %[d1], #16\n\t"
    3736. 

  3736.         "lsr	r4, r4, #16\n\t"
    3737. 

  3737.         "mul	r4, %[d1]\n\t"
    3738. 

  3738.         "lsr	r6, %[div], #16\n\t"
    3739. 

  3739.         "mul	%[d1], r6\n\t"
    3740. 

  3740.         "lsr	r5, %[d1], #16\n\t"
    3741. 

  3741.         "lsl	%[d1], %[d1], #16\n\t"
    3742. 

  3742.         "add	r4, %[d1]\n\t"
    3743. 

  3743.         "adc	r5, r7\n\t"
    3744. 

  3744.         "lsr	%[d1], %[r], #16\n\t"
    3745. 

  3745.         "mul	r6, %[d1]\n\t"
    3746. 

  3746.         "add	r5, r6\n\t"
    3747. 

  3747.         "lsl	r6, %[div], #16\n\t"
    3748. 

  3748.         "lsr	r6, r6, #16\n\t"
    3749. 

  3749.         "mul	%[d1], r6\n\t"
    3750. 

  3750.         "lsr	r6, %[d1], #16\n\t"
    3751. 

  3751.         "lsl	%[d1], %[d1], #16\n\t"
    3752. 

  3752.         "add	r4, %[d1]\n\t"
    3753. 

  3753.         "adc	r5, r6\n\t"
    3754. 

  3754.         "# r * div - Done\n\t"
    3755. 

  3755.         "mov	%[d1], r8\n\t"
    3756. 

  3756.         "mov	r6, r9\n\t"
    3757. 

  3757.         "sub	r4, %[d1], r4\n\t"
    3758. 

  3758.         "sbc	r6, r5\n\t"
    3759. 

  3759.         "mov	r5, r6\n\t"
    3760. 

  3760.         "add	%[r], r5\n\t"
    3761. 

  3761.         "mov	r6, %[div]\n\t"
    3762. 

  3762.         "sub	r6, r4\n\t"
    3763. 

  3763.         "sbc	r6, r6\n\t"
    3764. 

  3764.         "sub	%[r], r6\n\t"
    3765. 

  3765.         : [r] "+r" (r)
    3766. 

  3766.         : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div)
    3767. 

  3767.         : "r4", "r5", "r7", "r6", "r8", "r9"
    3768. 

  3768.     );
    3769. 

  3769.     return r;
    3770. 

  3770. }
    3771. 

  3771. 

  3772. /* AND m into each word of a and store in r.
    3773. 

  3773.  *
    3774. 

  3774.  * r  A single precision integer.
    3775. 

  3775.  * a  A single precision integer.
    3776. 

  3776.  * m  Mask to AND against each digit.
    3777. 

  3777.  */
    3778. 

  3778. static void sp_2048_mask_64(sp_digit* r, const sp_digit* a, sp_digit m)
    3779. 

  3779. {
    3780. 

  3780. #ifdef WOLFSSL_SP_SMALL
    3781. 

  3781.     int i;
    3782. 

  3782. 

  3783.     for (i=0; i<64; i++) {
    3784. 

  3784.         r[i] = a[i] & m;
    3785. 

  3785.     }
    3786. 

  3786. #else
    3787. 

  3787.     int i;
    3788. 

  3788. 

  3789.     for (i = 0; i < 64; i += 8) {
    3790. 

  3790.         r[i+0] = a[i+0] & m;
    3791. 

  3791.         r[i+1] = a[i+1] & m;
    3792. 

  3792.         r[i+2] = a[i+2] & m;
    3793. 

  3793.         r[i+3] = a[i+3] & m;
    3794. 

  3794.         r[i+4] = a[i+4] & m;
    3795. 

  3795.         r[i+5] = a[i+5] & m;
    3796. 

  3796.         r[i+6] = a[i+6] & m;
    3797. 

  3797.         r[i+7] = a[i+7] & m;
    3798. 

  3798.     }
    3799. 

  3799. #endif
    3800. 

  3800. }
    3801. 

  3801. 

  3802. /* Compare a with b in constant time.
    3803. 

  3803.  *
    3804. 

  3804.  * a  A single precision integer.
    3805. 

  3805.  * b  A single precision integer.
    3806. 

  3806.  * return -ve, 0 or +ve if a is less than, equal to or greater than b
    3807. 

  3807.  * respectively.
    3808. 

  3808.  */
    3809. 

  3809. SP_NOINLINE static int32_t sp_2048_cmp_64(const sp_digit* a, const sp_digit* b)
    3810. 

  3810. {
    3811. 

  3811.     sp_digit r = 0;
    3812. 

  3812. 

  3813. 

  3814.     __asm__ __volatile__ (
    3815. 

  3815.         "mov	r3, #0\n\t"
    3816. 

  3816.         "mvn	r3, r3\n\t"
    3817. 

  3817.         "mov	r6, #252\n\t"
    3818. 

  3818.         "1:\n\t"
    3819. 

  3819.         "ldr	r7, [%[a], r6]\n\t"
    3820. 

  3820.         "ldr	r5, [%[b], r6]\n\t"
    3821. 

  3821.         "and	r7, r3\n\t"
    3822. 

  3822.         "and	r5, r3\n\t"
    3823. 

  3823.         "mov	r4, r7\n\t"
    3824. 

  3824.         "sub	r7, r5\n\t"
    3825. 

  3825.         "sbc	r7, r7\n\t"
    3826. 

  3826.         "add	%[r], r7\n\t"
    3827. 

  3827.         "mvn	r7, r7\n\t"
    3828. 

  3828.         "and	r3, r7\n\t"
    3829. 

  3829.         "sub	r5, r4\n\t"
    3830. 

  3830.         "sbc	r7, r7\n\t"
    3831. 

  3831.         "sub	%[r], r7\n\t"
    3832. 

  3832.         "mvn	r7, r7\n\t"
    3833. 

  3833.         "and	r3, r7\n\t"
    3834. 

  3834.         "sub	r6, #4\n\t"
    3835. 

  3835.         "cmp	r6, #0\n\t"
    3836. 

  3836.         "bge	1b\n\t"
    3837. 

  3837.         : [r] "+r" (r)
    3838. 

  3838.         : [a] "r" (a), [b] "r" (b)
    3839. 

  3839.         : "r3", "r4", "r5", "r6", "r7"
    3840. 

  3840.     );
    3841. 

  3841. 

  3842.     return r;
    3843. 

  3843. }
    3844. 

  3844. 

  3845. /* Divide d in a and put remainder into r (m*d + r = a)
    3846. 

  3846.  * m is not calculated as it is not needed at this time.
    3847. 

  3847.  *
    3848. 

  3848.  * a  Nmber to be divided.
    3849. 

  3849.  * d  Number to divide with.
    3850. 

  3850.  * m  Multiplier result.
    3851. 

  3851.  * r  Remainder from the division.
    3852. 

  3852.  * returns MP_OKAY indicating success.
    3853. 

  3853.  */
    3854. 

  3854. static WC_INLINE int sp_2048_div_64(const sp_digit* a, const sp_digit* d, sp_digit* m,
    3855. 

  3855.         sp_digit* r)
    3856. 

  3856. {
    3857. 

  3857.     sp_digit t1[128], t2[65];
    3858. 

  3858.     sp_digit div, r1;
    3859. 

  3859.     int i;
    3860. 

  3860. 

  3861.     (void)m;
    3862. 

  3862. 

  3863.     div = d[63];
    3864. 

  3864.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 64);
    3865. 

  3865.     for (i=63; i>=0; i--) {
    3866. 

  3866.         r1 = div_2048_word_64(t1[64 + i], t1[64 + i - 1], div);
    3867. 

  3867. 

  3868.         sp_2048_mul_d_64(t2, d, r1);
    3869. 

  3869.         t1[64 + i] += sp_2048_sub_in_place_64(&t1[i], t2);
    3870. 

  3870.         t1[64 + i] -= t2[64];
    3871. 

  3871.         sp_2048_mask_64(t2, d, t1[64 + i]);
    3872. 

  3872.         t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], t2);
    3873. 

  3873.         sp_2048_mask_64(t2, d, t1[64 + i]);
    3874. 

  3874.         t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], t2);
    3875. 

  3875.     }
    3876. 

  3876. 

  3877.     r1 = sp_2048_cmp_64(t1, d) >= 0;
    3878. 

  3878.     sp_2048_cond_sub_64(r, t1, d, (sp_digit)0 - r1);
    3879. 

  3879. 

  3880.     return MP_OKAY;
    3881. 

  3881. }
    3882. 

  3882. 

  3883. /* Reduce a modulo m into r. (r = a mod m)
    3884. 

  3884.  *
    3885. 

  3885.  * r  A single precision number that is the reduced result.
    3886. 

  3886.  * a  A single precision number that is to be reduced.
    3887. 

  3887.  * m  A single precision number that is the modulus to reduce with.
    3888. 

  3888.  * returns MP_OKAY indicating success.
    3889. 

  3889.  */
    3890. 

  3890. static WC_INLINE int sp_2048_mod_64(sp_digit* r, const sp_digit* a, const sp_digit* m)
    3891. 

  3891. {
    3892. 

  3892.     return sp_2048_div_64(a, m, NULL, r);
    3893. 

  3893. }
    3894. 

  3894. 

  3895. /* Divide d in a and put remainder into r (m*d + r = a)
    3896. 

  3896.  * m is not calculated as it is not needed at this time.
    3897. 

  3897.  *
    3898. 

  3898.  * a  Nmber to be divided.
    3899. 

  3899.  * d  Number to divide with.
    3900. 

  3900.  * m  Multiplier result.
    3901. 

  3901.  * r  Remainder from the division.
    3902. 

  3902.  * returns MP_OKAY indicating success.
    3903. 

  3903.  */
    3904. 

  3904. static WC_INLINE int sp_2048_div_64_cond(const sp_digit* a, const sp_digit* d, sp_digit* m,
    3905. 

  3905.         sp_digit* r)
    3906. 

  3906. {
    3907. 

  3907.     sp_digit t1[128], t2[65];
    3908. 

  3908.     sp_digit div, r1;
    3909. 

  3909.     int i;
    3910. 

  3910. 

  3911.     (void)m;
    3912. 

  3912. 

  3913.     div = d[63];
    3914. 

  3914.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 64);
    3915. 

  3915.     for (i=63; i>=0; i--) {
    3916. 

  3916.         r1 = div_2048_word_64(t1[64 + i], t1[64 + i - 1], div);
    3917. 

  3917. 

  3918.         sp_2048_mul_d_64(t2, d, r1);
    3919. 

  3919.         t1[64 + i] += sp_2048_sub_in_place_64(&t1[i], t2);
    3920. 

  3920.         t1[64 + i] -= t2[64];
    3921. 

  3921.         if (t1[64 + i] != 0) {
    3922. 

  3922.             t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], d);
    3923. 

  3923.             if (t1[64 + i] != 0)
    3924. 

  3924.                 t1[64 + i] += sp_2048_add_64(&t1[i], &t1[i], d);
    3925. 

  3925.         }
    3926. 

  3926.     }
    3927. 

  3927. 

  3928.     r1 = sp_2048_cmp_64(t1, d) >= 0;
    3929. 

  3929.     sp_2048_cond_sub_64(r, t1, d, (sp_digit)0 - r1);
    3930. 

  3930. 

  3931.     return MP_OKAY;
    3932. 

  3932. }
    3933. 

  3933. 

  3934. /* Reduce a modulo m into r. (r = a mod m)
    3935. 

  3935.  *
    3936. 

  3936.  * r  A single precision number that is the reduced result.
    3937. 

  3937.  * a  A single precision number that is to be reduced.
    3938. 

  3938.  * m  A single precision number that is the modulus to reduce with.
    3939. 

  3939.  * returns MP_OKAY indicating success.
    3940. 

  3940.  */
    3941. 

  3941. static WC_INLINE int sp_2048_mod_64_cond(sp_digit* r, const sp_digit* a, const sp_digit* m)
    3942. 

  3942. {
    3943. 

  3943.     return sp_2048_div_64_cond(a, m, NULL, r);
    3944. 

  3944. }
    3945. 

  3945. 

  3946. #if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
    3947. 

  3947.                                                      defined(WOLFSSL_HAVE_SP_DH)
    3948. 

  3948. #ifdef WOLFSSL_SP_SMALL
    3949. 

  3949. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    3950. 

  3950.  *
    3951. 

  3951.  * r     A single precision number that is the result of the operation.
    3952. 

  3952.  * a     A single precision number being exponentiated.
    3953. 

  3953.  * e     A single precision number that is the exponent.
    3954. 

  3954.  * bits  The number of bits in the exponent.
    3955. 

  3955.  * m     A single precision number that is the modulus.
    3956. 

  3956.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    3957. 

  3957.  */
    3958. 

  3958. static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
    3959. 

  3959.         int bits, const sp_digit* m, int reduceA)
    3960. 

  3960. {
    3961. 

  3961. #ifndef WOLFSSL_SMALL_STACK
    3962. 

  3962.     sp_digit t[16][128];
    3963. 

  3963. #else
    3964. 

  3964.     sp_digit* t[16];
    3965. 

  3965.     sp_digit* td;
    3966. 

  3966. #endif
    3967. 

  3967.     sp_digit* norm;
    3968. 

  3968.     sp_digit mp = 1;
    3969. 

  3969.     sp_digit n;
    3970. 

  3970.     sp_digit mask;
    3971. 

  3971.     int i;
    3972. 

  3972.     int c, y;
    3973. 

  3973.     int err = MP_OKAY;
    3974. 

  3974. 

  3975. #ifdef WOLFSSL_SMALL_STACK
    3976. 

  3976.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 128, NULL,
    3977. 

  3977.                             DYNAMIC_TYPE_TMP_BUFFER);
    3978. 

  3978.     if (td == NULL) {
    3979. 

  3979.         err = MEMORY_E;
    3980. 

  3980.     }
    3981. 

  3981. #endif
    3982. 

  3982. 

  3983.     if (err == MP_OKAY) {
    3984. 

  3984. #ifdef WOLFSSL_SMALL_STACK
    3985. 

  3985.         for (i=0; i<16; i++) {
    3986. 

  3986.             t[i] = td + i * 128;
    3987. 

  3987.         }
    3988. 

  3988. #endif
    3989. 

  3989.         norm = t[0];
    3990. 

  3990. 

  3991.         sp_2048_mont_setup(m, &mp);
    3992. 

  3992.         sp_2048_mont_norm_64(norm, m);
    3993. 

  3993. 

  3994.         XMEMSET(t[1], 0, sizeof(sp_digit) * 64U);
    3995. 

  3995.         if (reduceA != 0) {
    3996. 

  3996.             err = sp_2048_mod_64(t[1] + 64, a, m);
    3997. 

  3997.             if (err == MP_OKAY) {
    3998. 

  3998.                 err = sp_2048_mod_64(t[1], t[1], m);
    3999. 

  3999.             }
    4000. 

  4000.         }
    4001. 

  4001.         else {
    4002. 

  4002.             XMEMCPY(t[1] + 64, a, sizeof(sp_digit) * 64);
    4003. 

  4003.             err = sp_2048_mod_64(t[1], t[1], m);
    4004. 

  4004.         }
    4005. 

  4005.     }
    4006. 

  4006. 

  4007.     if (err == MP_OKAY) {
    4008. 

  4008.         sp_2048_mont_sqr_64(t[ 2], t[ 1], m, mp);
    4009. 

  4009.         sp_2048_mont_mul_64(t[ 3], t[ 2], t[ 1], m, mp);
    4010. 

  4010.         sp_2048_mont_sqr_64(t[ 4], t[ 2], m, mp);
    4011. 

  4011.         sp_2048_mont_mul_64(t[ 5], t[ 3], t[ 2], m, mp);
    4012. 

  4012.         sp_2048_mont_sqr_64(t[ 6], t[ 3], m, mp);
    4013. 

  4013.         sp_2048_mont_mul_64(t[ 7], t[ 4], t[ 3], m, mp);
    4014. 

  4014.         sp_2048_mont_sqr_64(t[ 8], t[ 4], m, mp);
    4015. 

  4015.         sp_2048_mont_mul_64(t[ 9], t[ 5], t[ 4], m, mp);
    4016. 

  4016.         sp_2048_mont_sqr_64(t[10], t[ 5], m, mp);
    4017. 

  4017.         sp_2048_mont_mul_64(t[11], t[ 6], t[ 5], m, mp);
    4018. 

  4018.         sp_2048_mont_sqr_64(t[12], t[ 6], m, mp);
    4019. 

  4019.         sp_2048_mont_mul_64(t[13], t[ 7], t[ 6], m, mp);
    4020. 

  4020.         sp_2048_mont_sqr_64(t[14], t[ 7], m, mp);
    4021. 

  4021.         sp_2048_mont_mul_64(t[15], t[ 8], t[ 7], m, mp);
    4022. 

  4022. 

  4023.         i = (bits - 1) / 32;
    4024. 

  4024.         n = e[i--];
    4025. 

  4025.         c = bits & 31;
    4026. 

  4026.         if (c == 0) {
    4027. 

  4027.             c = 32;
    4028. 

  4028.         }
    4029. 

  4029.         c -= bits % 4;
    4030. 

  4030.         if (c == 32) {
    4031. 

  4031.             c = 28;
    4032. 

  4032.         }
    4033. 

  4033.         y = (int)(n >> c);
    4034. 

  4034.         n <<= 32 - c;
    4035. 

  4035.         XMEMCPY(r, t[y], sizeof(sp_digit) * 64);
    4036. 

  4036.         for (; i>=0 || c>=4; ) {
    4037. 

  4037.             if (c == 0) {
    4038. 

  4038.                 n = e[i--];
    4039. 

  4039.                 y = n >> 28;
    4040. 

  4040.                 n <<= 4;
    4041. 

  4041.                 c = 28;
    4042. 

  4042.             }
    4043. 

  4043.             else if (c < 4) {
    4044. 

  4044.                 y = n >> 28;
    4045. 

  4045.                 n = e[i--];
    4046. 

  4046.                 c = 4 - c;
    4047. 

  4047.                 y |= n >> (32 - c);
    4048. 

  4048.                 n <<= c;
    4049. 

  4049.                 c = 32 - c;
    4050. 

  4050.             }
    4051. 

  4051.             else {
    4052. 

  4052.                 y = (n >> 28) & 0xf;
    4053. 

  4053.                 n <<= 4;
    4054. 

  4054.                 c -= 4;
    4055. 

  4055.             }
    4056. 

  4056. 

  4057.             sp_2048_mont_sqr_64(r, r, m, mp);
    4058. 

  4058.             sp_2048_mont_sqr_64(r, r, m, mp);
    4059. 

  4059.             sp_2048_mont_sqr_64(r, r, m, mp);
    4060. 

  4060.             sp_2048_mont_sqr_64(r, r, m, mp);
    4061. 

  4061. 

  4062.             sp_2048_mont_mul_64(r, r, t[y], m, mp);
    4063. 

  4063.         }
    4064. 

  4064. 

  4065.         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
    4066. 

  4066.         sp_2048_mont_reduce_64(r, m, mp);
    4067. 

  4067. 

  4068.         mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
    4069. 

  4069.         sp_2048_cond_sub_64(r, r, m, mask);
    4070. 

  4070.     }
    4071. 

  4071. 

  4072. #ifdef WOLFSSL_SMALL_STACK
    4073. 

  4073.     if (td != NULL) {
    4074. 

  4074.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    4075. 

  4075.     }
    4076. 

  4076. #endif
    4077. 

  4077. 

  4078.     return err;
    4079. 

  4079. }
    4080. 

  4080. #else
    4081. 

  4081. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    4082. 

  4082.  *
    4083. 

  4083.  * r     A single precision number that is the result of the operation.
    4084. 

  4084.  * a     A single precision number being exponentiated.
    4085. 

  4085.  * e     A single precision number that is the exponent.
    4086. 

  4086.  * bits  The number of bits in the exponent.
    4087. 

  4087.  * m     A single precision number that is the modulus.
    4088. 

  4088.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    4089. 

  4089.  */
    4090. 

  4090. static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
    4091. 

  4091.         int bits, const sp_digit* m, int reduceA)
    4092. 

  4092. {
    4093. 

  4093. #ifndef WOLFSSL_SMALL_STACK
    4094. 

  4094.     sp_digit t[32][128];
    4095. 

  4095. #else
    4096. 

  4096.     sp_digit* t[32];
    4097. 

  4097.     sp_digit* td;
    4098. 

  4098. #endif
    4099. 

  4099.     sp_digit* norm;
    4100. 

  4100.     sp_digit mp = 1;
    4101. 

  4101.     sp_digit n;
    4102. 

  4102.     sp_digit mask;
    4103. 

  4103.     int i;
    4104. 

  4104.     int c, y;
    4105. 

  4105.     int err = MP_OKAY;
    4106. 

  4106. 

  4107. #ifdef WOLFSSL_SMALL_STACK
    4108. 

  4108.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 128, NULL,
    4109. 

  4109.                             DYNAMIC_TYPE_TMP_BUFFER);
    4110. 

  4110.     if (td == NULL) {
    4111. 

  4111.         err = MEMORY_E;
    4112. 

  4112.     }
    4113. 

  4113. #endif
    4114. 

  4114. 

  4115.     if (err == MP_OKAY) {
    4116. 

  4116. #ifdef WOLFSSL_SMALL_STACK
    4117. 

  4117.         for (i=0; i<32; i++) {
    4118. 

  4118.             t[i] = td + i * 128;
    4119. 

  4119.         }
    4120. 

  4120. #endif
    4121. 

  4121.         norm = t[0];
    4122. 

  4122. 

  4123.         sp_2048_mont_setup(m, &mp);
    4124. 

  4124.         sp_2048_mont_norm_64(norm, m);
    4125. 

  4125. 

  4126.         XMEMSET(t[1], 0, sizeof(sp_digit) * 64U);
    4127. 

  4127.         if (reduceA != 0) {
    4128. 

  4128.             err = sp_2048_mod_64(t[1] + 64, a, m);
    4129. 

  4129.             if (err == MP_OKAY) {
    4130. 

  4130.                 err = sp_2048_mod_64(t[1], t[1], m);
    4131. 

  4131.             }
    4132. 

  4132.         }
    4133. 

  4133.         else {
    4134. 

  4134.             XMEMCPY(t[1] + 64, a, sizeof(sp_digit) * 64);
    4135. 

  4135.             err = sp_2048_mod_64(t[1], t[1], m);
    4136. 

  4136.         }
    4137. 

  4137.     }
    4138. 

  4138. 

  4139.     if (err == MP_OKAY) {
    4140. 

  4140.         sp_2048_mont_sqr_64(t[ 2], t[ 1], m, mp);
    4141. 

  4141.         sp_2048_mont_mul_64(t[ 3], t[ 2], t[ 1], m, mp);
    4142. 

  4142.         sp_2048_mont_sqr_64(t[ 4], t[ 2], m, mp);
    4143. 

  4143.         sp_2048_mont_mul_64(t[ 5], t[ 3], t[ 2], m, mp);
    4144. 

  4144.         sp_2048_mont_sqr_64(t[ 6], t[ 3], m, mp);
    4145. 

  4145.         sp_2048_mont_mul_64(t[ 7], t[ 4], t[ 3], m, mp);
    4146. 

  4146.         sp_2048_mont_sqr_64(t[ 8], t[ 4], m, mp);
    4147. 

  4147.         sp_2048_mont_mul_64(t[ 9], t[ 5], t[ 4], m, mp);
    4148. 

  4148.         sp_2048_mont_sqr_64(t[10], t[ 5], m, mp);
    4149. 

  4149.         sp_2048_mont_mul_64(t[11], t[ 6], t[ 5], m, mp);
    4150. 

  4150.         sp_2048_mont_sqr_64(t[12], t[ 6], m, mp);
    4151. 

  4151.         sp_2048_mont_mul_64(t[13], t[ 7], t[ 6], m, mp);
    4152. 

  4152.         sp_2048_mont_sqr_64(t[14], t[ 7], m, mp);
    4153. 

  4153.         sp_2048_mont_mul_64(t[15], t[ 8], t[ 7], m, mp);
    4154. 

  4154.         sp_2048_mont_sqr_64(t[16], t[ 8], m, mp);
    4155. 

  4155.         sp_2048_mont_mul_64(t[17], t[ 9], t[ 8], m, mp);
    4156. 

  4156.         sp_2048_mont_sqr_64(t[18], t[ 9], m, mp);
    4157. 

  4157.         sp_2048_mont_mul_64(t[19], t[10], t[ 9], m, mp);
    4158. 

  4158.         sp_2048_mont_sqr_64(t[20], t[10], m, mp);
    4159. 

  4159.         sp_2048_mont_mul_64(t[21], t[11], t[10], m, mp);
    4160. 

  4160.         sp_2048_mont_sqr_64(t[22], t[11], m, mp);
    4161. 

  4161.         sp_2048_mont_mul_64(t[23], t[12], t[11], m, mp);
    4162. 

  4162.         sp_2048_mont_sqr_64(t[24], t[12], m, mp);
    4163. 

  4163.         sp_2048_mont_mul_64(t[25], t[13], t[12], m, mp);
    4164. 

  4164.         sp_2048_mont_sqr_64(t[26], t[13], m, mp);
    4165. 

  4165.         sp_2048_mont_mul_64(t[27], t[14], t[13], m, mp);
    4166. 

  4166.         sp_2048_mont_sqr_64(t[28], t[14], m, mp);
    4167. 

  4167.         sp_2048_mont_mul_64(t[29], t[15], t[14], m, mp);
    4168. 

  4168.         sp_2048_mont_sqr_64(t[30], t[15], m, mp);
    4169. 

  4169.         sp_2048_mont_mul_64(t[31], t[16], t[15], m, mp);
    4170. 

  4170. 

  4171.         i = (bits - 1) / 32;
    4172. 

  4172.         n = e[i--];
    4173. 

  4173.         c = bits & 31;
    4174. 

  4174.         if (c == 0) {
    4175. 

  4175.             c = 32;
    4176. 

  4176.         }
    4177. 

  4177.         c -= bits % 5;
    4178. 

  4178.         if (c == 32) {
    4179. 

  4179.             c = 27;
    4180. 

  4180.         }
    4181. 

  4181.         y = (int)(n >> c);
    4182. 

  4182.         n <<= 32 - c;
    4183. 

  4183.         XMEMCPY(r, t[y], sizeof(sp_digit) * 64);
    4184. 

  4184.         for (; i>=0 || c>=5; ) {
    4185. 

  4185.             if (c == 0) {
    4186. 

  4186.                 n = e[i--];
    4187. 

  4187.                 y = n >> 27;
    4188. 

  4188.                 n <<= 5;
    4189. 

  4189.                 c = 27;
    4190. 

  4190.             }
    4191. 

  4191.             else if (c < 5) {
    4192. 

  4192.                 y = n >> 27;
    4193. 

  4193.                 n = e[i--];
    4194. 

  4194.                 c = 5 - c;
    4195. 

  4195.                 y |= n >> (32 - c);
    4196. 

  4196.                 n <<= c;
    4197. 

  4197.                 c = 32 - c;
    4198. 

  4198.             }
    4199. 

  4199.             else {
    4200. 

  4200.                 y = (n >> 27) & 0x1f;
    4201. 

  4201.                 n <<= 5;
    4202. 

  4202.                 c -= 5;
    4203. 

  4203.             }
    4204. 

  4204. 

  4205.             sp_2048_mont_sqr_64(r, r, m, mp);
    4206. 

  4206.             sp_2048_mont_sqr_64(r, r, m, mp);
    4207. 

  4207.             sp_2048_mont_sqr_64(r, r, m, mp);
    4208. 

  4208.             sp_2048_mont_sqr_64(r, r, m, mp);
    4209. 

  4209.             sp_2048_mont_sqr_64(r, r, m, mp);
    4210. 

  4210. 

  4211.             sp_2048_mont_mul_64(r, r, t[y], m, mp);
    4212. 

  4212.         }
    4213. 

  4213. 

  4214.         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
    4215. 

  4215.         sp_2048_mont_reduce_64(r, m, mp);
    4216. 

  4216. 

  4217.         mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
    4218. 

  4218.         sp_2048_cond_sub_64(r, r, m, mask);
    4219. 

  4219.     }
    4220. 

  4220. 

  4221. #ifdef WOLFSSL_SMALL_STACK
    4222. 

  4222.     if (td != NULL) {
    4223. 

  4223.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    4224. 

  4224.     }
    4225. 

  4225. #endif
    4226. 

  4226. 

  4227.     return err;
    4228. 

  4228. }
    4229. 

  4229. #endif /* WOLFSSL_SP_SMALL */
    4230. 

  4230. #endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */
    4231. 

  4231. 

  4232. #ifdef WOLFSSL_HAVE_SP_RSA
    4233. 

  4233. /* RSA public key operation.
    4234. 

  4234.  *
    4235. 

  4235.  * in      Array of bytes representing the number to exponentiate, base.
    4236. 

  4236.  * inLen   Number of bytes in base.
    4237. 

  4237.  * em      Public exponent.
    4238. 

  4238.  * mm      Modulus.
    4239. 

  4239.  * out     Buffer to hold big-endian bytes of exponentiation result.
    4240. 

  4240.  *         Must be at least 256 bytes long.
    4241. 

  4241.  * outLen  Number of bytes in result.
    4242. 

  4242.  * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
    4243. 

  4243.  * an array is too long and MEMORY_E when dynamic memory allocation fails.
    4244. 

  4244.  */
    4245. 

  4245. int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
    4246. 

  4246.     byte* out, word32* outLen)
    4247. 

  4247. {
    4248. 

  4248. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    4249. 

  4249.     sp_digit ad[128], md[64], rd[128];
    4250. 

  4250. #else
    4251. 

  4251.     sp_digit* d = NULL;
    4252. 

  4252. #endif
    4253. 

  4253.     sp_digit* a;
    4254. 

  4254.     sp_digit *ah;
    4255. 

  4255.     sp_digit* m;
    4256. 

  4256.     sp_digit* r;
    4257. 

  4257.     sp_digit e[1];
    4258. 

  4258.     int err = MP_OKAY;
    4259. 

  4259. 

  4260.     if (*outLen < 256)
    4261. 

  4261.         err = MP_TO_E;
    4262. 

  4262.     if (err == MP_OKAY && (mp_count_bits(em) > 32 || inLen > 256 ||
    4263. 

  4263.                                                      mp_count_bits(mm) != 2048))
    4264. 

  4264.         err = MP_READ_E;
    4265. 

  4265. 

  4266. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    4267. 

  4267.     if (err == MP_OKAY) {
    4268. 

  4268.         d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
    4269. 

  4269.                                                               DYNAMIC_TYPE_RSA);
    4270. 

  4270.         if (d == NULL)
    4271. 

  4271.             err = MEMORY_E;
    4272. 

  4272.     }
    4273. 

  4273. 

  4274.     if (err == MP_OKAY) {
    4275. 

  4275.         a = d;
    4276. 

  4276.         r = a + 64 * 2;
    4277. 

  4277.         m = r + 64 * 2;
    4278. 

  4278.         ah = a + 64;
    4279. 

  4279.     }
    4280. 

  4280. #else
    4281. 

  4281.     a = ad;
    4282. 

  4282.     m = md;
    4283. 

  4283.     r = rd;
    4284. 

  4284.     ah = a + 64;
    4285. 

  4285. #endif
    4286. 

  4286. 

  4287.     if (err == MP_OKAY) {
    4288. 

  4288.         sp_2048_from_bin(ah, 64, in, inLen);
    4289. 

  4289. #if DIGIT_BIT >= 32
    4290. 

  4290.         e[0] = em->dp[0];
    4291. 

  4291. #else
    4292. 

  4292.         e[0] = em->dp[0];
    4293. 

  4293.         if (em->used > 1)
    4294. 

  4294.             e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
    4295. 

  4295. #endif
    4296. 

  4296.         if (e[0] == 0)
    4297. 

  4297.             err = MP_EXPTMOD_E;
    4298. 

  4298.     }
    4299. 

  4299.     if (err == MP_OKAY) {
    4300. 

  4300.         sp_2048_from_mp(m, 64, mm);
    4301. 

  4301. 

  4302.         if (e[0] == 0x3) {
    4303. 

  4303.             if (err == MP_OKAY) {
    4304. 

  4304.                 sp_2048_sqr_64(r, ah);
    4305. 

  4305.                 err = sp_2048_mod_64_cond(r, r, m);
    4306. 

  4306.             }
    4307. 

  4307.             if (err == MP_OKAY) {
    4308. 

  4308.                 sp_2048_mul_64(r, ah, r);
    4309. 

  4309.                 err = sp_2048_mod_64_cond(r, r, m);
    4310. 

  4310.             }
    4311. 

  4311.         }
    4312. 

  4312.         else {
    4313. 

  4313.             int i;
    4314. 

  4314.             sp_digit mp;
    4315. 

  4315. 

  4316.             sp_2048_mont_setup(m, &mp);
    4317. 

  4317. 

  4318.             /* Convert to Montgomery form. */
    4319. 

  4319.             XMEMSET(a, 0, sizeof(sp_digit) * 64);
    4320. 

  4320.             err = sp_2048_mod_64_cond(a, a, m);
    4321. 

  4321. 

  4322.             if (err == MP_OKAY) {
    4323. 

  4323.                 for (i=31; i>=0; i--)
    4324. 

  4324.                     if (e[0] >> i)
    4325. 

  4325.                         break;
    4326. 

  4326. 

  4327.                 XMEMCPY(r, a, sizeof(sp_digit) * 64);
    4328. 

  4328.                 for (i--; i>=0; i--) {
    4329. 

  4329.                     sp_2048_mont_sqr_64(r, r, m, mp);
    4330. 

  4330.                     if (((e[0] >> i) & 1) == 1)
    4331. 

  4331.                         sp_2048_mont_mul_64(r, r, a, m, mp);
    4332. 

  4332.                 }
    4333. 

  4333.                 XMEMSET(&r[64], 0, sizeof(sp_digit) * 64);
    4334. 

  4334.                 sp_2048_mont_reduce_64(r, m, mp);
    4335. 

  4335. 

  4336.                 for (i = 63; i > 0; i--) {
    4337. 

  4337.                     if (r[i] != m[i])
    4338. 

  4338.                         break;
    4339. 

  4339.                 }
    4340. 

  4340.                 if (r[i] >= m[i])
    4341. 

  4341.                     sp_2048_sub_in_place_64(r, m);
    4342. 

  4342.             }
    4343. 

  4343.         }
    4344. 

  4344.     }
    4345. 

  4345. 

  4346.     if (err == MP_OKAY) {
    4347. 

  4347.         sp_2048_to_bin(r, out);
    4348. 

  4348.         *outLen = 256;
    4349. 

  4349.     }
    4350. 

  4350. 

  4351. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    4352. 

  4352.     if (d != NULL)
    4353. 

  4353.         XFREE(d, NULL, DYNAMIC_TYPE_RSA);
    4354. 

  4354. #endif
    4355. 

  4355. 

  4356.     return err;
    4357. 

  4357. }
    4358. 

  4358. 

  4359. /* RSA private key operation.
    4360. 

  4360.  *
    4361. 

  4361.  * in      Array of bytes representing the number to exponentiate, base.
    4362. 

  4362.  * inLen   Number of bytes in base.
    4363. 

  4363.  * dm      Private exponent.
    4364. 

  4364.  * pm      First prime.
    4365. 

  4365.  * qm      Second prime.
    4366. 

  4366.  * dpm     First prime's CRT exponent.
    4367. 

  4367.  * dqm     Second prime's CRT exponent.
    4368. 

  4368.  * qim     Inverse of second prime mod p.
    4369. 

  4369.  * mm      Modulus.
    4370. 

  4370.  * out     Buffer to hold big-endian bytes of exponentiation result.
    4371. 

  4371.  *         Must be at least 256 bytes long.
    4372. 

  4372.  * outLen  Number of bytes in result.
    4373. 

  4373.  * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
    4374. 

  4374.  * an array is too long and MEMORY_E when dynamic memory allocation fails.
    4375. 

  4375.  */
    4376. 

  4376. int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
    4377. 

  4377.     mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, mp_int* mm,
    4378. 

  4378.     byte* out, word32* outLen)
    4379. 

  4379. {
    4380. 

  4380. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    4381. 

  4381.     sp_digit ad[64 * 2];
    4382. 

  4382.     sp_digit pd[32], qd[32], dpd[32];
    4383. 

  4383.     sp_digit tmpad[64], tmpbd[64];
    4384. 

  4384. #else
    4385. 

  4385.     sp_digit* t = NULL;
    4386. 

  4386. #endif
    4387. 

  4387.     sp_digit* a;
    4388. 

  4388.     sp_digit* p;
    4389. 

  4389.     sp_digit* q;
    4390. 

  4390.     sp_digit* dp;
    4391. 

  4391.     sp_digit* dq;
    4392. 

  4392.     sp_digit* qi;
    4393. 

  4393.     sp_digit* tmp;
    4394. 

  4394.     sp_digit* tmpa;
    4395. 

  4395.     sp_digit* tmpb;
    4396. 

  4396.     sp_digit* r;
    4397. 

  4397.     sp_digit c;
    4398. 

  4398.     int err = MP_OKAY;
    4399. 

  4399. 

  4400.     (void)dm;
    4401. 

  4401.     (void)mm;
    4402. 

  4402. 

  4403.     if (*outLen < 256)
    4404. 

  4404.         err = MP_TO_E;
    4405. 

  4405.     if (err == MP_OKAY && (inLen > 256 || mp_count_bits(mm) != 2048))
    4406. 

  4406.         err = MP_READ_E;
    4407. 

  4407. 

  4408. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    4409. 

  4409.     if (err == MP_OKAY) {
    4410. 

  4410.         t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
    4411. 

  4411.                                                               DYNAMIC_TYPE_RSA);
    4412. 

  4412.         if (t == NULL)
    4413. 

  4413.             err = MEMORY_E;
    4414. 

  4414.     }
    4415. 

  4415.     if (err == MP_OKAY) {
    4416. 

  4416.         a = t;
    4417. 

  4417.         p = a + 64 * 2;
    4418. 

  4418.         q = p + 32;
    4419. 

  4419.         qi = dq = dp = q + 32;
    4420. 

  4420.         tmpa = qi + 32;
    4421. 

  4421.         tmpb = tmpa + 64;
    4422. 

  4422. 

  4423.         tmp = t;
    4424. 

  4424.         r = tmp + 64;
    4425. 

  4425.     }
    4426. 

  4426. #else
    4427. 

  4427.     r = a = ad;
    4428. 

  4428.     p = pd;
    4429. 

  4429.     q = qd;
    4430. 

  4430.     qi = dq = dp = dpd;
    4431. 

  4431.     tmpa = tmpad;
    4432. 

  4432.     tmpb = tmpbd;
    4433. 

  4433.     tmp = a + 64;
    4434. 

  4434. #endif
    4435. 

  4435. 

  4436.     if (err == MP_OKAY) {
    4437. 

  4437.         sp_2048_from_bin(a, 64, in, inLen);
    4438. 

  4438.         sp_2048_from_mp(p, 32, pm);
    4439. 

  4439.         sp_2048_from_mp(q, 32, qm);
    4440. 

  4440.         sp_2048_from_mp(dp, 32, dpm);
    4441. 

  4441. 

  4442.         err = sp_2048_mod_exp_32(tmpa, a, dp, 1024, p, 1);
    4443. 

  4443.     }
    4444. 

  4444.     if (err == MP_OKAY) {
    4445. 

  4445.         sp_2048_from_mp(dq, 32, dqm);
    4446. 

  4446.         err = sp_2048_mod_exp_32(tmpb, a, dq, 1024, q, 1);
    4447. 

  4447.     }
    4448. 

  4448. 

  4449.     if (err == MP_OKAY) {
    4450. 

  4450.         c = sp_2048_sub_in_place_32(tmpa, tmpb);
    4451. 

  4451.         sp_2048_mask_32(tmp, p, c);
    4452. 

  4452.         sp_2048_add_32(tmpa, tmpa, tmp);
    4453. 

  4453. 

  4454.         sp_2048_from_mp(qi, 32, qim);
    4455. 

  4455.         sp_2048_mul_32(tmpa, tmpa, qi);
    4456. 

  4456.         err = sp_2048_mod_32(tmpa, tmpa, p);
    4457. 

  4457.     }
    4458. 

  4458. 

  4459.     if (err == MP_OKAY) {
    4460. 

  4460.         sp_2048_mul_32(tmpa, q, tmpa);
    4461. 

  4461.         XMEMSET(&tmpb[32], 0, sizeof(sp_digit) * 32);
    4462. 

  4462.         sp_2048_add_64(r, tmpb, tmpa);
    4463. 

  4463. 

  4464.         sp_2048_to_bin(r, out);
    4465. 

  4465.         *outLen = 256;
    4466. 

  4466.     }
    4467. 

  4467. 

  4468. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    4469. 

  4469.     if (t != NULL) {
    4470. 

  4470.         XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11);
    4471. 

  4471.         XFREE(t, NULL, DYNAMIC_TYPE_RSA);
    4472. 

  4472.     }
    4473. 

  4473. #else
    4474. 

  4474.     XMEMSET(tmpad, 0, sizeof(tmpad));
    4475. 

  4475.     XMEMSET(tmpbd, 0, sizeof(tmpbd));
    4476. 

  4476.     XMEMSET(pd, 0, sizeof(pd));
    4477. 

  4477.     XMEMSET(qd, 0, sizeof(qd));
    4478. 

  4478.     XMEMSET(dpd, 0, sizeof(dpd));
    4479. 

  4479. #endif
    4480. 

  4480. 

  4481.     return err;
    4482. 

  4482. }
    4483. 

  4483. #endif /* WOLFSSL_HAVE_SP_RSA */
    4484. 

  4484. #if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
    4485. 

  4485.                                               !defined(WOLFSSL_RSA_PUBLIC_ONLY))
    4486. 

  4486. /* Convert an array of sp_digit to an mp_int.
    4487. 

  4487.  *
    4488. 

  4488.  * a  A single precision integer.
    4489. 

  4489.  * r  A multi-precision integer.
    4490. 

  4490.  */
    4491. 

  4491. static int sp_2048_to_mp(const sp_digit* a, mp_int* r)
    4492. 

  4492. {
    4493. 

  4493.     int err;
    4494. 

  4494. 

  4495.     err = mp_grow(r, (2048 + DIGIT_BIT - 1) / DIGIT_BIT);
    4496. 

  4496.     if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
    4497. 

  4497. #if DIGIT_BIT == 32
    4498. 

  4498.         XMEMCPY(r->dp, a, sizeof(sp_digit) * 64);
    4499. 

  4499.         r->used = 64;
    4500. 

  4500.         mp_clamp(r);
    4501. 

  4501. #elif DIGIT_BIT < 32
    4502. 

  4502.         int i, j = 0, s = 0;
    4503. 

  4503. 

  4504.         r->dp[0] = 0;
    4505. 

  4505.         for (i = 0; i < 64; i++) {
    4506. 

  4506.             r->dp[j] |= a[i] << s;
    4507. 

  4507.             r->dp[j] &= (1L << DIGIT_BIT) - 1;
    4508. 

  4508.             s = DIGIT_BIT - s;
    4509. 

  4509.             r->dp[++j] = a[i] >> s;
    4510. 

  4510.             while (s + DIGIT_BIT <= 32) {
    4511. 

  4511.                 s += DIGIT_BIT;
    4512. 

  4512.                 r->dp[j++] &= (1L << DIGIT_BIT) - 1;
    4513. 

  4513.                 if (s == SP_WORD_SIZE) {
    4514. 

  4514.                     r->dp[j] = 0;
    4515. 

  4515.                 }
    4516. 

  4516.                 else {
    4517. 

  4517.                     r->dp[j] = a[i] >> s;
    4518. 

  4518.                 }
    4519. 

  4519.             }
    4520. 

  4520.             s = 32 - s;
    4521. 

  4521.         }
    4522. 

  4522.         r->used = (2048 + DIGIT_BIT - 1) / DIGIT_BIT;
    4523. 

  4523.         mp_clamp(r);
    4524. 

  4524. #else
    4525. 

  4525.         int i, j = 0, s = 0;
    4526. 

  4526. 

  4527.         r->dp[0] = 0;
    4528. 

  4528.         for (i = 0; i < 64; i++) {
    4529. 

  4529.             r->dp[j] |= ((mp_digit)a[i]) << s;
    4530. 

  4530.             if (s + 32 >= DIGIT_BIT) {
    4531. 

  4531.     #if DIGIT_BIT != 32 && DIGIT_BIT != 64
    4532. 

  4532.                 r->dp[j] &= (1L << DIGIT_BIT) - 1;
    4533. 

  4533.     #endif
    4534. 

  4534.                 s = DIGIT_BIT - s;
    4535. 

  4535.                 r->dp[++j] = a[i] >> s;
    4536. 

  4536.                 s = 32 - s;
    4537. 

  4537.             }
    4538. 

  4538.             else {
    4539. 

  4539.                 s += 32;
    4540. 

  4540.             }
    4541. 

  4541.         }
    4542. 

  4542.         r->used = (2048 + DIGIT_BIT - 1) / DIGIT_BIT;
    4543. 

  4543.         mp_clamp(r);
    4544. 

  4544. #endif
    4545. 

  4545.     }
    4546. 

  4546. 

  4547.     return err;
    4548. 

  4548. }
    4549. 

  4549. 

  4550. /* Perform the modular exponentiation for Diffie-Hellman.
    4551. 

  4551.  *
    4552. 

  4552.  * base  Base. MP integer.
    4553. 

  4553.  * exp   Exponent. MP integer.
    4554. 

  4554.  * mod   Modulus. MP integer.
    4555. 

  4555.  * res   Result. MP integer.
    4556. 

  4556.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    4557. 

  4557.  * and MEMORY_E if memory allocation fails.
    4558. 

  4558.  */
    4559. 

  4559. int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
    4560. 

  4560. {
    4561. 

  4561.     int err = MP_OKAY;
    4562. 

  4562.     sp_digit b[128], e[64], m[64];
    4563. 

  4563.     sp_digit* r = b;
    4564. 

  4564.     int expBits = mp_count_bits(exp);
    4565. 

  4565. 

  4566.     if (mp_count_bits(base) > 2048) {
    4567. 

  4567.         err = MP_READ_E;
    4568. 

  4568.     }
    4569. 

  4569. 

  4570.     if (err == MP_OKAY) {
    4571. 

  4571.         if (expBits > 2048) {
    4572. 

  4572.             err = MP_READ_E;
    4573. 

  4573.         }
    4574. 

  4574.     }
    4575. 

  4575. 

  4576.     if (err == MP_OKAY) {
    4577. 

  4577.         if (mp_count_bits(mod) != 2048) {
    4578. 

  4578.             err = MP_READ_E;
    4579. 

  4579.         }
    4580. 

  4580.     }
    4581. 

  4581. 

  4582.     if (err == MP_OKAY) {
    4583. 

  4583.         sp_2048_from_mp(b, 64, base);
    4584. 

  4584.         sp_2048_from_mp(e, 64, exp);
    4585. 

  4585.         sp_2048_from_mp(m, 64, mod);
    4586. 

  4586. 

  4587.         err = sp_2048_mod_exp_64(r, b, e, expBits, m, 0);
    4588. 

  4588.     }
    4589. 

  4589. 

  4590.     if (err == MP_OKAY) {
    4591. 

  4591.         err = sp_2048_to_mp(r, res);
    4592. 

  4592.     }
    4593. 

  4593. 

  4594.     XMEMSET(e, 0, sizeof(e));
    4595. 

  4595. 

  4596.     return err;
    4597. 

  4597. }
    4598. 

  4598. 

  4599. #ifdef WOLFSSL_HAVE_SP_DH
    4600. 

  4600. 

  4601. #ifdef HAVE_FFDHE_2048
    4602. 

  4602. static void sp_2048_lshift_64(sp_digit* r, sp_digit* a, byte n)
    4603. 

  4603. {
    4604. 

  4604.     __asm__ __volatile__ (
    4605. 

  4605.         "mov	r6, #31\n\t"
    4606. 

  4606.         "sub	r6, r6, %[n]\n\t"
    4607. 

  4607.         "add	%[a], %[a], #192\n\t"
    4608. 

  4608.         "add	%[r], %[r], #192\n\t"
    4609. 

  4609.         "ldr	r3, [%[a], #60]\n\t"
    4610. 

  4610.         "lsr	r4, r3, #1\n\t"
    4611. 

  4611.         "lsl	r3, r3, %[n]\n\t"
    4612. 

  4612.         "lsr	r4, r4, r6\n\t"
    4613. 

  4613.         "ldr	r2, [%[a], #56]\n\t"
    4614. 

  4614.         "str	r4, [%[r], #64]\n\t"
    4615. 

  4615.         "lsr	r5, r2, #1\n\t"
    4616. 

  4616.         "lsl	r2, r2, %[n]\n\t"
    4617. 

  4617.         "lsr	r5, r5, r6\n\t"
    4618. 

  4618.         "orr	r3, r3, r5\n\t"
    4619. 

  4619.         "ldr	r4, [%[a], #52]\n\t"
    4620. 

  4620.         "str	r3, [%[r], #60]\n\t"
    4621. 

  4621.         "lsr	r5, r4, #1\n\t"
    4622. 

  4622.         "lsl	r4, r4, %[n]\n\t"
    4623. 

  4623.         "lsr	r5, r5, r6\n\t"
    4624. 

  4624.         "orr	r2, r2, r5\n\t"
    4625. 

  4625.         "ldr	r3, [%[a], #48]\n\t"
    4626. 

  4626.         "str	r2, [%[r], #56]\n\t"
    4627. 

  4627.         "lsr	r5, r3, #1\n\t"
    4628. 

  4628.         "lsl	r3, r3, %[n]\n\t"
    4629. 

  4629.         "lsr	r5, r5, r6\n\t"
    4630. 

  4630.         "orr	r4, r4, r5\n\t"
    4631. 

  4631.         "ldr	r2, [%[a], #44]\n\t"
    4632. 

  4632.         "str	r4, [%[r], #52]\n\t"
    4633. 

  4633.         "lsr	r5, r2, #1\n\t"
    4634. 

  4634.         "lsl	r2, r2, %[n]\n\t"
    4635. 

  4635.         "lsr	r5, r5, r6\n\t"
    4636. 

  4636.         "orr	r3, r3, r5\n\t"
    4637. 

  4637.         "ldr	r4, [%[a], #40]\n\t"
    4638. 

  4638.         "str	r3, [%[r], #48]\n\t"
    4639. 

  4639.         "lsr	r5, r4, #1\n\t"
    4640. 

  4640.         "lsl	r4, r4, %[n]\n\t"
    4641. 

  4641.         "lsr	r5, r5, r6\n\t"
    4642. 

  4642.         "orr	r2, r2, r5\n\t"
    4643. 

  4643.         "ldr	r3, [%[a], #36]\n\t"
    4644. 

  4644.         "str	r2, [%[r], #44]\n\t"
    4645. 

  4645.         "lsr	r5, r3, #1\n\t"
    4646. 

  4646.         "lsl	r3, r3, %[n]\n\t"
    4647. 

  4647.         "lsr	r5, r5, r6\n\t"
    4648. 

  4648.         "orr	r4, r4, r5\n\t"
    4649. 

  4649.         "ldr	r2, [%[a], #32]\n\t"
    4650. 

  4650.         "str	r4, [%[r], #40]\n\t"
    4651. 

  4651.         "lsr	r5, r2, #1\n\t"
    4652. 

  4652.         "lsl	r2, r2, %[n]\n\t"
    4653. 

  4653.         "lsr	r5, r5, r6\n\t"
    4654. 

  4654.         "orr	r3, r3, r5\n\t"
    4655. 

  4655.         "ldr	r4, [%[a], #28]\n\t"
    4656. 

  4656.         "str	r3, [%[r], #36]\n\t"
    4657. 

  4657.         "lsr	r5, r4, #1\n\t"
    4658. 

  4658.         "lsl	r4, r4, %[n]\n\t"
    4659. 

  4659.         "lsr	r5, r5, r6\n\t"
    4660. 

  4660.         "orr	r2, r2, r5\n\t"
    4661. 

  4661.         "ldr	r3, [%[a], #24]\n\t"
    4662. 

  4662.         "str	r2, [%[r], #32]\n\t"
    4663. 

  4663.         "lsr	r5, r3, #1\n\t"
    4664. 

  4664.         "lsl	r3, r3, %[n]\n\t"
    4665. 

  4665.         "lsr	r5, r5, r6\n\t"
    4666. 

  4666.         "orr	r4, r4, r5\n\t"
    4667. 

  4667.         "ldr	r2, [%[a], #20]\n\t"
    4668. 

  4668.         "str	r4, [%[r], #28]\n\t"
    4669. 

  4669.         "lsr	r5, r2, #1\n\t"
    4670. 

  4670.         "lsl	r2, r2, %[n]\n\t"
    4671. 

  4671.         "lsr	r5, r5, r6\n\t"
    4672. 

  4672.         "orr	r3, r3, r5\n\t"
    4673. 

  4673.         "ldr	r4, [%[a], #16]\n\t"
    4674. 

  4674.         "str	r3, [%[r], #24]\n\t"
    4675. 

  4675.         "lsr	r5, r4, #1\n\t"
    4676. 

  4676.         "lsl	r4, r4, %[n]\n\t"
    4677. 

  4677.         "lsr	r5, r5, r6\n\t"
    4678. 

  4678.         "orr	r2, r2, r5\n\t"
    4679. 

  4679.         "ldr	r3, [%[a], #12]\n\t"
    4680. 

  4680.         "str	r2, [%[r], #20]\n\t"
    4681. 

  4681.         "lsr	r5, r3, #1\n\t"
    4682. 

  4682.         "lsl	r3, r3, %[n]\n\t"
    4683. 

  4683.         "lsr	r5, r5, r6\n\t"
    4684. 

  4684.         "orr	r4, r4, r5\n\t"
    4685. 

  4685.         "ldr	r2, [%[a], #8]\n\t"
    4686. 

  4686.         "str	r4, [%[r], #16]\n\t"
    4687. 

  4687.         "lsr	r5, r2, #1\n\t"
    4688. 

  4688.         "lsl	r2, r2, %[n]\n\t"
    4689. 

  4689.         "lsr	r5, r5, r6\n\t"
    4690. 

  4690.         "orr	r3, r3, r5\n\t"
    4691. 

  4691.         "ldr	r4, [%[a], #4]\n\t"
    4692. 

  4692.         "str	r3, [%[r], #12]\n\t"
    4693. 

  4693.         "lsr	r5, r4, #1\n\t"
    4694. 

  4694.         "lsl	r4, r4, %[n]\n\t"
    4695. 

  4695.         "lsr	r5, r5, r6\n\t"
    4696. 

  4696.         "orr	r2, r2, r5\n\t"
    4697. 

  4697.         "ldr	r3, [%[a], #0]\n\t"
    4698. 

  4698.         "str	r2, [%[r], #8]\n\t"
    4699. 

  4699.         "lsr	r5, r3, #1\n\t"
    4700. 

  4700.         "lsl	r3, r3, %[n]\n\t"
    4701. 

  4701.         "lsr	r5, r5, r6\n\t"
    4702. 

  4702.         "orr	r4, r4, r5\n\t"
    4703. 

  4703.         "sub	%[a], %[a], #64\n\t"
    4704. 

  4704.         "sub	%[r], %[r], #64\n\t"
    4705. 

  4705.         "ldr	r2, [%[a], #60]\n\t"
    4706. 

  4706.         "str	r4, [%[r], #68]\n\t"
    4707. 

  4707.         "lsr	r5, r2, #1\n\t"
    4708. 

  4708.         "lsl	r2, r2, %[n]\n\t"
    4709. 

  4709.         "lsr	r5, r5, r6\n\t"
    4710. 

  4710.         "orr	r3, r3, r5\n\t"
    4711. 

  4711.         "ldr	r4, [%[a], #56]\n\t"
    4712. 

  4712.         "str	r3, [%[r], #64]\n\t"
    4713. 

  4713.         "lsr	r5, r4, #1\n\t"
    4714. 

  4714.         "lsl	r4, r4, %[n]\n\t"
    4715. 

  4715.         "lsr	r5, r5, r6\n\t"
    4716. 

  4716.         "orr	r2, r2, r5\n\t"
    4717. 

  4717.         "ldr	r3, [%[a], #52]\n\t"
    4718. 

  4718.         "str	r2, [%[r], #60]\n\t"
    4719. 

  4719.         "lsr	r5, r3, #1\n\t"
    4720. 

  4720.         "lsl	r3, r3, %[n]\n\t"
    4721. 

  4721.         "lsr	r5, r5, r6\n\t"
    4722. 

  4722.         "orr	r4, r4, r5\n\t"
    4723. 

  4723.         "ldr	r2, [%[a], #48]\n\t"
    4724. 

  4724.         "str	r4, [%[r], #56]\n\t"
    4725. 

  4725.         "lsr	r5, r2, #1\n\t"
    4726. 

  4726.         "lsl	r2, r2, %[n]\n\t"
    4727. 

  4727.         "lsr	r5, r5, r6\n\t"
    4728. 

  4728.         "orr	r3, r3, r5\n\t"
    4729. 

  4729.         "ldr	r4, [%[a], #44]\n\t"
    4730. 

  4730.         "str	r3, [%[r], #52]\n\t"
    4731. 

  4731.         "lsr	r5, r4, #1\n\t"
    4732. 

  4732.         "lsl	r4, r4, %[n]\n\t"
    4733. 

  4733.         "lsr	r5, r5, r6\n\t"
    4734. 

  4734.         "orr	r2, r2, r5\n\t"
    4735. 

  4735.         "ldr	r3, [%[a], #40]\n\t"
    4736. 

  4736.         "str	r2, [%[r], #48]\n\t"
    4737. 

  4737.         "lsr	r5, r3, #1\n\t"
    4738. 

  4738.         "lsl	r3, r3, %[n]\n\t"
    4739. 

  4739.         "lsr	r5, r5, r6\n\t"
    4740. 

  4740.         "orr	r4, r4, r5\n\t"
    4741. 

  4741.         "ldr	r2, [%[a], #36]\n\t"
    4742. 

  4742.         "str	r4, [%[r], #44]\n\t"
    4743. 

  4743.         "lsr	r5, r2, #1\n\t"
    4744. 

  4744.         "lsl	r2, r2, %[n]\n\t"
    4745. 

  4745.         "lsr	r5, r5, r6\n\t"
    4746. 

  4746.         "orr	r3, r3, r5\n\t"
    4747. 

  4747.         "ldr	r4, [%[a], #32]\n\t"
    4748. 

  4748.         "str	r3, [%[r], #40]\n\t"
    4749. 

  4749.         "lsr	r5, r4, #1\n\t"
    4750. 

  4750.         "lsl	r4, r4, %[n]\n\t"
    4751. 

  4751.         "lsr	r5, r5, r6\n\t"
    4752. 

  4752.         "orr	r2, r2, r5\n\t"
    4753. 

  4753.         "ldr	r3, [%[a], #28]\n\t"
    4754. 

  4754.         "str	r2, [%[r], #36]\n\t"
    4755. 

  4755.         "lsr	r5, r3, #1\n\t"
    4756. 

  4756.         "lsl	r3, r3, %[n]\n\t"
    4757. 

  4757.         "lsr	r5, r5, r6\n\t"
    4758. 

  4758.         "orr	r4, r4, r5\n\t"
    4759. 

  4759.         "ldr	r2, [%[a], #24]\n\t"
    4760. 

  4760.         "str	r4, [%[r], #32]\n\t"
    4761. 

  4761.         "lsr	r5, r2, #1\n\t"
    4762. 

  4762.         "lsl	r2, r2, %[n]\n\t"
    4763. 

  4763.         "lsr	r5, r5, r6\n\t"
    4764. 

  4764.         "orr	r3, r3, r5\n\t"
    4765. 

  4765.         "ldr	r4, [%[a], #20]\n\t"
    4766. 

  4766.         "str	r3, [%[r], #28]\n\t"
    4767. 

  4767.         "lsr	r5, r4, #1\n\t"
    4768. 

  4768.         "lsl	r4, r4, %[n]\n\t"
    4769. 

  4769.         "lsr	r5, r5, r6\n\t"
    4770. 

  4770.         "orr	r2, r2, r5\n\t"
    4771. 

  4771.         "ldr	r3, [%[a], #16]\n\t"
    4772. 

  4772.         "str	r2, [%[r], #24]\n\t"
    4773. 

  4773.         "lsr	r5, r3, #1\n\t"
    4774. 

  4774.         "lsl	r3, r3, %[n]\n\t"
    4775. 

  4775.         "lsr	r5, r5, r6\n\t"
    4776. 

  4776.         "orr	r4, r4, r5\n\t"
    4777. 

  4777.         "ldr	r2, [%[a], #12]\n\t"
    4778. 

  4778.         "str	r4, [%[r], #20]\n\t"
    4779. 

  4779.         "lsr	r5, r2, #1\n\t"
    4780. 

  4780.         "lsl	r2, r2, %[n]\n\t"
    4781. 

  4781.         "lsr	r5, r5, r6\n\t"
    4782. 

  4782.         "orr	r3, r3, r5\n\t"
    4783. 

  4783.         "ldr	r4, [%[a], #8]\n\t"
    4784. 

  4784.         "str	r3, [%[r], #16]\n\t"
    4785. 

  4785.         "lsr	r5, r4, #1\n\t"
    4786. 

  4786.         "lsl	r4, r4, %[n]\n\t"
    4787. 

  4787.         "lsr	r5, r5, r6\n\t"
    4788. 

  4788.         "orr	r2, r2, r5\n\t"
    4789. 

  4789.         "ldr	r3, [%[a], #4]\n\t"
    4790. 

  4790.         "str	r2, [%[r], #12]\n\t"
    4791. 

  4791.         "lsr	r5, r3, #1\n\t"
    4792. 

  4792.         "lsl	r3, r3, %[n]\n\t"
    4793. 

  4793.         "lsr	r5, r5, r6\n\t"
    4794. 

  4794.         "orr	r4, r4, r5\n\t"
    4795. 

  4795.         "ldr	r2, [%[a], #0]\n\t"
    4796. 

  4796.         "str	r4, [%[r], #8]\n\t"
    4797. 

  4797.         "lsr	r5, r2, #1\n\t"
    4798. 

  4798.         "lsl	r2, r2, %[n]\n\t"
    4799. 

  4799.         "lsr	r5, r5, r6\n\t"
    4800. 

  4800.         "orr	r3, r3, r5\n\t"
    4801. 

  4801.         "sub	%[a], %[a], #64\n\t"
    4802. 

  4802.         "sub	%[r], %[r], #64\n\t"
    4803. 

  4803.         "ldr	r4, [%[a], #60]\n\t"
    4804. 

  4804.         "str	r3, [%[r], #68]\n\t"
    4805. 

  4805.         "lsr	r5, r4, #1\n\t"
    4806. 

  4806.         "lsl	r4, r4, %[n]\n\t"
    4807. 

  4807.         "lsr	r5, r5, r6\n\t"
    4808. 

  4808.         "orr	r2, r2, r5\n\t"
    4809. 

  4809.         "ldr	r3, [%[a], #56]\n\t"
    4810. 

  4810.         "str	r2, [%[r], #64]\n\t"
    4811. 

  4811.         "lsr	r5, r3, #1\n\t"
    4812. 

  4812.         "lsl	r3, r3, %[n]\n\t"
    4813. 

  4813.         "lsr	r5, r5, r6\n\t"
    4814. 

  4814.         "orr	r4, r4, r5\n\t"
    4815. 

  4815.         "ldr	r2, [%[a], #52]\n\t"
    4816. 

  4816.         "str	r4, [%[r], #60]\n\t"
    4817. 

  4817.         "lsr	r5, r2, #1\n\t"
    4818. 

  4818.         "lsl	r2, r2, %[n]\n\t"
    4819. 

  4819.         "lsr	r5, r5, r6\n\t"
    4820. 

  4820.         "orr	r3, r3, r5\n\t"
    4821. 

  4821.         "ldr	r4, [%[a], #48]\n\t"
    4822. 

  4822.         "str	r3, [%[r], #56]\n\t"
    4823. 

  4823.         "lsr	r5, r4, #1\n\t"
    4824. 

  4824.         "lsl	r4, r4, %[n]\n\t"
    4825. 

  4825.         "lsr	r5, r5, r6\n\t"
    4826. 

  4826.         "orr	r2, r2, r5\n\t"
    4827. 

  4827.         "ldr	r3, [%[a], #44]\n\t"
    4828. 

  4828.         "str	r2, [%[r], #52]\n\t"
    4829. 

  4829.         "lsr	r5, r3, #1\n\t"
    4830. 

  4830.         "lsl	r3, r3, %[n]\n\t"
    4831. 

  4831.         "lsr	r5, r5, r6\n\t"
    4832. 

  4832.         "orr	r4, r4, r5\n\t"
    4833. 

  4833.         "ldr	r2, [%[a], #40]\n\t"
    4834. 

  4834.         "str	r4, [%[r], #48]\n\t"
    4835. 

  4835.         "lsr	r5, r2, #1\n\t"
    4836. 

  4836.         "lsl	r2, r2, %[n]\n\t"
    4837. 

  4837.         "lsr	r5, r5, r6\n\t"
    4838. 

  4838.         "orr	r3, r3, r5\n\t"
    4839. 

  4839.         "ldr	r4, [%[a], #36]\n\t"
    4840. 

  4840.         "str	r3, [%[r], #44]\n\t"
    4841. 

  4841.         "lsr	r5, r4, #1\n\t"
    4842. 

  4842.         "lsl	r4, r4, %[n]\n\t"
    4843. 

  4843.         "lsr	r5, r5, r6\n\t"
    4844. 

  4844.         "orr	r2, r2, r5\n\t"
    4845. 

  4845.         "ldr	r3, [%[a], #32]\n\t"
    4846. 

  4846.         "str	r2, [%[r], #40]\n\t"
    4847. 

  4847.         "lsr	r5, r3, #1\n\t"
    4848. 

  4848.         "lsl	r3, r3, %[n]\n\t"
    4849. 

  4849.         "lsr	r5, r5, r6\n\t"
    4850. 

  4850.         "orr	r4, r4, r5\n\t"
    4851. 

  4851.         "ldr	r2, [%[a], #28]\n\t"
    4852. 

  4852.         "str	r4, [%[r], #36]\n\t"
    4853. 

  4853.         "lsr	r5, r2, #1\n\t"
    4854. 

  4854.         "lsl	r2, r2, %[n]\n\t"
    4855. 

  4855.         "lsr	r5, r5, r6\n\t"
    4856. 

  4856.         "orr	r3, r3, r5\n\t"
    4857. 

  4857.         "ldr	r4, [%[a], #24]\n\t"
    4858. 

  4858.         "str	r3, [%[r], #32]\n\t"
    4859. 

  4859.         "lsr	r5, r4, #1\n\t"
    4860. 

  4860.         "lsl	r4, r4, %[n]\n\t"
    4861. 

  4861.         "lsr	r5, r5, r6\n\t"
    4862. 

  4862.         "orr	r2, r2, r5\n\t"
    4863. 

  4863.         "ldr	r3, [%[a], #20]\n\t"
    4864. 

  4864.         "str	r2, [%[r], #28]\n\t"
    4865. 

  4865.         "lsr	r5, r3, #1\n\t"
    4866. 

  4866.         "lsl	r3, r3, %[n]\n\t"
    4867. 

  4867.         "lsr	r5, r5, r6\n\t"
    4868. 

  4868.         "orr	r4, r4, r5\n\t"
    4869. 

  4869.         "ldr	r2, [%[a], #16]\n\t"
    4870. 

  4870.         "str	r4, [%[r], #24]\n\t"
    4871. 

  4871.         "lsr	r5, r2, #1\n\t"
    4872. 

  4872.         "lsl	r2, r2, %[n]\n\t"
    4873. 

  4873.         "lsr	r5, r5, r6\n\t"
    4874. 

  4874.         "orr	r3, r3, r5\n\t"
    4875. 

  4875.         "ldr	r4, [%[a], #12]\n\t"
    4876. 

  4876.         "str	r3, [%[r], #20]\n\t"
    4877. 

  4877.         "lsr	r5, r4, #1\n\t"
    4878. 

  4878.         "lsl	r4, r4, %[n]\n\t"
    4879. 

  4879.         "lsr	r5, r5, r6\n\t"
    4880. 

  4880.         "orr	r2, r2, r5\n\t"
    4881. 

  4881.         "ldr	r3, [%[a], #8]\n\t"
    4882. 

  4882.         "str	r2, [%[r], #16]\n\t"
    4883. 

  4883.         "lsr	r5, r3, #1\n\t"
    4884. 

  4884.         "lsl	r3, r3, %[n]\n\t"
    4885. 

  4885.         "lsr	r5, r5, r6\n\t"
    4886. 

  4886.         "orr	r4, r4, r5\n\t"
    4887. 

  4887.         "ldr	r2, [%[a], #4]\n\t"
    4888. 

  4888.         "str	r4, [%[r], #12]\n\t"
    4889. 

  4889.         "lsr	r5, r2, #1\n\t"
    4890. 

  4890.         "lsl	r2, r2, %[n]\n\t"
    4891. 

  4891.         "lsr	r5, r5, r6\n\t"
    4892. 

  4892.         "orr	r3, r3, r5\n\t"
    4893. 

  4893.         "ldr	r4, [%[a], #0]\n\t"
    4894. 

  4894.         "str	r3, [%[r], #8]\n\t"
    4895. 

  4895.         "lsr	r5, r4, #1\n\t"
    4896. 

  4896.         "lsl	r4, r4, %[n]\n\t"
    4897. 

  4897.         "lsr	r5, r5, r6\n\t"
    4898. 

  4898.         "orr	r2, r2, r5\n\t"
    4899. 

  4899.         "sub	%[a], %[a], #64\n\t"
    4900. 

  4900.         "sub	%[r], %[r], #64\n\t"
    4901. 

  4901.         "ldr	r3, [%[a], #60]\n\t"
    4902. 

  4902.         "str	r2, [%[r], #68]\n\t"
    4903. 

  4903.         "lsr	r5, r3, #1\n\t"
    4904. 

  4904.         "lsl	r3, r3, %[n]\n\t"
    4905. 

  4905.         "lsr	r5, r5, r6\n\t"
    4906. 

  4906.         "orr	r4, r4, r5\n\t"
    4907. 

  4907.         "ldr	r2, [%[a], #56]\n\t"
    4908. 

  4908.         "str	r4, [%[r], #64]\n\t"
    4909. 

  4909.         "lsr	r5, r2, #1\n\t"
    4910. 

  4910.         "lsl	r2, r2, %[n]\n\t"
    4911. 

  4911.         "lsr	r5, r5, r6\n\t"
    4912. 

  4912.         "orr	r3, r3, r5\n\t"
    4913. 

  4913.         "ldr	r4, [%[a], #52]\n\t"
    4914. 

  4914.         "str	r3, [%[r], #60]\n\t"
    4915. 

  4915.         "lsr	r5, r4, #1\n\t"
    4916. 

  4916.         "lsl	r4, r4, %[n]\n\t"
    4917. 

  4917.         "lsr	r5, r5, r6\n\t"
    4918. 

  4918.         "orr	r2, r2, r5\n\t"
    4919. 

  4919.         "ldr	r3, [%[a], #48]\n\t"
    4920. 

  4920.         "str	r2, [%[r], #56]\n\t"
    4921. 

  4921.         "lsr	r5, r3, #1\n\t"
    4922. 

  4922.         "lsl	r3, r3, %[n]\n\t"
    4923. 

  4923.         "lsr	r5, r5, r6\n\t"
    4924. 

  4924.         "orr	r4, r4, r5\n\t"
    4925. 

  4925.         "ldr	r2, [%[a], #44]\n\t"
    4926. 

  4926.         "str	r4, [%[r], #52]\n\t"
    4927. 

  4927.         "lsr	r5, r2, #1\n\t"
    4928. 

  4928.         "lsl	r2, r2, %[n]\n\t"
    4929. 

  4929.         "lsr	r5, r5, r6\n\t"
    4930. 

  4930.         "orr	r3, r3, r5\n\t"
    4931. 

  4931.         "ldr	r4, [%[a], #40]\n\t"
    4932. 

  4932.         "str	r3, [%[r], #48]\n\t"
    4933. 

  4933.         "lsr	r5, r4, #1\n\t"
    4934. 

  4934.         "lsl	r4, r4, %[n]\n\t"
    4935. 

  4935.         "lsr	r5, r5, r6\n\t"
    4936. 

  4936.         "orr	r2, r2, r5\n\t"
    4937. 

  4937.         "ldr	r3, [%[a], #36]\n\t"
    4938. 

  4938.         "str	r2, [%[r], #44]\n\t"
    4939. 

  4939.         "lsr	r5, r3, #1\n\t"
    4940. 

  4940.         "lsl	r3, r3, %[n]\n\t"
    4941. 

  4941.         "lsr	r5, r5, r6\n\t"
    4942. 

  4942.         "orr	r4, r4, r5\n\t"
    4943. 

  4943.         "ldr	r2, [%[a], #32]\n\t"
    4944. 

  4944.         "str	r4, [%[r], #40]\n\t"
    4945. 

  4945.         "lsr	r5, r2, #1\n\t"
    4946. 

  4946.         "lsl	r2, r2, %[n]\n\t"
    4947. 

  4947.         "lsr	r5, r5, r6\n\t"
    4948. 

  4948.         "orr	r3, r3, r5\n\t"
    4949. 

  4949.         "ldr	r4, [%[a], #28]\n\t"
    4950. 

  4950.         "str	r3, [%[r], #36]\n\t"
    4951. 

  4951.         "lsr	r5, r4, #1\n\t"
    4952. 

  4952.         "lsl	r4, r4, %[n]\n\t"
    4953. 

  4953.         "lsr	r5, r5, r6\n\t"
    4954. 

  4954.         "orr	r2, r2, r5\n\t"
    4955. 

  4955.         "ldr	r3, [%[a], #24]\n\t"
    4956. 

  4956.         "str	r2, [%[r], #32]\n\t"
    4957. 

  4957.         "lsr	r5, r3, #1\n\t"
    4958. 

  4958.         "lsl	r3, r3, %[n]\n\t"
    4959. 

  4959.         "lsr	r5, r5, r6\n\t"
    4960. 

  4960.         "orr	r4, r4, r5\n\t"
    4961. 

  4961.         "ldr	r2, [%[a], #20]\n\t"
    4962. 

  4962.         "str	r4, [%[r], #28]\n\t"
    4963. 

  4963.         "lsr	r5, r2, #1\n\t"
    4964. 

  4964.         "lsl	r2, r2, %[n]\n\t"
    4965. 

  4965.         "lsr	r5, r5, r6\n\t"
    4966. 

  4966.         "orr	r3, r3, r5\n\t"
    4967. 

  4967.         "ldr	r4, [%[a], #16]\n\t"
    4968. 

  4968.         "str	r3, [%[r], #24]\n\t"
    4969. 

  4969.         "lsr	r5, r4, #1\n\t"
    4970. 

  4970.         "lsl	r4, r4, %[n]\n\t"
    4971. 

  4971.         "lsr	r5, r5, r6\n\t"
    4972. 

  4972.         "orr	r2, r2, r5\n\t"
    4973. 

  4973.         "ldr	r3, [%[a], #12]\n\t"
    4974. 

  4974.         "str	r2, [%[r], #20]\n\t"
    4975. 

  4975.         "lsr	r5, r3, #1\n\t"
    4976. 

  4976.         "lsl	r3, r3, %[n]\n\t"
    4977. 

  4977.         "lsr	r5, r5, r6\n\t"
    4978. 

  4978.         "orr	r4, r4, r5\n\t"
    4979. 

  4979.         "ldr	r2, [%[a], #8]\n\t"
    4980. 

  4980.         "str	r4, [%[r], #16]\n\t"
    4981. 

  4981.         "lsr	r5, r2, #1\n\t"
    4982. 

  4982.         "lsl	r2, r2, %[n]\n\t"
    4983. 

  4983.         "lsr	r5, r5, r6\n\t"
    4984. 

  4984.         "orr	r3, r3, r5\n\t"
    4985. 

  4985.         "ldr	r4, [%[a], #4]\n\t"
    4986. 

  4986.         "str	r3, [%[r], #12]\n\t"
    4987. 

  4987.         "lsr	r5, r4, #1\n\t"
    4988. 

  4988.         "lsl	r4, r4, %[n]\n\t"
    4989. 

  4989.         "lsr	r5, r5, r6\n\t"
    4990. 

  4990.         "orr	r2, r2, r5\n\t"
    4991. 

  4991.         "ldr	r3, [%[a], #0]\n\t"
    4992. 

  4992.         "str	r2, [%[r], #8]\n\t"
    4993. 

  4993.         "lsr	r5, r3, #1\n\t"
    4994. 

  4994.         "lsl	r3, r3, %[n]\n\t"
    4995. 

  4995.         "lsr	r5, r5, r6\n\t"
    4996. 

  4996.         "orr	r4, r4, r5\n\t"
    4997. 

  4997.         "str	r3, [%[r]]\n\t"
    4998. 

  4998.         "str	r4, [%[r], #4]\n\t"
    4999. 

  4999.         :
    5000. 

  5000.         : [r] "r" (r), [a] "r" (a), [n] "r" (n)
    5001. 

  5001.         : "memory", "r2", "r3", "r4", "r5", "r6"
    5002. 

  5002.     );
    5003. 

  5003. }
    5004. 

  5004. 

  5005. /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
    5006. 

  5006.  *
    5007. 

  5007.  * r     A single precision number that is the result of the operation.
    5008. 

  5008.  * e     A single precision number that is the exponent.
    5009. 

  5009.  * bits  The number of bits in the exponent.
    5010. 

  5010.  * m     A single precision number that is the modulus.
    5011. 

  5011.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    5012. 

  5012.  */
    5013. 

  5013. static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
    5014. 

  5014.         const sp_digit* m)
    5015. 

  5015. {
    5016. 

  5016. #ifndef WOLFSSL_SMALL_STACK
    5017. 

  5017.     sp_digit nd[128];
    5018. 

  5018.     sp_digit td[65];
    5019. 

  5019. #else
    5020. 

  5020.     sp_digit* td;
    5021. 

  5021. #endif
    5022. 

  5022.     sp_digit* norm;
    5023. 

  5023.     sp_digit* tmp;
    5024. 

  5024.     sp_digit mp = 1;
    5025. 

  5025.     sp_digit n, o;
    5026. 

  5026.     sp_digit mask;
    5027. 

  5027.     int i;
    5028. 

  5028.     int c, y;
    5029. 

  5029.     int err = MP_OKAY;
    5030. 

  5030. 

  5031. #ifdef WOLFSSL_SMALL_STACK
    5032. 

  5032.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL,
    5033. 

  5033.                             DYNAMIC_TYPE_TMP_BUFFER);
    5034. 

  5034.     if (td == NULL) {
    5035. 

  5035.         err = MEMORY_E;
    5036. 

  5036.     }
    5037. 

  5037. #endif
    5038. 

  5038. 

  5039.     if (err == MP_OKAY) {
    5040. 

  5040. #ifdef WOLFSSL_SMALL_STACK
    5041. 

  5041.         norm = td;
    5042. 

  5042.         tmp  = td + 128;
    5043. 

  5043. #else
    5044. 

  5044.         norm = nd;
    5045. 

  5045.         tmp  = td;
    5046. 

  5046. #endif
    5047. 

  5047. 

  5048.         sp_2048_mont_setup(m, &mp);
    5049. 

  5049.         sp_2048_mont_norm_64(norm, m);
    5050. 

  5050. 

  5051.         i = (bits - 1) / 32;
    5052. 

  5052.         n = e[i--];
    5053. 

  5053.         c = bits & 31;
    5054. 

  5054.         if (c == 0) {
    5055. 

  5055.             c = 32;
    5056. 

  5056.         }
    5057. 

  5057.         c -= bits % 5;
    5058. 

  5058.         if (c == 32) {
    5059. 

  5059.             c = 27;
    5060. 

  5060.         }
    5061. 

  5061.         y = (int)(n >> c);
    5062. 

  5062.         n <<= 32 - c;
    5063. 

  5063.         sp_2048_lshift_64(r, norm, y);
    5064. 

  5064.         for (; i>=0 || c>=5; ) {
    5065. 

  5065.             if (c == 0) {
    5066. 

  5066.                 n = e[i--];
    5067. 

  5067.                 y = n >> 27;
    5068. 

  5068.                 n <<= 5;
    5069. 

  5069.                 c = 27;
    5070. 

  5070.             }
    5071. 

  5071.             else if (c < 5) {
    5072. 

  5072.                 y = n >> 27;
    5073. 

  5073.                 n = e[i--];
    5074. 

  5074.                 c = 5 - c;
    5075. 

  5075.                 y |= n >> (32 - c);
    5076. 

  5076.                 n <<= c;
    5077. 

  5077.                 c = 32 - c;
    5078. 

  5078.             }
    5079. 

  5079.             else {
    5080. 

  5080.                 y = (n >> 27) & 0x1f;
    5081. 

  5081.                 n <<= 5;
    5082. 

  5082.                 c -= 5;
    5083. 

  5083.             }
    5084. 

  5084. 

  5085.             sp_2048_mont_sqr_64(r, r, m, mp);
    5086. 

  5086.             sp_2048_mont_sqr_64(r, r, m, mp);
    5087. 

  5087.             sp_2048_mont_sqr_64(r, r, m, mp);
    5088. 

  5088.             sp_2048_mont_sqr_64(r, r, m, mp);
    5089. 

  5089.             sp_2048_mont_sqr_64(r, r, m, mp);
    5090. 

  5090. 

  5091.             sp_2048_lshift_64(r, r, y);
    5092. 

  5092.             sp_2048_mul_d_64(tmp, norm, r[64]);
    5093. 

  5093.             r[64] = 0;
    5094. 

  5094.             o = sp_2048_add_64(r, r, tmp);
    5095. 

  5095.             sp_2048_cond_sub_64(r, r, m, (sp_digit)0 - o);
    5096. 

  5096.         }
    5097. 

  5097. 

  5098.         XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U);
    5099. 

  5099.         sp_2048_mont_reduce_64(r, m, mp);
    5100. 

  5100. 

  5101.         mask = 0 - (sp_2048_cmp_64(r, m) >= 0);
    5102. 

  5102.         sp_2048_cond_sub_64(r, r, m, mask);
    5103. 

  5103.     }
    5104. 

  5104. 

  5105. #ifdef WOLFSSL_SMALL_STACK
    5106. 

  5106.     if (td != NULL) {
    5107. 

  5107.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    5108. 

  5108.     }
    5109. 

  5109. #endif
    5110. 

  5110. 

  5111.     return err;
    5112. 

  5112. }
    5113. 

  5113. #endif /* HAVE_FFDHE_2048 */
    5114. 

  5114. 

  5115. /* Perform the modular exponentiation for Diffie-Hellman.
    5116. 

  5116.  *
    5117. 

  5117.  * base     Base.
    5118. 

  5118.  * exp      Array of bytes that is the exponent.
    5119. 

  5119.  * expLen   Length of data, in bytes, in exponent.
    5120. 

  5120.  * mod      Modulus.
    5121. 

  5121.  * out      Buffer to hold big-endian bytes of exponentiation result.
    5122. 

  5122.  *          Must be at least 256 bytes long.
    5123. 

  5123.  * outLen   Length, in bytes, of exponentiation result.
    5124. 

  5124.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    5125. 

  5125.  * and MEMORY_E if memory allocation fails.
    5126. 

  5126.  */
    5127. 

  5127. int sp_DhExp_2048(mp_int* base, const byte* exp, word32 expLen,
    5128. 

  5128.     mp_int* mod, byte* out, word32* outLen)
    5129. 

  5129. {
    5130. 

  5130.     int err = MP_OKAY;
    5131. 

  5131.     sp_digit b[128], e[64], m[64];
    5132. 

  5132.     sp_digit* r = b;
    5133. 

  5133.     word32 i;
    5134. 

  5134. 

  5135.     if (mp_count_bits(base) > 2048) {
    5136. 

  5136.         err = MP_READ_E;
    5137. 

  5137.     }
    5138. 

  5138. 

  5139.     if (err == MP_OKAY) {
    5140. 

  5140.         if (expLen > 256) {
    5141. 

  5141.             err = MP_READ_E;
    5142. 

  5142.         }
    5143. 

  5143.     }
    5144. 

  5144. 

  5145.     if (err == MP_OKAY) {
    5146. 

  5146.         if (mp_count_bits(mod) != 2048) {
    5147. 

  5147.             err = MP_READ_E;
    5148. 

  5148.         }
    5149. 

  5149.     }
    5150. 

  5150. 

  5151.     if (err == MP_OKAY) {
    5152. 

  5152.         sp_2048_from_mp(b, 64, base);
    5153. 

  5153.         sp_2048_from_bin(e, 64, exp, expLen);
    5154. 

  5154.         sp_2048_from_mp(m, 64, mod);
    5155. 

  5155. 

  5156.     #ifdef HAVE_FFDHE_2048
    5157. 

  5157.         if (base->used == 1 && base->dp[0] == 2 && m[63] == (sp_digit)-1)
    5158. 

  5158.             err = sp_2048_mod_exp_2_64(r, e, expLen * 8, m);
    5159. 

  5159.         else
    5160. 

  5160.     #endif
    5161. 

  5161.             err = sp_2048_mod_exp_64(r, b, e, expLen * 8, m, 0);
    5162. 

  5162. 

  5163.     }
    5164. 

  5164. 

  5165.     if (err == MP_OKAY) {
    5166. 

  5166.         sp_2048_to_bin(r, out);
    5167. 

  5167.         *outLen = 256;
    5168. 

  5168.         for (i=0; i<256 && out[i] == 0; i++) {
    5169. 

  5169.         }
    5170. 

  5170.         *outLen -= i;
    5171. 

  5171.         XMEMMOVE(out, out + i, *outLen);
    5172. 

  5172. 

  5173.     }
    5174. 

  5174. 

  5175.     XMEMSET(e, 0, sizeof(e));
    5176. 

  5176. 

  5177.     return err;
    5178. 

  5178. }
    5179. 

  5179. #endif /* WOLFSSL_HAVE_SP_DH */
    5180. 

  5180. 

  5181. /* Perform the modular exponentiation for Diffie-Hellman.
    5182. 

  5182.  *
    5183. 

  5183.  * base  Base. MP integer.
    5184. 

  5184.  * exp   Exponent. MP integer.
    5185. 

  5185.  * mod   Modulus. MP integer.
    5186. 

  5186.  * res   Result. MP integer.
    5187. 

  5187.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    5188. 

  5188.  * and MEMORY_E if memory allocation fails.
    5189. 

  5189.  */
    5190. 

  5190. int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
    5191. 

  5191. {
    5192. 

  5192.     int err = MP_OKAY;
    5193. 

  5193.     sp_digit b[64], e[32], m[32];
    5194. 

  5194.     sp_digit* r = b;
    5195. 

  5195.     int expBits = mp_count_bits(exp);
    5196. 

  5196. 

  5197.     if (mp_count_bits(base) > 1024) {
    5198. 

  5198.         err = MP_READ_E;
    5199. 

  5199.     }
    5200. 

  5200. 

  5201.     if (err == MP_OKAY) {
    5202. 

  5202.         if (expBits > 1024) {
    5203. 

  5203.             err = MP_READ_E;
    5204. 

  5204.         }
    5205. 

  5205.     }
    5206. 

  5206. 

  5207.     if (err == MP_OKAY) {
    5208. 

  5208.         if (mp_count_bits(mod) != 1024) {
    5209. 

  5209.             err = MP_READ_E;
    5210. 

  5210.         }
    5211. 

  5211.     }
    5212. 

  5212. 

  5213.     if (err == MP_OKAY) {
    5214. 

  5214.         sp_2048_from_mp(b, 32, base);
    5215. 

  5215.         sp_2048_from_mp(e, 32, exp);
    5216. 

  5216.         sp_2048_from_mp(m, 32, mod);
    5217. 

  5217. 

  5218.         err = sp_2048_mod_exp_32(r, b, e, expBits, m, 0);
    5219. 

  5219.     }
    5220. 

  5220. 

  5221.     if (err == MP_OKAY) {
    5222. 

  5222.         XMEMSET(r + 32, 0, sizeof(*r) * 32U);
    5223. 

  5223.         err = sp_2048_to_mp(r, res);
    5224. 

  5224.         res->used = mod->used;
    5225. 

  5225.         mp_clamp(res);
    5226. 

  5226.     }
    5227. 

  5227. 

  5228.     XMEMSET(e, 0, sizeof(e));
    5229. 

  5229. 

  5230.     return err;
    5231. 

  5231. }
    5232. 

  5232. 

  5233. #endif /* WOLFSSL_HAVE_SP_DH || (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) */
    5234. 

  5234. 

  5235. #endif /* !WOLFSSL_SP_NO_2048 */
    5236. 

  5236. 

  5237. #ifndef WOLFSSL_SP_NO_3072
    5238. 

  5238. /* Read big endian unsigned byte array into r.
    5239. 

  5239.  *
    5240. 

  5240.  * r  A single precision integer.
    5241. 

  5241.  * size  Maximum number of bytes to convert
    5242. 

  5242.  * a  Byte array.
    5243. 

  5243.  * n  Number of bytes in array to read.
    5244. 

  5244.  */
    5245. 

  5245. static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n)
    5246. 

  5246. {
    5247. 

  5247.     int i, j = 0;
    5248. 

  5248.     word32 s = 0;
    5249. 

  5249. 

  5250.     r[0] = 0;
    5251. 

  5251.     for (i = n-1; i >= 0; i--) {
    5252. 

  5252.         r[j] |= (((sp_digit)a[i]) << s);
    5253. 

  5253.         if (s >= 24U) {
    5254. 

  5254.             r[j] &= 0xffffffff;
    5255. 

  5255.             s = 32U - s;
    5256. 

  5256.             if (j + 1 >= size) {
    5257. 

  5257.                 break;
    5258. 

  5258.             }
    5259. 

  5259.             r[++j] = (sp_digit)a[i] >> s;
    5260. 

  5260.             s = 8U - s;
    5261. 

  5261.         }
    5262. 

  5262.         else {
    5263. 

  5263.             s += 8U;
    5264. 

  5264.         }
    5265. 

  5265.     }
    5266. 

  5266. 

  5267.     for (j++; j < size; j++) {
    5268. 

  5268.         r[j] = 0;
    5269. 

  5269.     }
    5270. 

  5270. }
    5271. 

  5271. 

  5272. /* Convert an mp_int to an array of sp_digit.
    5273. 

  5273.  *
    5274. 

  5274.  * r  A single precision integer.
    5275. 

  5275.  * size  Maximum number of bytes to convert
    5276. 

  5276.  * a  A multi-precision integer.
    5277. 

  5277.  */
    5278. 

  5278. static void sp_3072_from_mp(sp_digit* r, int size, const mp_int* a)
    5279. 

  5279. {
    5280. 

  5280. #if DIGIT_BIT == 32
    5281. 

  5281.     int j;
    5282. 

  5282. 

  5283.     XMEMCPY(r, a->dp, sizeof(sp_digit) * a->used);
    5284. 

  5284. 

  5285.     for (j = a->used; j < size; j++) {
    5286. 

  5286.         r[j] = 0;
    5287. 

  5287.     }
    5288. 

  5288. #elif DIGIT_BIT > 32
    5289. 

  5289.     int i, j = 0;
    5290. 

  5290.     word32 s = 0;
    5291. 

  5291. 

  5292.     r[0] = 0;
    5293. 

  5293.     for (i = 0; i < a->used && j < size; i++) {
    5294. 

  5294.         r[j] |= ((sp_digit)a->dp[i] << s);
    5295. 

  5295.         r[j] &= 0xffffffff;
    5296. 

  5296.         s = 32U - s;
    5297. 

  5297.         if (j + 1 >= size) {
    5298. 

  5298.             break;
    5299. 

  5299.         }
    5300. 

  5300.         /* lint allow cast of mismatch word32 and mp_digit */
    5301. 

  5301.         r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    5302. 

  5302.         while ((s + 32U) <= (word32)DIGIT_BIT) {
    5303. 

  5303.             s += 32U;
    5304. 

  5304.             r[j] &= 0xffffffff;
    5305. 

  5305.             if (j + 1 >= size) {
    5306. 

  5306.                 break;
    5307. 

  5307.             }
    5308. 

  5308.             if (s < (word32)DIGIT_BIT) {
    5309. 

  5309.                 /* lint allow cast of mismatch word32 and mp_digit */
    5310. 

  5310.                 r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    5311. 

  5311.             }
    5312. 

  5312.             else {
    5313. 

  5313.                 r[++j] = 0L;
    5314. 

  5314.             }
    5315. 

  5315.         }
    5316. 

  5316.         s = (word32)DIGIT_BIT - s;
    5317. 

  5317.     }
    5318. 

  5318. 

  5319.     for (j++; j < size; j++) {
    5320. 

  5320.         r[j] = 0;
    5321. 

  5321.     }
    5322. 

  5322. #else
    5323. 

  5323.     int i, j = 0, s = 0;
    5324. 

  5324. 

  5325.     r[0] = 0;
    5326. 

  5326.     for (i = 0; i < a->used && j < size; i++) {
    5327. 

  5327.         r[j] |= ((sp_digit)a->dp[i]) << s;
    5328. 

  5328.         if (s + DIGIT_BIT >= 32) {
    5329. 

  5329.             r[j] &= 0xffffffff;
    5330. 

  5330.             if (j + 1 >= size) {
    5331. 

  5331.                 break;
    5332. 

  5332.             }
    5333. 

  5333.             s = 32 - s;
    5334. 

  5334.             if (s == DIGIT_BIT) {
    5335. 

  5335.                 r[++j] = 0;
    5336. 

  5336.                 s = 0;
    5337. 

  5337.             }
    5338. 

  5338.             else {
    5339. 

  5339.                 r[++j] = a->dp[i] >> s;
    5340. 

  5340.                 s = DIGIT_BIT - s;
    5341. 

  5341.             }
    5342. 

  5342.         }
    5343. 

  5343.         else {
    5344. 

  5344.             s += DIGIT_BIT;
    5345. 

  5345.         }
    5346. 

  5346.     }
    5347. 

  5347. 

  5348.     for (j++; j < size; j++) {
    5349. 

  5349.         r[j] = 0;
    5350. 

  5350.     }
    5351. 

  5351. #endif
    5352. 

  5352. }
    5353. 

  5353. 

  5354. /* Write r as big endian to byte array.
    5355. 

  5355.  * Fixed length number of bytes written: 384
    5356. 

  5356.  *
    5357. 

  5357.  * r  A single precision integer.
    5358. 

  5358.  * a  Byte array.
    5359. 

  5359.  */
    5360. 

  5360. static void sp_3072_to_bin(sp_digit* r, byte* a)
    5361. 

  5361. {
    5362. 

  5362.     int i, j, s = 0, b;
    5363. 

  5363. 

  5364.     j = 3072 / 8 - 1;
    5365. 

  5365.     a[j] = 0;
    5366. 

  5366.     for (i=0; i<96 && j>=0; i++) {
    5367. 

  5367.         b = 0;
    5368. 

  5368.         /* lint allow cast of mismatch sp_digit and int */
    5369. 

  5369.         a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
    5370. 

  5370.         if (j < 0) {
    5371. 

  5371.             break;
    5372. 

  5372.         }
    5373. 

  5373.         while (b < 32) {
    5374. 

  5374.             a[j--] = r[i] >> b; b += 8;
    5375. 

  5375.             if (j < 0) {
    5376. 

  5376.                 break;
    5377. 

  5377.             }
    5378. 

  5378.         }
    5379. 

  5379.         s = 8 - (b - 32);
    5380. 

  5380.         if (j >= 0) {
    5381. 

  5381.             a[j] = 0;
    5382. 

  5382.         }
    5383. 

  5383.         if (s != 0) {
    5384. 

  5384.             j++;
    5385. 

  5385.         }
    5386. 

  5386.     }
    5387. 

  5387. }
    5388. 

  5388. 

  5389. #ifndef WOLFSSL_SP_SMALL
    5390. 

  5390. /* Multiply a and b into r. (r = a * b)
    5391. 

  5391.  *
    5392. 

  5392.  * r  A single precision integer.
    5393. 

  5393.  * a  A single precision integer.
    5394. 

  5394.  * b  A single precision integer.
    5395. 

  5395.  */
    5396. 

  5396. SP_NOINLINE static void sp_3072_mul_12(sp_digit* r, const sp_digit* a,
    5397. 

  5397.         const sp_digit* b)
    5398. 

  5398. {
    5399. 

  5399.     sp_digit tmp[12 * 2];
    5400. 

  5400.     __asm__ __volatile__ (
    5401. 

  5401.         "mov	r3, #0\n\t"
    5402. 

  5402.         "mov	r4, #0\n\t"
    5403. 

  5403.         "mov	r8, r3\n\t"
    5404. 

  5404.         "mov	r11, %[r]\n\t"
    5405. 

  5405.         "mov	r9, %[a]\n\t"
    5406. 

  5406.         "mov	r10, %[b]\n\t"
    5407. 

  5407.         "mov	r6, #48\n\t"
    5408. 

  5408.         "add	r6, r9\n\t"
    5409. 

  5409.         "mov	r12, r6\n\t"
    5410. 

  5410.         "\n1:\n\t"
    5411. 

  5411.         "mov	%[r], #0\n\t"
    5412. 

  5412.         "mov	r5, #0\n\t"
    5413. 

  5413.         "mov	r6, #44\n\t"
    5414. 

  5414.         "mov	%[a], r8\n\t"
    5415. 

  5415.         "sub	%[a], r6\n\t"
    5416. 

  5416.         "sbc	r6, r6\n\t"
    5417. 

  5417.         "mvn	r6, r6\n\t"
    5418. 

  5418.         "and	%[a], r6\n\t"
    5419. 

  5419.         "mov	%[b], r8\n\t"
    5420. 

  5420.         "sub	%[b], %[a]\n\t"
    5421. 

  5421.         "add	%[a], r9\n\t"
    5422. 

  5422.         "add	%[b], r10\n\t"
    5423. 

  5423.         "\n2:\n\t"
    5424. 

  5424.         "# Multiply Start\n\t"
    5425. 

  5425.         "ldr	r6, [%[a]]\n\t"
    5426. 

  5426.         "ldr	r7, [%[b]]\n\t"
    5427. 

  5427.         "lsl	r6, r6, #16\n\t"
    5428. 

  5428.         "lsl	r7, r7, #16\n\t"
    5429. 

  5429.         "lsr	r6, r6, #16\n\t"
    5430. 

  5430.         "lsr	r7, r7, #16\n\t"
    5431. 

  5431.         "mul	r7, r6\n\t"
    5432. 

  5432.         "add	r3, r7\n\t"
    5433. 

  5433.         "adc	r4, %[r]\n\t"
    5434. 

  5434.         "adc	r5, %[r]\n\t"
    5435. 

  5435.         "ldr	r7, [%[b]]\n\t"
    5436. 

  5436.         "lsr	r7, r7, #16\n\t"
    5437. 

  5437.         "mul	r6, r7\n\t"
    5438. 

  5438.         "lsr	r7, r6, #16\n\t"
    5439. 

  5439.         "lsl	r6, r6, #16\n\t"
    5440. 

  5440.         "add	r3, r6\n\t"
    5441. 

  5441.         "adc	r4, r7\n\t"
    5442. 

  5442.         "adc	r5, %[r]\n\t"
    5443. 

  5443.         "ldr	r6, [%[a]]\n\t"
    5444. 

  5444.         "ldr	r7, [%[b]]\n\t"
    5445. 

  5445.         "lsr	r6, r6, #16\n\t"
    5446. 

  5446.         "lsr	r7, r7, #16\n\t"
    5447. 

  5447.         "mul	r7, r6\n\t"
    5448. 

  5448.         "add	r4, r7\n\t"
    5449. 

  5449.         "adc	r5, %[r]\n\t"
    5450. 

  5450.         "ldr	r7, [%[b]]\n\t"
    5451. 

  5451.         "lsl	r7, r7, #16\n\t"
    5452. 

  5452.         "lsr	r7, r7, #16\n\t"
    5453. 

  5453.         "mul	r6, r7\n\t"
    5454. 

  5454.         "lsr	r7, r6, #16\n\t"
    5455. 

  5455.         "lsl	r6, r6, #16\n\t"
    5456. 

  5456.         "add	r3, r6\n\t"
    5457. 

  5457.         "adc	r4, r7\n\t"
    5458. 

  5458.         "adc	r5, %[r]\n\t"
    5459. 

  5459.         "# Multiply Done\n\t"
    5460. 

  5460.         "add	%[a], #4\n\t"
    5461. 

  5461.         "sub	%[b], #4\n\t"
    5462. 

  5462.         "cmp	%[a], r12\n\t"
    5463. 

  5463.         "beq	3f\n\t"
    5464. 

  5464.         "mov	r6, r8\n\t"
    5465. 

  5465.         "add	r6, r9\n\t"
    5466. 

  5466.         "cmp	%[a], r6\n\t"
    5467. 

  5467.         "ble	2b\n\t"
    5468. 

  5468.         "\n3:\n\t"
    5469. 

  5469.         "mov	%[r], r11\n\t"
    5470. 

  5470.         "mov	r7, r8\n\t"
    5471. 

  5471.         "str	r3, [%[r], r7]\n\t"
    5472. 

  5472.         "mov	r3, r4\n\t"
    5473. 

  5473.         "mov	r4, r5\n\t"
    5474. 

  5474.         "add	r7, #4\n\t"
    5475. 

  5475.         "mov	r8, r7\n\t"
    5476. 

  5476.         "mov	r6, #88\n\t"
    5477. 

  5477.         "cmp	r7, r6\n\t"
    5478. 

  5478.         "ble	1b\n\t"
    5479. 

  5479.         "str	r3, [%[r], r7]\n\t"
    5480. 

  5480.         "mov	%[a], r9\n\t"
    5481. 

  5481.         "mov	%[b], r10\n\t"
    5482. 

  5482.         :
    5483. 

  5483.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    5484. 

  5484.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    5485. 

  5485.     );
    5486. 

  5486. 

  5487.     XMEMCPY(r, tmp, sizeof(tmp));
    5488. 

  5488. }
    5489. 

  5489. 

  5490. /* Square a and put result in r. (r = a * a)
    5491. 

  5491.  *
    5492. 

  5492.  * r  A single precision integer.
    5493. 

  5493.  * a  A single precision integer.
    5494. 

  5494.  */
    5495. 

  5495. SP_NOINLINE static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a)
    5496. 

  5496. {
    5497. 

  5497.     __asm__ __volatile__ (
    5498. 

  5498.         "mov	r3, #0\n\t"
    5499. 

  5499.         "mov	r4, #0\n\t"
    5500. 

  5500.         "mov	r5, #0\n\t"
    5501. 

  5501.         "mov	r8, r3\n\t"
    5502. 

  5502.         "mov	r11, %[r]\n\t"
    5503. 

  5503.         "mov	r6, #96\n\t"
    5504. 

  5504.         "neg	r6, r6\n\t"
    5505. 

  5505.         "add	sp, r6\n\t"
    5506. 

  5506.         "mov	r10, sp\n\t"
    5507. 

  5507.         "mov	r9, %[a]\n\t"
    5508. 

  5508.         "\n1:\n\t"
    5509. 

  5509.         "mov	%[r], #0\n\t"
    5510. 

  5510.         "mov	r6, #44\n\t"
    5511. 

  5511.         "mov	%[a], r8\n\t"
    5512. 

  5512.         "sub	%[a], r6\n\t"
    5513. 

  5513.         "sbc	r6, r6\n\t"
    5514. 

  5514.         "mvn	r6, r6\n\t"
    5515. 

  5515.         "and	%[a], r6\n\t"
    5516. 

  5516.         "mov	r2, r8\n\t"
    5517. 

  5517.         "sub	r2, %[a]\n\t"
    5518. 

  5518.         "add	%[a], r9\n\t"
    5519. 

  5519.         "add	r2, r9\n\t"
    5520. 

  5520.         "\n2:\n\t"
    5521. 

  5521.         "cmp	r2, %[a]\n\t"
    5522. 

  5522.         "beq	4f\n\t"
    5523. 

  5523.         "# Multiply * 2: Start\n\t"
    5524. 

  5524.         "ldr	r6, [%[a]]\n\t"
    5525. 

  5525.         "ldr	r7, [r2]\n\t"
    5526. 

  5526.         "lsl	r6, r6, #16\n\t"
    5527. 

  5527.         "lsl	r7, r7, #16\n\t"
    5528. 

  5528.         "lsr	r6, r6, #16\n\t"
    5529. 

  5529.         "lsr	r7, r7, #16\n\t"
    5530. 

  5530.         "mul	r7, r6\n\t"
    5531. 

  5531.         "add	r3, r7\n\t"
    5532. 

  5532.         "adc	r4, %[r]\n\t"
    5533. 

  5533.         "adc	r5, %[r]\n\t"
    5534. 

  5534.         "add	r3, r7\n\t"
    5535. 

  5535.         "adc	r4, %[r]\n\t"
    5536. 

  5536.         "adc	r5, %[r]\n\t"
    5537. 

  5537.         "ldr	r7, [r2]\n\t"
    5538. 

  5538.         "lsr	r7, r7, #16\n\t"
    5539. 

  5539.         "mul	r6, r7\n\t"
    5540. 

  5540.         "lsr	r7, r6, #16\n\t"
    5541. 

  5541.         "lsl	r6, r6, #16\n\t"
    5542. 

  5542.         "add	r3, r6\n\t"
    5543. 

  5543.         "adc	r4, r7\n\t"
    5544. 

  5544.         "adc	r5, %[r]\n\t"
    5545. 

  5545.         "add	r3, r6\n\t"
    5546. 

  5546.         "adc	r4, r7\n\t"
    5547. 

  5547.         "adc	r5, %[r]\n\t"
    5548. 

  5548.         "ldr	r6, [%[a]]\n\t"
    5549. 

  5549.         "ldr	r7, [r2]\n\t"
    5550. 

  5550.         "lsr	r6, r6, #16\n\t"
    5551. 

  5551.         "lsr	r7, r7, #16\n\t"
    5552. 

  5552.         "mul	r7, r6\n\t"
    5553. 

  5553.         "add	r4, r7\n\t"
    5554. 

  5554.         "adc	r5, %[r]\n\t"
    5555. 

  5555.         "add	r4, r7\n\t"
    5556. 

  5556.         "adc	r5, %[r]\n\t"
    5557. 

  5557.         "ldr	r7, [r2]\n\t"
    5558. 

  5558.         "lsl	r7, r7, #16\n\t"
    5559. 

  5559.         "lsr	r7, r7, #16\n\t"
    5560. 

  5560.         "mul	r6, r7\n\t"
    5561. 

  5561.         "lsr	r7, r6, #16\n\t"
    5562. 

  5562.         "lsl	r6, r6, #16\n\t"
    5563. 

  5563.         "add	r3, r6\n\t"
    5564. 

  5564.         "adc	r4, r7\n\t"
    5565. 

  5565.         "adc	r5, %[r]\n\t"
    5566. 

  5566.         "add	r3, r6\n\t"
    5567. 

  5567.         "adc	r4, r7\n\t"
    5568. 

  5568.         "adc	r5, %[r]\n\t"
    5569. 

  5569.         "# Multiply * 2: Done\n\t"
    5570. 

  5570.         "bal	5f\n\t"
    5571. 

  5571.         "\n4:\n\t"
    5572. 

  5572.         "# Square: Start\n\t"
    5573. 

  5573.         "ldr	r6, [%[a]]\n\t"
    5574. 

  5574.         "lsr	r7, r6, #16\n\t"
    5575. 

  5575.         "lsl	r6, r6, #16\n\t"
    5576. 

  5576.         "lsr	r6, r6, #16\n\t"
    5577. 

  5577.         "mul	r6, r6\n\t"
    5578. 

  5578.         "add	r3, r6\n\t"
    5579. 

  5579.         "adc	r4, %[r]\n\t"
    5580. 

  5580.         "adc	r5, %[r]\n\t"
    5581. 

  5581.         "mul	r7, r7\n\t"
    5582. 

  5582.         "add	r4, r7\n\t"
    5583. 

  5583.         "adc	r5, %[r]\n\t"
    5584. 

  5584.         "ldr	r6, [%[a]]\n\t"
    5585. 

  5585.         "lsr	r7, r6, #16\n\t"
    5586. 

  5586.         "lsl	r6, r6, #16\n\t"
    5587. 

  5587.         "lsr	r6, r6, #16\n\t"
    5588. 

  5588.         "mul	r6, r7\n\t"
    5589. 

  5589.         "lsr	r7, r6, #15\n\t"
    5590. 

  5590.         "lsl	r6, r6, #17\n\t"
    5591. 

  5591.         "add	r3, r6\n\t"
    5592. 

  5592.         "adc	r4, r7\n\t"
    5593. 

  5593.         "adc	r5, %[r]\n\t"
    5594. 

  5594.         "# Square: Done\n\t"
    5595. 

  5595.         "\n5:\n\t"
    5596. 

  5596.         "add	%[a], #4\n\t"
    5597. 

  5597.         "sub	r2, #4\n\t"
    5598. 

  5598.         "mov	r6, #48\n\t"
    5599. 

  5599.         "add	r6, r9\n\t"
    5600. 

  5600.         "cmp	%[a], r6\n\t"
    5601. 

  5601.         "beq	3f\n\t"
    5602. 

  5602.         "cmp	%[a], r2\n\t"
    5603. 

  5603.         "bgt	3f\n\t"
    5604. 

  5604.         "mov	r7, r8\n\t"
    5605. 

  5605.         "add	r7, r9\n\t"
    5606. 

  5606.         "cmp	%[a], r7\n\t"
    5607. 

  5607.         "ble	2b\n\t"
    5608. 

  5608.         "\n3:\n\t"
    5609. 

  5609.         "mov	%[r], r10\n\t"
    5610. 

  5610.         "mov	r7, r8\n\t"
    5611. 

  5611.         "str	r3, [%[r], r7]\n\t"
    5612. 

  5612.         "mov	r3, r4\n\t"
    5613. 

  5613.         "mov	r4, r5\n\t"
    5614. 

  5614.         "mov	r5, #0\n\t"
    5615. 

  5615.         "add	r7, #4\n\t"
    5616. 

  5616.         "mov	r8, r7\n\t"
    5617. 

  5617.         "mov	r6, #88\n\t"
    5618. 

  5618.         "cmp	r7, r6\n\t"
    5619. 

  5619.         "ble	1b\n\t"
    5620. 

  5620.         "mov	%[a], r9\n\t"
    5621. 

  5621.         "str	r3, [%[r], r7]\n\t"
    5622. 

  5622.         "mov	%[r], r11\n\t"
    5623. 

  5623.         "mov	%[a], r10\n\t"
    5624. 

  5624.         "mov	r3, #92\n\t"
    5625. 

  5625.         "\n4:\n\t"
    5626. 

  5626.         "ldr	r6, [%[a], r3]\n\t"
    5627. 

  5627.         "str	r6, [%[r], r3]\n\t"
    5628. 

  5628.         "sub	r3, #4\n\t"
    5629. 

  5629.         "bge	4b\n\t"
    5630. 

  5630.         "mov	r6, #96\n\t"
    5631. 

  5631.         "add	sp, r6\n\t"
    5632. 

  5632.         :
    5633. 

  5633.         : [r] "r" (r), [a] "r" (a)
    5634. 

  5634.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    5635. 

  5635.     );
    5636. 

  5636. }
    5637. 

  5637. 

  5638. /* Add b to a into r. (r = a + b)
    5639. 

  5639.  *
    5640. 

  5640.  * r  A single precision integer.
    5641. 

  5641.  * a  A single precision integer.
    5642. 

  5642.  * b  A single precision integer.
    5643. 

  5643.  */
    5644. 

  5644. SP_NOINLINE static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a,
    5645. 

  5645.         const sp_digit* b)
    5646. 

  5646. {
    5647. 

  5647.     sp_digit c = 0;
    5648. 

  5648. 

  5649.     __asm__ __volatile__ (
    5650. 

  5650.         "ldr	r4, [%[a], #0]\n\t"
    5651. 

  5651.         "ldr	r5, [%[b], #0]\n\t"
    5652. 

  5652.         "add	r4, r5\n\t"
    5653. 

  5653.         "str	r4, [%[r], #0]\n\t"
    5654. 

  5654.         "ldr	r4, [%[a], #4]\n\t"
    5655. 

  5655.         "ldr	r5, [%[b], #4]\n\t"
    5656. 

  5656.         "adc	r4, r5\n\t"
    5657. 

  5657.         "str	r4, [%[r], #4]\n\t"
    5658. 

  5658.         "ldr	r4, [%[a], #8]\n\t"
    5659. 

  5659.         "ldr	r5, [%[b], #8]\n\t"
    5660. 

  5660.         "adc	r4, r5\n\t"
    5661. 

  5661.         "str	r4, [%[r], #8]\n\t"
    5662. 

  5662.         "ldr	r4, [%[a], #12]\n\t"
    5663. 

  5663.         "ldr	r5, [%[b], #12]\n\t"
    5664. 

  5664.         "adc	r4, r5\n\t"
    5665. 

  5665.         "str	r4, [%[r], #12]\n\t"
    5666. 

  5666.         "ldr	r4, [%[a], #16]\n\t"
    5667. 

  5667.         "ldr	r5, [%[b], #16]\n\t"
    5668. 

  5668.         "adc	r4, r5\n\t"
    5669. 

  5669.         "str	r4, [%[r], #16]\n\t"
    5670. 

  5670.         "ldr	r4, [%[a], #20]\n\t"
    5671. 

  5671.         "ldr	r5, [%[b], #20]\n\t"
    5672. 

  5672.         "adc	r4, r5\n\t"
    5673. 

  5673.         "str	r4, [%[r], #20]\n\t"
    5674. 

  5674.         "ldr	r4, [%[a], #24]\n\t"
    5675. 

  5675.         "ldr	r5, [%[b], #24]\n\t"
    5676. 

  5676.         "adc	r4, r5\n\t"
    5677. 

  5677.         "str	r4, [%[r], #24]\n\t"
    5678. 

  5678.         "ldr	r4, [%[a], #28]\n\t"
    5679. 

  5679.         "ldr	r5, [%[b], #28]\n\t"
    5680. 

  5680.         "adc	r4, r5\n\t"
    5681. 

  5681.         "str	r4, [%[r], #28]\n\t"
    5682. 

  5682.         "ldr	r4, [%[a], #32]\n\t"
    5683. 

  5683.         "ldr	r5, [%[b], #32]\n\t"
    5684. 

  5684.         "adc	r4, r5\n\t"
    5685. 

  5685.         "str	r4, [%[r], #32]\n\t"
    5686. 

  5686.         "ldr	r4, [%[a], #36]\n\t"
    5687. 

  5687.         "ldr	r5, [%[b], #36]\n\t"
    5688. 

  5688.         "adc	r4, r5\n\t"
    5689. 

  5689.         "str	r4, [%[r], #36]\n\t"
    5690. 

  5690.         "ldr	r4, [%[a], #40]\n\t"
    5691. 

  5691.         "ldr	r5, [%[b], #40]\n\t"
    5692. 

  5692.         "adc	r4, r5\n\t"
    5693. 

  5693.         "str	r4, [%[r], #40]\n\t"
    5694. 

  5694.         "ldr	r4, [%[a], #44]\n\t"
    5695. 

  5695.         "ldr	r5, [%[b], #44]\n\t"
    5696. 

  5696.         "adc	r4, r5\n\t"
    5697. 

  5697.         "str	r4, [%[r], #44]\n\t"
    5698. 

  5698.         "mov	%[c], #0\n\t"
    5699. 

  5699.         "adc	%[c], %[c]\n\t"
    5700. 

  5700.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    5701. 

  5701.         :
    5702. 

  5702.         : "memory", "r4", "r5"
    5703. 

  5703.     );
    5704. 

  5704. 

  5705.     return c;
    5706. 

  5706. }
    5707. 

  5707. 

  5708. /* Sub b from a into r. (r = a - b)
    5709. 

  5709.  *
    5710. 

  5710.  * r  A single precision integer.
    5711. 

  5711.  * a  A single precision integer.
    5712. 

  5712.  * b  A single precision integer.
    5713. 

  5713.  */
    5714. 

  5714. SP_NOINLINE static sp_digit sp_3072_sub_in_place_24(sp_digit* a,
    5715. 

  5715.         const sp_digit* b)
    5716. 

  5716. {
    5717. 

  5717.     sp_digit c = 0;
    5718. 

  5718. 

  5719.     __asm__ __volatile__ (
    5720. 

  5720.         "ldr	r3, [%[a], #0]\n\t"
    5721. 

  5721.         "ldr	r4, [%[a], #4]\n\t"
    5722. 

  5722.         "ldr	r5, [%[b], #0]\n\t"
    5723. 

  5723.         "ldr	r6, [%[b], #4]\n\t"
    5724. 

  5724.         "sub	r3, r5\n\t"
    5725. 

  5725.         "sbc	r4, r6\n\t"
    5726. 

  5726.         "str	r3, [%[a], #0]\n\t"
    5727. 

  5727.         "str	r4, [%[a], #4]\n\t"
    5728. 

  5728.         "ldr	r3, [%[a], #8]\n\t"
    5729. 

  5729.         "ldr	r4, [%[a], #12]\n\t"
    5730. 

  5730.         "ldr	r5, [%[b], #8]\n\t"
    5731. 

  5731.         "ldr	r6, [%[b], #12]\n\t"
    5732. 

  5732.         "sbc	r3, r5\n\t"
    5733. 

  5733.         "sbc	r4, r6\n\t"
    5734. 

  5734.         "str	r3, [%[a], #8]\n\t"
    5735. 

  5735.         "str	r4, [%[a], #12]\n\t"
    5736. 

  5736.         "ldr	r3, [%[a], #16]\n\t"
    5737. 

  5737.         "ldr	r4, [%[a], #20]\n\t"
    5738. 

  5738.         "ldr	r5, [%[b], #16]\n\t"
    5739. 

  5739.         "ldr	r6, [%[b], #20]\n\t"
    5740. 

  5740.         "sbc	r3, r5\n\t"
    5741. 

  5741.         "sbc	r4, r6\n\t"
    5742. 

  5742.         "str	r3, [%[a], #16]\n\t"
    5743. 

  5743.         "str	r4, [%[a], #20]\n\t"
    5744. 

  5744.         "ldr	r3, [%[a], #24]\n\t"
    5745. 

  5745.         "ldr	r4, [%[a], #28]\n\t"
    5746. 

  5746.         "ldr	r5, [%[b], #24]\n\t"
    5747. 

  5747.         "ldr	r6, [%[b], #28]\n\t"
    5748. 

  5748.         "sbc	r3, r5\n\t"
    5749. 

  5749.         "sbc	r4, r6\n\t"
    5750. 

  5750.         "str	r3, [%[a], #24]\n\t"
    5751. 

  5751.         "str	r4, [%[a], #28]\n\t"
    5752. 

  5752.         "ldr	r3, [%[a], #32]\n\t"
    5753. 

  5753.         "ldr	r4, [%[a], #36]\n\t"
    5754. 

  5754.         "ldr	r5, [%[b], #32]\n\t"
    5755. 

  5755.         "ldr	r6, [%[b], #36]\n\t"
    5756. 

  5756.         "sbc	r3, r5\n\t"
    5757. 

  5757.         "sbc	r4, r6\n\t"
    5758. 

  5758.         "str	r3, [%[a], #32]\n\t"
    5759. 

  5759.         "str	r4, [%[a], #36]\n\t"
    5760. 

  5760.         "ldr	r3, [%[a], #40]\n\t"
    5761. 

  5761.         "ldr	r4, [%[a], #44]\n\t"
    5762. 

  5762.         "ldr	r5, [%[b], #40]\n\t"
    5763. 

  5763.         "ldr	r6, [%[b], #44]\n\t"
    5764. 

  5764.         "sbc	r3, r5\n\t"
    5765. 

  5765.         "sbc	r4, r6\n\t"
    5766. 

  5766.         "str	r3, [%[a], #40]\n\t"
    5767. 

  5767.         "str	r4, [%[a], #44]\n\t"
    5768. 

  5768.         "ldr	r3, [%[a], #48]\n\t"
    5769. 

  5769.         "ldr	r4, [%[a], #52]\n\t"
    5770. 

  5770.         "ldr	r5, [%[b], #48]\n\t"
    5771. 

  5771.         "ldr	r6, [%[b], #52]\n\t"
    5772. 

  5772.         "sbc	r3, r5\n\t"
    5773. 

  5773.         "sbc	r4, r6\n\t"
    5774. 

  5774.         "str	r3, [%[a], #48]\n\t"
    5775. 

  5775.         "str	r4, [%[a], #52]\n\t"
    5776. 

  5776.         "ldr	r3, [%[a], #56]\n\t"
    5777. 

  5777.         "ldr	r4, [%[a], #60]\n\t"
    5778. 

  5778.         "ldr	r5, [%[b], #56]\n\t"
    5779. 

  5779.         "ldr	r6, [%[b], #60]\n\t"
    5780. 

  5780.         "sbc	r3, r5\n\t"
    5781. 

  5781.         "sbc	r4, r6\n\t"
    5782. 

  5782.         "str	r3, [%[a], #56]\n\t"
    5783. 

  5783.         "str	r4, [%[a], #60]\n\t"
    5784. 

  5784.         "ldr	r3, [%[a], #64]\n\t"
    5785. 

  5785.         "ldr	r4, [%[a], #68]\n\t"
    5786. 

  5786.         "ldr	r5, [%[b], #64]\n\t"
    5787. 

  5787.         "ldr	r6, [%[b], #68]\n\t"
    5788. 

  5788.         "sbc	r3, r5\n\t"
    5789. 

  5789.         "sbc	r4, r6\n\t"
    5790. 

  5790.         "str	r3, [%[a], #64]\n\t"
    5791. 

  5791.         "str	r4, [%[a], #68]\n\t"
    5792. 

  5792.         "ldr	r3, [%[a], #72]\n\t"
    5793. 

  5793.         "ldr	r4, [%[a], #76]\n\t"
    5794. 

  5794.         "ldr	r5, [%[b], #72]\n\t"
    5795. 

  5795.         "ldr	r6, [%[b], #76]\n\t"
    5796. 

  5796.         "sbc	r3, r5\n\t"
    5797. 

  5797.         "sbc	r4, r6\n\t"
    5798. 

  5798.         "str	r3, [%[a], #72]\n\t"
    5799. 

  5799.         "str	r4, [%[a], #76]\n\t"
    5800. 

  5800.         "ldr	r3, [%[a], #80]\n\t"
    5801. 

  5801.         "ldr	r4, [%[a], #84]\n\t"
    5802. 

  5802.         "ldr	r5, [%[b], #80]\n\t"
    5803. 

  5803.         "ldr	r6, [%[b], #84]\n\t"
    5804. 

  5804.         "sbc	r3, r5\n\t"
    5805. 

  5805.         "sbc	r4, r6\n\t"
    5806. 

  5806.         "str	r3, [%[a], #80]\n\t"
    5807. 

  5807.         "str	r4, [%[a], #84]\n\t"
    5808. 

  5808.         "ldr	r3, [%[a], #88]\n\t"
    5809. 

  5809.         "ldr	r4, [%[a], #92]\n\t"
    5810. 

  5810.         "ldr	r5, [%[b], #88]\n\t"
    5811. 

  5811.         "ldr	r6, [%[b], #92]\n\t"
    5812. 

  5812.         "sbc	r3, r5\n\t"
    5813. 

  5813.         "sbc	r4, r6\n\t"
    5814. 

  5814.         "str	r3, [%[a], #88]\n\t"
    5815. 

  5815.         "str	r4, [%[a], #92]\n\t"
    5816. 

  5816.         "sbc	%[c], %[c]\n\t"
    5817. 

  5817.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    5818. 

  5818.         :
    5819. 

  5819.         : "memory", "r3", "r4", "r5", "r6"
    5820. 

  5820.     );
    5821. 

  5821. 

  5822.     return c;
    5823. 

  5823. }
    5824. 

  5824. 

  5825. /* Add b to a into r. (r = a + b)
    5826. 

  5826.  *
    5827. 

  5827.  * r  A single precision integer.
    5828. 

  5828.  * a  A single precision integer.
    5829. 

  5829.  * b  A single precision integer.
    5830. 

  5830.  */
    5831. 

  5831. SP_NOINLINE static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a,
    5832. 

  5832.         const sp_digit* b)
    5833. 

  5833. {
    5834. 

  5834.     sp_digit c = 0;
    5835. 

  5835. 

  5836.     __asm__ __volatile__ (
    5837. 

  5837.         "ldr	r4, [%[a], #0]\n\t"
    5838. 

  5838.         "ldr	r5, [%[b], #0]\n\t"
    5839. 

  5839.         "add	r4, r5\n\t"
    5840. 

  5840.         "str	r4, [%[r], #0]\n\t"
    5841. 

  5841.         "ldr	r4, [%[a], #4]\n\t"
    5842. 

  5842.         "ldr	r5, [%[b], #4]\n\t"
    5843. 

  5843.         "adc	r4, r5\n\t"
    5844. 

  5844.         "str	r4, [%[r], #4]\n\t"
    5845. 

  5845.         "ldr	r4, [%[a], #8]\n\t"
    5846. 

  5846.         "ldr	r5, [%[b], #8]\n\t"
    5847. 

  5847.         "adc	r4, r5\n\t"
    5848. 

  5848.         "str	r4, [%[r], #8]\n\t"
    5849. 

  5849.         "ldr	r4, [%[a], #12]\n\t"
    5850. 

  5850.         "ldr	r5, [%[b], #12]\n\t"
    5851. 

  5851.         "adc	r4, r5\n\t"
    5852. 

  5852.         "str	r4, [%[r], #12]\n\t"
    5853. 

  5853.         "ldr	r4, [%[a], #16]\n\t"
    5854. 

  5854.         "ldr	r5, [%[b], #16]\n\t"
    5855. 

  5855.         "adc	r4, r5\n\t"
    5856. 

  5856.         "str	r4, [%[r], #16]\n\t"
    5857. 

  5857.         "ldr	r4, [%[a], #20]\n\t"
    5858. 

  5858.         "ldr	r5, [%[b], #20]\n\t"
    5859. 

  5859.         "adc	r4, r5\n\t"
    5860. 

  5860.         "str	r4, [%[r], #20]\n\t"
    5861. 

  5861.         "ldr	r4, [%[a], #24]\n\t"
    5862. 

  5862.         "ldr	r5, [%[b], #24]\n\t"
    5863. 

  5863.         "adc	r4, r5\n\t"
    5864. 

  5864.         "str	r4, [%[r], #24]\n\t"
    5865. 

  5865.         "ldr	r4, [%[a], #28]\n\t"
    5866. 

  5866.         "ldr	r5, [%[b], #28]\n\t"
    5867. 

  5867.         "adc	r4, r5\n\t"
    5868. 

  5868.         "str	r4, [%[r], #28]\n\t"
    5869. 

  5869.         "ldr	r4, [%[a], #32]\n\t"
    5870. 

  5870.         "ldr	r5, [%[b], #32]\n\t"
    5871. 

  5871.         "adc	r4, r5\n\t"
    5872. 

  5872.         "str	r4, [%[r], #32]\n\t"
    5873. 

  5873.         "ldr	r4, [%[a], #36]\n\t"
    5874. 

  5874.         "ldr	r5, [%[b], #36]\n\t"
    5875. 

  5875.         "adc	r4, r5\n\t"
    5876. 

  5876.         "str	r4, [%[r], #36]\n\t"
    5877. 

  5877.         "ldr	r4, [%[a], #40]\n\t"
    5878. 

  5878.         "ldr	r5, [%[b], #40]\n\t"
    5879. 

  5879.         "adc	r4, r5\n\t"
    5880. 

  5880.         "str	r4, [%[r], #40]\n\t"
    5881. 

  5881.         "ldr	r4, [%[a], #44]\n\t"
    5882. 

  5882.         "ldr	r5, [%[b], #44]\n\t"
    5883. 

  5883.         "adc	r4, r5\n\t"
    5884. 

  5884.         "str	r4, [%[r], #44]\n\t"
    5885. 

  5885.         "ldr	r4, [%[a], #48]\n\t"
    5886. 

  5886.         "ldr	r5, [%[b], #48]\n\t"
    5887. 

  5887.         "adc	r4, r5\n\t"
    5888. 

  5888.         "str	r4, [%[r], #48]\n\t"
    5889. 

  5889.         "ldr	r4, [%[a], #52]\n\t"
    5890. 

  5890.         "ldr	r5, [%[b], #52]\n\t"
    5891. 

  5891.         "adc	r4, r5\n\t"
    5892. 

  5892.         "str	r4, [%[r], #52]\n\t"
    5893. 

  5893.         "ldr	r4, [%[a], #56]\n\t"
    5894. 

  5894.         "ldr	r5, [%[b], #56]\n\t"
    5895. 

  5895.         "adc	r4, r5\n\t"
    5896. 

  5896.         "str	r4, [%[r], #56]\n\t"
    5897. 

  5897.         "ldr	r4, [%[a], #60]\n\t"
    5898. 

  5898.         "ldr	r5, [%[b], #60]\n\t"
    5899. 

  5899.         "adc	r4, r5\n\t"
    5900. 

  5900.         "str	r4, [%[r], #60]\n\t"
    5901. 

  5901.         "ldr	r4, [%[a], #64]\n\t"
    5902. 

  5902.         "ldr	r5, [%[b], #64]\n\t"
    5903. 

  5903.         "adc	r4, r5\n\t"
    5904. 

  5904.         "str	r4, [%[r], #64]\n\t"
    5905. 

  5905.         "ldr	r4, [%[a], #68]\n\t"
    5906. 

  5906.         "ldr	r5, [%[b], #68]\n\t"
    5907. 

  5907.         "adc	r4, r5\n\t"
    5908. 

  5908.         "str	r4, [%[r], #68]\n\t"
    5909. 

  5909.         "ldr	r4, [%[a], #72]\n\t"
    5910. 

  5910.         "ldr	r5, [%[b], #72]\n\t"
    5911. 

  5911.         "adc	r4, r5\n\t"
    5912. 

  5912.         "str	r4, [%[r], #72]\n\t"
    5913. 

  5913.         "ldr	r4, [%[a], #76]\n\t"
    5914. 

  5914.         "ldr	r5, [%[b], #76]\n\t"
    5915. 

  5915.         "adc	r4, r5\n\t"
    5916. 

  5916.         "str	r4, [%[r], #76]\n\t"
    5917. 

  5917.         "ldr	r4, [%[a], #80]\n\t"
    5918. 

  5918.         "ldr	r5, [%[b], #80]\n\t"
    5919. 

  5919.         "adc	r4, r5\n\t"
    5920. 

  5920.         "str	r4, [%[r], #80]\n\t"
    5921. 

  5921.         "ldr	r4, [%[a], #84]\n\t"
    5922. 

  5922.         "ldr	r5, [%[b], #84]\n\t"
    5923. 

  5923.         "adc	r4, r5\n\t"
    5924. 

  5924.         "str	r4, [%[r], #84]\n\t"
    5925. 

  5925.         "ldr	r4, [%[a], #88]\n\t"
    5926. 

  5926.         "ldr	r5, [%[b], #88]\n\t"
    5927. 

  5927.         "adc	r4, r5\n\t"
    5928. 

  5928.         "str	r4, [%[r], #88]\n\t"
    5929. 

  5929.         "ldr	r4, [%[a], #92]\n\t"
    5930. 

  5930.         "ldr	r5, [%[b], #92]\n\t"
    5931. 

  5931.         "adc	r4, r5\n\t"
    5932. 

  5932.         "str	r4, [%[r], #92]\n\t"
    5933. 

  5933.         "mov	%[c], #0\n\t"
    5934. 

  5934.         "adc	%[c], %[c]\n\t"
    5935. 

  5935.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    5936. 

  5936.         :
    5937. 

  5937.         : "memory", "r4", "r5"
    5938. 

  5938.     );
    5939. 

  5939. 

  5940.     return c;
    5941. 

  5941. }
    5942. 

  5942. 

  5943. /* AND m into each word of a and store in r.
    5944. 

  5944.  *
    5945. 

  5945.  * r  A single precision integer.
    5946. 

  5946.  * a  A single precision integer.
    5947. 

  5947.  * m  Mask to AND against each digit.
    5948. 

  5948.  */
    5949. 

  5949. static void sp_3072_mask_12(sp_digit* r, const sp_digit* a, sp_digit m)
    5950. 

  5950. {
    5951. 

  5951. #ifdef WOLFSSL_SP_SMALL
    5952. 

  5952.     int i;
    5953. 

  5953. 

  5954.     for (i=0; i<12; i++) {
    5955. 

  5955.         r[i] = a[i] & m;
    5956. 

  5956.     }
    5957. 

  5957. #else
    5958. 

  5958.     r[0] = a[0] & m;
    5959. 

  5959.     r[1] = a[1] & m;
    5960. 

  5960.     r[2] = a[2] & m;
    5961. 

  5961.     r[3] = a[3] & m;
    5962. 

  5962.     r[4] = a[4] & m;
    5963. 

  5963.     r[5] = a[5] & m;
    5964. 

  5964.     r[6] = a[6] & m;
    5965. 

  5965.     r[7] = a[7] & m;
    5966. 

  5966.     r[8] = a[8] & m;
    5967. 

  5967.     r[9] = a[9] & m;
    5968. 

  5968.     r[10] = a[10] & m;
    5969. 

  5969.     r[11] = a[11] & m;
    5970. 

  5970. #endif
    5971. 

  5971. }
    5972. 

  5972. 

  5973. /* Multiply a and b into r. (r = a * b)
    5974. 

  5974.  *
    5975. 

  5975.  * r  A single precision integer.
    5976. 

  5976.  * a  A single precision integer.
    5977. 

  5977.  * b  A single precision integer.
    5978. 

  5978.  */
    5979. 

  5979. SP_NOINLINE static void sp_3072_mul_24(sp_digit* r, const sp_digit* a,
    5980. 

  5980.         const sp_digit* b)
    5981. 

  5981. {
    5982. 

  5982.     sp_digit* z0 = r;
    5983. 

  5983.     sp_digit z1[24];
    5984. 

  5984.     sp_digit a1[12];
    5985. 

  5985.     sp_digit b1[12];
    5986. 

  5986.     sp_digit z2[24];
    5987. 

  5987.     sp_digit u, ca, cb;
    5988. 

  5988. 

  5989.     ca = sp_3072_add_12(a1, a, &a[12]);
    5990. 

  5990.     cb = sp_3072_add_12(b1, b, &b[12]);
    5991. 

  5991.     u  = ca & cb;
    5992. 

  5992.     sp_3072_mul_12(z1, a1, b1);
    5993. 

  5993.     sp_3072_mul_12(z2, &a[12], &b[12]);
    5994. 

  5994.     sp_3072_mul_12(z0, a, b);
    5995. 

  5995.     sp_3072_mask_12(r + 24, a1, 0 - cb);
    5996. 

  5996.     sp_3072_mask_12(b1, b1, 0 - ca);
    5997. 

  5997.     u += sp_3072_add_12(r + 24, r + 24, b1);
    5998. 

  5998.     u += sp_3072_sub_in_place_24(z1, z2);
    5999. 

  5999.     u += sp_3072_sub_in_place_24(z1, z0);
    6000. 

  6000.     u += sp_3072_add_24(r + 12, r + 12, z1);
    6001. 

  6001.     r[36] = u;
    6002. 

  6002.     XMEMSET(r + 36 + 1, 0, sizeof(sp_digit) * (12 - 1));
    6003. 

  6003.     (void)sp_3072_add_24(r + 24, r + 24, z2);
    6004. 

  6004. }
    6005. 

  6005. 

  6006. /* Square a and put result in r. (r = a * a)
    6007. 

  6007.  *
    6008. 

  6008.  * r  A single precision integer.
    6009. 

  6009.  * a  A single precision integer.
    6010. 

  6010.  */
    6011. 

  6011. SP_NOINLINE static void sp_3072_sqr_24(sp_digit* r, const sp_digit* a)
    6012. 

  6012. {
    6013. 

  6013.     sp_digit* z0 = r;
    6014. 

  6014.     sp_digit z2[24];
    6015. 

  6015.     sp_digit z1[24];
    6016. 

  6016.     sp_digit a1[12];
    6017. 

  6017.     sp_digit u;
    6018. 

  6018. 

  6019.     u = sp_3072_add_12(a1, a, &a[12]);
    6020. 

  6020.     sp_3072_sqr_12(z1, a1);
    6021. 

  6021.     sp_3072_sqr_12(z2, &a[12]);
    6022. 

  6022.     sp_3072_sqr_12(z0, a);
    6023. 

  6023.     sp_3072_mask_12(r + 24, a1, 0 - u);
    6024. 

  6024.     u += sp_3072_add_12(r + 24, r + 24, r + 24);
    6025. 

  6025.     u += sp_3072_sub_in_place_24(z1, z2);
    6026. 

  6026.     u += sp_3072_sub_in_place_24(z1, z0);
    6027. 

  6027.     u += sp_3072_add_24(r + 12, r + 12, z1);
    6028. 

  6028.     r[36] = u;
    6029. 

  6029.     XMEMSET(r + 36 + 1, 0, sizeof(sp_digit) * (12 - 1));
    6030. 

  6030.     (void)sp_3072_add_24(r + 24, r + 24, z2);
    6031. 

  6031. }
    6032. 

  6032. 

  6033. /* Sub b from a into r. (r = a - b)
    6034. 

  6034.  *
    6035. 

  6035.  * r  A single precision integer.
    6036. 

  6036.  * a  A single precision integer.
    6037. 

  6037.  * b  A single precision integer.
    6038. 

  6038.  */
    6039. 

  6039. SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
    6040. 

  6040.         const sp_digit* b)
    6041. 

  6041. {
    6042. 

  6042.     sp_digit c = 0;
    6043. 

  6043. 

  6044.     __asm__ __volatile__ (
    6045. 

  6045.         "ldr	r3, [%[a], #0]\n\t"
    6046. 

  6046.         "ldr	r4, [%[a], #4]\n\t"
    6047. 

  6047.         "ldr	r5, [%[b], #0]\n\t"
    6048. 

  6048.         "ldr	r6, [%[b], #4]\n\t"
    6049. 

  6049.         "sub	r3, r5\n\t"
    6050. 

  6050.         "sbc	r4, r6\n\t"
    6051. 

  6051.         "str	r3, [%[a], #0]\n\t"
    6052. 

  6052.         "str	r4, [%[a], #4]\n\t"
    6053. 

  6053.         "ldr	r3, [%[a], #8]\n\t"
    6054. 

  6054.         "ldr	r4, [%[a], #12]\n\t"
    6055. 

  6055.         "ldr	r5, [%[b], #8]\n\t"
    6056. 

  6056.         "ldr	r6, [%[b], #12]\n\t"
    6057. 

  6057.         "sbc	r3, r5\n\t"
    6058. 

  6058.         "sbc	r4, r6\n\t"
    6059. 

  6059.         "str	r3, [%[a], #8]\n\t"
    6060. 

  6060.         "str	r4, [%[a], #12]\n\t"
    6061. 

  6061.         "ldr	r3, [%[a], #16]\n\t"
    6062. 

  6062.         "ldr	r4, [%[a], #20]\n\t"
    6063. 

  6063.         "ldr	r5, [%[b], #16]\n\t"
    6064. 

  6064.         "ldr	r6, [%[b], #20]\n\t"
    6065. 

  6065.         "sbc	r3, r5\n\t"
    6066. 

  6066.         "sbc	r4, r6\n\t"
    6067. 

  6067.         "str	r3, [%[a], #16]\n\t"
    6068. 

  6068.         "str	r4, [%[a], #20]\n\t"
    6069. 

  6069.         "ldr	r3, [%[a], #24]\n\t"
    6070. 

  6070.         "ldr	r4, [%[a], #28]\n\t"
    6071. 

  6071.         "ldr	r5, [%[b], #24]\n\t"
    6072. 

  6072.         "ldr	r6, [%[b], #28]\n\t"
    6073. 

  6073.         "sbc	r3, r5\n\t"
    6074. 

  6074.         "sbc	r4, r6\n\t"
    6075. 

  6075.         "str	r3, [%[a], #24]\n\t"
    6076. 

  6076.         "str	r4, [%[a], #28]\n\t"
    6077. 

  6077.         "ldr	r3, [%[a], #32]\n\t"
    6078. 

  6078.         "ldr	r4, [%[a], #36]\n\t"
    6079. 

  6079.         "ldr	r5, [%[b], #32]\n\t"
    6080. 

  6080.         "ldr	r6, [%[b], #36]\n\t"
    6081. 

  6081.         "sbc	r3, r5\n\t"
    6082. 

  6082.         "sbc	r4, r6\n\t"
    6083. 

  6083.         "str	r3, [%[a], #32]\n\t"
    6084. 

  6084.         "str	r4, [%[a], #36]\n\t"
    6085. 

  6085.         "ldr	r3, [%[a], #40]\n\t"
    6086. 

  6086.         "ldr	r4, [%[a], #44]\n\t"
    6087. 

  6087.         "ldr	r5, [%[b], #40]\n\t"
    6088. 

  6088.         "ldr	r6, [%[b], #44]\n\t"
    6089. 

  6089.         "sbc	r3, r5\n\t"
    6090. 

  6090.         "sbc	r4, r6\n\t"
    6091. 

  6091.         "str	r3, [%[a], #40]\n\t"
    6092. 

  6092.         "str	r4, [%[a], #44]\n\t"
    6093. 

  6093.         "ldr	r3, [%[a], #48]\n\t"
    6094. 

  6094.         "ldr	r4, [%[a], #52]\n\t"
    6095. 

  6095.         "ldr	r5, [%[b], #48]\n\t"
    6096. 

  6096.         "ldr	r6, [%[b], #52]\n\t"
    6097. 

  6097.         "sbc	r3, r5\n\t"
    6098. 

  6098.         "sbc	r4, r6\n\t"
    6099. 

  6099.         "str	r3, [%[a], #48]\n\t"
    6100. 

  6100.         "str	r4, [%[a], #52]\n\t"
    6101. 

  6101.         "ldr	r3, [%[a], #56]\n\t"
    6102. 

  6102.         "ldr	r4, [%[a], #60]\n\t"
    6103. 

  6103.         "ldr	r5, [%[b], #56]\n\t"
    6104. 

  6104.         "ldr	r6, [%[b], #60]\n\t"
    6105. 

  6105.         "sbc	r3, r5\n\t"
    6106. 

  6106.         "sbc	r4, r6\n\t"
    6107. 

  6107.         "str	r3, [%[a], #56]\n\t"
    6108. 

  6108.         "str	r4, [%[a], #60]\n\t"
    6109. 

  6109.         "ldr	r3, [%[a], #64]\n\t"
    6110. 

  6110.         "ldr	r4, [%[a], #68]\n\t"
    6111. 

  6111.         "ldr	r5, [%[b], #64]\n\t"
    6112. 

  6112.         "ldr	r6, [%[b], #68]\n\t"
    6113. 

  6113.         "sbc	r3, r5\n\t"
    6114. 

  6114.         "sbc	r4, r6\n\t"
    6115. 

  6115.         "str	r3, [%[a], #64]\n\t"
    6116. 

  6116.         "str	r4, [%[a], #68]\n\t"
    6117. 

  6117.         "ldr	r3, [%[a], #72]\n\t"
    6118. 

  6118.         "ldr	r4, [%[a], #76]\n\t"
    6119. 

  6119.         "ldr	r5, [%[b], #72]\n\t"
    6120. 

  6120.         "ldr	r6, [%[b], #76]\n\t"
    6121. 

  6121.         "sbc	r3, r5\n\t"
    6122. 

  6122.         "sbc	r4, r6\n\t"
    6123. 

  6123.         "str	r3, [%[a], #72]\n\t"
    6124. 

  6124.         "str	r4, [%[a], #76]\n\t"
    6125. 

  6125.         "ldr	r3, [%[a], #80]\n\t"
    6126. 

  6126.         "ldr	r4, [%[a], #84]\n\t"
    6127. 

  6127.         "ldr	r5, [%[b], #80]\n\t"
    6128. 

  6128.         "ldr	r6, [%[b], #84]\n\t"
    6129. 

  6129.         "sbc	r3, r5\n\t"
    6130. 

  6130.         "sbc	r4, r6\n\t"
    6131. 

  6131.         "str	r3, [%[a], #80]\n\t"
    6132. 

  6132.         "str	r4, [%[a], #84]\n\t"
    6133. 

  6133.         "ldr	r3, [%[a], #88]\n\t"
    6134. 

  6134.         "ldr	r4, [%[a], #92]\n\t"
    6135. 

  6135.         "ldr	r5, [%[b], #88]\n\t"
    6136. 

  6136.         "ldr	r6, [%[b], #92]\n\t"
    6137. 

  6137.         "sbc	r3, r5\n\t"
    6138. 

  6138.         "sbc	r4, r6\n\t"
    6139. 

  6139.         "str	r3, [%[a], #88]\n\t"
    6140. 

  6140.         "str	r4, [%[a], #92]\n\t"
    6141. 

  6141.         "ldr	r3, [%[a], #96]\n\t"
    6142. 

  6142.         "ldr	r4, [%[a], #100]\n\t"
    6143. 

  6143.         "ldr	r5, [%[b], #96]\n\t"
    6144. 

  6144.         "ldr	r6, [%[b], #100]\n\t"
    6145. 

  6145.         "sbc	r3, r5\n\t"
    6146. 

  6146.         "sbc	r4, r6\n\t"
    6147. 

  6147.         "str	r3, [%[a], #96]\n\t"
    6148. 

  6148.         "str	r4, [%[a], #100]\n\t"
    6149. 

  6149.         "ldr	r3, [%[a], #104]\n\t"
    6150. 

  6150.         "ldr	r4, [%[a], #108]\n\t"
    6151. 

  6151.         "ldr	r5, [%[b], #104]\n\t"
    6152. 

  6152.         "ldr	r6, [%[b], #108]\n\t"
    6153. 

  6153.         "sbc	r3, r5\n\t"
    6154. 

  6154.         "sbc	r4, r6\n\t"
    6155. 

  6155.         "str	r3, [%[a], #104]\n\t"
    6156. 

  6156.         "str	r4, [%[a], #108]\n\t"
    6157. 

  6157.         "ldr	r3, [%[a], #112]\n\t"
    6158. 

  6158.         "ldr	r4, [%[a], #116]\n\t"
    6159. 

  6159.         "ldr	r5, [%[b], #112]\n\t"
    6160. 

  6160.         "ldr	r6, [%[b], #116]\n\t"
    6161. 

  6161.         "sbc	r3, r5\n\t"
    6162. 

  6162.         "sbc	r4, r6\n\t"
    6163. 

  6163.         "str	r3, [%[a], #112]\n\t"
    6164. 

  6164.         "str	r4, [%[a], #116]\n\t"
    6165. 

  6165.         "ldr	r3, [%[a], #120]\n\t"
    6166. 

  6166.         "ldr	r4, [%[a], #124]\n\t"
    6167. 

  6167.         "ldr	r5, [%[b], #120]\n\t"
    6168. 

  6168.         "ldr	r6, [%[b], #124]\n\t"
    6169. 

  6169.         "sbc	r3, r5\n\t"
    6170. 

  6170.         "sbc	r4, r6\n\t"
    6171. 

  6171.         "str	r3, [%[a], #120]\n\t"
    6172. 

  6172.         "str	r4, [%[a], #124]\n\t"
    6173. 

  6173.         "sbc	%[c], %[c]\n\t"
    6174. 

  6174.         "add	%[a], #0x80\n\t"
    6175. 

  6175.         "add	%[b], #0x80\n\t"
    6176. 

  6176.         "mov	r5, #0\n\t"
    6177. 

  6177.         "sub	r5, %[c]\n\t"
    6178. 

  6178.         "ldr	r3, [%[a], #0]\n\t"
    6179. 

  6179.         "ldr	r4, [%[a], #4]\n\t"
    6180. 

  6180.         "ldr	r5, [%[b], #0]\n\t"
    6181. 

  6181.         "ldr	r6, [%[b], #4]\n\t"
    6182. 

  6182.         "sbc	r3, r5\n\t"
    6183. 

  6183.         "sbc	r4, r6\n\t"
    6184. 

  6184.         "str	r3, [%[a], #0]\n\t"
    6185. 

  6185.         "str	r4, [%[a], #4]\n\t"
    6186. 

  6186.         "ldr	r3, [%[a], #8]\n\t"
    6187. 

  6187.         "ldr	r4, [%[a], #12]\n\t"
    6188. 

  6188.         "ldr	r5, [%[b], #8]\n\t"
    6189. 

  6189.         "ldr	r6, [%[b], #12]\n\t"
    6190. 

  6190.         "sbc	r3, r5\n\t"
    6191. 

  6191.         "sbc	r4, r6\n\t"
    6192. 

  6192.         "str	r3, [%[a], #8]\n\t"
    6193. 

  6193.         "str	r4, [%[a], #12]\n\t"
    6194. 

  6194.         "ldr	r3, [%[a], #16]\n\t"
    6195. 

  6195.         "ldr	r4, [%[a], #20]\n\t"
    6196. 

  6196.         "ldr	r5, [%[b], #16]\n\t"
    6197. 

  6197.         "ldr	r6, [%[b], #20]\n\t"
    6198. 

  6198.         "sbc	r3, r5\n\t"
    6199. 

  6199.         "sbc	r4, r6\n\t"
    6200. 

  6200.         "str	r3, [%[a], #16]\n\t"
    6201. 

  6201.         "str	r4, [%[a], #20]\n\t"
    6202. 

  6202.         "ldr	r3, [%[a], #24]\n\t"
    6203. 

  6203.         "ldr	r4, [%[a], #28]\n\t"
    6204. 

  6204.         "ldr	r5, [%[b], #24]\n\t"
    6205. 

  6205.         "ldr	r6, [%[b], #28]\n\t"
    6206. 

  6206.         "sbc	r3, r5\n\t"
    6207. 

  6207.         "sbc	r4, r6\n\t"
    6208. 

  6208.         "str	r3, [%[a], #24]\n\t"
    6209. 

  6209.         "str	r4, [%[a], #28]\n\t"
    6210. 

  6210.         "ldr	r3, [%[a], #32]\n\t"
    6211. 

  6211.         "ldr	r4, [%[a], #36]\n\t"
    6212. 

  6212.         "ldr	r5, [%[b], #32]\n\t"
    6213. 

  6213.         "ldr	r6, [%[b], #36]\n\t"
    6214. 

  6214.         "sbc	r3, r5\n\t"
    6215. 

  6215.         "sbc	r4, r6\n\t"
    6216. 

  6216.         "str	r3, [%[a], #32]\n\t"
    6217. 

  6217.         "str	r4, [%[a], #36]\n\t"
    6218. 

  6218.         "ldr	r3, [%[a], #40]\n\t"
    6219. 

  6219.         "ldr	r4, [%[a], #44]\n\t"
    6220. 

  6220.         "ldr	r5, [%[b], #40]\n\t"
    6221. 

  6221.         "ldr	r6, [%[b], #44]\n\t"
    6222. 

  6222.         "sbc	r3, r5\n\t"
    6223. 

  6223.         "sbc	r4, r6\n\t"
    6224. 

  6224.         "str	r3, [%[a], #40]\n\t"
    6225. 

  6225.         "str	r4, [%[a], #44]\n\t"
    6226. 

  6226.         "ldr	r3, [%[a], #48]\n\t"
    6227. 

  6227.         "ldr	r4, [%[a], #52]\n\t"
    6228. 

  6228.         "ldr	r5, [%[b], #48]\n\t"
    6229. 

  6229.         "ldr	r6, [%[b], #52]\n\t"
    6230. 

  6230.         "sbc	r3, r5\n\t"
    6231. 

  6231.         "sbc	r4, r6\n\t"
    6232. 

  6232.         "str	r3, [%[a], #48]\n\t"
    6233. 

  6233.         "str	r4, [%[a], #52]\n\t"
    6234. 

  6234.         "ldr	r3, [%[a], #56]\n\t"
    6235. 

  6235.         "ldr	r4, [%[a], #60]\n\t"
    6236. 

  6236.         "ldr	r5, [%[b], #56]\n\t"
    6237. 

  6237.         "ldr	r6, [%[b], #60]\n\t"
    6238. 

  6238.         "sbc	r3, r5\n\t"
    6239. 

  6239.         "sbc	r4, r6\n\t"
    6240. 

  6240.         "str	r3, [%[a], #56]\n\t"
    6241. 

  6241.         "str	r4, [%[a], #60]\n\t"
    6242. 

  6242.         "sbc	%[c], %[c]\n\t"
    6243. 

  6243.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    6244. 

  6244.         :
    6245. 

  6245.         : "memory", "r3", "r4", "r5", "r6"
    6246. 

  6246.     );
    6247. 

  6247. 

  6248.     return c;
    6249. 

  6249. }
    6250. 

  6250. 

  6251. /* Add b to a into r. (r = a + b)
    6252. 

  6252.  *
    6253. 

  6253.  * r  A single precision integer.
    6254. 

  6254.  * a  A single precision integer.
    6255. 

  6255.  * b  A single precision integer.
    6256. 

  6256.  */
    6257. 

  6257. SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
    6258. 

  6258.         const sp_digit* b)
    6259. 

  6259. {
    6260. 

  6260.     sp_digit c = 0;
    6261. 

  6261. 

  6262.     __asm__ __volatile__ (
    6263. 

  6263.         "mov	r7, #0\n\t"
    6264. 

  6264.         "mvn	r7, r7\n\t"
    6265. 

  6265.         "ldr	r4, [%[a], #0]\n\t"
    6266. 

  6266.         "ldr	r5, [%[b], #0]\n\t"
    6267. 

  6267.         "add	r4, r5\n\t"
    6268. 

  6268.         "str	r4, [%[r], #0]\n\t"
    6269. 

  6269.         "ldr	r4, [%[a], #4]\n\t"
    6270. 

  6270.         "ldr	r5, [%[b], #4]\n\t"
    6271. 

  6271.         "adc	r4, r5\n\t"
    6272. 

  6272.         "str	r4, [%[r], #4]\n\t"
    6273. 

  6273.         "ldr	r4, [%[a], #8]\n\t"
    6274. 

  6274.         "ldr	r5, [%[b], #8]\n\t"
    6275. 

  6275.         "adc	r4, r5\n\t"
    6276. 

  6276.         "str	r4, [%[r], #8]\n\t"
    6277. 

  6277.         "ldr	r4, [%[a], #12]\n\t"
    6278. 

  6278.         "ldr	r5, [%[b], #12]\n\t"
    6279. 

  6279.         "adc	r4, r5\n\t"
    6280. 

  6280.         "str	r4, [%[r], #12]\n\t"
    6281. 

  6281.         "ldr	r4, [%[a], #16]\n\t"
    6282. 

  6282.         "ldr	r5, [%[b], #16]\n\t"
    6283. 

  6283.         "adc	r4, r5\n\t"
    6284. 

  6284.         "str	r4, [%[r], #16]\n\t"
    6285. 

  6285.         "ldr	r4, [%[a], #20]\n\t"
    6286. 

  6286.         "ldr	r5, [%[b], #20]\n\t"
    6287. 

  6287.         "adc	r4, r5\n\t"
    6288. 

  6288.         "str	r4, [%[r], #20]\n\t"
    6289. 

  6289.         "ldr	r4, [%[a], #24]\n\t"
    6290. 

  6290.         "ldr	r5, [%[b], #24]\n\t"
    6291. 

  6291.         "adc	r4, r5\n\t"
    6292. 

  6292.         "str	r4, [%[r], #24]\n\t"
    6293. 

  6293.         "ldr	r4, [%[a], #28]\n\t"
    6294. 

  6294.         "ldr	r5, [%[b], #28]\n\t"
    6295. 

  6295.         "adc	r4, r5\n\t"
    6296. 

  6296.         "str	r4, [%[r], #28]\n\t"
    6297. 

  6297.         "ldr	r4, [%[a], #32]\n\t"
    6298. 

  6298.         "ldr	r5, [%[b], #32]\n\t"
    6299. 

  6299.         "adc	r4, r5\n\t"
    6300. 

  6300.         "str	r4, [%[r], #32]\n\t"
    6301. 

  6301.         "ldr	r4, [%[a], #36]\n\t"
    6302. 

  6302.         "ldr	r5, [%[b], #36]\n\t"
    6303. 

  6303.         "adc	r4, r5\n\t"
    6304. 

  6304.         "str	r4, [%[r], #36]\n\t"
    6305. 

  6305.         "ldr	r4, [%[a], #40]\n\t"
    6306. 

  6306.         "ldr	r5, [%[b], #40]\n\t"
    6307. 

  6307.         "adc	r4, r5\n\t"
    6308. 

  6308.         "str	r4, [%[r], #40]\n\t"
    6309. 

  6309.         "ldr	r4, [%[a], #44]\n\t"
    6310. 

  6310.         "ldr	r5, [%[b], #44]\n\t"
    6311. 

  6311.         "adc	r4, r5\n\t"
    6312. 

  6312.         "str	r4, [%[r], #44]\n\t"
    6313. 

  6313.         "ldr	r4, [%[a], #48]\n\t"
    6314. 

  6314.         "ldr	r5, [%[b], #48]\n\t"
    6315. 

  6315.         "adc	r4, r5\n\t"
    6316. 

  6316.         "str	r4, [%[r], #48]\n\t"
    6317. 

  6317.         "ldr	r4, [%[a], #52]\n\t"
    6318. 

  6318.         "ldr	r5, [%[b], #52]\n\t"
    6319. 

  6319.         "adc	r4, r5\n\t"
    6320. 

  6320.         "str	r4, [%[r], #52]\n\t"
    6321. 

  6321.         "ldr	r4, [%[a], #56]\n\t"
    6322. 

  6322.         "ldr	r5, [%[b], #56]\n\t"
    6323. 

  6323.         "adc	r4, r5\n\t"
    6324. 

  6324.         "str	r4, [%[r], #56]\n\t"
    6325. 

  6325.         "ldr	r4, [%[a], #60]\n\t"
    6326. 

  6326.         "ldr	r5, [%[b], #60]\n\t"
    6327. 

  6327.         "adc	r4, r5\n\t"
    6328. 

  6328.         "str	r4, [%[r], #60]\n\t"
    6329. 

  6329.         "ldr	r4, [%[a], #64]\n\t"
    6330. 

  6330.         "ldr	r5, [%[b], #64]\n\t"
    6331. 

  6331.         "adc	r4, r5\n\t"
    6332. 

  6332.         "str	r4, [%[r], #64]\n\t"
    6333. 

  6333.         "ldr	r4, [%[a], #68]\n\t"
    6334. 

  6334.         "ldr	r5, [%[b], #68]\n\t"
    6335. 

  6335.         "adc	r4, r5\n\t"
    6336. 

  6336.         "str	r4, [%[r], #68]\n\t"
    6337. 

  6337.         "ldr	r4, [%[a], #72]\n\t"
    6338. 

  6338.         "ldr	r5, [%[b], #72]\n\t"
    6339. 

  6339.         "adc	r4, r5\n\t"
    6340. 

  6340.         "str	r4, [%[r], #72]\n\t"
    6341. 

  6341.         "ldr	r4, [%[a], #76]\n\t"
    6342. 

  6342.         "ldr	r5, [%[b], #76]\n\t"
    6343. 

  6343.         "adc	r4, r5\n\t"
    6344. 

  6344.         "str	r4, [%[r], #76]\n\t"
    6345. 

  6345.         "ldr	r4, [%[a], #80]\n\t"
    6346. 

  6346.         "ldr	r5, [%[b], #80]\n\t"
    6347. 

  6347.         "adc	r4, r5\n\t"
    6348. 

  6348.         "str	r4, [%[r], #80]\n\t"
    6349. 

  6349.         "ldr	r4, [%[a], #84]\n\t"
    6350. 

  6350.         "ldr	r5, [%[b], #84]\n\t"
    6351. 

  6351.         "adc	r4, r5\n\t"
    6352. 

  6352.         "str	r4, [%[r], #84]\n\t"
    6353. 

  6353.         "ldr	r4, [%[a], #88]\n\t"
    6354. 

  6354.         "ldr	r5, [%[b], #88]\n\t"
    6355. 

  6355.         "adc	r4, r5\n\t"
    6356. 

  6356.         "str	r4, [%[r], #88]\n\t"
    6357. 

  6357.         "ldr	r4, [%[a], #92]\n\t"
    6358. 

  6358.         "ldr	r5, [%[b], #92]\n\t"
    6359. 

  6359.         "adc	r4, r5\n\t"
    6360. 

  6360.         "str	r4, [%[r], #92]\n\t"
    6361. 

  6361.         "ldr	r4, [%[a], #96]\n\t"
    6362. 

  6362.         "ldr	r5, [%[b], #96]\n\t"
    6363. 

  6363.         "adc	r4, r5\n\t"
    6364. 

  6364.         "str	r4, [%[r], #96]\n\t"
    6365. 

  6365.         "ldr	r4, [%[a], #100]\n\t"
    6366. 

  6366.         "ldr	r5, [%[b], #100]\n\t"
    6367. 

  6367.         "adc	r4, r5\n\t"
    6368. 

  6368.         "str	r4, [%[r], #100]\n\t"
    6369. 

  6369.         "ldr	r4, [%[a], #104]\n\t"
    6370. 

  6370.         "ldr	r5, [%[b], #104]\n\t"
    6371. 

  6371.         "adc	r4, r5\n\t"
    6372. 

  6372.         "str	r4, [%[r], #104]\n\t"
    6373. 

  6373.         "ldr	r4, [%[a], #108]\n\t"
    6374. 

  6374.         "ldr	r5, [%[b], #108]\n\t"
    6375. 

  6375.         "adc	r4, r5\n\t"
    6376. 

  6376.         "str	r4, [%[r], #108]\n\t"
    6377. 

  6377.         "ldr	r4, [%[a], #112]\n\t"
    6378. 

  6378.         "ldr	r5, [%[b], #112]\n\t"
    6379. 

  6379.         "adc	r4, r5\n\t"
    6380. 

  6380.         "str	r4, [%[r], #112]\n\t"
    6381. 

  6381.         "ldr	r4, [%[a], #116]\n\t"
    6382. 

  6382.         "ldr	r5, [%[b], #116]\n\t"
    6383. 

  6383.         "adc	r4, r5\n\t"
    6384. 

  6384.         "str	r4, [%[r], #116]\n\t"
    6385. 

  6385.         "ldr	r4, [%[a], #120]\n\t"
    6386. 

  6386.         "ldr	r5, [%[b], #120]\n\t"
    6387. 

  6387.         "adc	r4, r5\n\t"
    6388. 

  6388.         "str	r4, [%[r], #120]\n\t"
    6389. 

  6389.         "ldr	r4, [%[a], #124]\n\t"
    6390. 

  6390.         "ldr	r5, [%[b], #124]\n\t"
    6391. 

  6391.         "adc	r4, r5\n\t"
    6392. 

  6392.         "str	r4, [%[r], #124]\n\t"
    6393. 

  6393.         "mov	%[c], #0\n\t"
    6394. 

  6394.         "adc	%[c], %[c]\n\t"
    6395. 

  6395.         "add	%[a], #0x80\n\t"
    6396. 

  6396.         "add	%[b], #0x80\n\t"
    6397. 

  6397.         "add	%[r], #0x80\n\t"
    6398. 

  6398.         "add	%[c], r7\n\t"
    6399. 

  6399.         "ldr	r4, [%[a], #0]\n\t"
    6400. 

  6400.         "ldr	r5, [%[b], #0]\n\t"
    6401. 

  6401.         "adc	r4, r5\n\t"
    6402. 

  6402.         "str	r4, [%[r], #0]\n\t"
    6403. 

  6403.         "ldr	r4, [%[a], #4]\n\t"
    6404. 

  6404.         "ldr	r5, [%[b], #4]\n\t"
    6405. 

  6405.         "adc	r4, r5\n\t"
    6406. 

  6406.         "str	r4, [%[r], #4]\n\t"
    6407. 

  6407.         "ldr	r4, [%[a], #8]\n\t"
    6408. 

  6408.         "ldr	r5, [%[b], #8]\n\t"
    6409. 

  6409.         "adc	r4, r5\n\t"
    6410. 

  6410.         "str	r4, [%[r], #8]\n\t"
    6411. 

  6411.         "ldr	r4, [%[a], #12]\n\t"
    6412. 

  6412.         "ldr	r5, [%[b], #12]\n\t"
    6413. 

  6413.         "adc	r4, r5\n\t"
    6414. 

  6414.         "str	r4, [%[r], #12]\n\t"
    6415. 

  6415.         "ldr	r4, [%[a], #16]\n\t"
    6416. 

  6416.         "ldr	r5, [%[b], #16]\n\t"
    6417. 

  6417.         "adc	r4, r5\n\t"
    6418. 

  6418.         "str	r4, [%[r], #16]\n\t"
    6419. 

  6419.         "ldr	r4, [%[a], #20]\n\t"
    6420. 

  6420.         "ldr	r5, [%[b], #20]\n\t"
    6421. 

  6421.         "adc	r4, r5\n\t"
    6422. 

  6422.         "str	r4, [%[r], #20]\n\t"
    6423. 

  6423.         "ldr	r4, [%[a], #24]\n\t"
    6424. 

  6424.         "ldr	r5, [%[b], #24]\n\t"
    6425. 

  6425.         "adc	r4, r5\n\t"
    6426. 

  6426.         "str	r4, [%[r], #24]\n\t"
    6427. 

  6427.         "ldr	r4, [%[a], #28]\n\t"
    6428. 

  6428.         "ldr	r5, [%[b], #28]\n\t"
    6429. 

  6429.         "adc	r4, r5\n\t"
    6430. 

  6430.         "str	r4, [%[r], #28]\n\t"
    6431. 

  6431.         "ldr	r4, [%[a], #32]\n\t"
    6432. 

  6432.         "ldr	r5, [%[b], #32]\n\t"
    6433. 

  6433.         "adc	r4, r5\n\t"
    6434. 

  6434.         "str	r4, [%[r], #32]\n\t"
    6435. 

  6435.         "ldr	r4, [%[a], #36]\n\t"
    6436. 

  6436.         "ldr	r5, [%[b], #36]\n\t"
    6437. 

  6437.         "adc	r4, r5\n\t"
    6438. 

  6438.         "str	r4, [%[r], #36]\n\t"
    6439. 

  6439.         "ldr	r4, [%[a], #40]\n\t"
    6440. 

  6440.         "ldr	r5, [%[b], #40]\n\t"
    6441. 

  6441.         "adc	r4, r5\n\t"
    6442. 

  6442.         "str	r4, [%[r], #40]\n\t"
    6443. 

  6443.         "ldr	r4, [%[a], #44]\n\t"
    6444. 

  6444.         "ldr	r5, [%[b], #44]\n\t"
    6445. 

  6445.         "adc	r4, r5\n\t"
    6446. 

  6446.         "str	r4, [%[r], #44]\n\t"
    6447. 

  6447.         "ldr	r4, [%[a], #48]\n\t"
    6448. 

  6448.         "ldr	r5, [%[b], #48]\n\t"
    6449. 

  6449.         "adc	r4, r5\n\t"
    6450. 

  6450.         "str	r4, [%[r], #48]\n\t"
    6451. 

  6451.         "ldr	r4, [%[a], #52]\n\t"
    6452. 

  6452.         "ldr	r5, [%[b], #52]\n\t"
    6453. 

  6453.         "adc	r4, r5\n\t"
    6454. 

  6454.         "str	r4, [%[r], #52]\n\t"
    6455. 

  6455.         "ldr	r4, [%[a], #56]\n\t"
    6456. 

  6456.         "ldr	r5, [%[b], #56]\n\t"
    6457. 

  6457.         "adc	r4, r5\n\t"
    6458. 

  6458.         "str	r4, [%[r], #56]\n\t"
    6459. 

  6459.         "ldr	r4, [%[a], #60]\n\t"
    6460. 

  6460.         "ldr	r5, [%[b], #60]\n\t"
    6461. 

  6461.         "adc	r4, r5\n\t"
    6462. 

  6462.         "str	r4, [%[r], #60]\n\t"
    6463. 

  6463.         "mov	%[c], #0\n\t"
    6464. 

  6464.         "adc	%[c], %[c]\n\t"
    6465. 

  6465.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    6466. 

  6466.         :
    6467. 

  6467.         : "memory", "r4", "r5", "r7"
    6468. 

  6468.     );
    6469. 

  6469. 

  6470.     return c;
    6471. 

  6471. }
    6472. 

  6472. 

  6473. /* AND m into each word of a and store in r.
    6474. 

  6474.  *
    6475. 

  6475.  * r  A single precision integer.
    6476. 

  6476.  * a  A single precision integer.
    6477. 

  6477.  * m  Mask to AND against each digit.
    6478. 

  6478.  */
    6479. 

  6479. static void sp_3072_mask_24(sp_digit* r, const sp_digit* a, sp_digit m)
    6480. 

  6480. {
    6481. 

  6481. #ifdef WOLFSSL_SP_SMALL
    6482. 

  6482.     int i;
    6483. 

  6483. 

  6484.     for (i=0; i<24; i++) {
    6485. 

  6485.         r[i] = a[i] & m;
    6486. 

  6486.     }
    6487. 

  6487. #else
    6488. 

  6488.     int i;
    6489. 

  6489. 

  6490.     for (i = 0; i < 24; i += 8) {
    6491. 

  6491.         r[i+0] = a[i+0] & m;
    6492. 

  6492.         r[i+1] = a[i+1] & m;
    6493. 

  6493.         r[i+2] = a[i+2] & m;
    6494. 

  6494.         r[i+3] = a[i+3] & m;
    6495. 

  6495.         r[i+4] = a[i+4] & m;
    6496. 

  6496.         r[i+5] = a[i+5] & m;
    6497. 

  6497.         r[i+6] = a[i+6] & m;
    6498. 

  6498.         r[i+7] = a[i+7] & m;
    6499. 

  6499.     }
    6500. 

  6500. #endif
    6501. 

  6501. }
    6502. 

  6502. 

  6503. /* Multiply a and b into r. (r = a * b)
    6504. 

  6504.  *
    6505. 

  6505.  * r  A single precision integer.
    6506. 

  6506.  * a  A single precision integer.
    6507. 

  6507.  * b  A single precision integer.
    6508. 

  6508.  */
    6509. 

  6509. SP_NOINLINE static void sp_3072_mul_48(sp_digit* r, const sp_digit* a,
    6510. 

  6510.         const sp_digit* b)
    6511. 

  6511. {
    6512. 

  6512.     sp_digit* z0 = r;
    6513. 

  6513.     sp_digit z1[48];
    6514. 

  6514.     sp_digit a1[24];
    6515. 

  6515.     sp_digit b1[24];
    6516. 

  6516.     sp_digit z2[48];
    6517. 

  6517.     sp_digit u, ca, cb;
    6518. 

  6518. 

  6519.     ca = sp_3072_add_24(a1, a, &a[24]);
    6520. 

  6520.     cb = sp_3072_add_24(b1, b, &b[24]);
    6521. 

  6521.     u  = ca & cb;
    6522. 

  6522.     sp_3072_mul_24(z1, a1, b1);
    6523. 

  6523.     sp_3072_mul_24(z2, &a[24], &b[24]);
    6524. 

  6524.     sp_3072_mul_24(z0, a, b);
    6525. 

  6525.     sp_3072_mask_24(r + 48, a1, 0 - cb);
    6526. 

  6526.     sp_3072_mask_24(b1, b1, 0 - ca);
    6527. 

  6527.     u += sp_3072_add_24(r + 48, r + 48, b1);
    6528. 

  6528.     u += sp_3072_sub_in_place_48(z1, z2);
    6529. 

  6529.     u += sp_3072_sub_in_place_48(z1, z0);
    6530. 

  6530.     u += sp_3072_add_48(r + 24, r + 24, z1);
    6531. 

  6531.     r[72] = u;
    6532. 

  6532.     XMEMSET(r + 72 + 1, 0, sizeof(sp_digit) * (24 - 1));
    6533. 

  6533.     (void)sp_3072_add_48(r + 48, r + 48, z2);
    6534. 

  6534. }
    6535. 

  6535. 

  6536. /* Square a and put result in r. (r = a * a)
    6537. 

  6537.  *
    6538. 

  6538.  * r  A single precision integer.
    6539. 

  6539.  * a  A single precision integer.
    6540. 

  6540.  */
    6541. 

  6541. SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
    6542. 

  6542. {
    6543. 

  6543.     sp_digit* z0 = r;
    6544. 

  6544.     sp_digit z2[48];
    6545. 

  6545.     sp_digit z1[48];
    6546. 

  6546.     sp_digit a1[24];
    6547. 

  6547.     sp_digit u;
    6548. 

  6548. 

  6549.     u = sp_3072_add_24(a1, a, &a[24]);
    6550. 

  6550.     sp_3072_sqr_24(z1, a1);
    6551. 

  6551.     sp_3072_sqr_24(z2, &a[24]);
    6552. 

  6552.     sp_3072_sqr_24(z0, a);
    6553. 

  6553.     sp_3072_mask_24(r + 48, a1, 0 - u);
    6554. 

  6554.     u += sp_3072_add_24(r + 48, r + 48, r + 48);
    6555. 

  6555.     u += sp_3072_sub_in_place_48(z1, z2);
    6556. 

  6556.     u += sp_3072_sub_in_place_48(z1, z0);
    6557. 

  6557.     u += sp_3072_add_48(r + 24, r + 24, z1);
    6558. 

  6558.     r[72] = u;
    6559. 

  6559.     XMEMSET(r + 72 + 1, 0, sizeof(sp_digit) * (24 - 1));
    6560. 

  6560.     (void)sp_3072_add_48(r + 48, r + 48, z2);
    6561. 

  6561. }
    6562. 

  6562. 

  6563. /* Sub b from a into r. (r = a - b)
    6564. 

  6564.  *
    6565. 

  6565.  * r  A single precision integer.
    6566. 

  6566.  * a  A single precision integer.
    6567. 

  6567.  * b  A single precision integer.
    6568. 

  6568.  */
    6569. 

  6569. SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
    6570. 

  6570.         const sp_digit* b)
    6571. 

  6571. {
    6572. 

  6572.     sp_digit c = 0;
    6573. 

  6573. 

  6574.     __asm__ __volatile__ (
    6575. 

  6575.         "ldr	r3, [%[a], #0]\n\t"
    6576. 

  6576.         "ldr	r4, [%[a], #4]\n\t"
    6577. 

  6577.         "ldr	r5, [%[b], #0]\n\t"
    6578. 

  6578.         "ldr	r6, [%[b], #4]\n\t"
    6579. 

  6579.         "sub	r3, r5\n\t"
    6580. 

  6580.         "sbc	r4, r6\n\t"
    6581. 

  6581.         "str	r3, [%[a], #0]\n\t"
    6582. 

  6582.         "str	r4, [%[a], #4]\n\t"
    6583. 

  6583.         "ldr	r3, [%[a], #8]\n\t"
    6584. 

  6584.         "ldr	r4, [%[a], #12]\n\t"
    6585. 

  6585.         "ldr	r5, [%[b], #8]\n\t"
    6586. 

  6586.         "ldr	r6, [%[b], #12]\n\t"
    6587. 

  6587.         "sbc	r3, r5\n\t"
    6588. 

  6588.         "sbc	r4, r6\n\t"
    6589. 

  6589.         "str	r3, [%[a], #8]\n\t"
    6590. 

  6590.         "str	r4, [%[a], #12]\n\t"
    6591. 

  6591.         "ldr	r3, [%[a], #16]\n\t"
    6592. 

  6592.         "ldr	r4, [%[a], #20]\n\t"
    6593. 

  6593.         "ldr	r5, [%[b], #16]\n\t"
    6594. 

  6594.         "ldr	r6, [%[b], #20]\n\t"
    6595. 

  6595.         "sbc	r3, r5\n\t"
    6596. 

  6596.         "sbc	r4, r6\n\t"
    6597. 

  6597.         "str	r3, [%[a], #16]\n\t"
    6598. 

  6598.         "str	r4, [%[a], #20]\n\t"
    6599. 

  6599.         "ldr	r3, [%[a], #24]\n\t"
    6600. 

  6600.         "ldr	r4, [%[a], #28]\n\t"
    6601. 

  6601.         "ldr	r5, [%[b], #24]\n\t"
    6602. 

  6602.         "ldr	r6, [%[b], #28]\n\t"
    6603. 

  6603.         "sbc	r3, r5\n\t"
    6604. 

  6604.         "sbc	r4, r6\n\t"
    6605. 

  6605.         "str	r3, [%[a], #24]\n\t"
    6606. 

  6606.         "str	r4, [%[a], #28]\n\t"
    6607. 

  6607.         "ldr	r3, [%[a], #32]\n\t"
    6608. 

  6608.         "ldr	r4, [%[a], #36]\n\t"
    6609. 

  6609.         "ldr	r5, [%[b], #32]\n\t"
    6610. 

  6610.         "ldr	r6, [%[b], #36]\n\t"
    6611. 

  6611.         "sbc	r3, r5\n\t"
    6612. 

  6612.         "sbc	r4, r6\n\t"
    6613. 

  6613.         "str	r3, [%[a], #32]\n\t"
    6614. 

  6614.         "str	r4, [%[a], #36]\n\t"
    6615. 

  6615.         "ldr	r3, [%[a], #40]\n\t"
    6616. 

  6616.         "ldr	r4, [%[a], #44]\n\t"
    6617. 

  6617.         "ldr	r5, [%[b], #40]\n\t"
    6618. 

  6618.         "ldr	r6, [%[b], #44]\n\t"
    6619. 

  6619.         "sbc	r3, r5\n\t"
    6620. 

  6620.         "sbc	r4, r6\n\t"
    6621. 

  6621.         "str	r3, [%[a], #40]\n\t"
    6622. 

  6622.         "str	r4, [%[a], #44]\n\t"
    6623. 

  6623.         "ldr	r3, [%[a], #48]\n\t"
    6624. 

  6624.         "ldr	r4, [%[a], #52]\n\t"
    6625. 

  6625.         "ldr	r5, [%[b], #48]\n\t"
    6626. 

  6626.         "ldr	r6, [%[b], #52]\n\t"
    6627. 

  6627.         "sbc	r3, r5\n\t"
    6628. 

  6628.         "sbc	r4, r6\n\t"
    6629. 

  6629.         "str	r3, [%[a], #48]\n\t"
    6630. 

  6630.         "str	r4, [%[a], #52]\n\t"
    6631. 

  6631.         "ldr	r3, [%[a], #56]\n\t"
    6632. 

  6632.         "ldr	r4, [%[a], #60]\n\t"
    6633. 

  6633.         "ldr	r5, [%[b], #56]\n\t"
    6634. 

  6634.         "ldr	r6, [%[b], #60]\n\t"
    6635. 

  6635.         "sbc	r3, r5\n\t"
    6636. 

  6636.         "sbc	r4, r6\n\t"
    6637. 

  6637.         "str	r3, [%[a], #56]\n\t"
    6638. 

  6638.         "str	r4, [%[a], #60]\n\t"
    6639. 

  6639.         "ldr	r3, [%[a], #64]\n\t"
    6640. 

  6640.         "ldr	r4, [%[a], #68]\n\t"
    6641. 

  6641.         "ldr	r5, [%[b], #64]\n\t"
    6642. 

  6642.         "ldr	r6, [%[b], #68]\n\t"
    6643. 

  6643.         "sbc	r3, r5\n\t"
    6644. 

  6644.         "sbc	r4, r6\n\t"
    6645. 

  6645.         "str	r3, [%[a], #64]\n\t"
    6646. 

  6646.         "str	r4, [%[a], #68]\n\t"
    6647. 

  6647.         "ldr	r3, [%[a], #72]\n\t"
    6648. 

  6648.         "ldr	r4, [%[a], #76]\n\t"
    6649. 

  6649.         "ldr	r5, [%[b], #72]\n\t"
    6650. 

  6650.         "ldr	r6, [%[b], #76]\n\t"
    6651. 

  6651.         "sbc	r3, r5\n\t"
    6652. 

  6652.         "sbc	r4, r6\n\t"
    6653. 

  6653.         "str	r3, [%[a], #72]\n\t"
    6654. 

  6654.         "str	r4, [%[a], #76]\n\t"
    6655. 

  6655.         "ldr	r3, [%[a], #80]\n\t"
    6656. 

  6656.         "ldr	r4, [%[a], #84]\n\t"
    6657. 

  6657.         "ldr	r5, [%[b], #80]\n\t"
    6658. 

  6658.         "ldr	r6, [%[b], #84]\n\t"
    6659. 

  6659.         "sbc	r3, r5\n\t"
    6660. 

  6660.         "sbc	r4, r6\n\t"
    6661. 

  6661.         "str	r3, [%[a], #80]\n\t"
    6662. 

  6662.         "str	r4, [%[a], #84]\n\t"
    6663. 

  6663.         "ldr	r3, [%[a], #88]\n\t"
    6664. 

  6664.         "ldr	r4, [%[a], #92]\n\t"
    6665. 

  6665.         "ldr	r5, [%[b], #88]\n\t"
    6666. 

  6666.         "ldr	r6, [%[b], #92]\n\t"
    6667. 

  6667.         "sbc	r3, r5\n\t"
    6668. 

  6668.         "sbc	r4, r6\n\t"
    6669. 

  6669.         "str	r3, [%[a], #88]\n\t"
    6670. 

  6670.         "str	r4, [%[a], #92]\n\t"
    6671. 

  6671.         "ldr	r3, [%[a], #96]\n\t"
    6672. 

  6672.         "ldr	r4, [%[a], #100]\n\t"
    6673. 

  6673.         "ldr	r5, [%[b], #96]\n\t"
    6674. 

  6674.         "ldr	r6, [%[b], #100]\n\t"
    6675. 

  6675.         "sbc	r3, r5\n\t"
    6676. 

  6676.         "sbc	r4, r6\n\t"
    6677. 

  6677.         "str	r3, [%[a], #96]\n\t"
    6678. 

  6678.         "str	r4, [%[a], #100]\n\t"
    6679. 

  6679.         "ldr	r3, [%[a], #104]\n\t"
    6680. 

  6680.         "ldr	r4, [%[a], #108]\n\t"
    6681. 

  6681.         "ldr	r5, [%[b], #104]\n\t"
    6682. 

  6682.         "ldr	r6, [%[b], #108]\n\t"
    6683. 

  6683.         "sbc	r3, r5\n\t"
    6684. 

  6684.         "sbc	r4, r6\n\t"
    6685. 

  6685.         "str	r3, [%[a], #104]\n\t"
    6686. 

  6686.         "str	r4, [%[a], #108]\n\t"
    6687. 

  6687.         "ldr	r3, [%[a], #112]\n\t"
    6688. 

  6688.         "ldr	r4, [%[a], #116]\n\t"
    6689. 

  6689.         "ldr	r5, [%[b], #112]\n\t"
    6690. 

  6690.         "ldr	r6, [%[b], #116]\n\t"
    6691. 

  6691.         "sbc	r3, r5\n\t"
    6692. 

  6692.         "sbc	r4, r6\n\t"
    6693. 

  6693.         "str	r3, [%[a], #112]\n\t"
    6694. 

  6694.         "str	r4, [%[a], #116]\n\t"
    6695. 

  6695.         "ldr	r3, [%[a], #120]\n\t"
    6696. 

  6696.         "ldr	r4, [%[a], #124]\n\t"
    6697. 

  6697.         "ldr	r5, [%[b], #120]\n\t"
    6698. 

  6698.         "ldr	r6, [%[b], #124]\n\t"
    6699. 

  6699.         "sbc	r3, r5\n\t"
    6700. 

  6700.         "sbc	r4, r6\n\t"
    6701. 

  6701.         "str	r3, [%[a], #120]\n\t"
    6702. 

  6702.         "str	r4, [%[a], #124]\n\t"
    6703. 

  6703.         "sbc	%[c], %[c]\n\t"
    6704. 

  6704.         "add	%[a], #0x80\n\t"
    6705. 

  6705.         "add	%[b], #0x80\n\t"
    6706. 

  6706.         "mov	r5, #0\n\t"
    6707. 

  6707.         "sub	r5, %[c]\n\t"
    6708. 

  6708.         "ldr	r3, [%[a], #0]\n\t"
    6709. 

  6709.         "ldr	r4, [%[a], #4]\n\t"
    6710. 

  6710.         "ldr	r5, [%[b], #0]\n\t"
    6711. 

  6711.         "ldr	r6, [%[b], #4]\n\t"
    6712. 

  6712.         "sbc	r3, r5\n\t"
    6713. 

  6713.         "sbc	r4, r6\n\t"
    6714. 

  6714.         "str	r3, [%[a], #0]\n\t"
    6715. 

  6715.         "str	r4, [%[a], #4]\n\t"
    6716. 

  6716.         "ldr	r3, [%[a], #8]\n\t"
    6717. 

  6717.         "ldr	r4, [%[a], #12]\n\t"
    6718. 

  6718.         "ldr	r5, [%[b], #8]\n\t"
    6719. 

  6719.         "ldr	r6, [%[b], #12]\n\t"
    6720. 

  6720.         "sbc	r3, r5\n\t"
    6721. 

  6721.         "sbc	r4, r6\n\t"
    6722. 

  6722.         "str	r3, [%[a], #8]\n\t"
    6723. 

  6723.         "str	r4, [%[a], #12]\n\t"
    6724. 

  6724.         "ldr	r3, [%[a], #16]\n\t"
    6725. 

  6725.         "ldr	r4, [%[a], #20]\n\t"
    6726. 

  6726.         "ldr	r5, [%[b], #16]\n\t"
    6727. 

  6727.         "ldr	r6, [%[b], #20]\n\t"
    6728. 

  6728.         "sbc	r3, r5\n\t"
    6729. 

  6729.         "sbc	r4, r6\n\t"
    6730. 

  6730.         "str	r3, [%[a], #16]\n\t"
    6731. 

  6731.         "str	r4, [%[a], #20]\n\t"
    6732. 

  6732.         "ldr	r3, [%[a], #24]\n\t"
    6733. 

  6733.         "ldr	r4, [%[a], #28]\n\t"
    6734. 

  6734.         "ldr	r5, [%[b], #24]\n\t"
    6735. 

  6735.         "ldr	r6, [%[b], #28]\n\t"
    6736. 

  6736.         "sbc	r3, r5\n\t"
    6737. 

  6737.         "sbc	r4, r6\n\t"
    6738. 

  6738.         "str	r3, [%[a], #24]\n\t"
    6739. 

  6739.         "str	r4, [%[a], #28]\n\t"
    6740. 

  6740.         "ldr	r3, [%[a], #32]\n\t"
    6741. 

  6741.         "ldr	r4, [%[a], #36]\n\t"
    6742. 

  6742.         "ldr	r5, [%[b], #32]\n\t"
    6743. 

  6743.         "ldr	r6, [%[b], #36]\n\t"
    6744. 

  6744.         "sbc	r3, r5\n\t"
    6745. 

  6745.         "sbc	r4, r6\n\t"
    6746. 

  6746.         "str	r3, [%[a], #32]\n\t"
    6747. 

  6747.         "str	r4, [%[a], #36]\n\t"
    6748. 

  6748.         "ldr	r3, [%[a], #40]\n\t"
    6749. 

  6749.         "ldr	r4, [%[a], #44]\n\t"
    6750. 

  6750.         "ldr	r5, [%[b], #40]\n\t"
    6751. 

  6751.         "ldr	r6, [%[b], #44]\n\t"
    6752. 

  6752.         "sbc	r3, r5\n\t"
    6753. 

  6753.         "sbc	r4, r6\n\t"
    6754. 

  6754.         "str	r3, [%[a], #40]\n\t"
    6755. 

  6755.         "str	r4, [%[a], #44]\n\t"
    6756. 

  6756.         "ldr	r3, [%[a], #48]\n\t"
    6757. 

  6757.         "ldr	r4, [%[a], #52]\n\t"
    6758. 

  6758.         "ldr	r5, [%[b], #48]\n\t"
    6759. 

  6759.         "ldr	r6, [%[b], #52]\n\t"
    6760. 

  6760.         "sbc	r3, r5\n\t"
    6761. 

  6761.         "sbc	r4, r6\n\t"
    6762. 

  6762.         "str	r3, [%[a], #48]\n\t"
    6763. 

  6763.         "str	r4, [%[a], #52]\n\t"
    6764. 

  6764.         "ldr	r3, [%[a], #56]\n\t"
    6765. 

  6765.         "ldr	r4, [%[a], #60]\n\t"
    6766. 

  6766.         "ldr	r5, [%[b], #56]\n\t"
    6767. 

  6767.         "ldr	r6, [%[b], #60]\n\t"
    6768. 

  6768.         "sbc	r3, r5\n\t"
    6769. 

  6769.         "sbc	r4, r6\n\t"
    6770. 

  6770.         "str	r3, [%[a], #56]\n\t"
    6771. 

  6771.         "str	r4, [%[a], #60]\n\t"
    6772. 

  6772.         "ldr	r3, [%[a], #64]\n\t"
    6773. 

  6773.         "ldr	r4, [%[a], #68]\n\t"
    6774. 

  6774.         "ldr	r5, [%[b], #64]\n\t"
    6775. 

  6775.         "ldr	r6, [%[b], #68]\n\t"
    6776. 

  6776.         "sbc	r3, r5\n\t"
    6777. 

  6777.         "sbc	r4, r6\n\t"
    6778. 

  6778.         "str	r3, [%[a], #64]\n\t"
    6779. 

  6779.         "str	r4, [%[a], #68]\n\t"
    6780. 

  6780.         "ldr	r3, [%[a], #72]\n\t"
    6781. 

  6781.         "ldr	r4, [%[a], #76]\n\t"
    6782. 

  6782.         "ldr	r5, [%[b], #72]\n\t"
    6783. 

  6783.         "ldr	r6, [%[b], #76]\n\t"
    6784. 

  6784.         "sbc	r3, r5\n\t"
    6785. 

  6785.         "sbc	r4, r6\n\t"
    6786. 

  6786.         "str	r3, [%[a], #72]\n\t"
    6787. 

  6787.         "str	r4, [%[a], #76]\n\t"
    6788. 

  6788.         "ldr	r3, [%[a], #80]\n\t"
    6789. 

  6789.         "ldr	r4, [%[a], #84]\n\t"
    6790. 

  6790.         "ldr	r5, [%[b], #80]\n\t"
    6791. 

  6791.         "ldr	r6, [%[b], #84]\n\t"
    6792. 

  6792.         "sbc	r3, r5\n\t"
    6793. 

  6793.         "sbc	r4, r6\n\t"
    6794. 

  6794.         "str	r3, [%[a], #80]\n\t"
    6795. 

  6795.         "str	r4, [%[a], #84]\n\t"
    6796. 

  6796.         "ldr	r3, [%[a], #88]\n\t"
    6797. 

  6797.         "ldr	r4, [%[a], #92]\n\t"
    6798. 

  6798.         "ldr	r5, [%[b], #88]\n\t"
    6799. 

  6799.         "ldr	r6, [%[b], #92]\n\t"
    6800. 

  6800.         "sbc	r3, r5\n\t"
    6801. 

  6801.         "sbc	r4, r6\n\t"
    6802. 

  6802.         "str	r3, [%[a], #88]\n\t"
    6803. 

  6803.         "str	r4, [%[a], #92]\n\t"
    6804. 

  6804.         "ldr	r3, [%[a], #96]\n\t"
    6805. 

  6805.         "ldr	r4, [%[a], #100]\n\t"
    6806. 

  6806.         "ldr	r5, [%[b], #96]\n\t"
    6807. 

  6807.         "ldr	r6, [%[b], #100]\n\t"
    6808. 

  6808.         "sbc	r3, r5\n\t"
    6809. 

  6809.         "sbc	r4, r6\n\t"
    6810. 

  6810.         "str	r3, [%[a], #96]\n\t"
    6811. 

  6811.         "str	r4, [%[a], #100]\n\t"
    6812. 

  6812.         "ldr	r3, [%[a], #104]\n\t"
    6813. 

  6813.         "ldr	r4, [%[a], #108]\n\t"
    6814. 

  6814.         "ldr	r5, [%[b], #104]\n\t"
    6815. 

  6815.         "ldr	r6, [%[b], #108]\n\t"
    6816. 

  6816.         "sbc	r3, r5\n\t"
    6817. 

  6817.         "sbc	r4, r6\n\t"
    6818. 

  6818.         "str	r3, [%[a], #104]\n\t"
    6819. 

  6819.         "str	r4, [%[a], #108]\n\t"
    6820. 

  6820.         "ldr	r3, [%[a], #112]\n\t"
    6821. 

  6821.         "ldr	r4, [%[a], #116]\n\t"
    6822. 

  6822.         "ldr	r5, [%[b], #112]\n\t"
    6823. 

  6823.         "ldr	r6, [%[b], #116]\n\t"
    6824. 

  6824.         "sbc	r3, r5\n\t"
    6825. 

  6825.         "sbc	r4, r6\n\t"
    6826. 

  6826.         "str	r3, [%[a], #112]\n\t"
    6827. 

  6827.         "str	r4, [%[a], #116]\n\t"
    6828. 

  6828.         "ldr	r3, [%[a], #120]\n\t"
    6829. 

  6829.         "ldr	r4, [%[a], #124]\n\t"
    6830. 

  6830.         "ldr	r5, [%[b], #120]\n\t"
    6831. 

  6831.         "ldr	r6, [%[b], #124]\n\t"
    6832. 

  6832.         "sbc	r3, r5\n\t"
    6833. 

  6833.         "sbc	r4, r6\n\t"
    6834. 

  6834.         "str	r3, [%[a], #120]\n\t"
    6835. 

  6835.         "str	r4, [%[a], #124]\n\t"
    6836. 

  6836.         "sbc	%[c], %[c]\n\t"
    6837. 

  6837.         "add	%[a], #0x80\n\t"
    6838. 

  6838.         "add	%[b], #0x80\n\t"
    6839. 

  6839.         "mov	r5, #0\n\t"
    6840. 

  6840.         "sub	r5, %[c]\n\t"
    6841. 

  6841.         "ldr	r3, [%[a], #0]\n\t"
    6842. 

  6842.         "ldr	r4, [%[a], #4]\n\t"
    6843. 

  6843.         "ldr	r5, [%[b], #0]\n\t"
    6844. 

  6844.         "ldr	r6, [%[b], #4]\n\t"
    6845. 

  6845.         "sbc	r3, r5\n\t"
    6846. 

  6846.         "sbc	r4, r6\n\t"
    6847. 

  6847.         "str	r3, [%[a], #0]\n\t"
    6848. 

  6848.         "str	r4, [%[a], #4]\n\t"
    6849. 

  6849.         "ldr	r3, [%[a], #8]\n\t"
    6850. 

  6850.         "ldr	r4, [%[a], #12]\n\t"
    6851. 

  6851.         "ldr	r5, [%[b], #8]\n\t"
    6852. 

  6852.         "ldr	r6, [%[b], #12]\n\t"
    6853. 

  6853.         "sbc	r3, r5\n\t"
    6854. 

  6854.         "sbc	r4, r6\n\t"
    6855. 

  6855.         "str	r3, [%[a], #8]\n\t"
    6856. 

  6856.         "str	r4, [%[a], #12]\n\t"
    6857. 

  6857.         "ldr	r3, [%[a], #16]\n\t"
    6858. 

  6858.         "ldr	r4, [%[a], #20]\n\t"
    6859. 

  6859.         "ldr	r5, [%[b], #16]\n\t"
    6860. 

  6860.         "ldr	r6, [%[b], #20]\n\t"
    6861. 

  6861.         "sbc	r3, r5\n\t"
    6862. 

  6862.         "sbc	r4, r6\n\t"
    6863. 

  6863.         "str	r3, [%[a], #16]\n\t"
    6864. 

  6864.         "str	r4, [%[a], #20]\n\t"
    6865. 

  6865.         "ldr	r3, [%[a], #24]\n\t"
    6866. 

  6866.         "ldr	r4, [%[a], #28]\n\t"
    6867. 

  6867.         "ldr	r5, [%[b], #24]\n\t"
    6868. 

  6868.         "ldr	r6, [%[b], #28]\n\t"
    6869. 

  6869.         "sbc	r3, r5\n\t"
    6870. 

  6870.         "sbc	r4, r6\n\t"
    6871. 

  6871.         "str	r3, [%[a], #24]\n\t"
    6872. 

  6872.         "str	r4, [%[a], #28]\n\t"
    6873. 

  6873.         "ldr	r3, [%[a], #32]\n\t"
    6874. 

  6874.         "ldr	r4, [%[a], #36]\n\t"
    6875. 

  6875.         "ldr	r5, [%[b], #32]\n\t"
    6876. 

  6876.         "ldr	r6, [%[b], #36]\n\t"
    6877. 

  6877.         "sbc	r3, r5\n\t"
    6878. 

  6878.         "sbc	r4, r6\n\t"
    6879. 

  6879.         "str	r3, [%[a], #32]\n\t"
    6880. 

  6880.         "str	r4, [%[a], #36]\n\t"
    6881. 

  6881.         "ldr	r3, [%[a], #40]\n\t"
    6882. 

  6882.         "ldr	r4, [%[a], #44]\n\t"
    6883. 

  6883.         "ldr	r5, [%[b], #40]\n\t"
    6884. 

  6884.         "ldr	r6, [%[b], #44]\n\t"
    6885. 

  6885.         "sbc	r3, r5\n\t"
    6886. 

  6886.         "sbc	r4, r6\n\t"
    6887. 

  6887.         "str	r3, [%[a], #40]\n\t"
    6888. 

  6888.         "str	r4, [%[a], #44]\n\t"
    6889. 

  6889.         "ldr	r3, [%[a], #48]\n\t"
    6890. 

  6890.         "ldr	r4, [%[a], #52]\n\t"
    6891. 

  6891.         "ldr	r5, [%[b], #48]\n\t"
    6892. 

  6892.         "ldr	r6, [%[b], #52]\n\t"
    6893. 

  6893.         "sbc	r3, r5\n\t"
    6894. 

  6894.         "sbc	r4, r6\n\t"
    6895. 

  6895.         "str	r3, [%[a], #48]\n\t"
    6896. 

  6896.         "str	r4, [%[a], #52]\n\t"
    6897. 

  6897.         "ldr	r3, [%[a], #56]\n\t"
    6898. 

  6898.         "ldr	r4, [%[a], #60]\n\t"
    6899. 

  6899.         "ldr	r5, [%[b], #56]\n\t"
    6900. 

  6900.         "ldr	r6, [%[b], #60]\n\t"
    6901. 

  6901.         "sbc	r3, r5\n\t"
    6902. 

  6902.         "sbc	r4, r6\n\t"
    6903. 

  6903.         "str	r3, [%[a], #56]\n\t"
    6904. 

  6904.         "str	r4, [%[a], #60]\n\t"
    6905. 

  6905.         "ldr	r3, [%[a], #64]\n\t"
    6906. 

  6906.         "ldr	r4, [%[a], #68]\n\t"
    6907. 

  6907.         "ldr	r5, [%[b], #64]\n\t"
    6908. 

  6908.         "ldr	r6, [%[b], #68]\n\t"
    6909. 

  6909.         "sbc	r3, r5\n\t"
    6910. 

  6910.         "sbc	r4, r6\n\t"
    6911. 

  6911.         "str	r3, [%[a], #64]\n\t"
    6912. 

  6912.         "str	r4, [%[a], #68]\n\t"
    6913. 

  6913.         "ldr	r3, [%[a], #72]\n\t"
    6914. 

  6914.         "ldr	r4, [%[a], #76]\n\t"
    6915. 

  6915.         "ldr	r5, [%[b], #72]\n\t"
    6916. 

  6916.         "ldr	r6, [%[b], #76]\n\t"
    6917. 

  6917.         "sbc	r3, r5\n\t"
    6918. 

  6918.         "sbc	r4, r6\n\t"
    6919. 

  6919.         "str	r3, [%[a], #72]\n\t"
    6920. 

  6920.         "str	r4, [%[a], #76]\n\t"
    6921. 

  6921.         "ldr	r3, [%[a], #80]\n\t"
    6922. 

  6922.         "ldr	r4, [%[a], #84]\n\t"
    6923. 

  6923.         "ldr	r5, [%[b], #80]\n\t"
    6924. 

  6924.         "ldr	r6, [%[b], #84]\n\t"
    6925. 

  6925.         "sbc	r3, r5\n\t"
    6926. 

  6926.         "sbc	r4, r6\n\t"
    6927. 

  6927.         "str	r3, [%[a], #80]\n\t"
    6928. 

  6928.         "str	r4, [%[a], #84]\n\t"
    6929. 

  6929.         "ldr	r3, [%[a], #88]\n\t"
    6930. 

  6930.         "ldr	r4, [%[a], #92]\n\t"
    6931. 

  6931.         "ldr	r5, [%[b], #88]\n\t"
    6932. 

  6932.         "ldr	r6, [%[b], #92]\n\t"
    6933. 

  6933.         "sbc	r3, r5\n\t"
    6934. 

  6934.         "sbc	r4, r6\n\t"
    6935. 

  6935.         "str	r3, [%[a], #88]\n\t"
    6936. 

  6936.         "str	r4, [%[a], #92]\n\t"
    6937. 

  6937.         "ldr	r3, [%[a], #96]\n\t"
    6938. 

  6938.         "ldr	r4, [%[a], #100]\n\t"
    6939. 

  6939.         "ldr	r5, [%[b], #96]\n\t"
    6940. 

  6940.         "ldr	r6, [%[b], #100]\n\t"
    6941. 

  6941.         "sbc	r3, r5\n\t"
    6942. 

  6942.         "sbc	r4, r6\n\t"
    6943. 

  6943.         "str	r3, [%[a], #96]\n\t"
    6944. 

  6944.         "str	r4, [%[a], #100]\n\t"
    6945. 

  6945.         "ldr	r3, [%[a], #104]\n\t"
    6946. 

  6946.         "ldr	r4, [%[a], #108]\n\t"
    6947. 

  6947.         "ldr	r5, [%[b], #104]\n\t"
    6948. 

  6948.         "ldr	r6, [%[b], #108]\n\t"
    6949. 

  6949.         "sbc	r3, r5\n\t"
    6950. 

  6950.         "sbc	r4, r6\n\t"
    6951. 

  6951.         "str	r3, [%[a], #104]\n\t"
    6952. 

  6952.         "str	r4, [%[a], #108]\n\t"
    6953. 

  6953.         "ldr	r3, [%[a], #112]\n\t"
    6954. 

  6954.         "ldr	r4, [%[a], #116]\n\t"
    6955. 

  6955.         "ldr	r5, [%[b], #112]\n\t"
    6956. 

  6956.         "ldr	r6, [%[b], #116]\n\t"
    6957. 

  6957.         "sbc	r3, r5\n\t"
    6958. 

  6958.         "sbc	r4, r6\n\t"
    6959. 

  6959.         "str	r3, [%[a], #112]\n\t"
    6960. 

  6960.         "str	r4, [%[a], #116]\n\t"
    6961. 

  6961.         "ldr	r3, [%[a], #120]\n\t"
    6962. 

  6962.         "ldr	r4, [%[a], #124]\n\t"
    6963. 

  6963.         "ldr	r5, [%[b], #120]\n\t"
    6964. 

  6964.         "ldr	r6, [%[b], #124]\n\t"
    6965. 

  6965.         "sbc	r3, r5\n\t"
    6966. 

  6966.         "sbc	r4, r6\n\t"
    6967. 

  6967.         "str	r3, [%[a], #120]\n\t"
    6968. 

  6968.         "str	r4, [%[a], #124]\n\t"
    6969. 

  6969.         "sbc	%[c], %[c]\n\t"
    6970. 

  6970.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    6971. 

  6971.         :
    6972. 

  6972.         : "memory", "r3", "r4", "r5", "r6"
    6973. 

  6973.     );
    6974. 

  6974. 

  6975.     return c;
    6976. 

  6976. }
    6977. 

  6977. 

  6978. /* Add b to a into r. (r = a + b)
    6979. 

  6979.  *
    6980. 

  6980.  * r  A single precision integer.
    6981. 

  6981.  * a  A single precision integer.
    6982. 

  6982.  * b  A single precision integer.
    6983. 

  6983.  */
    6984. 

  6984. SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
    6985. 

  6985.         const sp_digit* b)
    6986. 

  6986. {
    6987. 

  6987.     sp_digit c = 0;
    6988. 

  6988. 

  6989.     __asm__ __volatile__ (
    6990. 

  6990.         "mov	r7, #0\n\t"
    6991. 

  6991.         "mvn	r7, r7\n\t"
    6992. 

  6992.         "ldr	r4, [%[a], #0]\n\t"
    6993. 

  6993.         "ldr	r5, [%[b], #0]\n\t"
    6994. 

  6994.         "add	r4, r5\n\t"
    6995. 

  6995.         "str	r4, [%[r], #0]\n\t"
    6996. 

  6996.         "ldr	r4, [%[a], #4]\n\t"
    6997. 

  6997.         "ldr	r5, [%[b], #4]\n\t"
    6998. 

  6998.         "adc	r4, r5\n\t"
    6999. 

  6999.         "str	r4, [%[r], #4]\n\t"
    7000. 

  7000.         "ldr	r4, [%[a], #8]\n\t"
    7001. 

  7001.         "ldr	r5, [%[b], #8]\n\t"
    7002. 

  7002.         "adc	r4, r5\n\t"
    7003. 

  7003.         "str	r4, [%[r], #8]\n\t"
    7004. 

  7004.         "ldr	r4, [%[a], #12]\n\t"
    7005. 

  7005.         "ldr	r5, [%[b], #12]\n\t"
    7006. 

  7006.         "adc	r4, r5\n\t"
    7007. 

  7007.         "str	r4, [%[r], #12]\n\t"
    7008. 

  7008.         "ldr	r4, [%[a], #16]\n\t"
    7009. 

  7009.         "ldr	r5, [%[b], #16]\n\t"
    7010. 

  7010.         "adc	r4, r5\n\t"
    7011. 

  7011.         "str	r4, [%[r], #16]\n\t"
    7012. 

  7012.         "ldr	r4, [%[a], #20]\n\t"
    7013. 

  7013.         "ldr	r5, [%[b], #20]\n\t"
    7014. 

  7014.         "adc	r4, r5\n\t"
    7015. 

  7015.         "str	r4, [%[r], #20]\n\t"
    7016. 

  7016.         "ldr	r4, [%[a], #24]\n\t"
    7017. 

  7017.         "ldr	r5, [%[b], #24]\n\t"
    7018. 

  7018.         "adc	r4, r5\n\t"
    7019. 

  7019.         "str	r4, [%[r], #24]\n\t"
    7020. 

  7020.         "ldr	r4, [%[a], #28]\n\t"
    7021. 

  7021.         "ldr	r5, [%[b], #28]\n\t"
    7022. 

  7022.         "adc	r4, r5\n\t"
    7023. 

  7023.         "str	r4, [%[r], #28]\n\t"
    7024. 

  7024.         "ldr	r4, [%[a], #32]\n\t"
    7025. 

  7025.         "ldr	r5, [%[b], #32]\n\t"
    7026. 

  7026.         "adc	r4, r5\n\t"
    7027. 

  7027.         "str	r4, [%[r], #32]\n\t"
    7028. 

  7028.         "ldr	r4, [%[a], #36]\n\t"
    7029. 

  7029.         "ldr	r5, [%[b], #36]\n\t"
    7030. 

  7030.         "adc	r4, r5\n\t"
    7031. 

  7031.         "str	r4, [%[r], #36]\n\t"
    7032. 

  7032.         "ldr	r4, [%[a], #40]\n\t"
    7033. 

  7033.         "ldr	r5, [%[b], #40]\n\t"
    7034. 

  7034.         "adc	r4, r5\n\t"
    7035. 

  7035.         "str	r4, [%[r], #40]\n\t"
    7036. 

  7036.         "ldr	r4, [%[a], #44]\n\t"
    7037. 

  7037.         "ldr	r5, [%[b], #44]\n\t"
    7038. 

  7038.         "adc	r4, r5\n\t"
    7039. 

  7039.         "str	r4, [%[r], #44]\n\t"
    7040. 

  7040.         "ldr	r4, [%[a], #48]\n\t"
    7041. 

  7041.         "ldr	r5, [%[b], #48]\n\t"
    7042. 

  7042.         "adc	r4, r5\n\t"
    7043. 

  7043.         "str	r4, [%[r], #48]\n\t"
    7044. 

  7044.         "ldr	r4, [%[a], #52]\n\t"
    7045. 

  7045.         "ldr	r5, [%[b], #52]\n\t"
    7046. 

  7046.         "adc	r4, r5\n\t"
    7047. 

  7047.         "str	r4, [%[r], #52]\n\t"
    7048. 

  7048.         "ldr	r4, [%[a], #56]\n\t"
    7049. 

  7049.         "ldr	r5, [%[b], #56]\n\t"
    7050. 

  7050.         "adc	r4, r5\n\t"
    7051. 

  7051.         "str	r4, [%[r], #56]\n\t"
    7052. 

  7052.         "ldr	r4, [%[a], #60]\n\t"
    7053. 

  7053.         "ldr	r5, [%[b], #60]\n\t"
    7054. 

  7054.         "adc	r4, r5\n\t"
    7055. 

  7055.         "str	r4, [%[r], #60]\n\t"
    7056. 

  7056.         "ldr	r4, [%[a], #64]\n\t"
    7057. 

  7057.         "ldr	r5, [%[b], #64]\n\t"
    7058. 

  7058.         "adc	r4, r5\n\t"
    7059. 

  7059.         "str	r4, [%[r], #64]\n\t"
    7060. 

  7060.         "ldr	r4, [%[a], #68]\n\t"
    7061. 

  7061.         "ldr	r5, [%[b], #68]\n\t"
    7062. 

  7062.         "adc	r4, r5\n\t"
    7063. 

  7063.         "str	r4, [%[r], #68]\n\t"
    7064. 

  7064.         "ldr	r4, [%[a], #72]\n\t"
    7065. 

  7065.         "ldr	r5, [%[b], #72]\n\t"
    7066. 

  7066.         "adc	r4, r5\n\t"
    7067. 

  7067.         "str	r4, [%[r], #72]\n\t"
    7068. 

  7068.         "ldr	r4, [%[a], #76]\n\t"
    7069. 

  7069.         "ldr	r5, [%[b], #76]\n\t"
    7070. 

  7070.         "adc	r4, r5\n\t"
    7071. 

  7071.         "str	r4, [%[r], #76]\n\t"
    7072. 

  7072.         "ldr	r4, [%[a], #80]\n\t"
    7073. 

  7073.         "ldr	r5, [%[b], #80]\n\t"
    7074. 

  7074.         "adc	r4, r5\n\t"
    7075. 

  7075.         "str	r4, [%[r], #80]\n\t"
    7076. 

  7076.         "ldr	r4, [%[a], #84]\n\t"
    7077. 

  7077.         "ldr	r5, [%[b], #84]\n\t"
    7078. 

  7078.         "adc	r4, r5\n\t"
    7079. 

  7079.         "str	r4, [%[r], #84]\n\t"
    7080. 

  7080.         "ldr	r4, [%[a], #88]\n\t"
    7081. 

  7081.         "ldr	r5, [%[b], #88]\n\t"
    7082. 

  7082.         "adc	r4, r5\n\t"
    7083. 

  7083.         "str	r4, [%[r], #88]\n\t"
    7084. 

  7084.         "ldr	r4, [%[a], #92]\n\t"
    7085. 

  7085.         "ldr	r5, [%[b], #92]\n\t"
    7086. 

  7086.         "adc	r4, r5\n\t"
    7087. 

  7087.         "str	r4, [%[r], #92]\n\t"
    7088. 

  7088.         "ldr	r4, [%[a], #96]\n\t"
    7089. 

  7089.         "ldr	r5, [%[b], #96]\n\t"
    7090. 

  7090.         "adc	r4, r5\n\t"
    7091. 

  7091.         "str	r4, [%[r], #96]\n\t"
    7092. 

  7092.         "ldr	r4, [%[a], #100]\n\t"
    7093. 

  7093.         "ldr	r5, [%[b], #100]\n\t"
    7094. 

  7094.         "adc	r4, r5\n\t"
    7095. 

  7095.         "str	r4, [%[r], #100]\n\t"
    7096. 

  7096.         "ldr	r4, [%[a], #104]\n\t"
    7097. 

  7097.         "ldr	r5, [%[b], #104]\n\t"
    7098. 

  7098.         "adc	r4, r5\n\t"
    7099. 

  7099.         "str	r4, [%[r], #104]\n\t"
    7100. 

  7100.         "ldr	r4, [%[a], #108]\n\t"
    7101. 

  7101.         "ldr	r5, [%[b], #108]\n\t"
    7102. 

  7102.         "adc	r4, r5\n\t"
    7103. 

  7103.         "str	r4, [%[r], #108]\n\t"
    7104. 

  7104.         "ldr	r4, [%[a], #112]\n\t"
    7105. 

  7105.         "ldr	r5, [%[b], #112]\n\t"
    7106. 

  7106.         "adc	r4, r5\n\t"
    7107. 

  7107.         "str	r4, [%[r], #112]\n\t"
    7108. 

  7108.         "ldr	r4, [%[a], #116]\n\t"
    7109. 

  7109.         "ldr	r5, [%[b], #116]\n\t"
    7110. 

  7110.         "adc	r4, r5\n\t"
    7111. 

  7111.         "str	r4, [%[r], #116]\n\t"
    7112. 

  7112.         "ldr	r4, [%[a], #120]\n\t"
    7113. 

  7113.         "ldr	r5, [%[b], #120]\n\t"
    7114. 

  7114.         "adc	r4, r5\n\t"
    7115. 

  7115.         "str	r4, [%[r], #120]\n\t"
    7116. 

  7116.         "ldr	r4, [%[a], #124]\n\t"
    7117. 

  7117.         "ldr	r5, [%[b], #124]\n\t"
    7118. 

  7118.         "adc	r4, r5\n\t"
    7119. 

  7119.         "str	r4, [%[r], #124]\n\t"
    7120. 

  7120.         "mov	%[c], #0\n\t"
    7121. 

  7121.         "adc	%[c], %[c]\n\t"
    7122. 

  7122.         "add	%[a], #0x80\n\t"
    7123. 

  7123.         "add	%[b], #0x80\n\t"
    7124. 

  7124.         "add	%[r], #0x80\n\t"
    7125. 

  7125.         "add	%[c], r7\n\t"
    7126. 

  7126.         "ldr	r4, [%[a], #0]\n\t"
    7127. 

  7127.         "ldr	r5, [%[b], #0]\n\t"
    7128. 

  7128.         "adc	r4, r5\n\t"
    7129. 

  7129.         "str	r4, [%[r], #0]\n\t"
    7130. 

  7130.         "ldr	r4, [%[a], #4]\n\t"
    7131. 

  7131.         "ldr	r5, [%[b], #4]\n\t"
    7132. 

  7132.         "adc	r4, r5\n\t"
    7133. 

  7133.         "str	r4, [%[r], #4]\n\t"
    7134. 

  7134.         "ldr	r4, [%[a], #8]\n\t"
    7135. 

  7135.         "ldr	r5, [%[b], #8]\n\t"
    7136. 

  7136.         "adc	r4, r5\n\t"
    7137. 

  7137.         "str	r4, [%[r], #8]\n\t"
    7138. 

  7138.         "ldr	r4, [%[a], #12]\n\t"
    7139. 

  7139.         "ldr	r5, [%[b], #12]\n\t"
    7140. 

  7140.         "adc	r4, r5\n\t"
    7141. 

  7141.         "str	r4, [%[r], #12]\n\t"
    7142. 

  7142.         "ldr	r4, [%[a], #16]\n\t"
    7143. 

  7143.         "ldr	r5, [%[b], #16]\n\t"
    7144. 

  7144.         "adc	r4, r5\n\t"
    7145. 

  7145.         "str	r4, [%[r], #16]\n\t"
    7146. 

  7146.         "ldr	r4, [%[a], #20]\n\t"
    7147. 

  7147.         "ldr	r5, [%[b], #20]\n\t"
    7148. 

  7148.         "adc	r4, r5\n\t"
    7149. 

  7149.         "str	r4, [%[r], #20]\n\t"
    7150. 

  7150.         "ldr	r4, [%[a], #24]\n\t"
    7151. 

  7151.         "ldr	r5, [%[b], #24]\n\t"
    7152. 

  7152.         "adc	r4, r5\n\t"
    7153. 

  7153.         "str	r4, [%[r], #24]\n\t"
    7154. 

  7154.         "ldr	r4, [%[a], #28]\n\t"
    7155. 

  7155.         "ldr	r5, [%[b], #28]\n\t"
    7156. 

  7156.         "adc	r4, r5\n\t"
    7157. 

  7157.         "str	r4, [%[r], #28]\n\t"
    7158. 

  7158.         "ldr	r4, [%[a], #32]\n\t"
    7159. 

  7159.         "ldr	r5, [%[b], #32]\n\t"
    7160. 

  7160.         "adc	r4, r5\n\t"
    7161. 

  7161.         "str	r4, [%[r], #32]\n\t"
    7162. 

  7162.         "ldr	r4, [%[a], #36]\n\t"
    7163. 

  7163.         "ldr	r5, [%[b], #36]\n\t"
    7164. 

  7164.         "adc	r4, r5\n\t"
    7165. 

  7165.         "str	r4, [%[r], #36]\n\t"
    7166. 

  7166.         "ldr	r4, [%[a], #40]\n\t"
    7167. 

  7167.         "ldr	r5, [%[b], #40]\n\t"
    7168. 

  7168.         "adc	r4, r5\n\t"
    7169. 

  7169.         "str	r4, [%[r], #40]\n\t"
    7170. 

  7170.         "ldr	r4, [%[a], #44]\n\t"
    7171. 

  7171.         "ldr	r5, [%[b], #44]\n\t"
    7172. 

  7172.         "adc	r4, r5\n\t"
    7173. 

  7173.         "str	r4, [%[r], #44]\n\t"
    7174. 

  7174.         "ldr	r4, [%[a], #48]\n\t"
    7175. 

  7175.         "ldr	r5, [%[b], #48]\n\t"
    7176. 

  7176.         "adc	r4, r5\n\t"
    7177. 

  7177.         "str	r4, [%[r], #48]\n\t"
    7178. 

  7178.         "ldr	r4, [%[a], #52]\n\t"
    7179. 

  7179.         "ldr	r5, [%[b], #52]\n\t"
    7180. 

  7180.         "adc	r4, r5\n\t"
    7181. 

  7181.         "str	r4, [%[r], #52]\n\t"
    7182. 

  7182.         "ldr	r4, [%[a], #56]\n\t"
    7183. 

  7183.         "ldr	r5, [%[b], #56]\n\t"
    7184. 

  7184.         "adc	r4, r5\n\t"
    7185. 

  7185.         "str	r4, [%[r], #56]\n\t"
    7186. 

  7186.         "ldr	r4, [%[a], #60]\n\t"
    7187. 

  7187.         "ldr	r5, [%[b], #60]\n\t"
    7188. 

  7188.         "adc	r4, r5\n\t"
    7189. 

  7189.         "str	r4, [%[r], #60]\n\t"
    7190. 

  7190.         "ldr	r4, [%[a], #64]\n\t"
    7191. 

  7191.         "ldr	r5, [%[b], #64]\n\t"
    7192. 

  7192.         "adc	r4, r5\n\t"
    7193. 

  7193.         "str	r4, [%[r], #64]\n\t"
    7194. 

  7194.         "ldr	r4, [%[a], #68]\n\t"
    7195. 

  7195.         "ldr	r5, [%[b], #68]\n\t"
    7196. 

  7196.         "adc	r4, r5\n\t"
    7197. 

  7197.         "str	r4, [%[r], #68]\n\t"
    7198. 

  7198.         "ldr	r4, [%[a], #72]\n\t"
    7199. 

  7199.         "ldr	r5, [%[b], #72]\n\t"
    7200. 

  7200.         "adc	r4, r5\n\t"
    7201. 

  7201.         "str	r4, [%[r], #72]\n\t"
    7202. 

  7202.         "ldr	r4, [%[a], #76]\n\t"
    7203. 

  7203.         "ldr	r5, [%[b], #76]\n\t"
    7204. 

  7204.         "adc	r4, r5\n\t"
    7205. 

  7205.         "str	r4, [%[r], #76]\n\t"
    7206. 

  7206.         "ldr	r4, [%[a], #80]\n\t"
    7207. 

  7207.         "ldr	r5, [%[b], #80]\n\t"
    7208. 

  7208.         "adc	r4, r5\n\t"
    7209. 

  7209.         "str	r4, [%[r], #80]\n\t"
    7210. 

  7210.         "ldr	r4, [%[a], #84]\n\t"
    7211. 

  7211.         "ldr	r5, [%[b], #84]\n\t"
    7212. 

  7212.         "adc	r4, r5\n\t"
    7213. 

  7213.         "str	r4, [%[r], #84]\n\t"
    7214. 

  7214.         "ldr	r4, [%[a], #88]\n\t"
    7215. 

  7215.         "ldr	r5, [%[b], #88]\n\t"
    7216. 

  7216.         "adc	r4, r5\n\t"
    7217. 

  7217.         "str	r4, [%[r], #88]\n\t"
    7218. 

  7218.         "ldr	r4, [%[a], #92]\n\t"
    7219. 

  7219.         "ldr	r5, [%[b], #92]\n\t"
    7220. 

  7220.         "adc	r4, r5\n\t"
    7221. 

  7221.         "str	r4, [%[r], #92]\n\t"
    7222. 

  7222.         "ldr	r4, [%[a], #96]\n\t"
    7223. 

  7223.         "ldr	r5, [%[b], #96]\n\t"
    7224. 

  7224.         "adc	r4, r5\n\t"
    7225. 

  7225.         "str	r4, [%[r], #96]\n\t"
    7226. 

  7226.         "ldr	r4, [%[a], #100]\n\t"
    7227. 

  7227.         "ldr	r5, [%[b], #100]\n\t"
    7228. 

  7228.         "adc	r4, r5\n\t"
    7229. 

  7229.         "str	r4, [%[r], #100]\n\t"
    7230. 

  7230.         "ldr	r4, [%[a], #104]\n\t"
    7231. 

  7231.         "ldr	r5, [%[b], #104]\n\t"
    7232. 

  7232.         "adc	r4, r5\n\t"
    7233. 

  7233.         "str	r4, [%[r], #104]\n\t"
    7234. 

  7234.         "ldr	r4, [%[a], #108]\n\t"
    7235. 

  7235.         "ldr	r5, [%[b], #108]\n\t"
    7236. 

  7236.         "adc	r4, r5\n\t"
    7237. 

  7237.         "str	r4, [%[r], #108]\n\t"
    7238. 

  7238.         "ldr	r4, [%[a], #112]\n\t"
    7239. 

  7239.         "ldr	r5, [%[b], #112]\n\t"
    7240. 

  7240.         "adc	r4, r5\n\t"
    7241. 

  7241.         "str	r4, [%[r], #112]\n\t"
    7242. 

  7242.         "ldr	r4, [%[a], #116]\n\t"
    7243. 

  7243.         "ldr	r5, [%[b], #116]\n\t"
    7244. 

  7244.         "adc	r4, r5\n\t"
    7245. 

  7245.         "str	r4, [%[r], #116]\n\t"
    7246. 

  7246.         "ldr	r4, [%[a], #120]\n\t"
    7247. 

  7247.         "ldr	r5, [%[b], #120]\n\t"
    7248. 

  7248.         "adc	r4, r5\n\t"
    7249. 

  7249.         "str	r4, [%[r], #120]\n\t"
    7250. 

  7250.         "ldr	r4, [%[a], #124]\n\t"
    7251. 

  7251.         "ldr	r5, [%[b], #124]\n\t"
    7252. 

  7252.         "adc	r4, r5\n\t"
    7253. 

  7253.         "str	r4, [%[r], #124]\n\t"
    7254. 

  7254.         "mov	%[c], #0\n\t"
    7255. 

  7255.         "adc	%[c], %[c]\n\t"
    7256. 

  7256.         "add	%[a], #0x80\n\t"
    7257. 

  7257.         "add	%[b], #0x80\n\t"
    7258. 

  7258.         "add	%[r], #0x80\n\t"
    7259. 

  7259.         "add	%[c], r7\n\t"
    7260. 

  7260.         "ldr	r4, [%[a], #0]\n\t"
    7261. 

  7261.         "ldr	r5, [%[b], #0]\n\t"
    7262. 

  7262.         "adc	r4, r5\n\t"
    7263. 

  7263.         "str	r4, [%[r], #0]\n\t"
    7264. 

  7264.         "ldr	r4, [%[a], #4]\n\t"
    7265. 

  7265.         "ldr	r5, [%[b], #4]\n\t"
    7266. 

  7266.         "adc	r4, r5\n\t"
    7267. 

  7267.         "str	r4, [%[r], #4]\n\t"
    7268. 

  7268.         "ldr	r4, [%[a], #8]\n\t"
    7269. 

  7269.         "ldr	r5, [%[b], #8]\n\t"
    7270. 

  7270.         "adc	r4, r5\n\t"
    7271. 

  7271.         "str	r4, [%[r], #8]\n\t"
    7272. 

  7272.         "ldr	r4, [%[a], #12]\n\t"
    7273. 

  7273.         "ldr	r5, [%[b], #12]\n\t"
    7274. 

  7274.         "adc	r4, r5\n\t"
    7275. 

  7275.         "str	r4, [%[r], #12]\n\t"
    7276. 

  7276.         "ldr	r4, [%[a], #16]\n\t"
    7277. 

  7277.         "ldr	r5, [%[b], #16]\n\t"
    7278. 

  7278.         "adc	r4, r5\n\t"
    7279. 

  7279.         "str	r4, [%[r], #16]\n\t"
    7280. 

  7280.         "ldr	r4, [%[a], #20]\n\t"
    7281. 

  7281.         "ldr	r5, [%[b], #20]\n\t"
    7282. 

  7282.         "adc	r4, r5\n\t"
    7283. 

  7283.         "str	r4, [%[r], #20]\n\t"
    7284. 

  7284.         "ldr	r4, [%[a], #24]\n\t"
    7285. 

  7285.         "ldr	r5, [%[b], #24]\n\t"
    7286. 

  7286.         "adc	r4, r5\n\t"
    7287. 

  7287.         "str	r4, [%[r], #24]\n\t"
    7288. 

  7288.         "ldr	r4, [%[a], #28]\n\t"
    7289. 

  7289.         "ldr	r5, [%[b], #28]\n\t"
    7290. 

  7290.         "adc	r4, r5\n\t"
    7291. 

  7291.         "str	r4, [%[r], #28]\n\t"
    7292. 

  7292.         "ldr	r4, [%[a], #32]\n\t"
    7293. 

  7293.         "ldr	r5, [%[b], #32]\n\t"
    7294. 

  7294.         "adc	r4, r5\n\t"
    7295. 

  7295.         "str	r4, [%[r], #32]\n\t"
    7296. 

  7296.         "ldr	r4, [%[a], #36]\n\t"
    7297. 

  7297.         "ldr	r5, [%[b], #36]\n\t"
    7298. 

  7298.         "adc	r4, r5\n\t"
    7299. 

  7299.         "str	r4, [%[r], #36]\n\t"
    7300. 

  7300.         "ldr	r4, [%[a], #40]\n\t"
    7301. 

  7301.         "ldr	r5, [%[b], #40]\n\t"
    7302. 

  7302.         "adc	r4, r5\n\t"
    7303. 

  7303.         "str	r4, [%[r], #40]\n\t"
    7304. 

  7304.         "ldr	r4, [%[a], #44]\n\t"
    7305. 

  7305.         "ldr	r5, [%[b], #44]\n\t"
    7306. 

  7306.         "adc	r4, r5\n\t"
    7307. 

  7307.         "str	r4, [%[r], #44]\n\t"
    7308. 

  7308.         "ldr	r4, [%[a], #48]\n\t"
    7309. 

  7309.         "ldr	r5, [%[b], #48]\n\t"
    7310. 

  7310.         "adc	r4, r5\n\t"
    7311. 

  7311.         "str	r4, [%[r], #48]\n\t"
    7312. 

  7312.         "ldr	r4, [%[a], #52]\n\t"
    7313. 

  7313.         "ldr	r5, [%[b], #52]\n\t"
    7314. 

  7314.         "adc	r4, r5\n\t"
    7315. 

  7315.         "str	r4, [%[r], #52]\n\t"
    7316. 

  7316.         "ldr	r4, [%[a], #56]\n\t"
    7317. 

  7317.         "ldr	r5, [%[b], #56]\n\t"
    7318. 

  7318.         "adc	r4, r5\n\t"
    7319. 

  7319.         "str	r4, [%[r], #56]\n\t"
    7320. 

  7320.         "ldr	r4, [%[a], #60]\n\t"
    7321. 

  7321.         "ldr	r5, [%[b], #60]\n\t"
    7322. 

  7322.         "adc	r4, r5\n\t"
    7323. 

  7323.         "str	r4, [%[r], #60]\n\t"
    7324. 

  7324.         "ldr	r4, [%[a], #64]\n\t"
    7325. 

  7325.         "ldr	r5, [%[b], #64]\n\t"
    7326. 

  7326.         "adc	r4, r5\n\t"
    7327. 

  7327.         "str	r4, [%[r], #64]\n\t"
    7328. 

  7328.         "ldr	r4, [%[a], #68]\n\t"
    7329. 

  7329.         "ldr	r5, [%[b], #68]\n\t"
    7330. 

  7330.         "adc	r4, r5\n\t"
    7331. 

  7331.         "str	r4, [%[r], #68]\n\t"
    7332. 

  7332.         "ldr	r4, [%[a], #72]\n\t"
    7333. 

  7333.         "ldr	r5, [%[b], #72]\n\t"
    7334. 

  7334.         "adc	r4, r5\n\t"
    7335. 

  7335.         "str	r4, [%[r], #72]\n\t"
    7336. 

  7336.         "ldr	r4, [%[a], #76]\n\t"
    7337. 

  7337.         "ldr	r5, [%[b], #76]\n\t"
    7338. 

  7338.         "adc	r4, r5\n\t"
    7339. 

  7339.         "str	r4, [%[r], #76]\n\t"
    7340. 

  7340.         "ldr	r4, [%[a], #80]\n\t"
    7341. 

  7341.         "ldr	r5, [%[b], #80]\n\t"
    7342. 

  7342.         "adc	r4, r5\n\t"
    7343. 

  7343.         "str	r4, [%[r], #80]\n\t"
    7344. 

  7344.         "ldr	r4, [%[a], #84]\n\t"
    7345. 

  7345.         "ldr	r5, [%[b], #84]\n\t"
    7346. 

  7346.         "adc	r4, r5\n\t"
    7347. 

  7347.         "str	r4, [%[r], #84]\n\t"
    7348. 

  7348.         "ldr	r4, [%[a], #88]\n\t"
    7349. 

  7349.         "ldr	r5, [%[b], #88]\n\t"
    7350. 

  7350.         "adc	r4, r5\n\t"
    7351. 

  7351.         "str	r4, [%[r], #88]\n\t"
    7352. 

  7352.         "ldr	r4, [%[a], #92]\n\t"
    7353. 

  7353.         "ldr	r5, [%[b], #92]\n\t"
    7354. 

  7354.         "adc	r4, r5\n\t"
    7355. 

  7355.         "str	r4, [%[r], #92]\n\t"
    7356. 

  7356.         "ldr	r4, [%[a], #96]\n\t"
    7357. 

  7357.         "ldr	r5, [%[b], #96]\n\t"
    7358. 

  7358.         "adc	r4, r5\n\t"
    7359. 

  7359.         "str	r4, [%[r], #96]\n\t"
    7360. 

  7360.         "ldr	r4, [%[a], #100]\n\t"
    7361. 

  7361.         "ldr	r5, [%[b], #100]\n\t"
    7362. 

  7362.         "adc	r4, r5\n\t"
    7363. 

  7363.         "str	r4, [%[r], #100]\n\t"
    7364. 

  7364.         "ldr	r4, [%[a], #104]\n\t"
    7365. 

  7365.         "ldr	r5, [%[b], #104]\n\t"
    7366. 

  7366.         "adc	r4, r5\n\t"
    7367. 

  7367.         "str	r4, [%[r], #104]\n\t"
    7368. 

  7368.         "ldr	r4, [%[a], #108]\n\t"
    7369. 

  7369.         "ldr	r5, [%[b], #108]\n\t"
    7370. 

  7370.         "adc	r4, r5\n\t"
    7371. 

  7371.         "str	r4, [%[r], #108]\n\t"
    7372. 

  7372.         "ldr	r4, [%[a], #112]\n\t"
    7373. 

  7373.         "ldr	r5, [%[b], #112]\n\t"
    7374. 

  7374.         "adc	r4, r5\n\t"
    7375. 

  7375.         "str	r4, [%[r], #112]\n\t"
    7376. 

  7376.         "ldr	r4, [%[a], #116]\n\t"
    7377. 

  7377.         "ldr	r5, [%[b], #116]\n\t"
    7378. 

  7378.         "adc	r4, r5\n\t"
    7379. 

  7379.         "str	r4, [%[r], #116]\n\t"
    7380. 

  7380.         "ldr	r4, [%[a], #120]\n\t"
    7381. 

  7381.         "ldr	r5, [%[b], #120]\n\t"
    7382. 

  7382.         "adc	r4, r5\n\t"
    7383. 

  7383.         "str	r4, [%[r], #120]\n\t"
    7384. 

  7384.         "ldr	r4, [%[a], #124]\n\t"
    7385. 

  7385.         "ldr	r5, [%[b], #124]\n\t"
    7386. 

  7386.         "adc	r4, r5\n\t"
    7387. 

  7387.         "str	r4, [%[r], #124]\n\t"
    7388. 

  7388.         "mov	%[c], #0\n\t"
    7389. 

  7389.         "adc	%[c], %[c]\n\t"
    7390. 

  7390.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    7391. 

  7391.         :
    7392. 

  7392.         : "memory", "r4", "r5", "r7"
    7393. 

  7393.     );
    7394. 

  7394. 

  7395.     return c;
    7396. 

  7396. }
    7397. 

  7397. 

  7398. /* AND m into each word of a and store in r.
    7399. 

  7399.  *
    7400. 

  7400.  * r  A single precision integer.
    7401. 

  7401.  * a  A single precision integer.
    7402. 

  7402.  * m  Mask to AND against each digit.
    7403. 

  7403.  */
    7404. 

  7404. static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m)
    7405. 

  7405. {
    7406. 

  7406. #ifdef WOLFSSL_SP_SMALL
    7407. 

  7407.     int i;
    7408. 

  7408. 

  7409.     for (i=0; i<48; i++) {
    7410. 

  7410.         r[i] = a[i] & m;
    7411. 

  7411.     }
    7412. 

  7412. #else
    7413. 

  7413.     int i;
    7414. 

  7414. 

  7415.     for (i = 0; i < 48; i += 8) {
    7416. 

  7416.         r[i+0] = a[i+0] & m;
    7417. 

  7417.         r[i+1] = a[i+1] & m;
    7418. 

  7418.         r[i+2] = a[i+2] & m;
    7419. 

  7419.         r[i+3] = a[i+3] & m;
    7420. 

  7420.         r[i+4] = a[i+4] & m;
    7421. 

  7421.         r[i+5] = a[i+5] & m;
    7422. 

  7422.         r[i+6] = a[i+6] & m;
    7423. 

  7423.         r[i+7] = a[i+7] & m;
    7424. 

  7424.     }
    7425. 

  7425. #endif
    7426. 

  7426. }
    7427. 

  7427. 

  7428. /* Multiply a and b into r. (r = a * b)
    7429. 

  7429.  *
    7430. 

  7430.  * r  A single precision integer.
    7431. 

  7431.  * a  A single precision integer.
    7432. 

  7432.  * b  A single precision integer.
    7433. 

  7433.  */
    7434. 

  7434. SP_NOINLINE static void sp_3072_mul_96(sp_digit* r, const sp_digit* a,
    7435. 

  7435.         const sp_digit* b)
    7436. 

  7436. {
    7437. 

  7437.     sp_digit* z0 = r;
    7438. 

  7438.     sp_digit z1[96];
    7439. 

  7439.     sp_digit a1[48];
    7440. 

  7440.     sp_digit b1[48];
    7441. 

  7441.     sp_digit z2[96];
    7442. 

  7442.     sp_digit u, ca, cb;
    7443. 

  7443. 

  7444.     ca = sp_3072_add_48(a1, a, &a[48]);
    7445. 

  7445.     cb = sp_3072_add_48(b1, b, &b[48]);
    7446. 

  7446.     u  = ca & cb;
    7447. 

  7447.     sp_3072_mul_48(z1, a1, b1);
    7448. 

  7448.     sp_3072_mul_48(z2, &a[48], &b[48]);
    7449. 

  7449.     sp_3072_mul_48(z0, a, b);
    7450. 

  7450.     sp_3072_mask_48(r + 96, a1, 0 - cb);
    7451. 

  7451.     sp_3072_mask_48(b1, b1, 0 - ca);
    7452. 

  7452.     u += sp_3072_add_48(r + 96, r + 96, b1);
    7453. 

  7453.     u += sp_3072_sub_in_place_96(z1, z2);
    7454. 

  7454.     u += sp_3072_sub_in_place_96(z1, z0);
    7455. 

  7455.     u += sp_3072_add_96(r + 48, r + 48, z1);
    7456. 

  7456.     r[144] = u;
    7457. 

  7457.     XMEMSET(r + 144 + 1, 0, sizeof(sp_digit) * (48 - 1));
    7458. 

  7458.     (void)sp_3072_add_96(r + 96, r + 96, z2);
    7459. 

  7459. }
    7460. 

  7460. 

  7461. /* Square a and put result in r. (r = a * a)
    7462. 

  7462.  *
    7463. 

  7463.  * r  A single precision integer.
    7464. 

  7464.  * a  A single precision integer.
    7465. 

  7465.  */
    7466. 

  7466. SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
    7467. 

  7467. {
    7468. 

  7468.     sp_digit* z0 = r;
    7469. 

  7469.     sp_digit z2[96];
    7470. 

  7470.     sp_digit z1[96];
    7471. 

  7471.     sp_digit a1[48];
    7472. 

  7472.     sp_digit u;
    7473. 

  7473. 

  7474.     u = sp_3072_add_48(a1, a, &a[48]);
    7475. 

  7475.     sp_3072_sqr_48(z1, a1);
    7476. 

  7476.     sp_3072_sqr_48(z2, &a[48]);
    7477. 

  7477.     sp_3072_sqr_48(z0, a);
    7478. 

  7478.     sp_3072_mask_48(r + 96, a1, 0 - u);
    7479. 

  7479.     u += sp_3072_add_48(r + 96, r + 96, r + 96);
    7480. 

  7480.     u += sp_3072_sub_in_place_96(z1, z2);
    7481. 

  7481.     u += sp_3072_sub_in_place_96(z1, z0);
    7482. 

  7482.     u += sp_3072_add_96(r + 48, r + 48, z1);
    7483. 

  7483.     r[144] = u;
    7484. 

  7484.     XMEMSET(r + 144 + 1, 0, sizeof(sp_digit) * (48 - 1));
    7485. 

  7485.     (void)sp_3072_add_96(r + 96, r + 96, z2);
    7486. 

  7486. }
    7487. 

  7487. 

  7488. #endif /* !WOLFSSL_SP_SMALL */
    7489. 

  7489. #ifdef WOLFSSL_SP_SMALL
    7490. 

  7490. /* Add b to a into r. (r = a + b)
    7491. 

  7491.  *
    7492. 

  7492.  * r  A single precision integer.
    7493. 

  7493.  * a  A single precision integer.
    7494. 

  7494.  * b  A single precision integer.
    7495. 

  7495.  */
    7496. 

  7496. SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a,
    7497. 

  7497.         const sp_digit* b)
    7498. 

  7498. {
    7499. 

  7499.     sp_digit c = 0;
    7500. 

  7500. 

  7501.     __asm__ __volatile__ (
    7502. 

  7502.         "mov	r6, %[a]\n\t"
    7503. 

  7503.         "mov	r7, #0\n\t"
    7504. 

  7504.         "mov	r4, #1\n\t"
    7505. 

  7505.         "lsl	r4, #8\n\t"
    7506. 

  7506.         "add	r4, #128\n\t"
    7507. 

  7507.         "sub	r7, #1\n\t"
    7508. 

  7508.         "add	r6, r4\n\t"
    7509. 

  7509.         "\n1:\n\t"
    7510. 

  7510.         "add	%[c], r7\n\t"
    7511. 

  7511.         "ldr	r4, [%[a]]\n\t"
    7512. 

  7512.         "ldr	r5, [%[b]]\n\t"
    7513. 

  7513.         "adc	r4, r5\n\t"
    7514. 

  7514.         "str	r4, [%[r]]\n\t"
    7515. 

  7515.         "mov	%[c], #0\n\t"
    7516. 

  7516.         "adc	%[c], %[c]\n\t"
    7517. 

  7517.         "add	%[a], #4\n\t"
    7518. 

  7518.         "add	%[b], #4\n\t"
    7519. 

  7519.         "add	%[r], #4\n\t"
    7520. 

  7520.         "cmp	%[a], r6\n\t"
    7521. 

  7521.         "bne	1b\n\t"
    7522. 

  7522.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    7523. 

  7523.         :
    7524. 

  7524.         : "memory", "r4", "r5", "r6", "r7"
    7525. 

  7525.     );
    7526. 

  7526. 

  7527.     return c;
    7528. 

  7528. }
    7529. 

  7529. 

  7530. #endif /* WOLFSSL_SP_SMALL */
    7531. 

  7531. #ifdef WOLFSSL_SP_SMALL
    7532. 

  7532. /* Sub b from a into a. (a -= b)
    7533. 

  7533.  *
    7534. 

  7534.  * a  A single precision integer.
    7535. 

  7535.  * b  A single precision integer.
    7536. 

  7536.  */
    7537. 

  7537. SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a,
    7538. 

  7538.         const sp_digit* b)
    7539. 

  7539. {
    7540. 

  7540.     sp_digit c = 0;
    7541. 

  7541.     __asm__ __volatile__ (
    7542. 

  7542.         "mov	r7, %[a]\n\t"
    7543. 

  7543.         "mov	r5, #1\n\t"
    7544. 

  7544.         "lsl	r5, #8\n\t"
    7545. 

  7545.         "add	r5, #128\n\t"
    7546. 

  7546.         "add	r7, r5\n\t"
    7547. 

  7547.         "\n1:\n\t"
    7548. 

  7548.         "mov	r5, #0\n\t"
    7549. 

  7549.         "sub	r5, %[c]\n\t"
    7550. 

  7550.         "ldr	r3, [%[a]]\n\t"
    7551. 

  7551.         "ldr	r4, [%[a], #4]\n\t"
    7552. 

  7552.         "ldr	r5, [%[b]]\n\t"
    7553. 

  7553.         "ldr	r6, [%[b], #4]\n\t"
    7554. 

  7554.         "sbc	r3, r5\n\t"
    7555. 

  7555.         "sbc	r4, r6\n\t"
    7556. 

  7556.         "str	r3, [%[a]]\n\t"
    7557. 

  7557.         "str	r4, [%[a], #4]\n\t"
    7558. 

  7558.         "sbc	%[c], %[c]\n\t"
    7559. 

  7559.         "add	%[a], #8\n\t"
    7560. 

  7560.         "add	%[b], #8\n\t"
    7561. 

  7561.         "cmp	%[a], r7\n\t"
    7562. 

  7562.         "bne	1b\n\t"
    7563. 

  7563.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    7564. 

  7564.         :
    7565. 

  7565.         : "memory", "r3", "r4", "r5", "r6", "r7"
    7566. 

  7566.     );
    7567. 

  7567. 

  7568.     return c;
    7569. 

  7569. }
    7570. 

  7570. 

  7571. #endif /* WOLFSSL_SP_SMALL */
    7572. 

  7572. #ifdef WOLFSSL_SP_SMALL
    7573. 

  7573. /* Multiply a and b into r. (r = a * b)
    7574. 

  7574.  *
    7575. 

  7575.  * r  A single precision integer.
    7576. 

  7576.  * a  A single precision integer.
    7577. 

  7577.  * b  A single precision integer.
    7578. 

  7578.  */
    7579. 

  7579. SP_NOINLINE static void sp_3072_mul_96(sp_digit* r, const sp_digit* a,
    7580. 

  7580.         const sp_digit* b)
    7581. 

  7581. {
    7582. 

  7582.     sp_digit tmp[96 * 2];
    7583. 

  7583.     __asm__ __volatile__ (
    7584. 

  7584.         "mov	r3, #0\n\t"
    7585. 

  7585.         "mov	r4, #0\n\t"
    7586. 

  7586.         "mov	r8, r3\n\t"
    7587. 

  7587.         "mov	r11, %[r]\n\t"
    7588. 

  7588.         "mov	r9, %[a]\n\t"
    7589. 

  7589.         "mov	r10, %[b]\n\t"
    7590. 

  7590.         "mov	r6, #1\n\t"
    7591. 

  7591.         "lsl	r6, r6, #8\n\t"
    7592. 

  7592.         "add	r6, #128\n\t"
    7593. 

  7593.         "add	r6, r9\n\t"
    7594. 

  7594.         "mov	r12, r6\n\t"
    7595. 

  7595.         "\n1:\n\t"
    7596. 

  7596.         "mov	%[r], #0\n\t"
    7597. 

  7597.         "mov	r5, #0\n\t"
    7598. 

  7598.         "mov	r6, #1\n\t"
    7599. 

  7599.         "lsl	r6, r6, #8\n\t"
    7600. 

  7600.         "add	r6, #124\n\t"
    7601. 

  7601.         "mov	%[a], r8\n\t"
    7602. 

  7602.         "sub	%[a], r6\n\t"
    7603. 

  7603.         "sbc	r6, r6\n\t"
    7604. 

  7604.         "mvn	r6, r6\n\t"
    7605. 

  7605.         "and	%[a], r6\n\t"
    7606. 

  7606.         "mov	%[b], r8\n\t"
    7607. 

  7607.         "sub	%[b], %[a]\n\t"
    7608. 

  7608.         "add	%[a], r9\n\t"
    7609. 

  7609.         "add	%[b], r10\n\t"
    7610. 

  7610.         "\n2:\n\t"
    7611. 

  7611.         "# Multiply Start\n\t"
    7612. 

  7612.         "ldr	r6, [%[a]]\n\t"
    7613. 

  7613.         "ldr	r7, [%[b]]\n\t"
    7614. 

  7614.         "lsl	r6, r6, #16\n\t"
    7615. 

  7615.         "lsl	r7, r7, #16\n\t"
    7616. 

  7616.         "lsr	r6, r6, #16\n\t"
    7617. 

  7617.         "lsr	r7, r7, #16\n\t"
    7618. 

  7618.         "mul	r7, r6\n\t"
    7619. 

  7619.         "add	r3, r7\n\t"
    7620. 

  7620.         "adc	r4, %[r]\n\t"
    7621. 

  7621.         "adc	r5, %[r]\n\t"
    7622. 

  7622.         "ldr	r7, [%[b]]\n\t"
    7623. 

  7623.         "lsr	r7, r7, #16\n\t"
    7624. 

  7624.         "mul	r6, r7\n\t"
    7625. 

  7625.         "lsr	r7, r6, #16\n\t"
    7626. 

  7626.         "lsl	r6, r6, #16\n\t"
    7627. 

  7627.         "add	r3, r6\n\t"
    7628. 

  7628.         "adc	r4, r7\n\t"
    7629. 

  7629.         "adc	r5, %[r]\n\t"
    7630. 

  7630.         "ldr	r6, [%[a]]\n\t"
    7631. 

  7631.         "ldr	r7, [%[b]]\n\t"
    7632. 

  7632.         "lsr	r6, r6, #16\n\t"
    7633. 

  7633.         "lsr	r7, r7, #16\n\t"
    7634. 

  7634.         "mul	r7, r6\n\t"
    7635. 

  7635.         "add	r4, r7\n\t"
    7636. 

  7636.         "adc	r5, %[r]\n\t"
    7637. 

  7637.         "ldr	r7, [%[b]]\n\t"
    7638. 

  7638.         "lsl	r7, r7, #16\n\t"
    7639. 

  7639.         "lsr	r7, r7, #16\n\t"
    7640. 

  7640.         "mul	r6, r7\n\t"
    7641. 

  7641.         "lsr	r7, r6, #16\n\t"
    7642. 

  7642.         "lsl	r6, r6, #16\n\t"
    7643. 

  7643.         "add	r3, r6\n\t"
    7644. 

  7644.         "adc	r4, r7\n\t"
    7645. 

  7645.         "adc	r5, %[r]\n\t"
    7646. 

  7646.         "# Multiply Done\n\t"
    7647. 

  7647.         "add	%[a], #4\n\t"
    7648. 

  7648.         "sub	%[b], #4\n\t"
    7649. 

  7649.         "cmp	%[a], r12\n\t"
    7650. 

  7650.         "beq	3f\n\t"
    7651. 

  7651.         "mov	r6, r8\n\t"
    7652. 

  7652.         "add	r6, r9\n\t"
    7653. 

  7653.         "cmp	%[a], r6\n\t"
    7654. 

  7654.         "ble	2b\n\t"
    7655. 

  7655.         "\n3:\n\t"
    7656. 

  7656.         "mov	%[r], r11\n\t"
    7657. 

  7657.         "mov	r7, r8\n\t"
    7658. 

  7658.         "str	r3, [%[r], r7]\n\t"
    7659. 

  7659.         "mov	r3, r4\n\t"
    7660. 

  7660.         "mov	r4, r5\n\t"
    7661. 

  7661.         "add	r7, #4\n\t"
    7662. 

  7662.         "mov	r8, r7\n\t"
    7663. 

  7663.         "mov	r6, #2\n\t"
    7664. 

  7664.         "lsl	r6, r6, #8\n\t"
    7665. 

  7665.         "add	r6, #248\n\t"
    7666. 

  7666.         "cmp	r7, r6\n\t"
    7667. 

  7667.         "ble	1b\n\t"
    7668. 

  7668.         "str	r3, [%[r], r7]\n\t"
    7669. 

  7669.         "mov	%[a], r9\n\t"
    7670. 

  7670.         "mov	%[b], r10\n\t"
    7671. 

  7671.         :
    7672. 

  7672.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    7673. 

  7673.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    7674. 

  7674.     );
    7675. 

  7675. 

  7676.     XMEMCPY(r, tmp, sizeof(tmp));
    7677. 

  7677. }
    7678. 

  7678. 

  7679. /* Square a and put result in r. (r = a * a)
    7680. 

  7680.  *
    7681. 

  7681.  * r  A single precision integer.
    7682. 

  7682.  * a  A single precision integer.
    7683. 

  7683.  */
    7684. 

  7684. SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a)
    7685. 

  7685. {
    7686. 

  7686.     __asm__ __volatile__ (
    7687. 

  7687.         "mov	r3, #0\n\t"
    7688. 

  7688.         "mov	r4, #0\n\t"
    7689. 

  7689.         "mov	r5, #0\n\t"
    7690. 

  7690.         "mov	r8, r3\n\t"
    7691. 

  7691.         "mov	r11, %[r]\n\t"
    7692. 

  7692.         "mov	r6, #3\n\t"
    7693. 

  7693.         "lsl	r6, r6, #8\n\t"
    7694. 

  7694.         "neg	r6, r6\n\t"
    7695. 

  7695.         "add	sp, r6\n\t"
    7696. 

  7696.         "mov	r10, sp\n\t"
    7697. 

  7697.         "mov	r9, %[a]\n\t"
    7698. 

  7698.         "\n1:\n\t"
    7699. 

  7699.         "mov	%[r], #0\n\t"
    7700. 

  7700.         "mov	r6, #1\n\t"
    7701. 

  7701.         "lsl	r6, r6, #8\n\t"
    7702. 

  7702.         "add	r6, #124\n\t"
    7703. 

  7703.         "mov	%[a], r8\n\t"
    7704. 

  7704.         "sub	%[a], r6\n\t"
    7705. 

  7705.         "sbc	r6, r6\n\t"
    7706. 

  7706.         "mvn	r6, r6\n\t"
    7707. 

  7707.         "and	%[a], r6\n\t"
    7708. 

  7708.         "mov	r2, r8\n\t"
    7709. 

  7709.         "sub	r2, %[a]\n\t"
    7710. 

  7710.         "add	%[a], r9\n\t"
    7711. 

  7711.         "add	r2, r9\n\t"
    7712. 

  7712.         "\n2:\n\t"
    7713. 

  7713.         "cmp	r2, %[a]\n\t"
    7714. 

  7714.         "beq	4f\n\t"
    7715. 

  7715.         "# Multiply * 2: Start\n\t"
    7716. 

  7716.         "ldr	r6, [%[a]]\n\t"
    7717. 

  7717.         "ldr	r7, [r2]\n\t"
    7718. 

  7718.         "lsl	r6, r6, #16\n\t"
    7719. 

  7719.         "lsl	r7, r7, #16\n\t"
    7720. 

  7720.         "lsr	r6, r6, #16\n\t"
    7721. 

  7721.         "lsr	r7, r7, #16\n\t"
    7722. 

  7722.         "mul	r7, r6\n\t"
    7723. 

  7723.         "add	r3, r7\n\t"
    7724. 

  7724.         "adc	r4, %[r]\n\t"
    7725. 

  7725.         "adc	r5, %[r]\n\t"
    7726. 

  7726.         "add	r3, r7\n\t"
    7727. 

  7727.         "adc	r4, %[r]\n\t"
    7728. 

  7728.         "adc	r5, %[r]\n\t"
    7729. 

  7729.         "ldr	r7, [r2]\n\t"
    7730. 

  7730.         "lsr	r7, r7, #16\n\t"
    7731. 

  7731.         "mul	r6, r7\n\t"
    7732. 

  7732.         "lsr	r7, r6, #16\n\t"
    7733. 

  7733.         "lsl	r6, r6, #16\n\t"
    7734. 

  7734.         "add	r3, r6\n\t"
    7735. 

  7735.         "adc	r4, r7\n\t"
    7736. 

  7736.         "adc	r5, %[r]\n\t"
    7737. 

  7737.         "add	r3, r6\n\t"
    7738. 

  7738.         "adc	r4, r7\n\t"
    7739. 

  7739.         "adc	r5, %[r]\n\t"
    7740. 

  7740.         "ldr	r6, [%[a]]\n\t"
    7741. 

  7741.         "ldr	r7, [r2]\n\t"
    7742. 

  7742.         "lsr	r6, r6, #16\n\t"
    7743. 

  7743.         "lsr	r7, r7, #16\n\t"
    7744. 

  7744.         "mul	r7, r6\n\t"
    7745. 

  7745.         "add	r4, r7\n\t"
    7746. 

  7746.         "adc	r5, %[r]\n\t"
    7747. 

  7747.         "add	r4, r7\n\t"
    7748. 

  7748.         "adc	r5, %[r]\n\t"
    7749. 

  7749.         "ldr	r7, [r2]\n\t"
    7750. 

  7750.         "lsl	r7, r7, #16\n\t"
    7751. 

  7751.         "lsr	r7, r7, #16\n\t"
    7752. 

  7752.         "mul	r6, r7\n\t"
    7753. 

  7753.         "lsr	r7, r6, #16\n\t"
    7754. 

  7754.         "lsl	r6, r6, #16\n\t"
    7755. 

  7755.         "add	r3, r6\n\t"
    7756. 

  7756.         "adc	r4, r7\n\t"
    7757. 

  7757.         "adc	r5, %[r]\n\t"
    7758. 

  7758.         "add	r3, r6\n\t"
    7759. 

  7759.         "adc	r4, r7\n\t"
    7760. 

  7760.         "adc	r5, %[r]\n\t"
    7761. 

  7761.         "# Multiply * 2: Done\n\t"
    7762. 

  7762.         "bal	5f\n\t"
    7763. 

  7763.         "\n4:\n\t"
    7764. 

  7764.         "# Square: Start\n\t"
    7765. 

  7765.         "ldr	r6, [%[a]]\n\t"
    7766. 

  7766.         "lsr	r7, r6, #16\n\t"
    7767. 

  7767.         "lsl	r6, r6, #16\n\t"
    7768. 

  7768.         "lsr	r6, r6, #16\n\t"
    7769. 

  7769.         "mul	r6, r6\n\t"
    7770. 

  7770.         "add	r3, r6\n\t"
    7771. 

  7771.         "adc	r4, %[r]\n\t"
    7772. 

  7772.         "adc	r5, %[r]\n\t"
    7773. 

  7773.         "mul	r7, r7\n\t"
    7774. 

  7774.         "add	r4, r7\n\t"
    7775. 

  7775.         "adc	r5, %[r]\n\t"
    7776. 

  7776.         "ldr	r6, [%[a]]\n\t"
    7777. 

  7777.         "lsr	r7, r6, #16\n\t"
    7778. 

  7778.         "lsl	r6, r6, #16\n\t"
    7779. 

  7779.         "lsr	r6, r6, #16\n\t"
    7780. 

  7780.         "mul	r6, r7\n\t"
    7781. 

  7781.         "lsr	r7, r6, #15\n\t"
    7782. 

  7782.         "lsl	r6, r6, #17\n\t"
    7783. 

  7783.         "add	r3, r6\n\t"
    7784. 

  7784.         "adc	r4, r7\n\t"
    7785. 

  7785.         "adc	r5, %[r]\n\t"
    7786. 

  7786.         "# Square: Done\n\t"
    7787. 

  7787.         "\n5:\n\t"
    7788. 

  7788.         "add	%[a], #4\n\t"
    7789. 

  7789.         "sub	r2, #4\n\t"
    7790. 

  7790.         "mov	r6, #1\n\t"
    7791. 

  7791.         "lsl	r6, r6, #8\n\t"
    7792. 

  7792.         "add	r6, #128\n\t"
    7793. 

  7793.         "add	r6, r9\n\t"
    7794. 

  7794.         "cmp	%[a], r6\n\t"
    7795. 

  7795.         "beq	3f\n\t"
    7796. 

  7796.         "cmp	%[a], r2\n\t"
    7797. 

  7797.         "bgt	3f\n\t"
    7798. 

  7798.         "mov	r7, r8\n\t"
    7799. 

  7799.         "add	r7, r9\n\t"
    7800. 

  7800.         "cmp	%[a], r7\n\t"
    7801. 

  7801.         "ble	2b\n\t"
    7802. 

  7802.         "\n3:\n\t"
    7803. 

  7803.         "mov	%[r], r10\n\t"
    7804. 

  7804.         "mov	r7, r8\n\t"
    7805. 

  7805.         "str	r3, [%[r], r7]\n\t"
    7806. 

  7806.         "mov	r3, r4\n\t"
    7807. 

  7807.         "mov	r4, r5\n\t"
    7808. 

  7808.         "mov	r5, #0\n\t"
    7809. 

  7809.         "add	r7, #4\n\t"
    7810. 

  7810.         "mov	r8, r7\n\t"
    7811. 

  7811.         "mov	r6, #2\n\t"
    7812. 

  7812.         "lsl	r6, r6, #8\n\t"
    7813. 

  7813.         "add	r6, #248\n\t"
    7814. 

  7814.         "cmp	r7, r6\n\t"
    7815. 

  7815.         "ble	1b\n\t"
    7816. 

  7816.         "mov	%[a], r9\n\t"
    7817. 

  7817.         "str	r3, [%[r], r7]\n\t"
    7818. 

  7818.         "mov	%[r], r11\n\t"
    7819. 

  7819.         "mov	%[a], r10\n\t"
    7820. 

  7820.         "mov	r3, #2\n\t"
    7821. 

  7821.         "lsl	r3, r3, #8\n\t"
    7822. 

  7822.         "add	r3, #252\n\t"
    7823. 

  7823.         "\n4:\n\t"
    7824. 

  7824.         "ldr	r6, [%[a], r3]\n\t"
    7825. 

  7825.         "str	r6, [%[r], r3]\n\t"
    7826. 

  7826.         "sub	r3, #4\n\t"
    7827. 

  7827.         "bge	4b\n\t"
    7828. 

  7828.         "mov	r6, #3\n\t"
    7829. 

  7829.         "lsl	r6, r6, #8\n\t"
    7830. 

  7830.         "add	sp, r6\n\t"
    7831. 

  7831.         :
    7832. 

  7832.         : [r] "r" (r), [a] "r" (a)
    7833. 

  7833.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    7834. 

  7834.     );
    7835. 

  7835. }
    7836. 

  7836. 

  7837. #endif /* WOLFSSL_SP_SMALL */
    7838. 

  7838. #if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
    7839. 

  7839. #ifdef WOLFSSL_SP_SMALL
    7840. 

  7840. /* AND m into each word of a and store in r.
    7841. 

  7841.  *
    7842. 

  7842.  * r  A single precision integer.
    7843. 

  7843.  * a  A single precision integer.
    7844. 

  7844.  * m  Mask to AND against each digit.
    7845. 

  7845.  */
    7846. 

  7846. static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m)
    7847. 

  7847. {
    7848. 

  7848.     int i;
    7849. 

  7849. 

  7850.     for (i=0; i<48; i++) {
    7851. 

  7851.         r[i] = a[i] & m;
    7852. 

  7852.     }
    7853. 

  7853. }
    7854. 

  7854. 

  7855. #endif /* WOLFSSL_SP_SMALL */
    7856. 

  7856. #ifdef WOLFSSL_SP_SMALL
    7857. 

  7857. /* Add b to a into r. (r = a + b)
    7858. 

  7858.  *
    7859. 

  7859.  * r  A single precision integer.
    7860. 

  7860.  * a  A single precision integer.
    7861. 

  7861.  * b  A single precision integer.
    7862. 

  7862.  */
    7863. 

  7863. SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a,
    7864. 

  7864.         const sp_digit* b)
    7865. 

  7865. {
    7866. 

  7866.     sp_digit c = 0;
    7867. 

  7867. 

  7868.     __asm__ __volatile__ (
    7869. 

  7869.         "mov	r6, %[a]\n\t"
    7870. 

  7870.         "mov	r7, #0\n\t"
    7871. 

  7871.         "add	r6, #192\n\t"
    7872. 

  7872.         "sub	r7, #1\n\t"
    7873. 

  7873.         "\n1:\n\t"
    7874. 

  7874.         "add	%[c], r7\n\t"
    7875. 

  7875.         "ldr	r4, [%[a]]\n\t"
    7876. 

  7876.         "ldr	r5, [%[b]]\n\t"
    7877. 

  7877.         "adc	r4, r5\n\t"
    7878. 

  7878.         "str	r4, [%[r]]\n\t"
    7879. 

  7879.         "mov	%[c], #0\n\t"
    7880. 

  7880.         "adc	%[c], %[c]\n\t"
    7881. 

  7881.         "add	%[a], #4\n\t"
    7882. 

  7882.         "add	%[b], #4\n\t"
    7883. 

  7883.         "add	%[r], #4\n\t"
    7884. 

  7884.         "cmp	%[a], r6\n\t"
    7885. 

  7885.         "bne	1b\n\t"
    7886. 

  7886.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    7887. 

  7887.         :
    7888. 

  7888.         : "memory", "r4", "r5", "r6", "r7"
    7889. 

  7889.     );
    7890. 

  7890. 

  7891.     return c;
    7892. 

  7892. }
    7893. 

  7893. 

  7894. #endif /* WOLFSSL_SP_SMALL */
    7895. 

  7895. #ifdef WOLFSSL_SP_SMALL
    7896. 

  7896. /* Sub b from a into a. (a -= b)
    7897. 

  7897.  *
    7898. 

  7898.  * a  A single precision integer.
    7899. 

  7899.  * b  A single precision integer.
    7900. 

  7900.  */
    7901. 

  7901. SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a,
    7902. 

  7902.         const sp_digit* b)
    7903. 

  7903. {
    7904. 

  7904.     sp_digit c = 0;
    7905. 

  7905.     __asm__ __volatile__ (
    7906. 

  7906.         "mov	r7, %[a]\n\t"
    7907. 

  7907.         "add	r7, #192\n\t"
    7908. 

  7908.         "\n1:\n\t"
    7909. 

  7909.         "mov	r5, #0\n\t"
    7910. 

  7910.         "sub	r5, %[c]\n\t"
    7911. 

  7911.         "ldr	r3, [%[a]]\n\t"
    7912. 

  7912.         "ldr	r4, [%[a], #4]\n\t"
    7913. 

  7913.         "ldr	r5, [%[b]]\n\t"
    7914. 

  7914.         "ldr	r6, [%[b], #4]\n\t"
    7915. 

  7915.         "sbc	r3, r5\n\t"
    7916. 

  7916.         "sbc	r4, r6\n\t"
    7917. 

  7917.         "str	r3, [%[a]]\n\t"
    7918. 

  7918.         "str	r4, [%[a], #4]\n\t"
    7919. 

  7919.         "sbc	%[c], %[c]\n\t"
    7920. 

  7920.         "add	%[a], #8\n\t"
    7921. 

  7921.         "add	%[b], #8\n\t"
    7922. 

  7922.         "cmp	%[a], r7\n\t"
    7923. 

  7923.         "bne	1b\n\t"
    7924. 

  7924.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    7925. 

  7925.         :
    7926. 

  7926.         : "memory", "r3", "r4", "r5", "r6", "r7"
    7927. 

  7927.     );
    7928. 

  7928. 

  7929.     return c;
    7930. 

  7930. }
    7931. 

  7931. 

  7932. #endif /* WOLFSSL_SP_SMALL */
    7933. 

  7933. #ifdef WOLFSSL_SP_SMALL
    7934. 

  7934. /* Multiply a and b into r. (r = a * b)
    7935. 

  7935.  *
    7936. 

  7936.  * r  A single precision integer.
    7937. 

  7937.  * a  A single precision integer.
    7938. 

  7938.  * b  A single precision integer.
    7939. 

  7939.  */
    7940. 

  7940. SP_NOINLINE static void sp_3072_mul_48(sp_digit* r, const sp_digit* a,
    7941. 

  7941.         const sp_digit* b)
    7942. 

  7942. {
    7943. 

  7943.     sp_digit tmp[48 * 2];
    7944. 

  7944.     __asm__ __volatile__ (
    7945. 

  7945.         "mov	r3, #0\n\t"
    7946. 

  7946.         "mov	r4, #0\n\t"
    7947. 

  7947.         "mov	r8, r3\n\t"
    7948. 

  7948.         "mov	r11, %[r]\n\t"
    7949. 

  7949.         "mov	r9, %[a]\n\t"
    7950. 

  7950.         "mov	r10, %[b]\n\t"
    7951. 

  7951.         "mov	r6, #192\n\t"
    7952. 

  7952.         "add	r6, r9\n\t"
    7953. 

  7953.         "mov	r12, r6\n\t"
    7954. 

  7954.         "\n1:\n\t"
    7955. 

  7955.         "mov	%[r], #0\n\t"
    7956. 

  7956.         "mov	r5, #0\n\t"
    7957. 

  7957.         "mov	r6, #188\n\t"
    7958. 

  7958.         "mov	%[a], r8\n\t"
    7959. 

  7959.         "sub	%[a], r6\n\t"
    7960. 

  7960.         "sbc	r6, r6\n\t"
    7961. 

  7961.         "mvn	r6, r6\n\t"
    7962. 

  7962.         "and	%[a], r6\n\t"
    7963. 

  7963.         "mov	%[b], r8\n\t"
    7964. 

  7964.         "sub	%[b], %[a]\n\t"
    7965. 

  7965.         "add	%[a], r9\n\t"
    7966. 

  7966.         "add	%[b], r10\n\t"
    7967. 

  7967.         "\n2:\n\t"
    7968. 

  7968.         "# Multiply Start\n\t"
    7969. 

  7969.         "ldr	r6, [%[a]]\n\t"
    7970. 

  7970.         "ldr	r7, [%[b]]\n\t"
    7971. 

  7971.         "lsl	r6, r6, #16\n\t"
    7972. 

  7972.         "lsl	r7, r7, #16\n\t"
    7973. 

  7973.         "lsr	r6, r6, #16\n\t"
    7974. 

  7974.         "lsr	r7, r7, #16\n\t"
    7975. 

  7975.         "mul	r7, r6\n\t"
    7976. 

  7976.         "add	r3, r7\n\t"
    7977. 

  7977.         "adc	r4, %[r]\n\t"
    7978. 

  7978.         "adc	r5, %[r]\n\t"
    7979. 

  7979.         "ldr	r7, [%[b]]\n\t"
    7980. 

  7980.         "lsr	r7, r7, #16\n\t"
    7981. 

  7981.         "mul	r6, r7\n\t"
    7982. 

  7982.         "lsr	r7, r6, #16\n\t"
    7983. 

  7983.         "lsl	r6, r6, #16\n\t"
    7984. 

  7984.         "add	r3, r6\n\t"
    7985. 

  7985.         "adc	r4, r7\n\t"
    7986. 

  7986.         "adc	r5, %[r]\n\t"
    7987. 

  7987.         "ldr	r6, [%[a]]\n\t"
    7988. 

  7988.         "ldr	r7, [%[b]]\n\t"
    7989. 

  7989.         "lsr	r6, r6, #16\n\t"
    7990. 

  7990.         "lsr	r7, r7, #16\n\t"
    7991. 

  7991.         "mul	r7, r6\n\t"
    7992. 

  7992.         "add	r4, r7\n\t"
    7993. 

  7993.         "adc	r5, %[r]\n\t"
    7994. 

  7994.         "ldr	r7, [%[b]]\n\t"
    7995. 

  7995.         "lsl	r7, r7, #16\n\t"
    7996. 

  7996.         "lsr	r7, r7, #16\n\t"
    7997. 

  7997.         "mul	r6, r7\n\t"
    7998. 

  7998.         "lsr	r7, r6, #16\n\t"
    7999. 

  7999.         "lsl	r6, r6, #16\n\t"
    8000. 

  8000.         "add	r3, r6\n\t"
    8001. 

  8001.         "adc	r4, r7\n\t"
    8002. 

  8002.         "adc	r5, %[r]\n\t"
    8003. 

  8003.         "# Multiply Done\n\t"
    8004. 

  8004.         "add	%[a], #4\n\t"
    8005. 

  8005.         "sub	%[b], #4\n\t"
    8006. 

  8006.         "cmp	%[a], r12\n\t"
    8007. 

  8007.         "beq	3f\n\t"
    8008. 

  8008.         "mov	r6, r8\n\t"
    8009. 

  8009.         "add	r6, r9\n\t"
    8010. 

  8010.         "cmp	%[a], r6\n\t"
    8011. 

  8011.         "ble	2b\n\t"
    8012. 

  8012.         "\n3:\n\t"
    8013. 

  8013.         "mov	%[r], r11\n\t"
    8014. 

  8014.         "mov	r7, r8\n\t"
    8015. 

  8015.         "str	r3, [%[r], r7]\n\t"
    8016. 

  8016.         "mov	r3, r4\n\t"
    8017. 

  8017.         "mov	r4, r5\n\t"
    8018. 

  8018.         "add	r7, #4\n\t"
    8019. 

  8019.         "mov	r8, r7\n\t"
    8020. 

  8020.         "mov	r6, #1\n\t"
    8021. 

  8021.         "lsl	r6, r6, #8\n\t"
    8022. 

  8022.         "add	r6, #120\n\t"
    8023. 

  8023.         "cmp	r7, r6\n\t"
    8024. 

  8024.         "ble	1b\n\t"
    8025. 

  8025.         "str	r3, [%[r], r7]\n\t"
    8026. 

  8026.         "mov	%[a], r9\n\t"
    8027. 

  8027.         "mov	%[b], r10\n\t"
    8028. 

  8028.         :
    8029. 

  8029.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    8030. 

  8030.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    8031. 

  8031.     );
    8032. 

  8032. 

  8033.     XMEMCPY(r, tmp, sizeof(tmp));
    8034. 

  8034. }
    8035. 

  8035. 

  8036. /* Square a and put result in r. (r = a * a)
    8037. 

  8037.  *
    8038. 

  8038.  * r  A single precision integer.
    8039. 

  8039.  * a  A single precision integer.
    8040. 

  8040.  */
    8041. 

  8041. SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a)
    8042. 

  8042. {
    8043. 

  8043.     __asm__ __volatile__ (
    8044. 

  8044.         "mov	r3, #0\n\t"
    8045. 

  8045.         "mov	r4, #0\n\t"
    8046. 

  8046.         "mov	r5, #0\n\t"
    8047. 

  8047.         "mov	r8, r3\n\t"
    8048. 

  8048.         "mov	r11, %[r]\n\t"
    8049. 

  8049.         "mov	r6, #1\n\t"
    8050. 

  8050.         "lsl	r6, r6, #8\n\t"
    8051. 

  8051.         "add	r6, #128\n\t"
    8052. 

  8052.         "neg	r6, r6\n\t"
    8053. 

  8053.         "add	sp, r6\n\t"
    8054. 

  8054.         "mov	r10, sp\n\t"
    8055. 

  8055.         "mov	r9, %[a]\n\t"
    8056. 

  8056.         "\n1:\n\t"
    8057. 

  8057.         "mov	%[r], #0\n\t"
    8058. 

  8058.         "mov	r6, #188\n\t"
    8059. 

  8059.         "mov	%[a], r8\n\t"
    8060. 

  8060.         "sub	%[a], r6\n\t"
    8061. 

  8061.         "sbc	r6, r6\n\t"
    8062. 

  8062.         "mvn	r6, r6\n\t"
    8063. 

  8063.         "and	%[a], r6\n\t"
    8064. 

  8064.         "mov	r2, r8\n\t"
    8065. 

  8065.         "sub	r2, %[a]\n\t"
    8066. 

  8066.         "add	%[a], r9\n\t"
    8067. 

  8067.         "add	r2, r9\n\t"
    8068. 

  8068.         "\n2:\n\t"
    8069. 

  8069.         "cmp	r2, %[a]\n\t"
    8070. 

  8070.         "beq	4f\n\t"
    8071. 

  8071.         "# Multiply * 2: Start\n\t"
    8072. 

  8072.         "ldr	r6, [%[a]]\n\t"
    8073. 

  8073.         "ldr	r7, [r2]\n\t"
    8074. 

  8074.         "lsl	r6, r6, #16\n\t"
    8075. 

  8075.         "lsl	r7, r7, #16\n\t"
    8076. 

  8076.         "lsr	r6, r6, #16\n\t"
    8077. 

  8077.         "lsr	r7, r7, #16\n\t"
    8078. 

  8078.         "mul	r7, r6\n\t"
    8079. 

  8079.         "add	r3, r7\n\t"
    8080. 

  8080.         "adc	r4, %[r]\n\t"
    8081. 

  8081.         "adc	r5, %[r]\n\t"
    8082. 

  8082.         "add	r3, r7\n\t"
    8083. 

  8083.         "adc	r4, %[r]\n\t"
    8084. 

  8084.         "adc	r5, %[r]\n\t"
    8085. 

  8085.         "ldr	r7, [r2]\n\t"
    8086. 

  8086.         "lsr	r7, r7, #16\n\t"
    8087. 

  8087.         "mul	r6, r7\n\t"
    8088. 

  8088.         "lsr	r7, r6, #16\n\t"
    8089. 

  8089.         "lsl	r6, r6, #16\n\t"
    8090. 

  8090.         "add	r3, r6\n\t"
    8091. 

  8091.         "adc	r4, r7\n\t"
    8092. 

  8092.         "adc	r5, %[r]\n\t"
    8093. 

  8093.         "add	r3, r6\n\t"
    8094. 

  8094.         "adc	r4, r7\n\t"
    8095. 

  8095.         "adc	r5, %[r]\n\t"
    8096. 

  8096.         "ldr	r6, [%[a]]\n\t"
    8097. 

  8097.         "ldr	r7, [r2]\n\t"
    8098. 

  8098.         "lsr	r6, r6, #16\n\t"
    8099. 

  8099.         "lsr	r7, r7, #16\n\t"
    8100. 

  8100.         "mul	r7, r6\n\t"
    8101. 

  8101.         "add	r4, r7\n\t"
    8102. 

  8102.         "adc	r5, %[r]\n\t"
    8103. 

  8103.         "add	r4, r7\n\t"
    8104. 

  8104.         "adc	r5, %[r]\n\t"
    8105. 

  8105.         "ldr	r7, [r2]\n\t"
    8106. 

  8106.         "lsl	r7, r7, #16\n\t"
    8107. 

  8107.         "lsr	r7, r7, #16\n\t"
    8108. 

  8108.         "mul	r6, r7\n\t"
    8109. 

  8109.         "lsr	r7, r6, #16\n\t"
    8110. 

  8110.         "lsl	r6, r6, #16\n\t"
    8111. 

  8111.         "add	r3, r6\n\t"
    8112. 

  8112.         "adc	r4, r7\n\t"
    8113. 

  8113.         "adc	r5, %[r]\n\t"
    8114. 

  8114.         "add	r3, r6\n\t"
    8115. 

  8115.         "adc	r4, r7\n\t"
    8116. 

  8116.         "adc	r5, %[r]\n\t"
    8117. 

  8117.         "# Multiply * 2: Done\n\t"
    8118. 

  8118.         "bal	5f\n\t"
    8119. 

  8119.         "\n4:\n\t"
    8120. 

  8120.         "# Square: Start\n\t"
    8121. 

  8121.         "ldr	r6, [%[a]]\n\t"
    8122. 

  8122.         "lsr	r7, r6, #16\n\t"
    8123. 

  8123.         "lsl	r6, r6, #16\n\t"
    8124. 

  8124.         "lsr	r6, r6, #16\n\t"
    8125. 

  8125.         "mul	r6, r6\n\t"
    8126. 

  8126.         "add	r3, r6\n\t"
    8127. 

  8127.         "adc	r4, %[r]\n\t"
    8128. 

  8128.         "adc	r5, %[r]\n\t"
    8129. 

  8129.         "mul	r7, r7\n\t"
    8130. 

  8130.         "add	r4, r7\n\t"
    8131. 

  8131.         "adc	r5, %[r]\n\t"
    8132. 

  8132.         "ldr	r6, [%[a]]\n\t"
    8133. 

  8133.         "lsr	r7, r6, #16\n\t"
    8134. 

  8134.         "lsl	r6, r6, #16\n\t"
    8135. 

  8135.         "lsr	r6, r6, #16\n\t"
    8136. 

  8136.         "mul	r6, r7\n\t"
    8137. 

  8137.         "lsr	r7, r6, #15\n\t"
    8138. 

  8138.         "lsl	r6, r6, #17\n\t"
    8139. 

  8139.         "add	r3, r6\n\t"
    8140. 

  8140.         "adc	r4, r7\n\t"
    8141. 

  8141.         "adc	r5, %[r]\n\t"
    8142. 

  8142.         "# Square: Done\n\t"
    8143. 

  8143.         "\n5:\n\t"
    8144. 

  8144.         "add	%[a], #4\n\t"
    8145. 

  8145.         "sub	r2, #4\n\t"
    8146. 

  8146.         "mov	r6, #192\n\t"
    8147. 

  8147.         "add	r6, r9\n\t"
    8148. 

  8148.         "cmp	%[a], r6\n\t"
    8149. 

  8149.         "beq	3f\n\t"
    8150. 

  8150.         "cmp	%[a], r2\n\t"
    8151. 

  8151.         "bgt	3f\n\t"
    8152. 

  8152.         "mov	r7, r8\n\t"
    8153. 

  8153.         "add	r7, r9\n\t"
    8154. 

  8154.         "cmp	%[a], r7\n\t"
    8155. 

  8155.         "ble	2b\n\t"
    8156. 

  8156.         "\n3:\n\t"
    8157. 

  8157.         "mov	%[r], r10\n\t"
    8158. 

  8158.         "mov	r7, r8\n\t"
    8159. 

  8159.         "str	r3, [%[r], r7]\n\t"
    8160. 

  8160.         "mov	r3, r4\n\t"
    8161. 

  8161.         "mov	r4, r5\n\t"
    8162. 

  8162.         "mov	r5, #0\n\t"
    8163. 

  8163.         "add	r7, #4\n\t"
    8164. 

  8164.         "mov	r8, r7\n\t"
    8165. 

  8165.         "mov	r6, #1\n\t"
    8166. 

  8166.         "lsl	r6, r6, #8\n\t"
    8167. 

  8167.         "add	r6, #120\n\t"
    8168. 

  8168.         "cmp	r7, r6\n\t"
    8169. 

  8169.         "ble	1b\n\t"
    8170. 

  8170.         "mov	%[a], r9\n\t"
    8171. 

  8171.         "str	r3, [%[r], r7]\n\t"
    8172. 

  8172.         "mov	%[r], r11\n\t"
    8173. 

  8173.         "mov	%[a], r10\n\t"
    8174. 

  8174.         "mov	r3, #1\n\t"
    8175. 

  8175.         "lsl	r3, r3, #8\n\t"
    8176. 

  8176.         "add	r3, #124\n\t"
    8177. 

  8177.         "\n4:\n\t"
    8178. 

  8178.         "ldr	r6, [%[a], r3]\n\t"
    8179. 

  8179.         "str	r6, [%[r], r3]\n\t"
    8180. 

  8180.         "sub	r3, #4\n\t"
    8181. 

  8181.         "bge	4b\n\t"
    8182. 

  8182.         "mov	r6, #1\n\t"
    8183. 

  8183.         "lsl	r6, r6, #8\n\t"
    8184. 

  8184.         "add	r6, #128\n\t"
    8185. 

  8185.         "add	sp, r6\n\t"
    8186. 

  8186.         :
    8187. 

  8187.         : [r] "r" (r), [a] "r" (a)
    8188. 

  8188.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    8189. 

  8189.     );
    8190. 

  8190. }
    8191. 

  8191. 

  8192. #endif /* WOLFSSL_SP_SMALL */
    8193. 

  8193. #endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */
    8194. 

  8194. 

  8195. /* Caclulate the bottom digit of -1/a mod 2^n.
    8196. 

  8196.  *
    8197. 

  8197.  * a    A single precision number.
    8198. 

  8198.  * rho  Bottom word of inverse.
    8199. 

  8199.  */
    8200. 

  8200. static void sp_3072_mont_setup(const sp_digit* a, sp_digit* rho)
    8201. 

  8201. {
    8202. 

  8202.     sp_digit x, b;
    8203. 

  8203. 

  8204.     b = a[0];
    8205. 

  8205.     x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
    8206. 

  8206.     x *= 2 - b * x;               /* here x*a==1 mod 2**8 */
    8207. 

  8207.     x *= 2 - b * x;               /* here x*a==1 mod 2**16 */
    8208. 

  8208.     x *= 2 - b * x;               /* here x*a==1 mod 2**32 */
    8209. 

  8209. 

  8210.     /* rho = -1/m mod b */
    8211. 

  8211.     *rho = -x;
    8212. 

  8212. }
    8213. 

  8213. 

  8214. /* Mul a by digit b into r. (r = a * b)
    8215. 

  8215.  *
    8216. 

  8216.  * r  A single precision integer.
    8217. 

  8217.  * a  A single precision integer.
    8218. 

  8218.  * b  A single precision digit.
    8219. 

  8219.  */
    8220. 

  8220. SP_NOINLINE static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a,
    8221. 

  8221.         sp_digit b)
    8222. 

  8222. {
    8223. 

  8223.     __asm__ __volatile__ (
    8224. 

  8224.         "mov	r6, #1\n\t"
    8225. 

  8225.         "lsl	r6, r6, #8\n\t"
    8226. 

  8226.         "add	r6, #128\n\t"
    8227. 

  8227.         "add	r6, %[a]\n\t"
    8228. 

  8228.         "mov	r8, %[r]\n\t"
    8229. 

  8229.         "mov	r9, r6\n\t"
    8230. 

  8230.         "mov	r3, #0\n\t"
    8231. 

  8231.         "mov	r4, #0\n\t"
    8232. 

  8232.         "1:\n\t"
    8233. 

  8233.         "mov	%[r], #0\n\t"
    8234. 

  8234.         "mov	r5, #0\n\t"
    8235. 

  8235.         "# A[] * B\n\t"
    8236. 

  8236.         "ldr	r6, [%[a]]\n\t"
    8237. 

  8237.         "lsl	r6, r6, #16\n\t"
    8238. 

  8238.         "lsl	r7, %[b], #16\n\t"
    8239. 

  8239.         "lsr	r6, r6, #16\n\t"
    8240. 

  8240.         "lsr	r7, r7, #16\n\t"
    8241. 

  8241.         "mul	r7, r6\n\t"
    8242. 

  8242.         "add	r3, r7\n\t"
    8243. 

  8243.         "adc	r4, %[r]\n\t"
    8244. 

  8244.         "adc	r5, %[r]\n\t"
    8245. 

  8245.         "lsr	r7, %[b], #16\n\t"
    8246. 

  8246.         "mul	r6, r7\n\t"
    8247. 

  8247.         "lsr	r7, r6, #16\n\t"
    8248. 

  8248.         "lsl	r6, r6, #16\n\t"
    8249. 

  8249.         "add	r3, r6\n\t"
    8250. 

  8250.         "adc	r4, r7\n\t"
    8251. 

  8251.         "adc	r5, %[r]\n\t"
    8252. 

  8252.         "ldr	r6, [%[a]]\n\t"
    8253. 

  8253.         "lsr	r6, r6, #16\n\t"
    8254. 

  8254.         "lsr	r7, %[b], #16\n\t"
    8255. 

  8255.         "mul	r7, r6\n\t"
    8256. 

  8256.         "add	r4, r7\n\t"
    8257. 

  8257.         "adc	r5, %[r]\n\t"
    8258. 

  8258.         "lsl	r7, %[b], #16\n\t"
    8259. 

  8259.         "lsr	r7, r7, #16\n\t"
    8260. 

  8260.         "mul	r6, r7\n\t"
    8261. 

  8261.         "lsr	r7, r6, #16\n\t"
    8262. 

  8262.         "lsl	r6, r6, #16\n\t"
    8263. 

  8263.         "add	r3, r6\n\t"
    8264. 

  8264.         "adc	r4, r7\n\t"
    8265. 

  8265.         "adc	r5, %[r]\n\t"
    8266. 

  8266.         "# A[] * B - Done\n\t"
    8267. 

  8267.         "mov	%[r], r8\n\t"
    8268. 

  8268.         "str	r3, [%[r]]\n\t"
    8269. 

  8269.         "mov	r3, r4\n\t"
    8270. 

  8270.         "mov	r4, r5\n\t"
    8271. 

  8271.         "add	%[r], #4\n\t"
    8272. 

  8272.         "add	%[a], #4\n\t"
    8273. 

  8273.         "mov	r8, %[r]\n\t"
    8274. 

  8274.         "cmp	%[a], r9\n\t"
    8275. 

  8275.         "blt	1b\n\t"
    8276. 

  8276.         "str	r3, [%[r]]\n\t"
    8277. 

  8277.         : [r] "+r" (r), [a] "+r" (a)
    8278. 

  8278.         : [b] "r" (b)
    8279. 

  8279.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
    8280. 

  8280.     );
    8281. 

  8281. }
    8282. 

  8282. 

  8283. #if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
    8284. 

  8284. /* r = 2^n mod m where n is the number of bits to reduce by.
    8285. 

  8285.  * Given m must be 3072 bits, just need to subtract.
    8286. 

  8286.  *
    8287. 

  8287.  * r  A single precision number.
    8288. 

  8288.  * m  A single precision number.
    8289. 

  8289.  */
    8290. 

  8290. static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m)
    8291. 

  8291. {
    8292. 

  8292.     XMEMSET(r, 0, sizeof(sp_digit) * 48);
    8293. 

  8293. 

  8294.     /* r = 2^n mod m */
    8295. 

  8295.     sp_3072_sub_in_place_48(r, m);
    8296. 

  8296. }
    8297. 

  8297. 

  8298. /* Conditionally subtract b from a using the mask m.
    8299. 

  8299.  * m is -1 to subtract and 0 when not copying.
    8300. 

  8300.  *
    8301. 

  8301.  * r  A single precision number representing condition subtract result.
    8302. 

  8302.  * a  A single precision number to subtract from.
    8303. 

  8303.  * b  A single precision number to subtract.
    8304. 

  8304.  * m  Mask value to apply.
    8305. 

  8305.  */
    8306. 

  8306. SP_NOINLINE static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a,
    8307. 

  8307.         const sp_digit* b, sp_digit m)
    8308. 

  8308. {
    8309. 

  8309.     sp_digit c = 0;
    8310. 

  8310. 

  8311.     __asm__ __volatile__ (
    8312. 

  8312.         "mov	r5, #192\n\t"
    8313. 

  8313.         "mov	r8, r5\n\t"
    8314. 

  8314.         "mov	r7, #0\n\t"
    8315. 

  8315.         "1:\n\t"
    8316. 

  8316.         "ldr	r6, [%[b], r7]\n\t"
    8317. 

  8317.         "and	r6, %[m]\n\t"
    8318. 

  8318.         "mov	r5, #0\n\t"
    8319. 

  8319.         "sub	r5, %[c]\n\t"
    8320. 

  8320.         "ldr	r5, [%[a], r7]\n\t"
    8321. 

  8321.         "sbc	r5, r6\n\t"
    8322. 

  8322.         "sbc	%[c], %[c]\n\t"
    8323. 

  8323.         "str	r5, [%[r], r7]\n\t"
    8324. 

  8324.         "add	r7, #4\n\t"
    8325. 

  8325.         "cmp	r7, r8\n\t"
    8326. 

  8326.         "blt	1b\n\t"
    8327. 

  8327.         : [c] "+r" (c)
    8328. 

  8328.         : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
    8329. 

  8329.         : "memory", "r5", "r6", "r7", "r8"
    8330. 

  8330.     );
    8331. 

  8331. 

  8332.     return c;
    8333. 

  8333. }
    8334. 

  8334. 

  8335. /* Reduce the number back to 3072 bits using Montgomery reduction.
    8336. 

  8336.  *
    8337. 

  8337.  * a   A single precision number to reduce in place.
    8338. 

  8338.  * m   The single precision number representing the modulus.
    8339. 

  8339.  * mp  The digit representing the negative inverse of m mod 2^n.
    8340. 

  8340.  */
    8341. 

  8341. SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m,
    8342. 

  8342.         sp_digit mp)
    8343. 

  8343. {
    8344. 

  8344.     sp_digit ca = 0;
    8345. 

  8345. 

  8346.     __asm__ __volatile__ (
    8347. 

  8347.         "mov	r8, %[mp]\n\t"
    8348. 

  8348.         "mov	r12, %[ca]\n\t"
    8349. 

  8349.         "mov	r14, %[m]\n\t"
    8350. 

  8350.         "mov	r9, %[a]\n\t"
    8351. 

  8351.         "mov	r4, #0\n\t"
    8352. 

  8352.         "# i = 0\n\t"
    8353. 

  8353.         "mov	r11, r4\n\t"
    8354. 

  8354.         "\n1:\n\t"
    8355. 

  8355.         "mov	r5, #0\n\t"
    8356. 

  8356.         "mov	%[ca], #0\n\t"
    8357. 

  8357.         "# mu = a[i] * mp\n\t"
    8358. 

  8358.         "mov	%[mp], r8\n\t"
    8359. 

  8359.         "ldr	%[a], [%[a]]\n\t"
    8360. 

  8360.         "mul	%[mp], %[a]\n\t"
    8361. 

  8361.         "mov	%[m], r14\n\t"
    8362. 

  8362.         "mov	r10, r9\n\t"
    8363. 

  8363.         "\n2:\n\t"
    8364. 

  8364.         "# a[i+j] += m[j] * mu\n\t"
    8365. 

  8365.         "mov	%[a], r10\n\t"
    8366. 

  8366.         "ldr	%[a], [%[a]]\n\t"
    8367. 

  8367.         "mov	%[ca], #0\n\t"
    8368. 

  8368.         "mov	r4, r5\n\t"
    8369. 

  8369.         "mov	r5, #0\n\t"
    8370. 

  8370.         "# Multiply m[j] and mu - Start\n\t"
    8371. 

  8371.         "ldr	r7, [%[m]]\n\t"
    8372. 

  8372.         "lsl	r6, %[mp], #16\n\t"
    8373. 

  8373.         "lsl	r7, r7, #16\n\t"
    8374. 

  8374.         "lsr	r6, r6, #16\n\t"
    8375. 

  8375.         "lsr	r7, r7, #16\n\t"
    8376. 

  8376.         "mul	r7, r6\n\t"
    8377. 

  8377.         "add	%[a], r7\n\t"
    8378. 

  8378.         "adc	r5, %[ca]\n\t"
    8379. 

  8379.         "ldr	r7, [%[m]]\n\t"
    8380. 

  8380.         "lsr	r7, r7, #16\n\t"
    8381. 

  8381.         "mul	r6, r7\n\t"
    8382. 

  8382.         "lsr	r7, r6, #16\n\t"
    8383. 

  8383.         "lsl	r6, r6, #16\n\t"
    8384. 

  8384.         "add	%[a], r6\n\t"
    8385. 

  8385.         "adc	r5, r7\n\t"
    8386. 

  8386.         "ldr	r7, [%[m]]\n\t"
    8387. 

  8387.         "lsr	r6, %[mp], #16\n\t"
    8388. 

  8388.         "lsr	r7, r7, #16\n\t"
    8389. 

  8389.         "mul	r7, r6\n\t"
    8390. 

  8390.         "add	r5, r7\n\t"
    8391. 

  8391.         "ldr	r7, [%[m]]\n\t"
    8392. 

  8392.         "lsl	r7, r7, #16\n\t"
    8393. 

  8393.         "lsr	r7, r7, #16\n\t"
    8394. 

  8394.         "mul	r6, r7\n\t"
    8395. 

  8395.         "lsr	r7, r6, #16\n\t"
    8396. 

  8396.         "lsl	r6, r6, #16\n\t"
    8397. 

  8397.         "add	%[a], r6\n\t"
    8398. 

  8398.         "adc	r5, r7\n\t"
    8399. 

  8399.         "# Multiply m[j] and mu - Done\n\t"
    8400. 

  8400.         "add	r4, %[a]\n\t"
    8401. 

  8401.         "adc	r5, %[ca]\n\t"
    8402. 

  8402.         "mov	%[a], r10\n\t"
    8403. 

  8403.         "str	r4, [%[a]]\n\t"
    8404. 

  8404.         "mov	r6, #4\n\t"
    8405. 

  8405.         "add	%[m], #4\n\t"
    8406. 

  8406.         "add	r10, r6\n\t"
    8407. 

  8407.         "mov	r4, #188\n\t"
    8408. 

  8408.         "add	r4, r9\n\t"
    8409. 

  8409.         "cmp	r10, r4\n\t"
    8410. 

  8410.         "blt	2b\n\t"
    8411. 

  8411.         "# a[i+47] += m[47] * mu\n\t"
    8412. 

  8412.         "mov	%[ca], #0\n\t"
    8413. 

  8413.         "mov	r4, r12\n\t"
    8414. 

  8414.         "mov	%[a], #0\n\t"
    8415. 

  8415.         "# Multiply m[47] and mu - Start\n\t"
    8416. 

  8416.         "ldr	r7, [%[m]]\n\t"
    8417. 

  8417.         "lsl	r6, %[mp], #16\n\t"
    8418. 

  8418.         "lsl	r7, r7, #16\n\t"
    8419. 

  8419.         "lsr	r6, r6, #16\n\t"
    8420. 

  8420.         "lsr	r7, r7, #16\n\t"
    8421. 

  8421.         "mul	r7, r6\n\t"
    8422. 

  8422.         "add	r5, r7\n\t"
    8423. 

  8423.         "adc	r4, %[ca]\n\t"
    8424. 

  8424.         "adc	%[a], %[ca]\n\t"
    8425. 

  8425.         "ldr	r7, [%[m]]\n\t"
    8426. 

  8426.         "lsr	r7, r7, #16\n\t"
    8427. 

  8427.         "mul	r6, r7\n\t"
    8428. 

  8428.         "lsr	r7, r6, #16\n\t"
    8429. 

  8429.         "lsl	r6, r6, #16\n\t"
    8430. 

  8430.         "add	r5, r6\n\t"
    8431. 

  8431.         "adc	r4, r7\n\t"
    8432. 

  8432.         "adc	%[a], %[ca]\n\t"
    8433. 

  8433.         "ldr	r7, [%[m]]\n\t"
    8434. 

  8434.         "lsr	r6, %[mp], #16\n\t"
    8435. 

  8435.         "lsr	r7, r7, #16\n\t"
    8436. 

  8436.         "mul	r7, r6\n\t"
    8437. 

  8437.         "add	r4, r7\n\t"
    8438. 

  8438.         "adc	%[a], %[ca]\n\t"
    8439. 

  8439.         "ldr	r7, [%[m]]\n\t"
    8440. 

  8440.         "lsl	r7, r7, #16\n\t"
    8441. 

  8441.         "lsr	r7, r7, #16\n\t"
    8442. 

  8442.         "mul	r6, r7\n\t"
    8443. 

  8443.         "lsr	r7, r6, #16\n\t"
    8444. 

  8444.         "lsl	r6, r6, #16\n\t"
    8445. 

  8445.         "add	r5, r6\n\t"
    8446. 

  8446.         "adc	r4, r7\n\t"
    8447. 

  8447.         "adc	%[a], %[ca]\n\t"
    8448. 

  8448.         "# Multiply m[47] and mu - Done\n\t"
    8449. 

  8449.         "mov	%[ca], %[a]\n\t"
    8450. 

  8450.         "mov	%[a], r10\n\t"
    8451. 

  8451.         "ldr	r7, [%[a], #4]\n\t"
    8452. 

  8452.         "ldr	%[a], [%[a]]\n\t"
    8453. 

  8453.         "mov	r6, #0\n\t"
    8454. 

  8454.         "add	r5, %[a]\n\t"
    8455. 

  8455.         "adc	r7, r4\n\t"
    8456. 

  8456.         "adc	%[ca], r6\n\t"
    8457. 

  8457.         "mov	%[a], r10\n\t"
    8458. 

  8458.         "str	r5, [%[a]]\n\t"
    8459. 

  8459.         "str	r7, [%[a], #4]\n\t"
    8460. 

  8460.         "# i += 1\n\t"
    8461. 

  8461.         "mov	r6, #4\n\t"
    8462. 

  8462.         "add	r9, r6\n\t"
    8463. 

  8463.         "add	r11, r6\n\t"
    8464. 

  8464.         "mov	r12, %[ca]\n\t"
    8465. 

  8465.         "mov	%[a], r9\n\t"
    8466. 

  8466.         "mov	r4, #192\n\t"
    8467. 

  8467.         "cmp	r11, r4\n\t"
    8468. 

  8468.         "blt	1b\n\t"
    8469. 

  8469.         "mov	%[m], r14\n\t"
    8470. 

  8470.         : [ca] "+r" (ca), [a] "+r" (a)
    8471. 

  8471.         : [m] "r" (m), [mp] "r" (mp)
    8472. 

  8472.         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    8473. 

  8473.     );
    8474. 

  8474. 

  8475.     sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - ca);
    8476. 

  8476. }
    8477. 

  8477. 

  8478. /* Multiply two Montogmery form numbers mod the modulus (prime).
    8479. 

  8479.  * (r = a * b mod m)
    8480. 

  8480.  *
    8481. 

  8481.  * r   Result of multiplication.
    8482. 

  8482.  * a   First number to multiply in Montogmery form.
    8483. 

  8483.  * b   Second number to multiply in Montogmery form.
    8484. 

  8484.  * m   Modulus (prime).
    8485. 

  8485.  * mp  Montogmery mulitplier.
    8486. 

  8486.  */
    8487. 

  8487. static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b,
    8488. 

  8488.         const sp_digit* m, sp_digit mp)
    8489. 

  8489. {
    8490. 

  8490.     sp_3072_mul_48(r, a, b);
    8491. 

  8491.     sp_3072_mont_reduce_48(r, m, mp);
    8492. 

  8492. }
    8493. 

  8493. 

  8494. /* Square the Montgomery form number. (r = a * a mod m)
    8495. 

  8495.  *
    8496. 

  8496.  * r   Result of squaring.
    8497. 

  8497.  * a   Number to square in Montogmery form.
    8498. 

  8498.  * m   Modulus (prime).
    8499. 

  8499.  * mp  Montogmery mulitplier.
    8500. 

  8500.  */
    8501. 

  8501. static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, const sp_digit* m,
    8502. 

  8502.         sp_digit mp)
    8503. 

  8503. {
    8504. 

  8504.     sp_3072_sqr_48(r, a);
    8505. 

  8505.     sp_3072_mont_reduce_48(r, m, mp);
    8506. 

  8506. }
    8507. 

  8507. 

  8508. /* Mul a by digit b into r. (r = a * b)
    8509. 

  8509.  *
    8510. 

  8510.  * r  A single precision integer.
    8511. 

  8511.  * a  A single precision integer.
    8512. 

  8512.  * b  A single precision digit.
    8513. 

  8513.  */
    8514. 

  8514. SP_NOINLINE static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a,
    8515. 

  8515.         sp_digit b)
    8516. 

  8516. {
    8517. 

  8517.     __asm__ __volatile__ (
    8518. 

  8518.         "mov	r6, #192\n\t"
    8519. 

  8519.         "add	r6, %[a]\n\t"
    8520. 

  8520.         "mov	r8, %[r]\n\t"
    8521. 

  8521.         "mov	r9, r6\n\t"
    8522. 

  8522.         "mov	r3, #0\n\t"
    8523. 

  8523.         "mov	r4, #0\n\t"
    8524. 

  8524.         "1:\n\t"
    8525. 

  8525.         "mov	%[r], #0\n\t"
    8526. 

  8526.         "mov	r5, #0\n\t"
    8527. 

  8527.         "# A[] * B\n\t"
    8528. 

  8528.         "ldr	r6, [%[a]]\n\t"
    8529. 

  8529.         "lsl	r6, r6, #16\n\t"
    8530. 

  8530.         "lsl	r7, %[b], #16\n\t"
    8531. 

  8531.         "lsr	r6, r6, #16\n\t"
    8532. 

  8532.         "lsr	r7, r7, #16\n\t"
    8533. 

  8533.         "mul	r7, r6\n\t"
    8534. 

  8534.         "add	r3, r7\n\t"
    8535. 

  8535.         "adc	r4, %[r]\n\t"
    8536. 

  8536.         "adc	r5, %[r]\n\t"
    8537. 

  8537.         "lsr	r7, %[b], #16\n\t"
    8538. 

  8538.         "mul	r6, r7\n\t"
    8539. 

  8539.         "lsr	r7, r6, #16\n\t"
    8540. 

  8540.         "lsl	r6, r6, #16\n\t"
    8541. 

  8541.         "add	r3, r6\n\t"
    8542. 

  8542.         "adc	r4, r7\n\t"
    8543. 

  8543.         "adc	r5, %[r]\n\t"
    8544. 

  8544.         "ldr	r6, [%[a]]\n\t"
    8545. 

  8545.         "lsr	r6, r6, #16\n\t"
    8546. 

  8546.         "lsr	r7, %[b], #16\n\t"
    8547. 

  8547.         "mul	r7, r6\n\t"
    8548. 

  8548.         "add	r4, r7\n\t"
    8549. 

  8549.         "adc	r5, %[r]\n\t"
    8550. 

  8550.         "lsl	r7, %[b], #16\n\t"
    8551. 

  8551.         "lsr	r7, r7, #16\n\t"
    8552. 

  8552.         "mul	r6, r7\n\t"
    8553. 

  8553.         "lsr	r7, r6, #16\n\t"
    8554. 

  8554.         "lsl	r6, r6, #16\n\t"
    8555. 

  8555.         "add	r3, r6\n\t"
    8556. 

  8556.         "adc	r4, r7\n\t"
    8557. 

  8557.         "adc	r5, %[r]\n\t"
    8558. 

  8558.         "# A[] * B - Done\n\t"
    8559. 

  8559.         "mov	%[r], r8\n\t"
    8560. 

  8560.         "str	r3, [%[r]]\n\t"
    8561. 

  8561.         "mov	r3, r4\n\t"
    8562. 

  8562.         "mov	r4, r5\n\t"
    8563. 

  8563.         "add	%[r], #4\n\t"
    8564. 

  8564.         "add	%[a], #4\n\t"
    8565. 

  8565.         "mov	r8, %[r]\n\t"
    8566. 

  8566.         "cmp	%[a], r9\n\t"
    8567. 

  8567.         "blt	1b\n\t"
    8568. 

  8568.         "str	r3, [%[r]]\n\t"
    8569. 

  8569.         : [r] "+r" (r), [a] "+r" (a)
    8570. 

  8570.         : [b] "r" (b)
    8571. 

  8571.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
    8572. 

  8572.     );
    8573. 

  8573. }
    8574. 

  8574. 

  8575. /* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
    8576. 

  8576.  *
    8577. 

  8577.  * d1   The high order half of the number to divide.
    8578. 

  8578.  * d0   The low order half of the number to divide.
    8579. 

  8579.  * div  The dividend.
    8580. 

  8580.  * returns the result of the division.
    8581. 

  8581.  *
    8582. 

  8582.  * Note that this is an approximate div. It may give an answer 1 larger.
    8583. 

  8583.  */
    8584. 

  8584. SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
    8585. 

  8585.         sp_digit div)
    8586. 

  8586. {
    8587. 

  8587.     sp_digit r = 0;
    8588. 

  8588. 

  8589.     __asm__ __volatile__ (
    8590. 

  8590.         "lsr	r5, %[div], #1\n\t"
    8591. 

  8591.         "add	r5, #1\n\t"
    8592. 

  8592.         "mov	r8, %[d0]\n\t"
    8593. 

  8593.         "mov	r9, %[d1]\n\t"
    8594. 

  8594.         "# Do top 32\n\t"
    8595. 

  8595.         "mov	r6, r5\n\t"
    8596. 

  8596.         "sub	r6, %[d1]\n\t"
    8597. 

  8597.         "sbc	r6, r6\n\t"
    8598. 

  8598.         "add	%[r], %[r]\n\t"
    8599. 

  8599.         "sub	%[r], r6\n\t"
    8600. 

  8600.         "and	r6, r5\n\t"
    8601. 

  8601.         "sub	%[d1], r6\n\t"
    8602. 

  8602.         "# Next 30 bits\n\t"
    8603. 

  8603.         "mov	r4, #29\n\t"
    8604. 

  8604.         "1:\n\t"
    8605. 

  8605.         "lsl	%[d0], %[d0], #1\n\t"
    8606. 

  8606.         "adc	%[d1], %[d1]\n\t"
    8607. 

  8607.         "mov	r6, r5\n\t"
    8608. 

  8608.         "sub	r6, %[d1]\n\t"
    8609. 

  8609.         "sbc	r6, r6\n\t"
    8610. 

  8610.         "add	%[r], %[r]\n\t"
    8611. 

  8611.         "sub	%[r], r6\n\t"
    8612. 

  8612.         "and	r6, r5\n\t"
    8613. 

  8613.         "sub	%[d1], r6\n\t"
    8614. 

  8614.         "sub	r4, #1\n\t"
    8615. 

  8615.         "bpl	1b\n\t"
    8616. 

  8616.         "mov	r7, #0\n\t"
    8617. 

  8617.         "add	%[r], %[r]\n\t"
    8618. 

  8618.         "add	%[r], #1\n\t"
    8619. 

  8619.         "# r * div - Start\n\t"
    8620. 

  8620.         "lsl	%[d1], %[r], #16\n\t"
    8621. 

  8621.         "lsl	r4, %[div], #16\n\t"
    8622. 

  8622.         "lsr	%[d1], %[d1], #16\n\t"
    8623. 

  8623.         "lsr	r4, r4, #16\n\t"
    8624. 

  8624.         "mul	r4, %[d1]\n\t"
    8625. 

  8625.         "lsr	r6, %[div], #16\n\t"
    8626. 

  8626.         "mul	%[d1], r6\n\t"
    8627. 

  8627.         "lsr	r5, %[d1], #16\n\t"
    8628. 

  8628.         "lsl	%[d1], %[d1], #16\n\t"
    8629. 

  8629.         "add	r4, %[d1]\n\t"
    8630. 

  8630.         "adc	r5, r7\n\t"
    8631. 

  8631.         "lsr	%[d1], %[r], #16\n\t"
    8632. 

  8632.         "mul	r6, %[d1]\n\t"
    8633. 

  8633.         "add	r5, r6\n\t"
    8634. 

  8634.         "lsl	r6, %[div], #16\n\t"
    8635. 

  8635.         "lsr	r6, r6, #16\n\t"
    8636. 

  8636.         "mul	%[d1], r6\n\t"
    8637. 

  8637.         "lsr	r6, %[d1], #16\n\t"
    8638. 

  8638.         "lsl	%[d1], %[d1], #16\n\t"
    8639. 

  8639.         "add	r4, %[d1]\n\t"
    8640. 

  8640.         "adc	r5, r6\n\t"
    8641. 

  8641.         "# r * div - Done\n\t"
    8642. 

  8642.         "mov	%[d1], r8\n\t"
    8643. 

  8643.         "sub	%[d1], r4\n\t"
    8644. 

  8644.         "mov	r4, %[d1]\n\t"
    8645. 

  8645.         "mov	%[d1], r9\n\t"
    8646. 

  8646.         "sbc	%[d1], r5\n\t"
    8647. 

  8647.         "mov	r5, %[d1]\n\t"
    8648. 

  8648.         "add	%[r], r5\n\t"
    8649. 

  8649.         "# r * div - Start\n\t"
    8650. 

  8650.         "lsl	%[d1], %[r], #16\n\t"
    8651. 

  8651.         "lsl	r4, %[div], #16\n\t"
    8652. 

  8652.         "lsr	%[d1], %[d1], #16\n\t"
    8653. 

  8653.         "lsr	r4, r4, #16\n\t"
    8654. 

  8654.         "mul	r4, %[d1]\n\t"
    8655. 

  8655.         "lsr	r6, %[div], #16\n\t"
    8656. 

  8656.         "mul	%[d1], r6\n\t"
    8657. 

  8657.         "lsr	r5, %[d1], #16\n\t"
    8658. 

  8658.         "lsl	%[d1], %[d1], #16\n\t"
    8659. 

  8659.         "add	r4, %[d1]\n\t"
    8660. 

  8660.         "adc	r5, r7\n\t"
    8661. 

  8661.         "lsr	%[d1], %[r], #16\n\t"
    8662. 

  8662.         "mul	r6, %[d1]\n\t"
    8663. 

  8663.         "add	r5, r6\n\t"
    8664. 

  8664.         "lsl	r6, %[div], #16\n\t"
    8665. 

  8665.         "lsr	r6, r6, #16\n\t"
    8666. 

  8666.         "mul	%[d1], r6\n\t"
    8667. 

  8667.         "lsr	r6, %[d1], #16\n\t"
    8668. 

  8668.         "lsl	%[d1], %[d1], #16\n\t"
    8669. 

  8669.         "add	r4, %[d1]\n\t"
    8670. 

  8670.         "adc	r5, r6\n\t"
    8671. 

  8671.         "# r * div - Done\n\t"
    8672. 

  8672.         "mov	%[d1], r8\n\t"
    8673. 

  8673.         "mov	r6, r9\n\t"
    8674. 

  8674.         "sub	r4, %[d1], r4\n\t"
    8675. 

  8675.         "sbc	r6, r5\n\t"
    8676. 

  8676.         "mov	r5, r6\n\t"
    8677. 

  8677.         "add	%[r], r5\n\t"
    8678. 

  8678.         "# r * div - Start\n\t"
    8679. 

  8679.         "lsl	%[d1], %[r], #16\n\t"
    8680. 

  8680.         "lsl	r4, %[div], #16\n\t"
    8681. 

  8681.         "lsr	%[d1], %[d1], #16\n\t"
    8682. 

  8682.         "lsr	r4, r4, #16\n\t"
    8683. 

  8683.         "mul	r4, %[d1]\n\t"
    8684. 

  8684.         "lsr	r6, %[div], #16\n\t"
    8685. 

  8685.         "mul	%[d1], r6\n\t"
    8686. 

  8686.         "lsr	r5, %[d1], #16\n\t"
    8687. 

  8687.         "lsl	%[d1], %[d1], #16\n\t"
    8688. 

  8688.         "add	r4, %[d1]\n\t"
    8689. 

  8689.         "adc	r5, r7\n\t"
    8690. 

  8690.         "lsr	%[d1], %[r], #16\n\t"
    8691. 

  8691.         "mul	r6, %[d1]\n\t"
    8692. 

  8692.         "add	r5, r6\n\t"
    8693. 

  8693.         "lsl	r6, %[div], #16\n\t"
    8694. 

  8694.         "lsr	r6, r6, #16\n\t"
    8695. 

  8695.         "mul	%[d1], r6\n\t"
    8696. 

  8696.         "lsr	r6, %[d1], #16\n\t"
    8697. 

  8697.         "lsl	%[d1], %[d1], #16\n\t"
    8698. 

  8698.         "add	r4, %[d1]\n\t"
    8699. 

  8699.         "adc	r5, r6\n\t"
    8700. 

  8700.         "# r * div - Done\n\t"
    8701. 

  8701.         "mov	%[d1], r8\n\t"
    8702. 

  8702.         "mov	r6, r9\n\t"
    8703. 

  8703.         "sub	r4, %[d1], r4\n\t"
    8704. 

  8704.         "sbc	r6, r5\n\t"
    8705. 

  8705.         "mov	r5, r6\n\t"
    8706. 

  8706.         "add	%[r], r5\n\t"
    8707. 

  8707.         "mov	r6, %[div]\n\t"
    8708. 

  8708.         "sub	r6, r4\n\t"
    8709. 

  8709.         "sbc	r6, r6\n\t"
    8710. 

  8710.         "sub	%[r], r6\n\t"
    8711. 

  8711.         : [r] "+r" (r)
    8712. 

  8712.         : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div)
    8713. 

  8713.         : "r4", "r5", "r7", "r6", "r8", "r9"
    8714. 

  8714.     );
    8715. 

  8715.     return r;
    8716. 

  8716. }
    8717. 

  8717. 

  8718. /* Compare a with b in constant time.
    8719. 

  8719.  *
    8720. 

  8720.  * a  A single precision integer.
    8721. 

  8721.  * b  A single precision integer.
    8722. 

  8722.  * return -ve, 0 or +ve if a is less than, equal to or greater than b
    8723. 

  8723.  * respectively.
    8724. 

  8724.  */
    8725. 

  8725. SP_NOINLINE static int32_t sp_3072_cmp_48(const sp_digit* a, const sp_digit* b)
    8726. 

  8726. {
    8727. 

  8727.     sp_digit r = 0;
    8728. 

  8728. 

  8729. 

  8730.     __asm__ __volatile__ (
    8731. 

  8731.         "mov	r3, #0\n\t"
    8732. 

  8732.         "mvn	r3, r3\n\t"
    8733. 

  8733.         "mov	r6, #188\n\t"
    8734. 

  8734.         "1:\n\t"
    8735. 

  8735.         "ldr	r7, [%[a], r6]\n\t"
    8736. 

  8736.         "ldr	r5, [%[b], r6]\n\t"
    8737. 

  8737.         "and	r7, r3\n\t"
    8738. 

  8738.         "and	r5, r3\n\t"
    8739. 

  8739.         "mov	r4, r7\n\t"
    8740. 

  8740.         "sub	r7, r5\n\t"
    8741. 

  8741.         "sbc	r7, r7\n\t"
    8742. 

  8742.         "add	%[r], r7\n\t"
    8743. 

  8743.         "mvn	r7, r7\n\t"
    8744. 

  8744.         "and	r3, r7\n\t"
    8745. 

  8745.         "sub	r5, r4\n\t"
    8746. 

  8746.         "sbc	r7, r7\n\t"
    8747. 

  8747.         "sub	%[r], r7\n\t"
    8748. 

  8748.         "mvn	r7, r7\n\t"
    8749. 

  8749.         "and	r3, r7\n\t"
    8750. 

  8750.         "sub	r6, #4\n\t"
    8751. 

  8751.         "cmp	r6, #0\n\t"
    8752. 

  8752.         "bge	1b\n\t"
    8753. 

  8753.         : [r] "+r" (r)
    8754. 

  8754.         : [a] "r" (a), [b] "r" (b)
    8755. 

  8755.         : "r3", "r4", "r5", "r6", "r7"
    8756. 

  8756.     );
    8757. 

  8757. 

  8758.     return r;
    8759. 

  8759. }
    8760. 

  8760. 

  8761. /* Divide d in a and put remainder into r (m*d + r = a)
    8762. 

  8762.  * m is not calculated as it is not needed at this time.
    8763. 

  8763.  *
    8764. 

  8764.  * a  Nmber to be divided.
    8765. 

  8765.  * d  Number to divide with.
    8766. 

  8766.  * m  Multiplier result.
    8767. 

  8767.  * r  Remainder from the division.
    8768. 

  8768.  * returns MP_OKAY indicating success.
    8769. 

  8769.  */
    8770. 

  8770. static WC_INLINE int sp_3072_div_48(const sp_digit* a, const sp_digit* d, sp_digit* m,
    8771. 

  8771.         sp_digit* r)
    8772. 

  8772. {
    8773. 

  8773.     sp_digit t1[96], t2[49];
    8774. 

  8774.     sp_digit div, r1;
    8775. 

  8775.     int i;
    8776. 

  8776. 

  8777.     (void)m;
    8778. 

  8778. 

  8779.     div = d[47];
    8780. 

  8780.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 48);
    8781. 

  8781.     for (i=47; i>=0; i--) {
    8782. 

  8782.         r1 = div_3072_word_48(t1[48 + i], t1[48 + i - 1], div);
    8783. 

  8783. 

  8784.         sp_3072_mul_d_48(t2, d, r1);
    8785. 

  8785.         t1[48 + i] += sp_3072_sub_in_place_48(&t1[i], t2);
    8786. 

  8786.         t1[48 + i] -= t2[48];
    8787. 

  8787.         sp_3072_mask_48(t2, d, t1[48 + i]);
    8788. 

  8788.         t1[48 + i] += sp_3072_add_48(&t1[i], &t1[i], t2);
    8789. 

  8789.         sp_3072_mask_48(t2, d, t1[48 + i]);
    8790. 

  8790.         t1[48 + i] += sp_3072_add_48(&t1[i], &t1[i], t2);
    8791. 

  8791.     }
    8792. 

  8792. 

  8793.     r1 = sp_3072_cmp_48(t1, d) >= 0;
    8794. 

  8794.     sp_3072_cond_sub_48(r, t1, d, (sp_digit)0 - r1);
    8795. 

  8795. 

  8796.     return MP_OKAY;
    8797. 

  8797. }
    8798. 

  8798. 

  8799. /* Reduce a modulo m into r. (r = a mod m)
    8800. 

  8800.  *
    8801. 

  8801.  * r  A single precision number that is the reduced result.
    8802. 

  8802.  * a  A single precision number that is to be reduced.
    8803. 

  8803.  * m  A single precision number that is the modulus to reduce with.
    8804. 

  8804.  * returns MP_OKAY indicating success.
    8805. 

  8805.  */
    8806. 

  8806. static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, const sp_digit* m)
    8807. 

  8807. {
    8808. 

  8808.     return sp_3072_div_48(a, m, NULL, r);
    8809. 

  8809. }
    8810. 

  8810. 

  8811. #ifdef WOLFSSL_SP_SMALL
    8812. 

  8812. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    8813. 

  8813.  *
    8814. 

  8814.  * r     A single precision number that is the result of the operation.
    8815. 

  8815.  * a     A single precision number being exponentiated.
    8816. 

  8816.  * e     A single precision number that is the exponent.
    8817. 

  8817.  * bits  The number of bits in the exponent.
    8818. 

  8818.  * m     A single precision number that is the modulus.
    8819. 

  8819.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    8820. 

  8820.  */
    8821. 

  8821. static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
    8822. 

  8822.         int bits, const sp_digit* m, int reduceA)
    8823. 

  8823. {
    8824. 

  8824. #ifndef WOLFSSL_SMALL_STACK
    8825. 

  8825.     sp_digit t[16][96];
    8826. 

  8826. #else
    8827. 

  8827.     sp_digit* t[16];
    8828. 

  8828.     sp_digit* td;
    8829. 

  8829. #endif
    8830. 

  8830.     sp_digit* norm;
    8831. 

  8831.     sp_digit mp = 1;
    8832. 

  8832.     sp_digit n;
    8833. 

  8833.     sp_digit mask;
    8834. 

  8834.     int i;
    8835. 

  8835.     int c, y;
    8836. 

  8836.     int err = MP_OKAY;
    8837. 

  8837. 

  8838. #ifdef WOLFSSL_SMALL_STACK
    8839. 

  8839.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 96, NULL,
    8840. 

  8840.                             DYNAMIC_TYPE_TMP_BUFFER);
    8841. 

  8841.     if (td == NULL) {
    8842. 

  8842.         err = MEMORY_E;
    8843. 

  8843.     }
    8844. 

  8844. #endif
    8845. 

  8845. 

  8846.     if (err == MP_OKAY) {
    8847. 

  8847. #ifdef WOLFSSL_SMALL_STACK
    8848. 

  8848.         for (i=0; i<16; i++) {
    8849. 

  8849.             t[i] = td + i * 96;
    8850. 

  8850.         }
    8851. 

  8851. #endif
    8852. 

  8852.         norm = t[0];
    8853. 

  8853. 

  8854.         sp_3072_mont_setup(m, &mp);
    8855. 

  8855.         sp_3072_mont_norm_48(norm, m);
    8856. 

  8856. 

  8857.         XMEMSET(t[1], 0, sizeof(sp_digit) * 48U);
    8858. 

  8858.         if (reduceA != 0) {
    8859. 

  8859.             err = sp_3072_mod_48(t[1] + 48, a, m);
    8860. 

  8860.             if (err == MP_OKAY) {
    8861. 

  8861.                 err = sp_3072_mod_48(t[1], t[1], m);
    8862. 

  8862.             }
    8863. 

  8863.         }
    8864. 

  8864.         else {
    8865. 

  8865.             XMEMCPY(t[1] + 48, a, sizeof(sp_digit) * 48);
    8866. 

  8866.             err = sp_3072_mod_48(t[1], t[1], m);
    8867. 

  8867.         }
    8868. 

  8868.     }
    8869. 

  8869. 

  8870.     if (err == MP_OKAY) {
    8871. 

  8871.         sp_3072_mont_sqr_48(t[ 2], t[ 1], m, mp);
    8872. 

  8872.         sp_3072_mont_mul_48(t[ 3], t[ 2], t[ 1], m, mp);
    8873. 

  8873.         sp_3072_mont_sqr_48(t[ 4], t[ 2], m, mp);
    8874. 

  8874.         sp_3072_mont_mul_48(t[ 5], t[ 3], t[ 2], m, mp);
    8875. 

  8875.         sp_3072_mont_sqr_48(t[ 6], t[ 3], m, mp);
    8876. 

  8876.         sp_3072_mont_mul_48(t[ 7], t[ 4], t[ 3], m, mp);
    8877. 

  8877.         sp_3072_mont_sqr_48(t[ 8], t[ 4], m, mp);
    8878. 

  8878.         sp_3072_mont_mul_48(t[ 9], t[ 5], t[ 4], m, mp);
    8879. 

  8879.         sp_3072_mont_sqr_48(t[10], t[ 5], m, mp);
    8880. 

  8880.         sp_3072_mont_mul_48(t[11], t[ 6], t[ 5], m, mp);
    8881. 

  8881.         sp_3072_mont_sqr_48(t[12], t[ 6], m, mp);
    8882. 

  8882.         sp_3072_mont_mul_48(t[13], t[ 7], t[ 6], m, mp);
    8883. 

  8883.         sp_3072_mont_sqr_48(t[14], t[ 7], m, mp);
    8884. 

  8884.         sp_3072_mont_mul_48(t[15], t[ 8], t[ 7], m, mp);
    8885. 

  8885. 

  8886.         i = (bits - 1) / 32;
    8887. 

  8887.         n = e[i--];
    8888. 

  8888.         c = bits & 31;
    8889. 

  8889.         if (c == 0) {
    8890. 

  8890.             c = 32;
    8891. 

  8891.         }
    8892. 

  8892.         c -= bits % 4;
    8893. 

  8893.         if (c == 32) {
    8894. 

  8894.             c = 28;
    8895. 

  8895.         }
    8896. 

  8896.         y = (int)(n >> c);
    8897. 

  8897.         n <<= 32 - c;
    8898. 

  8898.         XMEMCPY(r, t[y], sizeof(sp_digit) * 48);
    8899. 

  8899.         for (; i>=0 || c>=4; ) {
    8900. 

  8900.             if (c == 0) {
    8901. 

  8901.                 n = e[i--];
    8902. 

  8902.                 y = n >> 28;
    8903. 

  8903.                 n <<= 4;
    8904. 

  8904.                 c = 28;
    8905. 

  8905.             }
    8906. 

  8906.             else if (c < 4) {
    8907. 

  8907.                 y = n >> 28;
    8908. 

  8908.                 n = e[i--];
    8909. 

  8909.                 c = 4 - c;
    8910. 

  8910.                 y |= n >> (32 - c);
    8911. 

  8911.                 n <<= c;
    8912. 

  8912.                 c = 32 - c;
    8913. 

  8913.             }
    8914. 

  8914.             else {
    8915. 

  8915.                 y = (n >> 28) & 0xf;
    8916. 

  8916.                 n <<= 4;
    8917. 

  8917.                 c -= 4;
    8918. 

  8918.             }
    8919. 

  8919. 

  8920.             sp_3072_mont_sqr_48(r, r, m, mp);
    8921. 

  8921.             sp_3072_mont_sqr_48(r, r, m, mp);
    8922. 

  8922.             sp_3072_mont_sqr_48(r, r, m, mp);
    8923. 

  8923.             sp_3072_mont_sqr_48(r, r, m, mp);
    8924. 

  8924. 

  8925.             sp_3072_mont_mul_48(r, r, t[y], m, mp);
    8926. 

  8926.         }
    8927. 

  8927. 

  8928.         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
    8929. 

  8929.         sp_3072_mont_reduce_48(r, m, mp);
    8930. 

  8930. 

  8931.         mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
    8932. 

  8932.         sp_3072_cond_sub_48(r, r, m, mask);
    8933. 

  8933.     }
    8934. 

  8934. 

  8935. #ifdef WOLFSSL_SMALL_STACK
    8936. 

  8936.     if (td != NULL) {
    8937. 

  8937.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    8938. 

  8938.     }
    8939. 

  8939. #endif
    8940. 

  8940. 

  8941.     return err;
    8942. 

  8942. }
    8943. 

  8943. #else
    8944. 

  8944. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    8945. 

  8945.  *
    8946. 

  8946.  * r     A single precision number that is the result of the operation.
    8947. 

  8947.  * a     A single precision number being exponentiated.
    8948. 

  8948.  * e     A single precision number that is the exponent.
    8949. 

  8949.  * bits  The number of bits in the exponent.
    8950. 

  8950.  * m     A single precision number that is the modulus.
    8951. 

  8951.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    8952. 

  8952.  */
    8953. 

  8953. static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
    8954. 

  8954.         int bits, const sp_digit* m, int reduceA)
    8955. 

  8955. {
    8956. 

  8956. #ifndef WOLFSSL_SMALL_STACK
    8957. 

  8957.     sp_digit t[32][96];
    8958. 

  8958. #else
    8959. 

  8959.     sp_digit* t[32];
    8960. 

  8960.     sp_digit* td;
    8961. 

  8961. #endif
    8962. 

  8962.     sp_digit* norm;
    8963. 

  8963.     sp_digit mp = 1;
    8964. 

  8964.     sp_digit n;
    8965. 

  8965.     sp_digit mask;
    8966. 

  8966.     int i;
    8967. 

  8967.     int c, y;
    8968. 

  8968.     int err = MP_OKAY;
    8969. 

  8969. 

  8970. #ifdef WOLFSSL_SMALL_STACK
    8971. 

  8971.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 96, NULL,
    8972. 

  8972.                             DYNAMIC_TYPE_TMP_BUFFER);
    8973. 

  8973.     if (td == NULL) {
    8974. 

  8974.         err = MEMORY_E;
    8975. 

  8975.     }
    8976. 

  8976. #endif
    8977. 

  8977. 

  8978.     if (err == MP_OKAY) {
    8979. 

  8979. #ifdef WOLFSSL_SMALL_STACK
    8980. 

  8980.         for (i=0; i<32; i++) {
    8981. 

  8981.             t[i] = td + i * 96;
    8982. 

  8982.         }
    8983. 

  8983. #endif
    8984. 

  8984.         norm = t[0];
    8985. 

  8985. 

  8986.         sp_3072_mont_setup(m, &mp);
    8987. 

  8987.         sp_3072_mont_norm_48(norm, m);
    8988. 

  8988. 

  8989.         XMEMSET(t[1], 0, sizeof(sp_digit) * 48U);
    8990. 

  8990.         if (reduceA != 0) {
    8991. 

  8991.             err = sp_3072_mod_48(t[1] + 48, a, m);
    8992. 

  8992.             if (err == MP_OKAY) {
    8993. 

  8993.                 err = sp_3072_mod_48(t[1], t[1], m);
    8994. 

  8994.             }
    8995. 

  8995.         }
    8996. 

  8996.         else {
    8997. 

  8997.             XMEMCPY(t[1] + 48, a, sizeof(sp_digit) * 48);
    8998. 

  8998.             err = sp_3072_mod_48(t[1], t[1], m);
    8999. 

  8999.         }
    9000. 

  9000.     }
    9001. 

  9001. 

  9002.     if (err == MP_OKAY) {
    9003. 

  9003.         sp_3072_mont_sqr_48(t[ 2], t[ 1], m, mp);
    9004. 

  9004.         sp_3072_mont_mul_48(t[ 3], t[ 2], t[ 1], m, mp);
    9005. 

  9005.         sp_3072_mont_sqr_48(t[ 4], t[ 2], m, mp);
    9006. 

  9006.         sp_3072_mont_mul_48(t[ 5], t[ 3], t[ 2], m, mp);
    9007. 

  9007.         sp_3072_mont_sqr_48(t[ 6], t[ 3], m, mp);
    9008. 

  9008.         sp_3072_mont_mul_48(t[ 7], t[ 4], t[ 3], m, mp);
    9009. 

  9009.         sp_3072_mont_sqr_48(t[ 8], t[ 4], m, mp);
    9010. 

  9010.         sp_3072_mont_mul_48(t[ 9], t[ 5], t[ 4], m, mp);
    9011. 

  9011.         sp_3072_mont_sqr_48(t[10], t[ 5], m, mp);
    9012. 

  9012.         sp_3072_mont_mul_48(t[11], t[ 6], t[ 5], m, mp);
    9013. 

  9013.         sp_3072_mont_sqr_48(t[12], t[ 6], m, mp);
    9014. 

  9014.         sp_3072_mont_mul_48(t[13], t[ 7], t[ 6], m, mp);
    9015. 

  9015.         sp_3072_mont_sqr_48(t[14], t[ 7], m, mp);
    9016. 

  9016.         sp_3072_mont_mul_48(t[15], t[ 8], t[ 7], m, mp);
    9017. 

  9017.         sp_3072_mont_sqr_48(t[16], t[ 8], m, mp);
    9018. 

  9018.         sp_3072_mont_mul_48(t[17], t[ 9], t[ 8], m, mp);
    9019. 

  9019.         sp_3072_mont_sqr_48(t[18], t[ 9], m, mp);
    9020. 

  9020.         sp_3072_mont_mul_48(t[19], t[10], t[ 9], m, mp);
    9021. 

  9021.         sp_3072_mont_sqr_48(t[20], t[10], m, mp);
    9022. 

  9022.         sp_3072_mont_mul_48(t[21], t[11], t[10], m, mp);
    9023. 

  9023.         sp_3072_mont_sqr_48(t[22], t[11], m, mp);
    9024. 

  9024.         sp_3072_mont_mul_48(t[23], t[12], t[11], m, mp);
    9025. 

  9025.         sp_3072_mont_sqr_48(t[24], t[12], m, mp);
    9026. 

  9026.         sp_3072_mont_mul_48(t[25], t[13], t[12], m, mp);
    9027. 

  9027.         sp_3072_mont_sqr_48(t[26], t[13], m, mp);
    9028. 

  9028.         sp_3072_mont_mul_48(t[27], t[14], t[13], m, mp);
    9029. 

  9029.         sp_3072_mont_sqr_48(t[28], t[14], m, mp);
    9030. 

  9030.         sp_3072_mont_mul_48(t[29], t[15], t[14], m, mp);
    9031. 

  9031.         sp_3072_mont_sqr_48(t[30], t[15], m, mp);
    9032. 

  9032.         sp_3072_mont_mul_48(t[31], t[16], t[15], m, mp);
    9033. 

  9033. 

  9034.         i = (bits - 1) / 32;
    9035. 

  9035.         n = e[i--];
    9036. 

  9036.         c = bits & 31;
    9037. 

  9037.         if (c == 0) {
    9038. 

  9038.             c = 32;
    9039. 

  9039.         }
    9040. 

  9040.         c -= bits % 5;
    9041. 

  9041.         if (c == 32) {
    9042. 

  9042.             c = 27;
    9043. 

  9043.         }
    9044. 

  9044.         y = (int)(n >> c);
    9045. 

  9045.         n <<= 32 - c;
    9046. 

  9046.         XMEMCPY(r, t[y], sizeof(sp_digit) * 48);
    9047. 

  9047.         for (; i>=0 || c>=5; ) {
    9048. 

  9048.             if (c == 0) {
    9049. 

  9049.                 n = e[i--];
    9050. 

  9050.                 y = n >> 27;
    9051. 

  9051.                 n <<= 5;
    9052. 

  9052.                 c = 27;
    9053. 

  9053.             }
    9054. 

  9054.             else if (c < 5) {
    9055. 

  9055.                 y = n >> 27;
    9056. 

  9056.                 n = e[i--];
    9057. 

  9057.                 c = 5 - c;
    9058. 

  9058.                 y |= n >> (32 - c);
    9059. 

  9059.                 n <<= c;
    9060. 

  9060.                 c = 32 - c;
    9061. 

  9061.             }
    9062. 

  9062.             else {
    9063. 

  9063.                 y = (n >> 27) & 0x1f;
    9064. 

  9064.                 n <<= 5;
    9065. 

  9065.                 c -= 5;
    9066. 

  9066.             }
    9067. 

  9067. 

  9068.             sp_3072_mont_sqr_48(r, r, m, mp);
    9069. 

  9069.             sp_3072_mont_sqr_48(r, r, m, mp);
    9070. 

  9070.             sp_3072_mont_sqr_48(r, r, m, mp);
    9071. 

  9071.             sp_3072_mont_sqr_48(r, r, m, mp);
    9072. 

  9072.             sp_3072_mont_sqr_48(r, r, m, mp);
    9073. 

  9073. 

  9074.             sp_3072_mont_mul_48(r, r, t[y], m, mp);
    9075. 

  9075.         }
    9076. 

  9076. 

  9077.         XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U);
    9078. 

  9078.         sp_3072_mont_reduce_48(r, m, mp);
    9079. 

  9079. 

  9080.         mask = 0 - (sp_3072_cmp_48(r, m) >= 0);
    9081. 

  9081.         sp_3072_cond_sub_48(r, r, m, mask);
    9082. 

  9082.     }
    9083. 

  9083. 

  9084. #ifdef WOLFSSL_SMALL_STACK
    9085. 

  9085.     if (td != NULL) {
    9086. 

  9086.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    9087. 

  9087.     }
    9088. 

  9088. #endif
    9089. 

  9089. 

  9090.     return err;
    9091. 

  9091. }
    9092. 

  9092. #endif /* WOLFSSL_SP_SMALL */
    9093. 

  9093. 

  9094. #endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */
    9095. 

  9095. 

  9096. #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
    9097. 

  9097. /* r = 2^n mod m where n is the number of bits to reduce by.
    9098. 

  9098.  * Given m must be 3072 bits, just need to subtract.
    9099. 

  9099.  *
    9100. 

  9100.  * r  A single precision number.
    9101. 

  9101.  * m  A single precision number.
    9102. 

  9102.  */
    9103. 

  9103. static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m)
    9104. 

  9104. {
    9105. 

  9105.     XMEMSET(r, 0, sizeof(sp_digit) * 96);
    9106. 

  9106. 

  9107.     /* r = 2^n mod m */
    9108. 

  9108.     sp_3072_sub_in_place_96(r, m);
    9109. 

  9109. }
    9110. 

  9110. 

  9111. #endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH */
    9112. 

  9112. /* Conditionally subtract b from a using the mask m.
    9113. 

  9113.  * m is -1 to subtract and 0 when not copying.
    9114. 

  9114.  *
    9115. 

  9115.  * r  A single precision number representing condition subtract result.
    9116. 

  9116.  * a  A single precision number to subtract from.
    9117. 

  9117.  * b  A single precision number to subtract.
    9118. 

  9118.  * m  Mask value to apply.
    9119. 

  9119.  */
    9120. 

  9120. SP_NOINLINE static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a,
    9121. 

  9121.         const sp_digit* b, sp_digit m)
    9122. 

  9122. {
    9123. 

  9123.     sp_digit c = 0;
    9124. 

  9124. 

  9125.     __asm__ __volatile__ (
    9126. 

  9126.         "mov	r5, #1\n\t"
    9127. 

  9127.         "lsl	r5, r5, #8\n\t"
    9128. 

  9128.         "add	r5, #128\n\t"
    9129. 

  9129.         "mov	r8, r5\n\t"
    9130. 

  9130.         "mov	r7, #0\n\t"
    9131. 

  9131.         "1:\n\t"
    9132. 

  9132.         "ldr	r6, [%[b], r7]\n\t"
    9133. 

  9133.         "and	r6, %[m]\n\t"
    9134. 

  9134.         "mov	r5, #0\n\t"
    9135. 

  9135.         "sub	r5, %[c]\n\t"
    9136. 

  9136.         "ldr	r5, [%[a], r7]\n\t"
    9137. 

  9137.         "sbc	r5, r6\n\t"
    9138. 

  9138.         "sbc	%[c], %[c]\n\t"
    9139. 

  9139.         "str	r5, [%[r], r7]\n\t"
    9140. 

  9140.         "add	r7, #4\n\t"
    9141. 

  9141.         "cmp	r7, r8\n\t"
    9142. 

  9142.         "blt	1b\n\t"
    9143. 

  9143.         : [c] "+r" (c)
    9144. 

  9144.         : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
    9145. 

  9145.         : "memory", "r5", "r6", "r7", "r8"
    9146. 

  9146.     );
    9147. 

  9147. 

  9148.     return c;
    9149. 

  9149. }
    9150. 

  9150. 

  9151. /* Reduce the number back to 3072 bits using Montgomery reduction.
    9152. 

  9152.  *
    9153. 

  9153.  * a   A single precision number to reduce in place.
    9154. 

  9154.  * m   The single precision number representing the modulus.
    9155. 

  9155.  * mp  The digit representing the negative inverse of m mod 2^n.
    9156. 

  9156.  */
    9157. 

  9157. SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m,
    9158. 

  9158.         sp_digit mp)
    9159. 

  9159. {
    9160. 

  9160.     sp_digit ca = 0;
    9161. 

  9161. 

  9162.     __asm__ __volatile__ (
    9163. 

  9163.         "mov	r8, %[mp]\n\t"
    9164. 

  9164.         "mov	r12, %[ca]\n\t"
    9165. 

  9165.         "mov	r14, %[m]\n\t"
    9166. 

  9166.         "mov	r9, %[a]\n\t"
    9167. 

  9167.         "mov	r4, #0\n\t"
    9168. 

  9168.         "# i = 0\n\t"
    9169. 

  9169.         "mov	r11, r4\n\t"
    9170. 

  9170.         "\n1:\n\t"
    9171. 

  9171.         "mov	r5, #0\n\t"
    9172. 

  9172.         "mov	%[ca], #0\n\t"
    9173. 

  9173.         "# mu = a[i] * mp\n\t"
    9174. 

  9174.         "mov	%[mp], r8\n\t"
    9175. 

  9175.         "ldr	%[a], [%[a]]\n\t"
    9176. 

  9176.         "mul	%[mp], %[a]\n\t"
    9177. 

  9177.         "mov	%[m], r14\n\t"
    9178. 

  9178.         "mov	r10, r9\n\t"
    9179. 

  9179.         "\n2:\n\t"
    9180. 

  9180.         "# a[i+j] += m[j] * mu\n\t"
    9181. 

  9181.         "mov	%[a], r10\n\t"
    9182. 

  9182.         "ldr	%[a], [%[a]]\n\t"
    9183. 

  9183.         "mov	%[ca], #0\n\t"
    9184. 

  9184.         "mov	r4, r5\n\t"
    9185. 

  9185.         "mov	r5, #0\n\t"
    9186. 

  9186.         "# Multiply m[j] and mu - Start\n\t"
    9187. 

  9187.         "ldr	r7, [%[m]]\n\t"
    9188. 

  9188.         "lsl	r6, %[mp], #16\n\t"
    9189. 

  9189.         "lsl	r7, r7, #16\n\t"
    9190. 

  9190.         "lsr	r6, r6, #16\n\t"
    9191. 

  9191.         "lsr	r7, r7, #16\n\t"
    9192. 

  9192.         "mul	r7, r6\n\t"
    9193. 

  9193.         "add	%[a], r7\n\t"
    9194. 

  9194.         "adc	r5, %[ca]\n\t"
    9195. 

  9195.         "ldr	r7, [%[m]]\n\t"
    9196. 

  9196.         "lsr	r7, r7, #16\n\t"
    9197. 

  9197.         "mul	r6, r7\n\t"
    9198. 

  9198.         "lsr	r7, r6, #16\n\t"
    9199. 

  9199.         "lsl	r6, r6, #16\n\t"
    9200. 

  9200.         "add	%[a], r6\n\t"
    9201. 

  9201.         "adc	r5, r7\n\t"
    9202. 

  9202.         "ldr	r7, [%[m]]\n\t"
    9203. 

  9203.         "lsr	r6, %[mp], #16\n\t"
    9204. 

  9204.         "lsr	r7, r7, #16\n\t"
    9205. 

  9205.         "mul	r7, r6\n\t"
    9206. 

  9206.         "add	r5, r7\n\t"
    9207. 

  9207.         "ldr	r7, [%[m]]\n\t"
    9208. 

  9208.         "lsl	r7, r7, #16\n\t"
    9209. 

  9209.         "lsr	r7, r7, #16\n\t"
    9210. 

  9210.         "mul	r6, r7\n\t"
    9211. 

  9211.         "lsr	r7, r6, #16\n\t"
    9212. 

  9212.         "lsl	r6, r6, #16\n\t"
    9213. 

  9213.         "add	%[a], r6\n\t"
    9214. 

  9214.         "adc	r5, r7\n\t"
    9215. 

  9215.         "# Multiply m[j] and mu - Done\n\t"
    9216. 

  9216.         "add	r4, %[a]\n\t"
    9217. 

  9217.         "adc	r5, %[ca]\n\t"
    9218. 

  9218.         "mov	%[a], r10\n\t"
    9219. 

  9219.         "str	r4, [%[a]]\n\t"
    9220. 

  9220.         "mov	r6, #4\n\t"
    9221. 

  9221.         "add	%[m], #4\n\t"
    9222. 

  9222.         "add	r10, r6\n\t"
    9223. 

  9223.         "mov	r4, #1\n\t"
    9224. 

  9224.         "lsl	r4, r4, #8\n\t"
    9225. 

  9225.         "add	r4, #124\n\t"
    9226. 

  9226.         "add	r4, r9\n\t"
    9227. 

  9227.         "cmp	r10, r4\n\t"
    9228. 

  9228.         "blt	2b\n\t"
    9229. 

  9229.         "# a[i+95] += m[95] * mu\n\t"
    9230. 

  9230.         "mov	%[ca], #0\n\t"
    9231. 

  9231.         "mov	r4, r12\n\t"
    9232. 

  9232.         "mov	%[a], #0\n\t"
    9233. 

  9233.         "# Multiply m[95] and mu - Start\n\t"
    9234. 

  9234.         "ldr	r7, [%[m]]\n\t"
    9235. 

  9235.         "lsl	r6, %[mp], #16\n\t"
    9236. 

  9236.         "lsl	r7, r7, #16\n\t"
    9237. 

  9237.         "lsr	r6, r6, #16\n\t"
    9238. 

  9238.         "lsr	r7, r7, #16\n\t"
    9239. 

  9239.         "mul	r7, r6\n\t"
    9240. 

  9240.         "add	r5, r7\n\t"
    9241. 

  9241.         "adc	r4, %[ca]\n\t"
    9242. 

  9242.         "adc	%[a], %[ca]\n\t"
    9243. 

  9243.         "ldr	r7, [%[m]]\n\t"
    9244. 

  9244.         "lsr	r7, r7, #16\n\t"
    9245. 

  9245.         "mul	r6, r7\n\t"
    9246. 

  9246.         "lsr	r7, r6, #16\n\t"
    9247. 

  9247.         "lsl	r6, r6, #16\n\t"
    9248. 

  9248.         "add	r5, r6\n\t"
    9249. 

  9249.         "adc	r4, r7\n\t"
    9250. 

  9250.         "adc	%[a], %[ca]\n\t"
    9251. 

  9251.         "ldr	r7, [%[m]]\n\t"
    9252. 

  9252.         "lsr	r6, %[mp], #16\n\t"
    9253. 

  9253.         "lsr	r7, r7, #16\n\t"
    9254. 

  9254.         "mul	r7, r6\n\t"
    9255. 

  9255.         "add	r4, r7\n\t"
    9256. 

  9256.         "adc	%[a], %[ca]\n\t"
    9257. 

  9257.         "ldr	r7, [%[m]]\n\t"
    9258. 

  9258.         "lsl	r7, r7, #16\n\t"
    9259. 

  9259.         "lsr	r7, r7, #16\n\t"
    9260. 

  9260.         "mul	r6, r7\n\t"
    9261. 

  9261.         "lsr	r7, r6, #16\n\t"
    9262. 

  9262.         "lsl	r6, r6, #16\n\t"
    9263. 

  9263.         "add	r5, r6\n\t"
    9264. 

  9264.         "adc	r4, r7\n\t"
    9265. 

  9265.         "adc	%[a], %[ca]\n\t"
    9266. 

  9266.         "# Multiply m[95] and mu - Done\n\t"
    9267. 

  9267.         "mov	%[ca], %[a]\n\t"
    9268. 

  9268.         "mov	%[a], r10\n\t"
    9269. 

  9269.         "ldr	r7, [%[a], #4]\n\t"
    9270. 

  9270.         "ldr	%[a], [%[a]]\n\t"
    9271. 

  9271.         "mov	r6, #0\n\t"
    9272. 

  9272.         "add	r5, %[a]\n\t"
    9273. 

  9273.         "adc	r7, r4\n\t"
    9274. 

  9274.         "adc	%[ca], r6\n\t"
    9275. 

  9275.         "mov	%[a], r10\n\t"
    9276. 

  9276.         "str	r5, [%[a]]\n\t"
    9277. 

  9277.         "str	r7, [%[a], #4]\n\t"
    9278. 

  9278.         "# i += 1\n\t"
    9279. 

  9279.         "mov	r6, #4\n\t"
    9280. 

  9280.         "add	r9, r6\n\t"
    9281. 

  9281.         "add	r11, r6\n\t"
    9282. 

  9282.         "mov	r12, %[ca]\n\t"
    9283. 

  9283.         "mov	%[a], r9\n\t"
    9284. 

  9284.         "mov	r4, #1\n\t"
    9285. 

  9285.         "lsl	r4, r4, #8\n\t"
    9286. 

  9286.         "add	r4, #128\n\t"
    9287. 

  9287.         "cmp	r11, r4\n\t"
    9288. 

  9288.         "blt	1b\n\t"
    9289. 

  9289.         "mov	%[m], r14\n\t"
    9290. 

  9290.         : [ca] "+r" (ca), [a] "+r" (a)
    9291. 

  9291.         : [m] "r" (m), [mp] "r" (mp)
    9292. 

  9292.         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    9293. 

  9293.     );
    9294. 

  9294. 

  9295.     sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - ca);
    9296. 

  9296. }
    9297. 

  9297. 

  9298. /* Multiply two Montogmery form numbers mod the modulus (prime).
    9299. 

  9299.  * (r = a * b mod m)
    9300. 

  9300.  *
    9301. 

  9301.  * r   Result of multiplication.
    9302. 

  9302.  * a   First number to multiply in Montogmery form.
    9303. 

  9303.  * b   Second number to multiply in Montogmery form.
    9304. 

  9304.  * m   Modulus (prime).
    9305. 

  9305.  * mp  Montogmery mulitplier.
    9306. 

  9306.  */
    9307. 

  9307. static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b,
    9308. 

  9308.         const sp_digit* m, sp_digit mp)
    9309. 

  9309. {
    9310. 

  9310.     sp_3072_mul_96(r, a, b);
    9311. 

  9311.     sp_3072_mont_reduce_96(r, m, mp);
    9312. 

  9312. }
    9313. 

  9313. 

  9314. /* Square the Montgomery form number. (r = a * a mod m)
    9315. 

  9315.  *
    9316. 

  9316.  * r   Result of squaring.
    9317. 

  9317.  * a   Number to square in Montogmery form.
    9318. 

  9318.  * m   Modulus (prime).
    9319. 

  9319.  * mp  Montogmery mulitplier.
    9320. 

  9320.  */
    9321. 

  9321. static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, const sp_digit* m,
    9322. 

  9322.         sp_digit mp)
    9323. 

  9323. {
    9324. 

  9324.     sp_3072_sqr_96(r, a);
    9325. 

  9325.     sp_3072_mont_reduce_96(r, m, mp);
    9326. 

  9326. }
    9327. 

  9327. 

  9328. /* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
    9329. 

  9329.  *
    9330. 

  9330.  * d1   The high order half of the number to divide.
    9331. 

  9331.  * d0   The low order half of the number to divide.
    9332. 

  9332.  * div  The dividend.
    9333. 

  9333.  * returns the result of the division.
    9334. 

  9334.  *
    9335. 

  9335.  * Note that this is an approximate div. It may give an answer 1 larger.
    9336. 

  9336.  */
    9337. 

  9337. SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0,
    9338. 

  9338.         sp_digit div)
    9339. 

  9339. {
    9340. 

  9340.     sp_digit r = 0;
    9341. 

  9341. 

  9342.     __asm__ __volatile__ (
    9343. 

  9343.         "lsr	r5, %[div], #1\n\t"
    9344. 

  9344.         "add	r5, #1\n\t"
    9345. 

  9345.         "mov	r8, %[d0]\n\t"
    9346. 

  9346.         "mov	r9, %[d1]\n\t"
    9347. 

  9347.         "# Do top 32\n\t"
    9348. 

  9348.         "mov	r6, r5\n\t"
    9349. 

  9349.         "sub	r6, %[d1]\n\t"
    9350. 

  9350.         "sbc	r6, r6\n\t"
    9351. 

  9351.         "add	%[r], %[r]\n\t"
    9352. 

  9352.         "sub	%[r], r6\n\t"
    9353. 

  9353.         "and	r6, r5\n\t"
    9354. 

  9354.         "sub	%[d1], r6\n\t"
    9355. 

  9355.         "# Next 30 bits\n\t"
    9356. 

  9356.         "mov	r4, #29\n\t"
    9357. 

  9357.         "1:\n\t"
    9358. 

  9358.         "lsl	%[d0], %[d0], #1\n\t"
    9359. 

  9359.         "adc	%[d1], %[d1]\n\t"
    9360. 

  9360.         "mov	r6, r5\n\t"
    9361. 

  9361.         "sub	r6, %[d1]\n\t"
    9362. 

  9362.         "sbc	r6, r6\n\t"
    9363. 

  9363.         "add	%[r], %[r]\n\t"
    9364. 

  9364.         "sub	%[r], r6\n\t"
    9365. 

  9365.         "and	r6, r5\n\t"
    9366. 

  9366.         "sub	%[d1], r6\n\t"
    9367. 

  9367.         "sub	r4, #1\n\t"
    9368. 

  9368.         "bpl	1b\n\t"
    9369. 

  9369.         "mov	r7, #0\n\t"
    9370. 

  9370.         "add	%[r], %[r]\n\t"
    9371. 

  9371.         "add	%[r], #1\n\t"
    9372. 

  9372.         "# r * div - Start\n\t"
    9373. 

  9373.         "lsl	%[d1], %[r], #16\n\t"
    9374. 

  9374.         "lsl	r4, %[div], #16\n\t"
    9375. 

  9375.         "lsr	%[d1], %[d1], #16\n\t"
    9376. 

  9376.         "lsr	r4, r4, #16\n\t"
    9377. 

  9377.         "mul	r4, %[d1]\n\t"
    9378. 

  9378.         "lsr	r6, %[div], #16\n\t"
    9379. 

  9379.         "mul	%[d1], r6\n\t"
    9380. 

  9380.         "lsr	r5, %[d1], #16\n\t"
    9381. 

  9381.         "lsl	%[d1], %[d1], #16\n\t"
    9382. 

  9382.         "add	r4, %[d1]\n\t"
    9383. 

  9383.         "adc	r5, r7\n\t"
    9384. 

  9384.         "lsr	%[d1], %[r], #16\n\t"
    9385. 

  9385.         "mul	r6, %[d1]\n\t"
    9386. 

  9386.         "add	r5, r6\n\t"
    9387. 

  9387.         "lsl	r6, %[div], #16\n\t"
    9388. 

  9388.         "lsr	r6, r6, #16\n\t"
    9389. 

  9389.         "mul	%[d1], r6\n\t"
    9390. 

  9390.         "lsr	r6, %[d1], #16\n\t"
    9391. 

  9391.         "lsl	%[d1], %[d1], #16\n\t"
    9392. 

  9392.         "add	r4, %[d1]\n\t"
    9393. 

  9393.         "adc	r5, r6\n\t"
    9394. 

  9394.         "# r * div - Done\n\t"
    9395. 

  9395.         "mov	%[d1], r8\n\t"
    9396. 

  9396.         "sub	%[d1], r4\n\t"
    9397. 

  9397.         "mov	r4, %[d1]\n\t"
    9398. 

  9398.         "mov	%[d1], r9\n\t"
    9399. 

  9399.         "sbc	%[d1], r5\n\t"
    9400. 

  9400.         "mov	r5, %[d1]\n\t"
    9401. 

  9401.         "add	%[r], r5\n\t"
    9402. 

  9402.         "# r * div - Start\n\t"
    9403. 

  9403.         "lsl	%[d1], %[r], #16\n\t"
    9404. 

  9404.         "lsl	r4, %[div], #16\n\t"
    9405. 

  9405.         "lsr	%[d1], %[d1], #16\n\t"
    9406. 

  9406.         "lsr	r4, r4, #16\n\t"
    9407. 

  9407.         "mul	r4, %[d1]\n\t"
    9408. 

  9408.         "lsr	r6, %[div], #16\n\t"
    9409. 

  9409.         "mul	%[d1], r6\n\t"
    9410. 

  9410.         "lsr	r5, %[d1], #16\n\t"
    9411. 

  9411.         "lsl	%[d1], %[d1], #16\n\t"
    9412. 

  9412.         "add	r4, %[d1]\n\t"
    9413. 

  9413.         "adc	r5, r7\n\t"
    9414. 

  9414.         "lsr	%[d1], %[r], #16\n\t"
    9415. 

  9415.         "mul	r6, %[d1]\n\t"
    9416. 

  9416.         "add	r5, r6\n\t"
    9417. 

  9417.         "lsl	r6, %[div], #16\n\t"
    9418. 

  9418.         "lsr	r6, r6, #16\n\t"
    9419. 

  9419.         "mul	%[d1], r6\n\t"
    9420. 

  9420.         "lsr	r6, %[d1], #16\n\t"
    9421. 

  9421.         "lsl	%[d1], %[d1], #16\n\t"
    9422. 

  9422.         "add	r4, %[d1]\n\t"
    9423. 

  9423.         "adc	r5, r6\n\t"
    9424. 

  9424.         "# r * div - Done\n\t"
    9425. 

  9425.         "mov	%[d1], r8\n\t"
    9426. 

  9426.         "mov	r6, r9\n\t"
    9427. 

  9427.         "sub	r4, %[d1], r4\n\t"
    9428. 

  9428.         "sbc	r6, r5\n\t"
    9429. 

  9429.         "mov	r5, r6\n\t"
    9430. 

  9430.         "add	%[r], r5\n\t"
    9431. 

  9431.         "# r * div - Start\n\t"
    9432. 

  9432.         "lsl	%[d1], %[r], #16\n\t"
    9433. 

  9433.         "lsl	r4, %[div], #16\n\t"
    9434. 

  9434.         "lsr	%[d1], %[d1], #16\n\t"
    9435. 

  9435.         "lsr	r4, r4, #16\n\t"
    9436. 

  9436.         "mul	r4, %[d1]\n\t"
    9437. 

  9437.         "lsr	r6, %[div], #16\n\t"
    9438. 

  9438.         "mul	%[d1], r6\n\t"
    9439. 

  9439.         "lsr	r5, %[d1], #16\n\t"
    9440. 

  9440.         "lsl	%[d1], %[d1], #16\n\t"
    9441. 

  9441.         "add	r4, %[d1]\n\t"
    9442. 

  9442.         "adc	r5, r7\n\t"
    9443. 

  9443.         "lsr	%[d1], %[r], #16\n\t"
    9444. 

  9444.         "mul	r6, %[d1]\n\t"
    9445. 

  9445.         "add	r5, r6\n\t"
    9446. 

  9446.         "lsl	r6, %[div], #16\n\t"
    9447. 

  9447.         "lsr	r6, r6, #16\n\t"
    9448. 

  9448.         "mul	%[d1], r6\n\t"
    9449. 

  9449.         "lsr	r6, %[d1], #16\n\t"
    9450. 

  9450.         "lsl	%[d1], %[d1], #16\n\t"
    9451. 

  9451.         "add	r4, %[d1]\n\t"
    9452. 

  9452.         "adc	r5, r6\n\t"
    9453. 

  9453.         "# r * div - Done\n\t"
    9454. 

  9454.         "mov	%[d1], r8\n\t"
    9455. 

  9455.         "mov	r6, r9\n\t"
    9456. 

  9456.         "sub	r4, %[d1], r4\n\t"
    9457. 

  9457.         "sbc	r6, r5\n\t"
    9458. 

  9458.         "mov	r5, r6\n\t"
    9459. 

  9459.         "add	%[r], r5\n\t"
    9460. 

  9460.         "mov	r6, %[div]\n\t"
    9461. 

  9461.         "sub	r6, r4\n\t"
    9462. 

  9462.         "sbc	r6, r6\n\t"
    9463. 

  9463.         "sub	%[r], r6\n\t"
    9464. 

  9464.         : [r] "+r" (r)
    9465. 

  9465.         : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div)
    9466. 

  9466.         : "r4", "r5", "r7", "r6", "r8", "r9"
    9467. 

  9467.     );
    9468. 

  9468.     return r;
    9469. 

  9469. }
    9470. 

  9470. 

  9471. /* AND m into each word of a and store in r.
    9472. 

  9472.  *
    9473. 

  9473.  * r  A single precision integer.
    9474. 

  9474.  * a  A single precision integer.
    9475. 

  9475.  * m  Mask to AND against each digit.
    9476. 

  9476.  */
    9477. 

  9477. static void sp_3072_mask_96(sp_digit* r, const sp_digit* a, sp_digit m)
    9478. 

  9478. {
    9479. 

  9479. #ifdef WOLFSSL_SP_SMALL
    9480. 

  9480.     int i;
    9481. 

  9481. 

  9482.     for (i=0; i<96; i++) {
    9483. 

  9483.         r[i] = a[i] & m;
    9484. 

  9484.     }
    9485. 

  9485. #else
    9486. 

  9486.     int i;
    9487. 

  9487. 

  9488.     for (i = 0; i < 96; i += 8) {
    9489. 

  9489.         r[i+0] = a[i+0] & m;
    9490. 

  9490.         r[i+1] = a[i+1] & m;
    9491. 

  9491.         r[i+2] = a[i+2] & m;
    9492. 

  9492.         r[i+3] = a[i+3] & m;
    9493. 

  9493.         r[i+4] = a[i+4] & m;
    9494. 

  9494.         r[i+5] = a[i+5] & m;
    9495. 

  9495.         r[i+6] = a[i+6] & m;
    9496. 

  9496.         r[i+7] = a[i+7] & m;
    9497. 

  9497.     }
    9498. 

  9498. #endif
    9499. 

  9499. }
    9500. 

  9500. 

  9501. /* Compare a with b in constant time.
    9502. 

  9502.  *
    9503. 

  9503.  * a  A single precision integer.
    9504. 

  9504.  * b  A single precision integer.
    9505. 

  9505.  * return -ve, 0 or +ve if a is less than, equal to or greater than b
    9506. 

  9506.  * respectively.
    9507. 

  9507.  */
    9508. 

  9508. SP_NOINLINE static int32_t sp_3072_cmp_96(const sp_digit* a, const sp_digit* b)
    9509. 

  9509. {
    9510. 

  9510.     sp_digit r = 0;
    9511. 

  9511. 

  9512. 

  9513.     __asm__ __volatile__ (
    9514. 

  9514.         "mov	r3, #0\n\t"
    9515. 

  9515.         "mvn	r3, r3\n\t"
    9516. 

  9516.         "mov	r6, #1\n\t"
    9517. 

  9517.         "lsl	r6, r6, #8\n\t"
    9518. 

  9518.         "add	r6, #124\n\t"
    9519. 

  9519.         "1:\n\t"
    9520. 

  9520.         "ldr	r7, [%[a], r6]\n\t"
    9521. 

  9521.         "ldr	r5, [%[b], r6]\n\t"
    9522. 

  9522.         "and	r7, r3\n\t"
    9523. 

  9523.         "and	r5, r3\n\t"
    9524. 

  9524.         "mov	r4, r7\n\t"
    9525. 

  9525.         "sub	r7, r5\n\t"
    9526. 

  9526.         "sbc	r7, r7\n\t"
    9527. 

  9527.         "add	%[r], r7\n\t"
    9528. 

  9528.         "mvn	r7, r7\n\t"
    9529. 

  9529.         "and	r3, r7\n\t"
    9530. 

  9530.         "sub	r5, r4\n\t"
    9531. 

  9531.         "sbc	r7, r7\n\t"
    9532. 

  9532.         "sub	%[r], r7\n\t"
    9533. 

  9533.         "mvn	r7, r7\n\t"
    9534. 

  9534.         "and	r3, r7\n\t"
    9535. 

  9535.         "sub	r6, #4\n\t"
    9536. 

  9536.         "cmp	r6, #0\n\t"
    9537. 

  9537.         "bge	1b\n\t"
    9538. 

  9538.         : [r] "+r" (r)
    9539. 

  9539.         : [a] "r" (a), [b] "r" (b)
    9540. 

  9540.         : "r3", "r4", "r5", "r6", "r7"
    9541. 

  9541.     );
    9542. 

  9542. 

  9543.     return r;
    9544. 

  9544. }
    9545. 

  9545. 

  9546. /* Divide d in a and put remainder into r (m*d + r = a)
    9547. 

  9547.  * m is not calculated as it is not needed at this time.
    9548. 

  9548.  *
    9549. 

  9549.  * a  Nmber to be divided.
    9550. 

  9550.  * d  Number to divide with.
    9551. 

  9551.  * m  Multiplier result.
    9552. 

  9552.  * r  Remainder from the division.
    9553. 

  9553.  * returns MP_OKAY indicating success.
    9554. 

  9554.  */
    9555. 

  9555. static WC_INLINE int sp_3072_div_96(const sp_digit* a, const sp_digit* d, sp_digit* m,
    9556. 

  9556.         sp_digit* r)
    9557. 

  9557. {
    9558. 

  9558.     sp_digit t1[192], t2[97];
    9559. 

  9559.     sp_digit div, r1;
    9560. 

  9560.     int i;
    9561. 

  9561. 

  9562.     (void)m;
    9563. 

  9563. 

  9564.     div = d[95];
    9565. 

  9565.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 96);
    9566. 

  9566.     for (i=95; i>=0; i--) {
    9567. 

  9567.         r1 = div_3072_word_96(t1[96 + i], t1[96 + i - 1], div);
    9568. 

  9568. 

  9569.         sp_3072_mul_d_96(t2, d, r1);
    9570. 

  9570.         t1[96 + i] += sp_3072_sub_in_place_96(&t1[i], t2);
    9571. 

  9571.         t1[96 + i] -= t2[96];
    9572. 

  9572.         sp_3072_mask_96(t2, d, t1[96 + i]);
    9573. 

  9573.         t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], t2);
    9574. 

  9574.         sp_3072_mask_96(t2, d, t1[96 + i]);
    9575. 

  9575.         t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], t2);
    9576. 

  9576.     }
    9577. 

  9577. 

  9578.     r1 = sp_3072_cmp_96(t1, d) >= 0;
    9579. 

  9579.     sp_3072_cond_sub_96(r, t1, d, (sp_digit)0 - r1);
    9580. 

  9580. 

  9581.     return MP_OKAY;
    9582. 

  9582. }
    9583. 

  9583. 

  9584. /* Reduce a modulo m into r. (r = a mod m)
    9585. 

  9585.  *
    9586. 

  9586.  * r  A single precision number that is the reduced result.
    9587. 

  9587.  * a  A single precision number that is to be reduced.
    9588. 

  9588.  * m  A single precision number that is the modulus to reduce with.
    9589. 

  9589.  * returns MP_OKAY indicating success.
    9590. 

  9590.  */
    9591. 

  9591. static WC_INLINE int sp_3072_mod_96(sp_digit* r, const sp_digit* a, const sp_digit* m)
    9592. 

  9592. {
    9593. 

  9593.     return sp_3072_div_96(a, m, NULL, r);
    9594. 

  9594. }
    9595. 

  9595. 

  9596. /* Divide d in a and put remainder into r (m*d + r = a)
    9597. 

  9597.  * m is not calculated as it is not needed at this time.
    9598. 

  9598.  *
    9599. 

  9599.  * a  Nmber to be divided.
    9600. 

  9600.  * d  Number to divide with.
    9601. 

  9601.  * m  Multiplier result.
    9602. 

  9602.  * r  Remainder from the division.
    9603. 

  9603.  * returns MP_OKAY indicating success.
    9604. 

  9604.  */
    9605. 

  9605. static WC_INLINE int sp_3072_div_96_cond(const sp_digit* a, const sp_digit* d, sp_digit* m,
    9606. 

  9606.         sp_digit* r)
    9607. 

  9607. {
    9608. 

  9608.     sp_digit t1[192], t2[97];
    9609. 

  9609.     sp_digit div, r1;
    9610. 

  9610.     int i;
    9611. 

  9611. 

  9612.     (void)m;
    9613. 

  9613. 

  9614.     div = d[95];
    9615. 

  9615.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 96);
    9616. 

  9616.     for (i=95; i>=0; i--) {
    9617. 

  9617.         r1 = div_3072_word_96(t1[96 + i], t1[96 + i - 1], div);
    9618. 

  9618. 

  9619.         sp_3072_mul_d_96(t2, d, r1);
    9620. 

  9620.         t1[96 + i] += sp_3072_sub_in_place_96(&t1[i], t2);
    9621. 

  9621.         t1[96 + i] -= t2[96];
    9622. 

  9622.         if (t1[96 + i] != 0) {
    9623. 

  9623.             t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], d);
    9624. 

  9624.             if (t1[96 + i] != 0)
    9625. 

  9625.                 t1[96 + i] += sp_3072_add_96(&t1[i], &t1[i], d);
    9626. 

  9626.         }
    9627. 

  9627.     }
    9628. 

  9628. 

  9629.     r1 = sp_3072_cmp_96(t1, d) >= 0;
    9630. 

  9630.     sp_3072_cond_sub_96(r, t1, d, (sp_digit)0 - r1);
    9631. 

  9631. 

  9632.     return MP_OKAY;
    9633. 

  9633. }
    9634. 

  9634. 

  9635. /* Reduce a modulo m into r. (r = a mod m)
    9636. 

  9636.  *
    9637. 

  9637.  * r  A single precision number that is the reduced result.
    9638. 

  9638.  * a  A single precision number that is to be reduced.
    9639. 

  9639.  * m  A single precision number that is the modulus to reduce with.
    9640. 

  9640.  * returns MP_OKAY indicating success.
    9641. 

  9641.  */
    9642. 

  9642. static WC_INLINE int sp_3072_mod_96_cond(sp_digit* r, const sp_digit* a, const sp_digit* m)
    9643. 

  9643. {
    9644. 

  9644.     return sp_3072_div_96_cond(a, m, NULL, r);
    9645. 

  9645. }
    9646. 

  9646. 

  9647. #if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
    9648. 

  9648.                                                      defined(WOLFSSL_HAVE_SP_DH)
    9649. 

  9649. #ifdef WOLFSSL_SP_SMALL
    9650. 

  9650. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    9651. 

  9651.  *
    9652. 

  9652.  * r     A single precision number that is the result of the operation.
    9653. 

  9653.  * a     A single precision number being exponentiated.
    9654. 

  9654.  * e     A single precision number that is the exponent.
    9655. 

  9655.  * bits  The number of bits in the exponent.
    9656. 

  9656.  * m     A single precision number that is the modulus.
    9657. 

  9657.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    9658. 

  9658.  */
    9659. 

  9659. static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
    9660. 

  9660.         int bits, const sp_digit* m, int reduceA)
    9661. 

  9661. {
    9662. 

  9662. #ifndef WOLFSSL_SMALL_STACK
    9663. 

  9663.     sp_digit t[16][192];
    9664. 

  9664. #else
    9665. 

  9665.     sp_digit* t[16];
    9666. 

  9666.     sp_digit* td;
    9667. 

  9667. #endif
    9668. 

  9668.     sp_digit* norm;
    9669. 

  9669.     sp_digit mp = 1;
    9670. 

  9670.     sp_digit n;
    9671. 

  9671.     sp_digit mask;
    9672. 

  9672.     int i;
    9673. 

  9673.     int c, y;
    9674. 

  9674.     int err = MP_OKAY;
    9675. 

  9675. 

  9676. #ifdef WOLFSSL_SMALL_STACK
    9677. 

  9677.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 192, NULL,
    9678. 

  9678.                             DYNAMIC_TYPE_TMP_BUFFER);
    9679. 

  9679.     if (td == NULL) {
    9680. 

  9680.         err = MEMORY_E;
    9681. 

  9681.     }
    9682. 

  9682. #endif
    9683. 

  9683. 

  9684.     if (err == MP_OKAY) {
    9685. 

  9685. #ifdef WOLFSSL_SMALL_STACK
    9686. 

  9686.         for (i=0; i<16; i++) {
    9687. 

  9687.             t[i] = td + i * 192;
    9688. 

  9688.         }
    9689. 

  9689. #endif
    9690. 

  9690.         norm = t[0];
    9691. 

  9691. 

  9692.         sp_3072_mont_setup(m, &mp);
    9693. 

  9693.         sp_3072_mont_norm_96(norm, m);
    9694. 

  9694. 

  9695.         XMEMSET(t[1], 0, sizeof(sp_digit) * 96U);
    9696. 

  9696.         if (reduceA != 0) {
    9697. 

  9697.             err = sp_3072_mod_96(t[1] + 96, a, m);
    9698. 

  9698.             if (err == MP_OKAY) {
    9699. 

  9699.                 err = sp_3072_mod_96(t[1], t[1], m);
    9700. 

  9700.             }
    9701. 

  9701.         }
    9702. 

  9702.         else {
    9703. 

  9703.             XMEMCPY(t[1] + 96, a, sizeof(sp_digit) * 96);
    9704. 

  9704.             err = sp_3072_mod_96(t[1], t[1], m);
    9705. 

  9705.         }
    9706. 

  9706.     }
    9707. 

  9707. 

  9708.     if (err == MP_OKAY) {
    9709. 

  9709.         sp_3072_mont_sqr_96(t[ 2], t[ 1], m, mp);
    9710. 

  9710.         sp_3072_mont_mul_96(t[ 3], t[ 2], t[ 1], m, mp);
    9711. 

  9711.         sp_3072_mont_sqr_96(t[ 4], t[ 2], m, mp);
    9712. 

  9712.         sp_3072_mont_mul_96(t[ 5], t[ 3], t[ 2], m, mp);
    9713. 

  9713.         sp_3072_mont_sqr_96(t[ 6], t[ 3], m, mp);
    9714. 

  9714.         sp_3072_mont_mul_96(t[ 7], t[ 4], t[ 3], m, mp);
    9715. 

  9715.         sp_3072_mont_sqr_96(t[ 8], t[ 4], m, mp);
    9716. 

  9716.         sp_3072_mont_mul_96(t[ 9], t[ 5], t[ 4], m, mp);
    9717. 

  9717.         sp_3072_mont_sqr_96(t[10], t[ 5], m, mp);
    9718. 

  9718.         sp_3072_mont_mul_96(t[11], t[ 6], t[ 5], m, mp);
    9719. 

  9719.         sp_3072_mont_sqr_96(t[12], t[ 6], m, mp);
    9720. 

  9720.         sp_3072_mont_mul_96(t[13], t[ 7], t[ 6], m, mp);
    9721. 

  9721.         sp_3072_mont_sqr_96(t[14], t[ 7], m, mp);
    9722. 

  9722.         sp_3072_mont_mul_96(t[15], t[ 8], t[ 7], m, mp);
    9723. 

  9723. 

  9724.         i = (bits - 1) / 32;
    9725. 

  9725.         n = e[i--];
    9726. 

  9726.         c = bits & 31;
    9727. 

  9727.         if (c == 0) {
    9728. 

  9728.             c = 32;
    9729. 

  9729.         }
    9730. 

  9730.         c -= bits % 4;
    9731. 

  9731.         if (c == 32) {
    9732. 

  9732.             c = 28;
    9733. 

  9733.         }
    9734. 

  9734.         y = (int)(n >> c);
    9735. 

  9735.         n <<= 32 - c;
    9736. 

  9736.         XMEMCPY(r, t[y], sizeof(sp_digit) * 96);
    9737. 

  9737.         for (; i>=0 || c>=4; ) {
    9738. 

  9738.             if (c == 0) {
    9739. 

  9739.                 n = e[i--];
    9740. 

  9740.                 y = n >> 28;
    9741. 

  9741.                 n <<= 4;
    9742. 

  9742.                 c = 28;
    9743. 

  9743.             }
    9744. 

  9744.             else if (c < 4) {
    9745. 

  9745.                 y = n >> 28;
    9746. 

  9746.                 n = e[i--];
    9747. 

  9747.                 c = 4 - c;
    9748. 

  9748.                 y |= n >> (32 - c);
    9749. 

  9749.                 n <<= c;
    9750. 

  9750.                 c = 32 - c;
    9751. 

  9751.             }
    9752. 

  9752.             else {
    9753. 

  9753.                 y = (n >> 28) & 0xf;
    9754. 

  9754.                 n <<= 4;
    9755. 

  9755.                 c -= 4;
    9756. 

  9756.             }
    9757. 

  9757. 

  9758.             sp_3072_mont_sqr_96(r, r, m, mp);
    9759. 

  9759.             sp_3072_mont_sqr_96(r, r, m, mp);
    9760. 

  9760.             sp_3072_mont_sqr_96(r, r, m, mp);
    9761. 

  9761.             sp_3072_mont_sqr_96(r, r, m, mp);
    9762. 

  9762. 

  9763.             sp_3072_mont_mul_96(r, r, t[y], m, mp);
    9764. 

  9764.         }
    9765. 

  9765. 

  9766.         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
    9767. 

  9767.         sp_3072_mont_reduce_96(r, m, mp);
    9768. 

  9768. 

  9769.         mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
    9770. 

  9770.         sp_3072_cond_sub_96(r, r, m, mask);
    9771. 

  9771.     }
    9772. 

  9772. 

  9773. #ifdef WOLFSSL_SMALL_STACK
    9774. 

  9774.     if (td != NULL) {
    9775. 

  9775.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    9776. 

  9776.     }
    9777. 

  9777. #endif
    9778. 

  9778. 

  9779.     return err;
    9780. 

  9780. }
    9781. 

  9781. #else
    9782. 

  9782. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    9783. 

  9783.  *
    9784. 

  9784.  * r     A single precision number that is the result of the operation.
    9785. 

  9785.  * a     A single precision number being exponentiated.
    9786. 

  9786.  * e     A single precision number that is the exponent.
    9787. 

  9787.  * bits  The number of bits in the exponent.
    9788. 

  9788.  * m     A single precision number that is the modulus.
    9789. 

  9789.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    9790. 

  9790.  */
    9791. 

  9791. static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
    9792. 

  9792.         int bits, const sp_digit* m, int reduceA)
    9793. 

  9793. {
    9794. 

  9794. #ifndef WOLFSSL_SMALL_STACK
    9795. 

  9795.     sp_digit t[32][192];
    9796. 

  9796. #else
    9797. 

  9797.     sp_digit* t[32];
    9798. 

  9798.     sp_digit* td;
    9799. 

  9799. #endif
    9800. 

  9800.     sp_digit* norm;
    9801. 

  9801.     sp_digit mp = 1;
    9802. 

  9802.     sp_digit n;
    9803. 

  9803.     sp_digit mask;
    9804. 

  9804.     int i;
    9805. 

  9805.     int c, y;
    9806. 

  9806.     int err = MP_OKAY;
    9807. 

  9807. 

  9808. #ifdef WOLFSSL_SMALL_STACK
    9809. 

  9809.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 192, NULL,
    9810. 

  9810.                             DYNAMIC_TYPE_TMP_BUFFER);
    9811. 

  9811.     if (td == NULL) {
    9812. 

  9812.         err = MEMORY_E;
    9813. 

  9813.     }
    9814. 

  9814. #endif
    9815. 

  9815. 

  9816.     if (err == MP_OKAY) {
    9817. 

  9817. #ifdef WOLFSSL_SMALL_STACK
    9818. 

  9818.         for (i=0; i<32; i++) {
    9819. 

  9819.             t[i] = td + i * 192;
    9820. 

  9820.         }
    9821. 

  9821. #endif
    9822. 

  9822.         norm = t[0];
    9823. 

  9823. 

  9824.         sp_3072_mont_setup(m, &mp);
    9825. 

  9825.         sp_3072_mont_norm_96(norm, m);
    9826. 

  9826. 

  9827.         XMEMSET(t[1], 0, sizeof(sp_digit) * 96U);
    9828. 

  9828.         if (reduceA != 0) {
    9829. 

  9829.             err = sp_3072_mod_96(t[1] + 96, a, m);
    9830. 

  9830.             if (err == MP_OKAY) {
    9831. 

  9831.                 err = sp_3072_mod_96(t[1], t[1], m);
    9832. 

  9832.             }
    9833. 

  9833.         }
    9834. 

  9834.         else {
    9835. 

  9835.             XMEMCPY(t[1] + 96, a, sizeof(sp_digit) * 96);
    9836. 

  9836.             err = sp_3072_mod_96(t[1], t[1], m);
    9837. 

  9837.         }
    9838. 

  9838.     }
    9839. 

  9839. 

  9840.     if (err == MP_OKAY) {
    9841. 

  9841.         sp_3072_mont_sqr_96(t[ 2], t[ 1], m, mp);
    9842. 

  9842.         sp_3072_mont_mul_96(t[ 3], t[ 2], t[ 1], m, mp);
    9843. 

  9843.         sp_3072_mont_sqr_96(t[ 4], t[ 2], m, mp);
    9844. 

  9844.         sp_3072_mont_mul_96(t[ 5], t[ 3], t[ 2], m, mp);
    9845. 

  9845.         sp_3072_mont_sqr_96(t[ 6], t[ 3], m, mp);
    9846. 

  9846.         sp_3072_mont_mul_96(t[ 7], t[ 4], t[ 3], m, mp);
    9847. 

  9847.         sp_3072_mont_sqr_96(t[ 8], t[ 4], m, mp);
    9848. 

  9848.         sp_3072_mont_mul_96(t[ 9], t[ 5], t[ 4], m, mp);
    9849. 

  9849.         sp_3072_mont_sqr_96(t[10], t[ 5], m, mp);
    9850. 

  9850.         sp_3072_mont_mul_96(t[11], t[ 6], t[ 5], m, mp);
    9851. 

  9851.         sp_3072_mont_sqr_96(t[12], t[ 6], m, mp);
    9852. 

  9852.         sp_3072_mont_mul_96(t[13], t[ 7], t[ 6], m, mp);
    9853. 

  9853.         sp_3072_mont_sqr_96(t[14], t[ 7], m, mp);
    9854. 

  9854.         sp_3072_mont_mul_96(t[15], t[ 8], t[ 7], m, mp);
    9855. 

  9855.         sp_3072_mont_sqr_96(t[16], t[ 8], m, mp);
    9856. 

  9856.         sp_3072_mont_mul_96(t[17], t[ 9], t[ 8], m, mp);
    9857. 

  9857.         sp_3072_mont_sqr_96(t[18], t[ 9], m, mp);
    9858. 

  9858.         sp_3072_mont_mul_96(t[19], t[10], t[ 9], m, mp);
    9859. 

  9859.         sp_3072_mont_sqr_96(t[20], t[10], m, mp);
    9860. 

  9860.         sp_3072_mont_mul_96(t[21], t[11], t[10], m, mp);
    9861. 

  9861.         sp_3072_mont_sqr_96(t[22], t[11], m, mp);
    9862. 

  9862.         sp_3072_mont_mul_96(t[23], t[12], t[11], m, mp);
    9863. 

  9863.         sp_3072_mont_sqr_96(t[24], t[12], m, mp);
    9864. 

  9864.         sp_3072_mont_mul_96(t[25], t[13], t[12], m, mp);
    9865. 

  9865.         sp_3072_mont_sqr_96(t[26], t[13], m, mp);
    9866. 

  9866.         sp_3072_mont_mul_96(t[27], t[14], t[13], m, mp);
    9867. 

  9867.         sp_3072_mont_sqr_96(t[28], t[14], m, mp);
    9868. 

  9868.         sp_3072_mont_mul_96(t[29], t[15], t[14], m, mp);
    9869. 

  9869.         sp_3072_mont_sqr_96(t[30], t[15], m, mp);
    9870. 

  9870.         sp_3072_mont_mul_96(t[31], t[16], t[15], m, mp);
    9871. 

  9871. 

  9872.         i = (bits - 1) / 32;
    9873. 

  9873.         n = e[i--];
    9874. 

  9874.         c = bits & 31;
    9875. 

  9875.         if (c == 0) {
    9876. 

  9876.             c = 32;
    9877. 

  9877.         }
    9878. 

  9878.         c -= bits % 5;
    9879. 

  9879.         if (c == 32) {
    9880. 

  9880.             c = 27;
    9881. 

  9881.         }
    9882. 

  9882.         y = (int)(n >> c);
    9883. 

  9883.         n <<= 32 - c;
    9884. 

  9884.         XMEMCPY(r, t[y], sizeof(sp_digit) * 96);
    9885. 

  9885.         for (; i>=0 || c>=5; ) {
    9886. 

  9886.             if (c == 0) {
    9887. 

  9887.                 n = e[i--];
    9888. 

  9888.                 y = n >> 27;
    9889. 

  9889.                 n <<= 5;
    9890. 

  9890.                 c = 27;
    9891. 

  9891.             }
    9892. 

  9892.             else if (c < 5) {
    9893. 

  9893.                 y = n >> 27;
    9894. 

  9894.                 n = e[i--];
    9895. 

  9895.                 c = 5 - c;
    9896. 

  9896.                 y |= n >> (32 - c);
    9897. 

  9897.                 n <<= c;
    9898. 

  9898.                 c = 32 - c;
    9899. 

  9899.             }
    9900. 

  9900.             else {
    9901. 

  9901.                 y = (n >> 27) & 0x1f;
    9902. 

  9902.                 n <<= 5;
    9903. 

  9903.                 c -= 5;
    9904. 

  9904.             }
    9905. 

  9905. 

  9906.             sp_3072_mont_sqr_96(r, r, m, mp);
    9907. 

  9907.             sp_3072_mont_sqr_96(r, r, m, mp);
    9908. 

  9908.             sp_3072_mont_sqr_96(r, r, m, mp);
    9909. 

  9909.             sp_3072_mont_sqr_96(r, r, m, mp);
    9910. 

  9910.             sp_3072_mont_sqr_96(r, r, m, mp);
    9911. 

  9911. 

  9912.             sp_3072_mont_mul_96(r, r, t[y], m, mp);
    9913. 

  9913.         }
    9914. 

  9914. 

  9915.         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
    9916. 

  9916.         sp_3072_mont_reduce_96(r, m, mp);
    9917. 

  9917. 

  9918.         mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
    9919. 

  9919.         sp_3072_cond_sub_96(r, r, m, mask);
    9920. 

  9920.     }
    9921. 

  9921. 

  9922. #ifdef WOLFSSL_SMALL_STACK
    9923. 

  9923.     if (td != NULL) {
    9924. 

  9924.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    9925. 

  9925.     }
    9926. 

  9926. #endif
    9927. 

  9927. 

  9928.     return err;
    9929. 

  9929. }
    9930. 

  9930. #endif /* WOLFSSL_SP_SMALL */
    9931. 

  9931. #endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */
    9932. 

  9932. 

  9933. #ifdef WOLFSSL_HAVE_SP_RSA
    9934. 

  9934. /* RSA public key operation.
    9935. 

  9935.  *
    9936. 

  9936.  * in      Array of bytes representing the number to exponentiate, base.
    9937. 

  9937.  * inLen   Number of bytes in base.
    9938. 

  9938.  * em      Public exponent.
    9939. 

  9939.  * mm      Modulus.
    9940. 

  9940.  * out     Buffer to hold big-endian bytes of exponentiation result.
    9941. 

  9941.  *         Must be at least 384 bytes long.
    9942. 

  9942.  * outLen  Number of bytes in result.
    9943. 

  9943.  * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
    9944. 

  9944.  * an array is too long and MEMORY_E when dynamic memory allocation fails.
    9945. 

  9945.  */
    9946. 

  9946. int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
    9947. 

  9947.     byte* out, word32* outLen)
    9948. 

  9948. {
    9949. 

  9949. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    9950. 

  9950.     sp_digit ad[192], md[96], rd[192];
    9951. 

  9951. #else
    9952. 

  9952.     sp_digit* d = NULL;
    9953. 

  9953. #endif
    9954. 

  9954.     sp_digit* a;
    9955. 

  9955.     sp_digit *ah;
    9956. 

  9956.     sp_digit* m;
    9957. 

  9957.     sp_digit* r;
    9958. 

  9958.     sp_digit e[1];
    9959. 

  9959.     int err = MP_OKAY;
    9960. 

  9960. 

  9961.     if (*outLen < 384)
    9962. 

  9962.         err = MP_TO_E;
    9963. 

  9963.     if (err == MP_OKAY && (mp_count_bits(em) > 32 || inLen > 384 ||
    9964. 

  9964.                                                      mp_count_bits(mm) != 3072))
    9965. 

  9965.         err = MP_READ_E;
    9966. 

  9966. 

  9967. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    9968. 

  9968.     if (err == MP_OKAY) {
    9969. 

  9969.         d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
    9970. 

  9970.                                                               DYNAMIC_TYPE_RSA);
    9971. 

  9971.         if (d == NULL)
    9972. 

  9972.             err = MEMORY_E;
    9973. 

  9973.     }
    9974. 

  9974. 

  9975.     if (err == MP_OKAY) {
    9976. 

  9976.         a = d;
    9977. 

  9977.         r = a + 96 * 2;
    9978. 

  9978.         m = r + 96 * 2;
    9979. 

  9979.         ah = a + 96;
    9980. 

  9980.     }
    9981. 

  9981. #else
    9982. 

  9982.     a = ad;
    9983. 

  9983.     m = md;
    9984. 

  9984.     r = rd;
    9985. 

  9985.     ah = a + 96;
    9986. 

  9986. #endif
    9987. 

  9987. 

  9988.     if (err == MP_OKAY) {
    9989. 

  9989.         sp_3072_from_bin(ah, 96, in, inLen);
    9990. 

  9990. #if DIGIT_BIT >= 32
    9991. 

  9991.         e[0] = em->dp[0];
    9992. 

  9992. #else
    9993. 

  9993.         e[0] = em->dp[0];
    9994. 

  9994.         if (em->used > 1)
    9995. 

  9995.             e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
    9996. 

  9996. #endif
    9997. 

  9997.         if (e[0] == 0)
    9998. 

  9998.             err = MP_EXPTMOD_E;
    9999. 

  9999.     }
    10000. 

  10000.     if (err == MP_OKAY) {
    10001. 

  10001.         sp_3072_from_mp(m, 96, mm);
    10002. 

  10002. 

  10003.         if (e[0] == 0x3) {
    10004. 

  10004.             if (err == MP_OKAY) {
    10005. 

  10005.                 sp_3072_sqr_96(r, ah);
    10006. 

  10006.                 err = sp_3072_mod_96_cond(r, r, m);
    10007. 

  10007.             }
    10008. 

  10008.             if (err == MP_OKAY) {
    10009. 

  10009.                 sp_3072_mul_96(r, ah, r);
    10010. 

  10010.                 err = sp_3072_mod_96_cond(r, r, m);
    10011. 

  10011.             }
    10012. 

  10012.         }
    10013. 

  10013.         else {
    10014. 

  10014.             int i;
    10015. 

  10015.             sp_digit mp;
    10016. 

  10016. 

  10017.             sp_3072_mont_setup(m, &mp);
    10018. 

  10018. 

  10019.             /* Convert to Montgomery form. */
    10020. 

  10020.             XMEMSET(a, 0, sizeof(sp_digit) * 96);
    10021. 

  10021.             err = sp_3072_mod_96_cond(a, a, m);
    10022. 

  10022. 

  10023.             if (err == MP_OKAY) {
    10024. 

  10024.                 for (i=31; i>=0; i--)
    10025. 

  10025.                     if (e[0] >> i)
    10026. 

  10026.                         break;
    10027. 

  10027. 

  10028.                 XMEMCPY(r, a, sizeof(sp_digit) * 96);
    10029. 

  10029.                 for (i--; i>=0; i--) {
    10030. 

  10030.                     sp_3072_mont_sqr_96(r, r, m, mp);
    10031. 

  10031.                     if (((e[0] >> i) & 1) == 1)
    10032. 

  10032.                         sp_3072_mont_mul_96(r, r, a, m, mp);
    10033. 

  10033.                 }
    10034. 

  10034.                 XMEMSET(&r[96], 0, sizeof(sp_digit) * 96);
    10035. 

  10035.                 sp_3072_mont_reduce_96(r, m, mp);
    10036. 

  10036. 

  10037.                 for (i = 95; i > 0; i--) {
    10038. 

  10038.                     if (r[i] != m[i])
    10039. 

  10039.                         break;
    10040. 

  10040.                 }
    10041. 

  10041.                 if (r[i] >= m[i])
    10042. 

  10042.                     sp_3072_sub_in_place_96(r, m);
    10043. 

  10043.             }
    10044. 

  10044.         }
    10045. 

  10045.     }
    10046. 

  10046. 

  10047.     if (err == MP_OKAY) {
    10048. 

  10048.         sp_3072_to_bin(r, out);
    10049. 

  10049.         *outLen = 384;
    10050. 

  10050.     }
    10051. 

  10051. 

  10052. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    10053. 

  10053.     if (d != NULL)
    10054. 

  10054.         XFREE(d, NULL, DYNAMIC_TYPE_RSA);
    10055. 

  10055. #endif
    10056. 

  10056. 

  10057.     return err;
    10058. 

  10058. }
    10059. 

  10059. 

  10060. /* RSA private key operation.
    10061. 

  10061.  *
    10062. 

  10062.  * in      Array of bytes representing the number to exponentiate, base.
    10063. 

  10063.  * inLen   Number of bytes in base.
    10064. 

  10064.  * dm      Private exponent.
    10065. 

  10065.  * pm      First prime.
    10066. 

  10066.  * qm      Second prime.
    10067. 

  10067.  * dpm     First prime's CRT exponent.
    10068. 

  10068.  * dqm     Second prime's CRT exponent.
    10069. 

  10069.  * qim     Inverse of second prime mod p.
    10070. 

  10070.  * mm      Modulus.
    10071. 

  10071.  * out     Buffer to hold big-endian bytes of exponentiation result.
    10072. 

  10072.  *         Must be at least 384 bytes long.
    10073. 

  10073.  * outLen  Number of bytes in result.
    10074. 

  10074.  * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
    10075. 

  10075.  * an array is too long and MEMORY_E when dynamic memory allocation fails.
    10076. 

  10076.  */
    10077. 

  10077. int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
    10078. 

  10078.     mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, mp_int* mm,
    10079. 

  10079.     byte* out, word32* outLen)
    10080. 

  10080. {
    10081. 

  10081. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    10082. 

  10082.     sp_digit ad[96 * 2];
    10083. 

  10083.     sp_digit pd[48], qd[48], dpd[48];
    10084. 

  10084.     sp_digit tmpad[96], tmpbd[96];
    10085. 

  10085. #else
    10086. 

  10086.     sp_digit* t = NULL;
    10087. 

  10087. #endif
    10088. 

  10088.     sp_digit* a;
    10089. 

  10089.     sp_digit* p;
    10090. 

  10090.     sp_digit* q;
    10091. 

  10091.     sp_digit* dp;
    10092. 

  10092.     sp_digit* dq;
    10093. 

  10093.     sp_digit* qi;
    10094. 

  10094.     sp_digit* tmp;
    10095. 

  10095.     sp_digit* tmpa;
    10096. 

  10096.     sp_digit* tmpb;
    10097. 

  10097.     sp_digit* r;
    10098. 

  10098.     sp_digit c;
    10099. 

  10099.     int err = MP_OKAY;
    10100. 

  10100. 

  10101.     (void)dm;
    10102. 

  10102.     (void)mm;
    10103. 

  10103. 

  10104.     if (*outLen < 384)
    10105. 

  10105.         err = MP_TO_E;
    10106. 

  10106.     if (err == MP_OKAY && (inLen > 384 || mp_count_bits(mm) != 3072))
    10107. 

  10107.         err = MP_READ_E;
    10108. 

  10108. 

  10109. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    10110. 

  10110.     if (err == MP_OKAY) {
    10111. 

  10111.         t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
    10112. 

  10112.                                                               DYNAMIC_TYPE_RSA);
    10113. 

  10113.         if (t == NULL)
    10114. 

  10114.             err = MEMORY_E;
    10115. 

  10115.     }
    10116. 

  10116.     if (err == MP_OKAY) {
    10117. 

  10117.         a = t;
    10118. 

  10118.         p = a + 96 * 2;
    10119. 

  10119.         q = p + 48;
    10120. 

  10120.         qi = dq = dp = q + 48;
    10121. 

  10121.         tmpa = qi + 48;
    10122. 

  10122.         tmpb = tmpa + 96;
    10123. 

  10123. 

  10124.         tmp = t;
    10125. 

  10125.         r = tmp + 96;
    10126. 

  10126.     }
    10127. 

  10127. #else
    10128. 

  10128.     r = a = ad;
    10129. 

  10129.     p = pd;
    10130. 

  10130.     q = qd;
    10131. 

  10131.     qi = dq = dp = dpd;
    10132. 

  10132.     tmpa = tmpad;
    10133. 

  10133.     tmpb = tmpbd;
    10134. 

  10134.     tmp = a + 96;
    10135. 

  10135. #endif
    10136. 

  10136. 

  10137.     if (err == MP_OKAY) {
    10138. 

  10138.         sp_3072_from_bin(a, 96, in, inLen);
    10139. 

  10139.         sp_3072_from_mp(p, 48, pm);
    10140. 

  10140.         sp_3072_from_mp(q, 48, qm);
    10141. 

  10141.         sp_3072_from_mp(dp, 48, dpm);
    10142. 

  10142. 

  10143.         err = sp_3072_mod_exp_48(tmpa, a, dp, 1536, p, 1);
    10144. 

  10144.     }
    10145. 

  10145.     if (err == MP_OKAY) {
    10146. 

  10146.         sp_3072_from_mp(dq, 48, dqm);
    10147. 

  10147.         err = sp_3072_mod_exp_48(tmpb, a, dq, 1536, q, 1);
    10148. 

  10148.     }
    10149. 

  10149. 

  10150.     if (err == MP_OKAY) {
    10151. 

  10151.         c = sp_3072_sub_in_place_48(tmpa, tmpb);
    10152. 

  10152.         sp_3072_mask_48(tmp, p, c);
    10153. 

  10153.         sp_3072_add_48(tmpa, tmpa, tmp);
    10154. 

  10154. 

  10155.         sp_3072_from_mp(qi, 48, qim);
    10156. 

  10156.         sp_3072_mul_48(tmpa, tmpa, qi);
    10157. 

  10157.         err = sp_3072_mod_48(tmpa, tmpa, p);
    10158. 

  10158.     }
    10159. 

  10159. 

  10160.     if (err == MP_OKAY) {
    10161. 

  10161.         sp_3072_mul_48(tmpa, q, tmpa);
    10162. 

  10162.         XMEMSET(&tmpb[48], 0, sizeof(sp_digit) * 48);
    10163. 

  10163.         sp_3072_add_96(r, tmpb, tmpa);
    10164. 

  10164. 

  10165.         sp_3072_to_bin(r, out);
    10166. 

  10166.         *outLen = 384;
    10167. 

  10167.     }
    10168. 

  10168. 

  10169. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    10170. 

  10170.     if (t != NULL) {
    10171. 

  10171.         XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11);
    10172. 

  10172.         XFREE(t, NULL, DYNAMIC_TYPE_RSA);
    10173. 

  10173.     }
    10174. 

  10174. #else
    10175. 

  10175.     XMEMSET(tmpad, 0, sizeof(tmpad));
    10176. 

  10176.     XMEMSET(tmpbd, 0, sizeof(tmpbd));
    10177. 

  10177.     XMEMSET(pd, 0, sizeof(pd));
    10178. 

  10178.     XMEMSET(qd, 0, sizeof(qd));
    10179. 

  10179.     XMEMSET(dpd, 0, sizeof(dpd));
    10180. 

  10180. #endif
    10181. 

  10181. 

  10182.     return err;
    10183. 

  10183. }
    10184. 

  10184. #endif /* WOLFSSL_HAVE_SP_RSA */
    10185. 

  10185. #if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
    10186. 

  10186.                                               !defined(WOLFSSL_RSA_PUBLIC_ONLY))
    10187. 

  10187. /* Convert an array of sp_digit to an mp_int.
    10188. 

  10188.  *
    10189. 

  10189.  * a  A single precision integer.
    10190. 

  10190.  * r  A multi-precision integer.
    10191. 

  10191.  */
    10192. 

  10192. static int sp_3072_to_mp(const sp_digit* a, mp_int* r)
    10193. 

  10193. {
    10194. 

  10194.     int err;
    10195. 

  10195. 

  10196.     err = mp_grow(r, (3072 + DIGIT_BIT - 1) / DIGIT_BIT);
    10197. 

  10197.     if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
    10198. 

  10198. #if DIGIT_BIT == 32
    10199. 

  10199.         XMEMCPY(r->dp, a, sizeof(sp_digit) * 96);
    10200. 

  10200.         r->used = 96;
    10201. 

  10201.         mp_clamp(r);
    10202. 

  10202. #elif DIGIT_BIT < 32
    10203. 

  10203.         int i, j = 0, s = 0;
    10204. 

  10204. 

  10205.         r->dp[0] = 0;
    10206. 

  10206.         for (i = 0; i < 96; i++) {
    10207. 

  10207.             r->dp[j] |= a[i] << s;
    10208. 

  10208.             r->dp[j] &= (1L << DIGIT_BIT) - 1;
    10209. 

  10209.             s = DIGIT_BIT - s;
    10210. 

  10210.             r->dp[++j] = a[i] >> s;
    10211. 

  10211.             while (s + DIGIT_BIT <= 32) {
    10212. 

  10212.                 s += DIGIT_BIT;
    10213. 

  10213.                 r->dp[j++] &= (1L << DIGIT_BIT) - 1;
    10214. 

  10214.                 if (s == SP_WORD_SIZE) {
    10215. 

  10215.                     r->dp[j] = 0;
    10216. 

  10216.                 }
    10217. 

  10217.                 else {
    10218. 

  10218.                     r->dp[j] = a[i] >> s;
    10219. 

  10219.                 }
    10220. 

  10220.             }
    10221. 

  10221.             s = 32 - s;
    10222. 

  10222.         }
    10223. 

  10223.         r->used = (3072 + DIGIT_BIT - 1) / DIGIT_BIT;
    10224. 

  10224.         mp_clamp(r);
    10225. 

  10225. #else
    10226. 

  10226.         int i, j = 0, s = 0;
    10227. 

  10227. 

  10228.         r->dp[0] = 0;
    10229. 

  10229.         for (i = 0; i < 96; i++) {
    10230. 

  10230.             r->dp[j] |= ((mp_digit)a[i]) << s;
    10231. 

  10231.             if (s + 32 >= DIGIT_BIT) {
    10232. 

  10232.     #if DIGIT_BIT != 32 && DIGIT_BIT != 64
    10233. 

  10233.                 r->dp[j] &= (1L << DIGIT_BIT) - 1;
    10234. 

  10234.     #endif
    10235. 

  10235.                 s = DIGIT_BIT - s;
    10236. 

  10236.                 r->dp[++j] = a[i] >> s;
    10237. 

  10237.                 s = 32 - s;
    10238. 

  10238.             }
    10239. 

  10239.             else {
    10240. 

  10240.                 s += 32;
    10241. 

  10241.             }
    10242. 

  10242.         }
    10243. 

  10243.         r->used = (3072 + DIGIT_BIT - 1) / DIGIT_BIT;
    10244. 

  10244.         mp_clamp(r);
    10245. 

  10245. #endif
    10246. 

  10246.     }
    10247. 

  10247. 

  10248.     return err;
    10249. 

  10249. }
    10250. 

  10250. 

  10251. /* Perform the modular exponentiation for Diffie-Hellman.
    10252. 

  10252.  *
    10253. 

  10253.  * base  Base. MP integer.
    10254. 

  10254.  * exp   Exponent. MP integer.
    10255. 

  10255.  * mod   Modulus. MP integer.
    10256. 

  10256.  * res   Result. MP integer.
    10257. 

  10257.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    10258. 

  10258.  * and MEMORY_E if memory allocation fails.
    10259. 

  10259.  */
    10260. 

  10260. int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
    10261. 

  10261. {
    10262. 

  10262.     int err = MP_OKAY;
    10263. 

  10263.     sp_digit b[192], e[96], m[96];
    10264. 

  10264.     sp_digit* r = b;
    10265. 

  10265.     int expBits = mp_count_bits(exp);
    10266. 

  10266. 

  10267.     if (mp_count_bits(base) > 3072) {
    10268. 

  10268.         err = MP_READ_E;
    10269. 

  10269.     }
    10270. 

  10270. 

  10271.     if (err == MP_OKAY) {
    10272. 

  10272.         if (expBits > 3072) {
    10273. 

  10273.             err = MP_READ_E;
    10274. 

  10274.         }
    10275. 

  10275.     }
    10276. 

  10276. 

  10277.     if (err == MP_OKAY) {
    10278. 

  10278.         if (mp_count_bits(mod) != 3072) {
    10279. 

  10279.             err = MP_READ_E;
    10280. 

  10280.         }
    10281. 

  10281.     }
    10282. 

  10282. 

  10283.     if (err == MP_OKAY) {
    10284. 

  10284.         sp_3072_from_mp(b, 96, base);
    10285. 

  10285.         sp_3072_from_mp(e, 96, exp);
    10286. 

  10286.         sp_3072_from_mp(m, 96, mod);
    10287. 

  10287. 

  10288.         err = sp_3072_mod_exp_96(r, b, e, expBits, m, 0);
    10289. 

  10289.     }
    10290. 

  10290. 

  10291.     if (err == MP_OKAY) {
    10292. 

  10292.         err = sp_3072_to_mp(r, res);
    10293. 

  10293.     }
    10294. 

  10294. 

  10295.     XMEMSET(e, 0, sizeof(e));
    10296. 

  10296. 

  10297.     return err;
    10298. 

  10298. }
    10299. 

  10299. 

  10300. #ifdef WOLFSSL_HAVE_SP_DH
    10301. 

  10301. 

  10302. #ifdef HAVE_FFDHE_3072
    10303. 

  10303. static void sp_3072_lshift_96(sp_digit* r, sp_digit* a, byte n)
    10304. 

  10304. {
    10305. 

  10305.     __asm__ __volatile__ (
    10306. 

  10306.         "mov	r6, #31\n\t"
    10307. 

  10307.         "sub	r6, r6, %[n]\n\t"
    10308. 

  10308.         "add	%[a], %[a], #255\n\t"
    10309. 

  10309.         "add	%[r], %[r], #255\n\t"
    10310. 

  10310.         "add	%[a], %[a], #65\n\t"
    10311. 

  10311.         "add	%[r], %[r], #65\n\t"
    10312. 

  10312.         "ldr	r3, [%[a], #60]\n\t"
    10313. 

  10313.         "lsr	r4, r3, #1\n\t"
    10314. 

  10314.         "lsl	r3, r3, %[n]\n\t"
    10315. 

  10315.         "lsr	r4, r4, r6\n\t"
    10316. 

  10316.         "ldr	r2, [%[a], #56]\n\t"
    10317. 

  10317.         "str	r4, [%[r], #64]\n\t"
    10318. 

  10318.         "lsr	r5, r2, #1\n\t"
    10319. 

  10319.         "lsl	r2, r2, %[n]\n\t"
    10320. 

  10320.         "lsr	r5, r5, r6\n\t"
    10321. 

  10321.         "orr	r3, r3, r5\n\t"
    10322. 

  10322.         "ldr	r4, [%[a], #52]\n\t"
    10323. 

  10323.         "str	r3, [%[r], #60]\n\t"
    10324. 

  10324.         "lsr	r5, r4, #1\n\t"
    10325. 

  10325.         "lsl	r4, r4, %[n]\n\t"
    10326. 

  10326.         "lsr	r5, r5, r6\n\t"
    10327. 

  10327.         "orr	r2, r2, r5\n\t"
    10328. 

  10328.         "ldr	r3, [%[a], #48]\n\t"
    10329. 

  10329.         "str	r2, [%[r], #56]\n\t"
    10330. 

  10330.         "lsr	r5, r3, #1\n\t"
    10331. 

  10331.         "lsl	r3, r3, %[n]\n\t"
    10332. 

  10332.         "lsr	r5, r5, r6\n\t"
    10333. 

  10333.         "orr	r4, r4, r5\n\t"
    10334. 

  10334.         "ldr	r2, [%[a], #44]\n\t"
    10335. 

  10335.         "str	r4, [%[r], #52]\n\t"
    10336. 

  10336.         "lsr	r5, r2, #1\n\t"
    10337. 

  10337.         "lsl	r2, r2, %[n]\n\t"
    10338. 

  10338.         "lsr	r5, r5, r6\n\t"
    10339. 

  10339.         "orr	r3, r3, r5\n\t"
    10340. 

  10340.         "ldr	r4, [%[a], #40]\n\t"
    10341. 

  10341.         "str	r3, [%[r], #48]\n\t"
    10342. 

  10342.         "lsr	r5, r4, #1\n\t"
    10343. 

  10343.         "lsl	r4, r4, %[n]\n\t"
    10344. 

  10344.         "lsr	r5, r5, r6\n\t"
    10345. 

  10345.         "orr	r2, r2, r5\n\t"
    10346. 

  10346.         "ldr	r3, [%[a], #36]\n\t"
    10347. 

  10347.         "str	r2, [%[r], #44]\n\t"
    10348. 

  10348.         "lsr	r5, r3, #1\n\t"
    10349. 

  10349.         "lsl	r3, r3, %[n]\n\t"
    10350. 

  10350.         "lsr	r5, r5, r6\n\t"
    10351. 

  10351.         "orr	r4, r4, r5\n\t"
    10352. 

  10352.         "ldr	r2, [%[a], #32]\n\t"
    10353. 

  10353.         "str	r4, [%[r], #40]\n\t"
    10354. 

  10354.         "lsr	r5, r2, #1\n\t"
    10355. 

  10355.         "lsl	r2, r2, %[n]\n\t"
    10356. 

  10356.         "lsr	r5, r5, r6\n\t"
    10357. 

  10357.         "orr	r3, r3, r5\n\t"
    10358. 

  10358.         "ldr	r4, [%[a], #28]\n\t"
    10359. 

  10359.         "str	r3, [%[r], #36]\n\t"
    10360. 

  10360.         "lsr	r5, r4, #1\n\t"
    10361. 

  10361.         "lsl	r4, r4, %[n]\n\t"
    10362. 

  10362.         "lsr	r5, r5, r6\n\t"
    10363. 

  10363.         "orr	r2, r2, r5\n\t"
    10364. 

  10364.         "ldr	r3, [%[a], #24]\n\t"
    10365. 

  10365.         "str	r2, [%[r], #32]\n\t"
    10366. 

  10366.         "lsr	r5, r3, #1\n\t"
    10367. 

  10367.         "lsl	r3, r3, %[n]\n\t"
    10368. 

  10368.         "lsr	r5, r5, r6\n\t"
    10369. 

  10369.         "orr	r4, r4, r5\n\t"
    10370. 

  10370.         "ldr	r2, [%[a], #20]\n\t"
    10371. 

  10371.         "str	r4, [%[r], #28]\n\t"
    10372. 

  10372.         "lsr	r5, r2, #1\n\t"
    10373. 

  10373.         "lsl	r2, r2, %[n]\n\t"
    10374. 

  10374.         "lsr	r5, r5, r6\n\t"
    10375. 

  10375.         "orr	r3, r3, r5\n\t"
    10376. 

  10376.         "ldr	r4, [%[a], #16]\n\t"
    10377. 

  10377.         "str	r3, [%[r], #24]\n\t"
    10378. 

  10378.         "lsr	r5, r4, #1\n\t"
    10379. 

  10379.         "lsl	r4, r4, %[n]\n\t"
    10380. 

  10380.         "lsr	r5, r5, r6\n\t"
    10381. 

  10381.         "orr	r2, r2, r5\n\t"
    10382. 

  10382.         "ldr	r3, [%[a], #12]\n\t"
    10383. 

  10383.         "str	r2, [%[r], #20]\n\t"
    10384. 

  10384.         "lsr	r5, r3, #1\n\t"
    10385. 

  10385.         "lsl	r3, r3, %[n]\n\t"
    10386. 

  10386.         "lsr	r5, r5, r6\n\t"
    10387. 

  10387.         "orr	r4, r4, r5\n\t"
    10388. 

  10388.         "ldr	r2, [%[a], #8]\n\t"
    10389. 

  10389.         "str	r4, [%[r], #16]\n\t"
    10390. 

  10390.         "lsr	r5, r2, #1\n\t"
    10391. 

  10391.         "lsl	r2, r2, %[n]\n\t"
    10392. 

  10392.         "lsr	r5, r5, r6\n\t"
    10393. 

  10393.         "orr	r3, r3, r5\n\t"
    10394. 

  10394.         "ldr	r4, [%[a], #4]\n\t"
    10395. 

  10395.         "str	r3, [%[r], #12]\n\t"
    10396. 

  10396.         "lsr	r5, r4, #1\n\t"
    10397. 

  10397.         "lsl	r4, r4, %[n]\n\t"
    10398. 

  10398.         "lsr	r5, r5, r6\n\t"
    10399. 

  10399.         "orr	r2, r2, r5\n\t"
    10400. 

  10400.         "ldr	r3, [%[a], #0]\n\t"
    10401. 

  10401.         "str	r2, [%[r], #8]\n\t"
    10402. 

  10402.         "lsr	r5, r3, #1\n\t"
    10403. 

  10403.         "lsl	r3, r3, %[n]\n\t"
    10404. 

  10404.         "lsr	r5, r5, r6\n\t"
    10405. 

  10405.         "orr	r4, r4, r5\n\t"
    10406. 

  10406.         "sub	%[a], %[a], #64\n\t"
    10407. 

  10407.         "sub	%[r], %[r], #64\n\t"
    10408. 

  10408.         "ldr	r2, [%[a], #60]\n\t"
    10409. 

  10409.         "str	r4, [%[r], #68]\n\t"
    10410. 

  10410.         "lsr	r5, r2, #1\n\t"
    10411. 

  10411.         "lsl	r2, r2, %[n]\n\t"
    10412. 

  10412.         "lsr	r5, r5, r6\n\t"
    10413. 

  10413.         "orr	r3, r3, r5\n\t"
    10414. 

  10414.         "ldr	r4, [%[a], #56]\n\t"
    10415. 

  10415.         "str	r3, [%[r], #64]\n\t"
    10416. 

  10416.         "lsr	r5, r4, #1\n\t"
    10417. 

  10417.         "lsl	r4, r4, %[n]\n\t"
    10418. 

  10418.         "lsr	r5, r5, r6\n\t"
    10419. 

  10419.         "orr	r2, r2, r5\n\t"
    10420. 

  10420.         "ldr	r3, [%[a], #52]\n\t"
    10421. 

  10421.         "str	r2, [%[r], #60]\n\t"
    10422. 

  10422.         "lsr	r5, r3, #1\n\t"
    10423. 

  10423.         "lsl	r3, r3, %[n]\n\t"
    10424. 

  10424.         "lsr	r5, r5, r6\n\t"
    10425. 

  10425.         "orr	r4, r4, r5\n\t"
    10426. 

  10426.         "ldr	r2, [%[a], #48]\n\t"
    10427. 

  10427.         "str	r4, [%[r], #56]\n\t"
    10428. 

  10428.         "lsr	r5, r2, #1\n\t"
    10429. 

  10429.         "lsl	r2, r2, %[n]\n\t"
    10430. 

  10430.         "lsr	r5, r5, r6\n\t"
    10431. 

  10431.         "orr	r3, r3, r5\n\t"
    10432. 

  10432.         "ldr	r4, [%[a], #44]\n\t"
    10433. 

  10433.         "str	r3, [%[r], #52]\n\t"
    10434. 

  10434.         "lsr	r5, r4, #1\n\t"
    10435. 

  10435.         "lsl	r4, r4, %[n]\n\t"
    10436. 

  10436.         "lsr	r5, r5, r6\n\t"
    10437. 

  10437.         "orr	r2, r2, r5\n\t"
    10438. 

  10438.         "ldr	r3, [%[a], #40]\n\t"
    10439. 

  10439.         "str	r2, [%[r], #48]\n\t"
    10440. 

  10440.         "lsr	r5, r3, #1\n\t"
    10441. 

  10441.         "lsl	r3, r3, %[n]\n\t"
    10442. 

  10442.         "lsr	r5, r5, r6\n\t"
    10443. 

  10443.         "orr	r4, r4, r5\n\t"
    10444. 

  10444.         "ldr	r2, [%[a], #36]\n\t"
    10445. 

  10445.         "str	r4, [%[r], #44]\n\t"
    10446. 

  10446.         "lsr	r5, r2, #1\n\t"
    10447. 

  10447.         "lsl	r2, r2, %[n]\n\t"
    10448. 

  10448.         "lsr	r5, r5, r6\n\t"
    10449. 

  10449.         "orr	r3, r3, r5\n\t"
    10450. 

  10450.         "ldr	r4, [%[a], #32]\n\t"
    10451. 

  10451.         "str	r3, [%[r], #40]\n\t"
    10452. 

  10452.         "lsr	r5, r4, #1\n\t"
    10453. 

  10453.         "lsl	r4, r4, %[n]\n\t"
    10454. 

  10454.         "lsr	r5, r5, r6\n\t"
    10455. 

  10455.         "orr	r2, r2, r5\n\t"
    10456. 

  10456.         "ldr	r3, [%[a], #28]\n\t"
    10457. 

  10457.         "str	r2, [%[r], #36]\n\t"
    10458. 

  10458.         "lsr	r5, r3, #1\n\t"
    10459. 

  10459.         "lsl	r3, r3, %[n]\n\t"
    10460. 

  10460.         "lsr	r5, r5, r6\n\t"
    10461. 

  10461.         "orr	r4, r4, r5\n\t"
    10462. 

  10462.         "ldr	r2, [%[a], #24]\n\t"
    10463. 

  10463.         "str	r4, [%[r], #32]\n\t"
    10464. 

  10464.         "lsr	r5, r2, #1\n\t"
    10465. 

  10465.         "lsl	r2, r2, %[n]\n\t"
    10466. 

  10466.         "lsr	r5, r5, r6\n\t"
    10467. 

  10467.         "orr	r3, r3, r5\n\t"
    10468. 

  10468.         "ldr	r4, [%[a], #20]\n\t"
    10469. 

  10469.         "str	r3, [%[r], #28]\n\t"
    10470. 

  10470.         "lsr	r5, r4, #1\n\t"
    10471. 

  10471.         "lsl	r4, r4, %[n]\n\t"
    10472. 

  10472.         "lsr	r5, r5, r6\n\t"
    10473. 

  10473.         "orr	r2, r2, r5\n\t"
    10474. 

  10474.         "ldr	r3, [%[a], #16]\n\t"
    10475. 

  10475.         "str	r2, [%[r], #24]\n\t"
    10476. 

  10476.         "lsr	r5, r3, #1\n\t"
    10477. 

  10477.         "lsl	r3, r3, %[n]\n\t"
    10478. 

  10478.         "lsr	r5, r5, r6\n\t"
    10479. 

  10479.         "orr	r4, r4, r5\n\t"
    10480. 

  10480.         "ldr	r2, [%[a], #12]\n\t"
    10481. 

  10481.         "str	r4, [%[r], #20]\n\t"
    10482. 

  10482.         "lsr	r5, r2, #1\n\t"
    10483. 

  10483.         "lsl	r2, r2, %[n]\n\t"
    10484. 

  10484.         "lsr	r5, r5, r6\n\t"
    10485. 

  10485.         "orr	r3, r3, r5\n\t"
    10486. 

  10486.         "ldr	r4, [%[a], #8]\n\t"
    10487. 

  10487.         "str	r3, [%[r], #16]\n\t"
    10488. 

  10488.         "lsr	r5, r4, #1\n\t"
    10489. 

  10489.         "lsl	r4, r4, %[n]\n\t"
    10490. 

  10490.         "lsr	r5, r5, r6\n\t"
    10491. 

  10491.         "orr	r2, r2, r5\n\t"
    10492. 

  10492.         "ldr	r3, [%[a], #4]\n\t"
    10493. 

  10493.         "str	r2, [%[r], #12]\n\t"
    10494. 

  10494.         "lsr	r5, r3, #1\n\t"
    10495. 

  10495.         "lsl	r3, r3, %[n]\n\t"
    10496. 

  10496.         "lsr	r5, r5, r6\n\t"
    10497. 

  10497.         "orr	r4, r4, r5\n\t"
    10498. 

  10498.         "ldr	r2, [%[a], #0]\n\t"
    10499. 

  10499.         "str	r4, [%[r], #8]\n\t"
    10500. 

  10500.         "lsr	r5, r2, #1\n\t"
    10501. 

  10501.         "lsl	r2, r2, %[n]\n\t"
    10502. 

  10502.         "lsr	r5, r5, r6\n\t"
    10503. 

  10503.         "orr	r3, r3, r5\n\t"
    10504. 

  10504.         "sub	%[a], %[a], #64\n\t"
    10505. 

  10505.         "sub	%[r], %[r], #64\n\t"
    10506. 

  10506.         "ldr	r4, [%[a], #60]\n\t"
    10507. 

  10507.         "str	r3, [%[r], #68]\n\t"
    10508. 

  10508.         "lsr	r5, r4, #1\n\t"
    10509. 

  10509.         "lsl	r4, r4, %[n]\n\t"
    10510. 

  10510.         "lsr	r5, r5, r6\n\t"
    10511. 

  10511.         "orr	r2, r2, r5\n\t"
    10512. 

  10512.         "ldr	r3, [%[a], #56]\n\t"
    10513. 

  10513.         "str	r2, [%[r], #64]\n\t"
    10514. 

  10514.         "lsr	r5, r3, #1\n\t"
    10515. 

  10515.         "lsl	r3, r3, %[n]\n\t"
    10516. 

  10516.         "lsr	r5, r5, r6\n\t"
    10517. 

  10517.         "orr	r4, r4, r5\n\t"
    10518. 

  10518.         "ldr	r2, [%[a], #52]\n\t"
    10519. 

  10519.         "str	r4, [%[r], #60]\n\t"
    10520. 

  10520.         "lsr	r5, r2, #1\n\t"
    10521. 

  10521.         "lsl	r2, r2, %[n]\n\t"
    10522. 

  10522.         "lsr	r5, r5, r6\n\t"
    10523. 

  10523.         "orr	r3, r3, r5\n\t"
    10524. 

  10524.         "ldr	r4, [%[a], #48]\n\t"
    10525. 

  10525.         "str	r3, [%[r], #56]\n\t"
    10526. 

  10526.         "lsr	r5, r4, #1\n\t"
    10527. 

  10527.         "lsl	r4, r4, %[n]\n\t"
    10528. 

  10528.         "lsr	r5, r5, r6\n\t"
    10529. 

  10529.         "orr	r2, r2, r5\n\t"
    10530. 

  10530.         "ldr	r3, [%[a], #44]\n\t"
    10531. 

  10531.         "str	r2, [%[r], #52]\n\t"
    10532. 

  10532.         "lsr	r5, r3, #1\n\t"
    10533. 

  10533.         "lsl	r3, r3, %[n]\n\t"
    10534. 

  10534.         "lsr	r5, r5, r6\n\t"
    10535. 

  10535.         "orr	r4, r4, r5\n\t"
    10536. 

  10536.         "ldr	r2, [%[a], #40]\n\t"
    10537. 

  10537.         "str	r4, [%[r], #48]\n\t"
    10538. 

  10538.         "lsr	r5, r2, #1\n\t"
    10539. 

  10539.         "lsl	r2, r2, %[n]\n\t"
    10540. 

  10540.         "lsr	r5, r5, r6\n\t"
    10541. 

  10541.         "orr	r3, r3, r5\n\t"
    10542. 

  10542.         "ldr	r4, [%[a], #36]\n\t"
    10543. 

  10543.         "str	r3, [%[r], #44]\n\t"
    10544. 

  10544.         "lsr	r5, r4, #1\n\t"
    10545. 

  10545.         "lsl	r4, r4, %[n]\n\t"
    10546. 

  10546.         "lsr	r5, r5, r6\n\t"
    10547. 

  10547.         "orr	r2, r2, r5\n\t"
    10548. 

  10548.         "ldr	r3, [%[a], #32]\n\t"
    10549. 

  10549.         "str	r2, [%[r], #40]\n\t"
    10550. 

  10550.         "lsr	r5, r3, #1\n\t"
    10551. 

  10551.         "lsl	r3, r3, %[n]\n\t"
    10552. 

  10552.         "lsr	r5, r5, r6\n\t"
    10553. 

  10553.         "orr	r4, r4, r5\n\t"
    10554. 

  10554.         "ldr	r2, [%[a], #28]\n\t"
    10555. 

  10555.         "str	r4, [%[r], #36]\n\t"
    10556. 

  10556.         "lsr	r5, r2, #1\n\t"
    10557. 

  10557.         "lsl	r2, r2, %[n]\n\t"
    10558. 

  10558.         "lsr	r5, r5, r6\n\t"
    10559. 

  10559.         "orr	r3, r3, r5\n\t"
    10560. 

  10560.         "ldr	r4, [%[a], #24]\n\t"
    10561. 

  10561.         "str	r3, [%[r], #32]\n\t"
    10562. 

  10562.         "lsr	r5, r4, #1\n\t"
    10563. 

  10563.         "lsl	r4, r4, %[n]\n\t"
    10564. 

  10564.         "lsr	r5, r5, r6\n\t"
    10565. 

  10565.         "orr	r2, r2, r5\n\t"
    10566. 

  10566.         "ldr	r3, [%[a], #20]\n\t"
    10567. 

  10567.         "str	r2, [%[r], #28]\n\t"
    10568. 

  10568.         "lsr	r5, r3, #1\n\t"
    10569. 

  10569.         "lsl	r3, r3, %[n]\n\t"
    10570. 

  10570.         "lsr	r5, r5, r6\n\t"
    10571. 

  10571.         "orr	r4, r4, r5\n\t"
    10572. 

  10572.         "ldr	r2, [%[a], #16]\n\t"
    10573. 

  10573.         "str	r4, [%[r], #24]\n\t"
    10574. 

  10574.         "lsr	r5, r2, #1\n\t"
    10575. 

  10575.         "lsl	r2, r2, %[n]\n\t"
    10576. 

  10576.         "lsr	r5, r5, r6\n\t"
    10577. 

  10577.         "orr	r3, r3, r5\n\t"
    10578. 

  10578.         "ldr	r4, [%[a], #12]\n\t"
    10579. 

  10579.         "str	r3, [%[r], #20]\n\t"
    10580. 

  10580.         "lsr	r5, r4, #1\n\t"
    10581. 

  10581.         "lsl	r4, r4, %[n]\n\t"
    10582. 

  10582.         "lsr	r5, r5, r6\n\t"
    10583. 

  10583.         "orr	r2, r2, r5\n\t"
    10584. 

  10584.         "ldr	r3, [%[a], #8]\n\t"
    10585. 

  10585.         "str	r2, [%[r], #16]\n\t"
    10586. 

  10586.         "lsr	r5, r3, #1\n\t"
    10587. 

  10587.         "lsl	r3, r3, %[n]\n\t"
    10588. 

  10588.         "lsr	r5, r5, r6\n\t"
    10589. 

  10589.         "orr	r4, r4, r5\n\t"
    10590. 

  10590.         "ldr	r2, [%[a], #4]\n\t"
    10591. 

  10591.         "str	r4, [%[r], #12]\n\t"
    10592. 

  10592.         "lsr	r5, r2, #1\n\t"
    10593. 

  10593.         "lsl	r2, r2, %[n]\n\t"
    10594. 

  10594.         "lsr	r5, r5, r6\n\t"
    10595. 

  10595.         "orr	r3, r3, r5\n\t"
    10596. 

  10596.         "ldr	r4, [%[a], #0]\n\t"
    10597. 

  10597.         "str	r3, [%[r], #8]\n\t"
    10598. 

  10598.         "lsr	r5, r4, #1\n\t"
    10599. 

  10599.         "lsl	r4, r4, %[n]\n\t"
    10600. 

  10600.         "lsr	r5, r5, r6\n\t"
    10601. 

  10601.         "orr	r2, r2, r5\n\t"
    10602. 

  10602.         "sub	%[a], %[a], #64\n\t"
    10603. 

  10603.         "sub	%[r], %[r], #64\n\t"
    10604. 

  10604.         "ldr	r3, [%[a], #60]\n\t"
    10605. 

  10605.         "str	r2, [%[r], #68]\n\t"
    10606. 

  10606.         "lsr	r5, r3, #1\n\t"
    10607. 

  10607.         "lsl	r3, r3, %[n]\n\t"
    10608. 

  10608.         "lsr	r5, r5, r6\n\t"
    10609. 

  10609.         "orr	r4, r4, r5\n\t"
    10610. 

  10610.         "ldr	r2, [%[a], #56]\n\t"
    10611. 

  10611.         "str	r4, [%[r], #64]\n\t"
    10612. 

  10612.         "lsr	r5, r2, #1\n\t"
    10613. 

  10613.         "lsl	r2, r2, %[n]\n\t"
    10614. 

  10614.         "lsr	r5, r5, r6\n\t"
    10615. 

  10615.         "orr	r3, r3, r5\n\t"
    10616. 

  10616.         "ldr	r4, [%[a], #52]\n\t"
    10617. 

  10617.         "str	r3, [%[r], #60]\n\t"
    10618. 

  10618.         "lsr	r5, r4, #1\n\t"
    10619. 

  10619.         "lsl	r4, r4, %[n]\n\t"
    10620. 

  10620.         "lsr	r5, r5, r6\n\t"
    10621. 

  10621.         "orr	r2, r2, r5\n\t"
    10622. 

  10622.         "ldr	r3, [%[a], #48]\n\t"
    10623. 

  10623.         "str	r2, [%[r], #56]\n\t"
    10624. 

  10624.         "lsr	r5, r3, #1\n\t"
    10625. 

  10625.         "lsl	r3, r3, %[n]\n\t"
    10626. 

  10626.         "lsr	r5, r5, r6\n\t"
    10627. 

  10627.         "orr	r4, r4, r5\n\t"
    10628. 

  10628.         "ldr	r2, [%[a], #44]\n\t"
    10629. 

  10629.         "str	r4, [%[r], #52]\n\t"
    10630. 

  10630.         "lsr	r5, r2, #1\n\t"
    10631. 

  10631.         "lsl	r2, r2, %[n]\n\t"
    10632. 

  10632.         "lsr	r5, r5, r6\n\t"
    10633. 

  10633.         "orr	r3, r3, r5\n\t"
    10634. 

  10634.         "ldr	r4, [%[a], #40]\n\t"
    10635. 

  10635.         "str	r3, [%[r], #48]\n\t"
    10636. 

  10636.         "lsr	r5, r4, #1\n\t"
    10637. 

  10637.         "lsl	r4, r4, %[n]\n\t"
    10638. 

  10638.         "lsr	r5, r5, r6\n\t"
    10639. 

  10639.         "orr	r2, r2, r5\n\t"
    10640. 

  10640.         "ldr	r3, [%[a], #36]\n\t"
    10641. 

  10641.         "str	r2, [%[r], #44]\n\t"
    10642. 

  10642.         "lsr	r5, r3, #1\n\t"
    10643. 

  10643.         "lsl	r3, r3, %[n]\n\t"
    10644. 

  10644.         "lsr	r5, r5, r6\n\t"
    10645. 

  10645.         "orr	r4, r4, r5\n\t"
    10646. 

  10646.         "ldr	r2, [%[a], #32]\n\t"
    10647. 

  10647.         "str	r4, [%[r], #40]\n\t"
    10648. 

  10648.         "lsr	r5, r2, #1\n\t"
    10649. 

  10649.         "lsl	r2, r2, %[n]\n\t"
    10650. 

  10650.         "lsr	r5, r5, r6\n\t"
    10651. 

  10651.         "orr	r3, r3, r5\n\t"
    10652. 

  10652.         "ldr	r4, [%[a], #28]\n\t"
    10653. 

  10653.         "str	r3, [%[r], #36]\n\t"
    10654. 

  10654.         "lsr	r5, r4, #1\n\t"
    10655. 

  10655.         "lsl	r4, r4, %[n]\n\t"
    10656. 

  10656.         "lsr	r5, r5, r6\n\t"
    10657. 

  10657.         "orr	r2, r2, r5\n\t"
    10658. 

  10658.         "ldr	r3, [%[a], #24]\n\t"
    10659. 

  10659.         "str	r2, [%[r], #32]\n\t"
    10660. 

  10660.         "lsr	r5, r3, #1\n\t"
    10661. 

  10661.         "lsl	r3, r3, %[n]\n\t"
    10662. 

  10662.         "lsr	r5, r5, r6\n\t"
    10663. 

  10663.         "orr	r4, r4, r5\n\t"
    10664. 

  10664.         "ldr	r2, [%[a], #20]\n\t"
    10665. 

  10665.         "str	r4, [%[r], #28]\n\t"
    10666. 

  10666.         "lsr	r5, r2, #1\n\t"
    10667. 

  10667.         "lsl	r2, r2, %[n]\n\t"
    10668. 

  10668.         "lsr	r5, r5, r6\n\t"
    10669. 

  10669.         "orr	r3, r3, r5\n\t"
    10670. 

  10670.         "ldr	r4, [%[a], #16]\n\t"
    10671. 

  10671.         "str	r3, [%[r], #24]\n\t"
    10672. 

  10672.         "lsr	r5, r4, #1\n\t"
    10673. 

  10673.         "lsl	r4, r4, %[n]\n\t"
    10674. 

  10674.         "lsr	r5, r5, r6\n\t"
    10675. 

  10675.         "orr	r2, r2, r5\n\t"
    10676. 

  10676.         "ldr	r3, [%[a], #12]\n\t"
    10677. 

  10677.         "str	r2, [%[r], #20]\n\t"
    10678. 

  10678.         "lsr	r5, r3, #1\n\t"
    10679. 

  10679.         "lsl	r3, r3, %[n]\n\t"
    10680. 

  10680.         "lsr	r5, r5, r6\n\t"
    10681. 

  10681.         "orr	r4, r4, r5\n\t"
    10682. 

  10682.         "ldr	r2, [%[a], #8]\n\t"
    10683. 

  10683.         "str	r4, [%[r], #16]\n\t"
    10684. 

  10684.         "lsr	r5, r2, #1\n\t"
    10685. 

  10685.         "lsl	r2, r2, %[n]\n\t"
    10686. 

  10686.         "lsr	r5, r5, r6\n\t"
    10687. 

  10687.         "orr	r3, r3, r5\n\t"
    10688. 

  10688.         "ldr	r4, [%[a], #4]\n\t"
    10689. 

  10689.         "str	r3, [%[r], #12]\n\t"
    10690. 

  10690.         "lsr	r5, r4, #1\n\t"
    10691. 

  10691.         "lsl	r4, r4, %[n]\n\t"
    10692. 

  10692.         "lsr	r5, r5, r6\n\t"
    10693. 

  10693.         "orr	r2, r2, r5\n\t"
    10694. 

  10694.         "ldr	r3, [%[a], #0]\n\t"
    10695. 

  10695.         "str	r2, [%[r], #8]\n\t"
    10696. 

  10696.         "lsr	r5, r3, #1\n\t"
    10697. 

  10697.         "lsl	r3, r3, %[n]\n\t"
    10698. 

  10698.         "lsr	r5, r5, r6\n\t"
    10699. 

  10699.         "orr	r4, r4, r5\n\t"
    10700. 

  10700.         "sub	%[a], %[a], #64\n\t"
    10701. 

  10701.         "sub	%[r], %[r], #64\n\t"
    10702. 

  10702.         "ldr	r2, [%[a], #60]\n\t"
    10703. 

  10703.         "str	r4, [%[r], #68]\n\t"
    10704. 

  10704.         "lsr	r5, r2, #1\n\t"
    10705. 

  10705.         "lsl	r2, r2, %[n]\n\t"
    10706. 

  10706.         "lsr	r5, r5, r6\n\t"
    10707. 

  10707.         "orr	r3, r3, r5\n\t"
    10708. 

  10708.         "ldr	r4, [%[a], #56]\n\t"
    10709. 

  10709.         "str	r3, [%[r], #64]\n\t"
    10710. 

  10710.         "lsr	r5, r4, #1\n\t"
    10711. 

  10711.         "lsl	r4, r4, %[n]\n\t"
    10712. 

  10712.         "lsr	r5, r5, r6\n\t"
    10713. 

  10713.         "orr	r2, r2, r5\n\t"
    10714. 

  10714.         "ldr	r3, [%[a], #52]\n\t"
    10715. 

  10715.         "str	r2, [%[r], #60]\n\t"
    10716. 

  10716.         "lsr	r5, r3, #1\n\t"
    10717. 

  10717.         "lsl	r3, r3, %[n]\n\t"
    10718. 

  10718.         "lsr	r5, r5, r6\n\t"
    10719. 

  10719.         "orr	r4, r4, r5\n\t"
    10720. 

  10720.         "ldr	r2, [%[a], #48]\n\t"
    10721. 

  10721.         "str	r4, [%[r], #56]\n\t"
    10722. 

  10722.         "lsr	r5, r2, #1\n\t"
    10723. 

  10723.         "lsl	r2, r2, %[n]\n\t"
    10724. 

  10724.         "lsr	r5, r5, r6\n\t"
    10725. 

  10725.         "orr	r3, r3, r5\n\t"
    10726. 

  10726.         "ldr	r4, [%[a], #44]\n\t"
    10727. 

  10727.         "str	r3, [%[r], #52]\n\t"
    10728. 

  10728.         "lsr	r5, r4, #1\n\t"
    10729. 

  10729.         "lsl	r4, r4, %[n]\n\t"
    10730. 

  10730.         "lsr	r5, r5, r6\n\t"
    10731. 

  10731.         "orr	r2, r2, r5\n\t"
    10732. 

  10732.         "ldr	r3, [%[a], #40]\n\t"
    10733. 

  10733.         "str	r2, [%[r], #48]\n\t"
    10734. 

  10734.         "lsr	r5, r3, #1\n\t"
    10735. 

  10735.         "lsl	r3, r3, %[n]\n\t"
    10736. 

  10736.         "lsr	r5, r5, r6\n\t"
    10737. 

  10737.         "orr	r4, r4, r5\n\t"
    10738. 

  10738.         "ldr	r2, [%[a], #36]\n\t"
    10739. 

  10739.         "str	r4, [%[r], #44]\n\t"
    10740. 

  10740.         "lsr	r5, r2, #1\n\t"
    10741. 

  10741.         "lsl	r2, r2, %[n]\n\t"
    10742. 

  10742.         "lsr	r5, r5, r6\n\t"
    10743. 

  10743.         "orr	r3, r3, r5\n\t"
    10744. 

  10744.         "ldr	r4, [%[a], #32]\n\t"
    10745. 

  10745.         "str	r3, [%[r], #40]\n\t"
    10746. 

  10746.         "lsr	r5, r4, #1\n\t"
    10747. 

  10747.         "lsl	r4, r4, %[n]\n\t"
    10748. 

  10748.         "lsr	r5, r5, r6\n\t"
    10749. 

  10749.         "orr	r2, r2, r5\n\t"
    10750. 

  10750.         "ldr	r3, [%[a], #28]\n\t"
    10751. 

  10751.         "str	r2, [%[r], #36]\n\t"
    10752. 

  10752.         "lsr	r5, r3, #1\n\t"
    10753. 

  10753.         "lsl	r3, r3, %[n]\n\t"
    10754. 

  10754.         "lsr	r5, r5, r6\n\t"
    10755. 

  10755.         "orr	r4, r4, r5\n\t"
    10756. 

  10756.         "ldr	r2, [%[a], #24]\n\t"
    10757. 

  10757.         "str	r4, [%[r], #32]\n\t"
    10758. 

  10758.         "lsr	r5, r2, #1\n\t"
    10759. 

  10759.         "lsl	r2, r2, %[n]\n\t"
    10760. 

  10760.         "lsr	r5, r5, r6\n\t"
    10761. 

  10761.         "orr	r3, r3, r5\n\t"
    10762. 

  10762.         "ldr	r4, [%[a], #20]\n\t"
    10763. 

  10763.         "str	r3, [%[r], #28]\n\t"
    10764. 

  10764.         "lsr	r5, r4, #1\n\t"
    10765. 

  10765.         "lsl	r4, r4, %[n]\n\t"
    10766. 

  10766.         "lsr	r5, r5, r6\n\t"
    10767. 

  10767.         "orr	r2, r2, r5\n\t"
    10768. 

  10768.         "ldr	r3, [%[a], #16]\n\t"
    10769. 

  10769.         "str	r2, [%[r], #24]\n\t"
    10770. 

  10770.         "lsr	r5, r3, #1\n\t"
    10771. 

  10771.         "lsl	r3, r3, %[n]\n\t"
    10772. 

  10772.         "lsr	r5, r5, r6\n\t"
    10773. 

  10773.         "orr	r4, r4, r5\n\t"
    10774. 

  10774.         "ldr	r2, [%[a], #12]\n\t"
    10775. 

  10775.         "str	r4, [%[r], #20]\n\t"
    10776. 

  10776.         "lsr	r5, r2, #1\n\t"
    10777. 

  10777.         "lsl	r2, r2, %[n]\n\t"
    10778. 

  10778.         "lsr	r5, r5, r6\n\t"
    10779. 

  10779.         "orr	r3, r3, r5\n\t"
    10780. 

  10780.         "ldr	r4, [%[a], #8]\n\t"
    10781. 

  10781.         "str	r3, [%[r], #16]\n\t"
    10782. 

  10782.         "lsr	r5, r4, #1\n\t"
    10783. 

  10783.         "lsl	r4, r4, %[n]\n\t"
    10784. 

  10784.         "lsr	r5, r5, r6\n\t"
    10785. 

  10785.         "orr	r2, r2, r5\n\t"
    10786. 

  10786.         "ldr	r3, [%[a], #4]\n\t"
    10787. 

  10787.         "str	r2, [%[r], #12]\n\t"
    10788. 

  10788.         "lsr	r5, r3, #1\n\t"
    10789. 

  10789.         "lsl	r3, r3, %[n]\n\t"
    10790. 

  10790.         "lsr	r5, r5, r6\n\t"
    10791. 

  10791.         "orr	r4, r4, r5\n\t"
    10792. 

  10792.         "ldr	r2, [%[a], #0]\n\t"
    10793. 

  10793.         "str	r4, [%[r], #8]\n\t"
    10794. 

  10794.         "lsr	r5, r2, #1\n\t"
    10795. 

  10795.         "lsl	r2, r2, %[n]\n\t"
    10796. 

  10796.         "lsr	r5, r5, r6\n\t"
    10797. 

  10797.         "orr	r3, r3, r5\n\t"
    10798. 

  10798.         "sub	%[a], %[a], #64\n\t"
    10799. 

  10799.         "sub	%[r], %[r], #64\n\t"
    10800. 

  10800.         "ldr	r4, [%[a], #60]\n\t"
    10801. 

  10801.         "str	r3, [%[r], #68]\n\t"
    10802. 

  10802.         "lsr	r5, r4, #1\n\t"
    10803. 

  10803.         "lsl	r4, r4, %[n]\n\t"
    10804. 

  10804.         "lsr	r5, r5, r6\n\t"
    10805. 

  10805.         "orr	r2, r2, r5\n\t"
    10806. 

  10806.         "ldr	r3, [%[a], #56]\n\t"
    10807. 

  10807.         "str	r2, [%[r], #64]\n\t"
    10808. 

  10808.         "lsr	r5, r3, #1\n\t"
    10809. 

  10809.         "lsl	r3, r3, %[n]\n\t"
    10810. 

  10810.         "lsr	r5, r5, r6\n\t"
    10811. 

  10811.         "orr	r4, r4, r5\n\t"
    10812. 

  10812.         "ldr	r2, [%[a], #52]\n\t"
    10813. 

  10813.         "str	r4, [%[r], #60]\n\t"
    10814. 

  10814.         "lsr	r5, r2, #1\n\t"
    10815. 

  10815.         "lsl	r2, r2, %[n]\n\t"
    10816. 

  10816.         "lsr	r5, r5, r6\n\t"
    10817. 

  10817.         "orr	r3, r3, r5\n\t"
    10818. 

  10818.         "ldr	r4, [%[a], #48]\n\t"
    10819. 

  10819.         "str	r3, [%[r], #56]\n\t"
    10820. 

  10820.         "lsr	r5, r4, #1\n\t"
    10821. 

  10821.         "lsl	r4, r4, %[n]\n\t"
    10822. 

  10822.         "lsr	r5, r5, r6\n\t"
    10823. 

  10823.         "orr	r2, r2, r5\n\t"
    10824. 

  10824.         "ldr	r3, [%[a], #44]\n\t"
    10825. 

  10825.         "str	r2, [%[r], #52]\n\t"
    10826. 

  10826.         "lsr	r5, r3, #1\n\t"
    10827. 

  10827.         "lsl	r3, r3, %[n]\n\t"
    10828. 

  10828.         "lsr	r5, r5, r6\n\t"
    10829. 

  10829.         "orr	r4, r4, r5\n\t"
    10830. 

  10830.         "ldr	r2, [%[a], #40]\n\t"
    10831. 

  10831.         "str	r4, [%[r], #48]\n\t"
    10832. 

  10832.         "lsr	r5, r2, #1\n\t"
    10833. 

  10833.         "lsl	r2, r2, %[n]\n\t"
    10834. 

  10834.         "lsr	r5, r5, r6\n\t"
    10835. 

  10835.         "orr	r3, r3, r5\n\t"
    10836. 

  10836.         "ldr	r4, [%[a], #36]\n\t"
    10837. 

  10837.         "str	r3, [%[r], #44]\n\t"
    10838. 

  10838.         "lsr	r5, r4, #1\n\t"
    10839. 

  10839.         "lsl	r4, r4, %[n]\n\t"
    10840. 

  10840.         "lsr	r5, r5, r6\n\t"
    10841. 

  10841.         "orr	r2, r2, r5\n\t"
    10842. 

  10842.         "ldr	r3, [%[a], #32]\n\t"
    10843. 

  10843.         "str	r2, [%[r], #40]\n\t"
    10844. 

  10844.         "lsr	r5, r3, #1\n\t"
    10845. 

  10845.         "lsl	r3, r3, %[n]\n\t"
    10846. 

  10846.         "lsr	r5, r5, r6\n\t"
    10847. 

  10847.         "orr	r4, r4, r5\n\t"
    10848. 

  10848.         "ldr	r2, [%[a], #28]\n\t"
    10849. 

  10849.         "str	r4, [%[r], #36]\n\t"
    10850. 

  10850.         "lsr	r5, r2, #1\n\t"
    10851. 

  10851.         "lsl	r2, r2, %[n]\n\t"
    10852. 

  10852.         "lsr	r5, r5, r6\n\t"
    10853. 

  10853.         "orr	r3, r3, r5\n\t"
    10854. 

  10854.         "ldr	r4, [%[a], #24]\n\t"
    10855. 

  10855.         "str	r3, [%[r], #32]\n\t"
    10856. 

  10856.         "lsr	r5, r4, #1\n\t"
    10857. 

  10857.         "lsl	r4, r4, %[n]\n\t"
    10858. 

  10858.         "lsr	r5, r5, r6\n\t"
    10859. 

  10859.         "orr	r2, r2, r5\n\t"
    10860. 

  10860.         "ldr	r3, [%[a], #20]\n\t"
    10861. 

  10861.         "str	r2, [%[r], #28]\n\t"
    10862. 

  10862.         "lsr	r5, r3, #1\n\t"
    10863. 

  10863.         "lsl	r3, r3, %[n]\n\t"
    10864. 

  10864.         "lsr	r5, r5, r6\n\t"
    10865. 

  10865.         "orr	r4, r4, r5\n\t"
    10866. 

  10866.         "ldr	r2, [%[a], #16]\n\t"
    10867. 

  10867.         "str	r4, [%[r], #24]\n\t"
    10868. 

  10868.         "lsr	r5, r2, #1\n\t"
    10869. 

  10869.         "lsl	r2, r2, %[n]\n\t"
    10870. 

  10870.         "lsr	r5, r5, r6\n\t"
    10871. 

  10871.         "orr	r3, r3, r5\n\t"
    10872. 

  10872.         "ldr	r4, [%[a], #12]\n\t"
    10873. 

  10873.         "str	r3, [%[r], #20]\n\t"
    10874. 

  10874.         "lsr	r5, r4, #1\n\t"
    10875. 

  10875.         "lsl	r4, r4, %[n]\n\t"
    10876. 

  10876.         "lsr	r5, r5, r6\n\t"
    10877. 

  10877.         "orr	r2, r2, r5\n\t"
    10878. 

  10878.         "ldr	r3, [%[a], #8]\n\t"
    10879. 

  10879.         "str	r2, [%[r], #16]\n\t"
    10880. 

  10880.         "lsr	r5, r3, #1\n\t"
    10881. 

  10881.         "lsl	r3, r3, %[n]\n\t"
    10882. 

  10882.         "lsr	r5, r5, r6\n\t"
    10883. 

  10883.         "orr	r4, r4, r5\n\t"
    10884. 

  10884.         "ldr	r2, [%[a], #4]\n\t"
    10885. 

  10885.         "str	r4, [%[r], #12]\n\t"
    10886. 

  10886.         "lsr	r5, r2, #1\n\t"
    10887. 

  10887.         "lsl	r2, r2, %[n]\n\t"
    10888. 

  10888.         "lsr	r5, r5, r6\n\t"
    10889. 

  10889.         "orr	r3, r3, r5\n\t"
    10890. 

  10890.         "ldr	r4, [%[a], #0]\n\t"
    10891. 

  10891.         "str	r3, [%[r], #8]\n\t"
    10892. 

  10892.         "lsr	r5, r4, #1\n\t"
    10893. 

  10893.         "lsl	r4, r4, %[n]\n\t"
    10894. 

  10894.         "lsr	r5, r5, r6\n\t"
    10895. 

  10895.         "orr	r2, r2, r5\n\t"
    10896. 

  10896.         "str	r4, [%[r]]\n\t"
    10897. 

  10897.         "str	r2, [%[r], #4]\n\t"
    10898. 

  10898.         :
    10899. 

  10899.         : [r] "r" (r), [a] "r" (a), [n] "r" (n)
    10900. 

  10900.         : "memory", "r2", "r3", "r4", "r5", "r6"
    10901. 

  10901.     );
    10902. 

  10902. }
    10903. 

  10903. 

  10904. /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
    10905. 

  10905.  *
    10906. 

  10906.  * r     A single precision number that is the result of the operation.
    10907. 

  10907.  * e     A single precision number that is the exponent.
    10908. 

  10908.  * bits  The number of bits in the exponent.
    10909. 

  10909.  * m     A single precision number that is the modulus.
    10910. 

  10910.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    10911. 

  10911.  */
    10912. 

  10912. static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
    10913. 

  10913.         const sp_digit* m)
    10914. 

  10914. {
    10915. 

  10915. #ifndef WOLFSSL_SMALL_STACK
    10916. 

  10916.     sp_digit nd[192];
    10917. 

  10917.     sp_digit td[97];
    10918. 

  10918. #else
    10919. 

  10919.     sp_digit* td;
    10920. 

  10920. #endif
    10921. 

  10921.     sp_digit* norm;
    10922. 

  10922.     sp_digit* tmp;
    10923. 

  10923.     sp_digit mp = 1;
    10924. 

  10924.     sp_digit n, o;
    10925. 

  10925.     sp_digit mask;
    10926. 

  10926.     int i;
    10927. 

  10927.     int c, y;
    10928. 

  10928.     int err = MP_OKAY;
    10929. 

  10929. 

  10930. #ifdef WOLFSSL_SMALL_STACK
    10931. 

  10931.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL,
    10932. 

  10932.                             DYNAMIC_TYPE_TMP_BUFFER);
    10933. 

  10933.     if (td == NULL) {
    10934. 

  10934.         err = MEMORY_E;
    10935. 

  10935.     }
    10936. 

  10936. #endif
    10937. 

  10937. 

  10938.     if (err == MP_OKAY) {
    10939. 

  10939. #ifdef WOLFSSL_SMALL_STACK
    10940. 

  10940.         norm = td;
    10941. 

  10941.         tmp  = td + 192;
    10942. 

  10942. #else
    10943. 

  10943.         norm = nd;
    10944. 

  10944.         tmp  = td;
    10945. 

  10945. #endif
    10946. 

  10946. 

  10947.         sp_3072_mont_setup(m, &mp);
    10948. 

  10948.         sp_3072_mont_norm_96(norm, m);
    10949. 

  10949. 

  10950.         i = (bits - 1) / 32;
    10951. 

  10951.         n = e[i--];
    10952. 

  10952.         c = bits & 31;
    10953. 

  10953.         if (c == 0) {
    10954. 

  10954.             c = 32;
    10955. 

  10955.         }
    10956. 

  10956.         c -= bits % 5;
    10957. 

  10957.         if (c == 32) {
    10958. 

  10958.             c = 27;
    10959. 

  10959.         }
    10960. 

  10960.         y = (int)(n >> c);
    10961. 

  10961.         n <<= 32 - c;
    10962. 

  10962.         sp_3072_lshift_96(r, norm, y);
    10963. 

  10963.         for (; i>=0 || c>=5; ) {
    10964. 

  10964.             if (c == 0) {
    10965. 

  10965.                 n = e[i--];
    10966. 

  10966.                 y = n >> 27;
    10967. 

  10967.                 n <<= 5;
    10968. 

  10968.                 c = 27;
    10969. 

  10969.             }
    10970. 

  10970.             else if (c < 5) {
    10971. 

  10971.                 y = n >> 27;
    10972. 

  10972.                 n = e[i--];
    10973. 

  10973.                 c = 5 - c;
    10974. 

  10974.                 y |= n >> (32 - c);
    10975. 

  10975.                 n <<= c;
    10976. 

  10976.                 c = 32 - c;
    10977. 

  10977.             }
    10978. 

  10978.             else {
    10979. 

  10979.                 y = (n >> 27) & 0x1f;
    10980. 

  10980.                 n <<= 5;
    10981. 

  10981.                 c -= 5;
    10982. 

  10982.             }
    10983. 

  10983. 

  10984.             sp_3072_mont_sqr_96(r, r, m, mp);
    10985. 

  10985.             sp_3072_mont_sqr_96(r, r, m, mp);
    10986. 

  10986.             sp_3072_mont_sqr_96(r, r, m, mp);
    10987. 

  10987.             sp_3072_mont_sqr_96(r, r, m, mp);
    10988. 

  10988.             sp_3072_mont_sqr_96(r, r, m, mp);
    10989. 

  10989. 

  10990.             sp_3072_lshift_96(r, r, y);
    10991. 

  10991.             sp_3072_mul_d_96(tmp, norm, r[96]);
    10992. 

  10992.             r[96] = 0;
    10993. 

  10993.             o = sp_3072_add_96(r, r, tmp);
    10994. 

  10994.             sp_3072_cond_sub_96(r, r, m, (sp_digit)0 - o);
    10995. 

  10995.         }
    10996. 

  10996. 

  10997.         XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U);
    10998. 

  10998.         sp_3072_mont_reduce_96(r, m, mp);
    10999. 

  10999. 

  11000.         mask = 0 - (sp_3072_cmp_96(r, m) >= 0);
    11001. 

  11001.         sp_3072_cond_sub_96(r, r, m, mask);
    11002. 

  11002.     }
    11003. 

  11003. 

  11004. #ifdef WOLFSSL_SMALL_STACK
    11005. 

  11005.     if (td != NULL) {
    11006. 

  11006.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    11007. 

  11007.     }
    11008. 

  11008. #endif
    11009. 

  11009. 

  11010.     return err;
    11011. 

  11011. }
    11012. 

  11012. #endif /* HAVE_FFDHE_3072 */
    11013. 

  11013. 

  11014. /* Perform the modular exponentiation for Diffie-Hellman.
    11015. 

  11015.  *
    11016. 

  11016.  * base     Base.
    11017. 

  11017.  * exp      Array of bytes that is the exponent.
    11018. 

  11018.  * expLen   Length of data, in bytes, in exponent.
    11019. 

  11019.  * mod      Modulus.
    11020. 

  11020.  * out      Buffer to hold big-endian bytes of exponentiation result.
    11021. 

  11021.  *          Must be at least 384 bytes long.
    11022. 

  11022.  * outLen   Length, in bytes, of exponentiation result.
    11023. 

  11023.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    11024. 

  11024.  * and MEMORY_E if memory allocation fails.
    11025. 

  11025.  */
    11026. 

  11026. int sp_DhExp_3072(mp_int* base, const byte* exp, word32 expLen,
    11027. 

  11027.     mp_int* mod, byte* out, word32* outLen)
    11028. 

  11028. {
    11029. 

  11029.     int err = MP_OKAY;
    11030. 

  11030.     sp_digit b[192], e[96], m[96];
    11031. 

  11031.     sp_digit* r = b;
    11032. 

  11032.     word32 i;
    11033. 

  11033. 

  11034.     if (mp_count_bits(base) > 3072) {
    11035. 

  11035.         err = MP_READ_E;
    11036. 

  11036.     }
    11037. 

  11037. 

  11038.     if (err == MP_OKAY) {
    11039. 

  11039.         if (expLen > 384) {
    11040. 

  11040.             err = MP_READ_E;
    11041. 

  11041.         }
    11042. 

  11042.     }
    11043. 

  11043. 

  11044.     if (err == MP_OKAY) {
    11045. 

  11045.         if (mp_count_bits(mod) != 3072) {
    11046. 

  11046.             err = MP_READ_E;
    11047. 

  11047.         }
    11048. 

  11048.     }
    11049. 

  11049. 

  11050.     if (err == MP_OKAY) {
    11051. 

  11051.         sp_3072_from_mp(b, 96, base);
    11052. 

  11052.         sp_3072_from_bin(e, 96, exp, expLen);
    11053. 

  11053.         sp_3072_from_mp(m, 96, mod);
    11054. 

  11054. 

  11055.     #ifdef HAVE_FFDHE_3072
    11056. 

  11056.         if (base->used == 1 && base->dp[0] == 2 && m[95] == (sp_digit)-1)
    11057. 

  11057.             err = sp_3072_mod_exp_2_96(r, e, expLen * 8, m);
    11058. 

  11058.         else
    11059. 

  11059.     #endif
    11060. 

  11060.             err = sp_3072_mod_exp_96(r, b, e, expLen * 8, m, 0);
    11061. 

  11061. 

  11062.     }
    11063. 

  11063. 

  11064.     if (err == MP_OKAY) {
    11065. 

  11065.         sp_3072_to_bin(r, out);
    11066. 

  11066.         *outLen = 384;
    11067. 

  11067.         for (i=0; i<384 && out[i] == 0; i++) {
    11068. 

  11068.         }
    11069. 

  11069.         *outLen -= i;
    11070. 

  11070.         XMEMMOVE(out, out + i, *outLen);
    11071. 

  11071. 

  11072.     }
    11073. 

  11073. 

  11074.     XMEMSET(e, 0, sizeof(e));
    11075. 

  11075. 

  11076.     return err;
    11077. 

  11077. }
    11078. 

  11078. #endif /* WOLFSSL_HAVE_SP_DH */
    11079. 

  11079. 

  11080. /* Perform the modular exponentiation for Diffie-Hellman.
    11081. 

  11081.  *
    11082. 

  11082.  * base  Base. MP integer.
    11083. 

  11083.  * exp   Exponent. MP integer.
    11084. 

  11084.  * mod   Modulus. MP integer.
    11085. 

  11085.  * res   Result. MP integer.
    11086. 

  11086.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    11087. 

  11087.  * and MEMORY_E if memory allocation fails.
    11088. 

  11088.  */
    11089. 

  11089. int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
    11090. 

  11090. {
    11091. 

  11091.     int err = MP_OKAY;
    11092. 

  11092.     sp_digit b[96], e[48], m[48];
    11093. 

  11093.     sp_digit* r = b;
    11094. 

  11094.     int expBits = mp_count_bits(exp);
    11095. 

  11095. 

  11096.     if (mp_count_bits(base) > 1536) {
    11097. 

  11097.         err = MP_READ_E;
    11098. 

  11098.     }
    11099. 

  11099. 

  11100.     if (err == MP_OKAY) {
    11101. 

  11101.         if (expBits > 1536) {
    11102. 

  11102.             err = MP_READ_E;
    11103. 

  11103.         }
    11104. 

  11104.     }
    11105. 

  11105. 

  11106.     if (err == MP_OKAY) {
    11107. 

  11107.         if (mp_count_bits(mod) != 1536) {
    11108. 

  11108.             err = MP_READ_E;
    11109. 

  11109.         }
    11110. 

  11110.     }
    11111. 

  11111. 

  11112.     if (err == MP_OKAY) {
    11113. 

  11113.         sp_3072_from_mp(b, 48, base);
    11114. 

  11114.         sp_3072_from_mp(e, 48, exp);
    11115. 

  11115.         sp_3072_from_mp(m, 48, mod);
    11116. 

  11116. 

  11117.         err = sp_3072_mod_exp_48(r, b, e, expBits, m, 0);
    11118. 

  11118.     }
    11119. 

  11119. 

  11120.     if (err == MP_OKAY) {
    11121. 

  11121.         XMEMSET(r + 48, 0, sizeof(*r) * 48U);
    11122. 

  11122.         err = sp_3072_to_mp(r, res);
    11123. 

  11123.         res->used = mod->used;
    11124. 

  11124.         mp_clamp(res);
    11125. 

  11125.     }
    11126. 

  11126. 

  11127.     XMEMSET(e, 0, sizeof(e));
    11128. 

  11128. 

  11129.     return err;
    11130. 

  11130. }
    11131. 

  11131. 

  11132. #endif /* WOLFSSL_HAVE_SP_DH || (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) */
    11133. 

  11133. 

  11134. #endif /* !WOLFSSL_SP_NO_3072 */
    11135. 

  11135. 

  11136. #ifdef WOLFSSL_SP_4096
    11137. 

  11137. /* Read big endian unsigned byte array into r.
    11138. 

  11138.  *
    11139. 

  11139.  * r  A single precision integer.
    11140. 

  11140.  * size  Maximum number of bytes to convert
    11141. 

  11141.  * a  Byte array.
    11142. 

  11142.  * n  Number of bytes in array to read.
    11143. 

  11143.  */
    11144. 

  11144. static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n)
    11145. 

  11145. {
    11146. 

  11146.     int i, j = 0;
    11147. 

  11147.     word32 s = 0;
    11148. 

  11148. 

  11149.     r[0] = 0;
    11150. 

  11150.     for (i = n-1; i >= 0; i--) {
    11151. 

  11151.         r[j] |= (((sp_digit)a[i]) << s);
    11152. 

  11152.         if (s >= 24U) {
    11153. 

  11153.             r[j] &= 0xffffffff;
    11154. 

  11154.             s = 32U - s;
    11155. 

  11155.             if (j + 1 >= size) {
    11156. 

  11156.                 break;
    11157. 

  11157.             }
    11158. 

  11158.             r[++j] = (sp_digit)a[i] >> s;
    11159. 

  11159.             s = 8U - s;
    11160. 

  11160.         }
    11161. 

  11161.         else {
    11162. 

  11162.             s += 8U;
    11163. 

  11163.         }
    11164. 

  11164.     }
    11165. 

  11165. 

  11166.     for (j++; j < size; j++) {
    11167. 

  11167.         r[j] = 0;
    11168. 

  11168.     }
    11169. 

  11169. }
    11170. 

  11170. 

  11171. /* Convert an mp_int to an array of sp_digit.
    11172. 

  11172.  *
    11173. 

  11173.  * r  A single precision integer.
    11174. 

  11174.  * size  Maximum number of bytes to convert
    11175. 

  11175.  * a  A multi-precision integer.
    11176. 

  11176.  */
    11177. 

  11177. static void sp_4096_from_mp(sp_digit* r, int size, const mp_int* a)
    11178. 

  11178. {
    11179. 

  11179. #if DIGIT_BIT == 32
    11180. 

  11180.     int j;
    11181. 

  11181. 

  11182.     XMEMCPY(r, a->dp, sizeof(sp_digit) * a->used);
    11183. 

  11183. 

  11184.     for (j = a->used; j < size; j++) {
    11185. 

  11185.         r[j] = 0;
    11186. 

  11186.     }
    11187. 

  11187. #elif DIGIT_BIT > 32
    11188. 

  11188.     int i, j = 0;
    11189. 

  11189.     word32 s = 0;
    11190. 

  11190. 

  11191.     r[0] = 0;
    11192. 

  11192.     for (i = 0; i < a->used && j < size; i++) {
    11193. 

  11193.         r[j] |= ((sp_digit)a->dp[i] << s);
    11194. 

  11194.         r[j] &= 0xffffffff;
    11195. 

  11195.         s = 32U - s;
    11196. 

  11196.         if (j + 1 >= size) {
    11197. 

  11197.             break;
    11198. 

  11198.         }
    11199. 

  11199.         /* lint allow cast of mismatch word32 and mp_digit */
    11200. 

  11200.         r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    11201. 

  11201.         while ((s + 32U) <= (word32)DIGIT_BIT) {
    11202. 

  11202.             s += 32U;
    11203. 

  11203.             r[j] &= 0xffffffff;
    11204. 

  11204.             if (j + 1 >= size) {
    11205. 

  11205.                 break;
    11206. 

  11206.             }
    11207. 

  11207.             if (s < (word32)DIGIT_BIT) {
    11208. 

  11208.                 /* lint allow cast of mismatch word32 and mp_digit */
    11209. 

  11209.                 r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    11210. 

  11210.             }
    11211. 

  11211.             else {
    11212. 

  11212.                 r[++j] = 0L;
    11213. 

  11213.             }
    11214. 

  11214.         }
    11215. 

  11215.         s = (word32)DIGIT_BIT - s;
    11216. 

  11216.     }
    11217. 

  11217. 

  11218.     for (j++; j < size; j++) {
    11219. 

  11219.         r[j] = 0;
    11220. 

  11220.     }
    11221. 

  11221. #else
    11222. 

  11222.     int i, j = 0, s = 0;
    11223. 

  11223. 

  11224.     r[0] = 0;
    11225. 

  11225.     for (i = 0; i < a->used && j < size; i++) {
    11226. 

  11226.         r[j] |= ((sp_digit)a->dp[i]) << s;
    11227. 

  11227.         if (s + DIGIT_BIT >= 32) {
    11228. 

  11228.             r[j] &= 0xffffffff;
    11229. 

  11229.             if (j + 1 >= size) {
    11230. 

  11230.                 break;
    11231. 

  11231.             }
    11232. 

  11232.             s = 32 - s;
    11233. 

  11233.             if (s == DIGIT_BIT) {
    11234. 

  11234.                 r[++j] = 0;
    11235. 

  11235.                 s = 0;
    11236. 

  11236.             }
    11237. 

  11237.             else {
    11238. 

  11238.                 r[++j] = a->dp[i] >> s;
    11239. 

  11239.                 s = DIGIT_BIT - s;
    11240. 

  11240.             }
    11241. 

  11241.         }
    11242. 

  11242.         else {
    11243. 

  11243.             s += DIGIT_BIT;
    11244. 

  11244.         }
    11245. 

  11245.     }
    11246. 

  11246. 

  11247.     for (j++; j < size; j++) {
    11248. 

  11248.         r[j] = 0;
    11249. 

  11249.     }
    11250. 

  11250. #endif
    11251. 

  11251. }
    11252. 

  11252. 

  11253. /* Write r as big endian to byte array.
    11254. 

  11254.  * Fixed length number of bytes written: 512
    11255. 

  11255.  *
    11256. 

  11256.  * r  A single precision integer.
    11257. 

  11257.  * a  Byte array.
    11258. 

  11258.  */
    11259. 

  11259. static void sp_4096_to_bin(sp_digit* r, byte* a)
    11260. 

  11260. {
    11261. 

  11261.     int i, j, s = 0, b;
    11262. 

  11262. 

  11263.     j = 4096 / 8 - 1;
    11264. 

  11264.     a[j] = 0;
    11265. 

  11265.     for (i=0; i<128 && j>=0; i++) {
    11266. 

  11266.         b = 0;
    11267. 

  11267.         /* lint allow cast of mismatch sp_digit and int */
    11268. 

  11268.         a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
    11269. 

  11269.         if (j < 0) {
    11270. 

  11270.             break;
    11271. 

  11271.         }
    11272. 

  11272.         while (b < 32) {
    11273. 

  11273.             a[j--] = r[i] >> b; b += 8;
    11274. 

  11274.             if (j < 0) {
    11275. 

  11275.                 break;
    11276. 

  11276.             }
    11277. 

  11277.         }
    11278. 

  11278.         s = 8 - (b - 32);
    11279. 

  11279.         if (j >= 0) {
    11280. 

  11280.             a[j] = 0;
    11281. 

  11281.         }
    11282. 

  11282.         if (s != 0) {
    11283. 

  11283.             j++;
    11284. 

  11284.         }
    11285. 

  11285.     }
    11286. 

  11286. }
    11287. 

  11287. 

  11288. #ifndef WOLFSSL_SP_SMALL
    11289. 

  11289. /* Add b to a into r. (r = a + b)
    11290. 

  11290.  *
    11291. 

  11291.  * r  A single precision integer.
    11292. 

  11292.  * a  A single precision integer.
    11293. 

  11293.  * b  A single precision integer.
    11294. 

  11294.  */
    11295. 

  11295. SP_NOINLINE static sp_digit sp_4096_add_64(sp_digit* r, const sp_digit* a,
    11296. 

  11296.         const sp_digit* b)
    11297. 

  11297. {
    11298. 

  11298.     sp_digit c = 0;
    11299. 

  11299. 

  11300.     __asm__ __volatile__ (
    11301. 

  11301.         "mov	r7, #0\n\t"
    11302. 

  11302.         "mvn	r7, r7\n\t"
    11303. 

  11303.         "ldr	r4, [%[a], #0]\n\t"
    11304. 

  11304.         "ldr	r5, [%[b], #0]\n\t"
    11305. 

  11305.         "add	r4, r5\n\t"
    11306. 

  11306.         "str	r4, [%[r], #0]\n\t"
    11307. 

  11307.         "ldr	r4, [%[a], #4]\n\t"
    11308. 

  11308.         "ldr	r5, [%[b], #4]\n\t"
    11309. 

  11309.         "adc	r4, r5\n\t"
    11310. 

  11310.         "str	r4, [%[r], #4]\n\t"
    11311. 

  11311.         "ldr	r4, [%[a], #8]\n\t"
    11312. 

  11312.         "ldr	r5, [%[b], #8]\n\t"
    11313. 

  11313.         "adc	r4, r5\n\t"
    11314. 

  11314.         "str	r4, [%[r], #8]\n\t"
    11315. 

  11315.         "ldr	r4, [%[a], #12]\n\t"
    11316. 

  11316.         "ldr	r5, [%[b], #12]\n\t"
    11317. 

  11317.         "adc	r4, r5\n\t"
    11318. 

  11318.         "str	r4, [%[r], #12]\n\t"
    11319. 

  11319.         "ldr	r4, [%[a], #16]\n\t"
    11320. 

  11320.         "ldr	r5, [%[b], #16]\n\t"
    11321. 

  11321.         "adc	r4, r5\n\t"
    11322. 

  11322.         "str	r4, [%[r], #16]\n\t"
    11323. 

  11323.         "ldr	r4, [%[a], #20]\n\t"
    11324. 

  11324.         "ldr	r5, [%[b], #20]\n\t"
    11325. 

  11325.         "adc	r4, r5\n\t"
    11326. 

  11326.         "str	r4, [%[r], #20]\n\t"
    11327. 

  11327.         "ldr	r4, [%[a], #24]\n\t"
    11328. 

  11328.         "ldr	r5, [%[b], #24]\n\t"
    11329. 

  11329.         "adc	r4, r5\n\t"
    11330. 

  11330.         "str	r4, [%[r], #24]\n\t"
    11331. 

  11331.         "ldr	r4, [%[a], #28]\n\t"
    11332. 

  11332.         "ldr	r5, [%[b], #28]\n\t"
    11333. 

  11333.         "adc	r4, r5\n\t"
    11334. 

  11334.         "str	r4, [%[r], #28]\n\t"
    11335. 

  11335.         "ldr	r4, [%[a], #32]\n\t"
    11336. 

  11336.         "ldr	r5, [%[b], #32]\n\t"
    11337. 

  11337.         "adc	r4, r5\n\t"
    11338. 

  11338.         "str	r4, [%[r], #32]\n\t"
    11339. 

  11339.         "ldr	r4, [%[a], #36]\n\t"
    11340. 

  11340.         "ldr	r5, [%[b], #36]\n\t"
    11341. 

  11341.         "adc	r4, r5\n\t"
    11342. 

  11342.         "str	r4, [%[r], #36]\n\t"
    11343. 

  11343.         "ldr	r4, [%[a], #40]\n\t"
    11344. 

  11344.         "ldr	r5, [%[b], #40]\n\t"
    11345. 

  11345.         "adc	r4, r5\n\t"
    11346. 

  11346.         "str	r4, [%[r], #40]\n\t"
    11347. 

  11347.         "ldr	r4, [%[a], #44]\n\t"
    11348. 

  11348.         "ldr	r5, [%[b], #44]\n\t"
    11349. 

  11349.         "adc	r4, r5\n\t"
    11350. 

  11350.         "str	r4, [%[r], #44]\n\t"
    11351. 

  11351.         "ldr	r4, [%[a], #48]\n\t"
    11352. 

  11352.         "ldr	r5, [%[b], #48]\n\t"
    11353. 

  11353.         "adc	r4, r5\n\t"
    11354. 

  11354.         "str	r4, [%[r], #48]\n\t"
    11355. 

  11355.         "ldr	r4, [%[a], #52]\n\t"
    11356. 

  11356.         "ldr	r5, [%[b], #52]\n\t"
    11357. 

  11357.         "adc	r4, r5\n\t"
    11358. 

  11358.         "str	r4, [%[r], #52]\n\t"
    11359. 

  11359.         "ldr	r4, [%[a], #56]\n\t"
    11360. 

  11360.         "ldr	r5, [%[b], #56]\n\t"
    11361. 

  11361.         "adc	r4, r5\n\t"
    11362. 

  11362.         "str	r4, [%[r], #56]\n\t"
    11363. 

  11363.         "ldr	r4, [%[a], #60]\n\t"
    11364. 

  11364.         "ldr	r5, [%[b], #60]\n\t"
    11365. 

  11365.         "adc	r4, r5\n\t"
    11366. 

  11366.         "str	r4, [%[r], #60]\n\t"
    11367. 

  11367.         "ldr	r4, [%[a], #64]\n\t"
    11368. 

  11368.         "ldr	r5, [%[b], #64]\n\t"
    11369. 

  11369.         "adc	r4, r5\n\t"
    11370. 

  11370.         "str	r4, [%[r], #64]\n\t"
    11371. 

  11371.         "ldr	r4, [%[a], #68]\n\t"
    11372. 

  11372.         "ldr	r5, [%[b], #68]\n\t"
    11373. 

  11373.         "adc	r4, r5\n\t"
    11374. 

  11374.         "str	r4, [%[r], #68]\n\t"
    11375. 

  11375.         "ldr	r4, [%[a], #72]\n\t"
    11376. 

  11376.         "ldr	r5, [%[b], #72]\n\t"
    11377. 

  11377.         "adc	r4, r5\n\t"
    11378. 

  11378.         "str	r4, [%[r], #72]\n\t"
    11379. 

  11379.         "ldr	r4, [%[a], #76]\n\t"
    11380. 

  11380.         "ldr	r5, [%[b], #76]\n\t"
    11381. 

  11381.         "adc	r4, r5\n\t"
    11382. 

  11382.         "str	r4, [%[r], #76]\n\t"
    11383. 

  11383.         "ldr	r4, [%[a], #80]\n\t"
    11384. 

  11384.         "ldr	r5, [%[b], #80]\n\t"
    11385. 

  11385.         "adc	r4, r5\n\t"
    11386. 

  11386.         "str	r4, [%[r], #80]\n\t"
    11387. 

  11387.         "ldr	r4, [%[a], #84]\n\t"
    11388. 

  11388.         "ldr	r5, [%[b], #84]\n\t"
    11389. 

  11389.         "adc	r4, r5\n\t"
    11390. 

  11390.         "str	r4, [%[r], #84]\n\t"
    11391. 

  11391.         "ldr	r4, [%[a], #88]\n\t"
    11392. 

  11392.         "ldr	r5, [%[b], #88]\n\t"
    11393. 

  11393.         "adc	r4, r5\n\t"
    11394. 

  11394.         "str	r4, [%[r], #88]\n\t"
    11395. 

  11395.         "ldr	r4, [%[a], #92]\n\t"
    11396. 

  11396.         "ldr	r5, [%[b], #92]\n\t"
    11397. 

  11397.         "adc	r4, r5\n\t"
    11398. 

  11398.         "str	r4, [%[r], #92]\n\t"
    11399. 

  11399.         "ldr	r4, [%[a], #96]\n\t"
    11400. 

  11400.         "ldr	r5, [%[b], #96]\n\t"
    11401. 

  11401.         "adc	r4, r5\n\t"
    11402. 

  11402.         "str	r4, [%[r], #96]\n\t"
    11403. 

  11403.         "ldr	r4, [%[a], #100]\n\t"
    11404. 

  11404.         "ldr	r5, [%[b], #100]\n\t"
    11405. 

  11405.         "adc	r4, r5\n\t"
    11406. 

  11406.         "str	r4, [%[r], #100]\n\t"
    11407. 

  11407.         "ldr	r4, [%[a], #104]\n\t"
    11408. 

  11408.         "ldr	r5, [%[b], #104]\n\t"
    11409. 

  11409.         "adc	r4, r5\n\t"
    11410. 

  11410.         "str	r4, [%[r], #104]\n\t"
    11411. 

  11411.         "ldr	r4, [%[a], #108]\n\t"
    11412. 

  11412.         "ldr	r5, [%[b], #108]\n\t"
    11413. 

  11413.         "adc	r4, r5\n\t"
    11414. 

  11414.         "str	r4, [%[r], #108]\n\t"
    11415. 

  11415.         "ldr	r4, [%[a], #112]\n\t"
    11416. 

  11416.         "ldr	r5, [%[b], #112]\n\t"
    11417. 

  11417.         "adc	r4, r5\n\t"
    11418. 

  11418.         "str	r4, [%[r], #112]\n\t"
    11419. 

  11419.         "ldr	r4, [%[a], #116]\n\t"
    11420. 

  11420.         "ldr	r5, [%[b], #116]\n\t"
    11421. 

  11421.         "adc	r4, r5\n\t"
    11422. 

  11422.         "str	r4, [%[r], #116]\n\t"
    11423. 

  11423.         "ldr	r4, [%[a], #120]\n\t"
    11424. 

  11424.         "ldr	r5, [%[b], #120]\n\t"
    11425. 

  11425.         "adc	r4, r5\n\t"
    11426. 

  11426.         "str	r4, [%[r], #120]\n\t"
    11427. 

  11427.         "ldr	r4, [%[a], #124]\n\t"
    11428. 

  11428.         "ldr	r5, [%[b], #124]\n\t"
    11429. 

  11429.         "adc	r4, r5\n\t"
    11430. 

  11430.         "str	r4, [%[r], #124]\n\t"
    11431. 

  11431.         "mov	%[c], #0\n\t"
    11432. 

  11432.         "adc	%[c], %[c]\n\t"
    11433. 

  11433.         "add	%[a], #0x80\n\t"
    11434. 

  11434.         "add	%[b], #0x80\n\t"
    11435. 

  11435.         "add	%[r], #0x80\n\t"
    11436. 

  11436.         "add	%[c], r7\n\t"
    11437. 

  11437.         "ldr	r4, [%[a], #0]\n\t"
    11438. 

  11438.         "ldr	r5, [%[b], #0]\n\t"
    11439. 

  11439.         "adc	r4, r5\n\t"
    11440. 

  11440.         "str	r4, [%[r], #0]\n\t"
    11441. 

  11441.         "ldr	r4, [%[a], #4]\n\t"
    11442. 

  11442.         "ldr	r5, [%[b], #4]\n\t"
    11443. 

  11443.         "adc	r4, r5\n\t"
    11444. 

  11444.         "str	r4, [%[r], #4]\n\t"
    11445. 

  11445.         "ldr	r4, [%[a], #8]\n\t"
    11446. 

  11446.         "ldr	r5, [%[b], #8]\n\t"
    11447. 

  11447.         "adc	r4, r5\n\t"
    11448. 

  11448.         "str	r4, [%[r], #8]\n\t"
    11449. 

  11449.         "ldr	r4, [%[a], #12]\n\t"
    11450. 

  11450.         "ldr	r5, [%[b], #12]\n\t"
    11451. 

  11451.         "adc	r4, r5\n\t"
    11452. 

  11452.         "str	r4, [%[r], #12]\n\t"
    11453. 

  11453.         "ldr	r4, [%[a], #16]\n\t"
    11454. 

  11454.         "ldr	r5, [%[b], #16]\n\t"
    11455. 

  11455.         "adc	r4, r5\n\t"
    11456. 

  11456.         "str	r4, [%[r], #16]\n\t"
    11457. 

  11457.         "ldr	r4, [%[a], #20]\n\t"
    11458. 

  11458.         "ldr	r5, [%[b], #20]\n\t"
    11459. 

  11459.         "adc	r4, r5\n\t"
    11460. 

  11460.         "str	r4, [%[r], #20]\n\t"
    11461. 

  11461.         "ldr	r4, [%[a], #24]\n\t"
    11462. 

  11462.         "ldr	r5, [%[b], #24]\n\t"
    11463. 

  11463.         "adc	r4, r5\n\t"
    11464. 

  11464.         "str	r4, [%[r], #24]\n\t"
    11465. 

  11465.         "ldr	r4, [%[a], #28]\n\t"
    11466. 

  11466.         "ldr	r5, [%[b], #28]\n\t"
    11467. 

  11467.         "adc	r4, r5\n\t"
    11468. 

  11468.         "str	r4, [%[r], #28]\n\t"
    11469. 

  11469.         "ldr	r4, [%[a], #32]\n\t"
    11470. 

  11470.         "ldr	r5, [%[b], #32]\n\t"
    11471. 

  11471.         "adc	r4, r5\n\t"
    11472. 

  11472.         "str	r4, [%[r], #32]\n\t"
    11473. 

  11473.         "ldr	r4, [%[a], #36]\n\t"
    11474. 

  11474.         "ldr	r5, [%[b], #36]\n\t"
    11475. 

  11475.         "adc	r4, r5\n\t"
    11476. 

  11476.         "str	r4, [%[r], #36]\n\t"
    11477. 

  11477.         "ldr	r4, [%[a], #40]\n\t"
    11478. 

  11478.         "ldr	r5, [%[b], #40]\n\t"
    11479. 

  11479.         "adc	r4, r5\n\t"
    11480. 

  11480.         "str	r4, [%[r], #40]\n\t"
    11481. 

  11481.         "ldr	r4, [%[a], #44]\n\t"
    11482. 

  11482.         "ldr	r5, [%[b], #44]\n\t"
    11483. 

  11483.         "adc	r4, r5\n\t"
    11484. 

  11484.         "str	r4, [%[r], #44]\n\t"
    11485. 

  11485.         "ldr	r4, [%[a], #48]\n\t"
    11486. 

  11486.         "ldr	r5, [%[b], #48]\n\t"
    11487. 

  11487.         "adc	r4, r5\n\t"
    11488. 

  11488.         "str	r4, [%[r], #48]\n\t"
    11489. 

  11489.         "ldr	r4, [%[a], #52]\n\t"
    11490. 

  11490.         "ldr	r5, [%[b], #52]\n\t"
    11491. 

  11491.         "adc	r4, r5\n\t"
    11492. 

  11492.         "str	r4, [%[r], #52]\n\t"
    11493. 

  11493.         "ldr	r4, [%[a], #56]\n\t"
    11494. 

  11494.         "ldr	r5, [%[b], #56]\n\t"
    11495. 

  11495.         "adc	r4, r5\n\t"
    11496. 

  11496.         "str	r4, [%[r], #56]\n\t"
    11497. 

  11497.         "ldr	r4, [%[a], #60]\n\t"
    11498. 

  11498.         "ldr	r5, [%[b], #60]\n\t"
    11499. 

  11499.         "adc	r4, r5\n\t"
    11500. 

  11500.         "str	r4, [%[r], #60]\n\t"
    11501. 

  11501.         "ldr	r4, [%[a], #64]\n\t"
    11502. 

  11502.         "ldr	r5, [%[b], #64]\n\t"
    11503. 

  11503.         "adc	r4, r5\n\t"
    11504. 

  11504.         "str	r4, [%[r], #64]\n\t"
    11505. 

  11505.         "ldr	r4, [%[a], #68]\n\t"
    11506. 

  11506.         "ldr	r5, [%[b], #68]\n\t"
    11507. 

  11507.         "adc	r4, r5\n\t"
    11508. 

  11508.         "str	r4, [%[r], #68]\n\t"
    11509. 

  11509.         "ldr	r4, [%[a], #72]\n\t"
    11510. 

  11510.         "ldr	r5, [%[b], #72]\n\t"
    11511. 

  11511.         "adc	r4, r5\n\t"
    11512. 

  11512.         "str	r4, [%[r], #72]\n\t"
    11513. 

  11513.         "ldr	r4, [%[a], #76]\n\t"
    11514. 

  11514.         "ldr	r5, [%[b], #76]\n\t"
    11515. 

  11515.         "adc	r4, r5\n\t"
    11516. 

  11516.         "str	r4, [%[r], #76]\n\t"
    11517. 

  11517.         "ldr	r4, [%[a], #80]\n\t"
    11518. 

  11518.         "ldr	r5, [%[b], #80]\n\t"
    11519. 

  11519.         "adc	r4, r5\n\t"
    11520. 

  11520.         "str	r4, [%[r], #80]\n\t"
    11521. 

  11521.         "ldr	r4, [%[a], #84]\n\t"
    11522. 

  11522.         "ldr	r5, [%[b], #84]\n\t"
    11523. 

  11523.         "adc	r4, r5\n\t"
    11524. 

  11524.         "str	r4, [%[r], #84]\n\t"
    11525. 

  11525.         "ldr	r4, [%[a], #88]\n\t"
    11526. 

  11526.         "ldr	r5, [%[b], #88]\n\t"
    11527. 

  11527.         "adc	r4, r5\n\t"
    11528. 

  11528.         "str	r4, [%[r], #88]\n\t"
    11529. 

  11529.         "ldr	r4, [%[a], #92]\n\t"
    11530. 

  11530.         "ldr	r5, [%[b], #92]\n\t"
    11531. 

  11531.         "adc	r4, r5\n\t"
    11532. 

  11532.         "str	r4, [%[r], #92]\n\t"
    11533. 

  11533.         "ldr	r4, [%[a], #96]\n\t"
    11534. 

  11534.         "ldr	r5, [%[b], #96]\n\t"
    11535. 

  11535.         "adc	r4, r5\n\t"
    11536. 

  11536.         "str	r4, [%[r], #96]\n\t"
    11537. 

  11537.         "ldr	r4, [%[a], #100]\n\t"
    11538. 

  11538.         "ldr	r5, [%[b], #100]\n\t"
    11539. 

  11539.         "adc	r4, r5\n\t"
    11540. 

  11540.         "str	r4, [%[r], #100]\n\t"
    11541. 

  11541.         "ldr	r4, [%[a], #104]\n\t"
    11542. 

  11542.         "ldr	r5, [%[b], #104]\n\t"
    11543. 

  11543.         "adc	r4, r5\n\t"
    11544. 

  11544.         "str	r4, [%[r], #104]\n\t"
    11545. 

  11545.         "ldr	r4, [%[a], #108]\n\t"
    11546. 

  11546.         "ldr	r5, [%[b], #108]\n\t"
    11547. 

  11547.         "adc	r4, r5\n\t"
    11548. 

  11548.         "str	r4, [%[r], #108]\n\t"
    11549. 

  11549.         "ldr	r4, [%[a], #112]\n\t"
    11550. 

  11550.         "ldr	r5, [%[b], #112]\n\t"
    11551. 

  11551.         "adc	r4, r5\n\t"
    11552. 

  11552.         "str	r4, [%[r], #112]\n\t"
    11553. 

  11553.         "ldr	r4, [%[a], #116]\n\t"
    11554. 

  11554.         "ldr	r5, [%[b], #116]\n\t"
    11555. 

  11555.         "adc	r4, r5\n\t"
    11556. 

  11556.         "str	r4, [%[r], #116]\n\t"
    11557. 

  11557.         "ldr	r4, [%[a], #120]\n\t"
    11558. 

  11558.         "ldr	r5, [%[b], #120]\n\t"
    11559. 

  11559.         "adc	r4, r5\n\t"
    11560. 

  11560.         "str	r4, [%[r], #120]\n\t"
    11561. 

  11561.         "ldr	r4, [%[a], #124]\n\t"
    11562. 

  11562.         "ldr	r5, [%[b], #124]\n\t"
    11563. 

  11563.         "adc	r4, r5\n\t"
    11564. 

  11564.         "str	r4, [%[r], #124]\n\t"
    11565. 

  11565.         "mov	%[c], #0\n\t"
    11566. 

  11566.         "adc	%[c], %[c]\n\t"
    11567. 

  11567.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    11568. 

  11568.         :
    11569. 

  11569.         : "memory", "r4", "r5", "r7"
    11570. 

  11570.     );
    11571. 

  11571. 

  11572.     return c;
    11573. 

  11573. }
    11574. 

  11574. 

  11575. /* Sub b from a into r. (r = a - b)
    11576. 

  11576.  *
    11577. 

  11577.  * r  A single precision integer.
    11578. 

  11578.  * a  A single precision integer.
    11579. 

  11579.  * b  A single precision integer.
    11580. 

  11580.  */
    11581. 

  11581. SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
    11582. 

  11582.         const sp_digit* b)
    11583. 

  11583. {
    11584. 

  11584.     sp_digit c = 0;
    11585. 

  11585. 

  11586.     __asm__ __volatile__ (
    11587. 

  11587.         "ldr	r3, [%[a], #0]\n\t"
    11588. 

  11588.         "ldr	r4, [%[a], #4]\n\t"
    11589. 

  11589.         "ldr	r5, [%[b], #0]\n\t"
    11590. 

  11590.         "ldr	r6, [%[b], #4]\n\t"
    11591. 

  11591.         "sub	r3, r5\n\t"
    11592. 

  11592.         "sbc	r4, r6\n\t"
    11593. 

  11593.         "str	r3, [%[a], #0]\n\t"
    11594. 

  11594.         "str	r4, [%[a], #4]\n\t"
    11595. 

  11595.         "ldr	r3, [%[a], #8]\n\t"
    11596. 

  11596.         "ldr	r4, [%[a], #12]\n\t"
    11597. 

  11597.         "ldr	r5, [%[b], #8]\n\t"
    11598. 

  11598.         "ldr	r6, [%[b], #12]\n\t"
    11599. 

  11599.         "sbc	r3, r5\n\t"
    11600. 

  11600.         "sbc	r4, r6\n\t"
    11601. 

  11601.         "str	r3, [%[a], #8]\n\t"
    11602. 

  11602.         "str	r4, [%[a], #12]\n\t"
    11603. 

  11603.         "ldr	r3, [%[a], #16]\n\t"
    11604. 

  11604.         "ldr	r4, [%[a], #20]\n\t"
    11605. 

  11605.         "ldr	r5, [%[b], #16]\n\t"
    11606. 

  11606.         "ldr	r6, [%[b], #20]\n\t"
    11607. 

  11607.         "sbc	r3, r5\n\t"
    11608. 

  11608.         "sbc	r4, r6\n\t"
    11609. 

  11609.         "str	r3, [%[a], #16]\n\t"
    11610. 

  11610.         "str	r4, [%[a], #20]\n\t"
    11611. 

  11611.         "ldr	r3, [%[a], #24]\n\t"
    11612. 

  11612.         "ldr	r4, [%[a], #28]\n\t"
    11613. 

  11613.         "ldr	r5, [%[b], #24]\n\t"
    11614. 

  11614.         "ldr	r6, [%[b], #28]\n\t"
    11615. 

  11615.         "sbc	r3, r5\n\t"
    11616. 

  11616.         "sbc	r4, r6\n\t"
    11617. 

  11617.         "str	r3, [%[a], #24]\n\t"
    11618. 

  11618.         "str	r4, [%[a], #28]\n\t"
    11619. 

  11619.         "ldr	r3, [%[a], #32]\n\t"
    11620. 

  11620.         "ldr	r4, [%[a], #36]\n\t"
    11621. 

  11621.         "ldr	r5, [%[b], #32]\n\t"
    11622. 

  11622.         "ldr	r6, [%[b], #36]\n\t"
    11623. 

  11623.         "sbc	r3, r5\n\t"
    11624. 

  11624.         "sbc	r4, r6\n\t"
    11625. 

  11625.         "str	r3, [%[a], #32]\n\t"
    11626. 

  11626.         "str	r4, [%[a], #36]\n\t"
    11627. 

  11627.         "ldr	r3, [%[a], #40]\n\t"
    11628. 

  11628.         "ldr	r4, [%[a], #44]\n\t"
    11629. 

  11629.         "ldr	r5, [%[b], #40]\n\t"
    11630. 

  11630.         "ldr	r6, [%[b], #44]\n\t"
    11631. 

  11631.         "sbc	r3, r5\n\t"
    11632. 

  11632.         "sbc	r4, r6\n\t"
    11633. 

  11633.         "str	r3, [%[a], #40]\n\t"
    11634. 

  11634.         "str	r4, [%[a], #44]\n\t"
    11635. 

  11635.         "ldr	r3, [%[a], #48]\n\t"
    11636. 

  11636.         "ldr	r4, [%[a], #52]\n\t"
    11637. 

  11637.         "ldr	r5, [%[b], #48]\n\t"
    11638. 

  11638.         "ldr	r6, [%[b], #52]\n\t"
    11639. 

  11639.         "sbc	r3, r5\n\t"
    11640. 

  11640.         "sbc	r4, r6\n\t"
    11641. 

  11641.         "str	r3, [%[a], #48]\n\t"
    11642. 

  11642.         "str	r4, [%[a], #52]\n\t"
    11643. 

  11643.         "ldr	r3, [%[a], #56]\n\t"
    11644. 

  11644.         "ldr	r4, [%[a], #60]\n\t"
    11645. 

  11645.         "ldr	r5, [%[b], #56]\n\t"
    11646. 

  11646.         "ldr	r6, [%[b], #60]\n\t"
    11647. 

  11647.         "sbc	r3, r5\n\t"
    11648. 

  11648.         "sbc	r4, r6\n\t"
    11649. 

  11649.         "str	r3, [%[a], #56]\n\t"
    11650. 

  11650.         "str	r4, [%[a], #60]\n\t"
    11651. 

  11651.         "ldr	r3, [%[a], #64]\n\t"
    11652. 

  11652.         "ldr	r4, [%[a], #68]\n\t"
    11653. 

  11653.         "ldr	r5, [%[b], #64]\n\t"
    11654. 

  11654.         "ldr	r6, [%[b], #68]\n\t"
    11655. 

  11655.         "sbc	r3, r5\n\t"
    11656. 

  11656.         "sbc	r4, r6\n\t"
    11657. 

  11657.         "str	r3, [%[a], #64]\n\t"
    11658. 

  11658.         "str	r4, [%[a], #68]\n\t"
    11659. 

  11659.         "ldr	r3, [%[a], #72]\n\t"
    11660. 

  11660.         "ldr	r4, [%[a], #76]\n\t"
    11661. 

  11661.         "ldr	r5, [%[b], #72]\n\t"
    11662. 

  11662.         "ldr	r6, [%[b], #76]\n\t"
    11663. 

  11663.         "sbc	r3, r5\n\t"
    11664. 

  11664.         "sbc	r4, r6\n\t"
    11665. 

  11665.         "str	r3, [%[a], #72]\n\t"
    11666. 

  11666.         "str	r4, [%[a], #76]\n\t"
    11667. 

  11667.         "ldr	r3, [%[a], #80]\n\t"
    11668. 

  11668.         "ldr	r4, [%[a], #84]\n\t"
    11669. 

  11669.         "ldr	r5, [%[b], #80]\n\t"
    11670. 

  11670.         "ldr	r6, [%[b], #84]\n\t"
    11671. 

  11671.         "sbc	r3, r5\n\t"
    11672. 

  11672.         "sbc	r4, r6\n\t"
    11673. 

  11673.         "str	r3, [%[a], #80]\n\t"
    11674. 

  11674.         "str	r4, [%[a], #84]\n\t"
    11675. 

  11675.         "ldr	r3, [%[a], #88]\n\t"
    11676. 

  11676.         "ldr	r4, [%[a], #92]\n\t"
    11677. 

  11677.         "ldr	r5, [%[b], #88]\n\t"
    11678. 

  11678.         "ldr	r6, [%[b], #92]\n\t"
    11679. 

  11679.         "sbc	r3, r5\n\t"
    11680. 

  11680.         "sbc	r4, r6\n\t"
    11681. 

  11681.         "str	r3, [%[a], #88]\n\t"
    11682. 

  11682.         "str	r4, [%[a], #92]\n\t"
    11683. 

  11683.         "ldr	r3, [%[a], #96]\n\t"
    11684. 

  11684.         "ldr	r4, [%[a], #100]\n\t"
    11685. 

  11685.         "ldr	r5, [%[b], #96]\n\t"
    11686. 

  11686.         "ldr	r6, [%[b], #100]\n\t"
    11687. 

  11687.         "sbc	r3, r5\n\t"
    11688. 

  11688.         "sbc	r4, r6\n\t"
    11689. 

  11689.         "str	r3, [%[a], #96]\n\t"
    11690. 

  11690.         "str	r4, [%[a], #100]\n\t"
    11691. 

  11691.         "ldr	r3, [%[a], #104]\n\t"
    11692. 

  11692.         "ldr	r4, [%[a], #108]\n\t"
    11693. 

  11693.         "ldr	r5, [%[b], #104]\n\t"
    11694. 

  11694.         "ldr	r6, [%[b], #108]\n\t"
    11695. 

  11695.         "sbc	r3, r5\n\t"
    11696. 

  11696.         "sbc	r4, r6\n\t"
    11697. 

  11697.         "str	r3, [%[a], #104]\n\t"
    11698. 

  11698.         "str	r4, [%[a], #108]\n\t"
    11699. 

  11699.         "ldr	r3, [%[a], #112]\n\t"
    11700. 

  11700.         "ldr	r4, [%[a], #116]\n\t"
    11701. 

  11701.         "ldr	r5, [%[b], #112]\n\t"
    11702. 

  11702.         "ldr	r6, [%[b], #116]\n\t"
    11703. 

  11703.         "sbc	r3, r5\n\t"
    11704. 

  11704.         "sbc	r4, r6\n\t"
    11705. 

  11705.         "str	r3, [%[a], #112]\n\t"
    11706. 

  11706.         "str	r4, [%[a], #116]\n\t"
    11707. 

  11707.         "ldr	r3, [%[a], #120]\n\t"
    11708. 

  11708.         "ldr	r4, [%[a], #124]\n\t"
    11709. 

  11709.         "ldr	r5, [%[b], #120]\n\t"
    11710. 

  11710.         "ldr	r6, [%[b], #124]\n\t"
    11711. 

  11711.         "sbc	r3, r5\n\t"
    11712. 

  11712.         "sbc	r4, r6\n\t"
    11713. 

  11713.         "str	r3, [%[a], #120]\n\t"
    11714. 

  11714.         "str	r4, [%[a], #124]\n\t"
    11715. 

  11715.         "sbc	%[c], %[c]\n\t"
    11716. 

  11716.         "add	%[a], #0x80\n\t"
    11717. 

  11717.         "add	%[b], #0x80\n\t"
    11718. 

  11718.         "mov	r5, #0\n\t"
    11719. 

  11719.         "sub	r5, %[c]\n\t"
    11720. 

  11720.         "ldr	r3, [%[a], #0]\n\t"
    11721. 

  11721.         "ldr	r4, [%[a], #4]\n\t"
    11722. 

  11722.         "ldr	r5, [%[b], #0]\n\t"
    11723. 

  11723.         "ldr	r6, [%[b], #4]\n\t"
    11724. 

  11724.         "sbc	r3, r5\n\t"
    11725. 

  11725.         "sbc	r4, r6\n\t"
    11726. 

  11726.         "str	r3, [%[a], #0]\n\t"
    11727. 

  11727.         "str	r4, [%[a], #4]\n\t"
    11728. 

  11728.         "ldr	r3, [%[a], #8]\n\t"
    11729. 

  11729.         "ldr	r4, [%[a], #12]\n\t"
    11730. 

  11730.         "ldr	r5, [%[b], #8]\n\t"
    11731. 

  11731.         "ldr	r6, [%[b], #12]\n\t"
    11732. 

  11732.         "sbc	r3, r5\n\t"
    11733. 

  11733.         "sbc	r4, r6\n\t"
    11734. 

  11734.         "str	r3, [%[a], #8]\n\t"
    11735. 

  11735.         "str	r4, [%[a], #12]\n\t"
    11736. 

  11736.         "ldr	r3, [%[a], #16]\n\t"
    11737. 

  11737.         "ldr	r4, [%[a], #20]\n\t"
    11738. 

  11738.         "ldr	r5, [%[b], #16]\n\t"
    11739. 

  11739.         "ldr	r6, [%[b], #20]\n\t"
    11740. 

  11740.         "sbc	r3, r5\n\t"
    11741. 

  11741.         "sbc	r4, r6\n\t"
    11742. 

  11742.         "str	r3, [%[a], #16]\n\t"
    11743. 

  11743.         "str	r4, [%[a], #20]\n\t"
    11744. 

  11744.         "ldr	r3, [%[a], #24]\n\t"
    11745. 

  11745.         "ldr	r4, [%[a], #28]\n\t"
    11746. 

  11746.         "ldr	r5, [%[b], #24]\n\t"
    11747. 

  11747.         "ldr	r6, [%[b], #28]\n\t"
    11748. 

  11748.         "sbc	r3, r5\n\t"
    11749. 

  11749.         "sbc	r4, r6\n\t"
    11750. 

  11750.         "str	r3, [%[a], #24]\n\t"
    11751. 

  11751.         "str	r4, [%[a], #28]\n\t"
    11752. 

  11752.         "ldr	r3, [%[a], #32]\n\t"
    11753. 

  11753.         "ldr	r4, [%[a], #36]\n\t"
    11754. 

  11754.         "ldr	r5, [%[b], #32]\n\t"
    11755. 

  11755.         "ldr	r6, [%[b], #36]\n\t"
    11756. 

  11756.         "sbc	r3, r5\n\t"
    11757. 

  11757.         "sbc	r4, r6\n\t"
    11758. 

  11758.         "str	r3, [%[a], #32]\n\t"
    11759. 

  11759.         "str	r4, [%[a], #36]\n\t"
    11760. 

  11760.         "ldr	r3, [%[a], #40]\n\t"
    11761. 

  11761.         "ldr	r4, [%[a], #44]\n\t"
    11762. 

  11762.         "ldr	r5, [%[b], #40]\n\t"
    11763. 

  11763.         "ldr	r6, [%[b], #44]\n\t"
    11764. 

  11764.         "sbc	r3, r5\n\t"
    11765. 

  11765.         "sbc	r4, r6\n\t"
    11766. 

  11766.         "str	r3, [%[a], #40]\n\t"
    11767. 

  11767.         "str	r4, [%[a], #44]\n\t"
    11768. 

  11768.         "ldr	r3, [%[a], #48]\n\t"
    11769. 

  11769.         "ldr	r4, [%[a], #52]\n\t"
    11770. 

  11770.         "ldr	r5, [%[b], #48]\n\t"
    11771. 

  11771.         "ldr	r6, [%[b], #52]\n\t"
    11772. 

  11772.         "sbc	r3, r5\n\t"
    11773. 

  11773.         "sbc	r4, r6\n\t"
    11774. 

  11774.         "str	r3, [%[a], #48]\n\t"
    11775. 

  11775.         "str	r4, [%[a], #52]\n\t"
    11776. 

  11776.         "ldr	r3, [%[a], #56]\n\t"
    11777. 

  11777.         "ldr	r4, [%[a], #60]\n\t"
    11778. 

  11778.         "ldr	r5, [%[b], #56]\n\t"
    11779. 

  11779.         "ldr	r6, [%[b], #60]\n\t"
    11780. 

  11780.         "sbc	r3, r5\n\t"
    11781. 

  11781.         "sbc	r4, r6\n\t"
    11782. 

  11782.         "str	r3, [%[a], #56]\n\t"
    11783. 

  11783.         "str	r4, [%[a], #60]\n\t"
    11784. 

  11784.         "ldr	r3, [%[a], #64]\n\t"
    11785. 

  11785.         "ldr	r4, [%[a], #68]\n\t"
    11786. 

  11786.         "ldr	r5, [%[b], #64]\n\t"
    11787. 

  11787.         "ldr	r6, [%[b], #68]\n\t"
    11788. 

  11788.         "sbc	r3, r5\n\t"
    11789. 

  11789.         "sbc	r4, r6\n\t"
    11790. 

  11790.         "str	r3, [%[a], #64]\n\t"
    11791. 

  11791.         "str	r4, [%[a], #68]\n\t"
    11792. 

  11792.         "ldr	r3, [%[a], #72]\n\t"
    11793. 

  11793.         "ldr	r4, [%[a], #76]\n\t"
    11794. 

  11794.         "ldr	r5, [%[b], #72]\n\t"
    11795. 

  11795.         "ldr	r6, [%[b], #76]\n\t"
    11796. 

  11796.         "sbc	r3, r5\n\t"
    11797. 

  11797.         "sbc	r4, r6\n\t"
    11798. 

  11798.         "str	r3, [%[a], #72]\n\t"
    11799. 

  11799.         "str	r4, [%[a], #76]\n\t"
    11800. 

  11800.         "ldr	r3, [%[a], #80]\n\t"
    11801. 

  11801.         "ldr	r4, [%[a], #84]\n\t"
    11802. 

  11802.         "ldr	r5, [%[b], #80]\n\t"
    11803. 

  11803.         "ldr	r6, [%[b], #84]\n\t"
    11804. 

  11804.         "sbc	r3, r5\n\t"
    11805. 

  11805.         "sbc	r4, r6\n\t"
    11806. 

  11806.         "str	r3, [%[a], #80]\n\t"
    11807. 

  11807.         "str	r4, [%[a], #84]\n\t"
    11808. 

  11808.         "ldr	r3, [%[a], #88]\n\t"
    11809. 

  11809.         "ldr	r4, [%[a], #92]\n\t"
    11810. 

  11810.         "ldr	r5, [%[b], #88]\n\t"
    11811. 

  11811.         "ldr	r6, [%[b], #92]\n\t"
    11812. 

  11812.         "sbc	r3, r5\n\t"
    11813. 

  11813.         "sbc	r4, r6\n\t"
    11814. 

  11814.         "str	r3, [%[a], #88]\n\t"
    11815. 

  11815.         "str	r4, [%[a], #92]\n\t"
    11816. 

  11816.         "ldr	r3, [%[a], #96]\n\t"
    11817. 

  11817.         "ldr	r4, [%[a], #100]\n\t"
    11818. 

  11818.         "ldr	r5, [%[b], #96]\n\t"
    11819. 

  11819.         "ldr	r6, [%[b], #100]\n\t"
    11820. 

  11820.         "sbc	r3, r5\n\t"
    11821. 

  11821.         "sbc	r4, r6\n\t"
    11822. 

  11822.         "str	r3, [%[a], #96]\n\t"
    11823. 

  11823.         "str	r4, [%[a], #100]\n\t"
    11824. 

  11824.         "ldr	r3, [%[a], #104]\n\t"
    11825. 

  11825.         "ldr	r4, [%[a], #108]\n\t"
    11826. 

  11826.         "ldr	r5, [%[b], #104]\n\t"
    11827. 

  11827.         "ldr	r6, [%[b], #108]\n\t"
    11828. 

  11828.         "sbc	r3, r5\n\t"
    11829. 

  11829.         "sbc	r4, r6\n\t"
    11830. 

  11830.         "str	r3, [%[a], #104]\n\t"
    11831. 

  11831.         "str	r4, [%[a], #108]\n\t"
    11832. 

  11832.         "ldr	r3, [%[a], #112]\n\t"
    11833. 

  11833.         "ldr	r4, [%[a], #116]\n\t"
    11834. 

  11834.         "ldr	r5, [%[b], #112]\n\t"
    11835. 

  11835.         "ldr	r6, [%[b], #116]\n\t"
    11836. 

  11836.         "sbc	r3, r5\n\t"
    11837. 

  11837.         "sbc	r4, r6\n\t"
    11838. 

  11838.         "str	r3, [%[a], #112]\n\t"
    11839. 

  11839.         "str	r4, [%[a], #116]\n\t"
    11840. 

  11840.         "ldr	r3, [%[a], #120]\n\t"
    11841. 

  11841.         "ldr	r4, [%[a], #124]\n\t"
    11842. 

  11842.         "ldr	r5, [%[b], #120]\n\t"
    11843. 

  11843.         "ldr	r6, [%[b], #124]\n\t"
    11844. 

  11844.         "sbc	r3, r5\n\t"
    11845. 

  11845.         "sbc	r4, r6\n\t"
    11846. 

  11846.         "str	r3, [%[a], #120]\n\t"
    11847. 

  11847.         "str	r4, [%[a], #124]\n\t"
    11848. 

  11848.         "sbc	%[c], %[c]\n\t"
    11849. 

  11849.         "add	%[a], #0x80\n\t"
    11850. 

  11850.         "add	%[b], #0x80\n\t"
    11851. 

  11851.         "mov	r5, #0\n\t"
    11852. 

  11852.         "sub	r5, %[c]\n\t"
    11853. 

  11853.         "ldr	r3, [%[a], #0]\n\t"
    11854. 

  11854.         "ldr	r4, [%[a], #4]\n\t"
    11855. 

  11855.         "ldr	r5, [%[b], #0]\n\t"
    11856. 

  11856.         "ldr	r6, [%[b], #4]\n\t"
    11857. 

  11857.         "sbc	r3, r5\n\t"
    11858. 

  11858.         "sbc	r4, r6\n\t"
    11859. 

  11859.         "str	r3, [%[a], #0]\n\t"
    11860. 

  11860.         "str	r4, [%[a], #4]\n\t"
    11861. 

  11861.         "ldr	r3, [%[a], #8]\n\t"
    11862. 

  11862.         "ldr	r4, [%[a], #12]\n\t"
    11863. 

  11863.         "ldr	r5, [%[b], #8]\n\t"
    11864. 

  11864.         "ldr	r6, [%[b], #12]\n\t"
    11865. 

  11865.         "sbc	r3, r5\n\t"
    11866. 

  11866.         "sbc	r4, r6\n\t"
    11867. 

  11867.         "str	r3, [%[a], #8]\n\t"
    11868. 

  11868.         "str	r4, [%[a], #12]\n\t"
    11869. 

  11869.         "ldr	r3, [%[a], #16]\n\t"
    11870. 

  11870.         "ldr	r4, [%[a], #20]\n\t"
    11871. 

  11871.         "ldr	r5, [%[b], #16]\n\t"
    11872. 

  11872.         "ldr	r6, [%[b], #20]\n\t"
    11873. 

  11873.         "sbc	r3, r5\n\t"
    11874. 

  11874.         "sbc	r4, r6\n\t"
    11875. 

  11875.         "str	r3, [%[a], #16]\n\t"
    11876. 

  11876.         "str	r4, [%[a], #20]\n\t"
    11877. 

  11877.         "ldr	r3, [%[a], #24]\n\t"
    11878. 

  11878.         "ldr	r4, [%[a], #28]\n\t"
    11879. 

  11879.         "ldr	r5, [%[b], #24]\n\t"
    11880. 

  11880.         "ldr	r6, [%[b], #28]\n\t"
    11881. 

  11881.         "sbc	r3, r5\n\t"
    11882. 

  11882.         "sbc	r4, r6\n\t"
    11883. 

  11883.         "str	r3, [%[a], #24]\n\t"
    11884. 

  11884.         "str	r4, [%[a], #28]\n\t"
    11885. 

  11885.         "ldr	r3, [%[a], #32]\n\t"
    11886. 

  11886.         "ldr	r4, [%[a], #36]\n\t"
    11887. 

  11887.         "ldr	r5, [%[b], #32]\n\t"
    11888. 

  11888.         "ldr	r6, [%[b], #36]\n\t"
    11889. 

  11889.         "sbc	r3, r5\n\t"
    11890. 

  11890.         "sbc	r4, r6\n\t"
    11891. 

  11891.         "str	r3, [%[a], #32]\n\t"
    11892. 

  11892.         "str	r4, [%[a], #36]\n\t"
    11893. 

  11893.         "ldr	r3, [%[a], #40]\n\t"
    11894. 

  11894.         "ldr	r4, [%[a], #44]\n\t"
    11895. 

  11895.         "ldr	r5, [%[b], #40]\n\t"
    11896. 

  11896.         "ldr	r6, [%[b], #44]\n\t"
    11897. 

  11897.         "sbc	r3, r5\n\t"
    11898. 

  11898.         "sbc	r4, r6\n\t"
    11899. 

  11899.         "str	r3, [%[a], #40]\n\t"
    11900. 

  11900.         "str	r4, [%[a], #44]\n\t"
    11901. 

  11901.         "ldr	r3, [%[a], #48]\n\t"
    11902. 

  11902.         "ldr	r4, [%[a], #52]\n\t"
    11903. 

  11903.         "ldr	r5, [%[b], #48]\n\t"
    11904. 

  11904.         "ldr	r6, [%[b], #52]\n\t"
    11905. 

  11905.         "sbc	r3, r5\n\t"
    11906. 

  11906.         "sbc	r4, r6\n\t"
    11907. 

  11907.         "str	r3, [%[a], #48]\n\t"
    11908. 

  11908.         "str	r4, [%[a], #52]\n\t"
    11909. 

  11909.         "ldr	r3, [%[a], #56]\n\t"
    11910. 

  11910.         "ldr	r4, [%[a], #60]\n\t"
    11911. 

  11911.         "ldr	r5, [%[b], #56]\n\t"
    11912. 

  11912.         "ldr	r6, [%[b], #60]\n\t"
    11913. 

  11913.         "sbc	r3, r5\n\t"
    11914. 

  11914.         "sbc	r4, r6\n\t"
    11915. 

  11915.         "str	r3, [%[a], #56]\n\t"
    11916. 

  11916.         "str	r4, [%[a], #60]\n\t"
    11917. 

  11917.         "ldr	r3, [%[a], #64]\n\t"
    11918. 

  11918.         "ldr	r4, [%[a], #68]\n\t"
    11919. 

  11919.         "ldr	r5, [%[b], #64]\n\t"
    11920. 

  11920.         "ldr	r6, [%[b], #68]\n\t"
    11921. 

  11921.         "sbc	r3, r5\n\t"
    11922. 

  11922.         "sbc	r4, r6\n\t"
    11923. 

  11923.         "str	r3, [%[a], #64]\n\t"
    11924. 

  11924.         "str	r4, [%[a], #68]\n\t"
    11925. 

  11925.         "ldr	r3, [%[a], #72]\n\t"
    11926. 

  11926.         "ldr	r4, [%[a], #76]\n\t"
    11927. 

  11927.         "ldr	r5, [%[b], #72]\n\t"
    11928. 

  11928.         "ldr	r6, [%[b], #76]\n\t"
    11929. 

  11929.         "sbc	r3, r5\n\t"
    11930. 

  11930.         "sbc	r4, r6\n\t"
    11931. 

  11931.         "str	r3, [%[a], #72]\n\t"
    11932. 

  11932.         "str	r4, [%[a], #76]\n\t"
    11933. 

  11933.         "ldr	r3, [%[a], #80]\n\t"
    11934. 

  11934.         "ldr	r4, [%[a], #84]\n\t"
    11935. 

  11935.         "ldr	r5, [%[b], #80]\n\t"
    11936. 

  11936.         "ldr	r6, [%[b], #84]\n\t"
    11937. 

  11937.         "sbc	r3, r5\n\t"
    11938. 

  11938.         "sbc	r4, r6\n\t"
    11939. 

  11939.         "str	r3, [%[a], #80]\n\t"
    11940. 

  11940.         "str	r4, [%[a], #84]\n\t"
    11941. 

  11941.         "ldr	r3, [%[a], #88]\n\t"
    11942. 

  11942.         "ldr	r4, [%[a], #92]\n\t"
    11943. 

  11943.         "ldr	r5, [%[b], #88]\n\t"
    11944. 

  11944.         "ldr	r6, [%[b], #92]\n\t"
    11945. 

  11945.         "sbc	r3, r5\n\t"
    11946. 

  11946.         "sbc	r4, r6\n\t"
    11947. 

  11947.         "str	r3, [%[a], #88]\n\t"
    11948. 

  11948.         "str	r4, [%[a], #92]\n\t"
    11949. 

  11949.         "ldr	r3, [%[a], #96]\n\t"
    11950. 

  11950.         "ldr	r4, [%[a], #100]\n\t"
    11951. 

  11951.         "ldr	r5, [%[b], #96]\n\t"
    11952. 

  11952.         "ldr	r6, [%[b], #100]\n\t"
    11953. 

  11953.         "sbc	r3, r5\n\t"
    11954. 

  11954.         "sbc	r4, r6\n\t"
    11955. 

  11955.         "str	r3, [%[a], #96]\n\t"
    11956. 

  11956.         "str	r4, [%[a], #100]\n\t"
    11957. 

  11957.         "ldr	r3, [%[a], #104]\n\t"
    11958. 

  11958.         "ldr	r4, [%[a], #108]\n\t"
    11959. 

  11959.         "ldr	r5, [%[b], #104]\n\t"
    11960. 

  11960.         "ldr	r6, [%[b], #108]\n\t"
    11961. 

  11961.         "sbc	r3, r5\n\t"
    11962. 

  11962.         "sbc	r4, r6\n\t"
    11963. 

  11963.         "str	r3, [%[a], #104]\n\t"
    11964. 

  11964.         "str	r4, [%[a], #108]\n\t"
    11965. 

  11965.         "ldr	r3, [%[a], #112]\n\t"
    11966. 

  11966.         "ldr	r4, [%[a], #116]\n\t"
    11967. 

  11967.         "ldr	r5, [%[b], #112]\n\t"
    11968. 

  11968.         "ldr	r6, [%[b], #116]\n\t"
    11969. 

  11969.         "sbc	r3, r5\n\t"
    11970. 

  11970.         "sbc	r4, r6\n\t"
    11971. 

  11971.         "str	r3, [%[a], #112]\n\t"
    11972. 

  11972.         "str	r4, [%[a], #116]\n\t"
    11973. 

  11973.         "ldr	r3, [%[a], #120]\n\t"
    11974. 

  11974.         "ldr	r4, [%[a], #124]\n\t"
    11975. 

  11975.         "ldr	r5, [%[b], #120]\n\t"
    11976. 

  11976.         "ldr	r6, [%[b], #124]\n\t"
    11977. 

  11977.         "sbc	r3, r5\n\t"
    11978. 

  11978.         "sbc	r4, r6\n\t"
    11979. 

  11979.         "str	r3, [%[a], #120]\n\t"
    11980. 

  11980.         "str	r4, [%[a], #124]\n\t"
    11981. 

  11981.         "sbc	%[c], %[c]\n\t"
    11982. 

  11982.         "add	%[a], #0x80\n\t"
    11983. 

  11983.         "add	%[b], #0x80\n\t"
    11984. 

  11984.         "mov	r5, #0\n\t"
    11985. 

  11985.         "sub	r5, %[c]\n\t"
    11986. 

  11986.         "ldr	r3, [%[a], #0]\n\t"
    11987. 

  11987.         "ldr	r4, [%[a], #4]\n\t"
    11988. 

  11988.         "ldr	r5, [%[b], #0]\n\t"
    11989. 

  11989.         "ldr	r6, [%[b], #4]\n\t"
    11990. 

  11990.         "sbc	r3, r5\n\t"
    11991. 

  11991.         "sbc	r4, r6\n\t"
    11992. 

  11992.         "str	r3, [%[a], #0]\n\t"
    11993. 

  11993.         "str	r4, [%[a], #4]\n\t"
    11994. 

  11994.         "ldr	r3, [%[a], #8]\n\t"
    11995. 

  11995.         "ldr	r4, [%[a], #12]\n\t"
    11996. 

  11996.         "ldr	r5, [%[b], #8]\n\t"
    11997. 

  11997.         "ldr	r6, [%[b], #12]\n\t"
    11998. 

  11998.         "sbc	r3, r5\n\t"
    11999. 

  11999.         "sbc	r4, r6\n\t"
    12000. 

  12000.         "str	r3, [%[a], #8]\n\t"
    12001. 

  12001.         "str	r4, [%[a], #12]\n\t"
    12002. 

  12002.         "ldr	r3, [%[a], #16]\n\t"
    12003. 

  12003.         "ldr	r4, [%[a], #20]\n\t"
    12004. 

  12004.         "ldr	r5, [%[b], #16]\n\t"
    12005. 

  12005.         "ldr	r6, [%[b], #20]\n\t"
    12006. 

  12006.         "sbc	r3, r5\n\t"
    12007. 

  12007.         "sbc	r4, r6\n\t"
    12008. 

  12008.         "str	r3, [%[a], #16]\n\t"
    12009. 

  12009.         "str	r4, [%[a], #20]\n\t"
    12010. 

  12010.         "ldr	r3, [%[a], #24]\n\t"
    12011. 

  12011.         "ldr	r4, [%[a], #28]\n\t"
    12012. 

  12012.         "ldr	r5, [%[b], #24]\n\t"
    12013. 

  12013.         "ldr	r6, [%[b], #28]\n\t"
    12014. 

  12014.         "sbc	r3, r5\n\t"
    12015. 

  12015.         "sbc	r4, r6\n\t"
    12016. 

  12016.         "str	r3, [%[a], #24]\n\t"
    12017. 

  12017.         "str	r4, [%[a], #28]\n\t"
    12018. 

  12018.         "ldr	r3, [%[a], #32]\n\t"
    12019. 

  12019.         "ldr	r4, [%[a], #36]\n\t"
    12020. 

  12020.         "ldr	r5, [%[b], #32]\n\t"
    12021. 

  12021.         "ldr	r6, [%[b], #36]\n\t"
    12022. 

  12022.         "sbc	r3, r5\n\t"
    12023. 

  12023.         "sbc	r4, r6\n\t"
    12024. 

  12024.         "str	r3, [%[a], #32]\n\t"
    12025. 

  12025.         "str	r4, [%[a], #36]\n\t"
    12026. 

  12026.         "ldr	r3, [%[a], #40]\n\t"
    12027. 

  12027.         "ldr	r4, [%[a], #44]\n\t"
    12028. 

  12028.         "ldr	r5, [%[b], #40]\n\t"
    12029. 

  12029.         "ldr	r6, [%[b], #44]\n\t"
    12030. 

  12030.         "sbc	r3, r5\n\t"
    12031. 

  12031.         "sbc	r4, r6\n\t"
    12032. 

  12032.         "str	r3, [%[a], #40]\n\t"
    12033. 

  12033.         "str	r4, [%[a], #44]\n\t"
    12034. 

  12034.         "ldr	r3, [%[a], #48]\n\t"
    12035. 

  12035.         "ldr	r4, [%[a], #52]\n\t"
    12036. 

  12036.         "ldr	r5, [%[b], #48]\n\t"
    12037. 

  12037.         "ldr	r6, [%[b], #52]\n\t"
    12038. 

  12038.         "sbc	r3, r5\n\t"
    12039. 

  12039.         "sbc	r4, r6\n\t"
    12040. 

  12040.         "str	r3, [%[a], #48]\n\t"
    12041. 

  12041.         "str	r4, [%[a], #52]\n\t"
    12042. 

  12042.         "ldr	r3, [%[a], #56]\n\t"
    12043. 

  12043.         "ldr	r4, [%[a], #60]\n\t"
    12044. 

  12044.         "ldr	r5, [%[b], #56]\n\t"
    12045. 

  12045.         "ldr	r6, [%[b], #60]\n\t"
    12046. 

  12046.         "sbc	r3, r5\n\t"
    12047. 

  12047.         "sbc	r4, r6\n\t"
    12048. 

  12048.         "str	r3, [%[a], #56]\n\t"
    12049. 

  12049.         "str	r4, [%[a], #60]\n\t"
    12050. 

  12050.         "ldr	r3, [%[a], #64]\n\t"
    12051. 

  12051.         "ldr	r4, [%[a], #68]\n\t"
    12052. 

  12052.         "ldr	r5, [%[b], #64]\n\t"
    12053. 

  12053.         "ldr	r6, [%[b], #68]\n\t"
    12054. 

  12054.         "sbc	r3, r5\n\t"
    12055. 

  12055.         "sbc	r4, r6\n\t"
    12056. 

  12056.         "str	r3, [%[a], #64]\n\t"
    12057. 

  12057.         "str	r4, [%[a], #68]\n\t"
    12058. 

  12058.         "ldr	r3, [%[a], #72]\n\t"
    12059. 

  12059.         "ldr	r4, [%[a], #76]\n\t"
    12060. 

  12060.         "ldr	r5, [%[b], #72]\n\t"
    12061. 

  12061.         "ldr	r6, [%[b], #76]\n\t"
    12062. 

  12062.         "sbc	r3, r5\n\t"
    12063. 

  12063.         "sbc	r4, r6\n\t"
    12064. 

  12064.         "str	r3, [%[a], #72]\n\t"
    12065. 

  12065.         "str	r4, [%[a], #76]\n\t"
    12066. 

  12066.         "ldr	r3, [%[a], #80]\n\t"
    12067. 

  12067.         "ldr	r4, [%[a], #84]\n\t"
    12068. 

  12068.         "ldr	r5, [%[b], #80]\n\t"
    12069. 

  12069.         "ldr	r6, [%[b], #84]\n\t"
    12070. 

  12070.         "sbc	r3, r5\n\t"
    12071. 

  12071.         "sbc	r4, r6\n\t"
    12072. 

  12072.         "str	r3, [%[a], #80]\n\t"
    12073. 

  12073.         "str	r4, [%[a], #84]\n\t"
    12074. 

  12074.         "ldr	r3, [%[a], #88]\n\t"
    12075. 

  12075.         "ldr	r4, [%[a], #92]\n\t"
    12076. 

  12076.         "ldr	r5, [%[b], #88]\n\t"
    12077. 

  12077.         "ldr	r6, [%[b], #92]\n\t"
    12078. 

  12078.         "sbc	r3, r5\n\t"
    12079. 

  12079.         "sbc	r4, r6\n\t"
    12080. 

  12080.         "str	r3, [%[a], #88]\n\t"
    12081. 

  12081.         "str	r4, [%[a], #92]\n\t"
    12082. 

  12082.         "ldr	r3, [%[a], #96]\n\t"
    12083. 

  12083.         "ldr	r4, [%[a], #100]\n\t"
    12084. 

  12084.         "ldr	r5, [%[b], #96]\n\t"
    12085. 

  12085.         "ldr	r6, [%[b], #100]\n\t"
    12086. 

  12086.         "sbc	r3, r5\n\t"
    12087. 

  12087.         "sbc	r4, r6\n\t"
    12088. 

  12088.         "str	r3, [%[a], #96]\n\t"
    12089. 

  12089.         "str	r4, [%[a], #100]\n\t"
    12090. 

  12090.         "ldr	r3, [%[a], #104]\n\t"
    12091. 

  12091.         "ldr	r4, [%[a], #108]\n\t"
    12092. 

  12092.         "ldr	r5, [%[b], #104]\n\t"
    12093. 

  12093.         "ldr	r6, [%[b], #108]\n\t"
    12094. 

  12094.         "sbc	r3, r5\n\t"
    12095. 

  12095.         "sbc	r4, r6\n\t"
    12096. 

  12096.         "str	r3, [%[a], #104]\n\t"
    12097. 

  12097.         "str	r4, [%[a], #108]\n\t"
    12098. 

  12098.         "ldr	r3, [%[a], #112]\n\t"
    12099. 

  12099.         "ldr	r4, [%[a], #116]\n\t"
    12100. 

  12100.         "ldr	r5, [%[b], #112]\n\t"
    12101. 

  12101.         "ldr	r6, [%[b], #116]\n\t"
    12102. 

  12102.         "sbc	r3, r5\n\t"
    12103. 

  12103.         "sbc	r4, r6\n\t"
    12104. 

  12104.         "str	r3, [%[a], #112]\n\t"
    12105. 

  12105.         "str	r4, [%[a], #116]\n\t"
    12106. 

  12106.         "ldr	r3, [%[a], #120]\n\t"
    12107. 

  12107.         "ldr	r4, [%[a], #124]\n\t"
    12108. 

  12108.         "ldr	r5, [%[b], #120]\n\t"
    12109. 

  12109.         "ldr	r6, [%[b], #124]\n\t"
    12110. 

  12110.         "sbc	r3, r5\n\t"
    12111. 

  12111.         "sbc	r4, r6\n\t"
    12112. 

  12112.         "str	r3, [%[a], #120]\n\t"
    12113. 

  12113.         "str	r4, [%[a], #124]\n\t"
    12114. 

  12114.         "sbc	%[c], %[c]\n\t"
    12115. 

  12115.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    12116. 

  12116.         :
    12117. 

  12117.         : "memory", "r3", "r4", "r5", "r6"
    12118. 

  12118.     );
    12119. 

  12119. 

  12120.     return c;
    12121. 

  12121. }
    12122. 

  12122. 

  12123. /* Add b to a into r. (r = a + b)
    12124. 

  12124.  *
    12125. 

  12125.  * r  A single precision integer.
    12126. 

  12126.  * a  A single precision integer.
    12127. 

  12127.  * b  A single precision integer.
    12128. 

  12128.  */
    12129. 

  12129. SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
    12130. 

  12130.         const sp_digit* b)
    12131. 

  12131. {
    12132. 

  12132.     sp_digit c = 0;
    12133. 

  12133. 

  12134.     __asm__ __volatile__ (
    12135. 

  12135.         "mov	r7, #0\n\t"
    12136. 

  12136.         "mvn	r7, r7\n\t"
    12137. 

  12137.         "ldr	r4, [%[a], #0]\n\t"
    12138. 

  12138.         "ldr	r5, [%[b], #0]\n\t"
    12139. 

  12139.         "add	r4, r5\n\t"
    12140. 

  12140.         "str	r4, [%[r], #0]\n\t"
    12141. 

  12141.         "ldr	r4, [%[a], #4]\n\t"
    12142. 

  12142.         "ldr	r5, [%[b], #4]\n\t"
    12143. 

  12143.         "adc	r4, r5\n\t"
    12144. 

  12144.         "str	r4, [%[r], #4]\n\t"
    12145. 

  12145.         "ldr	r4, [%[a], #8]\n\t"
    12146. 

  12146.         "ldr	r5, [%[b], #8]\n\t"
    12147. 

  12147.         "adc	r4, r5\n\t"
    12148. 

  12148.         "str	r4, [%[r], #8]\n\t"
    12149. 

  12149.         "ldr	r4, [%[a], #12]\n\t"
    12150. 

  12150.         "ldr	r5, [%[b], #12]\n\t"
    12151. 

  12151.         "adc	r4, r5\n\t"
    12152. 

  12152.         "str	r4, [%[r], #12]\n\t"
    12153. 

  12153.         "ldr	r4, [%[a], #16]\n\t"
    12154. 

  12154.         "ldr	r5, [%[b], #16]\n\t"
    12155. 

  12155.         "adc	r4, r5\n\t"
    12156. 

  12156.         "str	r4, [%[r], #16]\n\t"
    12157. 

  12157.         "ldr	r4, [%[a], #20]\n\t"
    12158. 

  12158.         "ldr	r5, [%[b], #20]\n\t"
    12159. 

  12159.         "adc	r4, r5\n\t"
    12160. 

  12160.         "str	r4, [%[r], #20]\n\t"
    12161. 

  12161.         "ldr	r4, [%[a], #24]\n\t"
    12162. 

  12162.         "ldr	r5, [%[b], #24]\n\t"
    12163. 

  12163.         "adc	r4, r5\n\t"
    12164. 

  12164.         "str	r4, [%[r], #24]\n\t"
    12165. 

  12165.         "ldr	r4, [%[a], #28]\n\t"
    12166. 

  12166.         "ldr	r5, [%[b], #28]\n\t"
    12167. 

  12167.         "adc	r4, r5\n\t"
    12168. 

  12168.         "str	r4, [%[r], #28]\n\t"
    12169. 

  12169.         "ldr	r4, [%[a], #32]\n\t"
    12170. 

  12170.         "ldr	r5, [%[b], #32]\n\t"
    12171. 

  12171.         "adc	r4, r5\n\t"
    12172. 

  12172.         "str	r4, [%[r], #32]\n\t"
    12173. 

  12173.         "ldr	r4, [%[a], #36]\n\t"
    12174. 

  12174.         "ldr	r5, [%[b], #36]\n\t"
    12175. 

  12175.         "adc	r4, r5\n\t"
    12176. 

  12176.         "str	r4, [%[r], #36]\n\t"
    12177. 

  12177.         "ldr	r4, [%[a], #40]\n\t"
    12178. 

  12178.         "ldr	r5, [%[b], #40]\n\t"
    12179. 

  12179.         "adc	r4, r5\n\t"
    12180. 

  12180.         "str	r4, [%[r], #40]\n\t"
    12181. 

  12181.         "ldr	r4, [%[a], #44]\n\t"
    12182. 

  12182.         "ldr	r5, [%[b], #44]\n\t"
    12183. 

  12183.         "adc	r4, r5\n\t"
    12184. 

  12184.         "str	r4, [%[r], #44]\n\t"
    12185. 

  12185.         "ldr	r4, [%[a], #48]\n\t"
    12186. 

  12186.         "ldr	r5, [%[b], #48]\n\t"
    12187. 

  12187.         "adc	r4, r5\n\t"
    12188. 

  12188.         "str	r4, [%[r], #48]\n\t"
    12189. 

  12189.         "ldr	r4, [%[a], #52]\n\t"
    12190. 

  12190.         "ldr	r5, [%[b], #52]\n\t"
    12191. 

  12191.         "adc	r4, r5\n\t"
    12192. 

  12192.         "str	r4, [%[r], #52]\n\t"
    12193. 

  12193.         "ldr	r4, [%[a], #56]\n\t"
    12194. 

  12194.         "ldr	r5, [%[b], #56]\n\t"
    12195. 

  12195.         "adc	r4, r5\n\t"
    12196. 

  12196.         "str	r4, [%[r], #56]\n\t"
    12197. 

  12197.         "ldr	r4, [%[a], #60]\n\t"
    12198. 

  12198.         "ldr	r5, [%[b], #60]\n\t"
    12199. 

  12199.         "adc	r4, r5\n\t"
    12200. 

  12200.         "str	r4, [%[r], #60]\n\t"
    12201. 

  12201.         "ldr	r4, [%[a], #64]\n\t"
    12202. 

  12202.         "ldr	r5, [%[b], #64]\n\t"
    12203. 

  12203.         "adc	r4, r5\n\t"
    12204. 

  12204.         "str	r4, [%[r], #64]\n\t"
    12205. 

  12205.         "ldr	r4, [%[a], #68]\n\t"
    12206. 

  12206.         "ldr	r5, [%[b], #68]\n\t"
    12207. 

  12207.         "adc	r4, r5\n\t"
    12208. 

  12208.         "str	r4, [%[r], #68]\n\t"
    12209. 

  12209.         "ldr	r4, [%[a], #72]\n\t"
    12210. 

  12210.         "ldr	r5, [%[b], #72]\n\t"
    12211. 

  12211.         "adc	r4, r5\n\t"
    12212. 

  12212.         "str	r4, [%[r], #72]\n\t"
    12213. 

  12213.         "ldr	r4, [%[a], #76]\n\t"
    12214. 

  12214.         "ldr	r5, [%[b], #76]\n\t"
    12215. 

  12215.         "adc	r4, r5\n\t"
    12216. 

  12216.         "str	r4, [%[r], #76]\n\t"
    12217. 

  12217.         "ldr	r4, [%[a], #80]\n\t"
    12218. 

  12218.         "ldr	r5, [%[b], #80]\n\t"
    12219. 

  12219.         "adc	r4, r5\n\t"
    12220. 

  12220.         "str	r4, [%[r], #80]\n\t"
    12221. 

  12221.         "ldr	r4, [%[a], #84]\n\t"
    12222. 

  12222.         "ldr	r5, [%[b], #84]\n\t"
    12223. 

  12223.         "adc	r4, r5\n\t"
    12224. 

  12224.         "str	r4, [%[r], #84]\n\t"
    12225. 

  12225.         "ldr	r4, [%[a], #88]\n\t"
    12226. 

  12226.         "ldr	r5, [%[b], #88]\n\t"
    12227. 

  12227.         "adc	r4, r5\n\t"
    12228. 

  12228.         "str	r4, [%[r], #88]\n\t"
    12229. 

  12229.         "ldr	r4, [%[a], #92]\n\t"
    12230. 

  12230.         "ldr	r5, [%[b], #92]\n\t"
    12231. 

  12231.         "adc	r4, r5\n\t"
    12232. 

  12232.         "str	r4, [%[r], #92]\n\t"
    12233. 

  12233.         "ldr	r4, [%[a], #96]\n\t"
    12234. 

  12234.         "ldr	r5, [%[b], #96]\n\t"
    12235. 

  12235.         "adc	r4, r5\n\t"
    12236. 

  12236.         "str	r4, [%[r], #96]\n\t"
    12237. 

  12237.         "ldr	r4, [%[a], #100]\n\t"
    12238. 

  12238.         "ldr	r5, [%[b], #100]\n\t"
    12239. 

  12239.         "adc	r4, r5\n\t"
    12240. 

  12240.         "str	r4, [%[r], #100]\n\t"
    12241. 

  12241.         "ldr	r4, [%[a], #104]\n\t"
    12242. 

  12242.         "ldr	r5, [%[b], #104]\n\t"
    12243. 

  12243.         "adc	r4, r5\n\t"
    12244. 

  12244.         "str	r4, [%[r], #104]\n\t"
    12245. 

  12245.         "ldr	r4, [%[a], #108]\n\t"
    12246. 

  12246.         "ldr	r5, [%[b], #108]\n\t"
    12247. 

  12247.         "adc	r4, r5\n\t"
    12248. 

  12248.         "str	r4, [%[r], #108]\n\t"
    12249. 

  12249.         "ldr	r4, [%[a], #112]\n\t"
    12250. 

  12250.         "ldr	r5, [%[b], #112]\n\t"
    12251. 

  12251.         "adc	r4, r5\n\t"
    12252. 

  12252.         "str	r4, [%[r], #112]\n\t"
    12253. 

  12253.         "ldr	r4, [%[a], #116]\n\t"
    12254. 

  12254.         "ldr	r5, [%[b], #116]\n\t"
    12255. 

  12255.         "adc	r4, r5\n\t"
    12256. 

  12256.         "str	r4, [%[r], #116]\n\t"
    12257. 

  12257.         "ldr	r4, [%[a], #120]\n\t"
    12258. 

  12258.         "ldr	r5, [%[b], #120]\n\t"
    12259. 

  12259.         "adc	r4, r5\n\t"
    12260. 

  12260.         "str	r4, [%[r], #120]\n\t"
    12261. 

  12261.         "ldr	r4, [%[a], #124]\n\t"
    12262. 

  12262.         "ldr	r5, [%[b], #124]\n\t"
    12263. 

  12263.         "adc	r4, r5\n\t"
    12264. 

  12264.         "str	r4, [%[r], #124]\n\t"
    12265. 

  12265.         "mov	%[c], #0\n\t"
    12266. 

  12266.         "adc	%[c], %[c]\n\t"
    12267. 

  12267.         "add	%[a], #0x80\n\t"
    12268. 

  12268.         "add	%[b], #0x80\n\t"
    12269. 

  12269.         "add	%[r], #0x80\n\t"
    12270. 

  12270.         "add	%[c], r7\n\t"
    12271. 

  12271.         "ldr	r4, [%[a], #0]\n\t"
    12272. 

  12272.         "ldr	r5, [%[b], #0]\n\t"
    12273. 

  12273.         "adc	r4, r5\n\t"
    12274. 

  12274.         "str	r4, [%[r], #0]\n\t"
    12275. 

  12275.         "ldr	r4, [%[a], #4]\n\t"
    12276. 

  12276.         "ldr	r5, [%[b], #4]\n\t"
    12277. 

  12277.         "adc	r4, r5\n\t"
    12278. 

  12278.         "str	r4, [%[r], #4]\n\t"
    12279. 

  12279.         "ldr	r4, [%[a], #8]\n\t"
    12280. 

  12280.         "ldr	r5, [%[b], #8]\n\t"
    12281. 

  12281.         "adc	r4, r5\n\t"
    12282. 

  12282.         "str	r4, [%[r], #8]\n\t"
    12283. 

  12283.         "ldr	r4, [%[a], #12]\n\t"
    12284. 

  12284.         "ldr	r5, [%[b], #12]\n\t"
    12285. 

  12285.         "adc	r4, r5\n\t"
    12286. 

  12286.         "str	r4, [%[r], #12]\n\t"
    12287. 

  12287.         "ldr	r4, [%[a], #16]\n\t"
    12288. 

  12288.         "ldr	r5, [%[b], #16]\n\t"
    12289. 

  12289.         "adc	r4, r5\n\t"
    12290. 

  12290.         "str	r4, [%[r], #16]\n\t"
    12291. 

  12291.         "ldr	r4, [%[a], #20]\n\t"
    12292. 

  12292.         "ldr	r5, [%[b], #20]\n\t"
    12293. 

  12293.         "adc	r4, r5\n\t"
    12294. 

  12294.         "str	r4, [%[r], #20]\n\t"
    12295. 

  12295.         "ldr	r4, [%[a], #24]\n\t"
    12296. 

  12296.         "ldr	r5, [%[b], #24]\n\t"
    12297. 

  12297.         "adc	r4, r5\n\t"
    12298. 

  12298.         "str	r4, [%[r], #24]\n\t"
    12299. 

  12299.         "ldr	r4, [%[a], #28]\n\t"
    12300. 

  12300.         "ldr	r5, [%[b], #28]\n\t"
    12301. 

  12301.         "adc	r4, r5\n\t"
    12302. 

  12302.         "str	r4, [%[r], #28]\n\t"
    12303. 

  12303.         "ldr	r4, [%[a], #32]\n\t"
    12304. 

  12304.         "ldr	r5, [%[b], #32]\n\t"
    12305. 

  12305.         "adc	r4, r5\n\t"
    12306. 

  12306.         "str	r4, [%[r], #32]\n\t"
    12307. 

  12307.         "ldr	r4, [%[a], #36]\n\t"
    12308. 

  12308.         "ldr	r5, [%[b], #36]\n\t"
    12309. 

  12309.         "adc	r4, r5\n\t"
    12310. 

  12310.         "str	r4, [%[r], #36]\n\t"
    12311. 

  12311.         "ldr	r4, [%[a], #40]\n\t"
    12312. 

  12312.         "ldr	r5, [%[b], #40]\n\t"
    12313. 

  12313.         "adc	r4, r5\n\t"
    12314. 

  12314.         "str	r4, [%[r], #40]\n\t"
    12315. 

  12315.         "ldr	r4, [%[a], #44]\n\t"
    12316. 

  12316.         "ldr	r5, [%[b], #44]\n\t"
    12317. 

  12317.         "adc	r4, r5\n\t"
    12318. 

  12318.         "str	r4, [%[r], #44]\n\t"
    12319. 

  12319.         "ldr	r4, [%[a], #48]\n\t"
    12320. 

  12320.         "ldr	r5, [%[b], #48]\n\t"
    12321. 

  12321.         "adc	r4, r5\n\t"
    12322. 

  12322.         "str	r4, [%[r], #48]\n\t"
    12323. 

  12323.         "ldr	r4, [%[a], #52]\n\t"
    12324. 

  12324.         "ldr	r5, [%[b], #52]\n\t"
    12325. 

  12325.         "adc	r4, r5\n\t"
    12326. 

  12326.         "str	r4, [%[r], #52]\n\t"
    12327. 

  12327.         "ldr	r4, [%[a], #56]\n\t"
    12328. 

  12328.         "ldr	r5, [%[b], #56]\n\t"
    12329. 

  12329.         "adc	r4, r5\n\t"
    12330. 

  12330.         "str	r4, [%[r], #56]\n\t"
    12331. 

  12331.         "ldr	r4, [%[a], #60]\n\t"
    12332. 

  12332.         "ldr	r5, [%[b], #60]\n\t"
    12333. 

  12333.         "adc	r4, r5\n\t"
    12334. 

  12334.         "str	r4, [%[r], #60]\n\t"
    12335. 

  12335.         "ldr	r4, [%[a], #64]\n\t"
    12336. 

  12336.         "ldr	r5, [%[b], #64]\n\t"
    12337. 

  12337.         "adc	r4, r5\n\t"
    12338. 

  12338.         "str	r4, [%[r], #64]\n\t"
    12339. 

  12339.         "ldr	r4, [%[a], #68]\n\t"
    12340. 

  12340.         "ldr	r5, [%[b], #68]\n\t"
    12341. 

  12341.         "adc	r4, r5\n\t"
    12342. 

  12342.         "str	r4, [%[r], #68]\n\t"
    12343. 

  12343.         "ldr	r4, [%[a], #72]\n\t"
    12344. 

  12344.         "ldr	r5, [%[b], #72]\n\t"
    12345. 

  12345.         "adc	r4, r5\n\t"
    12346. 

  12346.         "str	r4, [%[r], #72]\n\t"
    12347. 

  12347.         "ldr	r4, [%[a], #76]\n\t"
    12348. 

  12348.         "ldr	r5, [%[b], #76]\n\t"
    12349. 

  12349.         "adc	r4, r5\n\t"
    12350. 

  12350.         "str	r4, [%[r], #76]\n\t"
    12351. 

  12351.         "ldr	r4, [%[a], #80]\n\t"
    12352. 

  12352.         "ldr	r5, [%[b], #80]\n\t"
    12353. 

  12353.         "adc	r4, r5\n\t"
    12354. 

  12354.         "str	r4, [%[r], #80]\n\t"
    12355. 

  12355.         "ldr	r4, [%[a], #84]\n\t"
    12356. 

  12356.         "ldr	r5, [%[b], #84]\n\t"
    12357. 

  12357.         "adc	r4, r5\n\t"
    12358. 

  12358.         "str	r4, [%[r], #84]\n\t"
    12359. 

  12359.         "ldr	r4, [%[a], #88]\n\t"
    12360. 

  12360.         "ldr	r5, [%[b], #88]\n\t"
    12361. 

  12361.         "adc	r4, r5\n\t"
    12362. 

  12362.         "str	r4, [%[r], #88]\n\t"
    12363. 

  12363.         "ldr	r4, [%[a], #92]\n\t"
    12364. 

  12364.         "ldr	r5, [%[b], #92]\n\t"
    12365. 

  12365.         "adc	r4, r5\n\t"
    12366. 

  12366.         "str	r4, [%[r], #92]\n\t"
    12367. 

  12367.         "ldr	r4, [%[a], #96]\n\t"
    12368. 

  12368.         "ldr	r5, [%[b], #96]\n\t"
    12369. 

  12369.         "adc	r4, r5\n\t"
    12370. 

  12370.         "str	r4, [%[r], #96]\n\t"
    12371. 

  12371.         "ldr	r4, [%[a], #100]\n\t"
    12372. 

  12372.         "ldr	r5, [%[b], #100]\n\t"
    12373. 

  12373.         "adc	r4, r5\n\t"
    12374. 

  12374.         "str	r4, [%[r], #100]\n\t"
    12375. 

  12375.         "ldr	r4, [%[a], #104]\n\t"
    12376. 

  12376.         "ldr	r5, [%[b], #104]\n\t"
    12377. 

  12377.         "adc	r4, r5\n\t"
    12378. 

  12378.         "str	r4, [%[r], #104]\n\t"
    12379. 

  12379.         "ldr	r4, [%[a], #108]\n\t"
    12380. 

  12380.         "ldr	r5, [%[b], #108]\n\t"
    12381. 

  12381.         "adc	r4, r5\n\t"
    12382. 

  12382.         "str	r4, [%[r], #108]\n\t"
    12383. 

  12383.         "ldr	r4, [%[a], #112]\n\t"
    12384. 

  12384.         "ldr	r5, [%[b], #112]\n\t"
    12385. 

  12385.         "adc	r4, r5\n\t"
    12386. 

  12386.         "str	r4, [%[r], #112]\n\t"
    12387. 

  12387.         "ldr	r4, [%[a], #116]\n\t"
    12388. 

  12388.         "ldr	r5, [%[b], #116]\n\t"
    12389. 

  12389.         "adc	r4, r5\n\t"
    12390. 

  12390.         "str	r4, [%[r], #116]\n\t"
    12391. 

  12391.         "ldr	r4, [%[a], #120]\n\t"
    12392. 

  12392.         "ldr	r5, [%[b], #120]\n\t"
    12393. 

  12393.         "adc	r4, r5\n\t"
    12394. 

  12394.         "str	r4, [%[r], #120]\n\t"
    12395. 

  12395.         "ldr	r4, [%[a], #124]\n\t"
    12396. 

  12396.         "ldr	r5, [%[b], #124]\n\t"
    12397. 

  12397.         "adc	r4, r5\n\t"
    12398. 

  12398.         "str	r4, [%[r], #124]\n\t"
    12399. 

  12399.         "mov	%[c], #0\n\t"
    12400. 

  12400.         "adc	%[c], %[c]\n\t"
    12401. 

  12401.         "add	%[a], #0x80\n\t"
    12402. 

  12402.         "add	%[b], #0x80\n\t"
    12403. 

  12403.         "add	%[r], #0x80\n\t"
    12404. 

  12404.         "add	%[c], r7\n\t"
    12405. 

  12405.         "ldr	r4, [%[a], #0]\n\t"
    12406. 

  12406.         "ldr	r5, [%[b], #0]\n\t"
    12407. 

  12407.         "adc	r4, r5\n\t"
    12408. 

  12408.         "str	r4, [%[r], #0]\n\t"
    12409. 

  12409.         "ldr	r4, [%[a], #4]\n\t"
    12410. 

  12410.         "ldr	r5, [%[b], #4]\n\t"
    12411. 

  12411.         "adc	r4, r5\n\t"
    12412. 

  12412.         "str	r4, [%[r], #4]\n\t"
    12413. 

  12413.         "ldr	r4, [%[a], #8]\n\t"
    12414. 

  12414.         "ldr	r5, [%[b], #8]\n\t"
    12415. 

  12415.         "adc	r4, r5\n\t"
    12416. 

  12416.         "str	r4, [%[r], #8]\n\t"
    12417. 

  12417.         "ldr	r4, [%[a], #12]\n\t"
    12418. 

  12418.         "ldr	r5, [%[b], #12]\n\t"
    12419. 

  12419.         "adc	r4, r5\n\t"
    12420. 

  12420.         "str	r4, [%[r], #12]\n\t"
    12421. 

  12421.         "ldr	r4, [%[a], #16]\n\t"
    12422. 

  12422.         "ldr	r5, [%[b], #16]\n\t"
    12423. 

  12423.         "adc	r4, r5\n\t"
    12424. 

  12424.         "str	r4, [%[r], #16]\n\t"
    12425. 

  12425.         "ldr	r4, [%[a], #20]\n\t"
    12426. 

  12426.         "ldr	r5, [%[b], #20]\n\t"
    12427. 

  12427.         "adc	r4, r5\n\t"
    12428. 

  12428.         "str	r4, [%[r], #20]\n\t"
    12429. 

  12429.         "ldr	r4, [%[a], #24]\n\t"
    12430. 

  12430.         "ldr	r5, [%[b], #24]\n\t"
    12431. 

  12431.         "adc	r4, r5\n\t"
    12432. 

  12432.         "str	r4, [%[r], #24]\n\t"
    12433. 

  12433.         "ldr	r4, [%[a], #28]\n\t"
    12434. 

  12434.         "ldr	r5, [%[b], #28]\n\t"
    12435. 

  12435.         "adc	r4, r5\n\t"
    12436. 

  12436.         "str	r4, [%[r], #28]\n\t"
    12437. 

  12437.         "ldr	r4, [%[a], #32]\n\t"
    12438. 

  12438.         "ldr	r5, [%[b], #32]\n\t"
    12439. 

  12439.         "adc	r4, r5\n\t"
    12440. 

  12440.         "str	r4, [%[r], #32]\n\t"
    12441. 

  12441.         "ldr	r4, [%[a], #36]\n\t"
    12442. 

  12442.         "ldr	r5, [%[b], #36]\n\t"
    12443. 

  12443.         "adc	r4, r5\n\t"
    12444. 

  12444.         "str	r4, [%[r], #36]\n\t"
    12445. 

  12445.         "ldr	r4, [%[a], #40]\n\t"
    12446. 

  12446.         "ldr	r5, [%[b], #40]\n\t"
    12447. 

  12447.         "adc	r4, r5\n\t"
    12448. 

  12448.         "str	r4, [%[r], #40]\n\t"
    12449. 

  12449.         "ldr	r4, [%[a], #44]\n\t"
    12450. 

  12450.         "ldr	r5, [%[b], #44]\n\t"
    12451. 

  12451.         "adc	r4, r5\n\t"
    12452. 

  12452.         "str	r4, [%[r], #44]\n\t"
    12453. 

  12453.         "ldr	r4, [%[a], #48]\n\t"
    12454. 

  12454.         "ldr	r5, [%[b], #48]\n\t"
    12455. 

  12455.         "adc	r4, r5\n\t"
    12456. 

  12456.         "str	r4, [%[r], #48]\n\t"
    12457. 

  12457.         "ldr	r4, [%[a], #52]\n\t"
    12458. 

  12458.         "ldr	r5, [%[b], #52]\n\t"
    12459. 

  12459.         "adc	r4, r5\n\t"
    12460. 

  12460.         "str	r4, [%[r], #52]\n\t"
    12461. 

  12461.         "ldr	r4, [%[a], #56]\n\t"
    12462. 

  12462.         "ldr	r5, [%[b], #56]\n\t"
    12463. 

  12463.         "adc	r4, r5\n\t"
    12464. 

  12464.         "str	r4, [%[r], #56]\n\t"
    12465. 

  12465.         "ldr	r4, [%[a], #60]\n\t"
    12466. 

  12466.         "ldr	r5, [%[b], #60]\n\t"
    12467. 

  12467.         "adc	r4, r5\n\t"
    12468. 

  12468.         "str	r4, [%[r], #60]\n\t"
    12469. 

  12469.         "ldr	r4, [%[a], #64]\n\t"
    12470. 

  12470.         "ldr	r5, [%[b], #64]\n\t"
    12471. 

  12471.         "adc	r4, r5\n\t"
    12472. 

  12472.         "str	r4, [%[r], #64]\n\t"
    12473. 

  12473.         "ldr	r4, [%[a], #68]\n\t"
    12474. 

  12474.         "ldr	r5, [%[b], #68]\n\t"
    12475. 

  12475.         "adc	r4, r5\n\t"
    12476. 

  12476.         "str	r4, [%[r], #68]\n\t"
    12477. 

  12477.         "ldr	r4, [%[a], #72]\n\t"
    12478. 

  12478.         "ldr	r5, [%[b], #72]\n\t"
    12479. 

  12479.         "adc	r4, r5\n\t"
    12480. 

  12480.         "str	r4, [%[r], #72]\n\t"
    12481. 

  12481.         "ldr	r4, [%[a], #76]\n\t"
    12482. 

  12482.         "ldr	r5, [%[b], #76]\n\t"
    12483. 

  12483.         "adc	r4, r5\n\t"
    12484. 

  12484.         "str	r4, [%[r], #76]\n\t"
    12485. 

  12485.         "ldr	r4, [%[a], #80]\n\t"
    12486. 

  12486.         "ldr	r5, [%[b], #80]\n\t"
    12487. 

  12487.         "adc	r4, r5\n\t"
    12488. 

  12488.         "str	r4, [%[r], #80]\n\t"
    12489. 

  12489.         "ldr	r4, [%[a], #84]\n\t"
    12490. 

  12490.         "ldr	r5, [%[b], #84]\n\t"
    12491. 

  12491.         "adc	r4, r5\n\t"
    12492. 

  12492.         "str	r4, [%[r], #84]\n\t"
    12493. 

  12493.         "ldr	r4, [%[a], #88]\n\t"
    12494. 

  12494.         "ldr	r5, [%[b], #88]\n\t"
    12495. 

  12495.         "adc	r4, r5\n\t"
    12496. 

  12496.         "str	r4, [%[r], #88]\n\t"
    12497. 

  12497.         "ldr	r4, [%[a], #92]\n\t"
    12498. 

  12498.         "ldr	r5, [%[b], #92]\n\t"
    12499. 

  12499.         "adc	r4, r5\n\t"
    12500. 

  12500.         "str	r4, [%[r], #92]\n\t"
    12501. 

  12501.         "ldr	r4, [%[a], #96]\n\t"
    12502. 

  12502.         "ldr	r5, [%[b], #96]\n\t"
    12503. 

  12503.         "adc	r4, r5\n\t"
    12504. 

  12504.         "str	r4, [%[r], #96]\n\t"
    12505. 

  12505.         "ldr	r4, [%[a], #100]\n\t"
    12506. 

  12506.         "ldr	r5, [%[b], #100]\n\t"
    12507. 

  12507.         "adc	r4, r5\n\t"
    12508. 

  12508.         "str	r4, [%[r], #100]\n\t"
    12509. 

  12509.         "ldr	r4, [%[a], #104]\n\t"
    12510. 

  12510.         "ldr	r5, [%[b], #104]\n\t"
    12511. 

  12511.         "adc	r4, r5\n\t"
    12512. 

  12512.         "str	r4, [%[r], #104]\n\t"
    12513. 

  12513.         "ldr	r4, [%[a], #108]\n\t"
    12514. 

  12514.         "ldr	r5, [%[b], #108]\n\t"
    12515. 

  12515.         "adc	r4, r5\n\t"
    12516. 

  12516.         "str	r4, [%[r], #108]\n\t"
    12517. 

  12517.         "ldr	r4, [%[a], #112]\n\t"
    12518. 

  12518.         "ldr	r5, [%[b], #112]\n\t"
    12519. 

  12519.         "adc	r4, r5\n\t"
    12520. 

  12520.         "str	r4, [%[r], #112]\n\t"
    12521. 

  12521.         "ldr	r4, [%[a], #116]\n\t"
    12522. 

  12522.         "ldr	r5, [%[b], #116]\n\t"
    12523. 

  12523.         "adc	r4, r5\n\t"
    12524. 

  12524.         "str	r4, [%[r], #116]\n\t"
    12525. 

  12525.         "ldr	r4, [%[a], #120]\n\t"
    12526. 

  12526.         "ldr	r5, [%[b], #120]\n\t"
    12527. 

  12527.         "adc	r4, r5\n\t"
    12528. 

  12528.         "str	r4, [%[r], #120]\n\t"
    12529. 

  12529.         "ldr	r4, [%[a], #124]\n\t"
    12530. 

  12530.         "ldr	r5, [%[b], #124]\n\t"
    12531. 

  12531.         "adc	r4, r5\n\t"
    12532. 

  12532.         "str	r4, [%[r], #124]\n\t"
    12533. 

  12533.         "mov	%[c], #0\n\t"
    12534. 

  12534.         "adc	%[c], %[c]\n\t"
    12535. 

  12535.         "add	%[a], #0x80\n\t"
    12536. 

  12536.         "add	%[b], #0x80\n\t"
    12537. 

  12537.         "add	%[r], #0x80\n\t"
    12538. 

  12538.         "add	%[c], r7\n\t"
    12539. 

  12539.         "ldr	r4, [%[a], #0]\n\t"
    12540. 

  12540.         "ldr	r5, [%[b], #0]\n\t"
    12541. 

  12541.         "adc	r4, r5\n\t"
    12542. 

  12542.         "str	r4, [%[r], #0]\n\t"
    12543. 

  12543.         "ldr	r4, [%[a], #4]\n\t"
    12544. 

  12544.         "ldr	r5, [%[b], #4]\n\t"
    12545. 

  12545.         "adc	r4, r5\n\t"
    12546. 

  12546.         "str	r4, [%[r], #4]\n\t"
    12547. 

  12547.         "ldr	r4, [%[a], #8]\n\t"
    12548. 

  12548.         "ldr	r5, [%[b], #8]\n\t"
    12549. 

  12549.         "adc	r4, r5\n\t"
    12550. 

  12550.         "str	r4, [%[r], #8]\n\t"
    12551. 

  12551.         "ldr	r4, [%[a], #12]\n\t"
    12552. 

  12552.         "ldr	r5, [%[b], #12]\n\t"
    12553. 

  12553.         "adc	r4, r5\n\t"
    12554. 

  12554.         "str	r4, [%[r], #12]\n\t"
    12555. 

  12555.         "ldr	r4, [%[a], #16]\n\t"
    12556. 

  12556.         "ldr	r5, [%[b], #16]\n\t"
    12557. 

  12557.         "adc	r4, r5\n\t"
    12558. 

  12558.         "str	r4, [%[r], #16]\n\t"
    12559. 

  12559.         "ldr	r4, [%[a], #20]\n\t"
    12560. 

  12560.         "ldr	r5, [%[b], #20]\n\t"
    12561. 

  12561.         "adc	r4, r5\n\t"
    12562. 

  12562.         "str	r4, [%[r], #20]\n\t"
    12563. 

  12563.         "ldr	r4, [%[a], #24]\n\t"
    12564. 

  12564.         "ldr	r5, [%[b], #24]\n\t"
    12565. 

  12565.         "adc	r4, r5\n\t"
    12566. 

  12566.         "str	r4, [%[r], #24]\n\t"
    12567. 

  12567.         "ldr	r4, [%[a], #28]\n\t"
    12568. 

  12568.         "ldr	r5, [%[b], #28]\n\t"
    12569. 

  12569.         "adc	r4, r5\n\t"
    12570. 

  12570.         "str	r4, [%[r], #28]\n\t"
    12571. 

  12571.         "ldr	r4, [%[a], #32]\n\t"
    12572. 

  12572.         "ldr	r5, [%[b], #32]\n\t"
    12573. 

  12573.         "adc	r4, r5\n\t"
    12574. 

  12574.         "str	r4, [%[r], #32]\n\t"
    12575. 

  12575.         "ldr	r4, [%[a], #36]\n\t"
    12576. 

  12576.         "ldr	r5, [%[b], #36]\n\t"
    12577. 

  12577.         "adc	r4, r5\n\t"
    12578. 

  12578.         "str	r4, [%[r], #36]\n\t"
    12579. 

  12579.         "ldr	r4, [%[a], #40]\n\t"
    12580. 

  12580.         "ldr	r5, [%[b], #40]\n\t"
    12581. 

  12581.         "adc	r4, r5\n\t"
    12582. 

  12582.         "str	r4, [%[r], #40]\n\t"
    12583. 

  12583.         "ldr	r4, [%[a], #44]\n\t"
    12584. 

  12584.         "ldr	r5, [%[b], #44]\n\t"
    12585. 

  12585.         "adc	r4, r5\n\t"
    12586. 

  12586.         "str	r4, [%[r], #44]\n\t"
    12587. 

  12587.         "ldr	r4, [%[a], #48]\n\t"
    12588. 

  12588.         "ldr	r5, [%[b], #48]\n\t"
    12589. 

  12589.         "adc	r4, r5\n\t"
    12590. 

  12590.         "str	r4, [%[r], #48]\n\t"
    12591. 

  12591.         "ldr	r4, [%[a], #52]\n\t"
    12592. 

  12592.         "ldr	r5, [%[b], #52]\n\t"
    12593. 

  12593.         "adc	r4, r5\n\t"
    12594. 

  12594.         "str	r4, [%[r], #52]\n\t"
    12595. 

  12595.         "ldr	r4, [%[a], #56]\n\t"
    12596. 

  12596.         "ldr	r5, [%[b], #56]\n\t"
    12597. 

  12597.         "adc	r4, r5\n\t"
    12598. 

  12598.         "str	r4, [%[r], #56]\n\t"
    12599. 

  12599.         "ldr	r4, [%[a], #60]\n\t"
    12600. 

  12600.         "ldr	r5, [%[b], #60]\n\t"
    12601. 

  12601.         "adc	r4, r5\n\t"
    12602. 

  12602.         "str	r4, [%[r], #60]\n\t"
    12603. 

  12603.         "ldr	r4, [%[a], #64]\n\t"
    12604. 

  12604.         "ldr	r5, [%[b], #64]\n\t"
    12605. 

  12605.         "adc	r4, r5\n\t"
    12606. 

  12606.         "str	r4, [%[r], #64]\n\t"
    12607. 

  12607.         "ldr	r4, [%[a], #68]\n\t"
    12608. 

  12608.         "ldr	r5, [%[b], #68]\n\t"
    12609. 

  12609.         "adc	r4, r5\n\t"
    12610. 

  12610.         "str	r4, [%[r], #68]\n\t"
    12611. 

  12611.         "ldr	r4, [%[a], #72]\n\t"
    12612. 

  12612.         "ldr	r5, [%[b], #72]\n\t"
    12613. 

  12613.         "adc	r4, r5\n\t"
    12614. 

  12614.         "str	r4, [%[r], #72]\n\t"
    12615. 

  12615.         "ldr	r4, [%[a], #76]\n\t"
    12616. 

  12616.         "ldr	r5, [%[b], #76]\n\t"
    12617. 

  12617.         "adc	r4, r5\n\t"
    12618. 

  12618.         "str	r4, [%[r], #76]\n\t"
    12619. 

  12619.         "ldr	r4, [%[a], #80]\n\t"
    12620. 

  12620.         "ldr	r5, [%[b], #80]\n\t"
    12621. 

  12621.         "adc	r4, r5\n\t"
    12622. 

  12622.         "str	r4, [%[r], #80]\n\t"
    12623. 

  12623.         "ldr	r4, [%[a], #84]\n\t"
    12624. 

  12624.         "ldr	r5, [%[b], #84]\n\t"
    12625. 

  12625.         "adc	r4, r5\n\t"
    12626. 

  12626.         "str	r4, [%[r], #84]\n\t"
    12627. 

  12627.         "ldr	r4, [%[a], #88]\n\t"
    12628. 

  12628.         "ldr	r5, [%[b], #88]\n\t"
    12629. 

  12629.         "adc	r4, r5\n\t"
    12630. 

  12630.         "str	r4, [%[r], #88]\n\t"
    12631. 

  12631.         "ldr	r4, [%[a], #92]\n\t"
    12632. 

  12632.         "ldr	r5, [%[b], #92]\n\t"
    12633. 

  12633.         "adc	r4, r5\n\t"
    12634. 

  12634.         "str	r4, [%[r], #92]\n\t"
    12635. 

  12635.         "ldr	r4, [%[a], #96]\n\t"
    12636. 

  12636.         "ldr	r5, [%[b], #96]\n\t"
    12637. 

  12637.         "adc	r4, r5\n\t"
    12638. 

  12638.         "str	r4, [%[r], #96]\n\t"
    12639. 

  12639.         "ldr	r4, [%[a], #100]\n\t"
    12640. 

  12640.         "ldr	r5, [%[b], #100]\n\t"
    12641. 

  12641.         "adc	r4, r5\n\t"
    12642. 

  12642.         "str	r4, [%[r], #100]\n\t"
    12643. 

  12643.         "ldr	r4, [%[a], #104]\n\t"
    12644. 

  12644.         "ldr	r5, [%[b], #104]\n\t"
    12645. 

  12645.         "adc	r4, r5\n\t"
    12646. 

  12646.         "str	r4, [%[r], #104]\n\t"
    12647. 

  12647.         "ldr	r4, [%[a], #108]\n\t"
    12648. 

  12648.         "ldr	r5, [%[b], #108]\n\t"
    12649. 

  12649.         "adc	r4, r5\n\t"
    12650. 

  12650.         "str	r4, [%[r], #108]\n\t"
    12651. 

  12651.         "ldr	r4, [%[a], #112]\n\t"
    12652. 

  12652.         "ldr	r5, [%[b], #112]\n\t"
    12653. 

  12653.         "adc	r4, r5\n\t"
    12654. 

  12654.         "str	r4, [%[r], #112]\n\t"
    12655. 

  12655.         "ldr	r4, [%[a], #116]\n\t"
    12656. 

  12656.         "ldr	r5, [%[b], #116]\n\t"
    12657. 

  12657.         "adc	r4, r5\n\t"
    12658. 

  12658.         "str	r4, [%[r], #116]\n\t"
    12659. 

  12659.         "ldr	r4, [%[a], #120]\n\t"
    12660. 

  12660.         "ldr	r5, [%[b], #120]\n\t"
    12661. 

  12661.         "adc	r4, r5\n\t"
    12662. 

  12662.         "str	r4, [%[r], #120]\n\t"
    12663. 

  12663.         "ldr	r4, [%[a], #124]\n\t"
    12664. 

  12664.         "ldr	r5, [%[b], #124]\n\t"
    12665. 

  12665.         "adc	r4, r5\n\t"
    12666. 

  12666.         "str	r4, [%[r], #124]\n\t"
    12667. 

  12667.         "mov	%[c], #0\n\t"
    12668. 

  12668.         "adc	%[c], %[c]\n\t"
    12669. 

  12669.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    12670. 

  12670.         :
    12671. 

  12671.         : "memory", "r4", "r5", "r7"
    12672. 

  12672.     );
    12673. 

  12673. 

  12674.     return c;
    12675. 

  12675. }
    12676. 

  12676. 

  12677. /* Multiply a and b into r. (r = a * b)
    12678. 

  12678.  *
    12679. 

  12679.  * r  A single precision integer.
    12680. 

  12680.  * a  A single precision integer.
    12681. 

  12681.  * b  A single precision integer.
    12682. 

  12682.  */
    12683. 

  12683. SP_NOINLINE static void sp_4096_mul_64(sp_digit* r, const sp_digit* a,
    12684. 

  12684.         const sp_digit* b)
    12685. 

  12685. {
    12686. 

  12686.     sp_digit tmp[64 * 2];
    12687. 

  12687.     __asm__ __volatile__ (
    12688. 

  12688.         "mov	r3, #0\n\t"
    12689. 

  12689.         "mov	r4, #0\n\t"
    12690. 

  12690.         "mov	r8, r3\n\t"
    12691. 

  12691.         "mov	r11, %[r]\n\t"
    12692. 

  12692.         "mov	r9, %[a]\n\t"
    12693. 

  12693.         "mov	r10, %[b]\n\t"
    12694. 

  12694.         "mov	r6, #1\n\t"
    12695. 

  12695.         "lsl	r6, r6, #8\n\t"
    12696. 

  12696.         "add	r6, r9\n\t"
    12697. 

  12697.         "mov	r12, r6\n\t"
    12698. 

  12698.         "\n1:\n\t"
    12699. 

  12699.         "mov	%[r], #0\n\t"
    12700. 

  12700.         "mov	r5, #0\n\t"
    12701. 

  12701.         "mov	r6, #252\n\t"
    12702. 

  12702.         "mov	%[a], r8\n\t"
    12703. 

  12703.         "sub	%[a], r6\n\t"
    12704. 

  12704.         "sbc	r6, r6\n\t"
    12705. 

  12705.         "mvn	r6, r6\n\t"
    12706. 

  12706.         "and	%[a], r6\n\t"
    12707. 

  12707.         "mov	%[b], r8\n\t"
    12708. 

  12708.         "sub	%[b], %[a]\n\t"
    12709. 

  12709.         "add	%[a], r9\n\t"
    12710. 

  12710.         "add	%[b], r10\n\t"
    12711. 

  12711.         "\n2:\n\t"
    12712. 

  12712.         "# Multiply Start\n\t"
    12713. 

  12713.         "ldr	r6, [%[a]]\n\t"
    12714. 

  12714.         "ldr	r7, [%[b]]\n\t"
    12715. 

  12715.         "lsl	r6, r6, #16\n\t"
    12716. 

  12716.         "lsl	r7, r7, #16\n\t"
    12717. 

  12717.         "lsr	r6, r6, #16\n\t"
    12718. 

  12718.         "lsr	r7, r7, #16\n\t"
    12719. 

  12719.         "mul	r7, r6\n\t"
    12720. 

  12720.         "add	r3, r7\n\t"
    12721. 

  12721.         "adc	r4, %[r]\n\t"
    12722. 

  12722.         "adc	r5, %[r]\n\t"
    12723. 

  12723.         "ldr	r7, [%[b]]\n\t"
    12724. 

  12724.         "lsr	r7, r7, #16\n\t"
    12725. 

  12725.         "mul	r6, r7\n\t"
    12726. 

  12726.         "lsr	r7, r6, #16\n\t"
    12727. 

  12727.         "lsl	r6, r6, #16\n\t"
    12728. 

  12728.         "add	r3, r6\n\t"
    12729. 

  12729.         "adc	r4, r7\n\t"
    12730. 

  12730.         "adc	r5, %[r]\n\t"
    12731. 

  12731.         "ldr	r6, [%[a]]\n\t"
    12732. 

  12732.         "ldr	r7, [%[b]]\n\t"
    12733. 

  12733.         "lsr	r6, r6, #16\n\t"
    12734. 

  12734.         "lsr	r7, r7, #16\n\t"
    12735. 

  12735.         "mul	r7, r6\n\t"
    12736. 

  12736.         "add	r4, r7\n\t"
    12737. 

  12737.         "adc	r5, %[r]\n\t"
    12738. 

  12738.         "ldr	r7, [%[b]]\n\t"
    12739. 

  12739.         "lsl	r7, r7, #16\n\t"
    12740. 

  12740.         "lsr	r7, r7, #16\n\t"
    12741. 

  12741.         "mul	r6, r7\n\t"
    12742. 

  12742.         "lsr	r7, r6, #16\n\t"
    12743. 

  12743.         "lsl	r6, r6, #16\n\t"
    12744. 

  12744.         "add	r3, r6\n\t"
    12745. 

  12745.         "adc	r4, r7\n\t"
    12746. 

  12746.         "adc	r5, %[r]\n\t"
    12747. 

  12747.         "# Multiply Done\n\t"
    12748. 

  12748.         "add	%[a], #4\n\t"
    12749. 

  12749.         "sub	%[b], #4\n\t"
    12750. 

  12750.         "cmp	%[a], r12\n\t"
    12751. 

  12751.         "beq	3f\n\t"
    12752. 

  12752.         "mov	r6, r8\n\t"
    12753. 

  12753.         "add	r6, r9\n\t"
    12754. 

  12754.         "cmp	%[a], r6\n\t"
    12755. 

  12755.         "ble	2b\n\t"
    12756. 

  12756.         "\n3:\n\t"
    12757. 

  12757.         "mov	%[r], r11\n\t"
    12758. 

  12758.         "mov	r7, r8\n\t"
    12759. 

  12759.         "str	r3, [%[r], r7]\n\t"
    12760. 

  12760.         "mov	r3, r4\n\t"
    12761. 

  12761.         "mov	r4, r5\n\t"
    12762. 

  12762.         "add	r7, #4\n\t"
    12763. 

  12763.         "mov	r8, r7\n\t"
    12764. 

  12764.         "mov	r6, #1\n\t"
    12765. 

  12765.         "lsl	r6, r6, #8\n\t"
    12766. 

  12766.         "add	r6, #248\n\t"
    12767. 

  12767.         "cmp	r7, r6\n\t"
    12768. 

  12768.         "ble	1b\n\t"
    12769. 

  12769.         "str	r3, [%[r], r7]\n\t"
    12770. 

  12770.         "mov	%[a], r9\n\t"
    12771. 

  12771.         "mov	%[b], r10\n\t"
    12772. 

  12772.         :
    12773. 

  12773.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    12774. 

  12774.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    12775. 

  12775.     );
    12776. 

  12776. 

  12777.     XMEMCPY(r, tmp, sizeof(tmp));
    12778. 

  12778. }
    12779. 

  12779. 

  12780. /* AND m into each word of a and store in r.
    12781. 

  12781.  *
    12782. 

  12782.  * r  A single precision integer.
    12783. 

  12783.  * a  A single precision integer.
    12784. 

  12784.  * m  Mask to AND against each digit.
    12785. 

  12785.  */
    12786. 

  12786. static void sp_4096_mask_64(sp_digit* r, const sp_digit* a, sp_digit m)
    12787. 

  12787. {
    12788. 

  12788. #ifdef WOLFSSL_SP_SMALL
    12789. 

  12789.     int i;
    12790. 

  12790. 

  12791.     for (i=0; i<64; i++) {
    12792. 

  12792.         r[i] = a[i] & m;
    12793. 

  12793.     }
    12794. 

  12794. #else
    12795. 

  12795.     int i;
    12796. 

  12796. 

  12797.     for (i = 0; i < 64; i += 8) {
    12798. 

  12798.         r[i+0] = a[i+0] & m;
    12799. 

  12799.         r[i+1] = a[i+1] & m;
    12800. 

  12800.         r[i+2] = a[i+2] & m;
    12801. 

  12801.         r[i+3] = a[i+3] & m;
    12802. 

  12802.         r[i+4] = a[i+4] & m;
    12803. 

  12803.         r[i+5] = a[i+5] & m;
    12804. 

  12804.         r[i+6] = a[i+6] & m;
    12805. 

  12805.         r[i+7] = a[i+7] & m;
    12806. 

  12806.     }
    12807. 

  12807. #endif
    12808. 

  12808. }
    12809. 

  12809. 

  12810. /* Multiply a and b into r. (r = a * b)
    12811. 

  12811.  *
    12812. 

  12812.  * r  A single precision integer.
    12813. 

  12813.  * a  A single precision integer.
    12814. 

  12814.  * b  A single precision integer.
    12815. 

  12815.  */
    12816. 

  12816. SP_NOINLINE static void sp_4096_mul_128(sp_digit* r, const sp_digit* a,
    12817. 

  12817.         const sp_digit* b)
    12818. 

  12818. {
    12819. 

  12819.     sp_digit* z0 = r;
    12820. 

  12820.     sp_digit z1[128];
    12821. 

  12821.     sp_digit a1[64];
    12822. 

  12822.     sp_digit b1[64];
    12823. 

  12823.     sp_digit z2[128];
    12824. 

  12824.     sp_digit u, ca, cb;
    12825. 

  12825. 

  12826.     ca = sp_2048_add_64(a1, a, &a[64]);
    12827. 

  12827.     cb = sp_2048_add_64(b1, b, &b[64]);
    12828. 

  12828.     u  = ca & cb;
    12829. 

  12829.     sp_2048_mul_64(z1, a1, b1);
    12830. 

  12830.     sp_2048_mul_64(z2, &a[64], &b[64]);
    12831. 

  12831.     sp_2048_mul_64(z0, a, b);
    12832. 

  12832.     sp_2048_mask_64(r + 128, a1, 0 - cb);
    12833. 

  12833.     sp_2048_mask_64(b1, b1, 0 - ca);
    12834. 

  12834.     u += sp_2048_add_64(r + 128, r + 128, b1);
    12835. 

  12835.     u += sp_4096_sub_in_place_128(z1, z2);
    12836. 

  12836.     u += sp_4096_sub_in_place_128(z1, z0);
    12837. 

  12837.     u += sp_4096_add_128(r + 64, r + 64, z1);
    12838. 

  12838.     r[192] = u;
    12839. 

  12839.     XMEMSET(r + 192 + 1, 0, sizeof(sp_digit) * (64 - 1));
    12840. 

  12840.     (void)sp_4096_add_128(r + 128, r + 128, z2);
    12841. 

  12841. }
    12842. 

  12842. 

  12843. /* Square a and put result in r. (r = a * a)
    12844. 

  12844.  *
    12845. 

  12845.  * r  A single precision integer.
    12846. 

  12846.  * a  A single precision integer.
    12847. 

  12847.  */
    12848. 

  12848. SP_NOINLINE static void sp_4096_sqr_64(sp_digit* r, const sp_digit* a)
    12849. 

  12849. {
    12850. 

  12850.     __asm__ __volatile__ (
    12851. 

  12851.         "mov	r3, #0\n\t"
    12852. 

  12852.         "mov	r4, #0\n\t"
    12853. 

  12853.         "mov	r5, #0\n\t"
    12854. 

  12854.         "mov	r8, r3\n\t"
    12855. 

  12855.         "mov	r11, %[r]\n\t"
    12856. 

  12856.         "mov	r6, #2\n\t"
    12857. 

  12857.         "lsl	r6, r6, #8\n\t"
    12858. 

  12858.         "neg	r6, r6\n\t"
    12859. 

  12859.         "add	sp, r6\n\t"
    12860. 

  12860.         "mov	r10, sp\n\t"
    12861. 

  12861.         "mov	r9, %[a]\n\t"
    12862. 

  12862.         "\n1:\n\t"
    12863. 

  12863.         "mov	%[r], #0\n\t"
    12864. 

  12864.         "mov	r6, #252\n\t"
    12865. 

  12865.         "mov	%[a], r8\n\t"
    12866. 

  12866.         "sub	%[a], r6\n\t"
    12867. 

  12867.         "sbc	r6, r6\n\t"
    12868. 

  12868.         "mvn	r6, r6\n\t"
    12869. 

  12869.         "and	%[a], r6\n\t"
    12870. 

  12870.         "mov	r2, r8\n\t"
    12871. 

  12871.         "sub	r2, %[a]\n\t"
    12872. 

  12872.         "add	%[a], r9\n\t"
    12873. 

  12873.         "add	r2, r9\n\t"
    12874. 

  12874.         "\n2:\n\t"
    12875. 

  12875.         "cmp	r2, %[a]\n\t"
    12876. 

  12876.         "beq	4f\n\t"
    12877. 

  12877.         "# Multiply * 2: Start\n\t"
    12878. 

  12878.         "ldr	r6, [%[a]]\n\t"
    12879. 

  12879.         "ldr	r7, [r2]\n\t"
    12880. 

  12880.         "lsl	r6, r6, #16\n\t"
    12881. 

  12881.         "lsl	r7, r7, #16\n\t"
    12882. 

  12882.         "lsr	r6, r6, #16\n\t"
    12883. 

  12883.         "lsr	r7, r7, #16\n\t"
    12884. 

  12884.         "mul	r7, r6\n\t"
    12885. 

  12885.         "add	r3, r7\n\t"
    12886. 

  12886.         "adc	r4, %[r]\n\t"
    12887. 

  12887.         "adc	r5, %[r]\n\t"
    12888. 

  12888.         "add	r3, r7\n\t"
    12889. 

  12889.         "adc	r4, %[r]\n\t"
    12890. 

  12890.         "adc	r5, %[r]\n\t"
    12891. 

  12891.         "ldr	r7, [r2]\n\t"
    12892. 

  12892.         "lsr	r7, r7, #16\n\t"
    12893. 

  12893.         "mul	r6, r7\n\t"
    12894. 

  12894.         "lsr	r7, r6, #16\n\t"
    12895. 

  12895.         "lsl	r6, r6, #16\n\t"
    12896. 

  12896.         "add	r3, r6\n\t"
    12897. 

  12897.         "adc	r4, r7\n\t"
    12898. 

  12898.         "adc	r5, %[r]\n\t"
    12899. 

  12899.         "add	r3, r6\n\t"
    12900. 

  12900.         "adc	r4, r7\n\t"
    12901. 

  12901.         "adc	r5, %[r]\n\t"
    12902. 

  12902.         "ldr	r6, [%[a]]\n\t"
    12903. 

  12903.         "ldr	r7, [r2]\n\t"
    12904. 

  12904.         "lsr	r6, r6, #16\n\t"
    12905. 

  12905.         "lsr	r7, r7, #16\n\t"
    12906. 

  12906.         "mul	r7, r6\n\t"
    12907. 

  12907.         "add	r4, r7\n\t"
    12908. 

  12908.         "adc	r5, %[r]\n\t"
    12909. 

  12909.         "add	r4, r7\n\t"
    12910. 

  12910.         "adc	r5, %[r]\n\t"
    12911. 

  12911.         "ldr	r7, [r2]\n\t"
    12912. 

  12912.         "lsl	r7, r7, #16\n\t"
    12913. 

  12913.         "lsr	r7, r7, #16\n\t"
    12914. 

  12914.         "mul	r6, r7\n\t"
    12915. 

  12915.         "lsr	r7, r6, #16\n\t"
    12916. 

  12916.         "lsl	r6, r6, #16\n\t"
    12917. 

  12917.         "add	r3, r6\n\t"
    12918. 

  12918.         "adc	r4, r7\n\t"
    12919. 

  12919.         "adc	r5, %[r]\n\t"
    12920. 

  12920.         "add	r3, r6\n\t"
    12921. 

  12921.         "adc	r4, r7\n\t"
    12922. 

  12922.         "adc	r5, %[r]\n\t"
    12923. 

  12923.         "# Multiply * 2: Done\n\t"
    12924. 

  12924.         "bal	5f\n\t"
    12925. 

  12925.         "\n4:\n\t"
    12926. 

  12926.         "# Square: Start\n\t"
    12927. 

  12927.         "ldr	r6, [%[a]]\n\t"
    12928. 

  12928.         "lsr	r7, r6, #16\n\t"
    12929. 

  12929.         "lsl	r6, r6, #16\n\t"
    12930. 

  12930.         "lsr	r6, r6, #16\n\t"
    12931. 

  12931.         "mul	r6, r6\n\t"
    12932. 

  12932.         "add	r3, r6\n\t"
    12933. 

  12933.         "adc	r4, %[r]\n\t"
    12934. 

  12934.         "adc	r5, %[r]\n\t"
    12935. 

  12935.         "mul	r7, r7\n\t"
    12936. 

  12936.         "add	r4, r7\n\t"
    12937. 

  12937.         "adc	r5, %[r]\n\t"
    12938. 

  12938.         "ldr	r6, [%[a]]\n\t"
    12939. 

  12939.         "lsr	r7, r6, #16\n\t"
    12940. 

  12940.         "lsl	r6, r6, #16\n\t"
    12941. 

  12941.         "lsr	r6, r6, #16\n\t"
    12942. 

  12942.         "mul	r6, r7\n\t"
    12943. 

  12943.         "lsr	r7, r6, #15\n\t"
    12944. 

  12944.         "lsl	r6, r6, #17\n\t"
    12945. 

  12945.         "add	r3, r6\n\t"
    12946. 

  12946.         "adc	r4, r7\n\t"
    12947. 

  12947.         "adc	r5, %[r]\n\t"
    12948. 

  12948.         "# Square: Done\n\t"
    12949. 

  12949.         "\n5:\n\t"
    12950. 

  12950.         "add	%[a], #4\n\t"
    12951. 

  12951.         "sub	r2, #4\n\t"
    12952. 

  12952.         "mov	r6, #1\n\t"
    12953. 

  12953.         "lsl	r6, r6, #8\n\t"
    12954. 

  12954.         "add	r6, r9\n\t"
    12955. 

  12955.         "cmp	%[a], r6\n\t"
    12956. 

  12956.         "beq	3f\n\t"
    12957. 

  12957.         "cmp	%[a], r2\n\t"
    12958. 

  12958.         "bgt	3f\n\t"
    12959. 

  12959.         "mov	r7, r8\n\t"
    12960. 

  12960.         "add	r7, r9\n\t"
    12961. 

  12961.         "cmp	%[a], r7\n\t"
    12962. 

  12962.         "ble	2b\n\t"
    12963. 

  12963.         "\n3:\n\t"
    12964. 

  12964.         "mov	%[r], r10\n\t"
    12965. 

  12965.         "mov	r7, r8\n\t"
    12966. 

  12966.         "str	r3, [%[r], r7]\n\t"
    12967. 

  12967.         "mov	r3, r4\n\t"
    12968. 

  12968.         "mov	r4, r5\n\t"
    12969. 

  12969.         "mov	r5, #0\n\t"
    12970. 

  12970.         "add	r7, #4\n\t"
    12971. 

  12971.         "mov	r8, r7\n\t"
    12972. 

  12972.         "mov	r6, #1\n\t"
    12973. 

  12973.         "lsl	r6, r6, #8\n\t"
    12974. 

  12974.         "add	r6, #248\n\t"
    12975. 

  12975.         "cmp	r7, r6\n\t"
    12976. 

  12976.         "ble	1b\n\t"
    12977. 

  12977.         "mov	%[a], r9\n\t"
    12978. 

  12978.         "str	r3, [%[r], r7]\n\t"
    12979. 

  12979.         "mov	%[r], r11\n\t"
    12980. 

  12980.         "mov	%[a], r10\n\t"
    12981. 

  12981.         "mov	r3, #1\n\t"
    12982. 

  12982.         "lsl	r3, r3, #8\n\t"
    12983. 

  12983.         "add	r3, #252\n\t"
    12984. 

  12984.         "\n4:\n\t"
    12985. 

  12985.         "ldr	r6, [%[a], r3]\n\t"
    12986. 

  12986.         "str	r6, [%[r], r3]\n\t"
    12987. 

  12987.         "sub	r3, #4\n\t"
    12988. 

  12988.         "bge	4b\n\t"
    12989. 

  12989.         "mov	r6, #2\n\t"
    12990. 

  12990.         "lsl	r6, r6, #8\n\t"
    12991. 

  12991.         "add	sp, r6\n\t"
    12992. 

  12992.         :
    12993. 

  12993.         : [r] "r" (r), [a] "r" (a)
    12994. 

  12994.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    12995. 

  12995.     );
    12996. 

  12996. }
    12997. 

  12997. 

  12998. /* Square a and put result in r. (r = a * a)
    12999. 

  12999.  *
    13000. 

  13000.  * r  A single precision integer.
    13001. 

  13001.  * a  A single precision integer.
    13002. 

  13002.  */
    13003. 

  13003. SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
    13004. 

  13004. {
    13005. 

  13005.     sp_digit* z0 = r;
    13006. 

  13006.     sp_digit z2[128];
    13007. 

  13007.     sp_digit z1[128];
    13008. 

  13008.     sp_digit a1[64];
    13009. 

  13009.     sp_digit u;
    13010. 

  13010. 

  13011.     u = sp_2048_add_64(a1, a, &a[64]);
    13012. 

  13012.     sp_2048_sqr_64(z1, a1);
    13013. 

  13013.     sp_2048_sqr_64(z2, &a[64]);
    13014. 

  13014.     sp_2048_sqr_64(z0, a);
    13015. 

  13015.     sp_2048_mask_64(r + 128, a1, 0 - u);
    13016. 

  13016.     u += sp_2048_add_64(r + 128, r + 128, r + 128);
    13017. 

  13017.     u += sp_4096_sub_in_place_128(z1, z2);
    13018. 

  13018.     u += sp_4096_sub_in_place_128(z1, z0);
    13019. 

  13019.     u += sp_4096_add_128(r + 64, r + 64, z1);
    13020. 

  13020.     r[192] = u;
    13021. 

  13021.     XMEMSET(r + 192 + 1, 0, sizeof(sp_digit) * (64 - 1));
    13022. 

  13022.     (void)sp_4096_add_128(r + 128, r + 128, z2);
    13023. 

  13023. }
    13024. 

  13024. 

  13025. #endif /* !WOLFSSL_SP_SMALL */
    13026. 

  13026. #ifdef WOLFSSL_SP_SMALL
    13027. 

  13027. /* Add b to a into r. (r = a + b)
    13028. 

  13028.  *
    13029. 

  13029.  * r  A single precision integer.
    13030. 

  13030.  * a  A single precision integer.
    13031. 

  13031.  * b  A single precision integer.
    13032. 

  13032.  */
    13033. 

  13033. SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a,
    13034. 

  13034.         const sp_digit* b)
    13035. 

  13035. {
    13036. 

  13036.     sp_digit c = 0;
    13037. 

  13037. 

  13038.     __asm__ __volatile__ (
    13039. 

  13039.         "mov	r6, %[a]\n\t"
    13040. 

  13040.         "mov	r7, #0\n\t"
    13041. 

  13041.         "mov	r4, #2\n\t"
    13042. 

  13042.         "lsl	r4, #8\n\t"
    13043. 

  13043.         "sub	r7, #1\n\t"
    13044. 

  13044.         "add	r6, r4\n\t"
    13045. 

  13045.         "\n1:\n\t"
    13046. 

  13046.         "add	%[c], r7\n\t"
    13047. 

  13047.         "ldr	r4, [%[a]]\n\t"
    13048. 

  13048.         "ldr	r5, [%[b]]\n\t"
    13049. 

  13049.         "adc	r4, r5\n\t"
    13050. 

  13050.         "str	r4, [%[r]]\n\t"
    13051. 

  13051.         "mov	%[c], #0\n\t"
    13052. 

  13052.         "adc	%[c], %[c]\n\t"
    13053. 

  13053.         "add	%[a], #4\n\t"
    13054. 

  13054.         "add	%[b], #4\n\t"
    13055. 

  13055.         "add	%[r], #4\n\t"
    13056. 

  13056.         "cmp	%[a], r6\n\t"
    13057. 

  13057.         "bne	1b\n\t"
    13058. 

  13058.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    13059. 

  13059.         :
    13060. 

  13060.         : "memory", "r4", "r5", "r6", "r7"
    13061. 

  13061.     );
    13062. 

  13062. 

  13063.     return c;
    13064. 

  13064. }
    13065. 

  13065. 

  13066. #endif /* WOLFSSL_SP_SMALL */
    13067. 

  13067. #ifdef WOLFSSL_SP_SMALL
    13068. 

  13068. /* Sub b from a into a. (a -= b)
    13069. 

  13069.  *
    13070. 

  13070.  * a  A single precision integer.
    13071. 

  13071.  * b  A single precision integer.
    13072. 

  13072.  */
    13073. 

  13073. SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a,
    13074. 

  13074.         const sp_digit* b)
    13075. 

  13075. {
    13076. 

  13076.     sp_digit c = 0;
    13077. 

  13077.     __asm__ __volatile__ (
    13078. 

  13078.         "mov	r7, %[a]\n\t"
    13079. 

  13079.         "mov	r5, #2\n\t"
    13080. 

  13080.         "lsl	r5, #8\n\t"
    13081. 

  13081.         "add	r7, r5\n\t"
    13082. 

  13082.         "\n1:\n\t"
    13083. 

  13083.         "mov	r5, #0\n\t"
    13084. 

  13084.         "sub	r5, %[c]\n\t"
    13085. 

  13085.         "ldr	r3, [%[a]]\n\t"
    13086. 

  13086.         "ldr	r4, [%[a], #4]\n\t"
    13087. 

  13087.         "ldr	r5, [%[b]]\n\t"
    13088. 

  13088.         "ldr	r6, [%[b], #4]\n\t"
    13089. 

  13089.         "sbc	r3, r5\n\t"
    13090. 

  13090.         "sbc	r4, r6\n\t"
    13091. 

  13091.         "str	r3, [%[a]]\n\t"
    13092. 

  13092.         "str	r4, [%[a], #4]\n\t"
    13093. 

  13093.         "sbc	%[c], %[c]\n\t"
    13094. 

  13094.         "add	%[a], #8\n\t"
    13095. 

  13095.         "add	%[b], #8\n\t"
    13096. 

  13096.         "cmp	%[a], r7\n\t"
    13097. 

  13097.         "bne	1b\n\t"
    13098. 

  13098.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    13099. 

  13099.         :
    13100. 

  13100.         : "memory", "r3", "r4", "r5", "r6", "r7"
    13101. 

  13101.     );
    13102. 

  13102. 

  13103.     return c;
    13104. 

  13104. }
    13105. 

  13105. 

  13106. #endif /* WOLFSSL_SP_SMALL */
    13107. 

  13107. #ifdef WOLFSSL_SP_SMALL
    13108. 

  13108. /* Multiply a and b into r. (r = a * b)
    13109. 

  13109.  *
    13110. 

  13110.  * r  A single precision integer.
    13111. 

  13111.  * a  A single precision integer.
    13112. 

  13112.  * b  A single precision integer.
    13113. 

  13113.  */
    13114. 

  13114. SP_NOINLINE static void sp_4096_mul_128(sp_digit* r, const sp_digit* a,
    13115. 

  13115.         const sp_digit* b)
    13116. 

  13116. {
    13117. 

  13117.     sp_digit tmp[128 * 2];
    13118. 

  13118.     __asm__ __volatile__ (
    13119. 

  13119.         "mov	r3, #0\n\t"
    13120. 

  13120.         "mov	r4, #0\n\t"
    13121. 

  13121.         "mov	r8, r3\n\t"
    13122. 

  13122.         "mov	r11, %[r]\n\t"
    13123. 

  13123.         "mov	r9, %[a]\n\t"
    13124. 

  13124.         "mov	r10, %[b]\n\t"
    13125. 

  13125.         "mov	r6, #2\n\t"
    13126. 

  13126.         "lsl	r6, r6, #8\n\t"
    13127. 

  13127.         "add	r6, r9\n\t"
    13128. 

  13128.         "mov	r12, r6\n\t"
    13129. 

  13129.         "\n1:\n\t"
    13130. 

  13130.         "mov	%[r], #0\n\t"
    13131. 

  13131.         "mov	r5, #0\n\t"
    13132. 

  13132.         "mov	r6, #1\n\t"
    13133. 

  13133.         "lsl	r6, r6, #8\n\t"
    13134. 

  13134.         "add	r6, #252\n\t"
    13135. 

  13135.         "mov	%[a], r8\n\t"
    13136. 

  13136.         "sub	%[a], r6\n\t"
    13137. 

  13137.         "sbc	r6, r6\n\t"
    13138. 

  13138.         "mvn	r6, r6\n\t"
    13139. 

  13139.         "and	%[a], r6\n\t"
    13140. 

  13140.         "mov	%[b], r8\n\t"
    13141. 

  13141.         "sub	%[b], %[a]\n\t"
    13142. 

  13142.         "add	%[a], r9\n\t"
    13143. 

  13143.         "add	%[b], r10\n\t"
    13144. 

  13144.         "\n2:\n\t"
    13145. 

  13145.         "# Multiply Start\n\t"
    13146. 

  13146.         "ldr	r6, [%[a]]\n\t"
    13147. 

  13147.         "ldr	r7, [%[b]]\n\t"
    13148. 

  13148.         "lsl	r6, r6, #16\n\t"
    13149. 

  13149.         "lsl	r7, r7, #16\n\t"
    13150. 

  13150.         "lsr	r6, r6, #16\n\t"
    13151. 

  13151.         "lsr	r7, r7, #16\n\t"
    13152. 

  13152.         "mul	r7, r6\n\t"
    13153. 

  13153.         "add	r3, r7\n\t"
    13154. 

  13154.         "adc	r4, %[r]\n\t"
    13155. 

  13155.         "adc	r5, %[r]\n\t"
    13156. 

  13156.         "ldr	r7, [%[b]]\n\t"
    13157. 

  13157.         "lsr	r7, r7, #16\n\t"
    13158. 

  13158.         "mul	r6, r7\n\t"
    13159. 

  13159.         "lsr	r7, r6, #16\n\t"
    13160. 

  13160.         "lsl	r6, r6, #16\n\t"
    13161. 

  13161.         "add	r3, r6\n\t"
    13162. 

  13162.         "adc	r4, r7\n\t"
    13163. 

  13163.         "adc	r5, %[r]\n\t"
    13164. 

  13164.         "ldr	r6, [%[a]]\n\t"
    13165. 

  13165.         "ldr	r7, [%[b]]\n\t"
    13166. 

  13166.         "lsr	r6, r6, #16\n\t"
    13167. 

  13167.         "lsr	r7, r7, #16\n\t"
    13168. 

  13168.         "mul	r7, r6\n\t"
    13169. 

  13169.         "add	r4, r7\n\t"
    13170. 

  13170.         "adc	r5, %[r]\n\t"
    13171. 

  13171.         "ldr	r7, [%[b]]\n\t"
    13172. 

  13172.         "lsl	r7, r7, #16\n\t"
    13173. 

  13173.         "lsr	r7, r7, #16\n\t"
    13174. 

  13174.         "mul	r6, r7\n\t"
    13175. 

  13175.         "lsr	r7, r6, #16\n\t"
    13176. 

  13176.         "lsl	r6, r6, #16\n\t"
    13177. 

  13177.         "add	r3, r6\n\t"
    13178. 

  13178.         "adc	r4, r7\n\t"
    13179. 

  13179.         "adc	r5, %[r]\n\t"
    13180. 

  13180.         "# Multiply Done\n\t"
    13181. 

  13181.         "add	%[a], #4\n\t"
    13182. 

  13182.         "sub	%[b], #4\n\t"
    13183. 

  13183.         "cmp	%[a], r12\n\t"
    13184. 

  13184.         "beq	3f\n\t"
    13185. 

  13185.         "mov	r6, r8\n\t"
    13186. 

  13186.         "add	r6, r9\n\t"
    13187. 

  13187.         "cmp	%[a], r6\n\t"
    13188. 

  13188.         "ble	2b\n\t"
    13189. 

  13189.         "\n3:\n\t"
    13190. 

  13190.         "mov	%[r], r11\n\t"
    13191. 

  13191.         "mov	r7, r8\n\t"
    13192. 

  13192.         "str	r3, [%[r], r7]\n\t"
    13193. 

  13193.         "mov	r3, r4\n\t"
    13194. 

  13194.         "mov	r4, r5\n\t"
    13195. 

  13195.         "add	r7, #4\n\t"
    13196. 

  13196.         "mov	r8, r7\n\t"
    13197. 

  13197.         "mov	r6, #3\n\t"
    13198. 

  13198.         "lsl	r6, r6, #8\n\t"
    13199. 

  13199.         "add	r6, #248\n\t"
    13200. 

  13200.         "cmp	r7, r6\n\t"
    13201. 

  13201.         "ble	1b\n\t"
    13202. 

  13202.         "str	r3, [%[r], r7]\n\t"
    13203. 

  13203.         "mov	%[a], r9\n\t"
    13204. 

  13204.         "mov	%[b], r10\n\t"
    13205. 

  13205.         :
    13206. 

  13206.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    13207. 

  13207.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    13208. 

  13208.     );
    13209. 

  13209. 

  13210.     XMEMCPY(r, tmp, sizeof(tmp));
    13211. 

  13211. }
    13212. 

  13212. 

  13213. /* Square a and put result in r. (r = a * a)
    13214. 

  13214.  *
    13215. 

  13215.  * r  A single precision integer.
    13216. 

  13216.  * a  A single precision integer.
    13217. 

  13217.  */
    13218. 

  13218. SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a)
    13219. 

  13219. {
    13220. 

  13220.     __asm__ __volatile__ (
    13221. 

  13221.         "mov	r3, #0\n\t"
    13222. 

  13222.         "mov	r4, #0\n\t"
    13223. 

  13223.         "mov	r5, #0\n\t"
    13224. 

  13224.         "mov	r8, r3\n\t"
    13225. 

  13225.         "mov	r11, %[r]\n\t"
    13226. 

  13226.         "mov	r6, #4\n\t"
    13227. 

  13227.         "lsl	r6, r6, #8\n\t"
    13228. 

  13228.         "neg	r6, r6\n\t"
    13229. 

  13229.         "add	sp, r6\n\t"
    13230. 

  13230.         "mov	r10, sp\n\t"
    13231. 

  13231.         "mov	r9, %[a]\n\t"
    13232. 

  13232.         "\n1:\n\t"
    13233. 

  13233.         "mov	%[r], #0\n\t"
    13234. 

  13234.         "mov	r6, #1\n\t"
    13235. 

  13235.         "lsl	r6, r6, #8\n\t"
    13236. 

  13236.         "add	r6, #252\n\t"
    13237. 

  13237.         "mov	%[a], r8\n\t"
    13238. 

  13238.         "sub	%[a], r6\n\t"
    13239. 

  13239.         "sbc	r6, r6\n\t"
    13240. 

  13240.         "mvn	r6, r6\n\t"
    13241. 

  13241.         "and	%[a], r6\n\t"
    13242. 

  13242.         "mov	r2, r8\n\t"
    13243. 

  13243.         "sub	r2, %[a]\n\t"
    13244. 

  13244.         "add	%[a], r9\n\t"
    13245. 

  13245.         "add	r2, r9\n\t"
    13246. 

  13246.         "\n2:\n\t"
    13247. 

  13247.         "cmp	r2, %[a]\n\t"
    13248. 

  13248.         "beq	4f\n\t"
    13249. 

  13249.         "# Multiply * 2: Start\n\t"
    13250. 

  13250.         "ldr	r6, [%[a]]\n\t"
    13251. 

  13251.         "ldr	r7, [r2]\n\t"
    13252. 

  13252.         "lsl	r6, r6, #16\n\t"
    13253. 

  13253.         "lsl	r7, r7, #16\n\t"
    13254. 

  13254.         "lsr	r6, r6, #16\n\t"
    13255. 

  13255.         "lsr	r7, r7, #16\n\t"
    13256. 

  13256.         "mul	r7, r6\n\t"
    13257. 

  13257.         "add	r3, r7\n\t"
    13258. 

  13258.         "adc	r4, %[r]\n\t"
    13259. 

  13259.         "adc	r5, %[r]\n\t"
    13260. 

  13260.         "add	r3, r7\n\t"
    13261. 

  13261.         "adc	r4, %[r]\n\t"
    13262. 

  13262.         "adc	r5, %[r]\n\t"
    13263. 

  13263.         "ldr	r7, [r2]\n\t"
    13264. 

  13264.         "lsr	r7, r7, #16\n\t"
    13265. 

  13265.         "mul	r6, r7\n\t"
    13266. 

  13266.         "lsr	r7, r6, #16\n\t"
    13267. 

  13267.         "lsl	r6, r6, #16\n\t"
    13268. 

  13268.         "add	r3, r6\n\t"
    13269. 

  13269.         "adc	r4, r7\n\t"
    13270. 

  13270.         "adc	r5, %[r]\n\t"
    13271. 

  13271.         "add	r3, r6\n\t"
    13272. 

  13272.         "adc	r4, r7\n\t"
    13273. 

  13273.         "adc	r5, %[r]\n\t"
    13274. 

  13274.         "ldr	r6, [%[a]]\n\t"
    13275. 

  13275.         "ldr	r7, [r2]\n\t"
    13276. 

  13276.         "lsr	r6, r6, #16\n\t"
    13277. 

  13277.         "lsr	r7, r7, #16\n\t"
    13278. 

  13278.         "mul	r7, r6\n\t"
    13279. 

  13279.         "add	r4, r7\n\t"
    13280. 

  13280.         "adc	r5, %[r]\n\t"
    13281. 

  13281.         "add	r4, r7\n\t"
    13282. 

  13282.         "adc	r5, %[r]\n\t"
    13283. 

  13283.         "ldr	r7, [r2]\n\t"
    13284. 

  13284.         "lsl	r7, r7, #16\n\t"
    13285. 

  13285.         "lsr	r7, r7, #16\n\t"
    13286. 

  13286.         "mul	r6, r7\n\t"
    13287. 

  13287.         "lsr	r7, r6, #16\n\t"
    13288. 

  13288.         "lsl	r6, r6, #16\n\t"
    13289. 

  13289.         "add	r3, r6\n\t"
    13290. 

  13290.         "adc	r4, r7\n\t"
    13291. 

  13291.         "adc	r5, %[r]\n\t"
    13292. 

  13292.         "add	r3, r6\n\t"
    13293. 

  13293.         "adc	r4, r7\n\t"
    13294. 

  13294.         "adc	r5, %[r]\n\t"
    13295. 

  13295.         "# Multiply * 2: Done\n\t"
    13296. 

  13296.         "bal	5f\n\t"
    13297. 

  13297.         "\n4:\n\t"
    13298. 

  13298.         "# Square: Start\n\t"
    13299. 

  13299.         "ldr	r6, [%[a]]\n\t"
    13300. 

  13300.         "lsr	r7, r6, #16\n\t"
    13301. 

  13301.         "lsl	r6, r6, #16\n\t"
    13302. 

  13302.         "lsr	r6, r6, #16\n\t"
    13303. 

  13303.         "mul	r6, r6\n\t"
    13304. 

  13304.         "add	r3, r6\n\t"
    13305. 

  13305.         "adc	r4, %[r]\n\t"
    13306. 

  13306.         "adc	r5, %[r]\n\t"
    13307. 

  13307.         "mul	r7, r7\n\t"
    13308. 

  13308.         "add	r4, r7\n\t"
    13309. 

  13309.         "adc	r5, %[r]\n\t"
    13310. 

  13310.         "ldr	r6, [%[a]]\n\t"
    13311. 

  13311.         "lsr	r7, r6, #16\n\t"
    13312. 

  13312.         "lsl	r6, r6, #16\n\t"
    13313. 

  13313.         "lsr	r6, r6, #16\n\t"
    13314. 

  13314.         "mul	r6, r7\n\t"
    13315. 

  13315.         "lsr	r7, r6, #15\n\t"
    13316. 

  13316.         "lsl	r6, r6, #17\n\t"
    13317. 

  13317.         "add	r3, r6\n\t"
    13318. 

  13318.         "adc	r4, r7\n\t"
    13319. 

  13319.         "adc	r5, %[r]\n\t"
    13320. 

  13320.         "# Square: Done\n\t"
    13321. 

  13321.         "\n5:\n\t"
    13322. 

  13322.         "add	%[a], #4\n\t"
    13323. 

  13323.         "sub	r2, #4\n\t"
    13324. 

  13324.         "mov	r6, #2\n\t"
    13325. 

  13325.         "lsl	r6, r6, #8\n\t"
    13326. 

  13326.         "add	r6, r9\n\t"
    13327. 

  13327.         "cmp	%[a], r6\n\t"
    13328. 

  13328.         "beq	3f\n\t"
    13329. 

  13329.         "cmp	%[a], r2\n\t"
    13330. 

  13330.         "bgt	3f\n\t"
    13331. 

  13331.         "mov	r7, r8\n\t"
    13332. 

  13332.         "add	r7, r9\n\t"
    13333. 

  13333.         "cmp	%[a], r7\n\t"
    13334. 

  13334.         "ble	2b\n\t"
    13335. 

  13335.         "\n3:\n\t"
    13336. 

  13336.         "mov	%[r], r10\n\t"
    13337. 

  13337.         "mov	r7, r8\n\t"
    13338. 

  13338.         "str	r3, [%[r], r7]\n\t"
    13339. 

  13339.         "mov	r3, r4\n\t"
    13340. 

  13340.         "mov	r4, r5\n\t"
    13341. 

  13341.         "mov	r5, #0\n\t"
    13342. 

  13342.         "add	r7, #4\n\t"
    13343. 

  13343.         "mov	r8, r7\n\t"
    13344. 

  13344.         "mov	r6, #3\n\t"
    13345. 

  13345.         "lsl	r6, r6, #8\n\t"
    13346. 

  13346.         "add	r6, #248\n\t"
    13347. 

  13347.         "cmp	r7, r6\n\t"
    13348. 

  13348.         "ble	1b\n\t"
    13349. 

  13349.         "mov	%[a], r9\n\t"
    13350. 

  13350.         "str	r3, [%[r], r7]\n\t"
    13351. 

  13351.         "mov	%[r], r11\n\t"
    13352. 

  13352.         "mov	%[a], r10\n\t"
    13353. 

  13353.         "mov	r3, #3\n\t"
    13354. 

  13354.         "lsl	r3, r3, #8\n\t"
    13355. 

  13355.         "add	r3, #252\n\t"
    13356. 

  13356.         "\n4:\n\t"
    13357. 

  13357.         "ldr	r6, [%[a], r3]\n\t"
    13358. 

  13358.         "str	r6, [%[r], r3]\n\t"
    13359. 

  13359.         "sub	r3, #4\n\t"
    13360. 

  13360.         "bge	4b\n\t"
    13361. 

  13361.         "mov	r6, #4\n\t"
    13362. 

  13362.         "lsl	r6, r6, #8\n\t"
    13363. 

  13363.         "add	sp, r6\n\t"
    13364. 

  13364.         :
    13365. 

  13365.         : [r] "r" (r), [a] "r" (a)
    13366. 

  13366.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    13367. 

  13367.     );
    13368. 

  13368. }
    13369. 

  13369. 

  13370. #endif /* WOLFSSL_SP_SMALL */
    13371. 

  13371. /* Caclulate the bottom digit of -1/a mod 2^n.
    13372. 

  13372.  *
    13373. 

  13373.  * a    A single precision number.
    13374. 

  13374.  * rho  Bottom word of inverse.
    13375. 

  13375.  */
    13376. 

  13376. static void sp_4096_mont_setup(const sp_digit* a, sp_digit* rho)
    13377. 

  13377. {
    13378. 

  13378.     sp_digit x, b;
    13379. 

  13379. 

  13380.     b = a[0];
    13381. 

  13381.     x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
    13382. 

  13382.     x *= 2 - b * x;               /* here x*a==1 mod 2**8 */
    13383. 

  13383.     x *= 2 - b * x;               /* here x*a==1 mod 2**16 */
    13384. 

  13384.     x *= 2 - b * x;               /* here x*a==1 mod 2**32 */
    13385. 

  13385. 

  13386.     /* rho = -1/m mod b */
    13387. 

  13387.     *rho = -x;
    13388. 

  13388. }
    13389. 

  13389. 

  13390. /* Mul a by digit b into r. (r = a * b)
    13391. 

  13391.  *
    13392. 

  13392.  * r  A single precision integer.
    13393. 

  13393.  * a  A single precision integer.
    13394. 

  13394.  * b  A single precision digit.
    13395. 

  13395.  */
    13396. 

  13396. SP_NOINLINE static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a,
    13397. 

  13397.         sp_digit b)
    13398. 

  13398. {
    13399. 

  13399.     __asm__ __volatile__ (
    13400. 

  13400.         "mov	r6, #2\n\t"
    13401. 

  13401.         "lsl	r6, r6, #8\n\t"
    13402. 

  13402.         "add	r6, %[a]\n\t"
    13403. 

  13403.         "mov	r8, %[r]\n\t"
    13404. 

  13404.         "mov	r9, r6\n\t"
    13405. 

  13405.         "mov	r3, #0\n\t"
    13406. 

  13406.         "mov	r4, #0\n\t"
    13407. 

  13407.         "1:\n\t"
    13408. 

  13408.         "mov	%[r], #0\n\t"
    13409. 

  13409.         "mov	r5, #0\n\t"
    13410. 

  13410.         "# A[] * B\n\t"
    13411. 

  13411.         "ldr	r6, [%[a]]\n\t"
    13412. 

  13412.         "lsl	r6, r6, #16\n\t"
    13413. 

  13413.         "lsl	r7, %[b], #16\n\t"
    13414. 

  13414.         "lsr	r6, r6, #16\n\t"
    13415. 

  13415.         "lsr	r7, r7, #16\n\t"
    13416. 

  13416.         "mul	r7, r6\n\t"
    13417. 

  13417.         "add	r3, r7\n\t"
    13418. 

  13418.         "adc	r4, %[r]\n\t"
    13419. 

  13419.         "adc	r5, %[r]\n\t"
    13420. 

  13420.         "lsr	r7, %[b], #16\n\t"
    13421. 

  13421.         "mul	r6, r7\n\t"
    13422. 

  13422.         "lsr	r7, r6, #16\n\t"
    13423. 

  13423.         "lsl	r6, r6, #16\n\t"
    13424. 

  13424.         "add	r3, r6\n\t"
    13425. 

  13425.         "adc	r4, r7\n\t"
    13426. 

  13426.         "adc	r5, %[r]\n\t"
    13427. 

  13427.         "ldr	r6, [%[a]]\n\t"
    13428. 

  13428.         "lsr	r6, r6, #16\n\t"
    13429. 

  13429.         "lsr	r7, %[b], #16\n\t"
    13430. 

  13430.         "mul	r7, r6\n\t"
    13431. 

  13431.         "add	r4, r7\n\t"
    13432. 

  13432.         "adc	r5, %[r]\n\t"
    13433. 

  13433.         "lsl	r7, %[b], #16\n\t"
    13434. 

  13434.         "lsr	r7, r7, #16\n\t"
    13435. 

  13435.         "mul	r6, r7\n\t"
    13436. 

  13436.         "lsr	r7, r6, #16\n\t"
    13437. 

  13437.         "lsl	r6, r6, #16\n\t"
    13438. 

  13438.         "add	r3, r6\n\t"
    13439. 

  13439.         "adc	r4, r7\n\t"
    13440. 

  13440.         "adc	r5, %[r]\n\t"
    13441. 

  13441.         "# A[] * B - Done\n\t"
    13442. 

  13442.         "mov	%[r], r8\n\t"
    13443. 

  13443.         "str	r3, [%[r]]\n\t"
    13444. 

  13444.         "mov	r3, r4\n\t"
    13445. 

  13445.         "mov	r4, r5\n\t"
    13446. 

  13446.         "add	%[r], #4\n\t"
    13447. 

  13447.         "add	%[a], #4\n\t"
    13448. 

  13448.         "mov	r8, %[r]\n\t"
    13449. 

  13449.         "cmp	%[a], r9\n\t"
    13450. 

  13450.         "blt	1b\n\t"
    13451. 

  13451.         "str	r3, [%[r]]\n\t"
    13452. 

  13452.         : [r] "+r" (r), [a] "+r" (a)
    13453. 

  13453.         : [b] "r" (b)
    13454. 

  13454.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
    13455. 

  13455.     );
    13456. 

  13456. }
    13457. 

  13457. 

  13458. #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)
    13459. 

  13459. /* r = 2^n mod m where n is the number of bits to reduce by.
    13460. 

  13460.  * Given m must be 4096 bits, just need to subtract.
    13461. 

  13461.  *
    13462. 

  13462.  * r  A single precision number.
    13463. 

  13463.  * m  A single precision number.
    13464. 

  13464.  */
    13465. 

  13465. static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m)
    13466. 

  13466. {
    13467. 

  13467.     XMEMSET(r, 0, sizeof(sp_digit) * 128);
    13468. 

  13468. 

  13469.     /* r = 2^n mod m */
    13470. 

  13470.     sp_4096_sub_in_place_128(r, m);
    13471. 

  13471. }
    13472. 

  13472. 

  13473. #endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH */
    13474. 

  13474. /* Conditionally subtract b from a using the mask m.
    13475. 

  13475.  * m is -1 to subtract and 0 when not copying.
    13476. 

  13476.  *
    13477. 

  13477.  * r  A single precision number representing condition subtract result.
    13478. 

  13478.  * a  A single precision number to subtract from.
    13479. 

  13479.  * b  A single precision number to subtract.
    13480. 

  13480.  * m  Mask value to apply.
    13481. 

  13481.  */
    13482. 

  13482. SP_NOINLINE static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a,
    13483. 

  13483.         const sp_digit* b, sp_digit m)
    13484. 

  13484. {
    13485. 

  13485.     sp_digit c = 0;
    13486. 

  13486. 

  13487.     __asm__ __volatile__ (
    13488. 

  13488.         "mov	r5, #2\n\t"
    13489. 

  13489.         "lsl	r5, r5, #8\n\t"
    13490. 

  13490.         "mov	r8, r5\n\t"
    13491. 

  13491.         "mov	r7, #0\n\t"
    13492. 

  13492.         "1:\n\t"
    13493. 

  13493.         "ldr	r6, [%[b], r7]\n\t"
    13494. 

  13494.         "and	r6, %[m]\n\t"
    13495. 

  13495.         "mov	r5, #0\n\t"
    13496. 

  13496.         "sub	r5, %[c]\n\t"
    13497. 

  13497.         "ldr	r5, [%[a], r7]\n\t"
    13498. 

  13498.         "sbc	r5, r6\n\t"
    13499. 

  13499.         "sbc	%[c], %[c]\n\t"
    13500. 

  13500.         "str	r5, [%[r], r7]\n\t"
    13501. 

  13501.         "add	r7, #4\n\t"
    13502. 

  13502.         "cmp	r7, r8\n\t"
    13503. 

  13503.         "blt	1b\n\t"
    13504. 

  13504.         : [c] "+r" (c)
    13505. 

  13505.         : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
    13506. 

  13506.         : "memory", "r5", "r6", "r7", "r8"
    13507. 

  13507.     );
    13508. 

  13508. 

  13509.     return c;
    13510. 

  13510. }
    13511. 

  13511. 

  13512. /* Reduce the number back to 4096 bits using Montgomery reduction.
    13513. 

  13513.  *
    13514. 

  13514.  * a   A single precision number to reduce in place.
    13515. 

  13515.  * m   The single precision number representing the modulus.
    13516. 

  13516.  * mp  The digit representing the negative inverse of m mod 2^n.
    13517. 

  13517.  */
    13518. 

  13518. SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m,
    13519. 

  13519.         sp_digit mp)
    13520. 

  13520. {
    13521. 

  13521.     sp_digit ca = 0;
    13522. 

  13522. 

  13523.     __asm__ __volatile__ (
    13524. 

  13524.         "mov	r8, %[mp]\n\t"
    13525. 

  13525.         "mov	r12, %[ca]\n\t"
    13526. 

  13526.         "mov	r14, %[m]\n\t"
    13527. 

  13527.         "mov	r9, %[a]\n\t"
    13528. 

  13528.         "mov	r4, #0\n\t"
    13529. 

  13529.         "# i = 0\n\t"
    13530. 

  13530.         "mov	r11, r4\n\t"
    13531. 

  13531.         "\n1:\n\t"
    13532. 

  13532.         "mov	r5, #0\n\t"
    13533. 

  13533.         "mov	%[ca], #0\n\t"
    13534. 

  13534.         "# mu = a[i] * mp\n\t"
    13535. 

  13535.         "mov	%[mp], r8\n\t"
    13536. 

  13536.         "ldr	%[a], [%[a]]\n\t"
    13537. 

  13537.         "mul	%[mp], %[a]\n\t"
    13538. 

  13538.         "mov	%[m], r14\n\t"
    13539. 

  13539.         "mov	r10, r9\n\t"
    13540. 

  13540.         "\n2:\n\t"
    13541. 

  13541.         "# a[i+j] += m[j] * mu\n\t"
    13542. 

  13542.         "mov	%[a], r10\n\t"
    13543. 

  13543.         "ldr	%[a], [%[a]]\n\t"
    13544. 

  13544.         "mov	%[ca], #0\n\t"
    13545. 

  13545.         "mov	r4, r5\n\t"
    13546. 

  13546.         "mov	r5, #0\n\t"
    13547. 

  13547.         "# Multiply m[j] and mu - Start\n\t"
    13548. 

  13548.         "ldr	r7, [%[m]]\n\t"
    13549. 

  13549.         "lsl	r6, %[mp], #16\n\t"
    13550. 

  13550.         "lsl	r7, r7, #16\n\t"
    13551. 

  13551.         "lsr	r6, r6, #16\n\t"
    13552. 

  13552.         "lsr	r7, r7, #16\n\t"
    13553. 

  13553.         "mul	r7, r6\n\t"
    13554. 

  13554.         "add	%[a], r7\n\t"
    13555. 

  13555.         "adc	r5, %[ca]\n\t"
    13556. 

  13556.         "ldr	r7, [%[m]]\n\t"
    13557. 

  13557.         "lsr	r7, r7, #16\n\t"
    13558. 

  13558.         "mul	r6, r7\n\t"
    13559. 

  13559.         "lsr	r7, r6, #16\n\t"
    13560. 

  13560.         "lsl	r6, r6, #16\n\t"
    13561. 

  13561.         "add	%[a], r6\n\t"
    13562. 

  13562.         "adc	r5, r7\n\t"
    13563. 

  13563.         "ldr	r7, [%[m]]\n\t"
    13564. 

  13564.         "lsr	r6, %[mp], #16\n\t"
    13565. 

  13565.         "lsr	r7, r7, #16\n\t"
    13566. 

  13566.         "mul	r7, r6\n\t"
    13567. 

  13567.         "add	r5, r7\n\t"
    13568. 

  13568.         "ldr	r7, [%[m]]\n\t"
    13569. 

  13569.         "lsl	r7, r7, #16\n\t"
    13570. 

  13570.         "lsr	r7, r7, #16\n\t"
    13571. 

  13571.         "mul	r6, r7\n\t"
    13572. 

  13572.         "lsr	r7, r6, #16\n\t"
    13573. 

  13573.         "lsl	r6, r6, #16\n\t"
    13574. 

  13574.         "add	%[a], r6\n\t"
    13575. 

  13575.         "adc	r5, r7\n\t"
    13576. 

  13576.         "# Multiply m[j] and mu - Done\n\t"
    13577. 

  13577.         "add	r4, %[a]\n\t"
    13578. 

  13578.         "adc	r5, %[ca]\n\t"
    13579. 

  13579.         "mov	%[a], r10\n\t"
    13580. 

  13580.         "str	r4, [%[a]]\n\t"
    13581. 

  13581.         "mov	r6, #4\n\t"
    13582. 

  13582.         "add	%[m], #4\n\t"
    13583. 

  13583.         "add	r10, r6\n\t"
    13584. 

  13584.         "mov	r4, #1\n\t"
    13585. 

  13585.         "lsl	r4, r4, #8\n\t"
    13586. 

  13586.         "add	r4, #252\n\t"
    13587. 

  13587.         "add	r4, r9\n\t"
    13588. 

  13588.         "cmp	r10, r4\n\t"
    13589. 

  13589.         "blt	2b\n\t"
    13590. 

  13590.         "# a[i+127] += m[127] * mu\n\t"
    13591. 

  13591.         "mov	%[ca], #0\n\t"
    13592. 

  13592.         "mov	r4, r12\n\t"
    13593. 

  13593.         "mov	%[a], #0\n\t"
    13594. 

  13594.         "# Multiply m[127] and mu - Start\n\t"
    13595. 

  13595.         "ldr	r7, [%[m]]\n\t"
    13596. 

  13596.         "lsl	r6, %[mp], #16\n\t"
    13597. 

  13597.         "lsl	r7, r7, #16\n\t"
    13598. 

  13598.         "lsr	r6, r6, #16\n\t"
    13599. 

  13599.         "lsr	r7, r7, #16\n\t"
    13600. 

  13600.         "mul	r7, r6\n\t"
    13601. 

  13601.         "add	r5, r7\n\t"
    13602. 

  13602.         "adc	r4, %[ca]\n\t"
    13603. 

  13603.         "adc	%[a], %[ca]\n\t"
    13604. 

  13604.         "ldr	r7, [%[m]]\n\t"
    13605. 

  13605.         "lsr	r7, r7, #16\n\t"
    13606. 

  13606.         "mul	r6, r7\n\t"
    13607. 

  13607.         "lsr	r7, r6, #16\n\t"
    13608. 

  13608.         "lsl	r6, r6, #16\n\t"
    13609. 

  13609.         "add	r5, r6\n\t"
    13610. 

  13610.         "adc	r4, r7\n\t"
    13611. 

  13611.         "adc	%[a], %[ca]\n\t"
    13612. 

  13612.         "ldr	r7, [%[m]]\n\t"
    13613. 

  13613.         "lsr	r6, %[mp], #16\n\t"
    13614. 

  13614.         "lsr	r7, r7, #16\n\t"
    13615. 

  13615.         "mul	r7, r6\n\t"
    13616. 

  13616.         "add	r4, r7\n\t"
    13617. 

  13617.         "adc	%[a], %[ca]\n\t"
    13618. 

  13618.         "ldr	r7, [%[m]]\n\t"
    13619. 

  13619.         "lsl	r7, r7, #16\n\t"
    13620. 

  13620.         "lsr	r7, r7, #16\n\t"
    13621. 

  13621.         "mul	r6, r7\n\t"
    13622. 

  13622.         "lsr	r7, r6, #16\n\t"
    13623. 

  13623.         "lsl	r6, r6, #16\n\t"
    13624. 

  13624.         "add	r5, r6\n\t"
    13625. 

  13625.         "adc	r4, r7\n\t"
    13626. 

  13626.         "adc	%[a], %[ca]\n\t"
    13627. 

  13627.         "# Multiply m[127] and mu - Done\n\t"
    13628. 

  13628.         "mov	%[ca], %[a]\n\t"
    13629. 

  13629.         "mov	%[a], r10\n\t"
    13630. 

  13630.         "ldr	r7, [%[a], #4]\n\t"
    13631. 

  13631.         "ldr	%[a], [%[a]]\n\t"
    13632. 

  13632.         "mov	r6, #0\n\t"
    13633. 

  13633.         "add	r5, %[a]\n\t"
    13634. 

  13634.         "adc	r7, r4\n\t"
    13635. 

  13635.         "adc	%[ca], r6\n\t"
    13636. 

  13636.         "mov	%[a], r10\n\t"
    13637. 

  13637.         "str	r5, [%[a]]\n\t"
    13638. 

  13638.         "str	r7, [%[a], #4]\n\t"
    13639. 

  13639.         "# i += 1\n\t"
    13640. 

  13640.         "mov	r6, #4\n\t"
    13641. 

  13641.         "add	r9, r6\n\t"
    13642. 

  13642.         "add	r11, r6\n\t"
    13643. 

  13643.         "mov	r12, %[ca]\n\t"
    13644. 

  13644.         "mov	%[a], r9\n\t"
    13645. 

  13645.         "mov	r4, #2\n\t"
    13646. 

  13646.         "lsl	r4, r4, #8\n\t"
    13647. 

  13647.         "cmp	r11, r4\n\t"
    13648. 

  13648.         "blt	1b\n\t"
    13649. 

  13649.         "mov	%[m], r14\n\t"
    13650. 

  13650.         : [ca] "+r" (ca), [a] "+r" (a)
    13651. 

  13651.         : [m] "r" (m), [mp] "r" (mp)
    13652. 

  13652.         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    13653. 

  13653.     );
    13654. 

  13654. 

  13655.     sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - ca);
    13656. 

  13656. }
    13657. 

  13657. 

  13658. /* Multiply two Montogmery form numbers mod the modulus (prime).
    13659. 

  13659.  * (r = a * b mod m)
    13660. 

  13660.  *
    13661. 

  13661.  * r   Result of multiplication.
    13662. 

  13662.  * a   First number to multiply in Montogmery form.
    13663. 

  13663.  * b   Second number to multiply in Montogmery form.
    13664. 

  13664.  * m   Modulus (prime).
    13665. 

  13665.  * mp  Montogmery mulitplier.
    13666. 

  13666.  */
    13667. 

  13667. static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b,
    13668. 

  13668.         const sp_digit* m, sp_digit mp)
    13669. 

  13669. {
    13670. 

  13670.     sp_4096_mul_128(r, a, b);
    13671. 

  13671.     sp_4096_mont_reduce_128(r, m, mp);
    13672. 

  13672. }
    13673. 

  13673. 

  13674. /* Square the Montgomery form number. (r = a * a mod m)
    13675. 

  13675.  *
    13676. 

  13676.  * r   Result of squaring.
    13677. 

  13677.  * a   Number to square in Montogmery form.
    13678. 

  13678.  * m   Modulus (prime).
    13679. 

  13679.  * mp  Montogmery mulitplier.
    13680. 

  13680.  */
    13681. 

  13681. static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, const sp_digit* m,
    13682. 

  13682.         sp_digit mp)
    13683. 

  13683. {
    13684. 

  13684.     sp_4096_sqr_128(r, a);
    13685. 

  13685.     sp_4096_mont_reduce_128(r, m, mp);
    13686. 

  13686. }
    13687. 

  13687. 

  13688. /* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
    13689. 

  13689.  *
    13690. 

  13690.  * d1   The high order half of the number to divide.
    13691. 

  13691.  * d0   The low order half of the number to divide.
    13692. 

  13692.  * div  The dividend.
    13693. 

  13693.  * returns the result of the division.
    13694. 

  13694.  *
    13695. 

  13695.  * Note that this is an approximate div. It may give an answer 1 larger.
    13696. 

  13696.  */
    13697. 

  13697. SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0,
    13698. 

  13698.         sp_digit div)
    13699. 

  13699. {
    13700. 

  13700.     sp_digit r = 0;
    13701. 

  13701. 

  13702.     __asm__ __volatile__ (
    13703. 

  13703.         "lsr	r5, %[div], #1\n\t"
    13704. 

  13704.         "add	r5, #1\n\t"
    13705. 

  13705.         "mov	r8, %[d0]\n\t"
    13706. 

  13706.         "mov	r9, %[d1]\n\t"
    13707. 

  13707.         "# Do top 32\n\t"
    13708. 

  13708.         "mov	r6, r5\n\t"
    13709. 

  13709.         "sub	r6, %[d1]\n\t"
    13710. 

  13710.         "sbc	r6, r6\n\t"
    13711. 

  13711.         "add	%[r], %[r]\n\t"
    13712. 

  13712.         "sub	%[r], r6\n\t"
    13713. 

  13713.         "and	r6, r5\n\t"
    13714. 

  13714.         "sub	%[d1], r6\n\t"
    13715. 

  13715.         "# Next 30 bits\n\t"
    13716. 

  13716.         "mov	r4, #29\n\t"
    13717. 

  13717.         "1:\n\t"
    13718. 

  13718.         "lsl	%[d0], %[d0], #1\n\t"
    13719. 

  13719.         "adc	%[d1], %[d1]\n\t"
    13720. 

  13720.         "mov	r6, r5\n\t"
    13721. 

  13721.         "sub	r6, %[d1]\n\t"
    13722. 

  13722.         "sbc	r6, r6\n\t"
    13723. 

  13723.         "add	%[r], %[r]\n\t"
    13724. 

  13724.         "sub	%[r], r6\n\t"
    13725. 

  13725.         "and	r6, r5\n\t"
    13726. 

  13726.         "sub	%[d1], r6\n\t"
    13727. 

  13727.         "sub	r4, #1\n\t"
    13728. 

  13728.         "bpl	1b\n\t"
    13729. 

  13729.         "mov	r7, #0\n\t"
    13730. 

  13730.         "add	%[r], %[r]\n\t"
    13731. 

  13731.         "add	%[r], #1\n\t"
    13732. 

  13732.         "# r * div - Start\n\t"
    13733. 

  13733.         "lsl	%[d1], %[r], #16\n\t"
    13734. 

  13734.         "lsl	r4, %[div], #16\n\t"
    13735. 

  13735.         "lsr	%[d1], %[d1], #16\n\t"
    13736. 

  13736.         "lsr	r4, r4, #16\n\t"
    13737. 

  13737.         "mul	r4, %[d1]\n\t"
    13738. 

  13738.         "lsr	r6, %[div], #16\n\t"
    13739. 

  13739.         "mul	%[d1], r6\n\t"
    13740. 

  13740.         "lsr	r5, %[d1], #16\n\t"
    13741. 

  13741.         "lsl	%[d1], %[d1], #16\n\t"
    13742. 

  13742.         "add	r4, %[d1]\n\t"
    13743. 

  13743.         "adc	r5, r7\n\t"
    13744. 

  13744.         "lsr	%[d1], %[r], #16\n\t"
    13745. 

  13745.         "mul	r6, %[d1]\n\t"
    13746. 

  13746.         "add	r5, r6\n\t"
    13747. 

  13747.         "lsl	r6, %[div], #16\n\t"
    13748. 

  13748.         "lsr	r6, r6, #16\n\t"
    13749. 

  13749.         "mul	%[d1], r6\n\t"
    13750. 

  13750.         "lsr	r6, %[d1], #16\n\t"
    13751. 

  13751.         "lsl	%[d1], %[d1], #16\n\t"
    13752. 

  13752.         "add	r4, %[d1]\n\t"
    13753. 

  13753.         "adc	r5, r6\n\t"
    13754. 

  13754.         "# r * div - Done\n\t"
    13755. 

  13755.         "mov	%[d1], r8\n\t"
    13756. 

  13756.         "sub	%[d1], r4\n\t"
    13757. 

  13757.         "mov	r4, %[d1]\n\t"
    13758. 

  13758.         "mov	%[d1], r9\n\t"
    13759. 

  13759.         "sbc	%[d1], r5\n\t"
    13760. 

  13760.         "mov	r5, %[d1]\n\t"
    13761. 

  13761.         "add	%[r], r5\n\t"
    13762. 

  13762.         "# r * div - Start\n\t"
    13763. 

  13763.         "lsl	%[d1], %[r], #16\n\t"
    13764. 

  13764.         "lsl	r4, %[div], #16\n\t"
    13765. 

  13765.         "lsr	%[d1], %[d1], #16\n\t"
    13766. 

  13766.         "lsr	r4, r4, #16\n\t"
    13767. 

  13767.         "mul	r4, %[d1]\n\t"
    13768. 

  13768.         "lsr	r6, %[div], #16\n\t"
    13769. 

  13769.         "mul	%[d1], r6\n\t"
    13770. 

  13770.         "lsr	r5, %[d1], #16\n\t"
    13771. 

  13771.         "lsl	%[d1], %[d1], #16\n\t"
    13772. 

  13772.         "add	r4, %[d1]\n\t"
    13773. 

  13773.         "adc	r5, r7\n\t"
    13774. 

  13774.         "lsr	%[d1], %[r], #16\n\t"
    13775. 

  13775.         "mul	r6, %[d1]\n\t"
    13776. 

  13776.         "add	r5, r6\n\t"
    13777. 

  13777.         "lsl	r6, %[div], #16\n\t"
    13778. 

  13778.         "lsr	r6, r6, #16\n\t"
    13779. 

  13779.         "mul	%[d1], r6\n\t"
    13780. 

  13780.         "lsr	r6, %[d1], #16\n\t"
    13781. 

  13781.         "lsl	%[d1], %[d1], #16\n\t"
    13782. 

  13782.         "add	r4, %[d1]\n\t"
    13783. 

  13783.         "adc	r5, r6\n\t"
    13784. 

  13784.         "# r * div - Done\n\t"
    13785. 

  13785.         "mov	%[d1], r8\n\t"
    13786. 

  13786.         "mov	r6, r9\n\t"
    13787. 

  13787.         "sub	r4, %[d1], r4\n\t"
    13788. 

  13788.         "sbc	r6, r5\n\t"
    13789. 

  13789.         "mov	r5, r6\n\t"
    13790. 

  13790.         "add	%[r], r5\n\t"
    13791. 

  13791.         "# r * div - Start\n\t"
    13792. 

  13792.         "lsl	%[d1], %[r], #16\n\t"
    13793. 

  13793.         "lsl	r4, %[div], #16\n\t"
    13794. 

  13794.         "lsr	%[d1], %[d1], #16\n\t"
    13795. 

  13795.         "lsr	r4, r4, #16\n\t"
    13796. 

  13796.         "mul	r4, %[d1]\n\t"
    13797. 

  13797.         "lsr	r6, %[div], #16\n\t"
    13798. 

  13798.         "mul	%[d1], r6\n\t"
    13799. 

  13799.         "lsr	r5, %[d1], #16\n\t"
    13800. 

  13800.         "lsl	%[d1], %[d1], #16\n\t"
    13801. 

  13801.         "add	r4, %[d1]\n\t"
    13802. 

  13802.         "adc	r5, r7\n\t"
    13803. 

  13803.         "lsr	%[d1], %[r], #16\n\t"
    13804. 

  13804.         "mul	r6, %[d1]\n\t"
    13805. 

  13805.         "add	r5, r6\n\t"
    13806. 

  13806.         "lsl	r6, %[div], #16\n\t"
    13807. 

  13807.         "lsr	r6, r6, #16\n\t"
    13808. 

  13808.         "mul	%[d1], r6\n\t"
    13809. 

  13809.         "lsr	r6, %[d1], #16\n\t"
    13810. 

  13810.         "lsl	%[d1], %[d1], #16\n\t"
    13811. 

  13811.         "add	r4, %[d1]\n\t"
    13812. 

  13812.         "adc	r5, r6\n\t"
    13813. 

  13813.         "# r * div - Done\n\t"
    13814. 

  13814.         "mov	%[d1], r8\n\t"
    13815. 

  13815.         "mov	r6, r9\n\t"
    13816. 

  13816.         "sub	r4, %[d1], r4\n\t"
    13817. 

  13817.         "sbc	r6, r5\n\t"
    13818. 

  13818.         "mov	r5, r6\n\t"
    13819. 

  13819.         "add	%[r], r5\n\t"
    13820. 

  13820.         "mov	r6, %[div]\n\t"
    13821. 

  13821.         "sub	r6, r4\n\t"
    13822. 

  13822.         "sbc	r6, r6\n\t"
    13823. 

  13823.         "sub	%[r], r6\n\t"
    13824. 

  13824.         : [r] "+r" (r)
    13825. 

  13825.         : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div)
    13826. 

  13826.         : "r4", "r5", "r7", "r6", "r8", "r9"
    13827. 

  13827.     );
    13828. 

  13828.     return r;
    13829. 

  13829. }
    13830. 

  13830. 

  13831. /* AND m into each word of a and store in r.
    13832. 

  13832.  *
    13833. 

  13833.  * r  A single precision integer.
    13834. 

  13834.  * a  A single precision integer.
    13835. 

  13835.  * m  Mask to AND against each digit.
    13836. 

  13836.  */
    13837. 

  13837. static void sp_4096_mask_128(sp_digit* r, const sp_digit* a, sp_digit m)
    13838. 

  13838. {
    13839. 

  13839. #ifdef WOLFSSL_SP_SMALL
    13840. 

  13840.     int i;
    13841. 

  13841. 

  13842.     for (i=0; i<128; i++) {
    13843. 

  13843.         r[i] = a[i] & m;
    13844. 

  13844.     }
    13845. 

  13845. #else
    13846. 

  13846.     int i;
    13847. 

  13847. 

  13848.     for (i = 0; i < 128; i += 8) {
    13849. 

  13849.         r[i+0] = a[i+0] & m;
    13850. 

  13850.         r[i+1] = a[i+1] & m;
    13851. 

  13851.         r[i+2] = a[i+2] & m;
    13852. 

  13852.         r[i+3] = a[i+3] & m;
    13853. 

  13853.         r[i+4] = a[i+4] & m;
    13854. 

  13854.         r[i+5] = a[i+5] & m;
    13855. 

  13855.         r[i+6] = a[i+6] & m;
    13856. 

  13856.         r[i+7] = a[i+7] & m;
    13857. 

  13857.     }
    13858. 

  13858. #endif
    13859. 

  13859. }
    13860. 

  13860. 

  13861. /* Compare a with b in constant time.
    13862. 

  13862.  *
    13863. 

  13863.  * a  A single precision integer.
    13864. 

  13864.  * b  A single precision integer.
    13865. 

  13865.  * return -ve, 0 or +ve if a is less than, equal to or greater than b
    13866. 

  13866.  * respectively.
    13867. 

  13867.  */
    13868. 

  13868. SP_NOINLINE static int32_t sp_4096_cmp_128(const sp_digit* a, const sp_digit* b)
    13869. 

  13869. {
    13870. 

  13870.     sp_digit r = 0;
    13871. 

  13871. 

  13872. 

  13873.     __asm__ __volatile__ (
    13874. 

  13874.         "mov	r3, #0\n\t"
    13875. 

  13875.         "mvn	r3, r3\n\t"
    13876. 

  13876.         "mov	r6, #1\n\t"
    13877. 

  13877.         "lsl	r6, r6, #8\n\t"
    13878. 

  13878.         "add	r6, #252\n\t"
    13879. 

  13879.         "1:\n\t"
    13880. 

  13880.         "ldr	r7, [%[a], r6]\n\t"
    13881. 

  13881.         "ldr	r5, [%[b], r6]\n\t"
    13882. 

  13882.         "and	r7, r3\n\t"
    13883. 

  13883.         "and	r5, r3\n\t"
    13884. 

  13884.         "mov	r4, r7\n\t"
    13885. 

  13885.         "sub	r7, r5\n\t"
    13886. 

  13886.         "sbc	r7, r7\n\t"
    13887. 

  13887.         "add	%[r], r7\n\t"
    13888. 

  13888.         "mvn	r7, r7\n\t"
    13889. 

  13889.         "and	r3, r7\n\t"
    13890. 

  13890.         "sub	r5, r4\n\t"
    13891. 

  13891.         "sbc	r7, r7\n\t"
    13892. 

  13892.         "sub	%[r], r7\n\t"
    13893. 

  13893.         "mvn	r7, r7\n\t"
    13894. 

  13894.         "and	r3, r7\n\t"
    13895. 

  13895.         "sub	r6, #4\n\t"
    13896. 

  13896.         "cmp	r6, #0\n\t"
    13897. 

  13897.         "bge	1b\n\t"
    13898. 

  13898.         : [r] "+r" (r)
    13899. 

  13899.         : [a] "r" (a), [b] "r" (b)
    13900. 

  13900.         : "r3", "r4", "r5", "r6", "r7"
    13901. 

  13901.     );
    13902. 

  13902. 

  13903.     return r;
    13904. 

  13904. }
    13905. 

  13905. 

  13906. /* Divide d in a and put remainder into r (m*d + r = a)
    13907. 

  13907.  * m is not calculated as it is not needed at this time.
    13908. 

  13908.  *
    13909. 

  13909.  * a  Nmber to be divided.
    13910. 

  13910.  * d  Number to divide with.
    13911. 

  13911.  * m  Multiplier result.
    13912. 

  13912.  * r  Remainder from the division.
    13913. 

  13913.  * returns MP_OKAY indicating success.
    13914. 

  13914.  */
    13915. 

  13915. static WC_INLINE int sp_4096_div_128(const sp_digit* a, const sp_digit* d, sp_digit* m,
    13916. 

  13916.         sp_digit* r)
    13917. 

  13917. {
    13918. 

  13918.     sp_digit t1[256], t2[129];
    13919. 

  13919.     sp_digit div, r1;
    13920. 

  13920.     int i;
    13921. 

  13921. 

  13922.     (void)m;
    13923. 

  13923. 

  13924.     div = d[127];
    13925. 

  13925.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 128);
    13926. 

  13926.     for (i=127; i>=0; i--) {
    13927. 

  13927.         r1 = div_4096_word_128(t1[128 + i], t1[128 + i - 1], div);
    13928. 

  13928. 

  13929.         sp_4096_mul_d_128(t2, d, r1);
    13930. 

  13930.         t1[128 + i] += sp_4096_sub_in_place_128(&t1[i], t2);
    13931. 

  13931.         t1[128 + i] -= t2[128];
    13932. 

  13932.         sp_4096_mask_128(t2, d, t1[128 + i]);
    13933. 

  13933.         t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], t2);
    13934. 

  13934.         sp_4096_mask_128(t2, d, t1[128 + i]);
    13935. 

  13935.         t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], t2);
    13936. 

  13936.     }
    13937. 

  13937. 

  13938.     r1 = sp_4096_cmp_128(t1, d) >= 0;
    13939. 

  13939.     sp_4096_cond_sub_128(r, t1, d, (sp_digit)0 - r1);
    13940. 

  13940. 

  13941.     return MP_OKAY;
    13942. 

  13942. }
    13943. 

  13943. 

  13944. /* Reduce a modulo m into r. (r = a mod m)
    13945. 

  13945.  *
    13946. 

  13946.  * r  A single precision number that is the reduced result.
    13947. 

  13947.  * a  A single precision number that is to be reduced.
    13948. 

  13948.  * m  A single precision number that is the modulus to reduce with.
    13949. 

  13949.  * returns MP_OKAY indicating success.
    13950. 

  13950.  */
    13951. 

  13951. static WC_INLINE int sp_4096_mod_128(sp_digit* r, const sp_digit* a, const sp_digit* m)
    13952. 

  13952. {
    13953. 

  13953.     return sp_4096_div_128(a, m, NULL, r);
    13954. 

  13954. }
    13955. 

  13955. 

  13956. /* Divide d in a and put remainder into r (m*d + r = a)
    13957. 

  13957.  * m is not calculated as it is not needed at this time.
    13958. 

  13958.  *
    13959. 

  13959.  * a  Nmber to be divided.
    13960. 

  13960.  * d  Number to divide with.
    13961. 

  13961.  * m  Multiplier result.
    13962. 

  13962.  * r  Remainder from the division.
    13963. 

  13963.  * returns MP_OKAY indicating success.
    13964. 

  13964.  */
    13965. 

  13965. static WC_INLINE int sp_4096_div_128_cond(const sp_digit* a, const sp_digit* d, sp_digit* m,
    13966. 

  13966.         sp_digit* r)
    13967. 

  13967. {
    13968. 

  13968.     sp_digit t1[256], t2[129];
    13969. 

  13969.     sp_digit div, r1;
    13970. 

  13970.     int i;
    13971. 

  13971. 

  13972.     (void)m;
    13973. 

  13973. 

  13974.     div = d[127];
    13975. 

  13975.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 128);
    13976. 

  13976.     for (i=127; i>=0; i--) {
    13977. 

  13977.         r1 = div_4096_word_128(t1[128 + i], t1[128 + i - 1], div);
    13978. 

  13978. 

  13979.         sp_4096_mul_d_128(t2, d, r1);
    13980. 

  13980.         t1[128 + i] += sp_4096_sub_in_place_128(&t1[i], t2);
    13981. 

  13981.         t1[128 + i] -= t2[128];
    13982. 

  13982.         if (t1[128 + i] != 0) {
    13983. 

  13983.             t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], d);
    13984. 

  13984.             if (t1[128 + i] != 0)
    13985. 

  13985.                 t1[128 + i] += sp_4096_add_128(&t1[i], &t1[i], d);
    13986. 

  13986.         }
    13987. 

  13987.     }
    13988. 

  13988. 

  13989.     r1 = sp_4096_cmp_128(t1, d) >= 0;
    13990. 

  13990.     sp_4096_cond_sub_128(r, t1, d, (sp_digit)0 - r1);
    13991. 

  13991. 

  13992.     return MP_OKAY;
    13993. 

  13993. }
    13994. 

  13994. 

  13995. /* Reduce a modulo m into r. (r = a mod m)
    13996. 

  13996.  *
    13997. 

  13997.  * r  A single precision number that is the reduced result.
    13998. 

  13998.  * a  A single precision number that is to be reduced.
    13999. 

  13999.  * m  A single precision number that is the modulus to reduce with.
    14000. 

  14000.  * returns MP_OKAY indicating success.
    14001. 

  14001.  */
    14002. 

  14002. static WC_INLINE int sp_4096_mod_128_cond(sp_digit* r, const sp_digit* a, const sp_digit* m)
    14003. 

  14003. {
    14004. 

  14004.     return sp_4096_div_128_cond(a, m, NULL, r);
    14005. 

  14005. }
    14006. 

  14006. 

  14007. #if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
    14008. 

  14008.                                                      defined(WOLFSSL_HAVE_SP_DH)
    14009. 

  14009. #ifdef WOLFSSL_SP_SMALL
    14010. 

  14010. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    14011. 

  14011.  *
    14012. 

  14012.  * r     A single precision number that is the result of the operation.
    14013. 

  14013.  * a     A single precision number being exponentiated.
    14014. 

  14014.  * e     A single precision number that is the exponent.
    14015. 

  14015.  * bits  The number of bits in the exponent.
    14016. 

  14016.  * m     A single precision number that is the modulus.
    14017. 

  14017.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    14018. 

  14018.  */
    14019. 

  14019. static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e,
    14020. 

  14020.         int bits, const sp_digit* m, int reduceA)
    14021. 

  14021. {
    14022. 

  14022. #ifndef WOLFSSL_SMALL_STACK
    14023. 

  14023.     sp_digit t[16][256];
    14024. 

  14024. #else
    14025. 

  14025.     sp_digit* t[16];
    14026. 

  14026.     sp_digit* td;
    14027. 

  14027. #endif
    14028. 

  14028.     sp_digit* norm;
    14029. 

  14029.     sp_digit mp = 1;
    14030. 

  14030.     sp_digit n;
    14031. 

  14031.     sp_digit mask;
    14032. 

  14032.     int i;
    14033. 

  14033.     int c, y;
    14034. 

  14034.     int err = MP_OKAY;
    14035. 

  14035. 

  14036. #ifdef WOLFSSL_SMALL_STACK
    14037. 

  14037.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 256, NULL,
    14038. 

  14038.                             DYNAMIC_TYPE_TMP_BUFFER);
    14039. 

  14039.     if (td == NULL) {
    14040. 

  14040.         err = MEMORY_E;
    14041. 

  14041.     }
    14042. 

  14042. #endif
    14043. 

  14043. 

  14044.     if (err == MP_OKAY) {
    14045. 

  14045. #ifdef WOLFSSL_SMALL_STACK
    14046. 

  14046.         for (i=0; i<16; i++) {
    14047. 

  14047.             t[i] = td + i * 256;
    14048. 

  14048.         }
    14049. 

  14049. #endif
    14050. 

  14050.         norm = t[0];
    14051. 

  14051. 

  14052.         sp_4096_mont_setup(m, &mp);
    14053. 

  14053.         sp_4096_mont_norm_128(norm, m);
    14054. 

  14054. 

  14055.         XMEMSET(t[1], 0, sizeof(sp_digit) * 128U);
    14056. 

  14056.         if (reduceA != 0) {
    14057. 

  14057.             err = sp_4096_mod_128(t[1] + 128, a, m);
    14058. 

  14058.             if (err == MP_OKAY) {
    14059. 

  14059.                 err = sp_4096_mod_128(t[1], t[1], m);
    14060. 

  14060.             }
    14061. 

  14061.         }
    14062. 

  14062.         else {
    14063. 

  14063.             XMEMCPY(t[1] + 128, a, sizeof(sp_digit) * 128);
    14064. 

  14064.             err = sp_4096_mod_128(t[1], t[1], m);
    14065. 

  14065.         }
    14066. 

  14066.     }
    14067. 

  14067. 

  14068.     if (err == MP_OKAY) {
    14069. 

  14069.         sp_4096_mont_sqr_128(t[ 2], t[ 1], m, mp);
    14070. 

  14070.         sp_4096_mont_mul_128(t[ 3], t[ 2], t[ 1], m, mp);
    14071. 

  14071.         sp_4096_mont_sqr_128(t[ 4], t[ 2], m, mp);
    14072. 

  14072.         sp_4096_mont_mul_128(t[ 5], t[ 3], t[ 2], m, mp);
    14073. 

  14073.         sp_4096_mont_sqr_128(t[ 6], t[ 3], m, mp);
    14074. 

  14074.         sp_4096_mont_mul_128(t[ 7], t[ 4], t[ 3], m, mp);
    14075. 

  14075.         sp_4096_mont_sqr_128(t[ 8], t[ 4], m, mp);
    14076. 

  14076.         sp_4096_mont_mul_128(t[ 9], t[ 5], t[ 4], m, mp);
    14077. 

  14077.         sp_4096_mont_sqr_128(t[10], t[ 5], m, mp);
    14078. 

  14078.         sp_4096_mont_mul_128(t[11], t[ 6], t[ 5], m, mp);
    14079. 

  14079.         sp_4096_mont_sqr_128(t[12], t[ 6], m, mp);
    14080. 

  14080.         sp_4096_mont_mul_128(t[13], t[ 7], t[ 6], m, mp);
    14081. 

  14081.         sp_4096_mont_sqr_128(t[14], t[ 7], m, mp);
    14082. 

  14082.         sp_4096_mont_mul_128(t[15], t[ 8], t[ 7], m, mp);
    14083. 

  14083. 

  14084.         i = (bits - 1) / 32;
    14085. 

  14085.         n = e[i--];
    14086. 

  14086.         c = bits & 31;
    14087. 

  14087.         if (c == 0) {
    14088. 

  14088.             c = 32;
    14089. 

  14089.         }
    14090. 

  14090.         c -= bits % 4;
    14091. 

  14091.         if (c == 32) {
    14092. 

  14092.             c = 28;
    14093. 

  14093.         }
    14094. 

  14094.         y = (int)(n >> c);
    14095. 

  14095.         n <<= 32 - c;
    14096. 

  14096.         XMEMCPY(r, t[y], sizeof(sp_digit) * 128);
    14097. 

  14097.         for (; i>=0 || c>=4; ) {
    14098. 

  14098.             if (c == 0) {
    14099. 

  14099.                 n = e[i--];
    14100. 

  14100.                 y = n >> 28;
    14101. 

  14101.                 n <<= 4;
    14102. 

  14102.                 c = 28;
    14103. 

  14103.             }
    14104. 

  14104.             else if (c < 4) {
    14105. 

  14105.                 y = n >> 28;
    14106. 

  14106.                 n = e[i--];
    14107. 

  14107.                 c = 4 - c;
    14108. 

  14108.                 y |= n >> (32 - c);
    14109. 

  14109.                 n <<= c;
    14110. 

  14110.                 c = 32 - c;
    14111. 

  14111.             }
    14112. 

  14112.             else {
    14113. 

  14113.                 y = (n >> 28) & 0xf;
    14114. 

  14114.                 n <<= 4;
    14115. 

  14115.                 c -= 4;
    14116. 

  14116.             }
    14117. 

  14117. 

  14118.             sp_4096_mont_sqr_128(r, r, m, mp);
    14119. 

  14119.             sp_4096_mont_sqr_128(r, r, m, mp);
    14120. 

  14120.             sp_4096_mont_sqr_128(r, r, m, mp);
    14121. 

  14121.             sp_4096_mont_sqr_128(r, r, m, mp);
    14122. 

  14122. 

  14123.             sp_4096_mont_mul_128(r, r, t[y], m, mp);
    14124. 

  14124.         }
    14125. 

  14125. 

  14126.         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
    14127. 

  14127.         sp_4096_mont_reduce_128(r, m, mp);
    14128. 

  14128. 

  14129.         mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
    14130. 

  14130.         sp_4096_cond_sub_128(r, r, m, mask);
    14131. 

  14131.     }
    14132. 

  14132. 

  14133. #ifdef WOLFSSL_SMALL_STACK
    14134. 

  14134.     if (td != NULL) {
    14135. 

  14135.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    14136. 

  14136.     }
    14137. 

  14137. #endif
    14138. 

  14138. 

  14139.     return err;
    14140. 

  14140. }
    14141. 

  14141. #else
    14142. 

  14142. /* Modular exponentiate a to the e mod m. (r = a^e mod m)
    14143. 

  14143.  *
    14144. 

  14144.  * r     A single precision number that is the result of the operation.
    14145. 

  14145.  * a     A single precision number being exponentiated.
    14146. 

  14146.  * e     A single precision number that is the exponent.
    14147. 

  14147.  * bits  The number of bits in the exponent.
    14148. 

  14148.  * m     A single precision number that is the modulus.
    14149. 

  14149.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    14150. 

  14150.  */
    14151. 

  14151. static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e,
    14152. 

  14152.         int bits, const sp_digit* m, int reduceA)
    14153. 

  14153. {
    14154. 

  14154. #ifndef WOLFSSL_SMALL_STACK
    14155. 

  14155.     sp_digit t[32][256];
    14156. 

  14156. #else
    14157. 

  14157.     sp_digit* t[32];
    14158. 

  14158.     sp_digit* td;
    14159. 

  14159. #endif
    14160. 

  14160.     sp_digit* norm;
    14161. 

  14161.     sp_digit mp = 1;
    14162. 

  14162.     sp_digit n;
    14163. 

  14163.     sp_digit mask;
    14164. 

  14164.     int i;
    14165. 

  14165.     int c, y;
    14166. 

  14166.     int err = MP_OKAY;
    14167. 

  14167. 

  14168. #ifdef WOLFSSL_SMALL_STACK
    14169. 

  14169.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 256, NULL,
    14170. 

  14170.                             DYNAMIC_TYPE_TMP_BUFFER);
    14171. 

  14171.     if (td == NULL) {
    14172. 

  14172.         err = MEMORY_E;
    14173. 

  14173.     }
    14174. 

  14174. #endif
    14175. 

  14175. 

  14176.     if (err == MP_OKAY) {
    14177. 

  14177. #ifdef WOLFSSL_SMALL_STACK
    14178. 

  14178.         for (i=0; i<32; i++) {
    14179. 

  14179.             t[i] = td + i * 256;
    14180. 

  14180.         }
    14181. 

  14181. #endif
    14182. 

  14182.         norm = t[0];
    14183. 

  14183. 

  14184.         sp_4096_mont_setup(m, &mp);
    14185. 

  14185.         sp_4096_mont_norm_128(norm, m);
    14186. 

  14186. 

  14187.         XMEMSET(t[1], 0, sizeof(sp_digit) * 128U);
    14188. 

  14188.         if (reduceA != 0) {
    14189. 

  14189.             err = sp_4096_mod_128(t[1] + 128, a, m);
    14190. 

  14190.             if (err == MP_OKAY) {
    14191. 

  14191.                 err = sp_4096_mod_128(t[1], t[1], m);
    14192. 

  14192.             }
    14193. 

  14193.         }
    14194. 

  14194.         else {
    14195. 

  14195.             XMEMCPY(t[1] + 128, a, sizeof(sp_digit) * 128);
    14196. 

  14196.             err = sp_4096_mod_128(t[1], t[1], m);
    14197. 

  14197.         }
    14198. 

  14198.     }
    14199. 

  14199. 

  14200.     if (err == MP_OKAY) {
    14201. 

  14201.         sp_4096_mont_sqr_128(t[ 2], t[ 1], m, mp);
    14202. 

  14202.         sp_4096_mont_mul_128(t[ 3], t[ 2], t[ 1], m, mp);
    14203. 

  14203.         sp_4096_mont_sqr_128(t[ 4], t[ 2], m, mp);
    14204. 

  14204.         sp_4096_mont_mul_128(t[ 5], t[ 3], t[ 2], m, mp);
    14205. 

  14205.         sp_4096_mont_sqr_128(t[ 6], t[ 3], m, mp);
    14206. 

  14206.         sp_4096_mont_mul_128(t[ 7], t[ 4], t[ 3], m, mp);
    14207. 

  14207.         sp_4096_mont_sqr_128(t[ 8], t[ 4], m, mp);
    14208. 

  14208.         sp_4096_mont_mul_128(t[ 9], t[ 5], t[ 4], m, mp);
    14209. 

  14209.         sp_4096_mont_sqr_128(t[10], t[ 5], m, mp);
    14210. 

  14210.         sp_4096_mont_mul_128(t[11], t[ 6], t[ 5], m, mp);
    14211. 

  14211.         sp_4096_mont_sqr_128(t[12], t[ 6], m, mp);
    14212. 

  14212.         sp_4096_mont_mul_128(t[13], t[ 7], t[ 6], m, mp);
    14213. 

  14213.         sp_4096_mont_sqr_128(t[14], t[ 7], m, mp);
    14214. 

  14214.         sp_4096_mont_mul_128(t[15], t[ 8], t[ 7], m, mp);
    14215. 

  14215.         sp_4096_mont_sqr_128(t[16], t[ 8], m, mp);
    14216. 

  14216.         sp_4096_mont_mul_128(t[17], t[ 9], t[ 8], m, mp);
    14217. 

  14217.         sp_4096_mont_sqr_128(t[18], t[ 9], m, mp);
    14218. 

  14218.         sp_4096_mont_mul_128(t[19], t[10], t[ 9], m, mp);
    14219. 

  14219.         sp_4096_mont_sqr_128(t[20], t[10], m, mp);
    14220. 

  14220.         sp_4096_mont_mul_128(t[21], t[11], t[10], m, mp);
    14221. 

  14221.         sp_4096_mont_sqr_128(t[22], t[11], m, mp);
    14222. 

  14222.         sp_4096_mont_mul_128(t[23], t[12], t[11], m, mp);
    14223. 

  14223.         sp_4096_mont_sqr_128(t[24], t[12], m, mp);
    14224. 

  14224.         sp_4096_mont_mul_128(t[25], t[13], t[12], m, mp);
    14225. 

  14225.         sp_4096_mont_sqr_128(t[26], t[13], m, mp);
    14226. 

  14226.         sp_4096_mont_mul_128(t[27], t[14], t[13], m, mp);
    14227. 

  14227.         sp_4096_mont_sqr_128(t[28], t[14], m, mp);
    14228. 

  14228.         sp_4096_mont_mul_128(t[29], t[15], t[14], m, mp);
    14229. 

  14229.         sp_4096_mont_sqr_128(t[30], t[15], m, mp);
    14230. 

  14230.         sp_4096_mont_mul_128(t[31], t[16], t[15], m, mp);
    14231. 

  14231. 

  14232.         i = (bits - 1) / 32;
    14233. 

  14233.         n = e[i--];
    14234. 

  14234.         c = bits & 31;
    14235. 

  14235.         if (c == 0) {
    14236. 

  14236.             c = 32;
    14237. 

  14237.         }
    14238. 

  14238.         c -= bits % 5;
    14239. 

  14239.         if (c == 32) {
    14240. 

  14240.             c = 27;
    14241. 

  14241.         }
    14242. 

  14242.         y = (int)(n >> c);
    14243. 

  14243.         n <<= 32 - c;
    14244. 

  14244.         XMEMCPY(r, t[y], sizeof(sp_digit) * 128);
    14245. 

  14245.         for (; i>=0 || c>=5; ) {
    14246. 

  14246.             if (c == 0) {
    14247. 

  14247.                 n = e[i--];
    14248. 

  14248.                 y = n >> 27;
    14249. 

  14249.                 n <<= 5;
    14250. 

  14250.                 c = 27;
    14251. 

  14251.             }
    14252. 

  14252.             else if (c < 5) {
    14253. 

  14253.                 y = n >> 27;
    14254. 

  14254.                 n = e[i--];
    14255. 

  14255.                 c = 5 - c;
    14256. 

  14256.                 y |= n >> (32 - c);
    14257. 

  14257.                 n <<= c;
    14258. 

  14258.                 c = 32 - c;
    14259. 

  14259.             }
    14260. 

  14260.             else {
    14261. 

  14261.                 y = (n >> 27) & 0x1f;
    14262. 

  14262.                 n <<= 5;
    14263. 

  14263.                 c -= 5;
    14264. 

  14264.             }
    14265. 

  14265. 

  14266.             sp_4096_mont_sqr_128(r, r, m, mp);
    14267. 

  14267.             sp_4096_mont_sqr_128(r, r, m, mp);
    14268. 

  14268.             sp_4096_mont_sqr_128(r, r, m, mp);
    14269. 

  14269.             sp_4096_mont_sqr_128(r, r, m, mp);
    14270. 

  14270.             sp_4096_mont_sqr_128(r, r, m, mp);
    14271. 

  14271. 

  14272.             sp_4096_mont_mul_128(r, r, t[y], m, mp);
    14273. 

  14273.         }
    14274. 

  14274. 

  14275.         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
    14276. 

  14276.         sp_4096_mont_reduce_128(r, m, mp);
    14277. 

  14277. 

  14278.         mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
    14279. 

  14279.         sp_4096_cond_sub_128(r, r, m, mask);
    14280. 

  14280.     }
    14281. 

  14281. 

  14282. #ifdef WOLFSSL_SMALL_STACK
    14283. 

  14283.     if (td != NULL) {
    14284. 

  14284.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    14285. 

  14285.     }
    14286. 

  14286. #endif
    14287. 

  14287. 

  14288.     return err;
    14289. 

  14289. }
    14290. 

  14290. #endif /* WOLFSSL_SP_SMALL */
    14291. 

  14291. #endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */
    14292. 

  14292. 

  14293. #ifdef WOLFSSL_HAVE_SP_RSA
    14294. 

  14294. /* RSA public key operation.
    14295. 

  14295.  *
    14296. 

  14296.  * in      Array of bytes representing the number to exponentiate, base.
    14297. 

  14297.  * inLen   Number of bytes in base.
    14298. 

  14298.  * em      Public exponent.
    14299. 

  14299.  * mm      Modulus.
    14300. 

  14300.  * out     Buffer to hold big-endian bytes of exponentiation result.
    14301. 

  14301.  *         Must be at least 512 bytes long.
    14302. 

  14302.  * outLen  Number of bytes in result.
    14303. 

  14303.  * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
    14304. 

  14304.  * an array is too long and MEMORY_E when dynamic memory allocation fails.
    14305. 

  14305.  */
    14306. 

  14306. int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
    14307. 

  14307.     byte* out, word32* outLen)
    14308. 

  14308. {
    14309. 

  14309. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    14310. 

  14310.     sp_digit ad[256], md[128], rd[256];
    14311. 

  14311. #else
    14312. 

  14312.     sp_digit* d = NULL;
    14313. 

  14313. #endif
    14314. 

  14314.     sp_digit* a;
    14315. 

  14315.     sp_digit *ah;
    14316. 

  14316.     sp_digit* m;
    14317. 

  14317.     sp_digit* r;
    14318. 

  14318.     sp_digit e[1];
    14319. 

  14319.     int err = MP_OKAY;
    14320. 

  14320. 

  14321.     if (*outLen < 512)
    14322. 

  14322.         err = MP_TO_E;
    14323. 

  14323.     if (err == MP_OKAY && (mp_count_bits(em) > 32 || inLen > 512 ||
    14324. 

  14324.                                                      mp_count_bits(mm) != 4096))
    14325. 

  14325.         err = MP_READ_E;
    14326. 

  14326. 

  14327. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    14328. 

  14328.     if (err == MP_OKAY) {
    14329. 

  14329.         d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
    14330. 

  14330.                                                               DYNAMIC_TYPE_RSA);
    14331. 

  14331.         if (d == NULL)
    14332. 

  14332.             err = MEMORY_E;
    14333. 

  14333.     }
    14334. 

  14334. 

  14335.     if (err == MP_OKAY) {
    14336. 

  14336.         a = d;
    14337. 

  14337.         r = a + 128 * 2;
    14338. 

  14338.         m = r + 128 * 2;
    14339. 

  14339.         ah = a + 128;
    14340. 

  14340.     }
    14341. 

  14341. #else
    14342. 

  14342.     a = ad;
    14343. 

  14343.     m = md;
    14344. 

  14344.     r = rd;
    14345. 

  14345.     ah = a + 128;
    14346. 

  14346. #endif
    14347. 

  14347. 

  14348.     if (err == MP_OKAY) {
    14349. 

  14349.         sp_4096_from_bin(ah, 128, in, inLen);
    14350. 

  14350. #if DIGIT_BIT >= 32
    14351. 

  14351.         e[0] = em->dp[0];
    14352. 

  14352. #else
    14353. 

  14353.         e[0] = em->dp[0];
    14354. 

  14354.         if (em->used > 1)
    14355. 

  14355.             e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
    14356. 

  14356. #endif
    14357. 

  14357.         if (e[0] == 0)
    14358. 

  14358.             err = MP_EXPTMOD_E;
    14359. 

  14359.     }
    14360. 

  14360.     if (err == MP_OKAY) {
    14361. 

  14361.         sp_4096_from_mp(m, 128, mm);
    14362. 

  14362. 

  14363.         if (e[0] == 0x3) {
    14364. 

  14364.             if (err == MP_OKAY) {
    14365. 

  14365.                 sp_4096_sqr_128(r, ah);
    14366. 

  14366.                 err = sp_4096_mod_128_cond(r, r, m);
    14367. 

  14367.             }
    14368. 

  14368.             if (err == MP_OKAY) {
    14369. 

  14369.                 sp_4096_mul_128(r, ah, r);
    14370. 

  14370.                 err = sp_4096_mod_128_cond(r, r, m);
    14371. 

  14371.             }
    14372. 

  14372.         }
    14373. 

  14373.         else {
    14374. 

  14374.             int i;
    14375. 

  14375.             sp_digit mp;
    14376. 

  14376. 

  14377.             sp_4096_mont_setup(m, &mp);
    14378. 

  14378. 

  14379.             /* Convert to Montgomery form. */
    14380. 

  14380.             XMEMSET(a, 0, sizeof(sp_digit) * 128);
    14381. 

  14381.             err = sp_4096_mod_128_cond(a, a, m);
    14382. 

  14382. 

  14383.             if (err == MP_OKAY) {
    14384. 

  14384.                 for (i=31; i>=0; i--)
    14385. 

  14385.                     if (e[0] >> i)
    14386. 

  14386.                         break;
    14387. 

  14387. 

  14388.                 XMEMCPY(r, a, sizeof(sp_digit) * 128);
    14389. 

  14389.                 for (i--; i>=0; i--) {
    14390. 

  14390.                     sp_4096_mont_sqr_128(r, r, m, mp);
    14391. 

  14391.                     if (((e[0] >> i) & 1) == 1)
    14392. 

  14392.                         sp_4096_mont_mul_128(r, r, a, m, mp);
    14393. 

  14393.                 }
    14394. 

  14394.                 XMEMSET(&r[128], 0, sizeof(sp_digit) * 128);
    14395. 

  14395.                 sp_4096_mont_reduce_128(r, m, mp);
    14396. 

  14396. 

  14397.                 for (i = 127; i > 0; i--) {
    14398. 

  14398.                     if (r[i] != m[i])
    14399. 

  14399.                         break;
    14400. 

  14400.                 }
    14401. 

  14401.                 if (r[i] >= m[i])
    14402. 

  14402.                     sp_4096_sub_in_place_128(r, m);
    14403. 

  14403.             }
    14404. 

  14404.         }
    14405. 

  14405.     }
    14406. 

  14406. 

  14407.     if (err == MP_OKAY) {
    14408. 

  14408.         sp_4096_to_bin(r, out);
    14409. 

  14409.         *outLen = 512;
    14410. 

  14410.     }
    14411. 

  14411. 

  14412. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    14413. 

  14413.     if (d != NULL)
    14414. 

  14414.         XFREE(d, NULL, DYNAMIC_TYPE_RSA);
    14415. 

  14415. #endif
    14416. 

  14416. 

  14417.     return err;
    14418. 

  14418. }
    14419. 

  14419. 

  14420. /* RSA private key operation.
    14421. 

  14421.  *
    14422. 

  14422.  * in      Array of bytes representing the number to exponentiate, base.
    14423. 

  14423.  * inLen   Number of bytes in base.
    14424. 

  14424.  * dm      Private exponent.
    14425. 

  14425.  * pm      First prime.
    14426. 

  14426.  * qm      Second prime.
    14427. 

  14427.  * dpm     First prime's CRT exponent.
    14428. 

  14428.  * dqm     Second prime's CRT exponent.
    14429. 

  14429.  * qim     Inverse of second prime mod p.
    14430. 

  14430.  * mm      Modulus.
    14431. 

  14431.  * out     Buffer to hold big-endian bytes of exponentiation result.
    14432. 

  14432.  *         Must be at least 512 bytes long.
    14433. 

  14433.  * outLen  Number of bytes in result.
    14434. 

  14434.  * returns 0 on success, MP_TO_E when the outLen is too small, MP_READ_E when
    14435. 

  14435.  * an array is too long and MEMORY_E when dynamic memory allocation fails.
    14436. 

  14436.  */
    14437. 

  14437. int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
    14438. 

  14438.     mp_int* pm, mp_int* qm, mp_int* dpm, mp_int* dqm, mp_int* qim, mp_int* mm,
    14439. 

  14439.     byte* out, word32* outLen)
    14440. 

  14440. {
    14441. 

  14441. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    14442. 

  14442.     sp_digit ad[128 * 2];
    14443. 

  14443.     sp_digit pd[64], qd[64], dpd[64];
    14444. 

  14444.     sp_digit tmpad[128], tmpbd[128];
    14445. 

  14445. #else
    14446. 

  14446.     sp_digit* t = NULL;
    14447. 

  14447. #endif
    14448. 

  14448.     sp_digit* a;
    14449. 

  14449.     sp_digit* p;
    14450. 

  14450.     sp_digit* q;
    14451. 

  14451.     sp_digit* dp;
    14452. 

  14452.     sp_digit* dq;
    14453. 

  14453.     sp_digit* qi;
    14454. 

  14454.     sp_digit* tmp;
    14455. 

  14455.     sp_digit* tmpa;
    14456. 

  14456.     sp_digit* tmpb;
    14457. 

  14457.     sp_digit* r;
    14458. 

  14458.     sp_digit c;
    14459. 

  14459.     int err = MP_OKAY;
    14460. 

  14460. 

  14461.     (void)dm;
    14462. 

  14462.     (void)mm;
    14463. 

  14463. 

  14464.     if (*outLen < 512)
    14465. 

  14465.         err = MP_TO_E;
    14466. 

  14466.     if (err == MP_OKAY && (inLen > 512 || mp_count_bits(mm) != 4096))
    14467. 

  14467.         err = MP_READ_E;
    14468. 

  14468. 

  14469. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    14470. 

  14470.     if (err == MP_OKAY) {
    14471. 

  14471.         t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
    14472. 

  14472.                                                               DYNAMIC_TYPE_RSA);
    14473. 

  14473.         if (t == NULL)
    14474. 

  14474.             err = MEMORY_E;
    14475. 

  14475.     }
    14476. 

  14476.     if (err == MP_OKAY) {
    14477. 

  14477.         a = t;
    14478. 

  14478.         p = a + 128 * 2;
    14479. 

  14479.         q = p + 64;
    14480. 

  14480.         qi = dq = dp = q + 64;
    14481. 

  14481.         tmpa = qi + 64;
    14482. 

  14482.         tmpb = tmpa + 128;
    14483. 

  14483. 

  14484.         tmp = t;
    14485. 

  14485.         r = tmp + 128;
    14486. 

  14486.     }
    14487. 

  14487. #else
    14488. 

  14488.     r = a = ad;
    14489. 

  14489.     p = pd;
    14490. 

  14490.     q = qd;
    14491. 

  14491.     qi = dq = dp = dpd;
    14492. 

  14492.     tmpa = tmpad;
    14493. 

  14493.     tmpb = tmpbd;
    14494. 

  14494.     tmp = a + 128;
    14495. 

  14495. #endif
    14496. 

  14496. 

  14497.     if (err == MP_OKAY) {
    14498. 

  14498.         sp_4096_from_bin(a, 128, in, inLen);
    14499. 

  14499.         sp_4096_from_mp(p, 64, pm);
    14500. 

  14500.         sp_4096_from_mp(q, 64, qm);
    14501. 

  14501.         sp_4096_from_mp(dp, 64, dpm);
    14502. 

  14502. 

  14503.         err = sp_4096_mod_exp_64(tmpa, a, dp, 2048, p, 1);
    14504. 

  14504.     }
    14505. 

  14505.     if (err == MP_OKAY) {
    14506. 

  14506.         sp_4096_from_mp(dq, 64, dqm);
    14507. 

  14507.         err = sp_4096_mod_exp_64(tmpb, a, dq, 2048, q, 1);
    14508. 

  14508.     }
    14509. 

  14509. 

  14510.     if (err == MP_OKAY) {
    14511. 

  14511.         c = sp_4096_sub_in_place_64(tmpa, tmpb);
    14512. 

  14512.         sp_4096_mask_64(tmp, p, c);
    14513. 

  14513.         sp_4096_add_64(tmpa, tmpa, tmp);
    14514. 

  14514. 

  14515.         sp_4096_from_mp(qi, 64, qim);
    14516. 

  14516.         sp_4096_mul_64(tmpa, tmpa, qi);
    14517. 

  14517.         err = sp_4096_mod_64(tmpa, tmpa, p);
    14518. 

  14518.     }
    14519. 

  14519. 

  14520.     if (err == MP_OKAY) {
    14521. 

  14521.         sp_4096_mul_64(tmpa, q, tmpa);
    14522. 

  14522.         XMEMSET(&tmpb[64], 0, sizeof(sp_digit) * 64);
    14523. 

  14523.         sp_4096_add_128(r, tmpb, tmpa);
    14524. 

  14524. 

  14525.         sp_4096_to_bin(r, out);
    14526. 

  14526.         *outLen = 512;
    14527. 

  14527.     }
    14528. 

  14528. 

  14529. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    14530. 

  14530.     if (t != NULL) {
    14531. 

  14531.         XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11);
    14532. 

  14532.         XFREE(t, NULL, DYNAMIC_TYPE_RSA);
    14533. 

  14533.     }
    14534. 

  14534. #else
    14535. 

  14535.     XMEMSET(tmpad, 0, sizeof(tmpad));
    14536. 

  14536.     XMEMSET(tmpbd, 0, sizeof(tmpbd));
    14537. 

  14537.     XMEMSET(pd, 0, sizeof(pd));
    14538. 

  14538.     XMEMSET(qd, 0, sizeof(qd));
    14539. 

  14539.     XMEMSET(dpd, 0, sizeof(dpd));
    14540. 

  14540. #endif
    14541. 

  14541. 

  14542.     return err;
    14543. 

  14543. }
    14544. 

  14544. #endif /* WOLFSSL_HAVE_SP_RSA */
    14545. 

  14545. #if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
    14546. 

  14546.                                               !defined(WOLFSSL_RSA_PUBLIC_ONLY))
    14547. 

  14547. /* Convert an array of sp_digit to an mp_int.
    14548. 

  14548.  *
    14549. 

  14549.  * a  A single precision integer.
    14550. 

  14550.  * r  A multi-precision integer.
    14551. 

  14551.  */
    14552. 

  14552. static int sp_4096_to_mp(const sp_digit* a, mp_int* r)
    14553. 

  14553. {
    14554. 

  14554.     int err;
    14555. 

  14555. 

  14556.     err = mp_grow(r, (4096 + DIGIT_BIT - 1) / DIGIT_BIT);
    14557. 

  14557.     if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
    14558. 

  14558. #if DIGIT_BIT == 32
    14559. 

  14559.         XMEMCPY(r->dp, a, sizeof(sp_digit) * 128);
    14560. 

  14560.         r->used = 128;
    14561. 

  14561.         mp_clamp(r);
    14562. 

  14562. #elif DIGIT_BIT < 32
    14563. 

  14563.         int i, j = 0, s = 0;
    14564. 

  14564. 

  14565.         r->dp[0] = 0;
    14566. 

  14566.         for (i = 0; i < 128; i++) {
    14567. 

  14567.             r->dp[j] |= a[i] << s;
    14568. 

  14568.             r->dp[j] &= (1L << DIGIT_BIT) - 1;
    14569. 

  14569.             s = DIGIT_BIT - s;
    14570. 

  14570.             r->dp[++j] = a[i] >> s;
    14571. 

  14571.             while (s + DIGIT_BIT <= 32) {
    14572. 

  14572.                 s += DIGIT_BIT;
    14573. 

  14573.                 r->dp[j++] &= (1L << DIGIT_BIT) - 1;
    14574. 

  14574.                 if (s == SP_WORD_SIZE) {
    14575. 

  14575.                     r->dp[j] = 0;
    14576. 

  14576.                 }
    14577. 

  14577.                 else {
    14578. 

  14578.                     r->dp[j] = a[i] >> s;
    14579. 

  14579.                 }
    14580. 

  14580.             }
    14581. 

  14581.             s = 32 - s;
    14582. 

  14582.         }
    14583. 

  14583.         r->used = (4096 + DIGIT_BIT - 1) / DIGIT_BIT;
    14584. 

  14584.         mp_clamp(r);
    14585. 

  14585. #else
    14586. 

  14586.         int i, j = 0, s = 0;
    14587. 

  14587. 

  14588.         r->dp[0] = 0;
    14589. 

  14589.         for (i = 0; i < 128; i++) {
    14590. 

  14590.             r->dp[j] |= ((mp_digit)a[i]) << s;
    14591. 

  14591.             if (s + 32 >= DIGIT_BIT) {
    14592. 

  14592.     #if DIGIT_BIT != 32 && DIGIT_BIT != 64
    14593. 

  14593.                 r->dp[j] &= (1L << DIGIT_BIT) - 1;
    14594. 

  14594.     #endif
    14595. 

  14595.                 s = DIGIT_BIT - s;
    14596. 

  14596.                 r->dp[++j] = a[i] >> s;
    14597. 

  14597.                 s = 32 - s;
    14598. 

  14598.             }
    14599. 

  14599.             else {
    14600. 

  14600.                 s += 32;
    14601. 

  14601.             }
    14602. 

  14602.         }
    14603. 

  14603.         r->used = (4096 + DIGIT_BIT - 1) / DIGIT_BIT;
    14604. 

  14604.         mp_clamp(r);
    14605. 

  14605. #endif
    14606. 

  14606.     }
    14607. 

  14607. 

  14608.     return err;
    14609. 

  14609. }
    14610. 

  14610. 

  14611. /* Perform the modular exponentiation for Diffie-Hellman.
    14612. 

  14612.  *
    14613. 

  14613.  * base  Base. MP integer.
    14614. 

  14614.  * exp   Exponent. MP integer.
    14615. 

  14615.  * mod   Modulus. MP integer.
    14616. 

  14616.  * res   Result. MP integer.
    14617. 

  14617.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    14618. 

  14618.  * and MEMORY_E if memory allocation fails.
    14619. 

  14619.  */
    14620. 

  14620. int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
    14621. 

  14621. {
    14622. 

  14622.     int err = MP_OKAY;
    14623. 

  14623.     sp_digit b[256], e[128], m[128];
    14624. 

  14624.     sp_digit* r = b;
    14625. 

  14625.     int expBits = mp_count_bits(exp);
    14626. 

  14626. 

  14627.     if (mp_count_bits(base) > 4096) {
    14628. 

  14628.         err = MP_READ_E;
    14629. 

  14629.     }
    14630. 

  14630. 

  14631.     if (err == MP_OKAY) {
    14632. 

  14632.         if (expBits > 4096) {
    14633. 

  14633.             err = MP_READ_E;
    14634. 

  14634.         }
    14635. 

  14635.     }
    14636. 

  14636. 

  14637.     if (err == MP_OKAY) {
    14638. 

  14638.         if (mp_count_bits(mod) != 4096) {
    14639. 

  14639.             err = MP_READ_E;
    14640. 

  14640.         }
    14641. 

  14641.     }
    14642. 

  14642. 

  14643.     if (err == MP_OKAY) {
    14644. 

  14644.         sp_4096_from_mp(b, 128, base);
    14645. 

  14645.         sp_4096_from_mp(e, 128, exp);
    14646. 

  14646.         sp_4096_from_mp(m, 128, mod);
    14647. 

  14647. 

  14648.         err = sp_4096_mod_exp_128(r, b, e, expBits, m, 0);
    14649. 

  14649.     }
    14650. 

  14650. 

  14651.     if (err == MP_OKAY) {
    14652. 

  14652.         err = sp_4096_to_mp(r, res);
    14653. 

  14653.     }
    14654. 

  14654. 

  14655.     XMEMSET(e, 0, sizeof(e));
    14656. 

  14656. 

  14657.     return err;
    14658. 

  14658. }
    14659. 

  14659. 

  14660. #ifdef WOLFSSL_HAVE_SP_DH
    14661. 

  14661. 

  14662. #ifdef HAVE_FFDHE_4096
    14663. 

  14663. static void sp_4096_lshift_128(sp_digit* r, sp_digit* a, byte n)
    14664. 

  14664. {
    14665. 

  14665.     __asm__ __volatile__ (
    14666. 

  14666.         "mov	r6, #31\n\t"
    14667. 

  14667.         "sub	r6, r6, %[n]\n\t"
    14668. 

  14668.         "add	%[a], %[a], #255\n\t"
    14669. 

  14669.         "add	%[r], %[r], #255\n\t"
    14670. 

  14670.         "add	%[a], %[a], #193\n\t"
    14671. 

  14671.         "add	%[r], %[r], #193\n\t"
    14672. 

  14672.         "ldr	r3, [%[a], #60]\n\t"
    14673. 

  14673.         "lsr	r4, r3, #1\n\t"
    14674. 

  14674.         "lsl	r3, r3, %[n]\n\t"
    14675. 

  14675.         "lsr	r4, r4, r6\n\t"
    14676. 

  14676.         "ldr	r2, [%[a], #56]\n\t"
    14677. 

  14677.         "str	r4, [%[r], #64]\n\t"
    14678. 

  14678.         "lsr	r5, r2, #1\n\t"
    14679. 

  14679.         "lsl	r2, r2, %[n]\n\t"
    14680. 

  14680.         "lsr	r5, r5, r6\n\t"
    14681. 

  14681.         "orr	r3, r3, r5\n\t"
    14682. 

  14682.         "ldr	r4, [%[a], #52]\n\t"
    14683. 

  14683.         "str	r3, [%[r], #60]\n\t"
    14684. 

  14684.         "lsr	r5, r4, #1\n\t"
    14685. 

  14685.         "lsl	r4, r4, %[n]\n\t"
    14686. 

  14686.         "lsr	r5, r5, r6\n\t"
    14687. 

  14687.         "orr	r2, r2, r5\n\t"
    14688. 

  14688.         "ldr	r3, [%[a], #48]\n\t"
    14689. 

  14689.         "str	r2, [%[r], #56]\n\t"
    14690. 

  14690.         "lsr	r5, r3, #1\n\t"
    14691. 

  14691.         "lsl	r3, r3, %[n]\n\t"
    14692. 

  14692.         "lsr	r5, r5, r6\n\t"
    14693. 

  14693.         "orr	r4, r4, r5\n\t"
    14694. 

  14694.         "ldr	r2, [%[a], #44]\n\t"
    14695. 

  14695.         "str	r4, [%[r], #52]\n\t"
    14696. 

  14696.         "lsr	r5, r2, #1\n\t"
    14697. 

  14697.         "lsl	r2, r2, %[n]\n\t"
    14698. 

  14698.         "lsr	r5, r5, r6\n\t"
    14699. 

  14699.         "orr	r3, r3, r5\n\t"
    14700. 

  14700.         "ldr	r4, [%[a], #40]\n\t"
    14701. 

  14701.         "str	r3, [%[r], #48]\n\t"
    14702. 

  14702.         "lsr	r5, r4, #1\n\t"
    14703. 

  14703.         "lsl	r4, r4, %[n]\n\t"
    14704. 

  14704.         "lsr	r5, r5, r6\n\t"
    14705. 

  14705.         "orr	r2, r2, r5\n\t"
    14706. 

  14706.         "ldr	r3, [%[a], #36]\n\t"
    14707. 

  14707.         "str	r2, [%[r], #44]\n\t"
    14708. 

  14708.         "lsr	r5, r3, #1\n\t"
    14709. 

  14709.         "lsl	r3, r3, %[n]\n\t"
    14710. 

  14710.         "lsr	r5, r5, r6\n\t"
    14711. 

  14711.         "orr	r4, r4, r5\n\t"
    14712. 

  14712.         "ldr	r2, [%[a], #32]\n\t"
    14713. 

  14713.         "str	r4, [%[r], #40]\n\t"
    14714. 

  14714.         "lsr	r5, r2, #1\n\t"
    14715. 

  14715.         "lsl	r2, r2, %[n]\n\t"
    14716. 

  14716.         "lsr	r5, r5, r6\n\t"
    14717. 

  14717.         "orr	r3, r3, r5\n\t"
    14718. 

  14718.         "ldr	r4, [%[a], #28]\n\t"
    14719. 

  14719.         "str	r3, [%[r], #36]\n\t"
    14720. 

  14720.         "lsr	r5, r4, #1\n\t"
    14721. 

  14721.         "lsl	r4, r4, %[n]\n\t"
    14722. 

  14722.         "lsr	r5, r5, r6\n\t"
    14723. 

  14723.         "orr	r2, r2, r5\n\t"
    14724. 

  14724.         "ldr	r3, [%[a], #24]\n\t"
    14725. 

  14725.         "str	r2, [%[r], #32]\n\t"
    14726. 

  14726.         "lsr	r5, r3, #1\n\t"
    14727. 

  14727.         "lsl	r3, r3, %[n]\n\t"
    14728. 

  14728.         "lsr	r5, r5, r6\n\t"
    14729. 

  14729.         "orr	r4, r4, r5\n\t"
    14730. 

  14730.         "ldr	r2, [%[a], #20]\n\t"
    14731. 

  14731.         "str	r4, [%[r], #28]\n\t"
    14732. 

  14732.         "lsr	r5, r2, #1\n\t"
    14733. 

  14733.         "lsl	r2, r2, %[n]\n\t"
    14734. 

  14734.         "lsr	r5, r5, r6\n\t"
    14735. 

  14735.         "orr	r3, r3, r5\n\t"
    14736. 

  14736.         "ldr	r4, [%[a], #16]\n\t"
    14737. 

  14737.         "str	r3, [%[r], #24]\n\t"
    14738. 

  14738.         "lsr	r5, r4, #1\n\t"
    14739. 

  14739.         "lsl	r4, r4, %[n]\n\t"
    14740. 

  14740.         "lsr	r5, r5, r6\n\t"
    14741. 

  14741.         "orr	r2, r2, r5\n\t"
    14742. 

  14742.         "ldr	r3, [%[a], #12]\n\t"
    14743. 

  14743.         "str	r2, [%[r], #20]\n\t"
    14744. 

  14744.         "lsr	r5, r3, #1\n\t"
    14745. 

  14745.         "lsl	r3, r3, %[n]\n\t"
    14746. 

  14746.         "lsr	r5, r5, r6\n\t"
    14747. 

  14747.         "orr	r4, r4, r5\n\t"
    14748. 

  14748.         "ldr	r2, [%[a], #8]\n\t"
    14749. 

  14749.         "str	r4, [%[r], #16]\n\t"
    14750. 

  14750.         "lsr	r5, r2, #1\n\t"
    14751. 

  14751.         "lsl	r2, r2, %[n]\n\t"
    14752. 

  14752.         "lsr	r5, r5, r6\n\t"
    14753. 

  14753.         "orr	r3, r3, r5\n\t"
    14754. 

  14754.         "ldr	r4, [%[a], #4]\n\t"
    14755. 

  14755.         "str	r3, [%[r], #12]\n\t"
    14756. 

  14756.         "lsr	r5, r4, #1\n\t"
    14757. 

  14757.         "lsl	r4, r4, %[n]\n\t"
    14758. 

  14758.         "lsr	r5, r5, r6\n\t"
    14759. 

  14759.         "orr	r2, r2, r5\n\t"
    14760. 

  14760.         "ldr	r3, [%[a], #0]\n\t"
    14761. 

  14761.         "str	r2, [%[r], #8]\n\t"
    14762. 

  14762.         "lsr	r5, r3, #1\n\t"
    14763. 

  14763.         "lsl	r3, r3, %[n]\n\t"
    14764. 

  14764.         "lsr	r5, r5, r6\n\t"
    14765. 

  14765.         "orr	r4, r4, r5\n\t"
    14766. 

  14766.         "sub	%[a], %[a], #64\n\t"
    14767. 

  14767.         "sub	%[r], %[r], #64\n\t"
    14768. 

  14768.         "ldr	r2, [%[a], #60]\n\t"
    14769. 

  14769.         "str	r4, [%[r], #68]\n\t"
    14770. 

  14770.         "lsr	r5, r2, #1\n\t"
    14771. 

  14771.         "lsl	r2, r2, %[n]\n\t"
    14772. 

  14772.         "lsr	r5, r5, r6\n\t"
    14773. 

  14773.         "orr	r3, r3, r5\n\t"
    14774. 

  14774.         "ldr	r4, [%[a], #56]\n\t"
    14775. 

  14775.         "str	r3, [%[r], #64]\n\t"
    14776. 

  14776.         "lsr	r5, r4, #1\n\t"
    14777. 

  14777.         "lsl	r4, r4, %[n]\n\t"
    14778. 

  14778.         "lsr	r5, r5, r6\n\t"
    14779. 

  14779.         "orr	r2, r2, r5\n\t"
    14780. 

  14780.         "ldr	r3, [%[a], #52]\n\t"
    14781. 

  14781.         "str	r2, [%[r], #60]\n\t"
    14782. 

  14782.         "lsr	r5, r3, #1\n\t"
    14783. 

  14783.         "lsl	r3, r3, %[n]\n\t"
    14784. 

  14784.         "lsr	r5, r5, r6\n\t"
    14785. 

  14785.         "orr	r4, r4, r5\n\t"
    14786. 

  14786.         "ldr	r2, [%[a], #48]\n\t"
    14787. 

  14787.         "str	r4, [%[r], #56]\n\t"
    14788. 

  14788.         "lsr	r5, r2, #1\n\t"
    14789. 

  14789.         "lsl	r2, r2, %[n]\n\t"
    14790. 

  14790.         "lsr	r5, r5, r6\n\t"
    14791. 

  14791.         "orr	r3, r3, r5\n\t"
    14792. 

  14792.         "ldr	r4, [%[a], #44]\n\t"
    14793. 

  14793.         "str	r3, [%[r], #52]\n\t"
    14794. 

  14794.         "lsr	r5, r4, #1\n\t"
    14795. 

  14795.         "lsl	r4, r4, %[n]\n\t"
    14796. 

  14796.         "lsr	r5, r5, r6\n\t"
    14797. 

  14797.         "orr	r2, r2, r5\n\t"
    14798. 

  14798.         "ldr	r3, [%[a], #40]\n\t"
    14799. 

  14799.         "str	r2, [%[r], #48]\n\t"
    14800. 

  14800.         "lsr	r5, r3, #1\n\t"
    14801. 

  14801.         "lsl	r3, r3, %[n]\n\t"
    14802. 

  14802.         "lsr	r5, r5, r6\n\t"
    14803. 

  14803.         "orr	r4, r4, r5\n\t"
    14804. 

  14804.         "ldr	r2, [%[a], #36]\n\t"
    14805. 

  14805.         "str	r4, [%[r], #44]\n\t"
    14806. 

  14806.         "lsr	r5, r2, #1\n\t"
    14807. 

  14807.         "lsl	r2, r2, %[n]\n\t"
    14808. 

  14808.         "lsr	r5, r5, r6\n\t"
    14809. 

  14809.         "orr	r3, r3, r5\n\t"
    14810. 

  14810.         "ldr	r4, [%[a], #32]\n\t"
    14811. 

  14811.         "str	r3, [%[r], #40]\n\t"
    14812. 

  14812.         "lsr	r5, r4, #1\n\t"
    14813. 

  14813.         "lsl	r4, r4, %[n]\n\t"
    14814. 

  14814.         "lsr	r5, r5, r6\n\t"
    14815. 

  14815.         "orr	r2, r2, r5\n\t"
    14816. 

  14816.         "ldr	r3, [%[a], #28]\n\t"
    14817. 

  14817.         "str	r2, [%[r], #36]\n\t"
    14818. 

  14818.         "lsr	r5, r3, #1\n\t"
    14819. 

  14819.         "lsl	r3, r3, %[n]\n\t"
    14820. 

  14820.         "lsr	r5, r5, r6\n\t"
    14821. 

  14821.         "orr	r4, r4, r5\n\t"
    14822. 

  14822.         "ldr	r2, [%[a], #24]\n\t"
    14823. 

  14823.         "str	r4, [%[r], #32]\n\t"
    14824. 

  14824.         "lsr	r5, r2, #1\n\t"
    14825. 

  14825.         "lsl	r2, r2, %[n]\n\t"
    14826. 

  14826.         "lsr	r5, r5, r6\n\t"
    14827. 

  14827.         "orr	r3, r3, r5\n\t"
    14828. 

  14828.         "ldr	r4, [%[a], #20]\n\t"
    14829. 

  14829.         "str	r3, [%[r], #28]\n\t"
    14830. 

  14830.         "lsr	r5, r4, #1\n\t"
    14831. 

  14831.         "lsl	r4, r4, %[n]\n\t"
    14832. 

  14832.         "lsr	r5, r5, r6\n\t"
    14833. 

  14833.         "orr	r2, r2, r5\n\t"
    14834. 

  14834.         "ldr	r3, [%[a], #16]\n\t"
    14835. 

  14835.         "str	r2, [%[r], #24]\n\t"
    14836. 

  14836.         "lsr	r5, r3, #1\n\t"
    14837. 

  14837.         "lsl	r3, r3, %[n]\n\t"
    14838. 

  14838.         "lsr	r5, r5, r6\n\t"
    14839. 

  14839.         "orr	r4, r4, r5\n\t"
    14840. 

  14840.         "ldr	r2, [%[a], #12]\n\t"
    14841. 

  14841.         "str	r4, [%[r], #20]\n\t"
    14842. 

  14842.         "lsr	r5, r2, #1\n\t"
    14843. 

  14843.         "lsl	r2, r2, %[n]\n\t"
    14844. 

  14844.         "lsr	r5, r5, r6\n\t"
    14845. 

  14845.         "orr	r3, r3, r5\n\t"
    14846. 

  14846.         "ldr	r4, [%[a], #8]\n\t"
    14847. 

  14847.         "str	r3, [%[r], #16]\n\t"
    14848. 

  14848.         "lsr	r5, r4, #1\n\t"
    14849. 

  14849.         "lsl	r4, r4, %[n]\n\t"
    14850. 

  14850.         "lsr	r5, r5, r6\n\t"
    14851. 

  14851.         "orr	r2, r2, r5\n\t"
    14852. 

  14852.         "ldr	r3, [%[a], #4]\n\t"
    14853. 

  14853.         "str	r2, [%[r], #12]\n\t"
    14854. 

  14854.         "lsr	r5, r3, #1\n\t"
    14855. 

  14855.         "lsl	r3, r3, %[n]\n\t"
    14856. 

  14856.         "lsr	r5, r5, r6\n\t"
    14857. 

  14857.         "orr	r4, r4, r5\n\t"
    14858. 

  14858.         "ldr	r2, [%[a], #0]\n\t"
    14859. 

  14859.         "str	r4, [%[r], #8]\n\t"
    14860. 

  14860.         "lsr	r5, r2, #1\n\t"
    14861. 

  14861.         "lsl	r2, r2, %[n]\n\t"
    14862. 

  14862.         "lsr	r5, r5, r6\n\t"
    14863. 

  14863.         "orr	r3, r3, r5\n\t"
    14864. 

  14864.         "sub	%[a], %[a], #64\n\t"
    14865. 

  14865.         "sub	%[r], %[r], #64\n\t"
    14866. 

  14866.         "ldr	r4, [%[a], #60]\n\t"
    14867. 

  14867.         "str	r3, [%[r], #68]\n\t"
    14868. 

  14868.         "lsr	r5, r4, #1\n\t"
    14869. 

  14869.         "lsl	r4, r4, %[n]\n\t"
    14870. 

  14870.         "lsr	r5, r5, r6\n\t"
    14871. 

  14871.         "orr	r2, r2, r5\n\t"
    14872. 

  14872.         "ldr	r3, [%[a], #56]\n\t"
    14873. 

  14873.         "str	r2, [%[r], #64]\n\t"
    14874. 

  14874.         "lsr	r5, r3, #1\n\t"
    14875. 

  14875.         "lsl	r3, r3, %[n]\n\t"
    14876. 

  14876.         "lsr	r5, r5, r6\n\t"
    14877. 

  14877.         "orr	r4, r4, r5\n\t"
    14878. 

  14878.         "ldr	r2, [%[a], #52]\n\t"
    14879. 

  14879.         "str	r4, [%[r], #60]\n\t"
    14880. 

  14880.         "lsr	r5, r2, #1\n\t"
    14881. 

  14881.         "lsl	r2, r2, %[n]\n\t"
    14882. 

  14882.         "lsr	r5, r5, r6\n\t"
    14883. 

  14883.         "orr	r3, r3, r5\n\t"
    14884. 

  14884.         "ldr	r4, [%[a], #48]\n\t"
    14885. 

  14885.         "str	r3, [%[r], #56]\n\t"
    14886. 

  14886.         "lsr	r5, r4, #1\n\t"
    14887. 

  14887.         "lsl	r4, r4, %[n]\n\t"
    14888. 

  14888.         "lsr	r5, r5, r6\n\t"
    14889. 

  14889.         "orr	r2, r2, r5\n\t"
    14890. 

  14890.         "ldr	r3, [%[a], #44]\n\t"
    14891. 

  14891.         "str	r2, [%[r], #52]\n\t"
    14892. 

  14892.         "lsr	r5, r3, #1\n\t"
    14893. 

  14893.         "lsl	r3, r3, %[n]\n\t"
    14894. 

  14894.         "lsr	r5, r5, r6\n\t"
    14895. 

  14895.         "orr	r4, r4, r5\n\t"
    14896. 

  14896.         "ldr	r2, [%[a], #40]\n\t"
    14897. 

  14897.         "str	r4, [%[r], #48]\n\t"
    14898. 

  14898.         "lsr	r5, r2, #1\n\t"
    14899. 

  14899.         "lsl	r2, r2, %[n]\n\t"
    14900. 

  14900.         "lsr	r5, r5, r6\n\t"
    14901. 

  14901.         "orr	r3, r3, r5\n\t"
    14902. 

  14902.         "ldr	r4, [%[a], #36]\n\t"
    14903. 

  14903.         "str	r3, [%[r], #44]\n\t"
    14904. 

  14904.         "lsr	r5, r4, #1\n\t"
    14905. 

  14905.         "lsl	r4, r4, %[n]\n\t"
    14906. 

  14906.         "lsr	r5, r5, r6\n\t"
    14907. 

  14907.         "orr	r2, r2, r5\n\t"
    14908. 

  14908.         "ldr	r3, [%[a], #32]\n\t"
    14909. 

  14909.         "str	r2, [%[r], #40]\n\t"
    14910. 

  14910.         "lsr	r5, r3, #1\n\t"
    14911. 

  14911.         "lsl	r3, r3, %[n]\n\t"
    14912. 

  14912.         "lsr	r5, r5, r6\n\t"
    14913. 

  14913.         "orr	r4, r4, r5\n\t"
    14914. 

  14914.         "ldr	r2, [%[a], #28]\n\t"
    14915. 

  14915.         "str	r4, [%[r], #36]\n\t"
    14916. 

  14916.         "lsr	r5, r2, #1\n\t"
    14917. 

  14917.         "lsl	r2, r2, %[n]\n\t"
    14918. 

  14918.         "lsr	r5, r5, r6\n\t"
    14919. 

  14919.         "orr	r3, r3, r5\n\t"
    14920. 

  14920.         "ldr	r4, [%[a], #24]\n\t"
    14921. 

  14921.         "str	r3, [%[r], #32]\n\t"
    14922. 

  14922.         "lsr	r5, r4, #1\n\t"
    14923. 

  14923.         "lsl	r4, r4, %[n]\n\t"
    14924. 

  14924.         "lsr	r5, r5, r6\n\t"
    14925. 

  14925.         "orr	r2, r2, r5\n\t"
    14926. 

  14926.         "ldr	r3, [%[a], #20]\n\t"
    14927. 

  14927.         "str	r2, [%[r], #28]\n\t"
    14928. 

  14928.         "lsr	r5, r3, #1\n\t"
    14929. 

  14929.         "lsl	r3, r3, %[n]\n\t"
    14930. 

  14930.         "lsr	r5, r5, r6\n\t"
    14931. 

  14931.         "orr	r4, r4, r5\n\t"
    14932. 

  14932.         "ldr	r2, [%[a], #16]\n\t"
    14933. 

  14933.         "str	r4, [%[r], #24]\n\t"
    14934. 

  14934.         "lsr	r5, r2, #1\n\t"
    14935. 

  14935.         "lsl	r2, r2, %[n]\n\t"
    14936. 

  14936.         "lsr	r5, r5, r6\n\t"
    14937. 

  14937.         "orr	r3, r3, r5\n\t"
    14938. 

  14938.         "ldr	r4, [%[a], #12]\n\t"
    14939. 

  14939.         "str	r3, [%[r], #20]\n\t"
    14940. 

  14940.         "lsr	r5, r4, #1\n\t"
    14941. 

  14941.         "lsl	r4, r4, %[n]\n\t"
    14942. 

  14942.         "lsr	r5, r5, r6\n\t"
    14943. 

  14943.         "orr	r2, r2, r5\n\t"
    14944. 

  14944.         "ldr	r3, [%[a], #8]\n\t"
    14945. 

  14945.         "str	r2, [%[r], #16]\n\t"
    14946. 

  14946.         "lsr	r5, r3, #1\n\t"
    14947. 

  14947.         "lsl	r3, r3, %[n]\n\t"
    14948. 

  14948.         "lsr	r5, r5, r6\n\t"
    14949. 

  14949.         "orr	r4, r4, r5\n\t"
    14950. 

  14950.         "ldr	r2, [%[a], #4]\n\t"
    14951. 

  14951.         "str	r4, [%[r], #12]\n\t"
    14952. 

  14952.         "lsr	r5, r2, #1\n\t"
    14953. 

  14953.         "lsl	r2, r2, %[n]\n\t"
    14954. 

  14954.         "lsr	r5, r5, r6\n\t"
    14955. 

  14955.         "orr	r3, r3, r5\n\t"
    14956. 

  14956.         "ldr	r4, [%[a], #0]\n\t"
    14957. 

  14957.         "str	r3, [%[r], #8]\n\t"
    14958. 

  14958.         "lsr	r5, r4, #1\n\t"
    14959. 

  14959.         "lsl	r4, r4, %[n]\n\t"
    14960. 

  14960.         "lsr	r5, r5, r6\n\t"
    14961. 

  14961.         "orr	r2, r2, r5\n\t"
    14962. 

  14962.         "sub	%[a], %[a], #64\n\t"
    14963. 

  14963.         "sub	%[r], %[r], #64\n\t"
    14964. 

  14964.         "ldr	r3, [%[a], #60]\n\t"
    14965. 

  14965.         "str	r2, [%[r], #68]\n\t"
    14966. 

  14966.         "lsr	r5, r3, #1\n\t"
    14967. 

  14967.         "lsl	r3, r3, %[n]\n\t"
    14968. 

  14968.         "lsr	r5, r5, r6\n\t"
    14969. 

  14969.         "orr	r4, r4, r5\n\t"
    14970. 

  14970.         "ldr	r2, [%[a], #56]\n\t"
    14971. 

  14971.         "str	r4, [%[r], #64]\n\t"
    14972. 

  14972.         "lsr	r5, r2, #1\n\t"
    14973. 

  14973.         "lsl	r2, r2, %[n]\n\t"
    14974. 

  14974.         "lsr	r5, r5, r6\n\t"
    14975. 

  14975.         "orr	r3, r3, r5\n\t"
    14976. 

  14976.         "ldr	r4, [%[a], #52]\n\t"
    14977. 

  14977.         "str	r3, [%[r], #60]\n\t"
    14978. 

  14978.         "lsr	r5, r4, #1\n\t"
    14979. 

  14979.         "lsl	r4, r4, %[n]\n\t"
    14980. 

  14980.         "lsr	r5, r5, r6\n\t"
    14981. 

  14981.         "orr	r2, r2, r5\n\t"
    14982. 

  14982.         "ldr	r3, [%[a], #48]\n\t"
    14983. 

  14983.         "str	r2, [%[r], #56]\n\t"
    14984. 

  14984.         "lsr	r5, r3, #1\n\t"
    14985. 

  14985.         "lsl	r3, r3, %[n]\n\t"
    14986. 

  14986.         "lsr	r5, r5, r6\n\t"
    14987. 

  14987.         "orr	r4, r4, r5\n\t"
    14988. 

  14988.         "ldr	r2, [%[a], #44]\n\t"
    14989. 

  14989.         "str	r4, [%[r], #52]\n\t"
    14990. 

  14990.         "lsr	r5, r2, #1\n\t"
    14991. 

  14991.         "lsl	r2, r2, %[n]\n\t"
    14992. 

  14992.         "lsr	r5, r5, r6\n\t"
    14993. 

  14993.         "orr	r3, r3, r5\n\t"
    14994. 

  14994.         "ldr	r4, [%[a], #40]\n\t"
    14995. 

  14995.         "str	r3, [%[r], #48]\n\t"
    14996. 

  14996.         "lsr	r5, r4, #1\n\t"
    14997. 

  14997.         "lsl	r4, r4, %[n]\n\t"
    14998. 

  14998.         "lsr	r5, r5, r6\n\t"
    14999. 

  14999.         "orr	r2, r2, r5\n\t"
    15000. 

  15000.         "ldr	r3, [%[a], #36]\n\t"
    15001. 

  15001.         "str	r2, [%[r], #44]\n\t"
    15002. 

  15002.         "lsr	r5, r3, #1\n\t"
    15003. 

  15003.         "lsl	r3, r3, %[n]\n\t"
    15004. 

  15004.         "lsr	r5, r5, r6\n\t"
    15005. 

  15005.         "orr	r4, r4, r5\n\t"
    15006. 

  15006.         "ldr	r2, [%[a], #32]\n\t"
    15007. 

  15007.         "str	r4, [%[r], #40]\n\t"
    15008. 

  15008.         "lsr	r5, r2, #1\n\t"
    15009. 

  15009.         "lsl	r2, r2, %[n]\n\t"
    15010. 

  15010.         "lsr	r5, r5, r6\n\t"
    15011. 

  15011.         "orr	r3, r3, r5\n\t"
    15012. 

  15012.         "ldr	r4, [%[a], #28]\n\t"
    15013. 

  15013.         "str	r3, [%[r], #36]\n\t"
    15014. 

  15014.         "lsr	r5, r4, #1\n\t"
    15015. 

  15015.         "lsl	r4, r4, %[n]\n\t"
    15016. 

  15016.         "lsr	r5, r5, r6\n\t"
    15017. 

  15017.         "orr	r2, r2, r5\n\t"
    15018. 

  15018.         "ldr	r3, [%[a], #24]\n\t"
    15019. 

  15019.         "str	r2, [%[r], #32]\n\t"
    15020. 

  15020.         "lsr	r5, r3, #1\n\t"
    15021. 

  15021.         "lsl	r3, r3, %[n]\n\t"
    15022. 

  15022.         "lsr	r5, r5, r6\n\t"
    15023. 

  15023.         "orr	r4, r4, r5\n\t"
    15024. 

  15024.         "ldr	r2, [%[a], #20]\n\t"
    15025. 

  15025.         "str	r4, [%[r], #28]\n\t"
    15026. 

  15026.         "lsr	r5, r2, #1\n\t"
    15027. 

  15027.         "lsl	r2, r2, %[n]\n\t"
    15028. 

  15028.         "lsr	r5, r5, r6\n\t"
    15029. 

  15029.         "orr	r3, r3, r5\n\t"
    15030. 

  15030.         "ldr	r4, [%[a], #16]\n\t"
    15031. 

  15031.         "str	r3, [%[r], #24]\n\t"
    15032. 

  15032.         "lsr	r5, r4, #1\n\t"
    15033. 

  15033.         "lsl	r4, r4, %[n]\n\t"
    15034. 

  15034.         "lsr	r5, r5, r6\n\t"
    15035. 

  15035.         "orr	r2, r2, r5\n\t"
    15036. 

  15036.         "ldr	r3, [%[a], #12]\n\t"
    15037. 

  15037.         "str	r2, [%[r], #20]\n\t"
    15038. 

  15038.         "lsr	r5, r3, #1\n\t"
    15039. 

  15039.         "lsl	r3, r3, %[n]\n\t"
    15040. 

  15040.         "lsr	r5, r5, r6\n\t"
    15041. 

  15041.         "orr	r4, r4, r5\n\t"
    15042. 

  15042.         "ldr	r2, [%[a], #8]\n\t"
    15043. 

  15043.         "str	r4, [%[r], #16]\n\t"
    15044. 

  15044.         "lsr	r5, r2, #1\n\t"
    15045. 

  15045.         "lsl	r2, r2, %[n]\n\t"
    15046. 

  15046.         "lsr	r5, r5, r6\n\t"
    15047. 

  15047.         "orr	r3, r3, r5\n\t"
    15048. 

  15048.         "ldr	r4, [%[a], #4]\n\t"
    15049. 

  15049.         "str	r3, [%[r], #12]\n\t"
    15050. 

  15050.         "lsr	r5, r4, #1\n\t"
    15051. 

  15051.         "lsl	r4, r4, %[n]\n\t"
    15052. 

  15052.         "lsr	r5, r5, r6\n\t"
    15053. 

  15053.         "orr	r2, r2, r5\n\t"
    15054. 

  15054.         "ldr	r3, [%[a], #0]\n\t"
    15055. 

  15055.         "str	r2, [%[r], #8]\n\t"
    15056. 

  15056.         "lsr	r5, r3, #1\n\t"
    15057. 

  15057.         "lsl	r3, r3, %[n]\n\t"
    15058. 

  15058.         "lsr	r5, r5, r6\n\t"
    15059. 

  15059.         "orr	r4, r4, r5\n\t"
    15060. 

  15060.         "sub	%[a], %[a], #64\n\t"
    15061. 

  15061.         "sub	%[r], %[r], #64\n\t"
    15062. 

  15062.         "ldr	r2, [%[a], #60]\n\t"
    15063. 

  15063.         "str	r4, [%[r], #68]\n\t"
    15064. 

  15064.         "lsr	r5, r2, #1\n\t"
    15065. 

  15065.         "lsl	r2, r2, %[n]\n\t"
    15066. 

  15066.         "lsr	r5, r5, r6\n\t"
    15067. 

  15067.         "orr	r3, r3, r5\n\t"
    15068. 

  15068.         "ldr	r4, [%[a], #56]\n\t"
    15069. 

  15069.         "str	r3, [%[r], #64]\n\t"
    15070. 

  15070.         "lsr	r5, r4, #1\n\t"
    15071. 

  15071.         "lsl	r4, r4, %[n]\n\t"
    15072. 

  15072.         "lsr	r5, r5, r6\n\t"
    15073. 

  15073.         "orr	r2, r2, r5\n\t"
    15074. 

  15074.         "ldr	r3, [%[a], #52]\n\t"
    15075. 

  15075.         "str	r2, [%[r], #60]\n\t"
    15076. 

  15076.         "lsr	r5, r3, #1\n\t"
    15077. 

  15077.         "lsl	r3, r3, %[n]\n\t"
    15078. 

  15078.         "lsr	r5, r5, r6\n\t"
    15079. 

  15079.         "orr	r4, r4, r5\n\t"
    15080. 

  15080.         "ldr	r2, [%[a], #48]\n\t"
    15081. 

  15081.         "str	r4, [%[r], #56]\n\t"
    15082. 

  15082.         "lsr	r5, r2, #1\n\t"
    15083. 

  15083.         "lsl	r2, r2, %[n]\n\t"
    15084. 

  15084.         "lsr	r5, r5, r6\n\t"
    15085. 

  15085.         "orr	r3, r3, r5\n\t"
    15086. 

  15086.         "ldr	r4, [%[a], #44]\n\t"
    15087. 

  15087.         "str	r3, [%[r], #52]\n\t"
    15088. 

  15088.         "lsr	r5, r4, #1\n\t"
    15089. 

  15089.         "lsl	r4, r4, %[n]\n\t"
    15090. 

  15090.         "lsr	r5, r5, r6\n\t"
    15091. 

  15091.         "orr	r2, r2, r5\n\t"
    15092. 

  15092.         "ldr	r3, [%[a], #40]\n\t"
    15093. 

  15093.         "str	r2, [%[r], #48]\n\t"
    15094. 

  15094.         "lsr	r5, r3, #1\n\t"
    15095. 

  15095.         "lsl	r3, r3, %[n]\n\t"
    15096. 

  15096.         "lsr	r5, r5, r6\n\t"
    15097. 

  15097.         "orr	r4, r4, r5\n\t"
    15098. 

  15098.         "ldr	r2, [%[a], #36]\n\t"
    15099. 

  15099.         "str	r4, [%[r], #44]\n\t"
    15100. 

  15100.         "lsr	r5, r2, #1\n\t"
    15101. 

  15101.         "lsl	r2, r2, %[n]\n\t"
    15102. 

  15102.         "lsr	r5, r5, r6\n\t"
    15103. 

  15103.         "orr	r3, r3, r5\n\t"
    15104. 

  15104.         "ldr	r4, [%[a], #32]\n\t"
    15105. 

  15105.         "str	r3, [%[r], #40]\n\t"
    15106. 

  15106.         "lsr	r5, r4, #1\n\t"
    15107. 

  15107.         "lsl	r4, r4, %[n]\n\t"
    15108. 

  15108.         "lsr	r5, r5, r6\n\t"
    15109. 

  15109.         "orr	r2, r2, r5\n\t"
    15110. 

  15110.         "ldr	r3, [%[a], #28]\n\t"
    15111. 

  15111.         "str	r2, [%[r], #36]\n\t"
    15112. 

  15112.         "lsr	r5, r3, #1\n\t"
    15113. 

  15113.         "lsl	r3, r3, %[n]\n\t"
    15114. 

  15114.         "lsr	r5, r5, r6\n\t"
    15115. 

  15115.         "orr	r4, r4, r5\n\t"
    15116. 

  15116.         "ldr	r2, [%[a], #24]\n\t"
    15117. 

  15117.         "str	r4, [%[r], #32]\n\t"
    15118. 

  15118.         "lsr	r5, r2, #1\n\t"
    15119. 

  15119.         "lsl	r2, r2, %[n]\n\t"
    15120. 

  15120.         "lsr	r5, r5, r6\n\t"
    15121. 

  15121.         "orr	r3, r3, r5\n\t"
    15122. 

  15122.         "ldr	r4, [%[a], #20]\n\t"
    15123. 

  15123.         "str	r3, [%[r], #28]\n\t"
    15124. 

  15124.         "lsr	r5, r4, #1\n\t"
    15125. 

  15125.         "lsl	r4, r4, %[n]\n\t"
    15126. 

  15126.         "lsr	r5, r5, r6\n\t"
    15127. 

  15127.         "orr	r2, r2, r5\n\t"
    15128. 

  15128.         "ldr	r3, [%[a], #16]\n\t"
    15129. 

  15129.         "str	r2, [%[r], #24]\n\t"
    15130. 

  15130.         "lsr	r5, r3, #1\n\t"
    15131. 

  15131.         "lsl	r3, r3, %[n]\n\t"
    15132. 

  15132.         "lsr	r5, r5, r6\n\t"
    15133. 

  15133.         "orr	r4, r4, r5\n\t"
    15134. 

  15134.         "ldr	r2, [%[a], #12]\n\t"
    15135. 

  15135.         "str	r4, [%[r], #20]\n\t"
    15136. 

  15136.         "lsr	r5, r2, #1\n\t"
    15137. 

  15137.         "lsl	r2, r2, %[n]\n\t"
    15138. 

  15138.         "lsr	r5, r5, r6\n\t"
    15139. 

  15139.         "orr	r3, r3, r5\n\t"
    15140. 

  15140.         "ldr	r4, [%[a], #8]\n\t"
    15141. 

  15141.         "str	r3, [%[r], #16]\n\t"
    15142. 

  15142.         "lsr	r5, r4, #1\n\t"
    15143. 

  15143.         "lsl	r4, r4, %[n]\n\t"
    15144. 

  15144.         "lsr	r5, r5, r6\n\t"
    15145. 

  15145.         "orr	r2, r2, r5\n\t"
    15146. 

  15146.         "ldr	r3, [%[a], #4]\n\t"
    15147. 

  15147.         "str	r2, [%[r], #12]\n\t"
    15148. 

  15148.         "lsr	r5, r3, #1\n\t"
    15149. 

  15149.         "lsl	r3, r3, %[n]\n\t"
    15150. 

  15150.         "lsr	r5, r5, r6\n\t"
    15151. 

  15151.         "orr	r4, r4, r5\n\t"
    15152. 

  15152.         "ldr	r2, [%[a], #0]\n\t"
    15153. 

  15153.         "str	r4, [%[r], #8]\n\t"
    15154. 

  15154.         "lsr	r5, r2, #1\n\t"
    15155. 

  15155.         "lsl	r2, r2, %[n]\n\t"
    15156. 

  15156.         "lsr	r5, r5, r6\n\t"
    15157. 

  15157.         "orr	r3, r3, r5\n\t"
    15158. 

  15158.         "sub	%[a], %[a], #64\n\t"
    15159. 

  15159.         "sub	%[r], %[r], #64\n\t"
    15160. 

  15160.         "ldr	r4, [%[a], #60]\n\t"
    15161. 

  15161.         "str	r3, [%[r], #68]\n\t"
    15162. 

  15162.         "lsr	r5, r4, #1\n\t"
    15163. 

  15163.         "lsl	r4, r4, %[n]\n\t"
    15164. 

  15164.         "lsr	r5, r5, r6\n\t"
    15165. 

  15165.         "orr	r2, r2, r5\n\t"
    15166. 

  15166.         "ldr	r3, [%[a], #56]\n\t"
    15167. 

  15167.         "str	r2, [%[r], #64]\n\t"
    15168. 

  15168.         "lsr	r5, r3, #1\n\t"
    15169. 

  15169.         "lsl	r3, r3, %[n]\n\t"
    15170. 

  15170.         "lsr	r5, r5, r6\n\t"
    15171. 

  15171.         "orr	r4, r4, r5\n\t"
    15172. 

  15172.         "ldr	r2, [%[a], #52]\n\t"
    15173. 

  15173.         "str	r4, [%[r], #60]\n\t"
    15174. 

  15174.         "lsr	r5, r2, #1\n\t"
    15175. 

  15175.         "lsl	r2, r2, %[n]\n\t"
    15176. 

  15176.         "lsr	r5, r5, r6\n\t"
    15177. 

  15177.         "orr	r3, r3, r5\n\t"
    15178. 

  15178.         "ldr	r4, [%[a], #48]\n\t"
    15179. 

  15179.         "str	r3, [%[r], #56]\n\t"
    15180. 

  15180.         "lsr	r5, r4, #1\n\t"
    15181. 

  15181.         "lsl	r4, r4, %[n]\n\t"
    15182. 

  15182.         "lsr	r5, r5, r6\n\t"
    15183. 

  15183.         "orr	r2, r2, r5\n\t"
    15184. 

  15184.         "ldr	r3, [%[a], #44]\n\t"
    15185. 

  15185.         "str	r2, [%[r], #52]\n\t"
    15186. 

  15186.         "lsr	r5, r3, #1\n\t"
    15187. 

  15187.         "lsl	r3, r3, %[n]\n\t"
    15188. 

  15188.         "lsr	r5, r5, r6\n\t"
    15189. 

  15189.         "orr	r4, r4, r5\n\t"
    15190. 

  15190.         "ldr	r2, [%[a], #40]\n\t"
    15191. 

  15191.         "str	r4, [%[r], #48]\n\t"
    15192. 

  15192.         "lsr	r5, r2, #1\n\t"
    15193. 

  15193.         "lsl	r2, r2, %[n]\n\t"
    15194. 

  15194.         "lsr	r5, r5, r6\n\t"
    15195. 

  15195.         "orr	r3, r3, r5\n\t"
    15196. 

  15196.         "ldr	r4, [%[a], #36]\n\t"
    15197. 

  15197.         "str	r3, [%[r], #44]\n\t"
    15198. 

  15198.         "lsr	r5, r4, #1\n\t"
    15199. 

  15199.         "lsl	r4, r4, %[n]\n\t"
    15200. 

  15200.         "lsr	r5, r5, r6\n\t"
    15201. 

  15201.         "orr	r2, r2, r5\n\t"
    15202. 

  15202.         "ldr	r3, [%[a], #32]\n\t"
    15203. 

  15203.         "str	r2, [%[r], #40]\n\t"
    15204. 

  15204.         "lsr	r5, r3, #1\n\t"
    15205. 

  15205.         "lsl	r3, r3, %[n]\n\t"
    15206. 

  15206.         "lsr	r5, r5, r6\n\t"
    15207. 

  15207.         "orr	r4, r4, r5\n\t"
    15208. 

  15208.         "ldr	r2, [%[a], #28]\n\t"
    15209. 

  15209.         "str	r4, [%[r], #36]\n\t"
    15210. 

  15210.         "lsr	r5, r2, #1\n\t"
    15211. 

  15211.         "lsl	r2, r2, %[n]\n\t"
    15212. 

  15212.         "lsr	r5, r5, r6\n\t"
    15213. 

  15213.         "orr	r3, r3, r5\n\t"
    15214. 

  15214.         "ldr	r4, [%[a], #24]\n\t"
    15215. 

  15215.         "str	r3, [%[r], #32]\n\t"
    15216. 

  15216.         "lsr	r5, r4, #1\n\t"
    15217. 

  15217.         "lsl	r4, r4, %[n]\n\t"
    15218. 

  15218.         "lsr	r5, r5, r6\n\t"
    15219. 

  15219.         "orr	r2, r2, r5\n\t"
    15220. 

  15220.         "ldr	r3, [%[a], #20]\n\t"
    15221. 

  15221.         "str	r2, [%[r], #28]\n\t"
    15222. 

  15222.         "lsr	r5, r3, #1\n\t"
    15223. 

  15223.         "lsl	r3, r3, %[n]\n\t"
    15224. 

  15224.         "lsr	r5, r5, r6\n\t"
    15225. 

  15225.         "orr	r4, r4, r5\n\t"
    15226. 

  15226.         "ldr	r2, [%[a], #16]\n\t"
    15227. 

  15227.         "str	r4, [%[r], #24]\n\t"
    15228. 

  15228.         "lsr	r5, r2, #1\n\t"
    15229. 

  15229.         "lsl	r2, r2, %[n]\n\t"
    15230. 

  15230.         "lsr	r5, r5, r6\n\t"
    15231. 

  15231.         "orr	r3, r3, r5\n\t"
    15232. 

  15232.         "ldr	r4, [%[a], #12]\n\t"
    15233. 

  15233.         "str	r3, [%[r], #20]\n\t"
    15234. 

  15234.         "lsr	r5, r4, #1\n\t"
    15235. 

  15235.         "lsl	r4, r4, %[n]\n\t"
    15236. 

  15236.         "lsr	r5, r5, r6\n\t"
    15237. 

  15237.         "orr	r2, r2, r5\n\t"
    15238. 

  15238.         "ldr	r3, [%[a], #8]\n\t"
    15239. 

  15239.         "str	r2, [%[r], #16]\n\t"
    15240. 

  15240.         "lsr	r5, r3, #1\n\t"
    15241. 

  15241.         "lsl	r3, r3, %[n]\n\t"
    15242. 

  15242.         "lsr	r5, r5, r6\n\t"
    15243. 

  15243.         "orr	r4, r4, r5\n\t"
    15244. 

  15244.         "ldr	r2, [%[a], #4]\n\t"
    15245. 

  15245.         "str	r4, [%[r], #12]\n\t"
    15246. 

  15246.         "lsr	r5, r2, #1\n\t"
    15247. 

  15247.         "lsl	r2, r2, %[n]\n\t"
    15248. 

  15248.         "lsr	r5, r5, r6\n\t"
    15249. 

  15249.         "orr	r3, r3, r5\n\t"
    15250. 

  15250.         "ldr	r4, [%[a], #0]\n\t"
    15251. 

  15251.         "str	r3, [%[r], #8]\n\t"
    15252. 

  15252.         "lsr	r5, r4, #1\n\t"
    15253. 

  15253.         "lsl	r4, r4, %[n]\n\t"
    15254. 

  15254.         "lsr	r5, r5, r6\n\t"
    15255. 

  15255.         "orr	r2, r2, r5\n\t"
    15256. 

  15256.         "sub	%[a], %[a], #64\n\t"
    15257. 

  15257.         "sub	%[r], %[r], #64\n\t"
    15258. 

  15258.         "ldr	r3, [%[a], #60]\n\t"
    15259. 

  15259.         "str	r2, [%[r], #68]\n\t"
    15260. 

  15260.         "lsr	r5, r3, #1\n\t"
    15261. 

  15261.         "lsl	r3, r3, %[n]\n\t"
    15262. 

  15262.         "lsr	r5, r5, r6\n\t"
    15263. 

  15263.         "orr	r4, r4, r5\n\t"
    15264. 

  15264.         "ldr	r2, [%[a], #56]\n\t"
    15265. 

  15265.         "str	r4, [%[r], #64]\n\t"
    15266. 

  15266.         "lsr	r5, r2, #1\n\t"
    15267. 

  15267.         "lsl	r2, r2, %[n]\n\t"
    15268. 

  15268.         "lsr	r5, r5, r6\n\t"
    15269. 

  15269.         "orr	r3, r3, r5\n\t"
    15270. 

  15270.         "ldr	r4, [%[a], #52]\n\t"
    15271. 

  15271.         "str	r3, [%[r], #60]\n\t"
    15272. 

  15272.         "lsr	r5, r4, #1\n\t"
    15273. 

  15273.         "lsl	r4, r4, %[n]\n\t"
    15274. 

  15274.         "lsr	r5, r5, r6\n\t"
    15275. 

  15275.         "orr	r2, r2, r5\n\t"
    15276. 

  15276.         "ldr	r3, [%[a], #48]\n\t"
    15277. 

  15277.         "str	r2, [%[r], #56]\n\t"
    15278. 

  15278.         "lsr	r5, r3, #1\n\t"
    15279. 

  15279.         "lsl	r3, r3, %[n]\n\t"
    15280. 

  15280.         "lsr	r5, r5, r6\n\t"
    15281. 

  15281.         "orr	r4, r4, r5\n\t"
    15282. 

  15282.         "ldr	r2, [%[a], #44]\n\t"
    15283. 

  15283.         "str	r4, [%[r], #52]\n\t"
    15284. 

  15284.         "lsr	r5, r2, #1\n\t"
    15285. 

  15285.         "lsl	r2, r2, %[n]\n\t"
    15286. 

  15286.         "lsr	r5, r5, r6\n\t"
    15287. 

  15287.         "orr	r3, r3, r5\n\t"
    15288. 

  15288.         "ldr	r4, [%[a], #40]\n\t"
    15289. 

  15289.         "str	r3, [%[r], #48]\n\t"
    15290. 

  15290.         "lsr	r5, r4, #1\n\t"
    15291. 

  15291.         "lsl	r4, r4, %[n]\n\t"
    15292. 

  15292.         "lsr	r5, r5, r6\n\t"
    15293. 

  15293.         "orr	r2, r2, r5\n\t"
    15294. 

  15294.         "ldr	r3, [%[a], #36]\n\t"
    15295. 

  15295.         "str	r2, [%[r], #44]\n\t"
    15296. 

  15296.         "lsr	r5, r3, #1\n\t"
    15297. 

  15297.         "lsl	r3, r3, %[n]\n\t"
    15298. 

  15298.         "lsr	r5, r5, r6\n\t"
    15299. 

  15299.         "orr	r4, r4, r5\n\t"
    15300. 

  15300.         "ldr	r2, [%[a], #32]\n\t"
    15301. 

  15301.         "str	r4, [%[r], #40]\n\t"
    15302. 

  15302.         "lsr	r5, r2, #1\n\t"
    15303. 

  15303.         "lsl	r2, r2, %[n]\n\t"
    15304. 

  15304.         "lsr	r5, r5, r6\n\t"
    15305. 

  15305.         "orr	r3, r3, r5\n\t"
    15306. 

  15306.         "ldr	r4, [%[a], #28]\n\t"
    15307. 

  15307.         "str	r3, [%[r], #36]\n\t"
    15308. 

  15308.         "lsr	r5, r4, #1\n\t"
    15309. 

  15309.         "lsl	r4, r4, %[n]\n\t"
    15310. 

  15310.         "lsr	r5, r5, r6\n\t"
    15311. 

  15311.         "orr	r2, r2, r5\n\t"
    15312. 

  15312.         "ldr	r3, [%[a], #24]\n\t"
    15313. 

  15313.         "str	r2, [%[r], #32]\n\t"
    15314. 

  15314.         "lsr	r5, r3, #1\n\t"
    15315. 

  15315.         "lsl	r3, r3, %[n]\n\t"
    15316. 

  15316.         "lsr	r5, r5, r6\n\t"
    15317. 

  15317.         "orr	r4, r4, r5\n\t"
    15318. 

  15318.         "ldr	r2, [%[a], #20]\n\t"
    15319. 

  15319.         "str	r4, [%[r], #28]\n\t"
    15320. 

  15320.         "lsr	r5, r2, #1\n\t"
    15321. 

  15321.         "lsl	r2, r2, %[n]\n\t"
    15322. 

  15322.         "lsr	r5, r5, r6\n\t"
    15323. 

  15323.         "orr	r3, r3, r5\n\t"
    15324. 

  15324.         "ldr	r4, [%[a], #16]\n\t"
    15325. 

  15325.         "str	r3, [%[r], #24]\n\t"
    15326. 

  15326.         "lsr	r5, r4, #1\n\t"
    15327. 

  15327.         "lsl	r4, r4, %[n]\n\t"
    15328. 

  15328.         "lsr	r5, r5, r6\n\t"
    15329. 

  15329.         "orr	r2, r2, r5\n\t"
    15330. 

  15330.         "ldr	r3, [%[a], #12]\n\t"
    15331. 

  15331.         "str	r2, [%[r], #20]\n\t"
    15332. 

  15332.         "lsr	r5, r3, #1\n\t"
    15333. 

  15333.         "lsl	r3, r3, %[n]\n\t"
    15334. 

  15334.         "lsr	r5, r5, r6\n\t"
    15335. 

  15335.         "orr	r4, r4, r5\n\t"
    15336. 

  15336.         "ldr	r2, [%[a], #8]\n\t"
    15337. 

  15337.         "str	r4, [%[r], #16]\n\t"
    15338. 

  15338.         "lsr	r5, r2, #1\n\t"
    15339. 

  15339.         "lsl	r2, r2, %[n]\n\t"
    15340. 

  15340.         "lsr	r5, r5, r6\n\t"
    15341. 

  15341.         "orr	r3, r3, r5\n\t"
    15342. 

  15342.         "ldr	r4, [%[a], #4]\n\t"
    15343. 

  15343.         "str	r3, [%[r], #12]\n\t"
    15344. 

  15344.         "lsr	r5, r4, #1\n\t"
    15345. 

  15345.         "lsl	r4, r4, %[n]\n\t"
    15346. 

  15346.         "lsr	r5, r5, r6\n\t"
    15347. 

  15347.         "orr	r2, r2, r5\n\t"
    15348. 

  15348.         "ldr	r3, [%[a], #0]\n\t"
    15349. 

  15349.         "str	r2, [%[r], #8]\n\t"
    15350. 

  15350.         "lsr	r5, r3, #1\n\t"
    15351. 

  15351.         "lsl	r3, r3, %[n]\n\t"
    15352. 

  15352.         "lsr	r5, r5, r6\n\t"
    15353. 

  15353.         "orr	r4, r4, r5\n\t"
    15354. 

  15354.         "sub	%[a], %[a], #64\n\t"
    15355. 

  15355.         "sub	%[r], %[r], #64\n\t"
    15356. 

  15356.         "ldr	r2, [%[a], #60]\n\t"
    15357. 

  15357.         "str	r4, [%[r], #68]\n\t"
    15358. 

  15358.         "lsr	r5, r2, #1\n\t"
    15359. 

  15359.         "lsl	r2, r2, %[n]\n\t"
    15360. 

  15360.         "lsr	r5, r5, r6\n\t"
    15361. 

  15361.         "orr	r3, r3, r5\n\t"
    15362. 

  15362.         "ldr	r4, [%[a], #56]\n\t"
    15363. 

  15363.         "str	r3, [%[r], #64]\n\t"
    15364. 

  15364.         "lsr	r5, r4, #1\n\t"
    15365. 

  15365.         "lsl	r4, r4, %[n]\n\t"
    15366. 

  15366.         "lsr	r5, r5, r6\n\t"
    15367. 

  15367.         "orr	r2, r2, r5\n\t"
    15368. 

  15368.         "ldr	r3, [%[a], #52]\n\t"
    15369. 

  15369.         "str	r2, [%[r], #60]\n\t"
    15370. 

  15370.         "lsr	r5, r3, #1\n\t"
    15371. 

  15371.         "lsl	r3, r3, %[n]\n\t"
    15372. 

  15372.         "lsr	r5, r5, r6\n\t"
    15373. 

  15373.         "orr	r4, r4, r5\n\t"
    15374. 

  15374.         "ldr	r2, [%[a], #48]\n\t"
    15375. 

  15375.         "str	r4, [%[r], #56]\n\t"
    15376. 

  15376.         "lsr	r5, r2, #1\n\t"
    15377. 

  15377.         "lsl	r2, r2, %[n]\n\t"
    15378. 

  15378.         "lsr	r5, r5, r6\n\t"
    15379. 

  15379.         "orr	r3, r3, r5\n\t"
    15380. 

  15380.         "ldr	r4, [%[a], #44]\n\t"
    15381. 

  15381.         "str	r3, [%[r], #52]\n\t"
    15382. 

  15382.         "lsr	r5, r4, #1\n\t"
    15383. 

  15383.         "lsl	r4, r4, %[n]\n\t"
    15384. 

  15384.         "lsr	r5, r5, r6\n\t"
    15385. 

  15385.         "orr	r2, r2, r5\n\t"
    15386. 

  15386.         "ldr	r3, [%[a], #40]\n\t"
    15387. 

  15387.         "str	r2, [%[r], #48]\n\t"
    15388. 

  15388.         "lsr	r5, r3, #1\n\t"
    15389. 

  15389.         "lsl	r3, r3, %[n]\n\t"
    15390. 

  15390.         "lsr	r5, r5, r6\n\t"
    15391. 

  15391.         "orr	r4, r4, r5\n\t"
    15392. 

  15392.         "ldr	r2, [%[a], #36]\n\t"
    15393. 

  15393.         "str	r4, [%[r], #44]\n\t"
    15394. 

  15394.         "lsr	r5, r2, #1\n\t"
    15395. 

  15395.         "lsl	r2, r2, %[n]\n\t"
    15396. 

  15396.         "lsr	r5, r5, r6\n\t"
    15397. 

  15397.         "orr	r3, r3, r5\n\t"
    15398. 

  15398.         "ldr	r4, [%[a], #32]\n\t"
    15399. 

  15399.         "str	r3, [%[r], #40]\n\t"
    15400. 

  15400.         "lsr	r5, r4, #1\n\t"
    15401. 

  15401.         "lsl	r4, r4, %[n]\n\t"
    15402. 

  15402.         "lsr	r5, r5, r6\n\t"
    15403. 

  15403.         "orr	r2, r2, r5\n\t"
    15404. 

  15404.         "ldr	r3, [%[a], #28]\n\t"
    15405. 

  15405.         "str	r2, [%[r], #36]\n\t"
    15406. 

  15406.         "lsr	r5, r3, #1\n\t"
    15407. 

  15407.         "lsl	r3, r3, %[n]\n\t"
    15408. 

  15408.         "lsr	r5, r5, r6\n\t"
    15409. 

  15409.         "orr	r4, r4, r5\n\t"
    15410. 

  15410.         "ldr	r2, [%[a], #24]\n\t"
    15411. 

  15411.         "str	r4, [%[r], #32]\n\t"
    15412. 

  15412.         "lsr	r5, r2, #1\n\t"
    15413. 

  15413.         "lsl	r2, r2, %[n]\n\t"
    15414. 

  15414.         "lsr	r5, r5, r6\n\t"
    15415. 

  15415.         "orr	r3, r3, r5\n\t"
    15416. 

  15416.         "ldr	r4, [%[a], #20]\n\t"
    15417. 

  15417.         "str	r3, [%[r], #28]\n\t"
    15418. 

  15418.         "lsr	r5, r4, #1\n\t"
    15419. 

  15419.         "lsl	r4, r4, %[n]\n\t"
    15420. 

  15420.         "lsr	r5, r5, r6\n\t"
    15421. 

  15421.         "orr	r2, r2, r5\n\t"
    15422. 

  15422.         "ldr	r3, [%[a], #16]\n\t"
    15423. 

  15423.         "str	r2, [%[r], #24]\n\t"
    15424. 

  15424.         "lsr	r5, r3, #1\n\t"
    15425. 

  15425.         "lsl	r3, r3, %[n]\n\t"
    15426. 

  15426.         "lsr	r5, r5, r6\n\t"
    15427. 

  15427.         "orr	r4, r4, r5\n\t"
    15428. 

  15428.         "ldr	r2, [%[a], #12]\n\t"
    15429. 

  15429.         "str	r4, [%[r], #20]\n\t"
    15430. 

  15430.         "lsr	r5, r2, #1\n\t"
    15431. 

  15431.         "lsl	r2, r2, %[n]\n\t"
    15432. 

  15432.         "lsr	r5, r5, r6\n\t"
    15433. 

  15433.         "orr	r3, r3, r5\n\t"
    15434. 

  15434.         "ldr	r4, [%[a], #8]\n\t"
    15435. 

  15435.         "str	r3, [%[r], #16]\n\t"
    15436. 

  15436.         "lsr	r5, r4, #1\n\t"
    15437. 

  15437.         "lsl	r4, r4, %[n]\n\t"
    15438. 

  15438.         "lsr	r5, r5, r6\n\t"
    15439. 

  15439.         "orr	r2, r2, r5\n\t"
    15440. 

  15440.         "ldr	r3, [%[a], #4]\n\t"
    15441. 

  15441.         "str	r2, [%[r], #12]\n\t"
    15442. 

  15442.         "lsr	r5, r3, #1\n\t"
    15443. 

  15443.         "lsl	r3, r3, %[n]\n\t"
    15444. 

  15444.         "lsr	r5, r5, r6\n\t"
    15445. 

  15445.         "orr	r4, r4, r5\n\t"
    15446. 

  15446.         "ldr	r2, [%[a], #0]\n\t"
    15447. 

  15447.         "str	r4, [%[r], #8]\n\t"
    15448. 

  15448.         "lsr	r5, r2, #1\n\t"
    15449. 

  15449.         "lsl	r2, r2, %[n]\n\t"
    15450. 

  15450.         "lsr	r5, r5, r6\n\t"
    15451. 

  15451.         "orr	r3, r3, r5\n\t"
    15452. 

  15452.         "str	r2, [%[r]]\n\t"
    15453. 

  15453.         "str	r3, [%[r], #4]\n\t"
    15454. 

  15454.         :
    15455. 

  15455.         : [r] "r" (r), [a] "r" (a), [n] "r" (n)
    15456. 

  15456.         : "memory", "r2", "r3", "r4", "r5", "r6"
    15457. 

  15457.     );
    15458. 

  15458. }
    15459. 

  15459. 

  15460. /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m)
    15461. 

  15461.  *
    15462. 

  15462.  * r     A single precision number that is the result of the operation.
    15463. 

  15463.  * e     A single precision number that is the exponent.
    15464. 

  15464.  * bits  The number of bits in the exponent.
    15465. 

  15465.  * m     A single precision number that is the modulus.
    15466. 

  15466.  * returns 0 on success and MEMORY_E on dynamic memory allocation failure.
    15467. 

  15467.  */
    15468. 

  15468. static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
    15469. 

  15469.         const sp_digit* m)
    15470. 

  15470. {
    15471. 

  15471. #ifndef WOLFSSL_SMALL_STACK
    15472. 

  15472.     sp_digit nd[256];
    15473. 

  15473.     sp_digit td[129];
    15474. 

  15474. #else
    15475. 

  15475.     sp_digit* td;
    15476. 

  15476. #endif
    15477. 

  15477.     sp_digit* norm;
    15478. 

  15478.     sp_digit* tmp;
    15479. 

  15479.     sp_digit mp = 1;
    15480. 

  15480.     sp_digit n, o;
    15481. 

  15481.     sp_digit mask;
    15482. 

  15482.     int i;
    15483. 

  15483.     int c, y;
    15484. 

  15484.     int err = MP_OKAY;
    15485. 

  15485. 

  15486. #ifdef WOLFSSL_SMALL_STACK
    15487. 

  15487.     td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL,
    15488. 

  15488.                             DYNAMIC_TYPE_TMP_BUFFER);
    15489. 

  15489.     if (td == NULL) {
    15490. 

  15490.         err = MEMORY_E;
    15491. 

  15491.     }
    15492. 

  15492. #endif
    15493. 

  15493. 

  15494.     if (err == MP_OKAY) {
    15495. 

  15495. #ifdef WOLFSSL_SMALL_STACK
    15496. 

  15496.         norm = td;
    15497. 

  15497.         tmp  = td + 256;
    15498. 

  15498. #else
    15499. 

  15499.         norm = nd;
    15500. 

  15500.         tmp  = td;
    15501. 

  15501. #endif
    15502. 

  15502. 

  15503.         sp_4096_mont_setup(m, &mp);
    15504. 

  15504.         sp_4096_mont_norm_128(norm, m);
    15505. 

  15505. 

  15506.         i = (bits - 1) / 32;
    15507. 

  15507.         n = e[i--];
    15508. 

  15508.         c = bits & 31;
    15509. 

  15509.         if (c == 0) {
    15510. 

  15510.             c = 32;
    15511. 

  15511.         }
    15512. 

  15512.         c -= bits % 5;
    15513. 

  15513.         if (c == 32) {
    15514. 

  15514.             c = 27;
    15515. 

  15515.         }
    15516. 

  15516.         y = (int)(n >> c);
    15517. 

  15517.         n <<= 32 - c;
    15518. 

  15518.         sp_4096_lshift_128(r, norm, y);
    15519. 

  15519.         for (; i>=0 || c>=5; ) {
    15520. 

  15520.             if (c == 0) {
    15521. 

  15521.                 n = e[i--];
    15522. 

  15522.                 y = n >> 27;
    15523. 

  15523.                 n <<= 5;
    15524. 

  15524.                 c = 27;
    15525. 

  15525.             }
    15526. 

  15526.             else if (c < 5) {
    15527. 

  15527.                 y = n >> 27;
    15528. 

  15528.                 n = e[i--];
    15529. 

  15529.                 c = 5 - c;
    15530. 

  15530.                 y |= n >> (32 - c);
    15531. 

  15531.                 n <<= c;
    15532. 

  15532.                 c = 32 - c;
    15533. 

  15533.             }
    15534. 

  15534.             else {
    15535. 

  15535.                 y = (n >> 27) & 0x1f;
    15536. 

  15536.                 n <<= 5;
    15537. 

  15537.                 c -= 5;
    15538. 

  15538.             }
    15539. 

  15539. 

  15540.             sp_4096_mont_sqr_128(r, r, m, mp);
    15541. 

  15541.             sp_4096_mont_sqr_128(r, r, m, mp);
    15542. 

  15542.             sp_4096_mont_sqr_128(r, r, m, mp);
    15543. 

  15543.             sp_4096_mont_sqr_128(r, r, m, mp);
    15544. 

  15544.             sp_4096_mont_sqr_128(r, r, m, mp);
    15545. 

  15545. 

  15546.             sp_4096_lshift_128(r, r, y);
    15547. 

  15547.             sp_4096_mul_d_128(tmp, norm, r[128]);
    15548. 

  15548.             r[128] = 0;
    15549. 

  15549.             o = sp_4096_add_128(r, r, tmp);
    15550. 

  15550.             sp_4096_cond_sub_128(r, r, m, (sp_digit)0 - o);
    15551. 

  15551.         }
    15552. 

  15552. 

  15553.         XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U);
    15554. 

  15554.         sp_4096_mont_reduce_128(r, m, mp);
    15555. 

  15555. 

  15556.         mask = 0 - (sp_4096_cmp_128(r, m) >= 0);
    15557. 

  15557.         sp_4096_cond_sub_128(r, r, m, mask);
    15558. 

  15558.     }
    15559. 

  15559. 

  15560. #ifdef WOLFSSL_SMALL_STACK
    15561. 

  15561.     if (td != NULL) {
    15562. 

  15562.         XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    15563. 

  15563.     }
    15564. 

  15564. #endif
    15565. 

  15565. 

  15566.     return err;
    15567. 

  15567. }
    15568. 

  15568. #endif /* HAVE_FFDHE_4096 */
    15569. 

  15569. 

  15570. /* Perform the modular exponentiation for Diffie-Hellman.
    15571. 

  15571.  *
    15572. 

  15572.  * base     Base.
    15573. 

  15573.  * exp      Array of bytes that is the exponent.
    15574. 

  15574.  * expLen   Length of data, in bytes, in exponent.
    15575. 

  15575.  * mod      Modulus.
    15576. 

  15576.  * out      Buffer to hold big-endian bytes of exponentiation result.
    15577. 

  15577.  *          Must be at least 512 bytes long.
    15578. 

  15578.  * outLen   Length, in bytes, of exponentiation result.
    15579. 

  15579.  * returns 0 on success, MP_READ_E if there are too many bytes in an array
    15580. 

  15580.  * and MEMORY_E if memory allocation fails.
    15581. 

  15581.  */
    15582. 

  15582. int sp_DhExp_4096(mp_int* base, const byte* exp, word32 expLen,
    15583. 

  15583.     mp_int* mod, byte* out, word32* outLen)
    15584. 

  15584. {
    15585. 

  15585.     int err = MP_OKAY;
    15586. 

  15586.     sp_digit b[256], e[128], m[128];
    15587. 

  15587.     sp_digit* r = b;
    15588. 

  15588.     word32 i;
    15589. 

  15589. 

  15590.     if (mp_count_bits(base) > 4096) {
    15591. 

  15591.         err = MP_READ_E;
    15592. 

  15592.     }
    15593. 

  15593. 

  15594.     if (err == MP_OKAY) {
    15595. 

  15595.         if (expLen > 512) {
    15596. 

  15596.             err = MP_READ_E;
    15597. 

  15597.         }
    15598. 

  15598.     }
    15599. 

  15599. 

  15600.     if (err == MP_OKAY) {
    15601. 

  15601.         if (mp_count_bits(mod) != 4096) {
    15602. 

  15602.             err = MP_READ_E;
    15603. 

  15603.         }
    15604. 

  15604.     }
    15605. 

  15605. 

  15606.     if (err == MP_OKAY) {
    15607. 

  15607.         sp_4096_from_mp(b, 128, base);
    15608. 

  15608.         sp_4096_from_bin(e, 128, exp, expLen);
    15609. 

  15609.         sp_4096_from_mp(m, 128, mod);
    15610. 

  15610. 

  15611.     #ifdef HAVE_FFDHE_4096
    15612. 

  15612.         if (base->used == 1 && base->dp[0] == 2 && m[127] == (sp_digit)-1)
    15613. 

  15613.             err = sp_4096_mod_exp_2_128(r, e, expLen * 8, m);
    15614. 

  15614.         else
    15615. 

  15615.     #endif
    15616. 

  15616.             err = sp_4096_mod_exp_128(r, b, e, expLen * 8, m, 0);
    15617. 

  15617. 

  15618.     }
    15619. 

  15619. 

  15620.     if (err == MP_OKAY) {
    15621. 

  15621.         sp_4096_to_bin(r, out);
    15622. 

  15622.         *outLen = 512;
    15623. 

  15623.         for (i=0; i<512 && out[i] == 0; i++) {
    15624. 

  15624.         }
    15625. 

  15625.         *outLen -= i;
    15626. 

  15626.         XMEMMOVE(out, out + i, *outLen);
    15627. 

  15627. 

  15628.     }
    15629. 

  15629. 

  15630.     XMEMSET(e, 0, sizeof(e));
    15631. 

  15631. 

  15632.     return err;
    15633. 

  15633. }
    15634. 

  15634. #endif /* WOLFSSL_HAVE_SP_DH */
    15635. 

  15635. 

  15636. #endif /* WOLFSSL_HAVE_SP_DH || (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) */
    15637. 

  15637. 

  15638. #endif /* WOLFSSL_SP_4096 */
    15639. 

  15639. 

  15640. #endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH */
    15641. 

  15641. #ifdef WOLFSSL_HAVE_SP_ECC
    15642. 

  15642. #ifndef WOLFSSL_SP_NO_256
    15643. 

  15643. 

  15644. /* Point structure to use. */
    15645. 

  15645. typedef struct sp_point {
    15646. 

  15646.     sp_digit x[2 * 8];
    15647. 

  15647.     sp_digit y[2 * 8];
    15648. 

  15648.     sp_digit z[2 * 8];
    15649. 

  15649.     int infinity;
    15650. 

  15650. } sp_point;
    15651. 

  15651. 

  15652. /* The modulus (prime) of the curve P256. */
    15653. 

  15653. static const sp_digit p256_mod[8] = {
    15654. 

  15654.     0xffffffff,0xffffffff,0xffffffff,0x00000000,0x00000000,0x00000000,
    15655. 

  15655.     0x00000001,0xffffffff
    15656. 

  15656. };
    15657. 

  15657. /* The Montogmery normalizer for modulus of the curve P256. */
    15658. 

  15658. static const sp_digit p256_norm_mod[8] = {
    15659. 

  15659.     0x00000001,0x00000000,0x00000000,0xffffffff,0xffffffff,0xffffffff,
    15660. 

  15660.     0xfffffffe,0x00000000
    15661. 

  15661. };
    15662. 

  15662. /* The Montogmery multiplier for modulus of the curve P256. */
    15663. 

  15663. static const sp_digit p256_mp_mod = 0x00000001;
    15664. 

  15664. #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
    15665. 

  15665.                                             defined(HAVE_ECC_VERIFY)
    15666. 

  15666. /* The order of the curve P256. */
    15667. 

  15667. static const sp_digit p256_order[8] = {
    15668. 

  15668.     0xfc632551,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff,
    15669. 

  15669.     0x00000000,0xffffffff
    15670. 

  15670. };
    15671. 

  15671. #endif
    15672. 

  15672. /* The order of the curve P256 minus 2. */
    15673. 

  15673. static const sp_digit p256_order2[8] = {
    15674. 

  15674.     0xfc63254f,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff,
    15675. 

  15675.     0x00000000,0xffffffff
    15676. 

  15676. };
    15677. 

  15677. #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
    15678. 

  15678. /* The Montogmery normalizer for order of the curve P256. */
    15679. 

  15679. static const sp_digit p256_norm_order[8] = {
    15680. 

  15680.     0x039cdaaf,0x0c46353d,0x58e8617b,0x43190552,0x00000000,0x00000000,
    15681. 

  15681.     0xffffffff,0x00000000
    15682. 

  15682. };
    15683. 

  15683. #endif
    15684. 

  15684. #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
    15685. 

  15685. /* The Montogmery multiplier for order of the curve P256. */
    15686. 

  15686. static const sp_digit p256_mp_order = 0xee00bc4f;
    15687. 

  15687. #endif
    15688. 

  15688. /* The base point of curve P256. */
    15689. 

  15689. static const sp_point p256_base = {
    15690. 

  15690.     /* X ordinate */
    15691. 

  15691.     {
    15692. 

  15692.         0xd898c296,0xf4a13945,0x2deb33a0,0x77037d81,0x63a440f2,0xf8bce6e5,
    15693. 

  15693.         0xe12c4247,0x6b17d1f2, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L
    15694. 

  15694.     },
    15695. 

  15695.     /* Y ordinate */
    15696. 

  15696.     {
    15697. 

  15697.         0x37bf51f5,0xcbb64068,0x6b315ece,0x2bce3357,0x7c0f9e16,0x8ee7eb4a,
    15698. 

  15698.         0xfe1a7f9b,0x4fe342e2, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L
    15699. 

  15699.     },
    15700. 

  15700.     /* Z ordinate */
    15701. 

  15701.     {
    15702. 

  15702.         0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
    15703. 

  15703.         0x00000000,0x00000000, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L
    15704. 

  15704.     },
    15705. 

  15705.     /* infinity */
    15706. 

  15706.     0
    15707. 

  15707. };
    15708. 

  15708. #if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY)
    15709. 

  15709. static const sp_digit p256_b[8] = {
    15710. 

  15710.     0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55,
    15711. 

  15711.     0xaa3a93e7,0x5ac635d8
    15712. 

  15712. };
    15713. 

  15713. #endif
    15714. 

  15714. 

  15715. static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
    15716. 

  15716. {
    15717. 

  15717.     int ret = MP_OKAY;
    15718. 

  15718.     if (p == NULL) {
    15719. 

  15719.         ret = MEMORY_E;
    15720. 

  15720.     }
    15721. 

  15721.     else {
    15722. 

  15722.     #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    15723. 

  15723.         *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
    15724. 

  15724.         (void)sp;
    15725. 

  15725.     #else
    15726. 

  15726.         *p = sp;
    15727. 

  15727.         (void)heap;
    15728. 

  15728.     #endif
    15729. 

  15729.     }
    15730. 

  15730.     return ret;
    15731. 

  15731. }
    15732. 

  15732. 

  15733. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    15734. 

  15734. /* Allocate memory for point and return error. */
    15735. 

  15735. #define sp_ecc_point_new(heap, sp, p) sp_ecc_point_new_ex((heap), NULL, &(p))
    15736. 

  15736. #else
    15737. 

  15737. /* Set pointer to data and return no error. */
    15738. 

  15738. #define sp_ecc_point_new(heap, sp, p) sp_ecc_point_new_ex((heap), &(sp), &(p))
    15739. 

  15739. #endif
    15740. 

  15740. 

  15741. 

  15742. static void sp_ecc_point_free(sp_point* p, int clear, void* heap)
    15743. 

  15743. {
    15744. 

  15744. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    15745. 

  15745. /* If valid pointer then clear point data if requested and free data. */
    15746. 

  15746.     if (p != NULL) {
    15747. 

  15747.         if (clear != 0) {
    15748. 

  15748.             XMEMSET(p, 0, sizeof(*p));
    15749. 

  15749.         }
    15750. 

  15750.         XFREE(p, heap, DYNAMIC_TYPE_ECC);
    15751. 

  15751.     }
    15752. 

  15752. #else
    15753. 

  15753. /* Clear point data if requested. */
    15754. 

  15754.     if (clear != 0) {
    15755. 

  15755.         XMEMSET(p, 0, sizeof(*p));
    15756. 

  15756.     }
    15757. 

  15757. #endif
    15758. 

  15758.     (void)heap;
    15759. 

  15759. }
    15760. 

  15760. 

  15761. /* Multiply a number by Montogmery normalizer mod modulus (prime).
    15762. 

  15762.  *
    15763. 

  15763.  * r  The resulting Montgomery form number.
    15764. 

  15764.  * a  The number to convert.
    15765. 

  15765.  * m  The modulus (prime).
    15766. 

  15766.  */
    15767. 

  15767. static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
    15768. 

  15768. {
    15769. 

  15769.     int64_t t[8];
    15770. 

  15770.     int64_t a64[8];
    15771. 

  15771.     int64_t o;
    15772. 

  15772. 

  15773.     (void)m;
    15774. 

  15774. 

  15775.     a64[0] = a[0];
    15776. 

  15776.     a64[1] = a[1];
    15777. 

  15777.     a64[2] = a[2];
    15778. 

  15778.     a64[3] = a[3];
    15779. 

  15779.     a64[4] = a[4];
    15780. 

  15780.     a64[5] = a[5];
    15781. 

  15781.     a64[6] = a[6];
    15782. 

  15782.     a64[7] = a[7];
    15783. 

  15783. 

  15784.     /*  1  1  0 -1 -1 -1 -1  0 */
    15785. 

  15785.     t[0] = 0 + a64[0] + a64[1] - a64[3] - a64[4] - a64[5] - a64[6];
    15786. 

  15786.     /*  0  1  1  0 -1 -1 -1 -1 */
    15787. 

  15787.     t[1] = 0 + a64[1] + a64[2] - a64[4] - a64[5] - a64[6] - a64[7];
    15788. 

  15788.     /*  0  0  1  1  0 -1 -1 -1 */
    15789. 

  15789.     t[2] = 0 + a64[2] + a64[3] - a64[5] - a64[6] - a64[7];
    15790. 

  15790.     /* -1 -1  0  2  2  1  0 -1 */
    15791. 

  15791.     t[3] = 0 - a64[0] - a64[1] + 2 * a64[3] + 2 * a64[4] + a64[5] - a64[7];
    15792. 

  15792.     /*  0 -1 -1  0  2  2  1  0 */
    15793. 

  15793.     t[4] = 0 - a64[1] - a64[2] + 2 * a64[4] + 2 * a64[5] + a64[6];
    15794. 

  15794.     /*  0  0 -1 -1  0  2  2  1 */
    15795. 

  15795.     t[5] = 0 - a64[2] - a64[3] + 2 * a64[5] + 2 * a64[6] + a64[7];
    15796. 

  15796.     /* -1 -1  0  0  0  1  3  2 */
    15797. 

  15797.     t[6] = 0 - a64[0] - a64[1] + a64[5] + 3 * a64[6] + 2 * a64[7];
    15798. 

  15798.     /*  1  0 -1 -1 -1 -1  0  3 */
    15799. 

  15799.     t[7] = 0 + a64[0] - a64[2] - a64[3] - a64[4] - a64[5] + 3 * a64[7];
    15800. 

  15800. 

  15801.     t[1] += t[0] >> 32; t[0] &= 0xffffffff;
    15802. 

  15802.     t[2] += t[1] >> 32; t[1] &= 0xffffffff;
    15803. 

  15803.     t[3] += t[2] >> 32; t[2] &= 0xffffffff;
    15804. 

  15804.     t[4] += t[3] >> 32; t[3] &= 0xffffffff;
    15805. 

  15805.     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
    15806. 

  15806.     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
    15807. 

  15807.     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
    15808. 

  15808.     o     = t[7] >> 32; t[7] &= 0xffffffff;
    15809. 

  15809.     t[0] += o;
    15810. 

  15810.     t[3] -= o;
    15811. 

  15811.     t[6] -= o;
    15812. 

  15812.     t[7] += o;
    15813. 

  15813.     t[1] += t[0] >> 32; t[0] &= 0xffffffff;
    15814. 

  15814.     t[2] += t[1] >> 32; t[1] &= 0xffffffff;
    15815. 

  15815.     t[3] += t[2] >> 32; t[2] &= 0xffffffff;
    15816. 

  15816.     t[4] += t[3] >> 32; t[3] &= 0xffffffff;
    15817. 

  15817.     t[5] += t[4] >> 32; t[4] &= 0xffffffff;
    15818. 

  15818.     t[6] += t[5] >> 32; t[5] &= 0xffffffff;
    15819. 

  15819.     t[7] += t[6] >> 32; t[6] &= 0xffffffff;
    15820. 

  15820.     r[0] = t[0];
    15821. 

  15821.     r[1] = t[1];
    15822. 

  15822.     r[2] = t[2];
    15823. 

  15823.     r[3] = t[3];
    15824. 

  15824.     r[4] = t[4];
    15825. 

  15825.     r[5] = t[5];
    15826. 

  15826.     r[6] = t[6];
    15827. 

  15827.     r[7] = t[7];
    15828. 

  15828. 

  15829.     return MP_OKAY;
    15830. 

  15830. }
    15831. 

  15831. 

  15832. /* Convert an mp_int to an array of sp_digit.
    15833. 

  15833.  *
    15834. 

  15834.  * r  A single precision integer.
    15835. 

  15835.  * size  Maximum number of bytes to convert
    15836. 

  15836.  * a  A multi-precision integer.
    15837. 

  15837.  */
    15838. 

  15838. static void sp_256_from_mp(sp_digit* r, int size, const mp_int* a)
    15839. 

  15839. {
    15840. 

  15840. #if DIGIT_BIT == 32
    15841. 

  15841.     int j;
    15842. 

  15842. 

  15843.     XMEMCPY(r, a->dp, sizeof(sp_digit) * a->used);
    15844. 

  15844. 

  15845.     for (j = a->used; j < size; j++) {
    15846. 

  15846.         r[j] = 0;
    15847. 

  15847.     }
    15848. 

  15848. #elif DIGIT_BIT > 32
    15849. 

  15849.     int i, j = 0;
    15850. 

  15850.     word32 s = 0;
    15851. 

  15851. 

  15852.     r[0] = 0;
    15853. 

  15853.     for (i = 0; i < a->used && j < size; i++) {
    15854. 

  15854.         r[j] |= ((sp_digit)a->dp[i] << s);
    15855. 

  15855.         r[j] &= 0xffffffff;
    15856. 

  15856.         s = 32U - s;
    15857. 

  15857.         if (j + 1 >= size) {
    15858. 

  15858.             break;
    15859. 

  15859.         }
    15860. 

  15860.         /* lint allow cast of mismatch word32 and mp_digit */
    15861. 

  15861.         r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    15862. 

  15862.         while ((s + 32U) <= (word32)DIGIT_BIT) {
    15863. 

  15863.             s += 32U;
    15864. 

  15864.             r[j] &= 0xffffffff;
    15865. 

  15865.             if (j + 1 >= size) {
    15866. 

  15866.                 break;
    15867. 

  15867.             }
    15868. 

  15868.             if (s < (word32)DIGIT_BIT) {
    15869. 

  15869.                 /* lint allow cast of mismatch word32 and mp_digit */
    15870. 

  15870.                 r[++j] = (sp_digit)(a->dp[i] >> s); /*lint !e9033*/
    15871. 

  15871.             }
    15872. 

  15872.             else {
    15873. 

  15873.                 r[++j] = 0L;
    15874. 

  15874.             }
    15875. 

  15875.         }
    15876. 

  15876.         s = (word32)DIGIT_BIT - s;
    15877. 

  15877.     }
    15878. 

  15878. 

  15879.     for (j++; j < size; j++) {
    15880. 

  15880.         r[j] = 0;
    15881. 

  15881.     }
    15882. 

  15882. #else
    15883. 

  15883.     int i, j = 0, s = 0;
    15884. 

  15884. 

  15885.     r[0] = 0;
    15886. 

  15886.     for (i = 0; i < a->used && j < size; i++) {
    15887. 

  15887.         r[j] |= ((sp_digit)a->dp[i]) << s;
    15888. 

  15888.         if (s + DIGIT_BIT >= 32) {
    15889. 

  15889.             r[j] &= 0xffffffff;
    15890. 

  15890.             if (j + 1 >= size) {
    15891. 

  15891.                 break;
    15892. 

  15892.             }
    15893. 

  15893.             s = 32 - s;
    15894. 

  15894.             if (s == DIGIT_BIT) {
    15895. 

  15895.                 r[++j] = 0;
    15896. 

  15896.                 s = 0;
    15897. 

  15897.             }
    15898. 

  15898.             else {
    15899. 

  15899.                 r[++j] = a->dp[i] >> s;
    15900. 

  15900.                 s = DIGIT_BIT - s;
    15901. 

  15901.             }
    15902. 

  15902.         }
    15903. 

  15903.         else {
    15904. 

  15904.             s += DIGIT_BIT;
    15905. 

  15905.         }
    15906. 

  15906.     }
    15907. 

  15907. 

  15908.     for (j++; j < size; j++) {
    15909. 

  15909.         r[j] = 0;
    15910. 

  15910.     }
    15911. 

  15911. #endif
    15912. 

  15912. }
    15913. 

  15913. 

  15914. /* Convert a point of type ecc_point to type sp_point.
    15915. 

  15915.  *
    15916. 

  15916.  * p   Point of type sp_point (result).
    15917. 

  15917.  * pm  Point of type ecc_point.
    15918. 

  15918.  */
    15919. 

  15919. static void sp_256_point_from_ecc_point_8(sp_point* p, const ecc_point* pm)
    15920. 

  15920. {
    15921. 

  15921.     XMEMSET(p->x, 0, sizeof(p->x));
    15922. 

  15922.     XMEMSET(p->y, 0, sizeof(p->y));
    15923. 

  15923.     XMEMSET(p->z, 0, sizeof(p->z));
    15924. 

  15924.     sp_256_from_mp(p->x, 8, pm->x);
    15925. 

  15925.     sp_256_from_mp(p->y, 8, pm->y);
    15926. 

  15926.     sp_256_from_mp(p->z, 8, pm->z);
    15927. 

  15927.     p->infinity = 0;
    15928. 

  15928. }
    15929. 

  15929. 

  15930. /* Convert an array of sp_digit to an mp_int.
    15931. 

  15931.  *
    15932. 

  15932.  * a  A single precision integer.
    15933. 

  15933.  * r  A multi-precision integer.
    15934. 

  15934.  */
    15935. 

  15935. static int sp_256_to_mp(const sp_digit* a, mp_int* r)
    15936. 

  15936. {
    15937. 

  15937.     int err;
    15938. 

  15938. 

  15939.     err = mp_grow(r, (256 + DIGIT_BIT - 1) / DIGIT_BIT);
    15940. 

  15940.     if (err == MP_OKAY) { /*lint !e774 case where err is always MP_OKAY*/
    15941. 

  15941. #if DIGIT_BIT == 32
    15942. 

  15942.         XMEMCPY(r->dp, a, sizeof(sp_digit) * 8);
    15943. 

  15943.         r->used = 8;
    15944. 

  15944.         mp_clamp(r);
    15945. 

  15945. #elif DIGIT_BIT < 32
    15946. 

  15946.         int i, j = 0, s = 0;
    15947. 

  15947. 

  15948.         r->dp[0] = 0;
    15949. 

  15949.         for (i = 0; i < 8; i++) {
    15950. 

  15950.             r->dp[j] |= a[i] << s;
    15951. 

  15951.             r->dp[j] &= (1L << DIGIT_BIT) - 1;
    15952. 

  15952.             s = DIGIT_BIT - s;
    15953. 

  15953.             r->dp[++j] = a[i] >> s;
    15954. 

  15954.             while (s + DIGIT_BIT <= 32) {
    15955. 

  15955.                 s += DIGIT_BIT;
    15956. 

  15956.                 r->dp[j++] &= (1L << DIGIT_BIT) - 1;
    15957. 

  15957.                 if (s == SP_WORD_SIZE) {
    15958. 

  15958.                     r->dp[j] = 0;
    15959. 

  15959.                 }
    15960. 

  15960.                 else {
    15961. 

  15961.                     r->dp[j] = a[i] >> s;
    15962. 

  15962.                 }
    15963. 

  15963.             }
    15964. 

  15964.             s = 32 - s;
    15965. 

  15965.         }
    15966. 

  15966.         r->used = (256 + DIGIT_BIT - 1) / DIGIT_BIT;
    15967. 

  15967.         mp_clamp(r);
    15968. 

  15968. #else
    15969. 

  15969.         int i, j = 0, s = 0;
    15970. 

  15970. 

  15971.         r->dp[0] = 0;
    15972. 

  15972.         for (i = 0; i < 8; i++) {
    15973. 

  15973.             r->dp[j] |= ((mp_digit)a[i]) << s;
    15974. 

  15974.             if (s + 32 >= DIGIT_BIT) {
    15975. 

  15975.     #if DIGIT_BIT != 32 && DIGIT_BIT != 64
    15976. 

  15976.                 r->dp[j] &= (1L << DIGIT_BIT) - 1;
    15977. 

  15977.     #endif
    15978. 

  15978.                 s = DIGIT_BIT - s;
    15979. 

  15979.                 r->dp[++j] = a[i] >> s;
    15980. 

  15980.                 s = 32 - s;
    15981. 

  15981.             }
    15982. 

  15982.             else {
    15983. 

  15983.                 s += 32;
    15984. 

  15984.             }
    15985. 

  15985.         }
    15986. 

  15986.         r->used = (256 + DIGIT_BIT - 1) / DIGIT_BIT;
    15987. 

  15987.         mp_clamp(r);
    15988. 

  15988. #endif
    15989. 

  15989.     }
    15990. 

  15990. 

  15991.     return err;
    15992. 

  15992. }
    15993. 

  15993. 

  15994. /* Convert a point of type sp_point to type ecc_point.
    15995. 

  15995.  *
    15996. 

  15996.  * p   Point of type sp_point.
    15997. 

  15997.  * pm  Point of type ecc_point (result).
    15998. 

  15998.  * returns MEMORY_E when allocation of memory in ecc_point fails otherwise
    15999. 

  15999.  * MP_OKAY.
    16000. 

  16000.  */
    16001. 

  16001. static int sp_256_point_to_ecc_point_8(const sp_point* p, ecc_point* pm)
    16002. 

  16002. {
    16003. 

  16003.     int err;
    16004. 

  16004. 

  16005.     err = sp_256_to_mp(p->x, pm->x);
    16006. 

  16006.     if (err == MP_OKAY) {
    16007. 

  16007.         err = sp_256_to_mp(p->y, pm->y);
    16008. 

  16008.     }
    16009. 

  16009.     if (err == MP_OKAY) {
    16010. 

  16010.         err = sp_256_to_mp(p->z, pm->z);
    16011. 

  16011.     }
    16012. 

  16012. 

  16013.     return err;
    16014. 

  16014. }
    16015. 

  16015. 

  16016. /* Compare a with b in constant time.
    16017. 

  16017.  *
    16018. 

  16018.  * a  A single precision integer.
    16019. 

  16019.  * b  A single precision integer.
    16020. 

  16020.  * return -ve, 0 or +ve if a is less than, equal to or greater than b
    16021. 

  16021.  * respectively.
    16022. 

  16022.  */
    16023. 

  16023. SP_NOINLINE static int32_t sp_256_cmp_8(const sp_digit* a, const sp_digit* b)
    16024. 

  16024. {
    16025. 

  16025.     sp_digit r = 0;
    16026. 

  16026. 

  16027. 

  16028.     __asm__ __volatile__ (
    16029. 

  16029.         "mov	r3, #0\n\t"
    16030. 

  16030.         "mvn	r3, r3\n\t"
    16031. 

  16031.         "mov	r6, #28\n\t"
    16032. 

  16032.         "1:\n\t"
    16033. 

  16033.         "ldr	r7, [%[a], r6]\n\t"
    16034. 

  16034.         "ldr	r5, [%[b], r6]\n\t"
    16035. 

  16035.         "and	r7, r3\n\t"
    16036. 

  16036.         "and	r5, r3\n\t"
    16037. 

  16037.         "mov	r4, r7\n\t"
    16038. 

  16038.         "sub	r7, r5\n\t"
    16039. 

  16039.         "sbc	r7, r7\n\t"
    16040. 

  16040.         "add	%[r], r7\n\t"
    16041. 

  16041.         "mvn	r7, r7\n\t"
    16042. 

  16042.         "and	r3, r7\n\t"
    16043. 

  16043.         "sub	r5, r4\n\t"
    16044. 

  16044.         "sbc	r7, r7\n\t"
    16045. 

  16045.         "sub	%[r], r7\n\t"
    16046. 

  16046.         "mvn	r7, r7\n\t"
    16047. 

  16047.         "and	r3, r7\n\t"
    16048. 

  16048.         "sub	r6, #4\n\t"
    16049. 

  16049.         "cmp	r6, #0\n\t"
    16050. 

  16050.         "bge	1b\n\t"
    16051. 

  16051.         : [r] "+r" (r)
    16052. 

  16052.         : [a] "r" (a), [b] "r" (b)
    16053. 

  16053.         : "r3", "r4", "r5", "r6", "r7"
    16054. 

  16054.     );
    16055. 

  16055. 

  16056.     return r;
    16057. 

  16057. }
    16058. 

  16058. 

  16059. /* Normalize the values in each word to 32.
    16060. 

  16060.  *
    16061. 

  16061.  * a  Array of sp_digit to normalize.
    16062. 

  16062.  */
    16063. 

  16063. #define sp_256_norm_8(a)
    16064. 

  16064. 

  16065. /* Conditionally subtract b from a using the mask m.
    16066. 

  16066.  * m is -1 to subtract and 0 when not copying.
    16067. 

  16067.  *
    16068. 

  16068.  * r  A single precision number representing condition subtract result.
    16069. 

  16069.  * a  A single precision number to subtract from.
    16070. 

  16070.  * b  A single precision number to subtract.
    16071. 

  16071.  * m  Mask value to apply.
    16072. 

  16072.  */
    16073. 

  16073. SP_NOINLINE static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a,
    16074. 

  16074.         const sp_digit* b, sp_digit m)
    16075. 

  16075. {
    16076. 

  16076.     sp_digit c = 0;
    16077. 

  16077. 

  16078.     __asm__ __volatile__ (
    16079. 

  16079.         "mov	r5, #32\n\t"
    16080. 

  16080.         "mov	r8, r5\n\t"
    16081. 

  16081.         "mov	r7, #0\n\t"
    16082. 

  16082.         "1:\n\t"
    16083. 

  16083.         "ldr	r6, [%[b], r7]\n\t"
    16084. 

  16084.         "and	r6, %[m]\n\t"
    16085. 

  16085.         "mov	r5, #0\n\t"
    16086. 

  16086.         "sub	r5, %[c]\n\t"
    16087. 

  16087.         "ldr	r5, [%[a], r7]\n\t"
    16088. 

  16088.         "sbc	r5, r6\n\t"
    16089. 

  16089.         "sbc	%[c], %[c]\n\t"
    16090. 

  16090.         "str	r5, [%[r], r7]\n\t"
    16091. 

  16091.         "add	r7, #4\n\t"
    16092. 

  16092.         "cmp	r7, r8\n\t"
    16093. 

  16093.         "blt	1b\n\t"
    16094. 

  16094.         : [c] "+r" (c)
    16095. 

  16095.         : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
    16096. 

  16096.         : "memory", "r5", "r6", "r7", "r8"
    16097. 

  16097.     );
    16098. 

  16098. 

  16099.     return c;
    16100. 

  16100. }
    16101. 

  16101. 

  16102. /* Reduce the number back to 256 bits using Montgomery reduction.
    16103. 

  16103.  *
    16104. 

  16104.  * a   A single precision number to reduce in place.
    16105. 

  16105.  * m   The single precision number representing the modulus.
    16106. 

  16106.  * mp  The digit representing the negative inverse of m mod 2^n.
    16107. 

  16107.  */
    16108. 

  16108. SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m,
    16109. 

  16109.         sp_digit mp)
    16110. 

  16110. {
    16111. 

  16111.     (void)mp;
    16112. 

  16112.     (void)m;
    16113. 

  16113. 

  16114.     __asm__ __volatile__ (
    16115. 

  16115.         "mov	r2, #0\n\t"
    16116. 

  16116.         "mov	r1, #0\n\t"
    16117. 

  16117.         "# i = 0\n\t"
    16118. 

  16118.         "mov	r8, r2\n\t"
    16119. 

  16119.         "\n1:\n\t"
    16120. 

  16120.         "mov	r4, #0\n\t"
    16121. 

  16121.         "# mu = a[i] * 1 (mp) = a[i]\n\t"
    16122. 

  16122.         "ldr	r3, [%[a]]\n\t"
    16123. 

  16123.         "# a[i+0] += -1 * mu\n\t"
    16124. 

  16124.         "mov	r5, r3\n\t"
    16125. 

  16125.         "str	r4, [%[a], #0]\n\t"
    16126. 

  16126.         "# a[i+1] += -1 * mu\n\t"
    16127. 

  16127.         "ldr	r6, [%[a], #4]\n\t"
    16128. 

  16128.         "mov	r4, r3\n\t"
    16129. 

  16129.         "sub	r5, r3\n\t"
    16130. 

  16130.         "sbc	r4, r2\n\t"
    16131. 

  16131.         "add	r5, r6\n\t"
    16132. 

  16132.         "adc	r4, r2\n\t"
    16133. 

  16133.         "str	r5, [%[a], #4]\n\t"
    16134. 

  16134.         "# a[i+2] += -1 * mu\n\t"
    16135. 

  16135.         "ldr	r6, [%[a], #8]\n\t"
    16136. 

  16136.         "mov	r5, r3\n\t"
    16137. 

  16137.         "sub	r4, r3\n\t"
    16138. 

  16138.         "sbc	r5, r2\n\t"
    16139. 

  16139.         "add	r4, r6\n\t"
    16140. 

  16140.         "adc	r5, r2\n\t"
    16141. 

  16141.         "str	r4, [%[a], #8]\n\t"
    16142. 

  16142.         "# a[i+3] += 0 * mu\n\t"
    16143. 

  16143.         "ldr	r6, [%[a], #12]\n\t"
    16144. 

  16144.         "mov	r4, #0\n\t"
    16145. 

  16145.         "add	r5, r6\n\t"
    16146. 

  16146.         "adc	r4, r2\n\t"
    16147. 

  16147.         "str	r5, [%[a], #12]\n\t"
    16148. 

  16148.         "# a[i+4] += 0 * mu\n\t"
    16149. 

  16149.         "ldr	r6, [%[a], #16]\n\t"
    16150. 

  16150.         "mov	r5, #0\n\t"
    16151. 

  16151.         "add	r4, r6\n\t"
    16152. 

  16152.         "adc	r5, r2\n\t"
    16153. 

  16153.         "str	r4, [%[a], #16]\n\t"
    16154. 

  16154.         "# a[i+5] += 0 * mu\n\t"
    16155. 

  16155.         "ldr	r6, [%[a], #20]\n\t"
    16156. 

  16156.         "mov	r4, #0\n\t"
    16157. 

  16157.         "add	r5, r6\n\t"
    16158. 

  16158.         "adc	r4, r2\n\t"
    16159. 

  16159.         "str	r5, [%[a], #20]\n\t"
    16160. 

  16160.         "# a[i+6] += 1 * mu\n\t"
    16161. 

  16161.         "ldr	r6, [%[a], #24]\n\t"
    16162. 

  16162.         "mov	r5, #0\n\t"
    16163. 

  16163.         "add	r4, r3\n\t"
    16164. 

  16164.         "adc	r5, r2\n\t"
    16165. 

  16165.         "add	r4, r6\n\t"
    16166. 

  16166.         "adc	r5, r2\n\t"
    16167. 

  16167.         "str	r4, [%[a], #24]\n\t"
    16168. 

  16168.         "# a[i+7] += -1 * mu\n\t"
    16169. 

  16169.         "ldr	r6, [%[a], #28]\n\t"
    16170. 

  16170.         "ldr	r7, [%[a], #32]\n\t"
    16171. 

  16171.         "add	r4, r1, r3\n\t"
    16172. 

  16172.         "mov	r1, #0\n\t"
    16173. 

  16173.         "adc	r1, r2\n\t"
    16174. 

  16174.         "sub	r5, r3\n\t"
    16175. 

  16175.         "sbc	r4, r2\n\t"
    16176. 

  16176.         "sbc	r1, r2\n\t"
    16177. 

  16177.         "add	r5, r6\n\t"
    16178. 

  16178.         "adc	r4, r7\n\t"
    16179. 

  16179.         "adc	r1, r2\n\t"
    16180. 

  16180.         "str	r5, [%[a],  #28]\n\t"
    16181. 

  16181.         "str	r4, [%[a], #32]\n\t"
    16182. 

  16182.         "# i += 1\n\t"
    16183. 

  16183.         "mov	r6, #4\n\t"
    16184. 

  16184.         "add	r8, r6\n\t"
    16185. 

  16185.         "add	%[a], #4\n\t"
    16186. 

  16186.         "mov	r6, #32\n\t"
    16187. 

  16187.         "cmp	r8, r6\n\t"
    16188. 

  16188.         "blt	1b\n\t"
    16189. 

  16189.         "sub	%[a], #32\n\t"
    16190. 

  16190.         "mov	r3, r1\n\t"
    16191. 

  16191.         "sub	r1, #1\n\t"
    16192. 

  16192.         "mvn	r1, r1\n\t"
    16193. 

  16193.         "ldr	r5, [%[a],#32]\n\t"
    16194. 

  16194.         "ldr	r4, [%[a],#36]\n\t"
    16195. 

  16195.         "ldr	r6, [%[a],#40]\n\t"
    16196. 

  16196.         "ldr	r7, [%[a],#44]\n\t"
    16197. 

  16197.         "sub	r5, r1\n\t"
    16198. 

  16198.         "sbc	r4, r1\n\t"
    16199. 

  16199.         "sbc	r6, r1\n\t"
    16200. 

  16200.         "sbc	r7, r2\n\t"
    16201. 

  16201.         "str	r5, [%[a],#0]\n\t"
    16202. 

  16202.         "str	r4, [%[a],#4]\n\t"
    16203. 

  16203.         "str	r6, [%[a],#8]\n\t"
    16204. 

  16204.         "str	r7, [%[a],#12]\n\t"
    16205. 

  16205.         "ldr	r5, [%[a],#48]\n\t"
    16206. 

  16206.         "ldr	r4, [%[a],#52]\n\t"
    16207. 

  16207.         "ldr	r6, [%[a],#56]\n\t"
    16208. 

  16208.         "ldr	r7, [%[a],#60]\n\t"
    16209. 

  16209.         "sbc	r5, r2\n\t"
    16210. 

  16210.         "sbc	r4, r2\n\t"
    16211. 

  16211.         "sbc	r6, r3\n\t"
    16212. 

  16212.         "sbc	r7, r1\n\t"
    16213. 

  16213.         "str	r5, [%[a],#16]\n\t"
    16214. 

  16214.         "str	r4, [%[a],#20]\n\t"
    16215. 

  16215.         "str	r6, [%[a],#24]\n\t"
    16216. 

  16216.         "str	r7, [%[a],#28]\n\t"
    16217. 

  16217.         : [a] "+r" (a)
    16218. 

  16218.         :
    16219. 

  16219.         : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8"
    16220. 

  16220.     );
    16221. 

  16221. 

  16222. 

  16223.     (void)m;
    16224. 

  16224.     (void)mp;
    16225. 

  16225. }
    16226. 

  16226. 

  16227. /* Reduce the number back to 256 bits using Montgomery reduction.
    16228. 

  16228.  *
    16229. 

  16229.  * a   A single precision number to reduce in place.
    16230. 

  16230.  * m   The single precision number representing the modulus.
    16231. 

  16231.  * mp  The digit representing the negative inverse of m mod 2^n.
    16232. 

  16232.  */
    16233. 

  16233. SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* m,
    16234. 

  16234.         sp_digit mp)
    16235. 

  16235. {
    16236. 

  16236.     sp_digit ca = 0;
    16237. 

  16237. 

  16238.     __asm__ __volatile__ (
    16239. 

  16239.         "mov	r8, %[mp]\n\t"
    16240. 

  16240.         "mov	r12, %[ca]\n\t"
    16241. 

  16241.         "mov	r14, %[m]\n\t"
    16242. 

  16242.         "mov	r9, %[a]\n\t"
    16243. 

  16243.         "mov	r4, #0\n\t"
    16244. 

  16244.         "# i = 0\n\t"
    16245. 

  16245.         "mov	r11, r4\n\t"
    16246. 

  16246.         "\n1:\n\t"
    16247. 

  16247.         "mov	r5, #0\n\t"
    16248. 

  16248.         "mov	%[ca], #0\n\t"
    16249. 

  16249.         "# mu = a[i] * mp\n\t"
    16250. 

  16250.         "mov	%[mp], r8\n\t"
    16251. 

  16251.         "ldr	%[a], [%[a]]\n\t"
    16252. 

  16252.         "mul	%[mp], %[a]\n\t"
    16253. 

  16253.         "mov	%[m], r14\n\t"
    16254. 

  16254.         "mov	r10, r9\n\t"
    16255. 

  16255.         "\n2:\n\t"
    16256. 

  16256.         "# a[i+j] += m[j] * mu\n\t"
    16257. 

  16257.         "mov	%[a], r10\n\t"
    16258. 

  16258.         "ldr	%[a], [%[a]]\n\t"
    16259. 

  16259.         "mov	%[ca], #0\n\t"
    16260. 

  16260.         "mov	r4, r5\n\t"
    16261. 

  16261.         "mov	r5, #0\n\t"
    16262. 

  16262.         "# Multiply m[j] and mu - Start\n\t"
    16263. 

  16263.         "ldr	r7, [%[m]]\n\t"
    16264. 

  16264.         "lsl	r6, %[mp], #16\n\t"
    16265. 

  16265.         "lsl	r7, r7, #16\n\t"
    16266. 

  16266.         "lsr	r6, r6, #16\n\t"
    16267. 

  16267.         "lsr	r7, r7, #16\n\t"
    16268. 

  16268.         "mul	r7, r6\n\t"
    16269. 

  16269.         "add	%[a], r7\n\t"
    16270. 

  16270.         "adc	r5, %[ca]\n\t"
    16271. 

  16271.         "ldr	r7, [%[m]]\n\t"
    16272. 

  16272.         "lsr	r7, r7, #16\n\t"
    16273. 

  16273.         "mul	r6, r7\n\t"
    16274. 

  16274.         "lsr	r7, r6, #16\n\t"
    16275. 

  16275.         "lsl	r6, r6, #16\n\t"
    16276. 

  16276.         "add	%[a], r6\n\t"
    16277. 

  16277.         "adc	r5, r7\n\t"
    16278. 

  16278.         "ldr	r7, [%[m]]\n\t"
    16279. 

  16279.         "lsr	r6, %[mp], #16\n\t"
    16280. 

  16280.         "lsr	r7, r7, #16\n\t"
    16281. 

  16281.         "mul	r7, r6\n\t"
    16282. 

  16282.         "add	r5, r7\n\t"
    16283. 

  16283.         "ldr	r7, [%[m]]\n\t"
    16284. 

  16284.         "lsl	r7, r7, #16\n\t"
    16285. 

  16285.         "lsr	r7, r7, #16\n\t"
    16286. 

  16286.         "mul	r6, r7\n\t"
    16287. 

  16287.         "lsr	r7, r6, #16\n\t"
    16288. 

  16288.         "lsl	r6, r6, #16\n\t"
    16289. 

  16289.         "add	%[a], r6\n\t"
    16290. 

  16290.         "adc	r5, r7\n\t"
    16291. 

  16291.         "# Multiply m[j] and mu - Done\n\t"
    16292. 

  16292.         "add	r4, %[a]\n\t"
    16293. 

  16293.         "adc	r5, %[ca]\n\t"
    16294. 

  16294.         "mov	%[a], r10\n\t"
    16295. 

  16295.         "str	r4, [%[a]]\n\t"
    16296. 

  16296.         "mov	r6, #4\n\t"
    16297. 

  16297.         "add	%[m], #4\n\t"
    16298. 

  16298.         "add	r10, r6\n\t"
    16299. 

  16299.         "mov	r4, #28\n\t"
    16300. 

  16300.         "add	r4, r9\n\t"
    16301. 

  16301.         "cmp	r10, r4\n\t"
    16302. 

  16302.         "blt	2b\n\t"
    16303. 

  16303.         "# a[i+7] += m[7] * mu\n\t"
    16304. 

  16304.         "mov	%[ca], #0\n\t"
    16305. 

  16305.         "mov	r4, r12\n\t"
    16306. 

  16306.         "mov	%[a], #0\n\t"
    16307. 

  16307.         "# Multiply m[7] and mu - Start\n\t"
    16308. 

  16308.         "ldr	r7, [%[m]]\n\t"
    16309. 

  16309.         "lsl	r6, %[mp], #16\n\t"
    16310. 

  16310.         "lsl	r7, r7, #16\n\t"
    16311. 

  16311.         "lsr	r6, r6, #16\n\t"
    16312. 

  16312.         "lsr	r7, r7, #16\n\t"
    16313. 

  16313.         "mul	r7, r6\n\t"
    16314. 

  16314.         "add	r5, r7\n\t"
    16315. 

  16315.         "adc	r4, %[ca]\n\t"
    16316. 

  16316.         "adc	%[a], %[ca]\n\t"
    16317. 

  16317.         "ldr	r7, [%[m]]\n\t"
    16318. 

  16318.         "lsr	r7, r7, #16\n\t"
    16319. 

  16319.         "mul	r6, r7\n\t"
    16320. 

  16320.         "lsr	r7, r6, #16\n\t"
    16321. 

  16321.         "lsl	r6, r6, #16\n\t"
    16322. 

  16322.         "add	r5, r6\n\t"
    16323. 

  16323.         "adc	r4, r7\n\t"
    16324. 

  16324.         "adc	%[a], %[ca]\n\t"
    16325. 

  16325.         "ldr	r7, [%[m]]\n\t"
    16326. 

  16326.         "lsr	r6, %[mp], #16\n\t"
    16327. 

  16327.         "lsr	r7, r7, #16\n\t"
    16328. 

  16328.         "mul	r7, r6\n\t"
    16329. 

  16329.         "add	r4, r7\n\t"
    16330. 

  16330.         "adc	%[a], %[ca]\n\t"
    16331. 

  16331.         "ldr	r7, [%[m]]\n\t"
    16332. 

  16332.         "lsl	r7, r7, #16\n\t"
    16333. 

  16333.         "lsr	r7, r7, #16\n\t"
    16334. 

  16334.         "mul	r6, r7\n\t"
    16335. 

  16335.         "lsr	r7, r6, #16\n\t"
    16336. 

  16336.         "lsl	r6, r6, #16\n\t"
    16337. 

  16337.         "add	r5, r6\n\t"
    16338. 

  16338.         "adc	r4, r7\n\t"
    16339. 

  16339.         "adc	%[a], %[ca]\n\t"
    16340. 

  16340.         "# Multiply m[7] and mu - Done\n\t"
    16341. 

  16341.         "mov	%[ca], %[a]\n\t"
    16342. 

  16342.         "mov	%[a], r10\n\t"
    16343. 

  16343.         "ldr	r7, [%[a], #4]\n\t"
    16344. 

  16344.         "ldr	%[a], [%[a]]\n\t"
    16345. 

  16345.         "mov	r6, #0\n\t"
    16346. 

  16346.         "add	r5, %[a]\n\t"
    16347. 

  16347.         "adc	r7, r4\n\t"
    16348. 

  16348.         "adc	%[ca], r6\n\t"
    16349. 

  16349.         "mov	%[a], r10\n\t"
    16350. 

  16350.         "str	r5, [%[a]]\n\t"
    16351. 

  16351.         "str	r7, [%[a], #4]\n\t"
    16352. 

  16352.         "# i += 1\n\t"
    16353. 

  16353.         "mov	r6, #4\n\t"
    16354. 

  16354.         "add	r9, r6\n\t"
    16355. 

  16355.         "add	r11, r6\n\t"
    16356. 

  16356.         "mov	r12, %[ca]\n\t"
    16357. 

  16357.         "mov	%[a], r9\n\t"
    16358. 

  16358.         "mov	r4, #32\n\t"
    16359. 

  16359.         "cmp	r11, r4\n\t"
    16360. 

  16360.         "blt	1b\n\t"
    16361. 

  16361.         "mov	%[m], r14\n\t"
    16362. 

  16362.         : [ca] "+r" (ca), [a] "+r" (a)
    16363. 

  16363.         : [m] "r" (m), [mp] "r" (mp)
    16364. 

  16364.         : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    16365. 

  16365.     );
    16366. 

  16366. 

  16367.     sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - ca);
    16368. 

  16368. }
    16369. 

  16369. 

  16370. /* Multiply a and b into r. (r = a * b)
    16371. 

  16371.  *
    16372. 

  16372.  * r  A single precision integer.
    16373. 

  16373.  * a  A single precision integer.
    16374. 

  16374.  * b  A single precision integer.
    16375. 

  16375.  */
    16376. 

  16376. SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a,
    16377. 

  16377.         const sp_digit* b)
    16378. 

  16378. {
    16379. 

  16379.     sp_digit tmp[8 * 2];
    16380. 

  16380.     __asm__ __volatile__ (
    16381. 

  16381.         "mov	r3, #0\n\t"
    16382. 

  16382.         "mov	r4, #0\n\t"
    16383. 

  16383.         "mov	r8, r3\n\t"
    16384. 

  16384.         "mov	r11, %[r]\n\t"
    16385. 

  16385.         "mov	r9, %[a]\n\t"
    16386. 

  16386.         "mov	r10, %[b]\n\t"
    16387. 

  16387.         "mov	r6, #32\n\t"
    16388. 

  16388.         "add	r6, r9\n\t"
    16389. 

  16389.         "mov	r12, r6\n\t"
    16390. 

  16390.         "\n1:\n\t"
    16391. 

  16391.         "mov	%[r], #0\n\t"
    16392. 

  16392.         "mov	r5, #0\n\t"
    16393. 

  16393.         "mov	r6, #28\n\t"
    16394. 

  16394.         "mov	%[a], r8\n\t"
    16395. 

  16395.         "sub	%[a], r6\n\t"
    16396. 

  16396.         "sbc	r6, r6\n\t"
    16397. 

  16397.         "mvn	r6, r6\n\t"
    16398. 

  16398.         "and	%[a], r6\n\t"
    16399. 

  16399.         "mov	%[b], r8\n\t"
    16400. 

  16400.         "sub	%[b], %[a]\n\t"
    16401. 

  16401.         "add	%[a], r9\n\t"
    16402. 

  16402.         "add	%[b], r10\n\t"
    16403. 

  16403.         "\n2:\n\t"
    16404. 

  16404.         "# Multiply Start\n\t"
    16405. 

  16405.         "ldr	r6, [%[a]]\n\t"
    16406. 

  16406.         "ldr	r7, [%[b]]\n\t"
    16407. 

  16407.         "lsl	r6, r6, #16\n\t"
    16408. 

  16408.         "lsl	r7, r7, #16\n\t"
    16409. 

  16409.         "lsr	r6, r6, #16\n\t"
    16410. 

  16410.         "lsr	r7, r7, #16\n\t"
    16411. 

  16411.         "mul	r7, r6\n\t"
    16412. 

  16412.         "add	r3, r7\n\t"
    16413. 

  16413.         "adc	r4, %[r]\n\t"
    16414. 

  16414.         "adc	r5, %[r]\n\t"
    16415. 

  16415.         "ldr	r7, [%[b]]\n\t"
    16416. 

  16416.         "lsr	r7, r7, #16\n\t"
    16417. 

  16417.         "mul	r6, r7\n\t"
    16418. 

  16418.         "lsr	r7, r6, #16\n\t"
    16419. 

  16419.         "lsl	r6, r6, #16\n\t"
    16420. 

  16420.         "add	r3, r6\n\t"
    16421. 

  16421.         "adc	r4, r7\n\t"
    16422. 

  16422.         "adc	r5, %[r]\n\t"
    16423. 

  16423.         "ldr	r6, [%[a]]\n\t"
    16424. 

  16424.         "ldr	r7, [%[b]]\n\t"
    16425. 

  16425.         "lsr	r6, r6, #16\n\t"
    16426. 

  16426.         "lsr	r7, r7, #16\n\t"
    16427. 

  16427.         "mul	r7, r6\n\t"
    16428. 

  16428.         "add	r4, r7\n\t"
    16429. 

  16429.         "adc	r5, %[r]\n\t"
    16430. 

  16430.         "ldr	r7, [%[b]]\n\t"
    16431. 

  16431.         "lsl	r7, r7, #16\n\t"
    16432. 

  16432.         "lsr	r7, r7, #16\n\t"
    16433. 

  16433.         "mul	r6, r7\n\t"
    16434. 

  16434.         "lsr	r7, r6, #16\n\t"
    16435. 

  16435.         "lsl	r6, r6, #16\n\t"
    16436. 

  16436.         "add	r3, r6\n\t"
    16437. 

  16437.         "adc	r4, r7\n\t"
    16438. 

  16438.         "adc	r5, %[r]\n\t"
    16439. 

  16439.         "# Multiply Done\n\t"
    16440. 

  16440.         "add	%[a], #4\n\t"
    16441. 

  16441.         "sub	%[b], #4\n\t"
    16442. 

  16442.         "cmp	%[a], r12\n\t"
    16443. 

  16443.         "beq	3f\n\t"
    16444. 

  16444.         "mov	r6, r8\n\t"
    16445. 

  16445.         "add	r6, r9\n\t"
    16446. 

  16446.         "cmp	%[a], r6\n\t"
    16447. 

  16447.         "ble	2b\n\t"
    16448. 

  16448.         "\n3:\n\t"
    16449. 

  16449.         "mov	%[r], r11\n\t"
    16450. 

  16450.         "mov	r7, r8\n\t"
    16451. 

  16451.         "str	r3, [%[r], r7]\n\t"
    16452. 

  16452.         "mov	r3, r4\n\t"
    16453. 

  16453.         "mov	r4, r5\n\t"
    16454. 

  16454.         "add	r7, #4\n\t"
    16455. 

  16455.         "mov	r8, r7\n\t"
    16456. 

  16456.         "mov	r6, #56\n\t"
    16457. 

  16457.         "cmp	r7, r6\n\t"
    16458. 

  16458.         "ble	1b\n\t"
    16459. 

  16459.         "str	r3, [%[r], r7]\n\t"
    16460. 

  16460.         "mov	%[a], r9\n\t"
    16461. 

  16461.         "mov	%[b], r10\n\t"
    16462. 

  16462.         :
    16463. 

  16463.         : [r] "r" (tmp), [a] "r" (a), [b] "r" (b)
    16464. 

  16464.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12"
    16465. 

  16465.     );
    16466. 

  16466. 

  16467.     XMEMCPY(r, tmp, sizeof(tmp));
    16468. 

  16468. }
    16469. 

  16469. 

  16470. /* Multiply two Montogmery form numbers mod the modulus (prime).
    16471. 

  16471.  * (r = a * b mod m)
    16472. 

  16472.  *
    16473. 

  16473.  * r   Result of multiplication.
    16474. 

  16474.  * a   First number to multiply in Montogmery form.
    16475. 

  16475.  * b   Second number to multiply in Montogmery form.
    16476. 

  16476.  * m   Modulus (prime).
    16477. 

  16477.  * mp  Montogmery mulitplier.
    16478. 

  16478.  */
    16479. 

  16479. static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b,
    16480. 

  16480.         const sp_digit* m, sp_digit mp)
    16481. 

  16481. {
    16482. 

  16482.     sp_256_mul_8(r, a, b);
    16483. 

  16483.     sp_256_mont_reduce_8(r, m, mp);
    16484. 

  16484. }
    16485. 

  16485. 

  16486. /* Square a and put result in r. (r = a * a)
    16487. 

  16487.  *
    16488. 

  16488.  * r  A single precision integer.
    16489. 

  16489.  * a  A single precision integer.
    16490. 

  16490.  */
    16491. 

  16491. SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a)
    16492. 

  16492. {
    16493. 

  16493.     __asm__ __volatile__ (
    16494. 

  16494.         "mov	r3, #0\n\t"
    16495. 

  16495.         "mov	r4, #0\n\t"
    16496. 

  16496.         "mov	r5, #0\n\t"
    16497. 

  16497.         "mov	r8, r3\n\t"
    16498. 

  16498.         "mov	r11, %[r]\n\t"
    16499. 

  16499.         "mov	r6, #64\n\t"
    16500. 

  16500.         "neg	r6, r6\n\t"
    16501. 

  16501.         "add	sp, r6\n\t"
    16502. 

  16502.         "mov	r10, sp\n\t"
    16503. 

  16503.         "mov	r9, %[a]\n\t"
    16504. 

  16504.         "\n1:\n\t"
    16505. 

  16505.         "mov	%[r], #0\n\t"
    16506. 

  16506.         "mov	r6, #28\n\t"
    16507. 

  16507.         "mov	%[a], r8\n\t"
    16508. 

  16508.         "sub	%[a], r6\n\t"
    16509. 

  16509.         "sbc	r6, r6\n\t"
    16510. 

  16510.         "mvn	r6, r6\n\t"
    16511. 

  16511.         "and	%[a], r6\n\t"
    16512. 

  16512.         "mov	r2, r8\n\t"
    16513. 

  16513.         "sub	r2, %[a]\n\t"
    16514. 

  16514.         "add	%[a], r9\n\t"
    16515. 

  16515.         "add	r2, r9\n\t"
    16516. 

  16516.         "\n2:\n\t"
    16517. 

  16517.         "cmp	r2, %[a]\n\t"
    16518. 

  16518.         "beq	4f\n\t"
    16519. 

  16519.         "# Multiply * 2: Start\n\t"
    16520. 

  16520.         "ldr	r6, [%[a]]\n\t"
    16521. 

  16521.         "ldr	r7, [r2]\n\t"
    16522. 

  16522.         "lsl	r6, r6, #16\n\t"
    16523. 

  16523.         "lsl	r7, r7, #16\n\t"
    16524. 

  16524.         "lsr	r6, r6, #16\n\t"
    16525. 

  16525.         "lsr	r7, r7, #16\n\t"
    16526. 

  16526.         "mul	r7, r6\n\t"
    16527. 

  16527.         "add	r3, r7\n\t"
    16528. 

  16528.         "adc	r4, %[r]\n\t"
    16529. 

  16529.         "adc	r5, %[r]\n\t"
    16530. 

  16530.         "add	r3, r7\n\t"
    16531. 

  16531.         "adc	r4, %[r]\n\t"
    16532. 

  16532.         "adc	r5, %[r]\n\t"
    16533. 

  16533.         "ldr	r7, [r2]\n\t"
    16534. 

  16534.         "lsr	r7, r7, #16\n\t"
    16535. 

  16535.         "mul	r6, r7\n\t"
    16536. 

  16536.         "lsr	r7, r6, #16\n\t"
    16537. 

  16537.         "lsl	r6, r6, #16\n\t"
    16538. 

  16538.         "add	r3, r6\n\t"
    16539. 

  16539.         "adc	r4, r7\n\t"
    16540. 

  16540.         "adc	r5, %[r]\n\t"
    16541. 

  16541.         "add	r3, r6\n\t"
    16542. 

  16542.         "adc	r4, r7\n\t"
    16543. 

  16543.         "adc	r5, %[r]\n\t"
    16544. 

  16544.         "ldr	r6, [%[a]]\n\t"
    16545. 

  16545.         "ldr	r7, [r2]\n\t"
    16546. 

  16546.         "lsr	r6, r6, #16\n\t"
    16547. 

  16547.         "lsr	r7, r7, #16\n\t"
    16548. 

  16548.         "mul	r7, r6\n\t"
    16549. 

  16549.         "add	r4, r7\n\t"
    16550. 

  16550.         "adc	r5, %[r]\n\t"
    16551. 

  16551.         "add	r4, r7\n\t"
    16552. 

  16552.         "adc	r5, %[r]\n\t"
    16553. 

  16553.         "ldr	r7, [r2]\n\t"
    16554. 

  16554.         "lsl	r7, r7, #16\n\t"
    16555. 

  16555.         "lsr	r7, r7, #16\n\t"
    16556. 

  16556.         "mul	r6, r7\n\t"
    16557. 

  16557.         "lsr	r7, r6, #16\n\t"
    16558. 

  16558.         "lsl	r6, r6, #16\n\t"
    16559. 

  16559.         "add	r3, r6\n\t"
    16560. 

  16560.         "adc	r4, r7\n\t"
    16561. 

  16561.         "adc	r5, %[r]\n\t"
    16562. 

  16562.         "add	r3, r6\n\t"
    16563. 

  16563.         "adc	r4, r7\n\t"
    16564. 

  16564.         "adc	r5, %[r]\n\t"
    16565. 

  16565.         "# Multiply * 2: Done\n\t"
    16566. 

  16566.         "bal	5f\n\t"
    16567. 

  16567.         "\n4:\n\t"
    16568. 

  16568.         "# Square: Start\n\t"
    16569. 

  16569.         "ldr	r6, [%[a]]\n\t"
    16570. 

  16570.         "lsr	r7, r6, #16\n\t"
    16571. 

  16571.         "lsl	r6, r6, #16\n\t"
    16572. 

  16572.         "lsr	r6, r6, #16\n\t"
    16573. 

  16573.         "mul	r6, r6\n\t"
    16574. 

  16574.         "add	r3, r6\n\t"
    16575. 

  16575.         "adc	r4, %[r]\n\t"
    16576. 

  16576.         "adc	r5, %[r]\n\t"
    16577. 

  16577.         "mul	r7, r7\n\t"
    16578. 

  16578.         "add	r4, r7\n\t"
    16579. 

  16579.         "adc	r5, %[r]\n\t"
    16580. 

  16580.         "ldr	r6, [%[a]]\n\t"
    16581. 

  16581.         "lsr	r7, r6, #16\n\t"
    16582. 

  16582.         "lsl	r6, r6, #16\n\t"
    16583. 

  16583.         "lsr	r6, r6, #16\n\t"
    16584. 

  16584.         "mul	r6, r7\n\t"
    16585. 

  16585.         "lsr	r7, r6, #15\n\t"
    16586. 

  16586.         "lsl	r6, r6, #17\n\t"
    16587. 

  16587.         "add	r3, r6\n\t"
    16588. 

  16588.         "adc	r4, r7\n\t"
    16589. 

  16589.         "adc	r5, %[r]\n\t"
    16590. 

  16590.         "# Square: Done\n\t"
    16591. 

  16591.         "\n5:\n\t"
    16592. 

  16592.         "add	%[a], #4\n\t"
    16593. 

  16593.         "sub	r2, #4\n\t"
    16594. 

  16594.         "mov	r6, #32\n\t"
    16595. 

  16595.         "add	r6, r9\n\t"
    16596. 

  16596.         "cmp	%[a], r6\n\t"
    16597. 

  16597.         "beq	3f\n\t"
    16598. 

  16598.         "cmp	%[a], r2\n\t"
    16599. 

  16599.         "bgt	3f\n\t"
    16600. 

  16600.         "mov	r7, r8\n\t"
    16601. 

  16601.         "add	r7, r9\n\t"
    16602. 

  16602.         "cmp	%[a], r7\n\t"
    16603. 

  16603.         "ble	2b\n\t"
    16604. 

  16604.         "\n3:\n\t"
    16605. 

  16605.         "mov	%[r], r10\n\t"
    16606. 

  16606.         "mov	r7, r8\n\t"
    16607. 

  16607.         "str	r3, [%[r], r7]\n\t"
    16608. 

  16608.         "mov	r3, r4\n\t"
    16609. 

  16609.         "mov	r4, r5\n\t"
    16610. 

  16610.         "mov	r5, #0\n\t"
    16611. 

  16611.         "add	r7, #4\n\t"
    16612. 

  16612.         "mov	r8, r7\n\t"
    16613. 

  16613.         "mov	r6, #56\n\t"
    16614. 

  16614.         "cmp	r7, r6\n\t"
    16615. 

  16615.         "ble	1b\n\t"
    16616. 

  16616.         "mov	%[a], r9\n\t"
    16617. 

  16617.         "str	r3, [%[r], r7]\n\t"
    16618. 

  16618.         "mov	%[r], r11\n\t"
    16619. 

  16619.         "mov	%[a], r10\n\t"
    16620. 

  16620.         "mov	r3, #60\n\t"
    16621. 

  16621.         "\n4:\n\t"
    16622. 

  16622.         "ldr	r6, [%[a], r3]\n\t"
    16623. 

  16623.         "str	r6, [%[r], r3]\n\t"
    16624. 

  16624.         "sub	r3, #4\n\t"
    16625. 

  16625.         "bge	4b\n\t"
    16626. 

  16626.         "mov	r6, #64\n\t"
    16627. 

  16627.         "add	sp, r6\n\t"
    16628. 

  16628.         :
    16629. 

  16629.         : [r] "r" (r), [a] "r" (a)
    16630. 

  16630.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    16631. 

  16631.     );
    16632. 

  16632. }
    16633. 

  16633. 

  16634. /* Square the Montgomery form number. (r = a * a mod m)
    16635. 

  16635.  *
    16636. 

  16636.  * r   Result of squaring.
    16637. 

  16637.  * a   Number to square in Montogmery form.
    16638. 

  16638.  * m   Modulus (prime).
    16639. 

  16639.  * mp  Montogmery mulitplier.
    16640. 

  16640.  */
    16641. 

  16641. static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m,
    16642. 

  16642.         sp_digit mp)
    16643. 

  16643. {
    16644. 

  16644.     sp_256_sqr_8(r, a);
    16645. 

  16645.     sp_256_mont_reduce_8(r, m, mp);
    16646. 

  16646. }
    16647. 

  16647. 

  16648. #if !defined(WOLFSSL_SP_SMALL) || defined(HAVE_COMP_KEY)
    16649. 

  16649. /* Square the Montgomery form number a number of times. (r = a ^ n mod m)
    16650. 

  16650.  *
    16651. 

  16651.  * r   Result of squaring.
    16652. 

  16652.  * a   Number to square in Montogmery form.
    16653. 

  16653.  * n   Number of times to square.
    16654. 

  16654.  * m   Modulus (prime).
    16655. 

  16655.  * mp  Montogmery mulitplier.
    16656. 

  16656.  */
    16657. 

  16657. static void sp_256_mont_sqr_n_8(sp_digit* r, const sp_digit* a, int n,
    16658. 

  16658.         const sp_digit* m, sp_digit mp)
    16659. 

  16659. {
    16660. 

  16660.     sp_256_mont_sqr_8(r, a, m, mp);
    16661. 

  16661.     for (; n > 1; n--) {
    16662. 

  16662.         sp_256_mont_sqr_8(r, r, m, mp);
    16663. 

  16663.     }
    16664. 

  16664. }
    16665. 

  16665. 

  16666. #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
    16667. 

  16667. #ifdef WOLFSSL_SP_SMALL
    16668. 

  16668. /* Mod-2 for the P256 curve. */
    16669. 

  16669. static const uint32_t p256_mod_2[8] = {
    16670. 

  16670.     0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
    16671. 

  16671.     0x00000001U,0xffffffffU
    16672. 

  16672. };
    16673. 

  16673. #endif /* !WOLFSSL_SP_SMALL */
    16674. 

  16674. 

  16675. /* Invert the number, in Montgomery form, modulo the modulus (prime) of the
    16676. 

  16676.  * P256 curve. (r = 1 / a mod m)
    16677. 

  16677.  *
    16678. 

  16678.  * r   Inverse result.
    16679. 

  16679.  * a   Number to invert.
    16680. 

  16680.  * td  Temporary data.
    16681. 

  16681.  */
    16682. 

  16682. static void sp_256_mont_inv_8(sp_digit* r, const sp_digit* a, sp_digit* td)
    16683. 

  16683. {
    16684. 

  16684. #ifdef WOLFSSL_SP_SMALL
    16685. 

  16685.     sp_digit* t = td;
    16686. 

  16686.     int i;
    16687. 

  16687. 

  16688.     XMEMCPY(t, a, sizeof(sp_digit) * 8);
    16689. 

  16689.     for (i=254; i>=0; i--) {
    16690. 

  16690.         sp_256_mont_sqr_8(t, t, p256_mod, p256_mp_mod);
    16691. 

  16691.         if (p256_mod_2[i / 32] & ((sp_digit)1 << (i % 32)))
    16692. 

  16692.             sp_256_mont_mul_8(t, t, a, p256_mod, p256_mp_mod);
    16693. 

  16693.     }
    16694. 

  16694.     XMEMCPY(r, t, sizeof(sp_digit) * 8);
    16695. 

  16695. #else
    16696. 

  16696.     sp_digit* t = td;
    16697. 

  16697.     sp_digit* t2 = td + 2 * 8;
    16698. 

  16698.     sp_digit* t3 = td + 4 * 8;
    16699. 

  16699. 

  16700.     /* t = a^2 */
    16701. 

  16701.     sp_256_mont_sqr_8(t, a, p256_mod, p256_mp_mod);
    16702. 

  16702.     /* t = a^3 = t * a */
    16703. 

  16703.     sp_256_mont_mul_8(t, t, a, p256_mod, p256_mp_mod);
    16704. 

  16704.     /* t2= a^c = t ^ 2 ^ 2 */
    16705. 

  16705.     sp_256_mont_sqr_n_8(t2, t, 2, p256_mod, p256_mp_mod);
    16706. 

  16706.     /* t3= a^d = t2 * a */
    16707. 

  16707.     sp_256_mont_mul_8(t3, t2, a, p256_mod, p256_mp_mod);
    16708. 

  16708.     /* t = a^f = t2 * t */
    16709. 

  16709.     sp_256_mont_mul_8(t, t2, t, p256_mod, p256_mp_mod);
    16710. 

  16710.     /* t2= a^f0 = t ^ 2 ^ 4 */
    16711. 

  16711.     sp_256_mont_sqr_n_8(t2, t, 4, p256_mod, p256_mp_mod);
    16712. 

  16712.     /* t3= a^fd = t2 * t3 */
    16713. 

  16713.     sp_256_mont_mul_8(t3, t2, t3, p256_mod, p256_mp_mod);
    16714. 

  16714.     /* t = a^ff = t2 * t */
    16715. 

  16715.     sp_256_mont_mul_8(t, t2, t, p256_mod, p256_mp_mod);
    16716. 

  16716.     /* t2= a^ff00 = t ^ 2 ^ 8 */
    16717. 

  16717.     sp_256_mont_sqr_n_8(t2, t, 8, p256_mod, p256_mp_mod);
    16718. 

  16718.     /* t3= a^fffd = t2 * t3 */
    16719. 

  16719.     sp_256_mont_mul_8(t3, t2, t3, p256_mod, p256_mp_mod);
    16720. 

  16720.     /* t = a^ffff = t2 * t */
    16721. 

  16721.     sp_256_mont_mul_8(t, t2, t, p256_mod, p256_mp_mod);
    16722. 

  16722.     /* t2= a^ffff0000 = t ^ 2 ^ 16 */
    16723. 

  16723.     sp_256_mont_sqr_n_8(t2, t, 16, p256_mod, p256_mp_mod);
    16724. 

  16724.     /* t3= a^fffffffd = t2 * t3 */
    16725. 

  16725.     sp_256_mont_mul_8(t3, t2, t3, p256_mod, p256_mp_mod);
    16726. 

  16726.     /* t = a^ffffffff = t2 * t */
    16727. 

  16727.     sp_256_mont_mul_8(t, t2, t, p256_mod, p256_mp_mod);
    16728. 

  16728.     /* t = a^ffffffff00000000 = t ^ 2 ^ 32  */
    16729. 

  16729.     sp_256_mont_sqr_n_8(t2, t, 32, p256_mod, p256_mp_mod);
    16730. 

  16730.     /* t2= a^ffffffffffffffff = t2 * t */
    16731. 

  16731.     sp_256_mont_mul_8(t, t2, t, p256_mod, p256_mp_mod);
    16732. 

  16732.     /* t2= a^ffffffff00000001 = t2 * a */
    16733. 

  16733.     sp_256_mont_mul_8(t2, t2, a, p256_mod, p256_mp_mod);
    16734. 

  16734.     /* t2= a^ffffffff000000010000000000000000000000000000000000000000
    16735. 

  16735.      *   = t2 ^ 2 ^ 160 */
    16736. 

  16736.     sp_256_mont_sqr_n_8(t2, t2, 160, p256_mod, p256_mp_mod);
    16737. 

  16737.     /* t2= a^ffffffff00000001000000000000000000000000ffffffffffffffff
    16738. 

  16738.      *   = t2 * t */
    16739. 

  16739.     sp_256_mont_mul_8(t2, t2, t, p256_mod, p256_mp_mod);
    16740. 

  16740.     /* t2= a^ffffffff00000001000000000000000000000000ffffffffffffffff00000000
    16741. 

  16741.      *   = t2 ^ 2 ^ 32 */
    16742. 

  16742.     sp_256_mont_sqr_n_8(t2, t2, 32, p256_mod, p256_mp_mod);
    16743. 

  16743.     /* r = a^ffffffff00000001000000000000000000000000fffffffffffffffffffffffd
    16744. 

  16744.      *   = t2 * t3 */
    16745. 

  16745.     sp_256_mont_mul_8(r, t2, t3, p256_mod, p256_mp_mod);
    16746. 

  16746. #endif /* WOLFSSL_SP_SMALL */
    16747. 

  16747. }
    16748. 

  16748. 

  16749. /* Map the Montgomery form projective coordinate point to an affine point.
    16750. 

  16750.  *
    16751. 

  16751.  * r  Resulting affine coordinate point.
    16752. 

  16752.  * p  Montgomery form projective coordinate point.
    16753. 

  16753.  * t  Temporary ordinate data.
    16754. 

  16754.  */
    16755. 

  16755. static void sp_256_map_8(sp_point* r, const sp_point* p, sp_digit* t)
    16756. 

  16756. {
    16757. 

  16757.     sp_digit* t1 = t;
    16758. 

  16758.     sp_digit* t2 = t + 2*8;
    16759. 

  16759.     int32_t n;
    16760. 

  16760. 

  16761.     sp_256_mont_inv_8(t1, p->z, t + 2*8);
    16762. 

  16762. 

  16763.     sp_256_mont_sqr_8(t2, t1, p256_mod, p256_mp_mod);
    16764. 

  16764.     sp_256_mont_mul_8(t1, t2, t1, p256_mod, p256_mp_mod);
    16765. 

  16765. 

  16766.     /* x /= z^2 */
    16767. 

  16767.     sp_256_mont_mul_8(r->x, p->x, t2, p256_mod, p256_mp_mod);
    16768. 

  16768.     XMEMSET(r->x + 8, 0, sizeof(r->x) / 2U);
    16769. 

  16769.     sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod);
    16770. 

  16770.     /* Reduce x to less than modulus */
    16771. 

  16771.     n = sp_256_cmp_8(r->x, p256_mod);
    16772. 

  16772.     sp_256_cond_sub_8(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
    16773. 

  16773.                 (sp_digit)1 : (sp_digit)0));
    16774. 

  16774.     sp_256_norm_8(r->x);
    16775. 

  16775. 

  16776.     /* y /= z^3 */
    16777. 

  16777.     sp_256_mont_mul_8(r->y, p->y, t1, p256_mod, p256_mp_mod);
    16778. 

  16778.     XMEMSET(r->y + 8, 0, sizeof(r->y) / 2U);
    16779. 

  16779.     sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod);
    16780. 

  16780.     /* Reduce y to less than modulus */
    16781. 

  16781.     n = sp_256_cmp_8(r->y, p256_mod);
    16782. 

  16782.     sp_256_cond_sub_8(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
    16783. 

  16783.                 (sp_digit)1 : (sp_digit)0));
    16784. 

  16784.     sp_256_norm_8(r->y);
    16785. 

  16785. 

  16786.     XMEMSET(r->z, 0, sizeof(r->z));
    16787. 

  16787.     r->z[0] = 1;
    16788. 

  16788. 

  16789. }
    16790. 

  16790. 

  16791. #ifdef WOLFSSL_SP_SMALL
    16792. 

  16792. /* Add b to a into r. (r = a + b)
    16793. 

  16793.  *
    16794. 

  16794.  * r  A single precision integer.
    16795. 

  16795.  * a  A single precision integer.
    16796. 

  16796.  * b  A single precision integer.
    16797. 

  16797.  */
    16798. 

  16798. SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
    16799. 

  16799.         const sp_digit* b)
    16800. 

  16800. {
    16801. 

  16801.     sp_digit c = 0;
    16802. 

  16802. 

  16803.     __asm__ __volatile__ (
    16804. 

  16804.         "mov	r6, %[a]\n\t"
    16805. 

  16805.         "mov	r7, #0\n\t"
    16806. 

  16806.         "add	r6, #32\n\t"
    16807. 

  16807.         "sub	r7, #1\n\t"
    16808. 

  16808.         "\n1:\n\t"
    16809. 

  16809.         "add	%[c], r7\n\t"
    16810. 

  16810.         "ldr	r4, [%[a]]\n\t"
    16811. 

  16811.         "ldr	r5, [%[b]]\n\t"
    16812. 

  16812.         "adc	r4, r5\n\t"
    16813. 

  16813.         "str	r4, [%[r]]\n\t"
    16814. 

  16814.         "mov	%[c], #0\n\t"
    16815. 

  16815.         "adc	%[c], %[c]\n\t"
    16816. 

  16816.         "add	%[a], #4\n\t"
    16817. 

  16817.         "add	%[b], #4\n\t"
    16818. 

  16818.         "add	%[r], #4\n\t"
    16819. 

  16819.         "cmp	%[a], r6\n\t"
    16820. 

  16820.         "bne	1b\n\t"
    16821. 

  16821.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    16822. 

  16822.         :
    16823. 

  16823.         : "memory", "r4", "r5", "r6", "r7"
    16824. 

  16824.     );
    16825. 

  16825. 

  16826.     return c;
    16827. 

  16827. }
    16828. 

  16828. 

  16829. #else
    16830. 

  16830. /* Add b to a into r. (r = a + b)
    16831. 

  16831.  *
    16832. 

  16832.  * r  A single precision integer.
    16833. 

  16833.  * a  A single precision integer.
    16834. 

  16834.  * b  A single precision integer.
    16835. 

  16835.  */
    16836. 

  16836. SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a,
    16837. 

  16837.         const sp_digit* b)
    16838. 

  16838. {
    16839. 

  16839.     sp_digit c = 0;
    16840. 

  16840. 

  16841.     __asm__ __volatile__ (
    16842. 

  16842.         "ldr	r4, [%[a], #0]\n\t"
    16843. 

  16843.         "ldr	r5, [%[b], #0]\n\t"
    16844. 

  16844.         "add	r4, r5\n\t"
    16845. 

  16845.         "str	r4, [%[r], #0]\n\t"
    16846. 

  16846.         "ldr	r4, [%[a], #4]\n\t"
    16847. 

  16847.         "ldr	r5, [%[b], #4]\n\t"
    16848. 

  16848.         "adc	r4, r5\n\t"
    16849. 

  16849.         "str	r4, [%[r], #4]\n\t"
    16850. 

  16850.         "ldr	r4, [%[a], #8]\n\t"
    16851. 

  16851.         "ldr	r5, [%[b], #8]\n\t"
    16852. 

  16852.         "adc	r4, r5\n\t"
    16853. 

  16853.         "str	r4, [%[r], #8]\n\t"
    16854. 

  16854.         "ldr	r4, [%[a], #12]\n\t"
    16855. 

  16855.         "ldr	r5, [%[b], #12]\n\t"
    16856. 

  16856.         "adc	r4, r5\n\t"
    16857. 

  16857.         "str	r4, [%[r], #12]\n\t"
    16858. 

  16858.         "ldr	r4, [%[a], #16]\n\t"
    16859. 

  16859.         "ldr	r5, [%[b], #16]\n\t"
    16860. 

  16860.         "adc	r4, r5\n\t"
    16861. 

  16861.         "str	r4, [%[r], #16]\n\t"
    16862. 

  16862.         "ldr	r4, [%[a], #20]\n\t"
    16863. 

  16863.         "ldr	r5, [%[b], #20]\n\t"
    16864. 

  16864.         "adc	r4, r5\n\t"
    16865. 

  16865.         "str	r4, [%[r], #20]\n\t"
    16866. 

  16866.         "ldr	r4, [%[a], #24]\n\t"
    16867. 

  16867.         "ldr	r5, [%[b], #24]\n\t"
    16868. 

  16868.         "adc	r4, r5\n\t"
    16869. 

  16869.         "str	r4, [%[r], #24]\n\t"
    16870. 

  16870.         "ldr	r4, [%[a], #28]\n\t"
    16871. 

  16871.         "ldr	r5, [%[b], #28]\n\t"
    16872. 

  16872.         "adc	r4, r5\n\t"
    16873. 

  16873.         "str	r4, [%[r], #28]\n\t"
    16874. 

  16874.         "mov	%[c], #0\n\t"
    16875. 

  16875.         "adc	%[c], %[c]\n\t"
    16876. 

  16876.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    16877. 

  16877.         :
    16878. 

  16878.         : "memory", "r4", "r5"
    16879. 

  16879.     );
    16880. 

  16880. 

  16881.     return c;
    16882. 

  16882. }
    16883. 

  16883. 

  16884. #endif /* WOLFSSL_SP_SMALL */
    16885. 

  16885. /* Add two Montgomery form numbers (r = a + b % m).
    16886. 

  16886.  *
    16887. 

  16887.  * r   Result of addition.
    16888. 

  16888.  * a   First number to add in Montogmery form.
    16889. 

  16889.  * b   Second number to add in Montogmery form.
    16890. 

  16890.  * m   Modulus (prime).
    16891. 

  16891.  */
    16892. 

  16892. SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b,
    16893. 

  16893.         const sp_digit* m)
    16894. 

  16894. {
    16895. 

  16895.     (void)m;
    16896. 

  16896. 

  16897.     __asm__ __volatile__ (
    16898. 

  16898.         "mov	r3, #0\n\t"
    16899. 

  16899.         "ldr	r4, [%[a],#0]\n\t"
    16900. 

  16900.         "ldr	r5, [%[a],#4]\n\t"
    16901. 

  16901.         "ldr	r6, [%[b],#0]\n\t"
    16902. 

  16902.         "ldr	r7, [%[b],#4]\n\t"
    16903. 

  16903.         "add	r4, r6\n\t"
    16904. 

  16904.         "adc	r5, r7\n\t"
    16905. 

  16905.         "str	r4, [%[r],#0]\n\t"
    16906. 

  16906.         "str	r5, [%[r],#4]\n\t"
    16907. 

  16907.         "ldr	r4, [%[a],#8]\n\t"
    16908. 

  16908.         "ldr	r5, [%[a],#12]\n\t"
    16909. 

  16909.         "ldr	r6, [%[b],#8]\n\t"
    16910. 

  16910.         "ldr	r7, [%[b],#12]\n\t"
    16911. 

  16911.         "adc	r4, r6\n\t"
    16912. 

  16912.         "adc	r5, r7\n\t"
    16913. 

  16913.         "str	r4, [%[r],#8]\n\t"
    16914. 

  16914.         "str	r5, [%[r],#12]\n\t"
    16915. 

  16915.         "ldr	r4, [%[a],#16]\n\t"
    16916. 

  16916.         "ldr	r5, [%[a],#20]\n\t"
    16917. 

  16917.         "ldr	r6, [%[b],#16]\n\t"
    16918. 

  16918.         "ldr	r7, [%[b],#20]\n\t"
    16919. 

  16919.         "adc	r4, r6\n\t"
    16920. 

  16920.         "adc	r5, r7\n\t"
    16921. 

  16921.         "mov	r8, r4\n\t"
    16922. 

  16922.         "mov	r9, r5\n\t"
    16923. 

  16923.         "ldr	r4, [%[a],#24]\n\t"
    16924. 

  16924.         "ldr	r5, [%[a],#28]\n\t"
    16925. 

  16925.         "ldr	r6, [%[b],#24]\n\t"
    16926. 

  16926.         "ldr	r7, [%[b],#28]\n\t"
    16927. 

  16927.         "adc	r4, r6\n\t"
    16928. 

  16928.         "adc	r5, r7\n\t"
    16929. 

  16929.         "mov	r10, r4\n\t"
    16930. 

  16930.         "mov	r11, r5\n\t"
    16931. 

  16931.         "adc	r3, r3\n\t"
    16932. 

  16932.         "mov	r6, r3\n\t"
    16933. 

  16933.         "sub	r3, #1\n\t"
    16934. 

  16934.         "mvn	r3, r3\n\t"
    16935. 

  16935.         "mov	r7, #0\n\t"
    16936. 

  16936.         "ldr	r4, [%[r],#0]\n\t"
    16937. 

  16937.         "ldr	r5, [%[r],#4]\n\t"
    16938. 

  16938.         "sub	r4, r3\n\t"
    16939. 

  16939.         "sbc	r5, r3\n\t"
    16940. 

  16940.         "str	r4, [%[r],#0]\n\t"
    16941. 

  16941.         "str	r5, [%[r],#4]\n\t"
    16942. 

  16942.         "ldr	r4, [%[r],#8]\n\t"
    16943. 

  16943.         "ldr	r5, [%[r],#12]\n\t"
    16944. 

  16944.         "sbc	r4, r3\n\t"
    16945. 

  16945.         "sbc	r5, r7\n\t"
    16946. 

  16946.         "str	r4, [%[r],#8]\n\t"
    16947. 

  16947.         "str	r5, [%[r],#12]\n\t"
    16948. 

  16948.         "mov	r4, r8\n\t"
    16949. 

  16949.         "mov	r5, r9\n\t"
    16950. 

  16950.         "sbc	r4, r7\n\t"
    16951. 

  16951.         "sbc	r5, r7\n\t"
    16952. 

  16952.         "str	r4, [%[r],#16]\n\t"
    16953. 

  16953.         "str	r5, [%[r],#20]\n\t"
    16954. 

  16954.         "mov	r4, r10\n\t"
    16955. 

  16955.         "mov	r5, r11\n\t"
    16956. 

  16956.         "sbc	r4, r6\n\t"
    16957. 

  16957.         "sbc	r5, r3\n\t"
    16958. 

  16958.         "str	r4, [%[r],#24]\n\t"
    16959. 

  16959.         "str	r5, [%[r],#28]\n\t"
    16960. 

  16960.         :
    16961. 

  16961.         : [r] "r" (r), [a] "r" (a), [b] "r" (b)
    16962. 

  16962.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    16963. 

  16963.     );
    16964. 

  16964. }
    16965. 

  16965. 

  16966. /* Double a Montgomery form number (r = a + a % m).
    16967. 

  16967.  *
    16968. 

  16968.  * r   Result of doubling.
    16969. 

  16969.  * a   Number to double in Montogmery form.
    16970. 

  16970.  * m   Modulus (prime).
    16971. 

  16971.  */
    16972. 

  16972. SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
    16973. 

  16973. {
    16974. 

  16974.     (void)m;
    16975. 

  16975. 

  16976.     __asm__ __volatile__ (
    16977. 

  16977.         "ldr	r4, [%[a],#0]\n\t"
    16978. 

  16978.         "ldr	r5, [%[a],#4]\n\t"
    16979. 

  16979.         "ldr	r6, [%[a],#8]\n\t"
    16980. 

  16980.         "ldr	r7, [%[a],#12]\n\t"
    16981. 

  16981.         "add	r4, r4\n\t"
    16982. 

  16982.         "adc	r5, r5\n\t"
    16983. 

  16983.         "adc	r6, r6\n\t"
    16984. 

  16984.         "adc	r7, r7\n\t"
    16985. 

  16985.         "str	r4, [%[r],#0]\n\t"
    16986. 

  16986.         "str	r5, [%[r],#4]\n\t"
    16987. 

  16987.         "str	r6, [%[r],#8]\n\t"
    16988. 

  16988.         "str	r7, [%[r],#12]\n\t"
    16989. 

  16989.         "ldr	r4, [%[a],#16]\n\t"
    16990. 

  16990.         "ldr	r5, [%[a],#20]\n\t"
    16991. 

  16991.         "ldr	r6, [%[a],#24]\n\t"
    16992. 

  16992.         "ldr	r7, [%[a],#28]\n\t"
    16993. 

  16993.         "adc	r4, r4\n\t"
    16994. 

  16994.         "adc	r5, r5\n\t"
    16995. 

  16995.         "adc	r6, r6\n\t"
    16996. 

  16996.         "adc	r7, r7\n\t"
    16997. 

  16997.         "mov	r8, r4\n\t"
    16998. 

  16998.         "mov	r9, r5\n\t"
    16999. 

  16999.         "mov	r10, r6\n\t"
    17000. 

  17000.         "mov	r11, r7\n\t"
    17001. 

  17001.         "mov	r3, #0\n\t"
    17002. 

  17002.         "mov	r7, #0\n\t"
    17003. 

  17003.         "adc	r3, r3\n\t"
    17004. 

  17004.         "mov	r2, r3\n\t"
    17005. 

  17005.         "sub	r3, #1\n\t"
    17006. 

  17006.         "mvn	r3, r3\n\t"
    17007. 

  17007.         "ldr	r4, [%[r],#0]\n\t"
    17008. 

  17008.         "ldr	r5, [%[r],#4]\n\t"
    17009. 

  17009.         "ldr	r6, [%[r],#8]\n\t"
    17010. 

  17010.         "sub	r4, r3\n\t"
    17011. 

  17011.         "sbc	r5, r3\n\t"
    17012. 

  17012.         "sbc	r6, r3\n\t"
    17013. 

  17013.         "str	r4, [%[r],#0]\n\t"
    17014. 

  17014.         "str	r5, [%[r],#4]\n\t"
    17015. 

  17015.         "str	r6, [%[r],#8]\n\t"
    17016. 

  17016.         "ldr	r4, [%[r],#12]\n\t"
    17017. 

  17017.         "mov	r5, r8\n\t"
    17018. 

  17018.         "mov	r6, r9\n\t"
    17019. 

  17019.         "sbc	r4, r7\n\t"
    17020. 

  17020.         "sbc	r5, r7\n\t"
    17021. 

  17021.         "sbc	r6, r7\n\t"
    17022. 

  17022.         "str	r4, [%[r],#12]\n\t"
    17023. 

  17023.         "str	r5, [%[r],#16]\n\t"
    17024. 

  17024.         "str	r6, [%[r],#20]\n\t"
    17025. 

  17025.         "mov	r4, r10\n\t"
    17026. 

  17026.         "mov	r5, r11\n\t"
    17027. 

  17027.         "sbc	r4, r2\n\t"
    17028. 

  17028.         "sbc	r5, r3\n\t"
    17029. 

  17029.         "str	r4, [%[r],#24]\n\t"
    17030. 

  17030.         "str	r5, [%[r],#28]\n\t"
    17031. 

  17031.         :
    17032. 

  17032.         : [r] "r" (r), [a] "r" (a)
    17033. 

  17033.         : "memory", "r3", "r2", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    17034. 

  17034.     );
    17035. 

  17035. }
    17036. 

  17036. 

  17037. /* Triple a Montgomery form number (r = a + a + a % m).
    17038. 

  17038.  *
    17039. 

  17039.  * r   Result of Tripling.
    17040. 

  17040.  * a   Number to triple in Montogmery form.
    17041. 

  17041.  * m   Modulus (prime).
    17042. 

  17042.  */
    17043. 

  17043. SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
    17044. 

  17044. {
    17045. 

  17045.     (void)m;
    17046. 

  17046. 

  17047.     __asm__ __volatile__ (
    17048. 

  17048.         "ldr   r6, [%[a],#0]\n\t"
    17049. 

  17049.         "ldr   r7, [%[a],#4]\n\t"
    17050. 

  17050.         "ldr   r4, [%[a],#8]\n\t"
    17051. 

  17051.         "ldr   r5, [%[a],#12]\n\t"
    17052. 

  17052.         "add   r6, r6\n\t"
    17053. 

  17053.         "adc   r7, r7\n\t"
    17054. 

  17054.         "adc   r4, r4\n\t"
    17055. 

  17055.         "adc   r5, r5\n\t"
    17056. 

  17056.         "mov   r8, r4\n\t"
    17057. 

  17057.         "mov   r9, r5\n\t"
    17058. 

  17058.         "ldr   r2, [%[a],#16]\n\t"
    17059. 

  17059.         "ldr   r3, [%[a],#20]\n\t"
    17060. 

  17060.         "ldr   r4, [%[a],#24]\n\t"
    17061. 

  17061.         "ldr   r5, [%[a],#28]\n\t"
    17062. 

  17062.         "adc   r2, r2\n\t"
    17063. 

  17063.         "adc   r3, r3\n\t"
    17064. 

  17064.         "adc   r4, r4\n\t"
    17065. 

  17065.         "adc   r5, r5\n\t"
    17066. 

  17066.         "mov   r10, r2\n\t"
    17067. 

  17067.         "mov   r11, r3\n\t"
    17068. 

  17068.         "mov   r12, r4\n\t"
    17069. 

  17069.         "mov   r14, r5\n\t"
    17070. 

  17070.         "mov   r3, #0\n\t"
    17071. 

  17071.         "mov   r5, #0\n\t"
    17072. 

  17072.         "adc   r3, r3\n\t"
    17073. 

  17073.         "mov   r4, r3\n\t"
    17074. 

  17074.         "sub   r3, #1\n\t"
    17075. 

  17075.         "mvn   r3, r3\n\t"
    17076. 

  17076.         "sub   r6, r3\n\t"
    17077. 

  17077.         "sbc   r7, r3\n\t"
    17078. 

  17078.         "mov   r2, r8\n\t"
    17079. 

  17079.         "sbc   r2, r3\n\t"
    17080. 

  17080.         "mov   r8, r2\n\t"
    17081. 

  17081.         "mov   r2, r9\n\t"
    17082. 

  17082.         "sbc   r2, r5\n\t"
    17083. 

  17083.         "mov   r9, r2\n\t"
    17084. 

  17084.         "mov   r2, r10\n\t"
    17085. 

  17085.         "sbc   r2, r5\n\t"
    17086. 

  17086.         "mov   r10, r2\n\t"
    17087. 

  17087.         "mov   r2, r11\n\t"
    17088. 

  17088.         "sbc   r2, r5\n\t"
    17089. 

  17089.         "mov   r11, r2\n\t"
    17090. 

  17090.         "mov   r2, r12\n\t"
    17091. 

  17091.         "sbc   r2, r4\n\t"
    17092. 

  17092.         "mov   r12, r2\n\t"
    17093. 

  17093.         "mov   r2, r14\n\t"
    17094. 

  17094.         "sbc   r2, r3\n\t"
    17095. 

  17095.         "mov   r14, r2\n\t"
    17096. 

  17096.         "ldr	r2, [%[a],#0]\n\t"
    17097. 

  17097.         "ldr	r3, [%[a],#4]\n\t"
    17098. 

  17098.         "add	r6, r2\n\t"
    17099. 

  17099.         "adc	r7, r3\n\t"
    17100. 

  17100.         "ldr	r2, [%[a],#8]\n\t"
    17101. 

  17101.         "ldr	r3, [%[a],#12]\n\t"
    17102. 

  17102.         "mov	r4, r8\n\t"
    17103. 

  17103.         "mov	r5, r9\n\t"
    17104. 

  17104.         "adc	r2, r4\n\t"
    17105. 

  17105.         "adc	r3, r5\n\t"
    17106. 

  17106.         "mov   r8, r2\n\t"
    17107. 

  17107.         "mov   r9, r3\n\t"
    17108. 

  17108.         "ldr	r2, [%[a],#16]\n\t"
    17109. 

  17109.         "ldr	r3, [%[a],#20]\n\t"
    17110. 

  17110.         "mov	r4, r10\n\t"
    17111. 

  17111.         "mov	r5, r11\n\t"
    17112. 

  17112.         "adc	r2, r4\n\t"
    17113. 

  17113.         "adc	r3, r5\n\t"
    17114. 

  17114.         "mov	r10, r2\n\t"
    17115. 

  17115.         "mov	r11, r3\n\t"
    17116. 

  17116.         "ldr	r2, [%[a],#24]\n\t"
    17117. 

  17117.         "ldr	r3, [%[a],#28]\n\t"
    17118. 

  17118.         "mov	r4, r12\n\t"
    17119. 

  17119.         "mov	r5, r14\n\t"
    17120. 

  17120.         "adc	r2, r4\n\t"
    17121. 

  17121.         "adc	r3, r5\n\t"
    17122. 

  17122.         "mov	r12, r2\n\t"
    17123. 

  17123.         "mov	r14, r3\n\t"
    17124. 

  17124.         "mov   r3, #0\n\t"
    17125. 

  17125.         "mov	r5, #0\n\t"
    17126. 

  17126.         "adc	r3, r3\n\t"
    17127. 

  17127.         "mov	r4, r3\n\t"
    17128. 

  17128.         "sub	r3, #1\n\t"
    17129. 

  17129.         "mvn	r3, r3\n\t"
    17130. 

  17130.         "sub	r6, r3\n\t"
    17131. 

  17131.         "str	r6, [%[r],#0]\n\t"
    17132. 

  17132.         "sbc	r7, r3\n\t"
    17133. 

  17133.         "str	r7, [%[r],#4]\n\t"
    17134. 

  17134.         "mov   r2, r8\n\t"
    17135. 

  17135.         "sbc   r2, r3\n\t"
    17136. 

  17136.         "str	r2, [%[r],#8]\n\t"
    17137. 

  17137.         "mov   r2, r9\n\t"
    17138. 

  17138.         "sbc   r2, r5\n\t"
    17139. 

  17139.         "str	r2, [%[r],#12]\n\t"
    17140. 

  17140.         "mov   r2, r10\n\t"
    17141. 

  17141.         "sbc   r2, r5\n\t"
    17142. 

  17142.         "str	r2, [%[r],#16]\n\t"
    17143. 

  17143.         "mov   r2, r11\n\t"
    17144. 

  17144.         "sbc   r2, r5\n\t"
    17145. 

  17145.         "str	r2, [%[r],#20]\n\t"
    17146. 

  17146.         "mov   r2, r12\n\t"
    17147. 

  17147.         "sbc   r2, r4\n\t"
    17148. 

  17148.         "str	r2, [%[r],#24]\n\t"
    17149. 

  17149.         "mov   r2, r14\n\t"
    17150. 

  17150.         "sbc   r2, r3\n\t"
    17151. 

  17151.         "str	r2, [%[r],#28]\n\t"
    17152. 

  17152.         :
    17153. 

  17153.         : [r] "r" (r), [a] "r" (a)
    17154. 

  17154.         : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r14"
    17155. 

  17155.     );
    17156. 

  17156. }
    17157. 

  17157. 

  17158. /* Subtract two Montgomery form numbers (r = a - b % m).
    17159. 

  17159.  *
    17160. 

  17160.  * r   Result of subtration.
    17161. 

  17161.  * a   Number to subtract from in Montogmery form.
    17162. 

  17162.  * b   Number to subtract with in Montogmery form.
    17163. 

  17163.  * m   Modulus (prime).
    17164. 

  17164.  */
    17165. 

  17165. SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b,
    17166. 

  17166.         const sp_digit* m)
    17167. 

  17167. {
    17168. 

  17168.     (void)m;
    17169. 

  17169. 

  17170.     __asm__ __volatile__ (
    17171. 

  17171.         "ldr	r4, [%[a],#0]\n\t"
    17172. 

  17172.         "ldr	r5, [%[a],#4]\n\t"
    17173. 

  17173.         "ldr	r6, [%[b],#0]\n\t"
    17174. 

  17174.         "ldr	r7, [%[b],#4]\n\t"
    17175. 

  17175.         "sub	r4, r6\n\t"
    17176. 

  17176.         "sbc	r5, r7\n\t"
    17177. 

  17177.         "str	r4, [%[r],#0]\n\t"
    17178. 

  17178.         "str	r5, [%[r],#4]\n\t"
    17179. 

  17179.         "ldr	r4, [%[a],#8]\n\t"
    17180. 

  17180.         "ldr	r5, [%[a],#12]\n\t"
    17181. 

  17181.         "ldr	r6, [%[b],#8]\n\t"
    17182. 

  17182.         "ldr	r7, [%[b],#12]\n\t"
    17183. 

  17183.         "sbc	r4, r6\n\t"
    17184. 

  17184.         "sbc	r5, r7\n\t"
    17185. 

  17185.         "str	r4, [%[r],#8]\n\t"
    17186. 

  17186.         "str	r5, [%[r],#12]\n\t"
    17187. 

  17187.         "ldr	r4, [%[a],#16]\n\t"
    17188. 

  17188.         "ldr	r5, [%[a],#20]\n\t"
    17189. 

  17189.         "ldr	r6, [%[b],#16]\n\t"
    17190. 

  17190.         "ldr	r7, [%[b],#20]\n\t"
    17191. 

  17191.         "sbc	r4, r6\n\t"
    17192. 

  17192.         "sbc	r5, r7\n\t"
    17193. 

  17193.         "mov	r8, r4\n\t"
    17194. 

  17194.         "mov	r9, r5\n\t"
    17195. 

  17195.         "ldr	r4, [%[a],#24]\n\t"
    17196. 

  17196.         "ldr	r5, [%[a],#28]\n\t"
    17197. 

  17197.         "ldr	r6, [%[b],#24]\n\t"
    17198. 

  17198.         "ldr	r7, [%[b],#28]\n\t"
    17199. 

  17199.         "sbc	r4, r6\n\t"
    17200. 

  17200.         "sbc	r5, r7\n\t"
    17201. 

  17201.         "mov	r10, r4\n\t"
    17202. 

  17202.         "mov	r11, r5\n\t"
    17203. 

  17203.         "sbc   r3, r3\n\t"
    17204. 

  17204.         "lsr   r7, r3, #31\n\t"
    17205. 

  17205.         "mov   r6, #0\n\t"
    17206. 

  17206.         "ldr	r4, [%[r],#0]\n\t"
    17207. 

  17207.         "ldr	r5, [%[r],#4]\n\t"
    17208. 

  17208.         "add	r4, r3\n\t"
    17209. 

  17209.         "adc	r5, r3\n\t"
    17210. 

  17210.         "str	r4, [%[r],#0]\n\t"
    17211. 

  17211.         "str	r5, [%[r],#4]\n\t"
    17212. 

  17212.         "ldr	r4, [%[r],#8]\n\t"
    17213. 

  17213.         "ldr	r5, [%[r],#12]\n\t"
    17214. 

  17214.         "adc	r4, r3\n\t"
    17215. 

  17215.         "adc	r5, r6\n\t"
    17216. 

  17216.         "str	r4, [%[r],#8]\n\t"
    17217. 

  17217.         "str	r5, [%[r],#12]\n\t"
    17218. 

  17218.         "mov	r4, r8\n\t"
    17219. 

  17219.         "mov	r5, r9\n\t"
    17220. 

  17220.         "adc	r4, r6\n\t"
    17221. 

  17221.         "adc	r5, r6\n\t"
    17222. 

  17222.         "str	r4, [%[r],#16]\n\t"
    17223. 

  17223.         "str	r5, [%[r],#20]\n\t"
    17224. 

  17224.         "mov	r4, r10\n\t"
    17225. 

  17225.         "mov	r5, r11\n\t"
    17226. 

  17226.         "adc	r4, r7\n\t"
    17227. 

  17227.         "adc	r5, r3\n\t"
    17228. 

  17228.         "str	r4, [%[r],#24]\n\t"
    17229. 

  17229.         "str	r5, [%[r],#28]\n\t"
    17230. 

  17230.         :
    17231. 

  17231.         : [r] "r" (r), [a] "r" (a), [b] "r" (b)
    17232. 

  17232.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11"
    17233. 

  17233.     );
    17234. 

  17234. }
    17235. 

  17235. 

  17236. /* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
    17237. 

  17237.  *
    17238. 

  17238.  * r  Result of division by 2.
    17239. 

  17239.  * a  Number to divide.
    17240. 

  17240.  * m  Modulus (prime).
    17241. 

  17241.  */
    17242. 

  17242. SP_NOINLINE static void sp_256_div2_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
    17243. 

  17243. {
    17244. 

  17244.     __asm__ __volatile__ (
    17245. 

  17245.         "ldr	r7, [%[a], #0]\n\t"
    17246. 

  17246.         "lsl	r7, r7, #31\n\t"
    17247. 

  17247.         "lsr	r7, r7, #31\n\t"
    17248. 

  17248.         "mov	r5, #0\n\t"
    17249. 

  17249.         "sub	r5, r7\n\t"
    17250. 

  17250.         "mov	r7, #0\n\t"
    17251. 

  17251.         "lsl	r6, r5, #31\n\t"
    17252. 

  17252.         "lsr	r6, r6, #31\n\t"
    17253. 

  17253.         "ldr	r3, [%[a], #0]\n\t"
    17254. 

  17254.         "ldr	r4, [%[a], #4]\n\t"
    17255. 

  17255.         "add	r3, r5\n\t"
    17256. 

  17256.         "adc	r4, r5\n\t"
    17257. 

  17257.         "str	r3, [%[r], #0]\n\t"
    17258. 

  17258.         "str	r4, [%[r], #4]\n\t"
    17259. 

  17259.         "ldr	r3, [%[a], #8]\n\t"
    17260. 

  17260.         "ldr	r4, [%[a], #12]\n\t"
    17261. 

  17261.         "adc	r3, r5\n\t"
    17262. 

  17262.         "adc	r4, r7\n\t"
    17263. 

  17263.         "str	r3, [%[r], #8]\n\t"
    17264. 

  17264.         "str	r4, [%[r], #12]\n\t"
    17265. 

  17265.         "ldr	r3, [%[a], #16]\n\t"
    17266. 

  17266.         "ldr	r4, [%[a], #20]\n\t"
    17267. 

  17267.         "adc	r3, r7\n\t"
    17268. 

  17268.         "adc	r4, r7\n\t"
    17269. 

  17269.         "str	r3, [%[r], #16]\n\t"
    17270. 

  17270.         "str	r4, [%[r], #20]\n\t"
    17271. 

  17271.         "ldr	r3, [%[a], #24]\n\t"
    17272. 

  17272.         "ldr	r4, [%[a], #28]\n\t"
    17273. 

  17273.         "adc	r3, r6\n\t"
    17274. 

  17274.         "adc	r4, r5\n\t"
    17275. 

  17275.         "adc	r7, r7\n\t"
    17276. 

  17276.         "lsl	r7, r7, #31\n\t"
    17277. 

  17277.         "lsr	r5, r3, #1\n\t"
    17278. 

  17278.         "lsl	r3, r3, #31\n\t"
    17279. 

  17279.         "lsr	r6, r4, #1\n\t"
    17280. 

  17280.         "lsl	r4, r4, #31\n\t"
    17281. 

  17281.         "orr	r5, r4\n\t"
    17282. 

  17282.         "orr	r6, r7\n\t"
    17283. 

  17283.         "mov	r7, r3\n\t"
    17284. 

  17284.         "str	r5, [%[r], #24]\n\t"
    17285. 

  17285.         "str	r6, [%[r], #28]\n\t"
    17286. 

  17286.         "ldr	r3, [%[a], #16]\n\t"
    17287. 

  17287.         "ldr	r4, [%[a], #20]\n\t"
    17288. 

  17288.         "lsr	r5, r3, #1\n\t"
    17289. 

  17289.         "lsl	r3, r3, #31\n\t"
    17290. 

  17290.         "lsr	r6, r4, #1\n\t"
    17291. 

  17291.         "lsl	r4, r4, #31\n\t"
    17292. 

  17292.         "orr	r5, r4\n\t"
    17293. 

  17293.         "orr	r6, r7\n\t"
    17294. 

  17294.         "mov	r7, r3\n\t"
    17295. 

  17295.         "str	r5, [%[r], #16]\n\t"
    17296. 

  17296.         "str	r6, [%[r], #20]\n\t"
    17297. 

  17297.         "ldr	r3, [%[a], #8]\n\t"
    17298. 

  17298.         "ldr	r4, [%[a], #12]\n\t"
    17299. 

  17299.         "lsr	r5, r3, #1\n\t"
    17300. 

  17300.         "lsl	r3, r3, #31\n\t"
    17301. 

  17301.         "lsr	r6, r4, #1\n\t"
    17302. 

  17302.         "lsl	r4, r4, #31\n\t"
    17303. 

  17303.         "orr	r5, r4\n\t"
    17304. 

  17304.         "orr	r6, r7\n\t"
    17305. 

  17305.         "mov	r7, r3\n\t"
    17306. 

  17306.         "str	r5, [%[r], #8]\n\t"
    17307. 

  17307.         "str	r6, [%[r], #12]\n\t"
    17308. 

  17308.         "ldr	r3, [%[r], #0]\n\t"
    17309. 

  17309.         "ldr	r4, [%[r], #4]\n\t"
    17310. 

  17310.         "lsr	r5, r3, #1\n\t"
    17311. 

  17311.         "lsr	r6, r4, #1\n\t"
    17312. 

  17312.         "lsl	r4, r4, #31\n\t"
    17313. 

  17313.         "orr	r5, r4\n\t"
    17314. 

  17314.         "orr	r6, r7\n\t"
    17315. 

  17315.         "str	r5, [%[r], #0]\n\t"
    17316. 

  17316.         "str	r6, [%[r], #4]\n\t"
    17317. 

  17317.         :
    17318. 

  17318.         : [r] "r" (r), [a] "r" (a), [m] "r" (m)
    17319. 

  17319.         : "memory", "r3", "r4", "r5", "r6", "r7"
    17320. 

  17320.     );
    17321. 

  17321. }
    17322. 

  17322. 

  17323. /* Double the Montgomery form projective point p.
    17324. 

  17324.  *
    17325. 

  17325.  * r  Result of doubling point.
    17326. 

  17326.  * p  Point to double.
    17327. 

  17327.  * t  Temporary ordinate data.
    17328. 

  17328.  */
    17329. 

  17329. static void sp_256_proj_point_dbl_8(sp_point* r, const sp_point* p, sp_digit* t)
    17330. 

  17330. {
    17331. 

  17331.     sp_point* rp[2];
    17332. 

  17332.     sp_digit* t1 = t;
    17333. 

  17333.     sp_digit* t2 = t + 2*8;
    17334. 

  17334.     sp_digit* x;
    17335. 

  17335.     sp_digit* y;
    17336. 

  17336.     sp_digit* z;
    17337. 

  17337.     int i;
    17338. 

  17338. 

  17339.     /* When infinity don't double point passed in - constant time. */
    17340. 

  17340.     rp[0] = r;
    17341. 

  17341. 

  17342.     /*lint allow cast to different type of pointer*/
    17343. 

  17343.     rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
    17344. 

  17344.     XMEMSET(rp[1], 0, sizeof(sp_point));
    17345. 

  17345.     x = rp[p->infinity]->x;
    17346. 

  17346.     y = rp[p->infinity]->y;
    17347. 

  17347.     z = rp[p->infinity]->z;
    17348. 

  17348.     /* Put point to double into result - good for infinity. */
    17349. 

  17349.     if (r != p) {
    17350. 

  17350.         for (i=0; i<8; i++) {
    17351. 

  17351.             r->x[i] = p->x[i];
    17352. 

  17352.         }
    17353. 

  17353.         for (i=0; i<8; i++) {
    17354. 

  17354.             r->y[i] = p->y[i];
    17355. 

  17355.         }
    17356. 

  17356.         for (i=0; i<8; i++) {
    17357. 

  17357.             r->z[i] = p->z[i];
    17358. 

  17358.         }
    17359. 

  17359.         r->infinity = p->infinity;
    17360. 

  17360.     }
    17361. 

  17361. 

  17362.     /* T1 = Z * Z */
    17363. 

  17363.     sp_256_mont_sqr_8(t1, z, p256_mod, p256_mp_mod);
    17364. 

  17364.     /* Z = Y * Z */
    17365. 

  17365.     sp_256_mont_mul_8(z, y, z, p256_mod, p256_mp_mod);
    17366. 

  17366.     /* Z = 2Z */
    17367. 

  17367.     sp_256_mont_dbl_8(z, z, p256_mod);
    17368. 

  17368.     /* T2 = X - T1 */
    17369. 

  17369.     sp_256_mont_sub_8(t2, x, t1, p256_mod);
    17370. 

  17370.     /* T1 = X + T1 */
    17371. 

  17371.     sp_256_mont_add_8(t1, x, t1, p256_mod);
    17372. 

  17372.     /* T2 = T1 * T2 */
    17373. 

  17373.     sp_256_mont_mul_8(t2, t1, t2, p256_mod, p256_mp_mod);
    17374. 

  17374.     /* T1 = 3T2 */
    17375. 

  17375.     sp_256_mont_tpl_8(t1, t2, p256_mod);
    17376. 

  17376.     /* Y = 2Y */
    17377. 

  17377.     sp_256_mont_dbl_8(y, y, p256_mod);
    17378. 

  17378.     /* Y = Y * Y */
    17379. 

  17379.     sp_256_mont_sqr_8(y, y, p256_mod, p256_mp_mod);
    17380. 

  17380.     /* T2 = Y * Y */
    17381. 

  17381.     sp_256_mont_sqr_8(t2, y, p256_mod, p256_mp_mod);
    17382. 

  17382.     /* T2 = T2/2 */
    17383. 

  17383.     sp_256_div2_8(t2, t2, p256_mod);
    17384. 

  17384.     /* Y = Y * X */
    17385. 

  17385.     sp_256_mont_mul_8(y, y, x, p256_mod, p256_mp_mod);
    17386. 

  17386.     /* X = T1 * T1 */
    17387. 

  17387.     sp_256_mont_mul_8(x, t1, t1, p256_mod, p256_mp_mod);
    17388. 

  17388.     /* X = X - Y */
    17389. 

  17389.     sp_256_mont_sub_8(x, x, y, p256_mod);
    17390. 

  17390.     /* X = X - Y */
    17391. 

  17391.     sp_256_mont_sub_8(x, x, y, p256_mod);
    17392. 

  17392.     /* Y = Y - X */
    17393. 

  17393.     sp_256_mont_sub_8(y, y, x, p256_mod);
    17394. 

  17394.     /* Y = Y * T1 */
    17395. 

  17395.     sp_256_mont_mul_8(y, y, t1, p256_mod, p256_mp_mod);
    17396. 

  17396.     /* Y = Y - T2 */
    17397. 

  17397.     sp_256_mont_sub_8(y, y, t2, p256_mod);
    17398. 

  17398. 

  17399. }
    17400. 

  17400. 

  17401. #ifdef WOLFSSL_SP_SMALL
    17402. 

  17402. /* Sub b from a into r. (r = a - b)
    17403. 

  17403.  *
    17404. 

  17404.  * r  A single precision integer.
    17405. 

  17405.  * a  A single precision integer.
    17406. 

  17406.  * b  A single precision integer.
    17407. 

  17407.  */
    17408. 

  17408. SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
    17409. 

  17409.         const sp_digit* b)
    17410. 

  17410. {
    17411. 

  17411.     sp_digit c = 0;
    17412. 

  17412. 

  17413.     __asm__ __volatile__ (
    17414. 

  17414.         "mov	r6, %[a]\n\t"
    17415. 

  17415.         "add	r6, #32\n\t"
    17416. 

  17416.         "\n1:\n\t"
    17417. 

  17417.         "mov	r5, #0\n\t"
    17418. 

  17418.         "sub	r5, %[c]\n\t"
    17419. 

  17419.         "ldr	r4, [%[a]]\n\t"
    17420. 

  17420.         "ldr	r5, [%[b]]\n\t"
    17421. 

  17421.         "sbc	r4, r5\n\t"
    17422. 

  17422.         "str	r4, [%[r]]\n\t"
    17423. 

  17423.         "sbc	%[c], %[c]\n\t"
    17424. 

  17424.         "add	%[a], #4\n\t"
    17425. 

  17425.         "add	%[b], #4\n\t"
    17426. 

  17426.         "add	%[r], #4\n\t"
    17427. 

  17427.         "cmp	%[a], r6\n\t"
    17428. 

  17428.         "bne	1b\n\t"
    17429. 

  17429.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    17430. 

  17430.         :
    17431. 

  17431.         : "memory", "r4", "r5", "r6"
    17432. 

  17432.     );
    17433. 

  17433. 

  17434.     return c;
    17435. 

  17435. }
    17436. 

  17436. 

  17437. #else
    17438. 

  17438. /* Sub b from a into r. (r = a - b)
    17439. 

  17439.  *
    17440. 

  17440.  * r  A single precision integer.
    17441. 

  17441.  * a  A single precision integer.
    17442. 

  17442.  * b  A single precision integer.
    17443. 

  17443.  */
    17444. 

  17444. SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
    17445. 

  17445.         const sp_digit* b)
    17446. 

  17446. {
    17447. 

  17447.     sp_digit c = 0;
    17448. 

  17448. 

  17449.     __asm__ __volatile__ (
    17450. 

  17450.         "ldr	r4, [%[a], #0]\n\t"
    17451. 

  17451.         "ldr	r5, [%[a], #4]\n\t"
    17452. 

  17452.         "ldr	r6, [%[b], #0]\n\t"
    17453. 

  17453.         "ldr	r7, [%[b], #4]\n\t"
    17454. 

  17454.         "sub	r4, r6\n\t"
    17455. 

  17455.         "sbc	r5, r7\n\t"
    17456. 

  17456.         "str	r4, [%[r], #0]\n\t"
    17457. 

  17457.         "str	r5, [%[r], #4]\n\t"
    17458. 

  17458.         "ldr	r4, [%[a], #8]\n\t"
    17459. 

  17459.         "ldr	r5, [%[a], #12]\n\t"
    17460. 

  17460.         "ldr	r6, [%[b], #8]\n\t"
    17461. 

  17461.         "ldr	r7, [%[b], #12]\n\t"
    17462. 

  17462.         "sbc	r4, r6\n\t"
    17463. 

  17463.         "sbc	r5, r7\n\t"
    17464. 

  17464.         "str	r4, [%[r], #8]\n\t"
    17465. 

  17465.         "str	r5, [%[r], #12]\n\t"
    17466. 

  17466.         "ldr	r4, [%[a], #16]\n\t"
    17467. 

  17467.         "ldr	r5, [%[a], #20]\n\t"
    17468. 

  17468.         "ldr	r6, [%[b], #16]\n\t"
    17469. 

  17469.         "ldr	r7, [%[b], #20]\n\t"
    17470. 

  17470.         "sbc	r4, r6\n\t"
    17471. 

  17471.         "sbc	r5, r7\n\t"
    17472. 

  17472.         "str	r4, [%[r], #16]\n\t"
    17473. 

  17473.         "str	r5, [%[r], #20]\n\t"
    17474. 

  17474.         "ldr	r4, [%[a], #24]\n\t"
    17475. 

  17475.         "ldr	r5, [%[a], #28]\n\t"
    17476. 

  17476.         "ldr	r6, [%[b], #24]\n\t"
    17477. 

  17477.         "ldr	r7, [%[b], #28]\n\t"
    17478. 

  17478.         "sbc	r4, r6\n\t"
    17479. 

  17479.         "sbc	r5, r7\n\t"
    17480. 

  17480.         "str	r4, [%[r], #24]\n\t"
    17481. 

  17481.         "str	r5, [%[r], #28]\n\t"
    17482. 

  17482.         "sbc	%[c], %[c]\n\t"
    17483. 

  17483.         : [c] "+r" (c), [r] "+r" (r), [a] "+r" (a), [b] "+r" (b)
    17484. 

  17484.         :
    17485. 

  17485.         : "memory", "r4", "r5", "r6", "r7"
    17486. 

  17486.     );
    17487. 

  17487. 

  17488.     return c;
    17489. 

  17489. }
    17490. 

  17490. 

  17491. #endif /* WOLFSSL_SP_SMALL */
    17492. 

  17492. /* Compare two numbers to determine if they are equal.
    17493. 

  17493.  * Constant time implementation.
    17494. 

  17494.  *
    17495. 

  17495.  * a  First number to compare.
    17496. 

  17496.  * b  Second number to compare.
    17497. 

  17497.  * returns 1 when equal and 0 otherwise.
    17498. 

  17498.  */
    17499. 

  17499. static int sp_256_cmp_equal_8(const sp_digit* a, const sp_digit* b)
    17500. 

  17500. {
    17501. 

  17501.     return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) | (a[3] ^ b[3]) |
    17502. 

  17502.             (a[4] ^ b[4]) | (a[5] ^ b[5]) | (a[6] ^ b[6]) | (a[7] ^ b[7])) == 0;
    17503. 

  17503. }
    17504. 

  17504. 

  17505. /* Add two Montgomery form projective points.
    17506. 

  17506.  *
    17507. 

  17507.  * r  Result of addition.
    17508. 

  17508.  * p  First point to add.
    17509. 

  17509.  * q  Second point to add.
    17510. 

  17510.  * t  Temporary ordinate data.
    17511. 

  17511.  */
    17512. 

  17512. static void sp_256_proj_point_add_8(sp_point* r, const sp_point* p, const sp_point* q,
    17513. 

  17513.         sp_digit* t)
    17514. 

  17514. {
    17515. 

  17515.     const sp_point* ap[2];
    17516. 

  17516.     sp_point* rp[2];
    17517. 

  17517.     sp_digit* t1 = t;
    17518. 

  17518.     sp_digit* t2 = t + 2*8;
    17519. 

  17519.     sp_digit* t3 = t + 4*8;
    17520. 

  17520.     sp_digit* t4 = t + 6*8;
    17521. 

  17521.     sp_digit* t5 = t + 8*8;
    17522. 

  17522.     sp_digit* x;
    17523. 

  17523.     sp_digit* y;
    17524. 

  17524.     sp_digit* z;
    17525. 

  17525.     int i;
    17526. 

  17526. 

  17527.     /* Ensure only the first point is the same as the result. */
    17528. 

  17528.     if (q == r) {
    17529. 

  17529.         const sp_point* a = p;
    17530. 

  17530.         p = q;
    17531. 

  17531.         q = a;
    17532. 

  17532.     }
    17533. 

  17533. 

  17534.     /* Check double */
    17535. 

  17535.     (void)sp_256_sub_8(t1, p256_mod, q->y);
    17536. 

  17536.     sp_256_norm_8(t1);
    17537. 

  17537.     if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
    17538. 

  17538.         (sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
    17539. 

  17539.         sp_256_proj_point_dbl_8(r, p, t);
    17540. 

  17540.     }
    17541. 

  17541.     else {
    17542. 

  17542.         rp[0] = r;
    17543. 

  17543. 

  17544.         /*lint allow cast to different type of pointer*/
    17545. 

  17545.         rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
    17546. 

  17546.         XMEMSET(rp[1], 0, sizeof(sp_point));
    17547. 

  17547.         x = rp[p->infinity | q->infinity]->x;
    17548. 

  17548.         y = rp[p->infinity | q->infinity]->y;
    17549. 

  17549.         z = rp[p->infinity | q->infinity]->z;
    17550. 

  17550. 

  17551.         ap[0] = p;
    17552. 

  17552.         ap[1] = q;
    17553. 

  17553.         for (i=0; i<8; i++) {
    17554. 

  17554.             r->x[i] = ap[p->infinity]->x[i];
    17555. 

  17555.         }
    17556. 

  17556.         for (i=0; i<8; i++) {
    17557. 

  17557.             r->y[i] = ap[p->infinity]->y[i];
    17558. 

  17558.         }
    17559. 

  17559.         for (i=0; i<8; i++) {
    17560. 

  17560.             r->z[i] = ap[p->infinity]->z[i];
    17561. 

  17561.         }
    17562. 

  17562.         r->infinity = ap[p->infinity]->infinity;
    17563. 

  17563. 

  17564.         /* U1 = X1*Z2^2 */
    17565. 

  17565.         sp_256_mont_sqr_8(t1, q->z, p256_mod, p256_mp_mod);
    17566. 

  17566.         sp_256_mont_mul_8(t3, t1, q->z, p256_mod, p256_mp_mod);
    17567. 

  17567.         sp_256_mont_mul_8(t1, t1, x, p256_mod, p256_mp_mod);
    17568. 

  17568.         /* U2 = X2*Z1^2 */
    17569. 

  17569.         sp_256_mont_sqr_8(t2, z, p256_mod, p256_mp_mod);
    17570. 

  17570.         sp_256_mont_mul_8(t4, t2, z, p256_mod, p256_mp_mod);
    17571. 

  17571.         sp_256_mont_mul_8(t2, t2, q->x, p256_mod, p256_mp_mod);
    17572. 

  17572.         /* S1 = Y1*Z2^3 */
    17573. 

  17573.         sp_256_mont_mul_8(t3, t3, y, p256_mod, p256_mp_mod);
    17574. 

  17574.         /* S2 = Y2*Z1^3 */
    17575. 

  17575.         sp_256_mont_mul_8(t4, t4, q->y, p256_mod, p256_mp_mod);
    17576. 

  17576.         /* H = U2 - U1 */
    17577. 

  17577.         sp_256_mont_sub_8(t2, t2, t1, p256_mod);
    17578. 

  17578.         /* R = S2 - S1 */
    17579. 

  17579.         sp_256_mont_sub_8(t4, t4, t3, p256_mod);
    17580. 

  17580.         /* Z3 = H*Z1*Z2 */
    17581. 

  17581.         sp_256_mont_mul_8(z, z, q->z, p256_mod, p256_mp_mod);
    17582. 

  17582.         sp_256_mont_mul_8(z, z, t2, p256_mod, p256_mp_mod);
    17583. 

  17583.         /* X3 = R^2 - H^3 - 2*U1*H^2 */
    17584. 

  17584.         sp_256_mont_sqr_8(x, t4, p256_mod, p256_mp_mod);
    17585. 

  17585.         sp_256_mont_sqr_8(t5, t2, p256_mod, p256_mp_mod);
    17586. 

  17586.         sp_256_mont_mul_8(y, t1, t5, p256_mod, p256_mp_mod);
    17587. 

  17587.         sp_256_mont_mul_8(t5, t5, t2, p256_mod, p256_mp_mod);
    17588. 

  17588.         sp_256_mont_sub_8(x, x, t5, p256_mod);
    17589. 

  17589.         sp_256_mont_dbl_8(t1, y, p256_mod);
    17590. 

  17590.         sp_256_mont_sub_8(x, x, t1, p256_mod);
    17591. 

  17591.         /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
    17592. 

  17592.         sp_256_mont_sub_8(y, y, x, p256_mod);
    17593. 

  17593.         sp_256_mont_mul_8(y, y, t4, p256_mod, p256_mp_mod);
    17594. 

  17594.         sp_256_mont_mul_8(t5, t5, t3, p256_mod, p256_mp_mod);
    17595. 

  17595.         sp_256_mont_sub_8(y, y, t5, p256_mod);
    17596. 

  17596.     }
    17597. 

  17597. }
    17598. 

  17598. 

  17599. /* Multiply the point by the scalar and return the result.
    17600. 

  17600.  * If map is true then convert result to affine coordinates.
    17601. 

  17601.  *
    17602. 

  17602.  * r     Resulting point.
    17603. 

  17603.  * g     Point to multiply.
    17604. 

  17604.  * k     Scalar to multiply by.
    17605. 

  17605.  * map   Indicates whether to convert result to affine.
    17606. 

  17606.  * heap  Heap to use for allocation.
    17607. 

  17607.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    17608. 

  17608.  */
    17609. 

  17609. static int sp_256_ecc_mulmod_fast_8(sp_point* r, const sp_point* g, const sp_digit* k,
    17610. 

  17610.         int map, void* heap)
    17611. 

  17611. {
    17612. 

  17612. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    17613. 

  17613.     sp_point td[16];
    17614. 

  17614.     sp_point rtd;
    17615. 

  17615.     sp_digit tmpd[2 * 8 * 5];
    17616. 

  17616. #endif
    17617. 

  17617.     sp_point* t;
    17618. 

  17618.     sp_point* rt;
    17619. 

  17619.     sp_digit* tmp;
    17620. 

  17620.     sp_digit n;
    17621. 

  17621.     int i;
    17622. 

  17622.     int c, y;
    17623. 

  17623.     int err;
    17624. 

  17624. 

  17625.     (void)heap;
    17626. 

  17626. 

  17627.     err = sp_ecc_point_new(heap, rtd, rt);
    17628. 

  17628. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    17629. 

  17629.     t = (sp_point*)XMALLOC(sizeof(sp_point) * 16, heap, DYNAMIC_TYPE_ECC);
    17630. 

  17630.     if (t == NULL)
    17631. 

  17631.         err = MEMORY_E;
    17632. 

  17632.     tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
    17633. 

  17633.                              DYNAMIC_TYPE_ECC);
    17634. 

  17634.     if (tmp == NULL)
    17635. 

  17635.         err = MEMORY_E;
    17636. 

  17636. #else
    17637. 

  17637.     t = td;
    17638. 

  17638.     tmp = tmpd;
    17639. 

  17639. #endif
    17640. 

  17640. 

  17641.     if (err == MP_OKAY) {
    17642. 

  17642.         /* t[0] = {0, 0, 1} * norm */
    17643. 

  17643.         XMEMSET(&t[0], 0, sizeof(t[0]));
    17644. 

  17644.         t[0].infinity = 1;
    17645. 

  17645.         /* t[1] = {g->x, g->y, g->z} * norm */
    17646. 

  17646.         (void)sp_256_mod_mul_norm_8(t[1].x, g->x, p256_mod);
    17647. 

  17647.         (void)sp_256_mod_mul_norm_8(t[1].y, g->y, p256_mod);
    17648. 

  17648.         (void)sp_256_mod_mul_norm_8(t[1].z, g->z, p256_mod);
    17649. 

  17649.         t[1].infinity = 0;
    17650. 

  17650.         sp_256_proj_point_dbl_8(&t[ 2], &t[ 1], tmp);
    17651. 

  17651.         t[ 2].infinity = 0;
    17652. 

  17652.         sp_256_proj_point_add_8(&t[ 3], &t[ 2], &t[ 1], tmp);
    17653. 

  17653.         t[ 3].infinity = 0;
    17654. 

  17654.         sp_256_proj_point_dbl_8(&t[ 4], &t[ 2], tmp);
    17655. 

  17655.         t[ 4].infinity = 0;
    17656. 

  17656.         sp_256_proj_point_add_8(&t[ 5], &t[ 3], &t[ 2], tmp);
    17657. 

  17657.         t[ 5].infinity = 0;
    17658. 

  17658.         sp_256_proj_point_dbl_8(&t[ 6], &t[ 3], tmp);
    17659. 

  17659.         t[ 6].infinity = 0;
    17660. 

  17660.         sp_256_proj_point_add_8(&t[ 7], &t[ 4], &t[ 3], tmp);
    17661. 

  17661.         t[ 7].infinity = 0;
    17662. 

  17662.         sp_256_proj_point_dbl_8(&t[ 8], &t[ 4], tmp);
    17663. 

  17663.         t[ 8].infinity = 0;
    17664. 

  17664.         sp_256_proj_point_add_8(&t[ 9], &t[ 5], &t[ 4], tmp);
    17665. 

  17665.         t[ 9].infinity = 0;
    17666. 

  17666.         sp_256_proj_point_dbl_8(&t[10], &t[ 5], tmp);
    17667. 

  17667.         t[10].infinity = 0;
    17668. 

  17668.         sp_256_proj_point_add_8(&t[11], &t[ 6], &t[ 5], tmp);
    17669. 

  17669.         t[11].infinity = 0;
    17670. 

  17670.         sp_256_proj_point_dbl_8(&t[12], &t[ 6], tmp);
    17671. 

  17671.         t[12].infinity = 0;
    17672. 

  17672.         sp_256_proj_point_add_8(&t[13], &t[ 7], &t[ 6], tmp);
    17673. 

  17673.         t[13].infinity = 0;
    17674. 

  17674.         sp_256_proj_point_dbl_8(&t[14], &t[ 7], tmp);
    17675. 

  17675.         t[14].infinity = 0;
    17676. 

  17676.         sp_256_proj_point_add_8(&t[15], &t[ 8], &t[ 7], tmp);
    17677. 

  17677.         t[15].infinity = 0;
    17678. 

  17678. 

  17679.         i = 6;
    17680. 

  17680.         n = k[i+1] << 0;
    17681. 

  17681.         c = 28;
    17682. 

  17682.         y = n >> 28;
    17683. 

  17683.         XMEMCPY(rt, &t[y], sizeof(sp_point));
    17684. 

  17684.         n <<= 4;
    17685. 

  17685.         for (; i>=0 || c>=4; ) {
    17686. 

  17686.             if (c < 4) {
    17687. 

  17687.                 n |= k[i--] << (0 - c);
    17688. 

  17688.                 c += 32;
    17689. 

  17689.             }
    17690. 

  17690.             y = (n >> 28) & 0xf;
    17691. 

  17691.             n <<= 4;
    17692. 

  17692.             c -= 4;
    17693. 

  17693. 

  17694.             sp_256_proj_point_dbl_8(rt, rt, tmp);
    17695. 

  17695.             sp_256_proj_point_dbl_8(rt, rt, tmp);
    17696. 

  17696.             sp_256_proj_point_dbl_8(rt, rt, tmp);
    17697. 

  17697.             sp_256_proj_point_dbl_8(rt, rt, tmp);
    17698. 

  17698. 

  17699.             sp_256_proj_point_add_8(rt, rt, &t[y], tmp);
    17700. 

  17700.         }
    17701. 

  17701. 

  17702.         if (map != 0) {
    17703. 

  17703.             sp_256_map_8(r, rt, tmp);
    17704. 

  17704.         }
    17705. 

  17705.         else {
    17706. 

  17706.             XMEMCPY(r, rt, sizeof(sp_point));
    17707. 

  17707.         }
    17708. 

  17708.     }
    17709. 

  17709. 

  17710. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    17711. 

  17711.     if (tmp != NULL) {
    17712. 

  17712.         XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5);
    17713. 

  17713.         XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
    17714. 

  17714.     }
    17715. 

  17715.     if (t != NULL) {
    17716. 

  17716.         XMEMSET(t, 0, sizeof(sp_point) * 16);
    17717. 

  17717.         XFREE(t, heap, DYNAMIC_TYPE_ECC);
    17718. 

  17718.     }
    17719. 

  17719. #else
    17720. 

  17720.     ForceZero(tmpd, sizeof(tmpd));
    17721. 

  17721.     ForceZero(td, sizeof(td));
    17722. 

  17722. #endif
    17723. 

  17723.     sp_ecc_point_free(rt, 1, heap);
    17724. 

  17724. 

  17725.     return err;
    17726. 

  17726. }
    17727. 

  17727. 

  17728. /* A table entry for pre-computed points. */
    17729. 

  17729. typedef struct sp_table_entry {
    17730. 

  17730.     sp_digit x[8];
    17731. 

  17731.     sp_digit y[8];
    17732. 

  17732. } sp_table_entry;
    17733. 

  17733. 

  17734. #ifdef FP_ECC
    17735. 

  17735. /* Double the Montgomery form projective point p a number of times.
    17736. 

  17736.  *
    17737. 

  17737.  * r  Result of repeated doubling of point.
    17738. 

  17738.  * p  Point to double.
    17739. 

  17739.  * n  Number of times to double
    17740. 

  17740.  * t  Temporary ordinate data.
    17741. 

  17741.  */
    17742. 

  17742. static void sp_256_proj_point_dbl_n_8(sp_point* r, const sp_point* p, int n,
    17743. 

  17743.         sp_digit* t)
    17744. 

  17744. {
    17745. 

  17745.     sp_point* rp[2];
    17746. 

  17746.     sp_digit* w = t;
    17747. 

  17747.     sp_digit* a = t + 2*8;
    17748. 

  17748.     sp_digit* b = t + 4*8;
    17749. 

  17749.     sp_digit* t1 = t + 6*8;
    17750. 

  17750.     sp_digit* t2 = t + 8*8;
    17751. 

  17751.     sp_digit* x;
    17752. 

  17752.     sp_digit* y;
    17753. 

  17753.     sp_digit* z;
    17754. 

  17754.     int i;
    17755. 

  17755. 

  17756.     rp[0] = r;
    17757. 

  17757. 

  17758.     /*lint allow cast to different type of pointer*/
    17759. 

  17759.     rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
    17760. 

  17760.     XMEMSET(rp[1], 0, sizeof(sp_point));
    17761. 

  17761.     x = rp[p->infinity]->x;
    17762. 

  17762.     y = rp[p->infinity]->y;
    17763. 

  17763.     z = rp[p->infinity]->z;
    17764. 

  17764.     if (r != p) {
    17765. 

  17765.         for (i=0; i<8; i++) {
    17766. 

  17766.             r->x[i] = p->x[i];
    17767. 

  17767.         }
    17768. 

  17768.         for (i=0; i<8; i++) {
    17769. 

  17769.             r->y[i] = p->y[i];
    17770. 

  17770.         }
    17771. 

  17771.         for (i=0; i<8; i++) {
    17772. 

  17772.             r->z[i] = p->z[i];
    17773. 

  17773.         }
    17774. 

  17774.         r->infinity = p->infinity;
    17775. 

  17775.     }
    17776. 

  17776. 

  17777.     /* Y = 2*Y */
    17778. 

  17778.     sp_256_mont_dbl_8(y, y, p256_mod);
    17779. 

  17779.     /* W = Z^4 */
    17780. 

  17780.     sp_256_mont_sqr_8(w, z, p256_mod, p256_mp_mod);
    17781. 

  17781.     sp_256_mont_sqr_8(w, w, p256_mod, p256_mp_mod);
    17782. 

  17782.     while (n-- > 0) {
    17783. 

  17783.         /* A = 3*(X^2 - W) */
    17784. 

  17784.         sp_256_mont_sqr_8(t1, x, p256_mod, p256_mp_mod);
    17785. 

  17785.         sp_256_mont_sub_8(t1, t1, w, p256_mod);
    17786. 

  17786.         sp_256_mont_tpl_8(a, t1, p256_mod);
    17787. 

  17787.         /* B = X*Y^2 */
    17788. 

  17788.         sp_256_mont_sqr_8(t2, y, p256_mod, p256_mp_mod);
    17789. 

  17789.         sp_256_mont_mul_8(b, t2, x, p256_mod, p256_mp_mod);
    17790. 

  17790.         /* X = A^2 - 2B */
    17791. 

  17791.         sp_256_mont_sqr_8(x, a, p256_mod, p256_mp_mod);
    17792. 

  17792.         sp_256_mont_dbl_8(t1, b, p256_mod);
    17793. 

  17793.         sp_256_mont_sub_8(x, x, t1, p256_mod);
    17794. 

  17794.         /* Z = Z*Y */
    17795. 

  17795.         sp_256_mont_mul_8(z, z, y, p256_mod, p256_mp_mod);
    17796. 

  17796.         /* t2 = Y^4 */
    17797. 

  17797.         sp_256_mont_sqr_8(t2, t2, p256_mod, p256_mp_mod);
    17798. 

  17798.         if (n != 0) {
    17799. 

  17799.             /* W = W*Y^4 */
    17800. 

  17800.             sp_256_mont_mul_8(w, w, t2, p256_mod, p256_mp_mod);
    17801. 

  17801.         }
    17802. 

  17802.         /* y = 2*A*(B - X) - Y^4 */
    17803. 

  17803.         sp_256_mont_sub_8(y, b, x, p256_mod);
    17804. 

  17804.         sp_256_mont_mul_8(y, y, a, p256_mod, p256_mp_mod);
    17805. 

  17805.         sp_256_mont_dbl_8(y, y, p256_mod);
    17806. 

  17806.         sp_256_mont_sub_8(y, y, t2, p256_mod);
    17807. 

  17807.     }
    17808. 

  17808.     /* Y = Y/2 */
    17809. 

  17809.     sp_256_div2_8(y, y, p256_mod);
    17810. 

  17810. }
    17811. 

  17811. 

  17812. #endif /* FP_ECC */
    17813. 

  17813. /* Add two Montgomery form projective points. The second point has a q value of
    17814. 

  17814.  * one.
    17815. 

  17815.  * Only the first point can be the same pointer as the result point.
    17816. 

  17816.  *
    17817. 

  17817.  * r  Result of addition.
    17818. 

  17818.  * p  First point to add.
    17819. 

  17819.  * q  Second point to add.
    17820. 

  17820.  * t  Temporary ordinate data.
    17821. 

  17821.  */
    17822. 

  17822. static void sp_256_proj_point_add_qz1_8(sp_point* r, const sp_point* p,
    17823. 

  17823.         const sp_point* q, sp_digit* t)
    17824. 

  17824. {
    17825. 

  17825.     const sp_point* ap[2];
    17826. 

  17826.     sp_point* rp[2];
    17827. 

  17827.     sp_digit* t1 = t;
    17828. 

  17828.     sp_digit* t2 = t + 2*8;
    17829. 

  17829.     sp_digit* t3 = t + 4*8;
    17830. 

  17830.     sp_digit* t4 = t + 6*8;
    17831. 

  17831.     sp_digit* t5 = t + 8*8;
    17832. 

  17832.     sp_digit* x;
    17833. 

  17833.     sp_digit* y;
    17834. 

  17834.     sp_digit* z;
    17835. 

  17835.     int i;
    17836. 

  17836. 

  17837.     /* Check double */
    17838. 

  17838.     (void)sp_256_sub_8(t1, p256_mod, q->y);
    17839. 

  17839.     sp_256_norm_8(t1);
    17840. 

  17840.     if ((sp_256_cmp_equal_8(p->x, q->x) & sp_256_cmp_equal_8(p->z, q->z) &
    17841. 

  17841.         (sp_256_cmp_equal_8(p->y, q->y) | sp_256_cmp_equal_8(p->y, t1))) != 0) {
    17842. 

  17842.         sp_256_proj_point_dbl_8(r, p, t);
    17843. 

  17843.     }
    17844. 

  17844.     else {
    17845. 

  17845.         rp[0] = r;
    17846. 

  17846. 

  17847.         /*lint allow cast to different type of pointer*/
    17848. 

  17848.         rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
    17849. 

  17849.         XMEMSET(rp[1], 0, sizeof(sp_point));
    17850. 

  17850.         x = rp[p->infinity | q->infinity]->x;
    17851. 

  17851.         y = rp[p->infinity | q->infinity]->y;
    17852. 

  17852.         z = rp[p->infinity | q->infinity]->z;
    17853. 

  17853. 

  17854.         ap[0] = p;
    17855. 

  17855.         ap[1] = q;
    17856. 

  17856.         for (i=0; i<8; i++) {
    17857. 

  17857.             r->x[i] = ap[p->infinity]->x[i];
    17858. 

  17858.         }
    17859. 

  17859.         for (i=0; i<8; i++) {
    17860. 

  17860.             r->y[i] = ap[p->infinity]->y[i];
    17861. 

  17861.         }
    17862. 

  17862.         for (i=0; i<8; i++) {
    17863. 

  17863.             r->z[i] = ap[p->infinity]->z[i];
    17864. 

  17864.         }
    17865. 

  17865.         r->infinity = ap[p->infinity]->infinity;
    17866. 

  17866. 

  17867.         /* U2 = X2*Z1^2 */
    17868. 

  17868.         sp_256_mont_sqr_8(t2, z, p256_mod, p256_mp_mod);
    17869. 

  17869.         sp_256_mont_mul_8(t4, t2, z, p256_mod, p256_mp_mod);
    17870. 

  17870.         sp_256_mont_mul_8(t2, t2, q->x, p256_mod, p256_mp_mod);
    17871. 

  17871.         /* S2 = Y2*Z1^3 */
    17872. 

  17872.         sp_256_mont_mul_8(t4, t4, q->y, p256_mod, p256_mp_mod);
    17873. 

  17873.         /* H = U2 - X1 */
    17874. 

  17874.         sp_256_mont_sub_8(t2, t2, x, p256_mod);
    17875. 

  17875.         /* R = S2 - Y1 */
    17876. 

  17876.         sp_256_mont_sub_8(t4, t4, y, p256_mod);
    17877. 

  17877.         /* Z3 = H*Z1 */
    17878. 

  17878.         sp_256_mont_mul_8(z, z, t2, p256_mod, p256_mp_mod);
    17879. 

  17879.         /* X3 = R^2 - H^3 - 2*X1*H^2 */
    17880. 

  17880.         sp_256_mont_sqr_8(t1, t4, p256_mod, p256_mp_mod);
    17881. 

  17881.         sp_256_mont_sqr_8(t5, t2, p256_mod, p256_mp_mod);
    17882. 

  17882.         sp_256_mont_mul_8(t3, x, t5, p256_mod, p256_mp_mod);
    17883. 

  17883.         sp_256_mont_mul_8(t5, t5, t2, p256_mod, p256_mp_mod);
    17884. 

  17884.         sp_256_mont_sub_8(x, t1, t5, p256_mod);
    17885. 

  17885.         sp_256_mont_dbl_8(t1, t3, p256_mod);
    17886. 

  17886.         sp_256_mont_sub_8(x, x, t1, p256_mod);
    17887. 

  17887.         /* Y3 = R*(X1*H^2 - X3) - Y1*H^3 */
    17888. 

  17888.         sp_256_mont_sub_8(t3, t3, x, p256_mod);
    17889. 

  17889.         sp_256_mont_mul_8(t3, t3, t4, p256_mod, p256_mp_mod);
    17890. 

  17890.         sp_256_mont_mul_8(t5, t5, y, p256_mod, p256_mp_mod);
    17891. 

  17891.         sp_256_mont_sub_8(y, t3, t5, p256_mod);
    17892. 

  17892.     }
    17893. 

  17893. }
    17894. 

  17894. 

  17895. #ifdef WOLFSSL_SP_SMALL
    17896. 

  17896. #ifdef FP_ECC
    17897. 

  17897. /* Convert the projective point to affine.
    17898. 

  17898.  * Ordinates are in Montgomery form.
    17899. 

  17899.  *
    17900. 

  17900.  * a  Point to convert.
    17901. 

  17901.  * t  Temporary data.
    17902. 

  17902.  */
    17903. 

  17903. static void sp_256_proj_to_affine_8(sp_point* a, sp_digit* t)
    17904. 

  17904. {
    17905. 

  17905.     sp_digit* t1 = t;
    17906. 

  17906.     sp_digit* t2 = t + 2 * 8;
    17907. 

  17907.     sp_digit* tmp = t + 4 * 8;
    17908. 

  17908. 

  17909.     sp_256_mont_inv_8(t1, a->z, tmp);
    17910. 

  17910. 

  17911.     sp_256_mont_sqr_8(t2, t1, p256_mod, p256_mp_mod);
    17912. 

  17912.     sp_256_mont_mul_8(t1, t2, t1, p256_mod, p256_mp_mod);
    17913. 

  17913. 

  17914.     sp_256_mont_mul_8(a->x, a->x, t2, p256_mod, p256_mp_mod);
    17915. 

  17915.     sp_256_mont_mul_8(a->y, a->y, t1, p256_mod, p256_mp_mod);
    17916. 

  17916.     XMEMCPY(a->z, p256_norm_mod, sizeof(p256_norm_mod));
    17917. 

  17917. }
    17918. 

  17918. 

  17919. /* Generate the pre-computed table of points for the base point.
    17920. 

  17920.  *
    17921. 

  17921.  * a      The base point.
    17922. 

  17922.  * table  Place to store generated point data.
    17923. 

  17923.  * tmp    Temporary data.
    17924. 

  17924.  * heap  Heap to use for allocation.
    17925. 

  17925.  */
    17926. 

  17926. static int sp_256_gen_stripe_table_8(const sp_point* a,
    17927. 

  17927.         sp_table_entry* table, sp_digit* tmp, void* heap)
    17928. 

  17928. {
    17929. 

  17929. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    17930. 

  17930.     sp_point td, s1d, s2d;
    17931. 

  17931. #endif
    17932. 

  17932.     sp_point* t;
    17933. 

  17933.     sp_point* s1 = NULL;
    17934. 

  17934.     sp_point* s2 = NULL;
    17935. 

  17935.     int i, j;
    17936. 

  17936.     int err;
    17937. 

  17937. 

  17938.     (void)heap;
    17939. 

  17939. 

  17940.     err = sp_ecc_point_new(heap, td, t);
    17941. 

  17941.     if (err == MP_OKAY) {
    17942. 

  17942.         err = sp_ecc_point_new(heap, s1d, s1);
    17943. 

  17943.     }
    17944. 

  17944.     if (err == MP_OKAY) {
    17945. 

  17945.         err = sp_ecc_point_new(heap, s2d, s2);
    17946. 

  17946.     }
    17947. 

  17947. 

  17948.     if (err == MP_OKAY) {
    17949. 

  17949.         err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
    17950. 

  17950.     }
    17951. 

  17951.     if (err == MP_OKAY) {
    17952. 

  17952.         err = sp_256_mod_mul_norm_8(t->y, a->y, p256_mod);
    17953. 

  17953.     }
    17954. 

  17954.     if (err == MP_OKAY) {
    17955. 

  17955.         err = sp_256_mod_mul_norm_8(t->z, a->z, p256_mod);
    17956. 

  17956.     }
    17957. 

  17957.     if (err == MP_OKAY) {
    17958. 

  17958.         t->infinity = 0;
    17959. 

  17959.         sp_256_proj_to_affine_8(t, tmp);
    17960. 

  17960. 

  17961.         XMEMCPY(s1->z, p256_norm_mod, sizeof(p256_norm_mod));
    17962. 

  17962.         s1->infinity = 0;
    17963. 

  17963.         XMEMCPY(s2->z, p256_norm_mod, sizeof(p256_norm_mod));
    17964. 

  17964.         s2->infinity = 0;
    17965. 

  17965. 

  17966.         /* table[0] = {0, 0, infinity} */
    17967. 

  17967.         XMEMSET(&table[0], 0, sizeof(sp_table_entry));
    17968. 

  17968.         /* table[1] = Affine version of 'a' in Montgomery form */
    17969. 

  17969.         XMEMCPY(table[1].x, t->x, sizeof(table->x));
    17970. 

  17970.         XMEMCPY(table[1].y, t->y, sizeof(table->y));
    17971. 

  17971. 

  17972.         for (i=1; i<4; i++) {
    17973. 

  17973.             sp_256_proj_point_dbl_n_8(t, t, 64, tmp);
    17974. 

  17974.             sp_256_proj_to_affine_8(t, tmp);
    17975. 

  17975.             XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
    17976. 

  17976.             XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
    17977. 

  17977.         }
    17978. 

  17978. 

  17979.         for (i=1; i<4; i++) {
    17980. 

  17980.             XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
    17981. 

  17981.             XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
    17982. 

  17982.             for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
    17983. 

  17983.                 XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
    17984. 

  17984.                 XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
    17985. 

  17985.                 sp_256_proj_point_add_qz1_8(t, s1, s2, tmp);
    17986. 

  17986.                 sp_256_proj_to_affine_8(t, tmp);
    17987. 

  17987.                 XMEMCPY(table[j].x, t->x, sizeof(table->x));
    17988. 

  17988.                 XMEMCPY(table[j].y, t->y, sizeof(table->y));
    17989. 

  17989.             }
    17990. 

  17990.         }
    17991. 

  17991.     }
    17992. 

  17992. 

  17993.     sp_ecc_point_free(s2, 0, heap);
    17994. 

  17994.     sp_ecc_point_free(s1, 0, heap);
    17995. 

  17995.     sp_ecc_point_free( t, 0, heap);
    17996. 

  17996. 

  17997.     return err;
    17998. 

  17998. }
    17999. 

  17999. 

  18000. #endif /* FP_ECC */
    18001. 

  18001. /* Multiply the point by the scalar and return the result.
    18002. 

  18002.  * If map is true then convert result to affine coordinates.
    18003. 

  18003.  *
    18004. 

  18004.  * r     Resulting point.
    18005. 

  18005.  * k     Scalar to multiply by.
    18006. 

  18006.  * map   Indicates whether to convert result to affine.
    18007. 

  18007.  * heap  Heap to use for allocation.
    18008. 

  18008.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    18009. 

  18009.  */
    18010. 

  18010. static int sp_256_ecc_mulmod_stripe_8(sp_point* r, const sp_point* g,
    18011. 

  18011.         const sp_table_entry* table, const sp_digit* k, int map, void* heap)
    18012. 

  18012. {
    18013. 

  18013. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    18014. 

  18014.     sp_point rtd;
    18015. 

  18015.     sp_point pd;
    18016. 

  18016.     sp_digit td[2 * 8 * 5];
    18017. 

  18017. #endif
    18018. 

  18018.     sp_point* rt;
    18019. 

  18019.     sp_point* p = NULL;
    18020. 

  18020.     sp_digit* t;
    18021. 

  18021.     int i, j;
    18022. 

  18022.     int y, x;
    18023. 

  18023.     int err;
    18024. 

  18024. 

  18025.     (void)g;
    18026. 

  18026.     (void)heap;
    18027. 

  18027. 

  18028.     err = sp_ecc_point_new(heap, rtd, rt);
    18029. 

  18029.     if (err == MP_OKAY) {
    18030. 

  18030.         err = sp_ecc_point_new(heap, pd, p);
    18031. 

  18031.     }
    18032. 

  18032. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    18033. 

  18033.     t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
    18034. 

  18034.                            DYNAMIC_TYPE_ECC);
    18035. 

  18035.     if (t == NULL) {
    18036. 

  18036.         err = MEMORY_E;
    18037. 

  18037.     }
    18038. 

  18038. #else
    18039. 

  18039.     t = td;
    18040. 

  18040. #endif
    18041. 

  18041. 

  18042.     if (err == MP_OKAY) {
    18043. 

  18043.         XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
    18044. 

  18044.         XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
    18045. 

  18045. 

  18046.         y = 0;
    18047. 

  18047.         for (j=0,x=63; j<4; j++,x+=64) {
    18048. 

  18048.             y |= ((k[x / 32] >> (x % 32)) & 1) << j;
    18049. 

  18049.         }
    18050. 

  18050.         XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
    18051. 

  18051.         XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
    18052. 

  18052.         rt->infinity = !y;
    18053. 

  18053.         for (i=62; i>=0; i--) {
    18054. 

  18054.             y = 0;
    18055. 

  18055.             for (j=0,x=i; j<4; j++,x+=64) {
    18056. 

  18056.                 y |= ((k[x / 32] >> (x % 32)) & 1) << j;
    18057. 

  18057.             }
    18058. 

  18058. 

  18059.             sp_256_proj_point_dbl_8(rt, rt, t);
    18060. 

  18060.             XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
    18061. 

  18061.             XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
    18062. 

  18062.             p->infinity = !y;
    18063. 

  18063.             sp_256_proj_point_add_qz1_8(rt, rt, p, t);
    18064. 

  18064.         }
    18065. 

  18065. 

  18066.         if (map != 0) {
    18067. 

  18067.             sp_256_map_8(r, rt, t);
    18068. 

  18068.         }
    18069. 

  18069.         else {
    18070. 

  18070.             XMEMCPY(r, rt, sizeof(sp_point));
    18071. 

  18071.         }
    18072. 

  18072.     }
    18073. 

  18073. 

  18074. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    18075. 

  18075.     if (t != NULL) {
    18076. 

  18076.         XFREE(t, heap, DYNAMIC_TYPE_ECC);
    18077. 

  18077.     }
    18078. 

  18078. #endif
    18079. 

  18079.     sp_ecc_point_free(p, 0, heap);
    18080. 

  18080.     sp_ecc_point_free(rt, 0, heap);
    18081. 

  18081. 

  18082.     return err;
    18083. 

  18083. }
    18084. 

  18084. 

  18085. #ifdef FP_ECC
    18086. 

  18086. #ifndef FP_ENTRIES
    18087. 

  18087.     #define FP_ENTRIES 16
    18088. 

  18088. #endif
    18089. 

  18089. 

  18090. typedef struct sp_cache_t {
    18091. 

  18091.     sp_digit x[8];
    18092. 

  18092.     sp_digit y[8];
    18093. 

  18093.     sp_table_entry table[16];
    18094. 

  18094.     uint32_t cnt;
    18095. 

  18095.     int set;
    18096. 

  18096. } sp_cache_t;
    18097. 

  18097. 

  18098. static THREAD_LS_T sp_cache_t sp_cache[FP_ENTRIES];
    18099. 

  18099. static THREAD_LS_T int sp_cache_last = -1;
    18100. 

  18100. static THREAD_LS_T int sp_cache_inited = 0;
    18101. 

  18101. 

  18102. #ifndef HAVE_THREAD_LS
    18103. 

  18103.     static volatile int initCacheMutex = 0;
    18104. 

  18104.     static wolfSSL_Mutex sp_cache_lock;
    18105. 

  18105. #endif
    18106. 

  18106. 

  18107. static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
    18108. 

  18108. {
    18109. 

  18109.     int i, j;
    18110. 

  18110.     uint32_t least;
    18111. 

  18111. 

  18112.     if (sp_cache_inited == 0) {
    18113. 

  18113.         for (i=0; i<FP_ENTRIES; i++) {
    18114. 

  18114.             sp_cache[i].set = 0;
    18115. 

  18115.         }
    18116. 

  18116.         sp_cache_inited = 1;
    18117. 

  18117.     }
    18118. 

  18118. 

  18119.     /* Compare point with those in cache. */
    18120. 

  18120.     for (i=0; i<FP_ENTRIES; i++) {
    18121. 

  18121.         if (!sp_cache[i].set)
    18122. 

  18122.             continue;
    18123. 

  18123. 

  18124.         if (sp_256_cmp_equal_8(g->x, sp_cache[i].x) &
    18125. 

  18125.                            sp_256_cmp_equal_8(g->y, sp_cache[i].y)) {
    18126. 

  18126.             sp_cache[i].cnt++;
    18127. 

  18127.             break;
    18128. 

  18128.         }
    18129. 

  18129.     }
    18130. 

  18130. 

  18131.     /* No match. */
    18132. 

  18132.     if (i == FP_ENTRIES) {
    18133. 

  18133.         /* Find empty entry. */
    18134. 

  18134.         i = (sp_cache_last + 1) % FP_ENTRIES;
    18135. 

  18135.         for (; i != sp_cache_last; i=(i+1)%FP_ENTRIES) {
    18136. 

  18136.             if (!sp_cache[i].set) {
    18137. 

  18137.                 break;
    18138. 

  18138.             }
    18139. 

  18139.         }
    18140. 

  18140. 

  18141.         /* Evict least used. */
    18142. 

  18142.         if (i == sp_cache_last) {
    18143. 

  18143.             least = sp_cache[0].cnt;
    18144. 

  18144.             for (j=1; j<FP_ENTRIES; j++) {
    18145. 

  18145.                 if (sp_cache[j].cnt < least) {
    18146. 

  18146.                     i = j;
    18147. 

  18147.                     least = sp_cache[i].cnt;
    18148. 

  18148.                 }
    18149. 

  18149.             }
    18150. 

  18150.         }
    18151. 

  18151. 

  18152.         XMEMCPY(sp_cache[i].x, g->x, sizeof(sp_cache[i].x));
    18153. 

  18153.         XMEMCPY(sp_cache[i].y, g->y, sizeof(sp_cache[i].y));
    18154. 

  18154.         sp_cache[i].set = 1;
    18155. 

  18155.         sp_cache[i].cnt = 1;
    18156. 

  18156.     }
    18157. 

  18157. 

  18158.     *cache = &sp_cache[i];
    18159. 

  18159.     sp_cache_last = i;
    18160. 

  18160. }
    18161. 

  18161. #endif /* FP_ECC */
    18162. 

  18162. 

  18163. /* Multiply the base point of P256 by the scalar and return the result.
    18164. 

  18164.  * If map is true then convert result to affine coordinates.
    18165. 

  18165.  *
    18166. 

  18166.  * r     Resulting point.
    18167. 

  18167.  * g     Point to multiply.
    18168. 

  18168.  * k     Scalar to multiply by.
    18169. 

  18169.  * map   Indicates whether to convert result to affine.
    18170. 

  18170.  * heap  Heap to use for allocation.
    18171. 

  18171.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    18172. 

  18172.  */
    18173. 

  18173. static int sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit* k,
    18174. 

  18174.         int map, void* heap)
    18175. 

  18175. {
    18176. 

  18176. #ifndef FP_ECC
    18177. 

  18177.     return sp_256_ecc_mulmod_fast_8(r, g, k, map, heap);
    18178. 

  18178. #else
    18179. 

  18179.     sp_digit tmp[2 * 8 * 5];
    18180. 

  18180.     sp_cache_t* cache;
    18181. 

  18181.     int err = MP_OKAY;
    18182. 

  18182. 

  18183. #ifndef HAVE_THREAD_LS
    18184. 

  18184.     if (initCacheMutex == 0) {
    18185. 

  18185.          wc_InitMutex(&sp_cache_lock);
    18186. 

  18186.          initCacheMutex = 1;
    18187. 

  18187.     }
    18188. 

  18188.     if (wc_LockMutex(&sp_cache_lock) != 0)
    18189. 

  18189.        err = BAD_MUTEX_E;
    18190. 

  18190. #endif /* HAVE_THREAD_LS */
    18191. 

  18191. 

  18192.     if (err == MP_OKAY) {
    18193. 

  18193.         sp_ecc_get_cache(g, &cache);
    18194. 

  18194.         if (cache->cnt == 2)
    18195. 

  18195.             sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);
    18196. 

  18196. 

  18197. #ifndef HAVE_THREAD_LS
    18198. 

  18198.         wc_UnLockMutex(&sp_cache_lock);
    18199. 

  18199. #endif /* HAVE_THREAD_LS */
    18200. 

  18200. 

  18201.         if (cache->cnt < 2) {
    18202. 

  18202.             err = sp_256_ecc_mulmod_fast_8(r, g, k, map, heap);
    18203. 

  18203.         }
    18204. 

  18204.         else {
    18205. 

  18205.             err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
    18206. 

  18206.                     map, heap);
    18207. 

  18207.         }
    18208. 

  18208.     }
    18209. 

  18209. 

  18210.     return err;
    18211. 

  18211. #endif
    18212. 

  18212. }
    18213. 

  18213. 

  18214. #else
    18215. 

  18215. #ifdef FP_ECC
    18216. 

  18216. /* Generate the pre-computed table of points for the base point.
    18217. 

  18217.  *
    18218. 

  18218.  * a      The base point.
    18219. 

  18219.  * table  Place to store generated point data.
    18220. 

  18220.  * tmp    Temporary data.
    18221. 

  18221.  * heap  Heap to use for allocation.
    18222. 

  18222.  */
    18223. 

  18223. static int sp_256_gen_stripe_table_8(const sp_point* a,
    18224. 

  18224.         sp_table_entry* table, sp_digit* tmp, void* heap)
    18225. 

  18225. {
    18226. 

  18226. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    18227. 

  18227.     sp_point td, s1d, s2d;
    18228. 

  18228. #endif
    18229. 

  18229.     sp_point* t;
    18230. 

  18230.     sp_point* s1 = NULL;
    18231. 

  18231.     sp_point* s2 = NULL;
    18232. 

  18232.     int i, j;
    18233. 

  18233.     int err;
    18234. 

  18234. 

  18235.     (void)heap;
    18236. 

  18236. 

  18237.     err = sp_ecc_point_new(heap, td, t);
    18238. 

  18238.     if (err == MP_OKAY) {
    18239. 

  18239.         err = sp_ecc_point_new(heap, s1d, s1);
    18240. 

  18240.     }
    18241. 

  18241.     if (err == MP_OKAY) {
    18242. 

  18242.         err = sp_ecc_point_new(heap, s2d, s2);
    18243. 

  18243.     }
    18244. 

  18244. 

  18245.     if (err == MP_OKAY) {
    18246. 

  18246.         err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
    18247. 

  18247.     }
    18248. 

  18248.     if (err == MP_OKAY) {
    18249. 

  18249.         err = sp_256_mod_mul_norm_8(t->y, a->y, p256_mod);
    18250. 

  18250.     }
    18251. 

  18251.     if (err == MP_OKAY) {
    18252. 

  18252.         err = sp_256_mod_mul_norm_8(t->z, a->z, p256_mod);
    18253. 

  18253.     }
    18254. 

  18254.     if (err == MP_OKAY) {
    18255. 

  18255.         t->infinity = 0;
    18256. 

  18256.         sp_256_proj_to_affine_8(t, tmp);
    18257. 

  18257. 

  18258.         XMEMCPY(s1->z, p256_norm_mod, sizeof(p256_norm_mod));
    18259. 

  18259.         s1->infinity = 0;
    18260. 

  18260.         XMEMCPY(s2->z, p256_norm_mod, sizeof(p256_norm_mod));
    18261. 

  18261.         s2->infinity = 0;
    18262. 

  18262. 

  18263.         /* table[0] = {0, 0, infinity} */
    18264. 

  18264.         XMEMSET(&table[0], 0, sizeof(sp_table_entry));
    18265. 

  18265.         /* table[1] = Affine version of 'a' in Montgomery form */
    18266. 

  18266.         XMEMCPY(table[1].x, t->x, sizeof(table->x));
    18267. 

  18267.         XMEMCPY(table[1].y, t->y, sizeof(table->y));
    18268. 

  18268. 

  18269.         for (i=1; i<8; i++) {
    18270. 

  18270.             sp_256_proj_point_dbl_n_8(t, t, 32, tmp);
    18271. 

  18271.             sp_256_proj_to_affine_8(t, tmp);
    18272. 

  18272.             XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
    18273. 

  18273.             XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
    18274. 

  18274.         }
    18275. 

  18275. 

  18276.         for (i=1; i<8; i++) {
    18277. 

  18277.             XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
    18278. 

  18278.             XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
    18279. 

  18279.             for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
    18280. 

  18280.                 XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
    18281. 

  18281.                 XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
    18282. 

  18282.                 sp_256_proj_point_add_qz1_8(t, s1, s2, tmp);
    18283. 

  18283.                 sp_256_proj_to_affine_8(t, tmp);
    18284. 

  18284.                 XMEMCPY(table[j].x, t->x, sizeof(table->x));
    18285. 

  18285.                 XMEMCPY(table[j].y, t->y, sizeof(table->y));
    18286. 

  18286.             }
    18287. 

  18287.         }
    18288. 

  18288.     }
    18289. 

  18289. 

  18290.     sp_ecc_point_free(s2, 0, heap);
    18291. 

  18291.     sp_ecc_point_free(s1, 0, heap);
    18292. 

  18292.     sp_ecc_point_free( t, 0, heap);
    18293. 

  18293. 

  18294.     return err;
    18295. 

  18295. }
    18296. 

  18296. 

  18297. #endif /* FP_ECC */
    18298. 

  18298. /* Multiply the point by the scalar and return the result.
    18299. 

  18299.  * If map is true then convert result to affine coordinates.
    18300. 

  18300.  *
    18301. 

  18301.  * r     Resulting point.
    18302. 

  18302.  * k     Scalar to multiply by.
    18303. 

  18303.  * map   Indicates whether to convert result to affine.
    18304. 

  18304.  * heap  Heap to use for allocation.
    18305. 

  18305.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    18306. 

  18306.  */
    18307. 

  18307. static int sp_256_ecc_mulmod_stripe_8(sp_point* r, const sp_point* g,
    18308. 

  18308.         const sp_table_entry* table, const sp_digit* k, int map, void* heap)
    18309. 

  18309. {
    18310. 

  18310. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    18311. 

  18311.     sp_point rtd;
    18312. 

  18312.     sp_point pd;
    18313. 

  18313.     sp_digit td[2 * 8 * 5];
    18314. 

  18314. #endif
    18315. 

  18315.     sp_point* rt;
    18316. 

  18316.     sp_point* p = NULL;
    18317. 

  18317.     sp_digit* t;
    18318. 

  18318.     int i, j;
    18319. 

  18319.     int y, x;
    18320. 

  18320.     int err;
    18321. 

  18321. 

  18322.     (void)g;
    18323. 

  18323.     (void)heap;
    18324. 

  18324. 

  18325.     err = sp_ecc_point_new(heap, rtd, rt);
    18326. 

  18326.     if (err == MP_OKAY) {
    18327. 

  18327.         err = sp_ecc_point_new(heap, pd, p);
    18328. 

  18328.     }
    18329. 

  18329. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    18330. 

  18330.     t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
    18331. 

  18331.                            DYNAMIC_TYPE_ECC);
    18332. 

  18332.     if (t == NULL) {
    18333. 

  18333.         err = MEMORY_E;
    18334. 

  18334.     }
    18335. 

  18335. #else
    18336. 

  18336.     t = td;
    18337. 

  18337. #endif
    18338. 

  18338. 

  18339.     if (err == MP_OKAY) {
    18340. 

  18340.         XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
    18341. 

  18341.         XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
    18342. 

  18342. 

  18343.         y = 0;
    18344. 

  18344.         for (j=0,x=31; j<8; j++,x+=32) {
    18345. 

  18345.             y |= ((k[x / 32] >> (x % 32)) & 1) << j;
    18346. 

  18346.         }
    18347. 

  18347.         XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
    18348. 

  18348.         XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
    18349. 

  18349.         rt->infinity = !y;
    18350. 

  18350.         for (i=30; i>=0; i--) {
    18351. 

  18351.             y = 0;
    18352. 

  18352.             for (j=0,x=i; j<8; j++,x+=32) {
    18353. 

  18353.                 y |= ((k[x / 32] >> (x % 32)) & 1) << j;
    18354. 

  18354.             }
    18355. 

  18355. 

  18356.             sp_256_proj_point_dbl_8(rt, rt, t);
    18357. 

  18357.             XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
    18358. 

  18358.             XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
    18359. 

  18359.             p->infinity = !y;
    18360. 

  18360.             sp_256_proj_point_add_qz1_8(rt, rt, p, t);
    18361. 

  18361.         }
    18362. 

  18362. 

  18363.         if (map != 0) {
    18364. 

  18364.             sp_256_map_8(r, rt, t);
    18365. 

  18365.         }
    18366. 

  18366.         else {
    18367. 

  18367.             XMEMCPY(r, rt, sizeof(sp_point));
    18368. 

  18368.         }
    18369. 

  18369.     }
    18370. 

  18370. 

  18371. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    18372. 

  18372.     if (t != NULL) {
    18373. 

  18373.         XFREE(t, heap, DYNAMIC_TYPE_ECC);
    18374. 

  18374.     }
    18375. 

  18375. #endif
    18376. 

  18376.     sp_ecc_point_free(p, 0, heap);
    18377. 

  18377.     sp_ecc_point_free(rt, 0, heap);
    18378. 

  18378. 

  18379.     return err;
    18380. 

  18380. }
    18381. 

  18381. 

  18382. #ifdef FP_ECC
    18383. 

  18383. #ifndef FP_ENTRIES
    18384. 

  18384.     #define FP_ENTRIES 16
    18385. 

  18385. #endif
    18386. 

  18386. 

  18387. typedef struct sp_cache_t {
    18388. 

  18388.     sp_digit x[8];
    18389. 

  18389.     sp_digit y[8];
    18390. 

  18390.     sp_table_entry table[256];
    18391. 

  18391.     uint32_t cnt;
    18392. 

  18392.     int set;
    18393. 

  18393. } sp_cache_t;
    18394. 

  18394. 

  18395. static THREAD_LS_T sp_cache_t sp_cache[FP_ENTRIES];
    18396. 

  18396. static THREAD_LS_T int sp_cache_last = -1;
    18397. 

  18397. static THREAD_LS_T int sp_cache_inited = 0;
    18398. 

  18398. 

  18399. #ifndef HAVE_THREAD_LS
    18400. 

  18400.     static volatile int initCacheMutex = 0;
    18401. 

  18401.     static wolfSSL_Mutex sp_cache_lock;
    18402. 

  18402. #endif
    18403. 

  18403. 

  18404. static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
    18405. 

  18405. {
    18406. 

  18406.     int i, j;
    18407. 

  18407.     uint32_t least;
    18408. 

  18408. 

  18409.     if (sp_cache_inited == 0) {
    18410. 

  18410.         for (i=0; i<FP_ENTRIES; i++) {
    18411. 

  18411.             sp_cache[i].set = 0;
    18412. 

  18412.         }
    18413. 

  18413.         sp_cache_inited = 1;
    18414. 

  18414.     }
    18415. 

  18415. 

  18416.     /* Compare point with those in cache. */
    18417. 

  18417.     for (i=0; i<FP_ENTRIES; i++) {
    18418. 

  18418.         if (!sp_cache[i].set)
    18419. 

  18419.             continue;
    18420. 

  18420. 

  18421.         if (sp_256_cmp_equal_8(g->x, sp_cache[i].x) &
    18422. 

  18422.                            sp_256_cmp_equal_8(g->y, sp_cache[i].y)) {
    18423. 

  18423.             sp_cache[i].cnt++;
    18424. 

  18424.             break;
    18425. 

  18425.         }
    18426. 

  18426.     }
    18427. 

  18427. 

  18428.     /* No match. */
    18429. 

  18429.     if (i == FP_ENTRIES) {
    18430. 

  18430.         /* Find empty entry. */
    18431. 

  18431.         i = (sp_cache_last + 1) % FP_ENTRIES;
    18432. 

  18432.         for (; i != sp_cache_last; i=(i+1)%FP_ENTRIES) {
    18433. 

  18433.             if (!sp_cache[i].set) {
    18434. 

  18434.                 break;
    18435. 

  18435.             }
    18436. 

  18436.         }
    18437. 

  18437. 

  18438.         /* Evict least used. */
    18439. 

  18439.         if (i == sp_cache_last) {
    18440. 

  18440.             least = sp_cache[0].cnt;
    18441. 

  18441.             for (j=1; j<FP_ENTRIES; j++) {
    18442. 

  18442.                 if (sp_cache[j].cnt < least) {
    18443. 

  18443.                     i = j;
    18444. 

  18444.                     least = sp_cache[i].cnt;
    18445. 

  18445.                 }
    18446. 

  18446.             }
    18447. 

  18447.         }
    18448. 

  18448. 

  18449.         XMEMCPY(sp_cache[i].x, g->x, sizeof(sp_cache[i].x));
    18450. 

  18450.         XMEMCPY(sp_cache[i].y, g->y, sizeof(sp_cache[i].y));
    18451. 

  18451.         sp_cache[i].set = 1;
    18452. 

  18452.         sp_cache[i].cnt = 1;
    18453. 

  18453.     }
    18454. 

  18454. 

  18455.     *cache = &sp_cache[i];
    18456. 

  18456.     sp_cache_last = i;
    18457. 

  18457. }
    18458. 

  18458. #endif /* FP_ECC */
    18459. 

  18459. 

  18460. /* Multiply the base point of P256 by the scalar and return the result.
    18461. 

  18461.  * If map is true then convert result to affine coordinates.
    18462. 

  18462.  *
    18463. 

  18463.  * r     Resulting point.
    18464. 

  18464.  * g     Point to multiply.
    18465. 

  18465.  * k     Scalar to multiply by.
    18466. 

  18466.  * map   Indicates whether to convert result to affine.
    18467. 

  18467.  * heap  Heap to use for allocation.
    18468. 

  18468.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    18469. 

  18469.  */
    18470. 

  18470. static int sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit* k,
    18471. 

  18471.         int map, void* heap)
    18472. 

  18472. {
    18473. 

  18473. #ifndef FP_ECC
    18474. 

  18474.     return sp_256_ecc_mulmod_fast_8(r, g, k, map, heap);
    18475. 

  18475. #else
    18476. 

  18476.     sp_digit tmp[2 * 8 * 5];
    18477. 

  18477.     sp_cache_t* cache;
    18478. 

  18478.     int err = MP_OKAY;
    18479. 

  18479. 

  18480. #ifndef HAVE_THREAD_LS
    18481. 

  18481.     if (initCacheMutex == 0) {
    18482. 

  18482.          wc_InitMutex(&sp_cache_lock);
    18483. 

  18483.          initCacheMutex = 1;
    18484. 

  18484.     }
    18485. 

  18485.     if (wc_LockMutex(&sp_cache_lock) != 0)
    18486. 

  18486.        err = BAD_MUTEX_E;
    18487. 

  18487. #endif /* HAVE_THREAD_LS */
    18488. 

  18488. 

  18489.     if (err == MP_OKAY) {
    18490. 

  18490.         sp_ecc_get_cache(g, &cache);
    18491. 

  18491.         if (cache->cnt == 2)
    18492. 

  18492.             sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);
    18493. 

  18493. 

  18494. #ifndef HAVE_THREAD_LS
    18495. 

  18495.         wc_UnLockMutex(&sp_cache_lock);
    18496. 

  18496. #endif /* HAVE_THREAD_LS */
    18497. 

  18497. 

  18498.         if (cache->cnt < 2) {
    18499. 

  18499.             err = sp_256_ecc_mulmod_fast_8(r, g, k, map, heap);
    18500. 

  18500.         }
    18501. 

  18501.         else {
    18502. 

  18502.             err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
    18503. 

  18503.                     map, heap);
    18504. 

  18504.         }
    18505. 

  18505.     }
    18506. 

  18506. 

  18507.     return err;
    18508. 

  18508. #endif
    18509. 

  18509. }
    18510. 

  18510. 

  18511. #endif /* WOLFSSL_SP_SMALL */
    18512. 

  18512. /* Multiply the point by the scalar and return the result.
    18513. 

  18513.  * If map is true then convert result to affine coordinates.
    18514. 

  18514.  *
    18515. 

  18515.  * km    Scalar to multiply by.
    18516. 

  18516.  * p     Point to multiply.
    18517. 

  18517.  * r     Resulting point.
    18518. 

  18518.  * map   Indicates whether to convert result to affine.
    18519. 

  18519.  * heap  Heap to use for allocation.
    18520. 

  18520.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    18521. 

  18521.  */
    18522. 

  18522. int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
    18523. 

  18523.         void* heap)
    18524. 

  18524. {
    18525. 

  18525. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    18526. 

  18526.     sp_point p;
    18527. 

  18527.     sp_digit k[8];
    18528. 

  18528. #else
    18529. 

  18529.     sp_digit* k = NULL;
    18530. 

  18530. #endif
    18531. 

  18531.     sp_point* point;
    18532. 

  18532.     int err;
    18533. 

  18533. 

  18534.     err = sp_ecc_point_new(heap, p, point);
    18535. 

  18535. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    18536. 

  18536.     if (err == MP_OKAY) {
    18537. 

  18537.         k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
    18538. 

  18538.                                                               DYNAMIC_TYPE_ECC);
    18539. 

  18539.         if (k == NULL)
    18540. 

  18540.             err = MEMORY_E;
    18541. 

  18541.     }
    18542. 

  18542. #endif
    18543. 

  18543.     if (err == MP_OKAY) {
    18544. 

  18544.         sp_256_from_mp(k, 8, km);
    18545. 

  18545.         sp_256_point_from_ecc_point_8(point, gm);
    18546. 

  18546. 

  18547.             err = sp_256_ecc_mulmod_8(point, point, k, map, heap);
    18548. 

  18548.     }
    18549. 

  18549.     if (err == MP_OKAY) {
    18550. 

  18550.         err = sp_256_point_to_ecc_point_8(point, r);
    18551. 

  18551.     }
    18552. 

  18552. 

  18553. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    18554. 

  18554.     if (k != NULL) {
    18555. 

  18555.         XFREE(k, heap, DYNAMIC_TYPE_ECC);
    18556. 

  18556.     }
    18557. 

  18557. #endif
    18558. 

  18558.     sp_ecc_point_free(point, 0, heap);
    18559. 

  18559. 

  18560.     return err;
    18561. 

  18561. }
    18562. 

  18562. 

  18563. #ifdef WOLFSSL_SP_SMALL
    18564. 

  18564. static const sp_table_entry p256_table[16] = {
    18565. 

  18565.     /* 0 */
    18566. 

  18566.     { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
    18567. 

  18567.       { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    18568. 

  18568.     /* 1 */
    18569. 

  18569.     { { 0x18a9143c,0x79e730d4,0x5fedb601,0x75ba95fc,0x77622510,0x79fb732b,
    18570. 

  18570.         0xa53755c6,0x18905f76 },
    18571. 

  18571.       { 0xce95560a,0xddf25357,0xba19e45c,0x8b4ab8e4,0xdd21f325,0xd2e88688,
    18572. 

  18572.         0x25885d85,0x8571ff18 } },
    18573. 

  18573.     /* 2 */
    18574. 

  18574.     { { 0x16a0d2bb,0x4f922fc5,0x1a623499,0x0d5cc16c,0x57c62c8b,0x9241cf3a,
    18575. 

  18575.         0xfd1b667f,0x2f5e6961 },
    18576. 

  18576.       { 0xf5a01797,0x5c15c70b,0x60956192,0x3d20b44d,0x071fdb52,0x04911b37,
    18577. 

  18577.         0x8d6f0f7b,0xf648f916 } },
    18578. 

  18578.     /* 3 */
    18579. 

  18579.     { { 0xe137bbbc,0x9e566847,0x8a6a0bec,0xe434469e,0x79d73463,0xb1c42761,
    18580. 

  18580.         0x133d0015,0x5abe0285 },
    18581. 

  18581.       { 0xc04c7dab,0x92aa837c,0x43260c07,0x573d9f4c,0x78e6cc37,0x0c931562,
    18582. 

  18582.         0x6b6f7383,0x94bb725b } },
    18583. 

  18583.     /* 4 */
    18584. 

  18584.     { { 0xbfe20925,0x62a8c244,0x8fdce867,0x91c19ac3,0xdd387063,0x5a96a5d5,
    18585. 

  18585.         0x21d324f6,0x61d587d4 },
    18586. 

  18586.       { 0xa37173ea,0xe87673a2,0x53778b65,0x23848008,0x05bab43e,0x10f8441e,
    18587. 

  18587.         0x4621efbe,0xfa11fe12 } },
    18588. 

  18588.     /* 5 */
    18589. 

  18589.     { { 0x2cb19ffd,0x1c891f2b,0xb1923c23,0x01ba8d5b,0x8ac5ca8e,0xb6d03d67,
    18590. 

  18590.         0x1f13bedc,0x586eb04c },
    18591. 

  18591.       { 0x27e8ed09,0x0c35c6e5,0x1819ede2,0x1e81a33c,0x56c652fa,0x278fd6c0,
    18592. 

  18592.         0x70864f11,0x19d5ac08 } },
    18593. 

  18593.     /* 6 */
    18594. 

  18594.     { { 0xd2b533d5,0x62577734,0xa1bdddc0,0x673b8af6,0xa79ec293,0x577e7c9a,
    18595. 

  18595.         0xc3b266b1,0xbb6de651 },
    18596. 

  18596.       { 0xb65259b3,0xe7e9303a,0xd03a7480,0xd6a0afd3,0x9b3cfc27,0xc5ac83d1,
    18597. 

  18597.         0x5d18b99b,0x60b4619a } },
    18598. 

  18598.     /* 7 */
    18599. 

  18599.     { { 0x1ae5aa1c,0xbd6a38e1,0x49e73658,0xb8b7652b,0xee5f87ed,0x0b130014,
    18600. 

  18600.         0xaeebffcd,0x9d0f27b2 },
    18601. 

  18601.       { 0x7a730a55,0xca924631,0xddbbc83a,0x9c955b2f,0xac019a71,0x07c1dfe0,
    18602. 

  18602.         0x356ec48d,0x244a566d } },
    18603. 

  18603.     /* 8 */
    18604. 

  18604.     { { 0xf4f8b16a,0x56f8410e,0xc47b266a,0x97241afe,0x6d9c87c1,0x0a406b8e,
    18605. 

  18605.         0xcd42ab1b,0x803f3e02 },
    18606. 

  18606.       { 0x04dbec69,0x7f0309a8,0x3bbad05f,0xa83b85f7,0xad8e197f,0xc6097273,
    18607. 

  18607.         0x5067adc1,0xc097440e } },
    18608. 

  18608.     /* 9 */
    18609. 

  18609.     { { 0xc379ab34,0x846a56f2,0x841df8d1,0xa8ee068b,0x176c68ef,0x20314459,
    18610. 

  18610.         0x915f1f30,0xf1af32d5 },
    18611. 

  18611.       { 0x5d75bd50,0x99c37531,0xf72f67bc,0x837cffba,0x48d7723f,0x0613a418,
    18612. 

  18612.         0xe2d41c8b,0x23d0f130 } },
    18613. 

  18613.     /* 10 */
    18614. 

  18614.     { { 0xd5be5a2b,0xed93e225,0x5934f3c6,0x6fe79983,0x22626ffc,0x43140926,
    18615. 

  18615.         0x7990216a,0x50bbb4d9 },
    18616. 

  18616.       { 0xe57ec63e,0x378191c6,0x181dcdb2,0x65422c40,0x0236e0f6,0x41a8099b,
    18617. 

  18617.         0x01fe49c3,0x2b100118 } },
    18618. 

  18618.     /* 11 */
    18619. 

  18619.     { { 0x9b391593,0xfc68b5c5,0x598270fc,0xc385f5a2,0xd19adcbb,0x7144f3aa,
    18620. 

  18620.         0x83fbae0c,0xdd558999 },
    18621. 

  18621.       { 0x74b82ff4,0x93b88b8e,0x71e734c9,0xd2e03c40,0x43c0322a,0x9a7a9eaf,
    18622. 

  18622.         0x149d6041,0xe6e4c551 } },
    18623. 

  18623.     /* 12 */
    18624. 

  18624.     { { 0x80ec21fe,0x5fe14bfe,0xc255be82,0xf6ce116a,0x2f4a5d67,0x98bc5a07,
    18625. 

  18625.         0xdb7e63af,0xfad27148 },
    18626. 

  18626.       { 0x29ab05b3,0x90c0b6ac,0x4e251ae6,0x37a9a83c,0xc2aade7d,0x0a7dc875,
    18627. 

  18627.         0x9f0e1a84,0x77387de3 } },
    18628. 

  18628.     /* 13 */
    18629. 

  18629.     { { 0xa56c0dd7,0x1e9ecc49,0x46086c74,0xa5cffcd8,0xf505aece,0x8f7a1408,
    18630. 

  18630.         0xbef0c47e,0xb37b85c0 },
    18631. 

  18631.       { 0xcc0e6a8f,0x3596b6e4,0x6b388f23,0xfd6d4bbf,0xc39cef4e,0xaba453fa,
    18632. 

  18632.         0xf9f628d5,0x9c135ac8 } },
    18633. 

  18633.     /* 14 */
    18634. 

  18634.     { { 0x95c8f8be,0x0a1c7294,0x3bf362bf,0x2961c480,0xdf63d4ac,0x9e418403,
    18635. 

  18635.         0x91ece900,0xc109f9cb },
    18636. 

  18636.       { 0x58945705,0xc2d095d0,0xddeb85c0,0xb9083d96,0x7a40449b,0x84692b8d,
    18637. 

  18637.         0x2eee1ee1,0x9bc3344f } },
    18638. 

  18638.     /* 15 */
    18639. 

  18639.     { { 0x42913074,0x0d5ae356,0x48a542b1,0x55491b27,0xb310732a,0x469ca665,
    18640. 

  18640.         0x5f1a4cc1,0x29591d52 },
    18641. 

  18641.       { 0xb84f983f,0xe76f5b6b,0x9f5f84e1,0xbe7eef41,0x80baa189,0x1200d496,
    18642. 

  18642.         0x18ef332c,0x6376551f } },
    18643. 

  18643. };
    18644. 

  18644. 

  18645. /* Multiply the base point of P256 by the scalar and return the result.
    18646. 

  18646.  * If map is true then convert result to affine coordinates.
    18647. 

  18647.  *
    18648. 

  18648.  * r     Resulting point.
    18649. 

  18649.  * k     Scalar to multiply by.
    18650. 

  18650.  * map   Indicates whether to convert result to affine.
    18651. 

  18651.  * heap  Heap to use for allocation.
    18652. 

  18652.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    18653. 

  18653.  */
    18654. 

  18654. static int sp_256_ecc_mulmod_base_8(sp_point* r, const sp_digit* k,
    18655. 

  18655.         int map, void* heap)
    18656. 

  18656. {
    18657. 

  18657.     return sp_256_ecc_mulmod_stripe_8(r, &p256_base, p256_table,
    18658. 

  18658.                                       k, map, heap);
    18659. 

  18659. }
    18660. 

  18660. 

  18661. #else
    18662. 

  18662. static const sp_table_entry p256_table[256] = {
    18663. 

  18663.     /* 0 */
    18664. 

  18664.     { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
    18665. 

  18665.       { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
    18666. 

  18666.     /* 1 */
    18667. 

  18667.     { { 0x18a9143c,0x79e730d4,0x5fedb601,0x75ba95fc,0x77622510,0x79fb732b,
    18668. 

  18668.         0xa53755c6,0x18905f76 },
    18669. 

  18669.       { 0xce95560a,0xddf25357,0xba19e45c,0x8b4ab8e4,0xdd21f325,0xd2e88688,
    18670. 

  18670.         0x25885d85,0x8571ff18 } },
    18671. 

  18671.     /* 2 */
    18672. 

  18672.     { { 0x4147519a,0x20288602,0x26b372f0,0xd0981eac,0xa785ebc8,0xa9d4a7ca,
    18673. 

  18673.         0xdbdf58e9,0xd953c50d },
    18674. 

  18674.       { 0xfd590f8f,0x9d6361cc,0x44e6c917,0x72e9626b,0x22eb64cf,0x7fd96110,
    18675. 

  18675.         0x9eb288f3,0x863ebb7e } },
    18676. 

  18676.     /* 3 */
    18677. 

  18677.     { { 0x5cdb6485,0x7856b623,0x2f0a2f97,0x808f0ea2,0x4f7e300b,0x3e68d954,
    18678. 

  18678.         0xb5ff80a0,0x00076055 },
    18679. 

  18679.       { 0x838d2010,0x7634eb9b,0x3243708a,0x54014fbb,0x842a6606,0xe0e47d39,
    18680. 

  18680.         0x34373ee0,0x83087761 } },
    18681. 

  18681.     /* 4 */
    18682. 

  18682.     { { 0x16a0d2bb,0x4f922fc5,0x1a623499,0x0d5cc16c,0x57c62c8b,0x9241cf3a,
    18683. 

  18683.         0xfd1b667f,0x2f5e6961 },
    18684. 

  18684.       { 0xf5a01797,0x5c15c70b,0x60956192,0x3d20b44d,0x071fdb52,0x04911b37,
    18685. 

  18685.         0x8d6f0f7b,0xf648f916 } },
    18686. 

  18686.     /* 5 */
    18687. 

  18687.     { { 0xe137bbbc,0x9e566847,0x8a6a0bec,0xe434469e,0x79d73463,0xb1c42761,
    18688. 

  18688.         0x133d0015,0x5abe0285 },
    18689. 

  18689.       { 0xc04c7dab,0x92aa837c,0x43260c07,0x573d9f4c,0x78e6cc37,0x0c931562,
    18690. 

  18690.         0x6b6f7383,0x94bb725b } },
    18691. 

  18691.     /* 6 */
    18692. 

  18692.     { { 0x720f141c,0xbbf9b48f,0x2df5bc74,0x6199b3cd,0x411045c4,0xdc3f6129,
    18693. 

  18693.         0x2f7dc4ef,0xcdd6bbcb },
    18694. 

  18694.       { 0xeaf436fd,0xcca6700b,0xb99326be,0x6f647f6d,0x014f2522,0x0c0fa792,
    18695. 

  18695.         0x4bdae5f6,0xa361bebd } },
    18696. 

  18696.     /* 7 */
    18697. 

  18697.     { { 0x597c13c7,0x28aa2558,0x50b7c3e1,0xc38d635f,0xf3c09d1d,0x07039aec,
    18698. 

  18698.         0xc4b5292c,0xba12ca09 },
    18699. 

  18699.       { 0x59f91dfd,0x9e408fa4,0xceea07fb,0x3af43b66,0x9d780b29,0x1eceb089,
    18700. 

  18700.         0x701fef4b,0x53ebb99d } },
    18701. 

  18701.     /* 8 */
    18702. 

  18702.     { { 0xb0e63d34,0x4fe7ee31,0xa9e54fab,0xf4600572,0xd5e7b5a4,0xc0493334,
    18703. 

  18703.         0x06d54831,0x8589fb92 },
    18704. 

  18704.       { 0x6583553a,0xaa70f5cc,0xe25649e5,0x0879094a,0x10044652,0xcc904507,
    18705. 

  18705.         0x02541c4f,0xebb0696d } },
    18706. 

  18706.     /* 9 */
    18707. 

  18707.     { { 0xac1647c5,0x4616ca15,0xc4cf5799,0xb8127d47,0x764dfbac,0xdc666aa3,
    18708. 

  18708.         0xd1b27da3,0xeb2820cb },
    18709. 

  18709.       { 0x6a87e008,0x9406f8d8,0x922378f3,0xd87dfa9d,0x80ccecb2,0x56ed2e42,
    18710. 

  18710.         0x55a7da1d,0x1f28289b } },
    18711. 

  18711.     /* 10 */
    18712. 

  18712.     { { 0x3b89da99,0xabbaa0c0,0xb8284022,0xa6f2d79e,0xb81c05e8,0x27847862,
    18713. 

  18713.         0x05e54d63,0x337a4b59 },
    18714. 

  18714.       { 0x21f7794a,0x3c67500d,0x7d6d7f61,0x207005b7,0x04cfd6e8,0x0a5a3781,
    18715. 

  18715.         0xf4c2fbd6,0x0d65e0d5 } },
    18716. 

  18716.     /* 11 */
    18717. 

  18717.     { { 0xb5275d38,0xd9d09bbe,0x0be0a358,0x4268a745,0x973eb265,0xf0762ff4,
    18718. 

  18718.         0x52f4a232,0xc23da242 },
    18719. 

  18719.       { 0x0b94520c,0x5da1b84f,0xb05bd78e,0x09666763,0x94d29ea1,0x3a4dcb86,
    18720. 

  18720.         0xc790cff1,0x19de3b8c } },
    18721. 

  18721.     /* 12 */
    18722. 

  18722.     { { 0x26c5fe04,0x183a716c,0x3bba1bdb,0x3b28de0b,0xa4cb712c,0x7432c586,
    18723. 

  18723.         0x91fccbfd,0xe34dcbd4 },
    18724. 

  18724.       { 0xaaa58403,0xb408d46b,0x82e97a53,0x9a697486,0x36aaa8af,0x9e390127,
    18725. 

  18725.         0x7b4e0f7f,0xe7641f44 } },
    18726. 

  18726.     /* 13 */
    18727. 

  18727.     { { 0xdf64ba59,0x7d753941,0x0b0242fc,0xd33f10ec,0xa1581859,0x4f06dfc6,
    18728. 

  18728.         0x052a57bf,0x4a12df57 },
    18729. 

  18729.       { 0x9439dbd0,0xbfa6338f,0xbde53e1f,0xd3c24bd4,0x21f1b314,0xfd5e4ffa,
    18730. 

  18730.         0xbb5bea46,0x6af5aa93 } },
    18731. 

  18731.     /* 14 */
    18732. 

  18732.     { { 0x10c91999,0xda10b699,0x2a580491,0x0a24b440,0xb8cc2090,0x3e0094b4,
    18733. 

  18733.         0x66a44013,0x5fe3475a },
    18734. 

  18734.       { 0xf93e7b4b,0xb0f8cabd,0x7c23f91a,0x292b501a,0xcd1e6263,0x42e889ae,
    18735. 

  18735.         0xecfea916,0xb544e308 } },
    18736. 

  18736.     /* 15 */
    18737. 

  18737.     { { 0x16ddfdce,0x6478c6e9,0xf89179e6,0x2c329166,0x4d4e67e1,0x4e8d6e76,
    18738. 

  18738.         0xa6b0c20b,0xe0b6b2bd },
    18739. 

  18739.       { 0xbb7efb57,0x0d312df2,0x790c4007,0x1aac0dde,0x679bc944,0xf90336ad,
    18740. 

  18740.         0x25a63774,0x71c023de } },
    18741. 

  18741.     /* 16 */
    18742. 

  18742.     { { 0xbfe20925,0x62a8c244,0x8fdce867,0x91c19ac3,0xdd387063,0x5a96a5d5,
    18743. 

  18743.         0x21d324f6,0x61d587d4 },
    18744. 

  18744.       { 0xa37173ea,0xe87673a2,0x53778b65,0x23848008,0x05bab43e,0x10f8441e,
    18745. 

  18745.         0x4621efbe,0xfa11fe12 } },
    18746. 

  18746.     /* 17 */
    18747. 

  18747.     { { 0x2cb19ffd,0x1c891f2b,0xb1923c23,0x01ba8d5b,0x8ac5ca8e,0xb6d03d67,
    18748. 

  18748.         0x1f13bedc,0x586eb04c },
    18749. 

  18749.       { 0x27e8ed09,0x0c35c6e5,0x1819ede2,0x1e81a33c,0x56c652fa,0x278fd6c0,
    18750. 

  18750.         0x70864f11,0x19d5ac08 } },
    18751. 

  18751.     /* 18 */
    18752. 

  18752.     { { 0x309a4e1f,0x1e99f581,0xe9270074,0xab7de71b,0xefd28d20,0x26a5ef0b,
    18753. 

  18753.         0x7f9c563f,0xe7c0073f },
    18754. 

  18754.       { 0x0ef59f76,0x1f6d663a,0x20fcb050,0x669b3b54,0x7a6602d4,0xc08c1f7a,
    18755. 

  18755.         0xc65b3c0a,0xe08504fe } },
    18756. 

  18756.     /* 19 */
    18757. 

  18757.     { { 0xa031b3ca,0xf098f68d,0xe6da6d66,0x6d1cab9e,0x94f246e8,0x5bfd81fa,
    18758. 

  18758.         0x5b0996b4,0x78f01882 },
    18759. 

  18759.       { 0x3a25787f,0xb7eefde4,0x1dccac9b,0x8016f80d,0xb35bfc36,0x0cea4877,
    18760. 

  18760.         0x7e94747a,0x43a773b8 } },
    18761. 

  18761.     /* 20 */
    18762. 

  18762.     { { 0xd2b533d5,0x62577734,0xa1bdddc0,0x673b8af6,0xa79ec293,0x577e7c9a,
    18763. 

  18763.         0xc3b266b1,0xbb6de651 },
    18764. 

  18764.       { 0xb65259b3,0xe7e9303a,0xd03a7480,0xd6a0afd3,0x9b3cfc27,0xc5ac83d1,
    18765. 

  18765.         0x5d18b99b,0x60b4619a } },
    18766. 

  18766.     /* 21 */
    18767. 

  18767.     { { 0x1ae5aa1c,0xbd6a38e1,0x49e73658,0xb8b7652b,0xee5f87ed,0x0b130014,
    18768. 

  18768.         0xaeebffcd,0x9d0f27b2 },
    18769. 

  18769.       { 0x7a730a55,0xca924631,0xddbbc83a,0x9c955b2f,0xac019a71,0x07c1dfe0,
    18770. 

  18770.         0x356ec48d,0x244a566d } },
    18771. 

  18771.     /* 22 */
    18772. 

  18772.     { { 0xeacf1f96,0x6db0394a,0x024c271c,0x9f2122a9,0x82cbd3b9,0x2626ac1b,
    18773. 

  18773.         0x3581ef69,0x45e58c87 },
    18774. 

  18774.       { 0xa38f9dbc,0xd3ff479d,0xe888a040,0xa8aaf146,0x46e0bed7,0x945adfb2,
    18775. 

  18775.         0xc1e4b7a4,0xc040e21c } },
    18776. 

  18776.     /* 23 */
    18777. 

  18777.     { { 0x6f8117b6,0x847af000,0x73a35433,0x651969ff,0x1d9475eb,0x482b3576,
    18778. 

  18778.         0x682c6ec7,0x1cdf5c97 },
    18779. 

  18779.       { 0x11f04839,0x7db775b4,0x48de1698,0x7dbeacf4,0xb70b3219,0xb2921dd1,
    18780. 

  18780.         0xa92dff3d,0x046755f8 } },
    18781. 

  18781.     /* 24 */
    18782. 

  18782.     { { 0xbce8ffcd,0xcc8ac5d2,0x2fe61a82,0x0d53c48b,0x7202d6c7,0xf6f16172,
    18783. 

  18783.         0x3b83a5f3,0x046e5e11 },
    18784. 

  18784.       { 0xd8007f01,0xe7b8ff64,0x5af43183,0x7fb1ef12,0x35e1a03c,0x045c5ea6,
    18785. 

  18785.         0x303d005b,0x6e0106c3 } },
    18786. 

  18786.     /* 25 */
    18787. 

  18787.     { { 0x88dd73b1,0x48c73584,0x995ed0d9,0x7670708f,0xc56a2ab7,0x38385ea8,
    18788. 

  18788.         0xe901cf1f,0x442594ed },
    18789. 

  18789.       { 0x12d4b65b,0xf8faa2c9,0x96c90c37,0x94c2343b,0x5e978d1f,0xd326e4a1,
    18790. 

  18790.         0x4c2ee68e,0xa796fa51 } },
    18791. 

  18791.     /* 26 */
    18792. 

  18792.     { { 0x823addd7,0x359fb604,0xe56693b3,0x9e2a6183,0x3cbf3c80,0xf885b78e,
    18793. 

  18793.         0xc69766e9,0xe4ad2da9 },
    18794. 

  18794.       { 0x8e048a61,0x357f7f42,0xc092d9a0,0x082d198c,0xc03ed8ef,0xfc3a1af4,
    18795. 

  18795.         0xc37b5143,0xc5e94046 } },
    18796. 

  18796.     /* 27 */
    18797. 

  18797.     { { 0x2be75f9e,0x476a538c,0xcb123a78,0x6fd1a9e8,0xb109c04b,0xd85e4df0,
    18798. 

  18798.         0xdb464747,0x63283daf },
    18799. 

  18799.       { 0xbaf2df15,0xce728cf7,0x0ad9a7f4,0xe592c455,0xe834bcc3,0xfab226ad,
    18800. 

  18800.         0x1981a938,0x68bd19ab } },
    18801. 

  18801.     /* 28 */
    18802. 

  18802.     { { 0x1887d659,0xc08ead51,0xb359305a,0x3374d5f4,0xcfe74fe3,0x96986981,
    18803. 

  18803.         0x3c6fdfd6,0x495292f5 },
    18804. 

  18804.       { 0x1acec896,0x4a878c9e,0xec5b4484,0xd964b210,0x664d60a7,0x6696f7e2,
    18805. 

  18805.         0x26036837,0x0ec7530d } },
    18806. 

  18806.     /* 29 */
    18807. 

  18807.     { { 0xad2687bb,0x2da13a05,0xf32e21fa,0xa1f83b6a,0x1dd4607b,0x390f5ef5,
    18808. 

  18808.         0x64863f0b,0x0f6207a6 },
    18809. 

  18809.       { 0x0f138233,0xbd67e3bb,0x272aa718,0xdd66b96c,0x26ec88ae,0x8ed00407,
    18810. 

  18810.         0x08ed6dcf,0xff0db072 } },
    18811. 

  18811.     /* 30 */
    18812. 

  18812.     { { 0x4c95d553,0x749fa101,0x5d680a8a,0xa44052fd,0xff3b566f,0x183b4317,
    18813. 

  18813.         0x88740ea3,0x313b513c },
    18814. 

  18814.       { 0x08d11549,0xb402e2ac,0xb4dee21c,0x071ee10b,0x47f2320e,0x26b987dd,
    18815. 

  18815.         0x86f19f81,0x2d3abcf9 } },
    18816. 

  18816.     /* 31 */
    18817. 

  18817.     { { 0x815581a2,0x4c288501,0x632211af,0x9a0a6d56,0x0cab2e99,0x19ba7a0f,
    18818. 

  18818.         0xded98cdf,0xc036fa10 },
    18819. 

  18819.       { 0xc1fbd009,0x29ae08ba,0x06d15816,0x0b68b190,0x9b9e0d8f,0xc2eb3277,
    18820. 

  18820.         0xb6d40194,0xa6b2a2c4 } },
    18821. 

  18821.     /* 32 */
    18822. 

  18822.     { { 0x6d3549cf,0xd433e50f,0xfacd665e,0x6f33696f,0xce11fcb4,0x695bfdac,
    18823. 

  18823.         0xaf7c9860,0x810ee252 },
    18824. 

  18824.       { 0x7159bb2c,0x65450fe1,0x758b357b,0xf7dfbebe,0xd69fea72,0x2b057e74,
    18825. 

  18825.         0x92731745,0xd485717a } },
    18826. 

  18826.     /* 33 */
    18827. 

  18827.     { { 0xf0cb5a98,0x11741a8a,0x1f3110bf,0xd3da8f93,0xab382adf,0x1994e2cb,
    18828. 

  18828.         0x2f9a604e,0x6a6045a7 },
    18829. 

  18829.       { 0xa2b2411d,0x170c0d3f,0x510e96e0,0xbe0eb83e,0x8865b3cc,0x3bcc9f73,
    18830. 

  18830.         0xf9e15790,0xd3e45cfa } },
    18831. 

  18831.     /* 34 */
    18832. 

  18832.     { { 0xe83f7669,0xce1f69bb,0x72877d6b,0x09f8ae82,0x3244278d,0x9548ae54,
    18833. 

  18833.         0xe3c2c19c,0x207755de },
    18834. 

  18834.       { 0x6fef1945,0x87bd61d9,0xb12d28c3,0x18813cef,0x72df64aa,0x9fbcd1d6,
    18835. 

  18835.         0x7154b00d,0x48dc5ee5 } },
    18836. 

  18836.     /* 35 */
    18837. 

  18837.     { { 0xf7e5a199,0x123790bf,0x989ccbb7,0xe0efb8cf,0x0a519c79,0xc27a2bfe,
    18838. 

  18838.         0xdff6f445,0xf2fb0aed },
    18839. 

  18839.       { 0xf0b5025f,0x41c09575,0x40fa9f22,0x550543d7,0x380bfbd0,0x8fa3c8ad,
    18840. 

  18840.         0xdb28d525,0xa13e9015 } },
    18841. 

  18841.     /* 36 */
    18842. 

  18842.     { { 0xa2b65cbc,0xf9f7a350,0x2a464226,0x0b04b972,0xe23f07a1,0x265ce241,
    18843. 

  18843.         0x1497526f,0x2bf0d6b0 },
    18844. 

  18844.       { 0x4b216fb7,0xd3d4dd3f,0xfbdda26a,0xf7d7b867,0x6708505c,0xaeb7b83f,
    18845. 

  18845.         0x162fe89f,0x42a94a5a } },
    18846. 

  18846.     /* 37 */
    18847. 

  18847.     { { 0xeaadf191,0x5846ad0b,0x25a268d7,0x0f8a4890,0x494dc1f6,0xe8603050,
    18848. 

  18848.         0xc65ede3d,0x2c2dd969 },
    18849. 

  18849.       { 0x93849c17,0x6d02171d,0x1da250dd,0x460488ba,0x3c3a5485,0x4810c706,
    18850. 

  18850.         0x42c56dbc,0xf437fa1f } },
    18851. 

  18851.     /* 38 */
    18852. 

  18852.     { { 0x4a0f7dab,0x6aa0d714,0x1776e9ac,0x0f049793,0xf5f39786,0x52c0a050,
    18853. 

  18853.         0x54707aa8,0xaaf45b33 },
    18854. 

  18854.       { 0xc18d364a,0x85e37c33,0x3e497165,0xd40b9b06,0x15ec5444,0xf4171681,
    18855. 

  18855.         0xf4f272bc,0xcdf6310d } },
    18856. 

  18856.     /* 39 */
    18857. 

  18857.     { { 0x8ea8b7ef,0x7473c623,0x85bc2287,0x08e93518,0x2bda8e34,0x41956772,
    18858. 

  18858.         0xda9e2ff2,0xf0d008ba },
    18859. 

  18859.       { 0x2414d3b1,0x2912671d,0xb019ea76,0xb3754985,0x453bcbdb,0x5c61b96d,
    18860. 

  18860.         0xca887b8b,0x5bd5c2f5 } },
    18861. 

  18861.     /* 40 */
    18862. 

  18862.     { { 0xf49a3154,0xef0f469e,0x6e2b2e9a,0x3e85a595,0xaa924a9c,0x45aaec1e,
    18863. 

  18863.         0xa09e4719,0xaa12dfc8 },
    18864. 

  18864.       { 0x4df69f1d,0x26f27227,0xa2ff5e73,0xe0e4c82c,0xb7a9dd44,0xb9d8ce73,
    18865. 

  18865.         0xe48ca901,0x6c036e73 } },
    18866. 

  18866.     /* 41 */
    18867. 

  18867.     { { 0x0f6e3138,0x5cfae12a,0x25ad345a,0x6966ef00,0x45672bc5,0x8993c64b,
    18868. 

  18868.         0x96afbe24,0x292ff658 },
    18869. 

  18869.       { 0x5e213402,0xd5250d44,0x4392c9fe,0xf6580e27,0xda1c72e8,0x097b397f,
    18870. 

  18870.         0x311b7276,0x644e0c90 } },
    18871. 

  18871.     /* 42 */
    18872. 

  18872.     { { 0xa47153f0,0xe1e421e1,0x920418c9,0xb86c3b79,0x705d7672,0x93bdce87,
    18873. 

  18873.         0xcab79a77,0xf25ae793 },
    18874. 

  18874.       { 0x6d869d0c,0x1f3194a3,0x4986c264,0x9d55c882,0x096e945e,0x49fb5ea3,
    18875. 

  18875.         0x13db0a3e,0x39b8e653 } },
    18876. 

  18876.     /* 43 */
    18877. 

  18877.     { { 0xb6fd2e59,0x37754200,0x9255c98f,0x35e2c066,0x0e2a5739,0xd9dab21a,
    18878. 

  18878.         0x0f19db06,0x39122f2f },
    18879. 

  18879.       { 0x03cad53c,0xcfbce1e0,0xe65c17e3,0x225b2c0f,0x9aa13877,0x72baf1d2,
    18880. 

  18880.         0xce80ff8d,0x8de80af8 } },
    18881. 

  18881.     /* 44 */
    18882. 

  18882.     { { 0x207bbb76,0xafbea8d9,0x21782758,0x921c7e7c,0x1c0436b1,0xdfa2b74b,
    18883. 

  18883.         0x2e368c04,0x87194906 },
    18884. 

  18884.       { 0xa3993df5,0xb5f928bb,0xf3b3d26a,0x639d75b5,0x85b55050,0x011aa78a,
    18885. 

  18885.         0x5b74fde1,0xfc315e6a } },
    18886. 

  18886.     /* 45 */
    18887. 

  18887.     { { 0xe8d6ecfa,0x561fd41a,0x1aec7f86,0x5f8c44f6,0x4924741d,0x98452a7b,
    18888. 

  18888.         0xee389088,0xe6d4a7ad },
    18889. 

  18889.       { 0x4593c75d,0x60552ed1,0xdd271162,0x70a70da4,0x7ba2c7db,0xd2aede93,
    18890. 

  18890.         0x9be2ae57,0x35dfaf9a } },
    18891. 

  18891.     /* 46 */
    18892. 

  18892.     { { 0xaa736636,0x6b956fcd,0xae2cab7e,0x09f51d97,0x0f349966,0xfb10bf41,
    18893. 

  18893.         0x1c830d2b,0x1da5c7d7 },
    18894. 

  18894.       { 0x3cce6825,0x5c41e483,0xf9573c3b,0x15ad118f,0xf23036b8,0xa28552c7,
    18895. 

  18895.         0xdbf4b9d6,0x7077c0fd } },
    18896. 

  18896.     /* 47 */
    18897. 

  18897.     { { 0x46b9661c,0xbf63ff8d,0x0d2cfd71,0xa1dfd36b,0xa847f8f7,0x0373e140,
    18898. 

  18898.         0xe50efe44,0x53a8632e },
    18899. 

  18899.       { 0x696d8051,0x0976ff68,0xc74f468a,0xdaec0c95,0x5e4e26bd,0x62994dc3,
    18900. 

  18900.         0x34e1fcc1,0x028ca76d } },
    18901. 

  18901.     /* 48 */
    18902. 

  18902.     { { 0xfc9877ee,0xd11d47dc,0x801d0002,0xc8b36210,0x54c260b6,0xd002c117,
    18903. 

  18903.         0x6962f046,0x04c17cd8 },
    18904. 

  18904.       { 0xb0daddf5,0x6d9bd094,0x24ce55c0,0xbea23575,0x72da03b5,0x663356e6,
    18905. 

  18905.         0xfed97474,0xf7ba4de9 } },
    18906. 

  18906.     /* 49 */
    18907. 

  18907.     { { 0xebe1263f,0xd0dbfa34,0x71ae7ce6,0x55763735,0x82a6f523,0xd2440553,
    18908. 

  18908.         0x52131c41,0xe31f9600 },
    18909. 

  18909.       { 0xea6b6ec6,0xd1bb9216,0x73c2fc44,0x37a1d12e,0x89d0a294,0xc10e7eac,
    18910. 

  18910.         0xce34d47b,0xaa3a6259 } },
    18911. 

  18911.     /* 50 */
    18912. 

  18912.     { { 0x36f3dcd3,0xfbcf9df5,0xd2bf7360,0x6ceded50,0xdf504f5b,0x491710fa,
    18913. 

  18913.         0x7e79daee,0x2398dd62 },
    18914. 

  18914.       { 0x6d09569e,0xcf4705a3,0x5149f769,0xea0619bb,0x35f6034c,0xff9c0377,
    18915. 

  18915.         0x1c046210,0x5717f5b2 } },
    18916. 

  18916.     /* 51 */
    18917. 

  18917.     { { 0x21dd895e,0x9fe229c9,0x40c28451,0x8e518500,0x1d637ecd,0xfa13d239,
    18918. 

  18918.         0x0e3c28de,0x660a2c56 },
    18919. 

  18919.       { 0xd67fcbd0,0x9cca88ae,0x0ea9f096,0xc8472478,0x72e92b4d,0x32b2f481,
    18920. 

  18920.         0x4f522453,0x624ee54c } },
    18921. 

  18921.     /* 52 */
    18922. 

  18922.     { { 0xd897eccc,0x09549ce4,0x3f9880aa,0x4d49d1d9,0x043a7c20,0x723c2423,
    18923. 

  18923.         0x92bdfbc0,0x4f392afb },
    18924. 

  18924.       { 0x7de44fd9,0x6969f8fa,0x57b32156,0xb66cfbe4,0x368ebc3c,0xdb2fa803,
    18925. 

  18925.         0xccdb399c,0x8a3e7977 } },
    18926. 

  18926.     /* 53 */
    18927. 

  18927.     { { 0x06c4b125,0xdde1881f,0xf6e3ca8c,0xae34e300,0x5c7a13e9,0xef6999de,
    18928. 

  18928.         0x70c24404,0x3888d023 },
    18929. 

  18929.       { 0x44f91081,0x76280356,0x5f015504,0x3d9fcf61,0x632cd36e,0x1827edc8,
    18930. 

  18930.         0x18102336,0xa5e62e47 } },
    18931. 

  18931.     /* 54 */
    18932. 

  18932.     { { 0x2facd6c8,0x1a825ee3,0x54bcbc66,0x699c6354,0x98df9931,0x0ce3edf7,
    18933. 

  18933.         0x466a5adc,0x2c4768e6 },
    18934. 

  18934.       { 0x90a64bc9,0xb346ff8c,0xe4779f5c,0x630a6020,0xbc05e884,0xd949d064,
    18935. 

  18935.         0xf9e652a0,0x7b5e6441 } },
    18936. 

  18936.     /* 55 */
    18937. 

  18937.     { { 0x1d28444a,0x2169422c,0xbe136a39,0xe996c5d8,0xfb0c7fce,0x2387afe5,
    18938. 

  18938.         0x0c8d744a,0xb8af73cb },
    18939. 

  18939.       { 0x338b86fd,0x5fde83aa,0xa58a5cff,0xfee3f158,0x20ac9433,0xc9ee8f6f,
    18940. 

  18940.         0x7f3f0895,0xa036395f } },
    18941. 

  18941.     /* 56 */
    18942. 

  18942.     { { 0xa10f7770,0x8c73c6bb,0xa12a0e24,0xa6f16d81,0x51bc2b9f,0x100df682,
    18943. 

  18943.         0x875fb533,0x4be36b01 },
    18944. 

  18944.       { 0x9fb56dbb,0x9226086e,0x07e7a4f8,0x306fef8b,0x66d52f20,0xeeaccc05,
    18945. 

  18945.         0x1bdc00c0,0x8cbc9a87 } },
    18946. 

  18946.     /* 57 */
    18947. 

  18947.     { { 0xc0dac4ab,0xe131895c,0x712ff112,0xa874a440,0x6a1cee57,0x6332ae7c,
    18948. 

  18948.         0x0c0835f8,0x44e7553e },
    18949. 

  18949.       { 0x7734002d,0x6d503fff,0x0b34425c,0x9d35cb8b,0x0e8738b5,0x95f70276,
    18950. 

  18950.         0x5eb8fc18,0x470a683a } },
    18951. 

  18951.     /* 58 */
    18952. 

  18952.     { { 0x90513482,0x81b761dc,0x01e9276a,0x0287202a,0x0ce73083,0xcda441ee,
    18953. 

  18953.         0xc63dc6ef,0x16410690 },
    18954. 

  18954.       { 0x6d06a2ed,0xf5034a06,0x189b100b,0xdd4d7745,0xab8218c9,0xd914ae72,
    18955. 

  18955.         0x7abcbb4f,0xd73479fd } },
    18956. 

  18956.     /* 59 */
    18957. 

  18957.     { { 0x5ad4c6e5,0x7edefb16,0x5b06d04d,0x262cf08f,0x8575cb14,0x12ed5bb1,
    18958. 

  18958.         0x0771666b,0x816469e3 },
    18959. 

  18959.       { 0x561e291e,0xd7ab9d79,0xc1de1661,0xeb9daf22,0x135e0513,0xf49827eb,
    18960. 

  18960.         0xf0dd3f9c,0x0a36dd23 } },
    18961. 

  18961.     /* 60 */
    18962. 

  18962.     { { 0x41d5533c,0x098d32c7,0x8684628f,0x7c5f5a9e,0xe349bd11,0x39a228ad,
    18963. 

  18963.         0xfdbab118,0xe331dfd6 },
    18964. 

  18964.       { 0x6bcc6ed8,0x5100ab68,0xef7a260e,0x7160c3bd,0xbce850d7,0x9063d9a7,
    18965. 

  18965.         0x492e3389,0xd3b4782a } },
    18966. 

  18966.     /* 61 */
    18967. 

  18967.     { { 0xf3821f90,0xa149b6e8,0x66eb7aad,0x92edd9ed,0x1a013116,0x0bb66953,
    18968. 

  18968.         0x4c86a5bd,0x7281275a },
    18969. 

  18969.       { 0xd3ff47e5,0x503858f7,0x61016441,0x5e1616bc,0x7dfd9bb1,0x62b0f11a,
    18970. 

  18970.         0xce145059,0x2c062e7e } },
    18971. 

  18971.     /* 62 */
    18972. 

  18972.     { { 0x0159ac2e,0xa76f996f,0xcbdb2713,0x281e7736,0x08e46047,0x2ad6d288,
    18973. 

  18973.         0x2c4e7ef1,0x282a35f9 },
    18974. 

  18974.       { 0xc0ce5cd2,0x9c354b1e,0x1379c229,0xcf99efc9,0x3e82c11e,0x992caf38,
    18975. 

  18975.         0x554d2abd,0xc71cd513 } },
    18976. 

  18976.     /* 63 */
    18977. 

  18977.     { { 0x09b578f4,0x4885de9c,0xe3affa7a,0x1884e258,0x59182f1f,0x8f76b1b7,
    18978. 

  18978.         0xcf47f3a3,0xc50f6740 },
    18979. 

  18979.       { 0x374b68ea,0xa9c4adf3,0x69965fe2,0xa406f323,0x85a53050,0x2f86a222,
    18980. 

  18980.         0x212958dc,0xb9ecb3a7 } },
    18981. 

  18981.     /* 64 */
    18982. 

  18982.     { { 0xf4f8b16a,0x56f8410e,0xc47b266a,0x97241afe,0x6d9c87c1,0x0a406b8e,
    18983. 

  18983.         0xcd42ab1b,0x803f3e02 },
    18984. 

  18984.       { 0x04dbec69,0x7f0309a8,0x3bbad05f,0xa83b85f7,0xad8e197f,0xc6097273,
    18985. 

  18985.         0x5067adc1,0xc097440e } },
    18986. 

  18986.     /* 65 */
    18987. 

  18987.     { { 0xc379ab34,0x846a56f2,0x841df8d1,0xa8ee068b,0x176c68ef,0x20314459,
    18988. 

  18988.         0x915f1f30,0xf1af32d5 },
    18989. 

  18989.       { 0x5d75bd50,0x99c37531,0xf72f67bc,0x837cffba,0x48d7723f,0x0613a418,
    18990. 

  18990.         0xe2d41c8b,0x23d0f130 } },
    18991. 

  18991.     /* 66 */
    18992. 

  18992.     { { 0xf41500d9,0x857ab6ed,0xfcbeada8,0x0d890ae5,0x89725951,0x52fe8648,
    18993. 

  18993.         0xc0a3fadd,0xb0288dd6 },
    18994. 

  18994.       { 0x650bcb08,0x85320f30,0x695d6e16,0x71af6313,0xb989aa76,0x31f520a7,
    18995. 

  18995.         0xf408c8d2,0xffd3724f } },
    18996. 

  18996.     /* 67 */
    18997. 

  18997.     { { 0xb458e6cb,0x53968e64,0x317a5d28,0x992dad20,0x7aa75f56,0x3814ae0b,
    18998. 

  18998.         0xd78c26df,0xf5590f4a },
    18999. 

  18999.       { 0xcf0ba55a,0x0fc24bd3,0x0c778bae,0x0fc4724a,0x683b674a,0x1ce9864f,
    19000. 

  19000.         0xf6f74a20,0x18d6da54 } },
    19001. 

  19001.     /* 68 */
    19002. 

  19002.     { { 0xd5be5a2b,0xed93e225,0x5934f3c6,0x6fe79983,0x22626ffc,0x43140926,
    19003. 

  19003.         0x7990216a,0x50bbb4d9 },
    19004. 

  19004.       { 0xe57ec63e,0x378191c6,0x181dcdb2,0x65422c40,0x0236e0f6,0x41a8099b,
    19005. 

  19005.         0x01fe49c3,0x2b100118 } },
    19006. 

  19006.     /* 69 */
    19007. 

  19007.     { { 0x9b391593,0xfc68b5c5,0x598270fc,0xc385f5a2,0xd19adcbb,0x7144f3aa,
    19008. 

  19008.         0x83fbae0c,0xdd558999 },
    19009. 

  19009.       { 0x74b82ff4,0x93b88b8e,0x71e734c9,0xd2e03c40,0x43c0322a,0x9a7a9eaf,
    19010. 

  19010.         0x149d6041,0xe6e4c551 } },
    19011. 

  19011.     /* 70 */
    19012. 

  19012.     { { 0x1e9af288,0x55f655bb,0xf7ada931,0x647e1a64,0xcb2820e5,0x43697e4b,
    19013. 

  19013.         0x07ed56ff,0x51e00db1 },
    19014. 

  19014.       { 0x771c327e,0x43d169b8,0x4a96c2ad,0x29cdb20b,0x3deb4779,0xc07d51f5,
    19015. 

  19015.         0x49829177,0xe22f4241 } },
    19016. 

  19016.     /* 71 */
    19017. 

  19017.     { { 0x635f1abb,0xcd45e8f4,0x68538874,0x7edc0cb5,0xb5a8034d,0xc9472c1f,
    19018. 

  19018.         0x52dc48c9,0xf709373d },
    19019. 

  19019.       { 0xa8af30d6,0x401966bb,0xf137b69c,0x95bf5f4a,0x9361c47e,0x3966162a,
    19020. 

  19020.         0xe7275b11,0xbd52d288 } },
    19021. 

  19021.     /* 72 */
    19022. 

  19022.     { { 0x9c5fa877,0xab155c7a,0x7d3a3d48,0x17dad672,0x73d189d8,0x43f43f9e,
    19023. 

  19023.         0xc8aa77a6,0xa0d0f8e4 },
    19024. 

  19024.       { 0xcc94f92d,0x0bbeafd8,0x0c4ddb3a,0xd818c8be,0xb82eba14,0x22cc65f8,
    19025. 

  19025.         0x946d6a00,0xa56c78c7 } },
    19026. 

  19026.     /* 73 */
    19027. 

  19027.     { { 0x0dd09529,0x2962391b,0x3daddfcf,0x803e0ea6,0x5b5bf481,0x2c77351f,
    19028. 

  19028.         0x731a367a,0xd8befdf8 },
    19029. 

  19029.       { 0xfc0157f4,0xab919d42,0xfec8e650,0xf51caed7,0x02d48b0a,0xcdf9cb40,
    19030. 

  19030.         0xce9f6478,0x854a68a5 } },
    19031. 

  19031.     /* 74 */
    19032. 

  19032.     { { 0x63506ea5,0xdc35f67b,0xa4fe0d66,0x9286c489,0xfe95cd4d,0x3f101d3b,
    19033. 

  19033.         0x98846a95,0x5cacea0b },
    19034. 

  19034.       { 0x9ceac44d,0xa90df60c,0x354d1c3a,0x3db29af4,0xad5dbabe,0x08dd3de8,
    19035. 

  19035.         0x35e4efa9,0xe4982d12 } },
    19036. 

  19036.     /* 75 */
    19037. 

  19037.     { { 0xc34cd55e,0x23104a22,0x2680d132,0x58695bb3,0x1fa1d943,0xfb345afa,
    19038. 

  19038.         0x16b20499,0x8046b7f6 },
    19039. 

  19039.       { 0x38e7d098,0xb533581e,0xf46f0b70,0xd7f61e8d,0x44cb78c4,0x30dea9ea,
    19040. 

  19040.         0x9082af55,0xeb17ca7b } },
    19041. 

  19041.     /* 76 */
    19042. 

  19042.     { { 0x76a145b9,0x1751b598,0xc1bc71ec,0xa5cf6b0f,0x392715bb,0xd3e03565,
    19043. 

  19043.         0xfab5e131,0x097b00ba },
    19044. 

  19044.       { 0x565f69e1,0xaa66c8e9,0xb5be5199,0x77e8f75a,0xda4fd984,0x6033ba11,
    19045. 

  19045.         0xafdbcc9e,0xf95c747b } },
    19046. 

  19046.     /* 77 */
    19047. 

  19047.     { { 0xbebae45e,0x558f01d3,0xc4bc6955,0xa8ebe9f0,0xdbc64fc6,0xaeb705b1,
    19048. 

  19048.         0x566ed837,0x3512601e },
    19049. 

  19049.       { 0xfa1161cd,0x9336f1e1,0x4c65ef87,0x328ab8d5,0x724f21e5,0x4757eee2,
    19050. 

  19050.         0x6068ab6b,0x0ef97123 } },
    19051. 

  19051.     /* 78 */
    19052. 

  19052.     { { 0x54ca4226,0x02598cf7,0xf8642c8e,0x5eede138,0x468e1790,0x48963f74,
    19053. 

  19053.         0x3b4fbc95,0xfc16d933 },
    19054. 

  19054.       { 0xe7c800ca,0xbe96fb31,0x2678adaa,0x13806331,0x6ff3e8b5,0x3d624497,
    19055. 

  19055.         0xb95d7a17,0x14ca4af1 } },
    19056. 

  19056.     /* 79 */
    19057. 

  19057.     { { 0xbd2f81d5,0x7a4771ba,0x01f7d196,0x1a5f9d69,0xcad9c907,0xd898bef7,
    19058. 

  19058.         0xf59c231d,0x4057b063 },
    19059. 

  19059.       { 0x89c05c0a,0xbffd82fe,0x1dc0df85,0xe4911c6f,0xa35a16db,0x3befccae,
    19060. 

  19060.         0xf1330b13,0x1c3b5d64 } },
    19061. 

  19061.     /* 80 */
    19062. 

  19062.     { { 0x80ec21fe,0x5fe14bfe,0xc255be82,0xf6ce116a,0x2f4a5d67,0x98bc5a07,
    19063. 

  19063.         0xdb7e63af,0xfad27148 },
    19064. 

  19064.       { 0x29ab05b3,0x90c0b6ac,0x4e251ae6,0x37a9a83c,0xc2aade7d,0x0a7dc875,
    19065. 

  19065.         0x9f0e1a84,0x77387de3 } },
    19066. 

  19066.     /* 81 */
    19067. 

  19067.     { { 0xa56c0dd7,0x1e9ecc49,0x46086c74,0xa5cffcd8,0xf505aece,0x8f7a1408,
    19068. 

  19068.         0xbef0c47e,0xb37b85c0 },
    19069. 

  19069.       { 0xcc0e6a8f,0x3596b6e4,0x6b388f23,0xfd6d4bbf,0xc39cef4e,0xaba453fa,
    19070. 

  19070.         0xf9f628d5,0x9c135ac8 } },
    19071. 

  19071.     /* 82 */
    19072. 

  19072.     { { 0x84e35743,0x32aa3202,0x85a3cdef,0x320d6ab1,0x1df19819,0xb821b176,
    19073. 

  19073.         0xc433851f,0x5721361f },
    19074. 

  19074.       { 0x71fc9168,0x1f0db36a,0x5e5c403c,0x5f98ba73,0x37bcd8f5,0xf64ca87e,
    19075. 

  19075.         0xe6bb11bd,0xdcbac3c9 } },
    19076. 

  19076.     /* 83 */
    19077. 

  19077.     { { 0x4518cbe2,0xf01d9968,0x9c9eb04e,0xd242fc18,0xe47feebf,0x727663c7,
    19078. 

  19078.         0x2d626862,0xb8c1c89e },
    19079. 

  19079.       { 0xc8e1d569,0x51a58bdd,0xb7d88cd0,0x563809c8,0xf11f31eb,0x26c27fd9,
    19080. 

  19080.         0x2f9422d4,0x5d23bbda } },
    19081. 

  19081.     /* 84 */
    19082. 

  19082.     { { 0x95c8f8be,0x0a1c7294,0x3bf362bf,0x2961c480,0xdf63d4ac,0x9e418403,
    19083. 

  19083.         0x91ece900,0xc109f9cb },
    19084. 

  19084.       { 0x58945705,0xc2d095d0,0xddeb85c0,0xb9083d96,0x7a40449b,0x84692b8d,
    19085. 

  19085.         0x2eee1ee1,0x9bc3344f } },
    19086. 

  19086.     /* 85 */
    19087. 

  19087.     { { 0x42913074,0x0d5ae356,0x48a542b1,0x55491b27,0xb310732a,0x469ca665,
    19088. 

  19088.         0x5f1a4cc1,0x29591d52 },
    19089. 

  19089.       { 0xb84f983f,0xe76f5b6b,0x9f5f84e1,0xbe7eef41,0x80baa189,0x1200d496,
    19090. 

  19090.         0x18ef332c,0x6376551f } },
    19091. 

  19091.     /* 86 */
    19092. 

  19092.     { { 0x562976cc,0xbda5f14e,0x0ef12c38,0x22bca3e6,0x6cca9852,0xbbfa3064,
    19093. 

  19093.         0x08e2987a,0xbdb79dc8 },
    19094. 

  19094.       { 0xcb06a772,0xfd2cb5c9,0xfe536dce,0x38f475aa,0x7c2b5db8,0xc2a3e022,
    19095. 

  19095.         0xadd3c14a,0x8ee86001 } },
    19096. 

  19096.     /* 87 */
    19097. 

  19097.     { { 0xa4ade873,0xcbe96981,0xc4fba48c,0x7ee9aa4d,0x5a054ba5,0x2cee2899,
    19098. 

  19098.         0x6f77aa4b,0x92e51d7a },
    19099. 

  19099.       { 0x7190a34d,0x948bafa8,0xf6bd1ed1,0xd698f75b,0x0caf1144,0xd00ee6e3,
    19100. 

  19100.         0x0a56aaaa,0x5182f86f } },
    19101. 

  19101.     /* 88 */
    19102. 

  19102.     { { 0x7a4cc99c,0xfba6212c,0x3e6d9ca1,0xff609b68,0x5ac98c5a,0x5dbb27cb,
    19103. 

  19103.         0x4073a6f2,0x91dcab5d },
    19104. 

  19104.       { 0x5f575a70,0x01b6cc3d,0x6f8d87fa,0x0cb36139,0x89981736,0x165d4e8c,
    19105. 

  19105.         0x97974f2b,0x17a0cedb } },
    19106. 

  19106.     /* 89 */
    19107. 

  19107.     { { 0x076c8d3a,0x38861e2a,0x210f924b,0x701aad39,0x13a835d9,0x94d0eae4,
    19108. 

  19108.         0x7f4cdf41,0x2e8ce36c },
    19109. 

  19109.       { 0x037a862b,0x91273dab,0x60e4c8fa,0x01ba9bb7,0x33baf2dd,0xf9645388,
    19110. 

  19110.         0x34f668f3,0xf4ccc6cb } },
    19111. 

  19111.     /* 90 */
    19112. 

  19112.     { { 0xf1f79687,0x44ef525c,0x92efa815,0x7c595495,0xa5c78d29,0xe1231741,
    19113. 

  19113.         0x9a0df3c9,0xac0db488 },
    19114. 

  19114.       { 0xdf01747f,0x86bfc711,0xef17df13,0x592b9358,0x5ccb6bb5,0xe5880e4f,
    19115. 

  19115.         0x94c974a2,0x95a64a61 } },
    19116. 

  19116.     /* 91 */
    19117. 

  19117.     { { 0xc15a4c93,0x72c1efda,0x82585141,0x40269b73,0x16cb0bad,0x6a8dfb1c,
    19118. 

  19118.         0x29210677,0x231e54ba },
    19119. 

  19119.       { 0x8ae6d2dc,0xa70df917,0x39112918,0x4d6aa63f,0x5e5b7223,0xf627726b,
    19120. 

  19120.         0xd8a731e1,0xab0be032 } },
    19121. 

  19121.     /* 92 */
    19122. 

  19122.     { { 0x8d131f2d,0x097ad0e9,0x3b04f101,0x637f09e3,0xd5e9a748,0x1ac86196,
    19123. 

  19123.         0x2cf6a679,0xf1bcc880 },
    19124. 

  19124.       { 0xe8daacb4,0x25c69140,0x60f65009,0x3c4e4055,0x477937a6,0x591cc8fc,
    19125. 

  19125.         0x5aebb271,0x85169469 } },
    19126. 

  19126.     /* 93 */
    19127. 

  19127.     { { 0xf1dcf593,0xde35c143,0xb018be3b,0x78202b29,0x9bdd9d3d,0xe9cdadc2,
    19128. 

  19128.         0xdaad55d8,0x8f67d9d2 },
    19129. 

  19129.       { 0x7481ea5f,0x84111656,0xe34c590c,0xe7d2dde9,0x05053fa8,0xffdd43f4,
    19130. 

  19130.         0xc0728b5d,0xf84572b9 } },
    19131. 

  19131.     /* 94 */
    19132. 

  19132.     { { 0x97af71c9,0x5e1a7a71,0x7a736565,0xa1449444,0x0e1d5063,0xa1b4ae07,
    19133. 

  19133.         0x616b2c19,0xedee2710 },
    19134. 

  19134.       { 0x11734121,0xb2f034f5,0x4a25e9f0,0x1cac6e55,0xa40c2ecf,0x8dc148f3,
    19135. 

  19135.         0x44ebd7f4,0x9fd27e9b } },
    19136. 

  19136.     /* 95 */
    19137. 

  19137.     { { 0xf6e2cb16,0x3cc7658a,0xfe5919b6,0xe3eb7d2c,0x168d5583,0x5a8c5816,
    19138. 

  19138.         0x958ff387,0xa40c2fb6 },
    19139. 

  19139.       { 0xfedcc158,0x8c9ec560,0x55f23056,0x7ad804c6,0x9a307e12,0xd9396704,
    19140. 

  19140.         0x7dc6decf,0x99bc9bb8 } },
    19141. 

  19141.     /* 96 */
    19142. 

  19142.     { { 0x927dafc6,0x84a9521d,0x5c09cd19,0x52c1fb69,0xf9366dde,0x9d9581a0,
    19143. 

  19143.         0xa16d7e64,0x9abe210b },
    19144. 

  19144.       { 0x48915220,0x480af84a,0x4dd816c6,0xfa73176a,0x1681ca5a,0xc7d53987,
    19145. 

  19145.         0x87f344b0,0x7881c257 } },
    19146. 

  19146.     /* 97 */
    19147. 

  19147.     { { 0xe0bcf3ff,0x93399b51,0x127f74f6,0x0d02cbc5,0xdd01d968,0x8fb465a2,
    19148. 

  19148.         0xa30e8940,0x15e6e319 },
    19149. 

  19149.       { 0x3e0e05f4,0x646d6e0d,0x43588404,0xfad7bddc,0xc4f850d3,0xbe61c7d1,
    19150. 

  19150.         0x191172ce,0x0e55facf } },
    19151. 

  19151.     /* 98 */
    19152. 

  19152.     { { 0xf8787564,0x7e9d9806,0x31e85ce6,0x1a331721,0xb819e8d6,0x6b0158ca,
    19153. 

  19153.         0x6fe96577,0xd73d0976 },
    19154. 

  19154.       { 0x1eb7206e,0x42483425,0xc618bb42,0xa519290f,0x5e30a520,0x5dcbb859,
    19155. 

  19155.         0x8f15a50b,0x9250a374 } },
    19156. 

  19156.     /* 99 */
    19157. 

  19157.     { { 0xbe577410,0xcaff08f8,0x5077a8c6,0xfd408a03,0xec0a63a4,0xf1f63289,
    19158. 

  19158.         0xc1cc8c0b,0x77414082 },
    19159. 

  19159.       { 0xeb0991cd,0x05a40fa6,0x49fdc296,0xc1ca0866,0xb324fd40,0x3a68a3c7,
    19160. 

  19160.         0x12eb20b9,0x8cb04f4d } },
    19161. 

  19161.     /* 100 */
    19162. 

  19162.     { { 0x6906171c,0xb1c2d055,0xb0240c3f,0x9073e9cd,0xd8906841,0xdb8e6b4f,
    19163. 

  19163.         0x47123b51,0xe4e429ef },
    19164. 

  19164.       { 0x38ec36f4,0x0b8dd53c,0xff4b6a27,0xf9d2dc01,0x879a9a48,0x5d066e07,
    19165. 

  19165.         0x3c6e6552,0x37bca2ff } },
    19166. 

  19166.     /* 101 */
    19167. 

  19167.     { { 0xdf562470,0x4cd2e3c7,0xc0964ac9,0x44f272a2,0x80c793be,0x7c6d5df9,
    19168. 

  19168.         0x3002b22a,0x59913edc },
    19169. 

  19169.       { 0x5750592a,0x7a139a83,0xe783de02,0x99e01d80,0xea05d64f,0xcf8c0375,
    19170. 

  19170.         0xb013e226,0x43786e4a } },
    19171. 

  19171.     /* 102 */
    19172. 

  19172.     { { 0x9e56b5a6,0xff32b0ed,0xd9fc68f9,0x0750d9a6,0x597846a7,0xec15e845,
    19173. 

  19173.         0xb7e79e7a,0x8638ca98 },
    19174. 

  19174.       { 0x0afc24b2,0x2f5ae096,0x4dace8f2,0x05398eaf,0xaecba78f,0x3b765dd0,
    19175. 

  19175.         0x7b3aa6f0,0x1ecdd36a } },
    19176. 

  19176.     /* 103 */
    19177. 

  19177.     { { 0x6c5ff2f3,0x5d3acd62,0x2873a978,0xa2d516c0,0xd2110d54,0xad94c9fa,
    19178. 

  19178.         0xd459f32d,0xd85d0f85 },
    19179. 

  19179.       { 0x10b11da3,0x9f700b8d,0xa78318c4,0xd2c22c30,0x9208decd,0x556988f4,
    19180. 

  19180.         0xb4ed3c62,0xa04f19c3 } },
    19181. 

  19181.     /* 104 */
    19182. 

  19182.     { { 0xed7f93bd,0x087924c8,0x392f51f6,0xcb64ac5d,0x821b71af,0x7cae330a,
    19183. 

  19183.         0x5c0950b0,0x92b2eeea },
    19184. 

  19184.       { 0x85b6e235,0x85ac4c94,0x2936c0f0,0xab2ca4a9,0xe0508891,0x80faa6b3,
    19185. 

  19185.         0x5834276c,0x1ee78221 } },
    19186. 

  19186.     /* 105 */
    19187. 

  19187.     { { 0xe63e79f7,0xa60a2e00,0xf399d906,0xf590e7b2,0x6607c09d,0x9021054a,
    19188. 

  19188.         0x57a6e150,0xf3f2ced8 },
    19189. 

  19189.       { 0xf10d9b55,0x200510f3,0xd8642648,0x9d2fcfac,0xe8bd0e7c,0xe5631aa7,
    19190. 

  19190.         0x3da3e210,0x0f56a454 } },
    19191. 

  19191.     /* 106 */
    19192. 

  19192.     { { 0x1043e0df,0x5b21bffa,0x9c007e6d,0x6c74b6cc,0xd4a8517a,0x1a656ec0,
    19193. 

  19193.         0x1969e263,0xbd8f1741 },
    19194. 

  19194.       { 0xbeb7494a,0x8a9bbb86,0x45f3b838,0x1567d46f,0xa4e5a79a,0xdf7a12a7,
    19195. 

  19195.         0x30ccfa09,0x2d1a1c35 } },
    19196. 

  19196.     /* 107 */
    19197. 

  19197.     { { 0x506508da,0x192e3813,0xa1d795a7,0x336180c4,0x7a9944b3,0xcddb5949,
    19198. 

  19198.         0xb91fba46,0xa107a65e },
    19199. 

  19199.       { 0x0f94d639,0xe6d1d1c5,0x8a58b7d7,0x8b4af375,0xbd37ca1c,0x1a7c5584,
    19200. 

  19200.         0xf87a9af2,0x183d760a } },
    19201. 

  19201.     /* 108 */
    19202. 

  19202.     { { 0x0dde59a4,0x29d69711,0x0e8bef87,0xf1ad8d07,0x4f2ebe78,0x229b4963,
    19203. 

  19203.         0xc269d754,0x1d44179d },
    19204. 

  19204.       { 0x8390d30e,0xb32dc0cf,0x0de8110c,0x0a3b2753,0x2bc0339a,0x31af1dc5,
    19205. 

  19205.         0x9606d262,0x771f9cc2 } },
    19206. 

  19206.     /* 109 */
    19207. 

  19207.     { { 0x85040739,0x99993e77,0x8026a939,0x44539db9,0xf5f8fc26,0xcf40f6f2,
    19208. 

  19208.         0x0362718e,0x64427a31 },
    19209. 

  19209.       { 0x85428aa8,0x4f4f2d87,0xebfb49a8,0x7b7adc3f,0xf23d01ac,0x201b2c6d,
    19210. 

  19210.         0x6ae90d6d,0x49d9b749 } },
    19211. 

  19211.     /* 110 */
    19212. 

  19212.     { { 0x435d1099,0xcc78d8bc,0x8e8d1a08,0x2adbcd4e,0x2cb68a41,0x02c2e2a0,
    19213. 

  19213.         0x3f605445,0x9037d81b },
    19214. 

  19214.       { 0x074c7b61,0x7cdbac27,0x57bfd72e,0xfe2031ab,0x596d5352,0x61ccec96,
    19215. 

  19215.         0x7cc0639c,0x08c3de6a } },
    19216. 

  19216.     /* 111 */
    19217. 

  19217.     { { 0xf6d552ab,0x20fdd020,0x05cd81f1,0x56baff98,0x91351291,0x06fb7c3e,
    19218. 

  19218.         0x45796b2f,0xc6909442 },
    19219. 

  19219.       { 0x41231bd1,0x17b3ae9c,0x5cc58205,0x1eac6e87,0xf9d6a122,0x208837ab,
    19220. 

  19220.         0xcafe3ac0,0x3fa3db02 } },
    19221. 

  19221.     /* 112 */
    19222. 

  19222.     { { 0x05058880,0xd75a3e65,0x643943f2,0x7da365ef,0xfab24925,0x4147861c,
    19223. 

  19223.         0xfdb808ff,0xc5c4bdb0 },
    19224. 

  19224.       { 0xb272b56b,0x73513e34,0x11b9043a,0xc8327e95,0xf8844969,0xfd8ce37d,
    19225. 

  19225.         0x46c2b6b5,0x2d56db94 } },
    19226. 

  19226.     /* 113 */
    19227. 

  19227.     { { 0xff46ac6b,0x2461782f,0x07a2e425,0xd19f7926,0x09a48de1,0xfafea3c4,
    19228. 

  19228.         0xe503ba42,0x0f56bd9d },
    19229. 

  19229.       { 0x345cda49,0x137d4ed1,0x816f299d,0x821158fc,0xaeb43402,0xe7c6a54a,
    19230. 

  19230.         0x1173b5f1,0x4003bb9d } },
    19231. 

  19231.     /* 114 */
    19232. 

  19232.     { { 0xa0803387,0x3b8e8189,0x39cbd404,0xece115f5,0xd2877f21,0x4297208d,
    19233. 

  19233.         0xa07f2f9e,0x53765522 },
    19234. 

  19234.       { 0xa8a4182d,0xa4980a21,0x3219df79,0xa2bbd07a,0x1a19a2d4,0x674d0a2e,
    19235. 

  19235.         0x6c5d4549,0x7a056f58 } },
    19236. 

  19236.     /* 115 */
    19237. 

  19237.     { { 0x9d8a2a47,0x646b2558,0xc3df2773,0x5b582948,0xabf0d539,0x51ec000e,
    19238. 

  19238.         0x7a1a2675,0x77d482f1 },
    19239. 

  19239.       { 0x87853948,0xb8a1bd95,0x6cfbffee,0xa6f817bd,0x80681e47,0xab6ec057,
    19240. 

  19240.         0x2b38b0e4,0x4115012b } },
    19241. 

  19241.     /* 116 */
    19242. 

  19242.     { { 0x6de28ced,0x3c73f0f4,0x9b13ec47,0x1d5da760,0x6e5c6392,0x61b8ce9e,
    19243. 

  19243.         0xfbea0946,0xcdf04572 },
    19244. 

  19244.       { 0x6c53c3b0,0x1cb3c58b,0x447b843c,0x97fe3c10,0x2cb9780e,0xfb2b8ae1,
    19245. 

  19245.         0x97383109,0xee703dda } },
    19246. 

  19246.     /* 117 */
    19247. 

  19247.     { { 0xff57e43a,0x34515140,0xb1b811b8,0xd44660d3,0x8f42b986,0x2b3b5dff,
    19248. 

  19248.         0xa162ce21,0x2a0ad89d },
    19249. 

  19249.       { 0x6bc277ba,0x64e4a694,0xc141c276,0xc788c954,0xcabf6274,0x141aa64c,
    19250. 

  19250.         0xac2b4659,0xd62d0b67 } },
    19251. 

  19251.     /* 118 */
    19252. 

  19252.     { { 0x2c054ac4,0x39c5d87b,0xf27df788,0x57005859,0xb18128d6,0xedf7cbf3,
    19253. 

  19253.         0x991c2426,0xb39a23f2 },
    19254. 

  19254.       { 0xf0b16ae5,0x95284a15,0xa136f51b,0x0c6a05b1,0xf2700783,0x1d63c137,
    19255. 

  19255.         0xc0674cc5,0x04ed0092 } },
    19256. 

  19256.     /* 119 */
    19257. 

  19257.     { { 0x9ae90393,0x1f4185d1,0x4a3d64e6,0x3047b429,0x9854fc14,0xae0001a6,
    19258. 

  19258.         0x0177c387,0xa0a91fc1 },
    19259. 

  19259.       { 0xae2c831e,0xff0a3f01,0x2b727e16,0xbb76ae82,0x5a3075b4,0x8f12c8a1,
    19260. 

  19260.         0x9ed20c41,0x084cf988 } },
    19261. 

  19261.     /* 120 */
    19262. 

  19262.     { { 0xfca6becf,0xd98509de,0x7dffb328,0x2fceae80,0x4778e8b9,0x5d8a15c4,
    19263. 

  19263.         0x73abf77e,0xd57955b2 },
    19264. 

  19264.       { 0x31b5d4f1,0x210da79e,0x3cfa7a1c,0xaa52f04b,0xdc27c20b,0xd4d12089,
    19265. 

  19265.         0x02d141f1,0x8e14ea42 } },
    19266. 

  19266.     /* 121 */
    19267. 

  19267.     { { 0xf2897042,0xeed50345,0x43402c4a,0x8d05331f,0xc8bdfb21,0xc8d9c194,
    19268. 

  19268.         0x2aa4d158,0x597e1a37 },
    19269. 

  19269.       { 0xcf0bd68c,0x0327ec1a,0xab024945,0x6d4be0dc,0xc9fe3e84,0x5b9c8d7a,
    19270. 

  19270.         0x199b4dea,0xca3f0236 } },
    19271. 

  19271.     /* 122 */
    19272. 

  19272.     { { 0x6170bd20,0x592a10b5,0x6d3f5de7,0x0ea897f1,0x44b2ade2,0xa3363ff1,
    19273. 

  19273.         0x309c07e4,0xbde7fd7e },
    19274. 

  19274.       { 0xb8f5432c,0x516bb6d2,0xe043444b,0x210dc1cb,0xf8f95b5a,0x3db01e6f,
    19275. 

  19275.         0x0a7dd198,0xb623ad0e } },
    19276. 

  19276.     /* 123 */
    19277. 

  19277.     { { 0x60c7b65b,0xa75bd675,0x23a4a289,0xab8c5590,0xd7b26795,0xf8220fd0,
    19278. 

  19278.         0x58ec137b,0xd6aa2e46 },
    19279. 

  19279.       { 0x5138bb85,0x10abc00b,0xd833a95c,0x8c31d121,0x1702a32e,0xb24ff00b,
    19280. 

  19280.         0x2dcc513a,0x111662e0 } },
    19281. 

  19281.     /* 124 */
    19282. 

  19282.     { { 0xefb42b87,0x78114015,0x1b6c4dff,0xbd9f5d70,0xa7d7c129,0x66ecccd7,
    19283. 

  19283.         0x94b750f8,0xdb3ee1cb },
    19284. 

  19284.       { 0xf34837cf,0xb26f3db0,0xb9578d4f,0xe7eed18b,0x7c56657d,0x5d2cdf93,
    19285. 

  19285.         0x52206a59,0x886a6442 } },
    19286. 

  19286.     /* 125 */
    19287. 

  19287.     { { 0x65b569ea,0x3c234cfb,0xf72119c1,0x20011141,0xa15a619e,0x8badc85d,
    19288. 

  19288.         0x018a17bc,0xa70cf4eb },
    19289. 

  19289.       { 0x8c4a6a65,0x224f97ae,0x0134378f,0x36e5cf27,0x4f7e0960,0xbe3a609e,
    19290. 

  19290.         0xd1747b77,0xaa4772ab } },
    19291. 

  19291.     /* 126 */
    19292. 

  19292.     { { 0x7aa60cc0,0x67676131,0x0368115f,0xc7916361,0xbbc1bb5a,0xded98bb4,
    19293. 

  19293.         0x30faf974,0x611a6ddc },
    19294. 

  19294.       { 0xc15ee47a,0x30e78cbc,0x4e0d96a5,0x2e896282,0x3dd9ed88,0x36f35adf,
    19295. 

  19295.         0x16429c88,0x5cfffaf8 } },
    19296. 

  19296.     /* 127 */
    19297. 

  19297.     { { 0x9b7a99cd,0xc0d54cff,0x843c45a1,0x7bf3b99d,0x62c739e1,0x038a908f,
    19298. 

  19298.         0x7dc1994c,0x6e5a6b23 },
    19299. 

  19299.       { 0x0ba5db77,0xef8b454e,0xacf60d63,0xb7b8807f,0x76608378,0xe591c0c6,
    19300. 

  19300.         0x242dabcc,0x481a238d } },
    19301. 

  19301.     /* 128 */
    19302. 

  19302.     { { 0x35d0b34a,0xe3417bc0,0x8327c0a7,0x440b386b,0xac0362d1,0x8fb7262d,
    19303. 

  19303.         0xe0cdf943,0x2c41114c },
    19304. 

  19304.       { 0xad95a0b1,0x2ba5cef1,0x67d54362,0xc09b37a8,0x01e486c9,0x26d6cdd2,
    19305. 

  19305.         0x42ff9297,0x20477abf } },
    19306. 

  19306.     /* 129 */
    19307. 

  19307.     { { 0x18d65dbf,0x2f75173c,0x339edad8,0x77bf940e,0xdcf1001c,0x7022d26b,
    19308. 

  19308.         0xc77396b6,0xac66409a },
    19309. 

  19309.       { 0xc6261cc3,0x8b0bb36f,0x190e7e90,0x213f7bc9,0xa45e6c10,0x6541ceba,
    19310. 

  19310.         0xcc122f85,0xce8e6975 } },
    19311. 

  19311.     /* 130 */
    19312. 

  19312.     { { 0xbc0a67d2,0x0f121b41,0x444d248a,0x62d4760a,0x659b4737,0x0e044f1d,
    19313. 

  19313.         0x250bb4a8,0x08fde365 },
    19314. 

  19314.       { 0x848bf287,0xaceec3da,0xd3369d6e,0xc2a62182,0x92449482,0x3582dfdc,
    19315. 

  19315.         0x565d6cd7,0x2f7e2fd2 } },
    19316. 

  19316.     /* 131 */
    19317. 

  19317.     { { 0xc3770fa7,0xae4b92db,0x379043f9,0x095e8d5c,0x17761171,0x54f34e9d,
    19318. 

  19318.         0x907702ae,0xc65be92e },
    19319. 

  19319.       { 0xf6fd0a40,0x2758a303,0xbcce784b,0xe7d822e3,0x4f9767bf,0x7ae4f585,
    19320. 

  19320.         0xd1193b3a,0x4bff8e47 } },
    19321. 

  19321.     /* 132 */
    19322. 

  19322.     { { 0x00ff1480,0xcd41d21f,0x0754db16,0x2ab8fb7d,0xbbe0f3ea,0xac81d2ef,
    19323. 

  19323.         0x5772967d,0x3e4e4ae6 },
    19324. 

  19324.       { 0x3c5303e6,0x7e18f36d,0x92262397,0x3bd9994b,0x1324c3c0,0x9ed70e26,
    19325. 

  19325.         0x58ec6028,0x5388aefd } },
    19326. 

  19326.     /* 133 */
    19327. 

  19327.     { { 0x5e5d7713,0xad1317eb,0x75de49da,0x09b985ee,0xc74fb261,0x32f5bc4f,
    19328. 

  19328.         0x4f75be0e,0x5cf908d1 },
    19329. 

  19329.       { 0x8e657b12,0x76043510,0xb96ed9e6,0xbfd421a5,0x8970ccc2,0x0e29f51f,
    19330. 

  19330.         0x60f00ce2,0xa698ba40 } },
    19331. 

  19331.     /* 134 */
    19332. 

  19332.     { { 0xef748fec,0x73db1686,0x7e9d2cf9,0xe6e755a2,0xce265eff,0x630b6544,
    19333. 

  19333.         0x7aebad8d,0xb142ef8a },
    19334. 

  19334.       { 0x17d5770a,0xad31af9f,0x2cb3412f,0x66af3b67,0xdf3359de,0x6bd60d1b,
    19335. 

  19335.         0x58515075,0xd1896a96 } },
    19336. 

  19336.     /* 135 */
    19337. 

  19337.     { { 0x33c41c08,0xec5957ab,0x5468e2e1,0x87de94ac,0xac472f6c,0x18816b73,
    19338. 

  19338.         0x7981da39,0x267b0e0b },
    19339. 

  19339.       { 0x8e62b988,0x6e554e5d,0x116d21e7,0xd8ddc755,0x3d2a6f99,0x4610faf0,
    19340. 

  19340.         0xa1119393,0xb54e287a } },
    19341. 

  19341.     /* 136 */
    19342. 

  19342.     { { 0x178a876b,0x0a0122b5,0x085104b4,0x51ff96ff,0x14f29f76,0x050b31ab,
    19343. 

  19343.         0x5f87d4e6,0x84abb28b },
    19344. 

  19344.       { 0x8270790a,0xd5ed439f,0x85e3f46b,0x2d6cb59d,0x6c1e2212,0x75f55c1b,
    19345. 

  19345.         0x17655640,0xe5436f67 } },
    19346. 

  19346.     /* 137 */
    19347. 

  19347.     { { 0x2286e8d5,0x53f9025e,0x864453be,0x353c95b4,0xe408e3a0,0xd832f5bd,
    19348. 

  19348.         0x5b9ce99e,0x0404f68b },
    19349. 

  19349.       { 0xa781e8e5,0xcad33bde,0x163c2f5b,0x3cdf5018,0x0119caa3,0x57576960,
    19350. 

  19350.         0x0ac1c701,0x3a4263df } },
    19351. 

  19351.     /* 138 */
    19352. 

  19352.     { { 0x9aeb596d,0xc2965ecc,0x023c92b4,0x01ea03e7,0x2e013961,0x4704b4b6,
    19353. 

  19353.         0x905ea367,0x0ca8fd3f },
    19354. 

  19354.       { 0x551b2b61,0x92523a42,0x390fcd06,0x1eb7a89c,0x0392a63e,0xe7f1d2be,
    19355. 

  19355.         0x4ddb0c33,0x96dca264 } },
    19356. 

  19356.     /* 139 */
    19357. 

  19357.     { { 0x387510af,0x203bb43a,0xa9a36a01,0x846feaa8,0x2f950378,0xd23a5770,
    19358. 

  19358.         0x3aad59dc,0x4363e212 },
    19359. 

  19359.       { 0x40246a47,0xca43a1c7,0xe55dd24d,0xb362b8d2,0x5d8faf96,0xf9b08604,
    19360. 

  19360.         0xd8bb98c4,0x840e115c } },
    19361. 

  19361.     /* 140 */
    19362. 

  19362.     { { 0x1023e8a7,0xf12205e2,0xd8dc7a0b,0xc808a8cd,0x163a5ddf,0xe292a272,
    19363. 

  19363.         0x30ded6d4,0x5e0d6abd },
    19364. 

  19364.       { 0x7cfc0f64,0x07a721c2,0x0e55ed88,0x42eec01d,0x1d1f9db2,0x26a7bef9,
    19365. 

  19365.         0x2945a25a,0x7dea48f4 } },
    19366. 

  19366.     /* 141 */
    19367. 

  19367.     { { 0xe5060a81,0xabdf6f1c,0xf8f95615,0xe79f9c72,0x06ac268b,0xcfd36c54,
    19368. 

  19368.         0xebfd16d1,0xabc2a2be },
    19369. 

  19369.       { 0xd3e2eac7,0x8ac66f91,0xd2dd0466,0x6f10ba63,0x0282d31b,0x6790e377,
    19370. 

  19370.         0x6c7eefc1,0x4ea35394 } },
    19371. 

  19371.     /* 142 */
    19372. 

  19372.     { { 0x5266309d,0xed8a2f8d,0x81945a3e,0x0a51c6c0,0x578c5dc1,0xcecaf45a,
    19373. 

  19373.         0x1c94ffc3,0x3a76e689 },
    19374. 

  19374.       { 0x7d7b0d0f,0x9aace8a4,0x8f584a5f,0x963ace96,0x4e697fbe,0x51a30c72,
    19375. 

  19375.         0x465e6464,0x8212a10a } },
    19376. 

  19376.     /* 143 */
    19377. 

  19377.     { { 0xcfab8caa,0xef7c61c3,0x0e142390,0x18eb8e84,0x7e9733ca,0xcd1dff67,
    19378. 

  19378.         0x599cb164,0xaa7cab71 },
    19379. 

  19379.       { 0xbc837bd1,0x02fc9273,0xc36af5d7,0xc06407d0,0xf423da49,0x17621292,
    19380. 

  19380.         0xfe0617c3,0x40e38073 } },
    19381. 

  19381.     /* 144 */
    19382. 

  19382.     { { 0xa7bf9b7c,0xf4f80824,0x3fbe30d0,0x365d2320,0x97cf9ce3,0xbfbe5320,
    19383. 

  19383.         0xb3055526,0xe3604700 },
    19384. 

  19384.       { 0x6cc6c2c7,0x4dcb9911,0xba4cbee6,0x72683708,0x637ad9ec,0xdcded434,
    19385. 

  19385.         0xa3dee15f,0x6542d677 } },
    19386. 

  19386.     /* 145 */
    19387. 

  19387.     { { 0x7b6c377a,0x3f32b6d0,0x903448be,0x6cb03847,0x20da8af7,0xd6fdd3a8,
    19388. 

  19388.         0x09bb6f21,0xa6534aee },
    19389. 

  19389.       { 0x1035facf,0x30a1780d,0x9dcb47e6,0x35e55a33,0xc447f393,0x6ea50fe1,
    19390. 

  19390.         0xdc9aef22,0xf3cb672f } },
    19391. 

  19391.     /* 146 */
    19392. 

  19392.     { { 0x3b55fd83,0xeb3719fe,0x875ddd10,0xe0d7a46c,0x05cea784,0x33ac9fa9,
    19393. 

  19393.         0xaae870e7,0x7cafaa2e },
    19394. 

  19394.       { 0x1d53b338,0x9b814d04,0xef87e6c6,0xe0acc0a0,0x11672b0f,0xfb93d108,
    19395. 

  19395.         0xb9bd522e,0x0aab13c1 } },
    19396. 

  19396.     /* 147 */
    19397. 

  19397.     { { 0xd2681297,0xddcce278,0xb509546a,0xcb350eb1,0x7661aaf2,0x2dc43173,
    19398. 

  19398.         0x847012e9,0x4b91a602 },
    19399. 

  19399.       { 0x72f8ddcf,0xdcff1095,0x9a911af4,0x08ebf61e,0xc372430e,0x48f4360a,
    19400. 

  19400.         0x72321cab,0x49534c53 } },
    19401. 

  19401.     /* 148 */
    19402. 

  19402.     { { 0xf07b7e9d,0x83df7d71,0x13cd516f,0xa478efa3,0x6c047ee3,0x78ef264b,
    19403. 

  19403.         0xd65ac5ee,0xcaf46c4f },
    19404. 

  19404.       { 0x92aa8266,0xa04d0c77,0x913684bb,0xedf45466,0xae4b16b0,0x56e65168,
    19405. 

  19405.         0x04c6770f,0x14ce9e57 } },
    19406. 

  19406.     /* 149 */
    19407. 

  19407.     { { 0x965e8f91,0x99445e3e,0xcb0f2492,0xd3aca1ba,0x90c8a0a0,0xd31cc70f,
    19408. 

  19408.         0x3e4c9a71,0x1bb708a5 },
    19409. 

  19409.       { 0x558bdd7a,0xd5ca9e69,0x018a26b1,0x734a0508,0x4c9cf1ec,0xb093aa71,
    19410. 

  19410.         0xda300102,0xf9d126f2 } },
    19411. 

  19411.     /* 150 */
    19412. 

  19412.     { { 0xaff9563e,0x749bca7a,0xb49914a0,0xdd077afe,0xbf5f1671,0xe27a0311,
    19413. 

  19413.         0x729ecc69,0x807afcb9 },
    19414. 

  19414.       { 0xc9b08b77,0x7f8a9337,0x443c7e38,0x86c3a785,0x476fd8ba,0x85fafa59,
    19415. 

  19415.         0x6568cd8c,0x751adcd1 } },
    19416. 

  19416.     /* 151 */
    19417. 

  19417.     { { 0x10715c0d,0x8aea38b4,0x8f7697f7,0xd113ea71,0x93fbf06d,0x665eab14,
    19418. 

  19418.         0x2537743f,0x29ec4468 },
    19419. 

  19419.       { 0xb50bebbc,0x3d94719c,0xe4505422,0x399ee5bf,0x8d2dedb1,0x90cd5b3a,
    19420. 

  19420.         0x92a4077d,0xff9370e3 } },
    19421. 

  19421.     /* 152 */
    19422. 

  19422.     { { 0xc6b75b65,0x59a2d69b,0x266651c5,0x4188f8d5,0x3de9d7d2,0x28a9f33e,
    19423. 

  19423.         0xa2a9d01a,0x9776478b },
    19424. 

  19424.       { 0x929af2c7,0x8852622d,0x4e690923,0x334f5d6d,0xa89a51e9,0xce6cc7e5,
    19425. 

  19425.         0xac2f82fa,0x74a6313f } },
    19426. 

  19426.     /* 153 */
    19427. 

  19427.     { { 0xb75f079c,0xb2f4dfdd,0x18e36fbb,0x85b07c95,0xe7cd36dd,0x1b6cfcf0,
    19428. 

  19428.         0x0ff4863d,0xab75be15 },
    19429. 

  19429.       { 0x173fc9b7,0x81b367c0,0xd2594fd0,0xb90a7420,0xc4091236,0x15fdbf03,
    19430. 

  19430.         0x0b4459f6,0x4ebeac2e } },
    19431. 

  19431.     /* 154 */
    19432. 

  19432.     { { 0x5c9f2c53,0xeb6c5fe7,0x8eae9411,0xd2522011,0xf95ac5d8,0xc8887633,
    19433. 

  19433.         0x2c1baffc,0xdf99887b },
    19434. 

  19434.       { 0x850aaecb,0xbb78eed2,0x01d6a272,0x9d49181b,0xb1cdbcac,0x978dd511,
    19435. 

  19435.         0x779f4058,0x27b040a7 } },
    19436. 

  19436.     /* 155 */
    19437. 

  19437.     { { 0xf73b2eb2,0x90405db7,0x8e1b2118,0xe0df8508,0x5962327e,0x501b7152,
    19438. 

  19438.         0xe4cfa3f5,0xb393dd37 },
    19439. 

  19439.       { 0x3fd75165,0xa1230e7b,0xbcd33554,0xd66344c2,0x0f7b5022,0x6c36f1be,
    19440. 

  19440.         0xd0463419,0x09588c12 } },
    19441. 

  19441.     /* 156 */
    19442. 

  19442.     { { 0x02601c3b,0xe086093f,0xcf5c335f,0xfb0252f8,0x894aff28,0x955cf280,
    19443. 

  19443.         0xdb9f648b,0x81c879a9 },
    19444. 

  19444.       { 0xc6f56c51,0x040e687c,0x3f17618c,0xfed47169,0x9059353b,0x44f88a41,
    19445. 

  19445.         0x5fc11bc4,0xfa0d48f5 } },
    19446. 

  19446.     /* 157 */
    19447. 

  19447.     { { 0xe1608e4d,0xbc6e1c9d,0x3582822c,0x010dda11,0x157ec2d7,0xf6b7ddc1,
    19448. 

  19448.         0xb6a367d6,0x8ea0e156 },
    19449. 

  19449.       { 0x2383b3b4,0xa354e02f,0x3f01f53c,0x69966b94,0x2de03ca5,0x4ff6632b,
    19450. 

  19450.         0xfa00b5ac,0x3f5ab924 } },
    19451. 

  19451.     /* 158 */
    19452. 

  19452.     { { 0x59739efb,0x337bb0d9,0xe7ebec0d,0xc751b0f4,0x411a67d1,0x2da52dd6,
    19453. 

  19453.         0x2b74256e,0x8bc76887 },
    19454. 

  19454.       { 0x82d3d253,0xa5be3b72,0xf58d779f,0xa9f679a1,0xe16767bb,0xa1cac168,
    19455. 

  19455.         0x60fcf34f,0xb386f190 } },
    19456. 

  19456.     /* 159 */
    19457. 

  19457.     { { 0x2fedcfc2,0x31f3c135,0x62f8af0d,0x5396bf62,0xe57288c2,0x9a02b4ea,
    19458. 

  19458.         0x1b069c4d,0x4cb460f7 },
    19459. 

  19459.       { 0x5b8095ea,0xae67b4d3,0x6fc07603,0x92bbf859,0xb614a165,0xe1475f66,
    19460. 

  19460.         0x95ef5223,0x52c0d508 } },
    19461. 

  19461.     /* 160 */
    19462. 

  19462.     { { 0x15339848,0x231c210e,0x70778c8d,0xe87a28e8,0x6956e170,0x9d1de661,
    19463. 

  19463.         0x2bb09c0b,0x4ac3c938 },
    19464. 

  19464.       { 0x6998987d,0x19be0551,0xae09f4d6,0x8b2376c4,0x1a3f933d,0x1de0b765,
    19465. 

  19465.         0xe39705f4,0x380d94c7 } },
    19466. 

  19466.     /* 161 */
    19467. 

  19467.     { { 0x81542e75,0x01a355aa,0xee01b9b7,0x96c724a1,0x624d7087,0x6b3a2977,
    19468. 

  19468.         0xde2637af,0x2ce3e171 },
    19469. 

  19469.       { 0xf5d5bc1a,0xcfefeb49,0x2777e2b5,0xa655607e,0x9513756c,0x4feaac2f,
    19470. 

  19470.         0x0b624e4d,0x2e6cd852 } },
    19471. 

  19471.     /* 162 */
    19472. 

  19472.     { { 0x8c31c31d,0x3685954b,0x5bf21a0c,0x68533d00,0x75c79ec9,0x0bd7626e,
    19473. 

  19473.         0x42c69d54,0xca177547 },
    19474. 

  19474.       { 0xf6d2dbb2,0xcc6edaff,0x174a9d18,0xfd0d8cbd,0xaa4578e8,0x875e8793,
    19475. 

  19475.         0x9cab2ce6,0xa976a713 } },
    19476. 

  19476.     /* 163 */
    19477. 

  19477.     { { 0x93fb353d,0x0a651f1b,0x57fcfa72,0xd75cab8b,0x31b15281,0xaa88cfa7,
    19478. 

  19478.         0x0a1f4999,0x8720a717 },
    19479. 

  19479.       { 0x693e1b90,0x8c3e8d37,0x16f6dfc3,0xd345dc0b,0xb52a8742,0x8ea8d00a,
    19480. 

  19480.         0xc769893c,0x9719ef29 } },
    19481. 

  19481.     /* 164 */
    19482. 

  19482.     { { 0x58e35909,0x820eed8d,0x33ddc116,0x9366d8dc,0x6e205026,0xd7f999d0,
    19483. 

  19483.         0xe15704c1,0xa5072976 },
    19484. 

  19484.       { 0xc4e70b2e,0x002a37ea,0x6890aa8a,0x84dcf657,0x645b2a5c,0xcd71bf18,
    19485. 

  19485.         0xf7b77725,0x99389c9d } },
    19486. 

  19486.     /* 165 */
    19487. 

  19487.     { { 0x7ada7a4b,0x238c08f2,0xfd389366,0x3abe9d03,0x766f512c,0x6b672e89,
    19488. 

  19488.         0x202c82e4,0xa88806aa },
    19489. 

  19489.       { 0xd380184e,0x6602044a,0x126a8b85,0xa8cb78c4,0xad844f17,0x79d670c0,
    19490. 

  19490.         0x4738dcfe,0x0043bffb } },
    19491. 

  19491.     /* 166 */
    19492. 

  19492.     { { 0x36d5192e,0x8d59b5dc,0x4590b2af,0xacf885d3,0x11601781,0x83566d0a,
    19493. 

  19493.         0xba6c4866,0x52f3ef01 },
    19494. 

  19494.       { 0x0edcb64d,0x3986732a,0x8068379f,0x0a482c23,0x7040f309,0x16cbe5fa,
    19495. 

  19495.         0x9ef27e75,0x3296bd89 } },
    19496. 

  19496.     /* 167 */
    19497. 

  19497.     { { 0x454d81d7,0x476aba89,0x51eb9b3c,0x9eade7ef,0x81c57986,0x619a21cd,
    19498. 

  19498.         0xaee571e9,0x3b90febf },
    19499. 

  19499.       { 0x5496f7cb,0x9393023e,0x7fb51bc4,0x55be41d8,0x99beb5ce,0x03f1dd48,
    19500. 

  19500.         0x9f810b18,0x6e88069d } },
    19501. 

  19501.     /* 168 */
    19502. 

  19502.     { { 0xb43ea1db,0xce37ab11,0x5259d292,0x0a7ff1a9,0x8f84f186,0x851b0221,
    19503. 

  19503.         0xdefaad13,0xa7222bea },
    19504. 

  19504.       { 0x2b0a9144,0xa2ac78ec,0xf2fa59c5,0x5a024051,0x6147ce38,0x91d1eca5,
    19505. 

  19505.         0xbc2ac690,0xbe94d523 } },
    19506. 

  19506.     /* 169 */
    19507. 

  19507.     { { 0x0b226ce7,0x72f4945e,0x967e8b70,0xb8afd747,0x85a6c63e,0xedea46f1,
    19508. 

  19508.         0x9be8c766,0x7782defe },
    19509. 

  19509.       { 0x3db38626,0x760d2aa4,0x76f67ad1,0x460ae787,0x54499cdb,0x341b86fc,
    19510. 

  19510.         0xa2892e4b,0x03838567 } },
    19511. 

  19511.     /* 170 */
    19512. 

  19512.     { { 0x79ec1a0f,0x2d8daefd,0xceb39c97,0x3bbcd6fd,0x58f61a95,0xf5575ffc,
    19513. 

  19513.         0xadf7b420,0xdbd986c4 },
    19514. 

  19514.       { 0x15f39eb7,0x81aa8814,0xb98d976c,0x6ee2fcf5,0xcf2f717d,0x5465475d,
    19515. 

  19515.         0x6860bbd0,0x8e24d3c4 } },
    19516. 

  19516.     /* 171 */
    19517. 

  19517.     { { 0x9a587390,0x749d8e54,0x0cbec588,0x12bb194f,0xb25983c6,0x46e07da4,
    19518. 

  19518.         0x407bafc8,0x541a99c4 },
    19519. 

  19519.       { 0x624c8842,0xdb241692,0xd86c05ff,0x6044c12a,0x4f7fcf62,0xc59d14b4,
    19520. 

  19520.         0xf57d35d1,0xc0092c49 } },
    19521. 

  19521.     /* 172 */
    19522. 

  19522.     { { 0xdf2e61ef,0xd3cc75c3,0x2e1b35ca,0x7e8841c8,0x909f29f4,0xc62d30d1,
    19523. 

  19523.         0x7286944d,0x75e40634 },
    19524. 

  19524.       { 0xbbc237d0,0xe7d41fc5,0xec4f01c9,0xc9537bf0,0x282bd534,0x91c51a16,
    19525. 

  19525.         0xc7848586,0x5b7cb658 } },
    19526. 

  19526.     /* 173 */
    19527. 

  19527.     { { 0x8a28ead1,0x964a7084,0xfd3b47f6,0x802dc508,0x767e5b39,0x9ae4bfd1,
    19528. 

  19528.         0x8df097a1,0x7ae13eba },
    19529. 

  19529.       { 0xeadd384e,0xfd216ef8,0xb6b2ff06,0x0361a2d9,0x4bcdb5f3,0x204b9878,
    19530. 

  19530.         0xe2a8e3fd,0x787d8074 } },
    19531. 

  19531.     /* 174 */
    19532. 

  19532.     { { 0x757fbb1c,0xc5e25d6b,0xca201deb,0xe47bddb2,0x6d2233ff,0x4a55e9a3,
    19533. 

  19533.         0x9ef28484,0x5c222819 },
    19534. 

  19534.       { 0x88315250,0x773d4a85,0x827097c1,0x21b21a2b,0xdef5d33f,0xab7c4ea1,
    19535. 

  19535.         0xbaf0f2b0,0xe45d37ab } },
    19536. 

  19536.     /* 175 */
    19537. 

  19537.     { { 0x28511c8a,0xd2df1e34,0xbdca6cd3,0xebb229c8,0x627c39a7,0x578a71a7,
    19538. 

  19538.         0x84dfb9d3,0xed7bc122 },
    19539. 

  19539.       { 0x93dea561,0xcf22a6df,0xd48f0ed1,0x5443f18d,0x5bad23e8,0xd8b86140,
    19540. 

  19540.         0x45ca6d27,0xaac97cc9 } },
    19541. 

  19541.     /* 176 */
    19542. 

  19542.     { { 0xa16bd00a,0xeb54ea74,0xf5c0bcc1,0xd839e9ad,0x1f9bfc06,0x092bb7f1,
    19543. 

  19543.         0x1163dc4e,0x318f97b3 },
    19544. 

  19544.       { 0xc30d7138,0xecc0c5be,0xabc30220,0x44e8df23,0xb0223606,0x2bb7972f,
    19545. 

  19545.         0x9a84ff4d,0xfa41faa1 } },
    19546. 

  19546.     /* 177 */
    19547. 

  19547.     { { 0xa6642269,0x4402d974,0x9bb783bd,0xc81814ce,0x7941e60b,0x398d38e4,
    19548. 

  19548.         0x1d26e9e2,0x38bb6b2c },
    19549. 

  19549.       { 0x6a577f87,0xc64e4a25,0xdc11fe1c,0x8b52d253,0x62280728,0xff336abf,
    19550. 

  19550.         0xce7601a5,0x94dd0905 } },
    19551. 

  19551.     /* 178 */
    19552. 

  19552.     { { 0xde93f92a,0x156cf7dc,0x89b5f315,0xa01333cb,0xc995e750,0x02404df9,
    19553. 

  19553.         0xd25c2ae9,0x92077867 },
    19554. 

  19554.       { 0x0bf39d44,0xe2471e01,0x96bb53d7,0x5f2c9020,0x5c9c3d8f,0x4c44b7b3,
    19555. 

  19555.         0xd29beb51,0x81e8428b } },
    19556. 

  19556.     /* 179 */
    19557. 

  19557.     { { 0xc477199f,0x6dd9c2ba,0x6b5ecdd9,0x8cb8eeee,0xee40fd0e,0x8af7db3f,
    19558. 

  19558.         0xdbbfa4b1,0x1b94ab62 },
    19559. 

  19559.       { 0xce47f143,0x44f0d8b3,0x63f46163,0x51e623fc,0xcc599383,0xf18f270f,
    19560. 

  19560.         0x055590ee,0x06a38e28 } },
    19561. 

  19561.     /* 180 */
    19562. 

  19562.     { { 0xb3355b49,0x2e5b0139,0xb4ebf99b,0x20e26560,0xd269f3dc,0xc08ffa6b,
    19563. 

  19563.         0x83d9d4f8,0xa7b36c20 },
    19564. 

  19564.       { 0x1b3e8830,0x64d15c3a,0xa89f9c0b,0xd5fceae1,0xe2d16930,0xcfeee4a2,
    19565. 

  19565.         0xa2822a20,0xbe54c6b4 } },
    19566. 

  19566.     /* 181 */
    19567. 

  19567.     { { 0x8d91167c,0xd6cdb3df,0xe7a6625e,0x517c3f79,0x346ac7f4,0x7105648f,
    19568. 

  19568.         0xeae022bb,0xbf30a5ab },
    19569. 

  19569.       { 0x93828a68,0x8e7785be,0x7f3ef036,0x5161c332,0x592146b2,0xe11b5feb,
    19570. 

  19570.         0x2732d13a,0xd1c820de } },
    19571. 

  19571.     /* 182 */
    19572. 

  19572.     { { 0x9038b363,0x043e1347,0x6b05e519,0x58c11f54,0x6026cad1,0x4fe57abe,
    19573. 

  19573.         0x68a18da3,0xb7d17bed },
    19574. 

  19574.       { 0xe29c2559,0x44ca5891,0x5bfffd84,0x4f7a0376,0x74e46948,0x498de4af,
    19575. 

  19575.         0x6412cc64,0x3997fd5e } },
    19576. 

  19576.     /* 183 */
    19577. 

  19577.     { { 0x8bd61507,0xf2074682,0x34a64d2a,0x29e132d5,0x8a8a15e3,0xffeddfb0,
    19578. 

  19578.         0x3c6c13e8,0x0eeb8929 },
    19579. 

  19579.       { 0xa7e259f8,0xe9b69a3e,0xd13e7e67,0xce1db7e6,0xad1fa685,0x277318f6,
    19580. 

  19580.         0xc922b6ef,0x228916f8 } },
    19581. 

  19581.     /* 184 */
    19582. 

  19582.     { { 0x0a12ab5b,0x959ae25b,0x957bc136,0xcc11171f,0xd16e2b0c,0x8058429e,
    19583. 

  19583.         0x6e93097e,0xec05ad1d },
    19584. 

  19584.       { 0xac3f3708,0x157ba5be,0x30b59d77,0x31baf935,0x118234e5,0x47b55237,
    19585. 

  19585.         0x7ff11b37,0x7d314156 } },
    19586. 

  19586.     /* 185 */
    19587. 

  19587.     { { 0xf6dfefab,0x7bd9c05c,0xdcb37707,0xbe2f2268,0x3a38bb95,0xe53ead97,
    19588. 

  19588.         0x9bc1d7a3,0xe9ce66fc },
    19589. 

  19589.       { 0x6f6a02a1,0x75aa1576,0x60e600ed,0x38c087df,0x68cdc1b9,0xf8947f34,
    19590. 

  19590.         0x72280651,0xd9650b01 } },
    19591. 

  19591.     /* 186 */
    19592. 

  19592.     { { 0x5a057e60,0x504b4c4a,0x8def25e4,0xcbccc3be,0x17c1ccbd,0xa6353208,
    19593. 

  19593.         0x804eb7a2,0x14d6699a },
    19594. 

  19594.       { 0xdb1f411a,0x2c8a8415,0xf80d769c,0x09fbaf0b,0x1c2f77ad,0xb4deef90,
    19595. 

  19595.         0x0d43598a,0x6f4c6841 } },
    19596. 

  19596.     /* 187 */
    19597. 

  19597.     { { 0x96c24a96,0x8726df4e,0xfcbd99a3,0x534dbc85,0x8b2ae30a,0x3c466ef2,
    19598. 

  19598.         0x61189abb,0x4c4350fd },
    19599. 

  19599.       { 0xf855b8da,0x2967f716,0x463c38a1,0x41a42394,0xeae93343,0xc37e1413,
    19600. 

  19600.         0x5a3118b5,0xa726d242 } },
    19601. 

  19601.     /* 188 */
    19602. 

  19602.     { { 0x948c1086,0xdae6b3ee,0xcbd3a2e1,0xf1de503d,0x03d022f3,0x3f35ed3f,
    19603. 

  19603.         0xcc6cf392,0x13639e82 },
    19604. 

  19604.       { 0xcdafaa86,0x9ac938fb,0x2654a258,0xf45bc5fb,0x45051329,0x1963b26e,
    19605. 

  19605.         0xc1a335a3,0xca9365e1 } },
    19606. 

  19606.     /* 189 */
    19607. 

  19607.     { { 0x4c3b2d20,0x3615ac75,0x904e241b,0x742a5417,0xcc9d071d,0xb08521c4,
    19608. 

  19608.         0x970b72a5,0x9ce29c34 },
    19609. 

  19609.       { 0x6d3e0ad6,0x8cc81f73,0xf2f8434c,0x8060da9e,0x6ce862d9,0x35ed1d1a,
    19610. 

  19610.         0xab42af98,0x48c4abd7 } },
    19611. 

  19611.     /* 190 */
    19612. 

  19612.     { { 0x40c7485a,0xd221b0cc,0xe5274dbf,0xead455bb,0x9263d2e8,0x493c7698,
    19613. 

  19613.         0xf67b33cb,0x78017c32 },
    19614. 

  19614.       { 0x930cb5ee,0xb9d35769,0x0c408ed2,0xc0d14e94,0x272f1a4d,0xf8b7bf55,
    19615. 

  19615.         0xde5c1c04,0x53cd0454 } },
    19616. 

  19616.     /* 191 */
    19617. 

  19617.     { { 0x5d28ccac,0xbcd585fa,0x005b746e,0x5f823e56,0xcd0123aa,0x7c79f0a1,
    19618. 

  19618.         0xd3d7fa8f,0xeea465c1 },
    19619. 

  19619.       { 0x0551803b,0x7810659f,0x7ce6af70,0x6c0b599f,0x29288e70,0x4195a770,
    19620. 

  19620.         0x7ae69193,0x1b6e42a4 } },
    19621. 

  19621.     /* 192 */
    19622. 

  19622.     { { 0xf67d04c3,0x2e80937c,0x89eeb811,0x1e312be2,0x92594d60,0x56b5d887,
    19623. 

  19623.         0x187fbd3d,0x0224da14 },
    19624. 

  19624.       { 0x0c5fe36f,0x87abb863,0x4ef51f5f,0x580f3c60,0xb3b429ec,0x964fb1bf,
    19625. 

  19625.         0x42bfff33,0x60838ef0 } },
    19626. 

  19626.     /* 193 */
    19627. 

  19627.     { { 0x7e0bbe99,0x432cb2f2,0x04aa39ee,0x7bda44f3,0x9fa93903,0x5f497c7a,
    19628. 

  19628.         0x2d331643,0x636eb202 },
    19629. 

  19629.       { 0x93ae00aa,0xfcfd0e61,0x31ae6d2f,0x875a00fe,0x9f93901c,0xf43658a2,
    19630. 

  19630.         0x39218bac,0x8844eeb6 } },
    19631. 

  19631.     /* 194 */
    19632. 

  19632.     { { 0x6b3bae58,0x114171d2,0x17e39f3e,0x7db3df71,0x81a8eada,0xcd37bc7f,
    19633. 

  19633.         0x51fb789e,0x27ba83dc },
    19634. 

  19634.       { 0xfbf54de5,0xa7df439f,0xb5fe1a71,0x7277030b,0xdb297a48,0x42ee8e35,
    19635. 

  19635.         0x87f3a4ab,0xadb62d34 } },
    19636. 

  19636.     /* 195 */
    19637. 

  19637.     { { 0xa175df2a,0x9b1168a2,0x618c32e9,0x082aa04f,0x146b0916,0xc9e4f2e7,
    19638. 

  19638.         0x75e7c8b2,0xb990fd76 },
    19639. 

  19639.       { 0x4df37313,0x0829d96b,0xd0b40789,0x1c205579,0x78087711,0x66c9ae4a,
    19640. 

  19640.         0x4d10d18d,0x81707ef9 } },
    19641. 

  19641.     /* 196 */
    19642. 

  19642.     { { 0x03d6ff96,0x97d7cab2,0x0d843360,0x5b851bfc,0xd042db4b,0x268823c4,
    19643. 

  19643.         0xd5a8aa5c,0x3792daea },
    19644. 

  19644.       { 0x941afa0b,0x52818865,0x42d83671,0xf3e9e741,0x5be4e0a7,0x17c82527,
    19645. 

  19645.         0x94b001ba,0x5abd635e } },
    19646. 

  19646.     /* 197 */
    19647. 

  19647.     { { 0x0ac4927c,0x727fa84e,0xa7c8cf23,0xe3886035,0x4adca0df,0xa4bcd5ea,
    19648. 

  19648.         0x846ab610,0x5995bf21 },
    19649. 

  19649.       { 0x829dfa33,0xe90f860b,0x958fc18b,0xcaafe2ae,0x78630366,0x9b3baf44,
    19650. 

  19650.         0xd483411e,0x44c32ca2 } },
    19651. 

  19651.     /* 198 */
    19652. 

  19652.     { { 0xe40ed80c,0xa74a97f1,0x31d2ca82,0x5f938cb1,0x7c2d6ad9,0x53f2124b,
    19653. 

  19653.         0x8082a54c,0x1f2162fb },
    19654. 

  19654.       { 0x720b173e,0x7e467cc5,0x085f12f9,0x40e8a666,0x4c9d65dc,0x8cebc20e,
    19655. 

  19655.         0xc3e907c9,0x8f1d402b } },
    19656. 

  19656.     /* 199 */
    19657. 

  19657.     { { 0xfbc4058a,0x4f592f9c,0x292f5670,0xb15e14b6,0xbc1d8c57,0xc55cfe37,
    19658. 

  19658.         0x926edbf9,0xb1980f43 },
    19659. 

  19659.       { 0x32c76b09,0x98c33e09,0x33b07f78,0x1df5279d,0x863bb461,0x6f08ead4,
    19660. 

  19660.         0x37448e45,0x2828ad9b } },
    19661. 

  19661.     /* 200 */
    19662. 

  19662.     { { 0xc4cf4ac5,0x696722c4,0xdde64afb,0xf5ac1a3f,0xe0890832,0x0551baa2,
    19663. 

  19663.         0x5a14b390,0x4973f127 },
    19664. 

  19664.       { 0x322eac5d,0xe59d8335,0x0bd9b568,0x5e07eef5,0xa2588393,0xab36720f,
    19665. 

  19665.         0xdb168ac7,0x6dac8ed0 } },
    19666. 

  19666.     /* 201 */
    19667. 

  19667.     { { 0xeda835ef,0xf7b545ae,0x1d10ed51,0x4aa113d2,0x13741b09,0x035a65e0,
    19668. 

  19668.         0x20b9de4c,0x4b23ef59 },
    19669. 

  19669.       { 0x3c4c7341,0xe82bb680,0x3f58bc37,0xd457706d,0xa51e3ee8,0x73527863,
    19670. 

  19670.         0xddf49a4e,0x4dd71534 } },
    19671. 

  19671.     /* 202 */
    19672. 

  19672.     { { 0x95476cd9,0xbf944672,0xe31a725b,0x648d072f,0xfc4b67e0,0x1441c8b8,
    19673. 

  19673.         0x2f4a4dbb,0xfd317000 },
    19674. 

  19674.       { 0x8995d0e1,0x1cb43ff4,0x0ef729aa,0x76e695d1,0x41798982,0xe0d5f976,
    19675. 

  19675.         0x9569f365,0x14fac58c } },
    19676. 

  19676.     /* 203 */
    19677. 

  19677.     { { 0xf312ae18,0xad9a0065,0xfcc93fc9,0x51958dc0,0x8a7d2846,0xd9a14240,
    19678. 

  19678.         0x36abda50,0xed7c7651 },
    19679. 

  19679.       { 0x25d4abbc,0x46270f1a,0xf1a113ea,0x9b5dd8f3,0x5b51952f,0xc609b075,
    19680. 

  19680.         0x4d2e9f53,0xfefcb7f7 } },
    19681. 

  19681.     /* 204 */
    19682. 

  19682.     { { 0xba119185,0xbd09497a,0xaac45ba4,0xd54e8c30,0xaa521179,0x492479de,
    19683. 

  19683.         0x87e0d80b,0x1801a57e },
    19684. 

  19684.       { 0xfcafffb0,0x073d3f8d,0xae255240,0x6cf33c0b,0x5b5fdfbc,0x781d763b,
    19685. 

  19685.         0x1ead1064,0x9f8fc11e } },
    19686. 

  19686.     /* 205 */
    19687. 

  19687.     { { 0x5e69544c,0x1583a171,0xf04b7813,0x0eaf8567,0x278a4c32,0x1e22a8fd,
    19688. 

  19688.         0x3d3a69a9,0xa9d3809d },
    19689. 

  19689.       { 0x59a2da3b,0x936c2c2c,0x1895c847,0x38ccbcf6,0x63d50869,0x5e65244e,
    19690. 

  19690.         0xe1178ef7,0x3006b9ae } },
    19691. 

  19691.     /* 206 */
    19692. 

  19692.     { { 0xc9eead28,0x0bb1f2b0,0x89f4dfbc,0x7eef635d,0xb2ce8939,0x074757fd,
    19693. 

  19693.         0x45f8f761,0x0ab85fd7 },
    19694. 

  19694.       { 0x3e5b4549,0xecda7c93,0x97922f21,0x4be2bb5c,0xb43b8040,0x261a1274,
    19695. 

  19695.         0x11e942c2,0xb122d675 } },
    19696. 

  19696.     /* 207 */
    19697. 

  19697.     { { 0x66a5ae7a,0x3be607be,0x76adcbe3,0x01e703fa,0x4eb6e5c5,0xaf904301,
    19698. 

  19698.         0x097dbaec,0x9f599dc1 },
    19699. 

  19699.       { 0x0ff250ed,0x6d75b718,0x349a20dc,0x8eb91574,0x10b227a3,0x425605a4,
    19700. 

  19700.         0x8a294b78,0x7d5528e0 } },
    19701. 

  19701.     /* 208 */
    19702. 

  19702.     { { 0x20c26def,0xf0f58f66,0x582b2d1e,0x025585ea,0x01ce3881,0xfbe7d79b,
    19703. 

  19703.         0x303f1730,0x28ccea01 },
    19704. 

  19704.       { 0x79644ba5,0xd1dabcd1,0x06fff0b8,0x1fc643e8,0x66b3e17b,0xa60a76fc,
    19705. 

  19705.         0xa1d013bf,0xc18baf48 } },
    19706. 

  19706.     /* 209 */
    19707. 

  19707.     { { 0x5dc4216d,0x34e638c8,0x206142ac,0x00c01067,0x95f5064a,0xd453a171,
    19708. 

  19708.         0xb7a9596b,0x9def809d },
    19709. 

  19709.       { 0x67ab8d2c,0x41e8642e,0x6237a2b6,0xb4240433,0x64c4218b,0x7d506a6d,
    19710. 

  19710.         0x68808ce5,0x0357f8b0 } },
    19711. 

  19711.     /* 210 */
    19712. 

  19712.     { { 0x4cd2cc88,0x8e9dbe64,0xf0b8f39d,0xcc61c28d,0xcd30a0c8,0x4a309874,
    19713. 

  19713.         0x1b489887,0xe4a01add },
    19714. 

  19714.       { 0xf57cd8f9,0x2ed1eeac,0xbd594c48,0x1b767d3e,0x7bd2f787,0xa7295c71,
    19715. 

  19715.         0xce10cc30,0x466d7d79 } },
    19716. 

  19716.     /* 211 */
    19717. 

  19717.     { { 0x9dada2c7,0x47d31892,0x8f9aa27d,0x4fa0a6c3,0x820a59e1,0x90e4fd28,
    19718. 

  19718.         0x451ead1a,0xc672a522 },
    19719. 

  19719.       { 0x5d86b655,0x30607cc8,0xf9ad4af1,0xf0235d3b,0x571172a6,0x99a08680,
    19720. 

  19720.         0xf2a67513,0x5e3d64fa } },
    19721. 

  19721.     /* 212 */
    19722. 

  19722.     { { 0x9b3b4416,0xaa6410c7,0xeab26d99,0xcd8fcf85,0xdb656a74,0x5ebff74a,
    19723. 

  19723.         0xeb8e42fc,0x6c8a7a95 },
    19724. 

  19724.       { 0xb02a63bd,0x10c60ba7,0x8b8f0047,0x6b2f2303,0x312d90b0,0x8c6c3738,
    19725. 

  19725.         0xad82ca91,0x348ae422 } },
    19726. 

  19726.     /* 213 */
    19727. 

  19727.     { { 0x5ccda2fb,0x7f474663,0x8e0726d2,0x22accaa1,0x492b1f20,0x85adf782,
    19728. 

  19728.         0xd9ef2d2e,0xc1074de0 },
    19729. 

  19729.       { 0xae9a65b3,0xfcf3ce44,0x05d7151b,0xfd71e4ac,0xce6a9788,0xd4711f50,
    19730. 

  19730.         0xc9e54ffc,0xfbadfbdb } },
    19731. 

  19731.     /* 214 */
    19732. 

  19732.     { { 0x20a99363,0x1713f1cd,0x6cf22775,0xb915658f,0x24d359b2,0x968175cd,
    19733. 

  19733.         0x83716fcd,0xb7f976b4 },
    19734. 

  19734.       { 0x5d6dbf74,0x5758e24d,0x71c3af36,0x8d23bafd,0x0243dfe3,0x48f47760,
    19735. 

  19735.         0xcafcc805,0xf4d41b2e } },
    19736. 

  19736.     /* 215 */
    19737. 

  19737.     { { 0xfdabd48d,0x51f1cf28,0x32c078a4,0xce81be36,0x117146e9,0x6ace2974,
    19738. 

  19738.         0xe0160f10,0x180824ea },
    19739. 

  19739.       { 0x66e58358,0x0387698b,0xce6ca358,0x63568752,0x5e41e6c5,0x82380e34,
    19740. 

  19740.         0x83cf6d25,0x67e5f639 } },
    19741. 

  19741.     /* 216 */
    19742. 

  19742.     { { 0xcf4899ef,0xf89ccb8d,0x9ebb44c0,0x949015f0,0xb2598ec9,0x546f9276,
    19743. 

  19743.         0x04c11fc6,0x9fef789a },
    19744. 

  19744.       { 0x53d2a071,0x6d367ecf,0xa4519b09,0xb10e1a7f,0x611e2eef,0xca6b3fb0,
    19745. 

  19745.         0xa99c4e20,0xbc80c181 } },
    19746. 

  19746.     /* 217 */
    19747. 

  19747.     { { 0xe5eb82e6,0x972536f8,0xf56cb920,0x1a484fc7,0x50b5da5e,0xc78e2171,
    19748. 

  19748.         0x9f8cdf10,0x49270e62 },
    19749. 

  19749.       { 0xea6b50ad,0x1a39b7bb,0xa2388ffc,0x9a0284c1,0x8107197b,0x5403eb17,
    19750. 

  19750.         0x61372f7f,0xd2ee52f9 } },
    19751. 

  19751.     /* 218 */
    19752. 

  19752.     { { 0x88e0362a,0xd37cd285,0x8fa5d94d,0x442fa8a7,0xa434a526,0xaff836e5,
    19753. 

  19753.         0xe5abb733,0xdfb478be },
    19754. 

  19754.       { 0x673eede6,0xa91f1ce7,0x2b5b2f04,0xa5390ad4,0x5530da2f,0x5e66f7bf,
    19755. 

  19755.         0x08df473a,0xd9a140b4 } },
    19756. 

  19756.     /* 219 */
    19757. 

  19757.     { { 0x6e8ea498,0x0e0221b5,0x3563ee09,0x62347829,0x335d2ade,0xe06b8391,
    19758. 

  19758.         0x623f4b1a,0x760c058d },
    19759. 

  19759.       { 0xc198aa79,0x0b89b58c,0xf07aba7f,0xf74890d2,0xfde2556a,0x4e204110,
    19760. 

  19760.         0x8f190409,0x7141982d } },
    19761. 

  19761.     /* 220 */
    19762. 

  19762.     { { 0x4d4b0f45,0x6f0a0e33,0x392a94e1,0xd9280b38,0xb3c61d5e,0x3af324c6,
    19763. 

  19763.         0x89d54e47,0x3af9d1ce },
    19764. 

  19764.       { 0x20930371,0xfd8f7981,0x21c17097,0xeda2664c,0xdc42309b,0x0e9545dc,
    19765. 

  19765.         0x73957dd6,0xb1f815c3 } },
    19766. 

  19766.     /* 221 */
    19767. 

  19767.     { { 0x89fec44a,0x84faa78e,0x3caa4caf,0xc8c2ae47,0xc1b6a624,0x691c807d,
    19768. 

  19768.         0x1543f052,0xa41aed14 },
    19769. 

  19769.       { 0x7d5ffe04,0x42435399,0x625b6e20,0x8bacb2df,0x87817775,0x85d660be,
    19770. 

  19770.         0x86fb60ef,0xd6e9c1dd } },
    19771. 

  19771.     /* 222 */
    19772. 

  19772.     { { 0xc6853264,0x3aa2e97e,0xe2304a0b,0x771533b7,0xb8eae9be,0x1b912bb7,
    19773. 

  19773.         0xae9bf8c2,0x9c9c6e10 },
    19774. 

  19774.       { 0xe030b74c,0xa2309a59,0x6a631e90,0x4ed7494d,0xa49b79f2,0x89f44b23,
    19775. 

  19775.         0x40fa61b6,0x566bd596 } },
    19776. 

  19776.     /* 223 */
    19777. 

  19777.     { { 0xc18061f3,0x066c0118,0x7c83fc70,0x190b25d3,0x27273245,0xf05fc8e0,
    19778. 

  19778.         0xf525345e,0xcf2c7390 },
    19779. 

  19779.       { 0x10eb30cf,0xa09bceb4,0x0d77703a,0xcfd2ebba,0x150ff255,0xe842c43a,
    19780. 

  19780.         0x8aa20979,0x02f51755 } },
    19781. 

  19781.     /* 224 */
    19782. 

  19782.     { { 0xaddb7d07,0x396ef794,0x24455500,0x0b4fc742,0xc78aa3ce,0xfaff8eac,
    19783. 

  19783.         0xe8d4d97d,0x14e9ada5 },
    19784. 

  19784.       { 0x2f7079e2,0xdaa480a1,0xe4b0800e,0x45baa3cd,0x7838157d,0x01765e2d,
    19785. 

  19785.         0x8e9d9ae8,0xa0ad4fab } },
    19786. 

  19786.     /* 225 */
    19787. 

  19787.     { { 0x4a653618,0x0bfb7621,0x31eaaa5f,0x1872813c,0x44949d5e,0x1553e737,
    19788. 

  19788.         0x6e56ed1e,0xbcd530b8 },
    19789. 

  19789.       { 0x32e9c47b,0x169be853,0xb50059ab,0xdc2776fe,0x192bfbb4,0xcdba9761,
    19790. 

  19790.         0x6979341d,0x909283cf } },
    19791. 

  19791.     /* 226 */
    19792. 

  19792.     { { 0x76e81a13,0x67b00324,0x62171239,0x9bee1a99,0xd32e19d6,0x08ed361b,
    19793. 

  19793.         0xace1549a,0x35eeb7c9 },
    19794. 

  19794.       { 0x7e4e5bdc,0x1280ae5a,0xb6ceec6e,0x2dcd2cd3,0x6e266bc1,0x52e4224c,
    19795. 

  19795.         0x448ae864,0x9a8b2cf4 } },
    19796. 

  19796.     /* 227 */
    19797. 

  19797.     { { 0x09d03b59,0xf6471bf2,0xb65af2ab,0xc90e62a3,0xebd5eec9,0xff7ff168,
    19798. 

  19798.         0xd4491379,0x6bdb60f4 },
    19799. 

  19799.       { 0x8a55bc30,0xdadafebc,0x10097fe0,0xc79ead16,0x4c1e3bdd,0x42e19741,
    19800. 

  19800.         0x94ba08a9,0x01ec3cfd } },
    19801. 

  19801.     /* 228 */
    19802. 

  19802.     { { 0xdc9485c2,0xba6277eb,0x22fb10c7,0x48cc9a79,0x70a28d8a,0x4f61d60f,
    19803. 

  19803.         0x475464f6,0xd1acb1c0 },
    19804. 

  19804.       { 0x26f36612,0xd26902b1,0xe0618d8b,0x59c3a44e,0x308357ee,0x4df8a813,
    19805. 

  19805.         0x405626c2,0x7dcd079d } },
    19806. 

  19806.     /* 229 */
    19807. 

  19807.     { { 0xf05a4b48,0x5ce7d4d3,0x37230772,0xadcd2952,0x812a915a,0xd18f7971,
    19808. 

  19808.         0x377d19b8,0x0bf53589 },
    19809. 

  19809.       { 0x6c68ea73,0x35ecd95a,0x823a584d,0xc7f3bbca,0xf473a723,0x9fb674c6,
    19810. 

  19810.         0xe16686fc,0xd28be4d9 } },
    19811. 

  19811.     /* 230 */
    19812. 

  19812.     { { 0x38fa8e4b,0x5d2b9906,0x893fd8fc,0x559f186e,0x436fb6fc,0x3a6de2aa,
    19813. 

  19813.         0x510f88ce,0xd76007aa },
    19814. 

  19814.       { 0x523a4988,0x2d10aab6,0x74dd0273,0xb455cf44,0xa3407278,0x7f467082,
    19815. 

  19815.         0xb303bb01,0xf2b52f68 } },
    19816. 

  19816.     /* 231 */
    19817. 

  19817.     { { 0x9835b4ca,0x0d57eafa,0xbb669cbc,0x2d2232fc,0xc6643198,0x8eeeb680,
    19818. 

  19818.         0xcc5aed3a,0xd8dbe98e },
    19819. 

  19819.       { 0xc5a02709,0xcba9be3f,0xf5ba1fa8,0x30be68e5,0xf10ea852,0xfebd43cd,
    19820. 

  19820.         0xee559705,0xe01593a3 } },
    19821. 

  19821.     /* 232 */
    19822. 

  19822.     { { 0xea75a0a6,0xd3e5af50,0x57858033,0x512226ac,0xd0176406,0x6fe6d50f,
    19823. 

  19823.         0xaeb8ef06,0xafec07b1 },
    19824. 

  19824.       { 0x80bb0a31,0x7fb99567,0x37309aae,0x6f1af3cc,0x01abf389,0x9153a15a,
    19825. 

  19825.         0x6e2dbfdd,0xa71b9354 } },
    19826. 

  19826.     /* 233 */
    19827. 

  19827.     { { 0x18f593d2,0xbf8e12e0,0xa078122b,0xd1a90428,0x0ba4f2ad,0x150505db,
    19828. 

  19828.         0x628523d9,0x53a2005c },
    19829. 

  19829.       { 0xe7f2b935,0x07c8b639,0xc182961a,0x2bff975a,0x7518ca2c,0x86bceea7,
    19830. 

  19830.         0x3d588e3d,0xbf47d19b } },
    19831. 

  19831.     /* 234 */
    19832. 

  19832.     { { 0xdd7665d5,0x672967a7,0x2f2f4de5,0x4e303057,0x80d4903f,0x144005ae,
    19833. 

  19833.         0x39c9a1b6,0x001c2c7f },
    19834. 

  19834.       { 0x69efc6d6,0x143a8014,0x7bc7a724,0xc810bdaa,0xa78150a4,0x5f65670b,
    19835. 

  19835.         0x86ffb99b,0xfdadf8e7 } },
    19836. 

  19836.     /* 235 */
    19837. 

  19837.     { { 0xffc00785,0xfd38cb88,0x3b48eb67,0x77fa7591,0xbf368fbc,0x0454d055,
    19838. 

  19838.         0x5aa43c94,0x3a838e4d },
    19839. 

  19839.       { 0x3e97bb9a,0x56166329,0x441d94d9,0x9eb93363,0x0adb2a83,0x515591a6,
    19840. 

  19840.         0x873e1da3,0x3cdb8257 } },
    19841. 

  19841.     /* 236 */
    19842. 

  19842.     { { 0x7de77eab,0x137140a9,0x41648109,0xf7e1c50d,0xceb1d0df,0x762dcad2,
    19843. 

  19843.         0xf1f57fba,0x5a60cc89 },
    19844. 

  19844.       { 0x40d45673,0x80b36382,0x5913c655,0x1b82be19,0xdd64b741,0x057284b8,
    19845. 

  19845.         0xdbfd8fc0,0x922ff56f } },
    19846. 

  19846.     /* 237 */
    19847. 

  19847.     { { 0xc9a129a1,0x1b265dee,0xcc284e04,0xa5b1ce57,0xcebfbe3c,0x04380c46,
    19848. 

  19848.         0xf6c5cd62,0x72919a7d },
    19849. 

  19849.       { 0x8fb90f9a,0x298f453a,0x88e4031b,0xd719c00b,0x796f1856,0xe32c0e77,
    19850. 

  19850.         0x3624089a,0x5e791780 } },
    19851. 

  19851.     /* 238 */
    19852. 

  19852.     { { 0x7f63cdfb,0x5c16ec55,0xf1cae4fd,0x8e6a3571,0x560597ca,0xfce26bea,
    19853. 

  19853.         0xe24c2fab,0x4e0a5371 },
    19854. 

  19854.       { 0xa5765357,0x276a40d3,0x0d73a2b4,0x3c89af44,0x41d11a32,0xb8f370ae,
    19855. 

  19855.         0xd56604ee,0xf5ff7818 } },
    19856. 

  19856.     /* 239 */
    19857. 

  19857.     { { 0x1a09df21,0xfbf3e3fe,0xe66e8e47,0x26d5d28e,0x29c89015,0x2096bd0a,
    19858. 

  19858.         0x533f5e64,0xe41df0e9 },
    19859. 

  19859.       { 0xb3ba9e3f,0x305fda40,0x2604d895,0xf2340ceb,0x7f0367c7,0x0866e192,
    19860. 

  19860.         0xac4f155f,0x8edd7d6e } },
    19861. 

  19861.     /* 240 */
    19862. 

  19862.     { { 0x0bfc8ff3,0xc9a1dc0e,0xe936f42f,0x14efd82b,0xcca381ef,0x67016f7c,
    19863. 

  19863.         0xed8aee96,0x1432c1ca },
    19864. 

  19864.       { 0x70b23c26,0xec684829,0x0735b273,0xa64fe873,0xeaef0f5a,0xe389f6e5,
    19865. 

  19865.         0x5ac8d2c6,0xcaef480b } },
    19866. 

  19866.     /* 241 */
    19867. 

  19867.     { { 0x75315922,0x5245c978,0x3063cca5,0xd8295171,0xb64ef2cb,0xf3ce60d0,
    19868. 

  19868.         0x8efae236,0xd0ba177e },
    19869. 

  19869.       { 0xb1b3af60,0x53a9ae8f,0x3d2da20e,0x1a796ae5,0xdf9eef28,0x01d63605,
    19870. 

  19870.         0x1c54ae16,0xf31c957c } },
    19871. 

  19871.     /* 242 */
    19872. 

  19872.     { { 0x49cc4597,0xc0f58d52,0xbae0a028,0xdc5015b0,0x734a814a,0xefc5fc55,
    19873. 

  19873.         0x96e17c3a,0x013404cb },
    19874. 

  19874.       { 0xc9a824bf,0xb29e2585,0x001eaed7,0xd593185e,0x61ef68ac,0x8d6ee682,
    19875. 

  19875.         0x91933e6c,0x6f377c4b } },
    19876. 

  19876.     /* 243 */
    19877. 

  19877.     { { 0xa8333fd2,0x9f93bad1,0x5a2a95b8,0xa8930202,0xeaf75ace,0x211e5037,
    19878. 

  19878.         0xd2d09506,0x6dba3e4e },
    19879. 

  19879.       { 0xd04399cd,0xa48ef98c,0xe6b73ade,0x1811c66e,0xc17ecaf3,0x72f60752,
    19880. 

  19880.         0x3becf4a7,0xf13cf342 } },
    19881. 

  19881.     /* 244 */
    19882. 

  19882.     { { 0xa919e2eb,0xceeb9ec0,0xf62c0f68,0x83a9a195,0x7aba2299,0xcfba3bb6,
    19883. 

  19883.         0x274bbad3,0xc83fa9a9 },
    19884. 

  19884.       { 0x62fa1ce0,0x0d7d1b0b,0x3418efbf,0xe58b60f5,0x52706f04,0xbfa8ef9e,
    19885. 

  19885.         0x5d702683,0xb49d70f4 } },
    19886. 

  19886.     /* 245 */
    19887. 

  19887.     { { 0xfad5513b,0x914c7510,0xb1751e2d,0x05f32eec,0xd9fb9d59,0x6d850418,
    19888. 

  19888.         0x0c30f1cf,0x59cfadbb },
    19889. 

  19889.       { 0x55cb7fd6,0xe167ac23,0x820426a3,0x249367b8,0x90a78864,0xeaeec58c,
    19890. 

  19890.         0x354a4b67,0x5babf362 } },
    19891. 

  19891.     /* 246 */
    19892. 

  19892.     { { 0xee424865,0x37c981d1,0xf2e5577f,0x8b002878,0xb9e0c058,0x702970f1,
    19893. 

  19893.         0x9026c8f0,0x6188c6a7 },
    19894. 

  19894.       { 0xd0f244da,0x06f9a19b,0xfb080873,0x1ecced5c,0x9f213637,0x35470f9b,
    19895. 

  19895.         0xdf50b9d9,0x993fe475 } },
    19896. 

  19896.     /* 247 */
    19897. 

  19897.     { { 0x9b2c3609,0x68e31cdf,0x2c46d4ea,0x84eb19c0,0x9a775101,0x7ac9ec1a,
    19898. 

  19898.         0x4c80616b,0x81f76466 },
    19899. 

  19899.       { 0x75fbe978,0x1d7c2a5a,0xf183b356,0x6743fed3,0x501dd2bf,0x838d1f04,
    19900. 

  19900.         0x5fe9060d,0x564a812a } },
    19901. 

  19901.     /* 248 */
    19902. 

  19902.     { { 0xfa817d1d,0x7a5a64f4,0xbea82e0f,0x55f96844,0xcd57f9aa,0xb5ff5a0f,
    19903. 

  19903.         0x00e51d6c,0x226bf3cf },
    19904. 

  19904.       { 0x2f2833cf,0xd6d1a9f9,0x4f4f89a8,0x20a0a35a,0x8f3f7f77,0x11536c49,
    19905. 

  19905.         0xff257836,0x68779f47 } },
    19906. 

  19906.     /* 249 */
    19907. 

  19907.     { { 0x73043d08,0x79b0c1c1,0x1fc020fa,0xa5446774,0x9a6d26d0,0xd3767e28,
    19908. 

  19908.         0xeb092e0b,0x97bcb0d1 },
    19909. 

  19909.       { 0xf32ed3c3,0x2ab6eaa8,0xb281bc48,0xc8a4f151,0xbfa178f3,0x4d1bf4f3,
    19910. 

  19910.         0x0a784655,0xa872ffe8 } },
    19911. 

  19911.     /* 250 */
    19912. 

  19912.     { { 0xa32b2086,0xb1ab7935,0x8160f486,0xe1eb710e,0x3b6ae6be,0x9bd0cd91,
    19913. 

  19913.         0xb732a36a,0x02812bfc },
    19914. 

  19914.       { 0xcf605318,0xa63fd7ca,0xfdfd6d1d,0x646e5d50,0x2102d619,0xa1d68398,
    19915. 

  19915.         0xfe5396af,0x07391cc9 } },
    19916. 

  19916.     /* 251 */
    19917. 

  19917.     { { 0x8b80d02b,0xc50157f0,0x62877f7f,0x6b8333d1,0x78d542ae,0x7aca1af8,
    19918. 

  19918.         0x7e6d2a08,0x355d2adc },
    19919. 

  19919.       { 0x287386e1,0xb41f335a,0xf8e43275,0xfd272a94,0xe79989ea,0x286ca2cd,
    19920. 

  19920.         0x7c2a3a79,0x3dc2b1e3 } },
    19921. 

  19921.     /* 252 */
    19922. 

  19922.     { { 0x04581352,0xd689d21c,0x376782be,0x0a00c825,0x9fed701f,0x203bd590,
    19923. 

  19923.         0x3ccd846b,0xc4786910 },
    19924. 

  19924.       { 0x24c768ed,0x5dba7708,0x6841f657,0x72feea02,0x6accce0e,0x73313ed5,
    19925. 

  19925.         0xd5bb4d32,0xccc42968 } },
    19926. 

  19926.     /* 253 */
    19927. 

  19927.     { { 0x3d7620b9,0x94e50de1,0x5992a56a,0xd89a5c8a,0x675487c9,0xdc007640,
    19928. 

  19928.         0xaa4871cf,0xe147eb42 },
    19929. 

  19929.       { 0xacf3ae46,0x274ab4ee,0x50350fbe,0xfd4936fb,0x48c840ea,0xdf2afe47,
    19930. 

  19930.         0x080e96e3,0x239ac047 } },
    19931. 

  19931.     /* 254 */
    19932. 

  19932.     { { 0x2bfee8d4,0x481d1f35,0xfa7b0fec,0xce80b5cf,0x2ce9af3c,0x105c4c9e,
    19933. 

  19933.         0xf5f7e59d,0xc55fa1a3 },
    19934. 

  19934.       { 0x8257c227,0x3186f14e,0x342be00b,0xc5b1653f,0xaa904fb2,0x09afc998,
    19935. 

  19935.         0xd4f4b699,0x094cd99c } },
    19936. 

  19936.     /* 255 */
    19937. 

  19937.     { { 0xd703beba,0x8a981c84,0x32ceb291,0x8631d150,0xe3bd49ec,0xa445f2c9,
    19938. 

  19938.         0x42abad33,0xb90a30b6 },
    19939. 

  19939.       { 0xb4a5abf9,0xb465404f,0x75db7603,0x004750c3,0xca35d89f,0x6f9a42cc,
    19940. 

  19940.         0x1b7924f7,0x019f8b9a } },
    19941. 

  19941. };
    19942. 

  19942. 

  19943. /* Multiply the base point of P256 by the scalar and return the result.
    19944. 

  19944.  * If map is true then convert result to affine coordinates.
    19945. 

  19945.  *
    19946. 

  19946.  * r     Resulting point.
    19947. 

  19947.  * k     Scalar to multiply by.
    19948. 

  19948.  * map   Indicates whether to convert result to affine.
    19949. 

  19949.  * heap  Heap to use for allocation.
    19950. 

  19950.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    19951. 

  19951.  */
    19952. 

  19952. static int sp_256_ecc_mulmod_base_8(sp_point* r, const sp_digit* k,
    19953. 

  19953.         int map, void* heap)
    19954. 

  19954. {
    19955. 

  19955.     return sp_256_ecc_mulmod_stripe_8(r, &p256_base, p256_table,
    19956. 

  19956.                                       k, map, heap);
    19957. 

  19957. }
    19958. 

  19958. 

  19959. #endif
    19960. 

  19960. 

  19961. /* Multiply the base point of P256 by the scalar and return the result.
    19962. 

  19962.  * If map is true then convert result to affine coordinates.
    19963. 

  19963.  *
    19964. 

  19964.  * km    Scalar to multiply by.
    19965. 

  19965.  * r     Resulting point.
    19966. 

  19966.  * map   Indicates whether to convert result to affine.
    19967. 

  19967.  * heap  Heap to use for allocation.
    19968. 

  19968.  * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
    19969. 

  19969.  */
    19970. 

  19970. int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
    19971. 

  19971. {
    19972. 

  19972. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    19973. 

  19973.     sp_point p;
    19974. 

  19974.     sp_digit k[8];
    19975. 

  19975. #else
    19976. 

  19976.     sp_digit* k = NULL;
    19977. 

  19977. #endif
    19978. 

  19978.     sp_point* point;
    19979. 

  19979.     int err;
    19980. 

  19980. 

  19981.     err = sp_ecc_point_new(heap, p, point);
    19982. 

  19982. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    19983. 

  19983.     if (err == MP_OKAY) {
    19984. 

  19984.         k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
    19985. 

  19985.                                                               DYNAMIC_TYPE_ECC);
    19986. 

  19986.         if (k == NULL) {
    19987. 

  19987.             err = MEMORY_E;
    19988. 

  19988.         }
    19989. 

  19989.     }
    19990. 

  19990. #endif
    19991. 

  19991.     if (err == MP_OKAY) {
    19992. 

  19992.         sp_256_from_mp(k, 8, km);
    19993. 

  19993. 

  19994.             err = sp_256_ecc_mulmod_base_8(point, k, map, heap);
    19995. 

  19995.     }
    19996. 

  19996.     if (err == MP_OKAY) {
    19997. 

  19997.         err = sp_256_point_to_ecc_point_8(point, r);
    19998. 

  19998.     }
    19999. 

  19999. 

  20000. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20001. 

  20001.     if (k != NULL) {
    20002. 

  20002.         XFREE(k, heap, DYNAMIC_TYPE_ECC);
    20003. 

  20003.     }
    20004. 

  20004. #endif
    20005. 

  20005.     sp_ecc_point_free(point, 0, heap);
    20006. 

  20006. 

  20007.     return err;
    20008. 

  20008. }
    20009. 

  20009. 

  20010. #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
    20011. 

  20011.                                                         defined(HAVE_ECC_VERIFY)
    20012. 

  20012. /* Returns 1 if the number of zero.
    20013. 

  20013.  * Implementation is constant time.
    20014. 

  20014.  *
    20015. 

  20015.  * a  Number to check.
    20016. 

  20016.  * returns 1 if the number is zero and 0 otherwise.
    20017. 

  20017.  */
    20018. 

  20018. static int sp_256_iszero_8(const sp_digit* a)
    20019. 

  20019. {
    20020. 

  20020.     return (a[0] | a[1] | a[2] | a[3] | a[4] | a[5] | a[6] | a[7]) == 0;
    20021. 

  20021. }
    20022. 

  20022. 

  20023. #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN || HAVE_ECC_SIGN || HAVE_ECC_VERIFY */
    20024. 

  20024. /* Add 1 to a. (a = a + 1)
    20025. 

  20025.  *
    20026. 

  20026.  * a  A single precision integer.
    20027. 

  20027.  */
    20028. 

  20028. SP_NOINLINE static void sp_256_add_one_8(sp_digit* a)
    20029. 

  20029. {
    20030. 

  20030.     __asm__ __volatile__ (
    20031. 

  20031.         "mov	r2, #1\n\t"
    20032. 

  20032.         "ldr	r1, [%[a], #0]\n\t"
    20033. 

  20033.         "add	r1, r2\n\t"
    20034. 

  20034.         "mov	r2, #0\n\t"
    20035. 

  20035.         "str	r1, [%[a], #0]\n\t"
    20036. 

  20036.         "ldr	r1, [%[a], #4]\n\t"
    20037. 

  20037.         "adc	r1, r2\n\t"
    20038. 

  20038.         "str	r1, [%[a], #4]\n\t"
    20039. 

  20039.         "ldr	r1, [%[a], #8]\n\t"
    20040. 

  20040.         "adc	r1, r2\n\t"
    20041. 

  20041.         "str	r1, [%[a], #8]\n\t"
    20042. 

  20042.         "ldr	r1, [%[a], #12]\n\t"
    20043. 

  20043.         "adc	r1, r2\n\t"
    20044. 

  20044.         "str	r1, [%[a], #12]\n\t"
    20045. 

  20045.         "ldr	r1, [%[a], #16]\n\t"
    20046. 

  20046.         "adc	r1, r2\n\t"
    20047. 

  20047.         "str	r1, [%[a], #16]\n\t"
    20048. 

  20048.         "ldr	r1, [%[a], #20]\n\t"
    20049. 

  20049.         "adc	r1, r2\n\t"
    20050. 

  20050.         "str	r1, [%[a], #20]\n\t"
    20051. 

  20051.         "ldr	r1, [%[a], #24]\n\t"
    20052. 

  20052.         "adc	r1, r2\n\t"
    20053. 

  20053.         "str	r1, [%[a], #24]\n\t"
    20054. 

  20054.         "ldr	r1, [%[a], #28]\n\t"
    20055. 

  20055.         "adc	r1, r2\n\t"
    20056. 

  20056.         "str	r1, [%[a], #28]\n\t"
    20057. 

  20057.         :
    20058. 

  20058.         : [a] "r" (a)
    20059. 

  20059.         : "memory", "r1", "r2"
    20060. 

  20060.     );
    20061. 

  20061. }
    20062. 

  20062. 

  20063. /* Read big endian unsigned byte array into r.
    20064. 

  20064.  *
    20065. 

  20065.  * r  A single precision integer.
    20066. 

  20066.  * size  Maximum number of bytes to convert
    20067. 

  20067.  * a  Byte array.
    20068. 

  20068.  * n  Number of bytes in array to read.
    20069. 

  20069.  */
    20070. 

  20070. static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n)
    20071. 

  20071. {
    20072. 

  20072.     int i, j = 0;
    20073. 

  20073.     word32 s = 0;
    20074. 

  20074. 

  20075.     r[0] = 0;
    20076. 

  20076.     for (i = n-1; i >= 0; i--) {
    20077. 

  20077.         r[j] |= (((sp_digit)a[i]) << s);
    20078. 

  20078.         if (s >= 24U) {
    20079. 

  20079.             r[j] &= 0xffffffff;
    20080. 

  20080.             s = 32U - s;
    20081. 

  20081.             if (j + 1 >= size) {
    20082. 

  20082.                 break;
    20083. 

  20083.             }
    20084. 

  20084.             r[++j] = (sp_digit)a[i] >> s;
    20085. 

  20085.             s = 8U - s;
    20086. 

  20086.         }
    20087. 

  20087.         else {
    20088. 

  20088.             s += 8U;
    20089. 

  20089.         }
    20090. 

  20090.     }
    20091. 

  20091. 

  20092.     for (j++; j < size; j++) {
    20093. 

  20093.         r[j] = 0;
    20094. 

  20094.     }
    20095. 

  20095. }
    20096. 

  20096. 

  20097. /* Generates a scalar that is in the range 1..order-1.
    20098. 

  20098.  *
    20099. 

  20099.  * rng  Random number generator.
    20100. 

  20100.  * k    Scalar value.
    20101. 

  20101.  * returns RNG failures, MEMORY_E when memory allocation fails and
    20102. 

  20102.  * MP_OKAY on success.
    20103. 

  20103.  */
    20104. 

  20104. static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
    20105. 

  20105. {
    20106. 

  20106.     int err;
    20107. 

  20107.     byte buf[32];
    20108. 

  20108. 

  20109.     do {
    20110. 

  20110.         err = wc_RNG_GenerateBlock(rng, buf, sizeof(buf));
    20111. 

  20111.         if (err == 0) {
    20112. 

  20112.             sp_256_from_bin(k, 8, buf, (int)sizeof(buf));
    20113. 

  20113.             if (sp_256_cmp_8(k, p256_order2) < 0) {
    20114. 

  20114.                 sp_256_add_one_8(k);
    20115. 

  20115.                 break;
    20116. 

  20116.             }
    20117. 

  20117.         }
    20118. 

  20118.     }
    20119. 

  20119.     while (err == 0);
    20120. 

  20120. 

  20121.     return err;
    20122. 

  20122. }
    20123. 

  20123. 

  20124. /* Makes a random EC key pair.
    20125. 

  20125.  *
    20126. 

  20126.  * rng   Random number generator.
    20127. 

  20127.  * priv  Generated private value.
    20128. 

  20128.  * pub   Generated public point.
    20129. 

  20129.  * heap  Heap to use for allocation.
    20130. 

  20130.  * returns ECC_INF_E when the point does not have the correct order, RNG
    20131. 

  20131.  * failures, MEMORY_E when memory allocation fails and MP_OKAY on success.
    20132. 

  20132.  */
    20133. 

  20133. int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
    20134. 

  20134. {
    20135. 

  20135. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    20136. 

  20136.     sp_point p;
    20137. 

  20137.     sp_digit k[8];
    20138. 

  20138. #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    20139. 

  20139.     sp_point inf;
    20140. 

  20140. #endif
    20141. 

  20141. #else
    20142. 

  20142.     sp_digit* k = NULL;
    20143. 

  20143. #endif
    20144. 

  20144.     sp_point* point;
    20145. 

  20145. #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    20146. 

  20146.     sp_point* infinity;
    20147. 

  20147. #endif
    20148. 

  20148.     int err;
    20149. 

  20149. 

  20150.     (void)heap;
    20151. 

  20151. 

  20152.     err = sp_ecc_point_new(heap, p, point);
    20153. 

  20153. #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    20154. 

  20154.     if (err == MP_OKAY) {
    20155. 

  20155.         err = sp_ecc_point_new(heap, inf, infinity);
    20156. 

  20156.     }
    20157. 

  20157. #endif
    20158. 

  20158. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20159. 

  20159.     if (err == MP_OKAY) {
    20160. 

  20160.         k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
    20161. 

  20161.                                                               DYNAMIC_TYPE_ECC);
    20162. 

  20162.         if (k == NULL) {
    20163. 

  20163.             err = MEMORY_E;
    20164. 

  20164.         }
    20165. 

  20165.     }
    20166. 

  20166. #endif
    20167. 

  20167. 

  20168.     if (err == MP_OKAY) {
    20169. 

  20169.         err = sp_256_ecc_gen_k_8(rng, k);
    20170. 

  20170.     }
    20171. 

  20171.     if (err == MP_OKAY) {
    20172. 

  20172.             err = sp_256_ecc_mulmod_base_8(point, k, 1, NULL);
    20173. 

  20173.     }
    20174. 

  20174. 

  20175. #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    20176. 

  20176.     if (err == MP_OKAY) {
    20177. 

  20177.             err = sp_256_ecc_mulmod_8(infinity, point, p256_order, 1, NULL);
    20178. 

  20178.     }
    20179. 

  20179.     if (err == MP_OKAY) {
    20180. 

  20180.         if ((sp_256_iszero_8(point->x) == 0) || (sp_256_iszero_8(point->y) == 0)) {
    20181. 

  20181.             err = ECC_INF_E;
    20182. 

  20182.         }
    20183. 

  20183.     }
    20184. 

  20184. #endif
    20185. 

  20185. 

  20186.     if (err == MP_OKAY) {
    20187. 

  20187.         err = sp_256_to_mp(k, priv);
    20188. 

  20188.     }
    20189. 

  20189.     if (err == MP_OKAY) {
    20190. 

  20190.         err = sp_256_point_to_ecc_point_8(point, pub);
    20191. 

  20191.     }
    20192. 

  20192. 

  20193. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20194. 

  20194.     if (k != NULL) {
    20195. 

  20195.         XFREE(k, heap, DYNAMIC_TYPE_ECC);
    20196. 

  20196.     }
    20197. 

  20197. #endif
    20198. 

  20198. #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    20199. 

  20199.     sp_ecc_point_free(infinity, 1, heap);
    20200. 

  20200. #endif
    20201. 

  20201.     sp_ecc_point_free(point, 1, heap);
    20202. 

  20202. 

  20203.     return err;
    20204. 

  20204. }
    20205. 

  20205. 

  20206. #ifdef HAVE_ECC_DHE
    20207. 

  20207. /* Write r as big endian to byte array.
    20208. 

  20208.  * Fixed length number of bytes written: 32
    20209. 

  20209.  *
    20210. 

  20210.  * r  A single precision integer.
    20211. 

  20211.  * a  Byte array.
    20212. 

  20212.  */
    20213. 

  20213. static void sp_256_to_bin(sp_digit* r, byte* a)
    20214. 

  20214. {
    20215. 

  20215.     int i, j, s = 0, b;
    20216. 

  20216. 

  20217.     j = 256 / 8 - 1;
    20218. 

  20218.     a[j] = 0;
    20219. 

  20219.     for (i=0; i<8 && j>=0; i++) {
    20220. 

  20220.         b = 0;
    20221. 

  20221.         /* lint allow cast of mismatch sp_digit and int */
    20222. 

  20222.         a[j--] |= (byte)(r[i] << s); b += 8 - s; /*lint !e9033*/
    20223. 

  20223.         if (j < 0) {
    20224. 

  20224.             break;
    20225. 

  20225.         }
    20226. 

  20226.         while (b < 32) {
    20227. 

  20227.             a[j--] = r[i] >> b; b += 8;
    20228. 

  20228.             if (j < 0) {
    20229. 

  20229.                 break;
    20230. 

  20230.             }
    20231. 

  20231.         }
    20232. 

  20232.         s = 8 - (b - 32);
    20233. 

  20233.         if (j >= 0) {
    20234. 

  20234.             a[j] = 0;
    20235. 

  20235.         }
    20236. 

  20236.         if (s != 0) {
    20237. 

  20237.             j++;
    20238. 

  20238.         }
    20239. 

  20239.     }
    20240. 

  20240. }
    20241. 

  20241. 

  20242. /* Multiply the point by the scalar and serialize the X ordinate.
    20243. 

  20243.  * The number is 0 padded to maximum size on output.
    20244. 

  20244.  *
    20245. 

  20245.  * priv    Scalar to multiply the point by.
    20246. 

  20246.  * pub     Point to multiply.
    20247. 

  20247.  * out     Buffer to hold X ordinate.
    20248. 

  20248.  * outLen  On entry, size of the buffer in bytes.
    20249. 

  20249.  *         On exit, length of data in buffer in bytes.
    20250. 

  20250.  * heap    Heap to use for allocation.
    20251. 

  20251.  * returns BUFFER_E if the buffer is to small for output size,
    20252. 

  20252.  * MEMORY_E when memory allocation fails and MP_OKAY on success.
    20253. 

  20253.  */
    20254. 

  20254. int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
    20255. 

  20255.                           word32* outLen, void* heap)
    20256. 

  20256. {
    20257. 

  20257. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    20258. 

  20258.     sp_point p;
    20259. 

  20259.     sp_digit k[8];
    20260. 

  20260. #else
    20261. 

  20261.     sp_digit* k = NULL;
    20262. 

  20262. #endif
    20263. 

  20263.     sp_point* point = NULL;
    20264. 

  20264.     int err = MP_OKAY;
    20265. 

  20265. 

  20266.     if (*outLen < 32U) {
    20267. 

  20267.         err = BUFFER_E;
    20268. 

  20268.     }
    20269. 

  20269. 

  20270.     if (err == MP_OKAY) {
    20271. 

  20271.         err = sp_ecc_point_new(heap, p, point);
    20272. 

  20272.     }
    20273. 

  20273. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20274. 

  20274.     if (err == MP_OKAY) {
    20275. 

  20275.         k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
    20276. 

  20276.                                                               DYNAMIC_TYPE_ECC);
    20277. 

  20277.         if (k == NULL)
    20278. 

  20278.             err = MEMORY_E;
    20279. 

  20279.     }
    20280. 

  20280. #endif
    20281. 

  20281. 

  20282.     if (err == MP_OKAY) {
    20283. 

  20283.         sp_256_from_mp(k, 8, priv);
    20284. 

  20284.         sp_256_point_from_ecc_point_8(point, pub);
    20285. 

  20285.             err = sp_256_ecc_mulmod_8(point, point, k, 1, heap);
    20286. 

  20286.     }
    20287. 

  20287.     if (err == MP_OKAY) {
    20288. 

  20288.         sp_256_to_bin(point->x, out);
    20289. 

  20289.         *outLen = 32;
    20290. 

  20290.     }
    20291. 

  20291. 

  20292. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20293. 

  20293.     if (k != NULL) {
    20294. 

  20294.         XFREE(k, heap, DYNAMIC_TYPE_ECC);
    20295. 

  20295.     }
    20296. 

  20296. #endif
    20297. 

  20297.     sp_ecc_point_free(point, 0, heap);
    20298. 

  20298. 

  20299.     return err;
    20300. 

  20300. }
    20301. 

  20301. #endif /* HAVE_ECC_DHE */
    20302. 

  20302. 

  20303. #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
    20304. 

  20304. #endif
    20305. 

  20305. #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
    20306. 

  20306. #ifdef WOLFSSL_SP_SMALL
    20307. 

  20307. /* Sub b from a into a. (a -= b)
    20308. 

  20308.  *
    20309. 

  20309.  * a  A single precision integer.
    20310. 

  20310.  * b  A single precision integer.
    20311. 

  20311.  */
    20312. 

  20312. SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
    20313. 

  20313.         const sp_digit* b)
    20314. 

  20314. {
    20315. 

  20315.     sp_digit c = 0;
    20316. 

  20316.     __asm__ __volatile__ (
    20317. 

  20317.         "mov	r7, %[a]\n\t"
    20318. 

  20318.         "add	r7, #32\n\t"
    20319. 

  20319.         "\n1:\n\t"
    20320. 

  20320.         "mov	r5, #0\n\t"
    20321. 

  20321.         "sub	r5, %[c]\n\t"
    20322. 

  20322.         "ldr	r3, [%[a]]\n\t"
    20323. 

  20323.         "ldr	r4, [%[a], #4]\n\t"
    20324. 

  20324.         "ldr	r5, [%[b]]\n\t"
    20325. 

  20325.         "ldr	r6, [%[b], #4]\n\t"
    20326. 

  20326.         "sbc	r3, r5\n\t"
    20327. 

  20327.         "sbc	r4, r6\n\t"
    20328. 

  20328.         "str	r3, [%[a]]\n\t"
    20329. 

  20329.         "str	r4, [%[a], #4]\n\t"
    20330. 

  20330.         "sbc	%[c], %[c]\n\t"
    20331. 

  20331.         "add	%[a], #8\n\t"
    20332. 

  20332.         "add	%[b], #8\n\t"
    20333. 

  20333.         "cmp	%[a], r7\n\t"
    20334. 

  20334.         "bne	1b\n\t"
    20335. 

  20335.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    20336. 

  20336.         :
    20337. 

  20337.         : "memory", "r3", "r4", "r5", "r6", "r7"
    20338. 

  20338.     );
    20339. 

  20339. 

  20340.     return c;
    20341. 

  20341. }
    20342. 

  20342. 

  20343. #else
    20344. 

  20344. /* Sub b from a into r. (r = a - b)
    20345. 

  20345.  *
    20346. 

  20346.  * r  A single precision integer.
    20347. 

  20347.  * a  A single precision integer.
    20348. 

  20348.  * b  A single precision integer.
    20349. 

  20349.  */
    20350. 

  20350. SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a,
    20351. 

  20351.         const sp_digit* b)
    20352. 

  20352. {
    20353. 

  20353.     sp_digit c = 0;
    20354. 

  20354. 

  20355.     __asm__ __volatile__ (
    20356. 

  20356.         "ldr	r3, [%[a], #0]\n\t"
    20357. 

  20357.         "ldr	r4, [%[a], #4]\n\t"
    20358. 

  20358.         "ldr	r5, [%[b], #0]\n\t"
    20359. 

  20359.         "ldr	r6, [%[b], #4]\n\t"
    20360. 

  20360.         "sub	r3, r5\n\t"
    20361. 

  20361.         "sbc	r4, r6\n\t"
    20362. 

  20362.         "str	r3, [%[a], #0]\n\t"
    20363. 

  20363.         "str	r4, [%[a], #4]\n\t"
    20364. 

  20364.         "ldr	r3, [%[a], #8]\n\t"
    20365. 

  20365.         "ldr	r4, [%[a], #12]\n\t"
    20366. 

  20366.         "ldr	r5, [%[b], #8]\n\t"
    20367. 

  20367.         "ldr	r6, [%[b], #12]\n\t"
    20368. 

  20368.         "sbc	r3, r5\n\t"
    20369. 

  20369.         "sbc	r4, r6\n\t"
    20370. 

  20370.         "str	r3, [%[a], #8]\n\t"
    20371. 

  20371.         "str	r4, [%[a], #12]\n\t"
    20372. 

  20372.         "ldr	r3, [%[a], #16]\n\t"
    20373. 

  20373.         "ldr	r4, [%[a], #20]\n\t"
    20374. 

  20374.         "ldr	r5, [%[b], #16]\n\t"
    20375. 

  20375.         "ldr	r6, [%[b], #20]\n\t"
    20376. 

  20376.         "sbc	r3, r5\n\t"
    20377. 

  20377.         "sbc	r4, r6\n\t"
    20378. 

  20378.         "str	r3, [%[a], #16]\n\t"
    20379. 

  20379.         "str	r4, [%[a], #20]\n\t"
    20380. 

  20380.         "ldr	r3, [%[a], #24]\n\t"
    20381. 

  20381.         "ldr	r4, [%[a], #28]\n\t"
    20382. 

  20382.         "ldr	r5, [%[b], #24]\n\t"
    20383. 

  20383.         "ldr	r6, [%[b], #28]\n\t"
    20384. 

  20384.         "sbc	r3, r5\n\t"
    20385. 

  20385.         "sbc	r4, r6\n\t"
    20386. 

  20386.         "str	r3, [%[a], #24]\n\t"
    20387. 

  20387.         "str	r4, [%[a], #28]\n\t"
    20388. 

  20388.         "sbc	%[c], %[c]\n\t"
    20389. 

  20389.         : [c] "+r" (c), [a] "+r" (a), [b] "+r" (b)
    20390. 

  20390.         :
    20391. 

  20391.         : "memory", "r3", "r4", "r5", "r6"
    20392. 

  20392.     );
    20393. 

  20393. 

  20394.     return c;
    20395. 

  20395. }
    20396. 

  20396. 

  20397. #endif /* WOLFSSL_SP_SMALL */
    20398. 

  20398. /* Mul a by digit b into r. (r = a * b)
    20399. 

  20399.  *
    20400. 

  20400.  * r  A single precision integer.
    20401. 

  20401.  * a  A single precision integer.
    20402. 

  20402.  * b  A single precision digit.
    20403. 

  20403.  */
    20404. 

  20404. SP_NOINLINE static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a,
    20405. 

  20405.         sp_digit b)
    20406. 

  20406. {
    20407. 

  20407.     __asm__ __volatile__ (
    20408. 

  20408.         "mov	r6, #32\n\t"
    20409. 

  20409.         "add	r6, %[a]\n\t"
    20410. 

  20410.         "mov	r8, %[r]\n\t"
    20411. 

  20411.         "mov	r9, r6\n\t"
    20412. 

  20412.         "mov	r3, #0\n\t"
    20413. 

  20413.         "mov	r4, #0\n\t"
    20414. 

  20414.         "1:\n\t"
    20415. 

  20415.         "mov	%[r], #0\n\t"
    20416. 

  20416.         "mov	r5, #0\n\t"
    20417. 

  20417.         "# A[] * B\n\t"
    20418. 

  20418.         "ldr	r6, [%[a]]\n\t"
    20419. 

  20419.         "lsl	r6, r6, #16\n\t"
    20420. 

  20420.         "lsl	r7, %[b], #16\n\t"
    20421. 

  20421.         "lsr	r6, r6, #16\n\t"
    20422. 

  20422.         "lsr	r7, r7, #16\n\t"
    20423. 

  20423.         "mul	r7, r6\n\t"
    20424. 

  20424.         "add	r3, r7\n\t"
    20425. 

  20425.         "adc	r4, %[r]\n\t"
    20426. 

  20426.         "adc	r5, %[r]\n\t"
    20427. 

  20427.         "lsr	r7, %[b], #16\n\t"
    20428. 

  20428.         "mul	r6, r7\n\t"
    20429. 

  20429.         "lsr	r7, r6, #16\n\t"
    20430. 

  20430.         "lsl	r6, r6, #16\n\t"
    20431. 

  20431.         "add	r3, r6\n\t"
    20432. 

  20432.         "adc	r4, r7\n\t"
    20433. 

  20433.         "adc	r5, %[r]\n\t"
    20434. 

  20434.         "ldr	r6, [%[a]]\n\t"
    20435. 

  20435.         "lsr	r6, r6, #16\n\t"
    20436. 

  20436.         "lsr	r7, %[b], #16\n\t"
    20437. 

  20437.         "mul	r7, r6\n\t"
    20438. 

  20438.         "add	r4, r7\n\t"
    20439. 

  20439.         "adc	r5, %[r]\n\t"
    20440. 

  20440.         "lsl	r7, %[b], #16\n\t"
    20441. 

  20441.         "lsr	r7, r7, #16\n\t"
    20442. 

  20442.         "mul	r6, r7\n\t"
    20443. 

  20443.         "lsr	r7, r6, #16\n\t"
    20444. 

  20444.         "lsl	r6, r6, #16\n\t"
    20445. 

  20445.         "add	r3, r6\n\t"
    20446. 

  20446.         "adc	r4, r7\n\t"
    20447. 

  20447.         "adc	r5, %[r]\n\t"
    20448. 

  20448.         "# A[] * B - Done\n\t"
    20449. 

  20449.         "mov	%[r], r8\n\t"
    20450. 

  20450.         "str	r3, [%[r]]\n\t"
    20451. 

  20451.         "mov	r3, r4\n\t"
    20452. 

  20452.         "mov	r4, r5\n\t"
    20453. 

  20453.         "add	%[r], #4\n\t"
    20454. 

  20454.         "add	%[a], #4\n\t"
    20455. 

  20455.         "mov	r8, %[r]\n\t"
    20456. 

  20456.         "cmp	%[a], r9\n\t"
    20457. 

  20457.         "blt	1b\n\t"
    20458. 

  20458.         "str	r3, [%[r]]\n\t"
    20459. 

  20459.         : [r] "+r" (r), [a] "+r" (a)
    20460. 

  20460.         : [b] "r" (b)
    20461. 

  20461.         : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9"
    20462. 

  20462.     );
    20463. 

  20463. }
    20464. 

  20464. 

  20465. /* Divide the double width number (d1|d0) by the dividend. (d1|d0 / div)
    20466. 

  20466.  *
    20467. 

  20467.  * d1   The high order half of the number to divide.
    20468. 

  20468.  * d0   The low order half of the number to divide.
    20469. 

  20469.  * div  The dividend.
    20470. 

  20470.  * returns the result of the division.
    20471. 

  20471.  *
    20472. 

  20472.  * Note that this is an approximate div. It may give an answer 1 larger.
    20473. 

  20473.  */
    20474. 

  20474. SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0,
    20475. 

  20475.         sp_digit div)
    20476. 

  20476. {
    20477. 

  20477.     sp_digit r = 0;
    20478. 

  20478. 

  20479.     __asm__ __volatile__ (
    20480. 

  20480.         "lsr	r5, %[div], #1\n\t"
    20481. 

  20481.         "add	r5, #1\n\t"
    20482. 

  20482.         "mov	r8, %[d0]\n\t"
    20483. 

  20483.         "mov	r9, %[d1]\n\t"
    20484. 

  20484.         "# Do top 32\n\t"
    20485. 

  20485.         "mov	r6, r5\n\t"
    20486. 

  20486.         "sub	r6, %[d1]\n\t"
    20487. 

  20487.         "sbc	r6, r6\n\t"
    20488. 

  20488.         "add	%[r], %[r]\n\t"
    20489. 

  20489.         "sub	%[r], r6\n\t"
    20490. 

  20490.         "and	r6, r5\n\t"
    20491. 

  20491.         "sub	%[d1], r6\n\t"
    20492. 

  20492.         "# Next 30 bits\n\t"
    20493. 

  20493.         "mov	r4, #29\n\t"
    20494. 

  20494.         "1:\n\t"
    20495. 

  20495.         "lsl	%[d0], %[d0], #1\n\t"
    20496. 

  20496.         "adc	%[d1], %[d1]\n\t"
    20497. 

  20497.         "mov	r6, r5\n\t"
    20498. 

  20498.         "sub	r6, %[d1]\n\t"
    20499. 

  20499.         "sbc	r6, r6\n\t"
    20500. 

  20500.         "add	%[r], %[r]\n\t"
    20501. 

  20501.         "sub	%[r], r6\n\t"
    20502. 

  20502.         "and	r6, r5\n\t"
    20503. 

  20503.         "sub	%[d1], r6\n\t"
    20504. 

  20504.         "sub	r4, #1\n\t"
    20505. 

  20505.         "bpl	1b\n\t"
    20506. 

  20506.         "mov	r7, #0\n\t"
    20507. 

  20507.         "add	%[r], %[r]\n\t"
    20508. 

  20508.         "add	%[r], #1\n\t"
    20509. 

  20509.         "# r * div - Start\n\t"
    20510. 

  20510.         "lsl	%[d1], %[r], #16\n\t"
    20511. 

  20511.         "lsl	r4, %[div], #16\n\t"
    20512. 

  20512.         "lsr	%[d1], %[d1], #16\n\t"
    20513. 

  20513.         "lsr	r4, r4, #16\n\t"
    20514. 

  20514.         "mul	r4, %[d1]\n\t"
    20515. 

  20515.         "lsr	r6, %[div], #16\n\t"
    20516. 

  20516.         "mul	%[d1], r6\n\t"
    20517. 

  20517.         "lsr	r5, %[d1], #16\n\t"
    20518. 

  20518.         "lsl	%[d1], %[d1], #16\n\t"
    20519. 

  20519.         "add	r4, %[d1]\n\t"
    20520. 

  20520.         "adc	r5, r7\n\t"
    20521. 

  20521.         "lsr	%[d1], %[r], #16\n\t"
    20522. 

  20522.         "mul	r6, %[d1]\n\t"
    20523. 

  20523.         "add	r5, r6\n\t"
    20524. 

  20524.         "lsl	r6, %[div], #16\n\t"
    20525. 

  20525.         "lsr	r6, r6, #16\n\t"
    20526. 

  20526.         "mul	%[d1], r6\n\t"
    20527. 

  20527.         "lsr	r6, %[d1], #16\n\t"
    20528. 

  20528.         "lsl	%[d1], %[d1], #16\n\t"
    20529. 

  20529.         "add	r4, %[d1]\n\t"
    20530. 

  20530.         "adc	r5, r6\n\t"
    20531. 

  20531.         "# r * div - Done\n\t"
    20532. 

  20532.         "mov	%[d1], r8\n\t"
    20533. 

  20533.         "sub	%[d1], r4\n\t"
    20534. 

  20534.         "mov	r4, %[d1]\n\t"
    20535. 

  20535.         "mov	%[d1], r9\n\t"
    20536. 

  20536.         "sbc	%[d1], r5\n\t"
    20537. 

  20537.         "mov	r5, %[d1]\n\t"
    20538. 

  20538.         "add	%[r], r5\n\t"
    20539. 

  20539.         "# r * div - Start\n\t"
    20540. 

  20540.         "lsl	%[d1], %[r], #16\n\t"
    20541. 

  20541.         "lsl	r4, %[div], #16\n\t"
    20542. 

  20542.         "lsr	%[d1], %[d1], #16\n\t"
    20543. 

  20543.         "lsr	r4, r4, #16\n\t"
    20544. 

  20544.         "mul	r4, %[d1]\n\t"
    20545. 

  20545.         "lsr	r6, %[div], #16\n\t"
    20546. 

  20546.         "mul	%[d1], r6\n\t"
    20547. 

  20547.         "lsr	r5, %[d1], #16\n\t"
    20548. 

  20548.         "lsl	%[d1], %[d1], #16\n\t"
    20549. 

  20549.         "add	r4, %[d1]\n\t"
    20550. 

  20550.         "adc	r5, r7\n\t"
    20551. 

  20551.         "lsr	%[d1], %[r], #16\n\t"
    20552. 

  20552.         "mul	r6, %[d1]\n\t"
    20553. 

  20553.         "add	r5, r6\n\t"
    20554. 

  20554.         "lsl	r6, %[div], #16\n\t"
    20555. 

  20555.         "lsr	r6, r6, #16\n\t"
    20556. 

  20556.         "mul	%[d1], r6\n\t"
    20557. 

  20557.         "lsr	r6, %[d1], #16\n\t"
    20558. 

  20558.         "lsl	%[d1], %[d1], #16\n\t"
    20559. 

  20559.         "add	r4, %[d1]\n\t"
    20560. 

  20560.         "adc	r5, r6\n\t"
    20561. 

  20561.         "# r * div - Done\n\t"
    20562. 

  20562.         "mov	%[d1], r8\n\t"
    20563. 

  20563.         "mov	r6, r9\n\t"
    20564. 

  20564.         "sub	r4, %[d1], r4\n\t"
    20565. 

  20565.         "sbc	r6, r5\n\t"
    20566. 

  20566.         "mov	r5, r6\n\t"
    20567. 

  20567.         "add	%[r], r5\n\t"
    20568. 

  20568.         "# r * div - Start\n\t"
    20569. 

  20569.         "lsl	%[d1], %[r], #16\n\t"
    20570. 

  20570.         "lsl	r4, %[div], #16\n\t"
    20571. 

  20571.         "lsr	%[d1], %[d1], #16\n\t"
    20572. 

  20572.         "lsr	r4, r4, #16\n\t"
    20573. 

  20573.         "mul	r4, %[d1]\n\t"
    20574. 

  20574.         "lsr	r6, %[div], #16\n\t"
    20575. 

  20575.         "mul	%[d1], r6\n\t"
    20576. 

  20576.         "lsr	r5, %[d1], #16\n\t"
    20577. 

  20577.         "lsl	%[d1], %[d1], #16\n\t"
    20578. 

  20578.         "add	r4, %[d1]\n\t"
    20579. 

  20579.         "adc	r5, r7\n\t"
    20580. 

  20580.         "lsr	%[d1], %[r], #16\n\t"
    20581. 

  20581.         "mul	r6, %[d1]\n\t"
    20582. 

  20582.         "add	r5, r6\n\t"
    20583. 

  20583.         "lsl	r6, %[div], #16\n\t"
    20584. 

  20584.         "lsr	r6, r6, #16\n\t"
    20585. 

  20585.         "mul	%[d1], r6\n\t"
    20586. 

  20586.         "lsr	r6, %[d1], #16\n\t"
    20587. 

  20587.         "lsl	%[d1], %[d1], #16\n\t"
    20588. 

  20588.         "add	r4, %[d1]\n\t"
    20589. 

  20589.         "adc	r5, r6\n\t"
    20590. 

  20590.         "# r * div - Done\n\t"
    20591. 

  20591.         "mov	%[d1], r8\n\t"
    20592. 

  20592.         "mov	r6, r9\n\t"
    20593. 

  20593.         "sub	r4, %[d1], r4\n\t"
    20594. 

  20594.         "sbc	r6, r5\n\t"
    20595. 

  20595.         "mov	r5, r6\n\t"
    20596. 

  20596.         "add	%[r], r5\n\t"
    20597. 

  20597.         "mov	r6, %[div]\n\t"
    20598. 

  20598.         "sub	r6, r4\n\t"
    20599. 

  20599.         "sbc	r6, r6\n\t"
    20600. 

  20600.         "sub	%[r], r6\n\t"
    20601. 

  20601.         : [r] "+r" (r)
    20602. 

  20602.         : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div)
    20603. 

  20603.         : "r4", "r5", "r7", "r6", "r8", "r9"
    20604. 

  20604.     );
    20605. 

  20605.     return r;
    20606. 

  20606. }
    20607. 

  20607. 

  20608. /* AND m into each word of a and store in r.
    20609. 

  20609.  *
    20610. 

  20610.  * r  A single precision integer.
    20611. 

  20611.  * a  A single precision integer.
    20612. 

  20612.  * m  Mask to AND against each digit.
    20613. 

  20613.  */
    20614. 

  20614. static void sp_256_mask_8(sp_digit* r, const sp_digit* a, sp_digit m)
    20615. 

  20615. {
    20616. 

  20616. #ifdef WOLFSSL_SP_SMALL
    20617. 

  20617.     int i;
    20618. 

  20618. 

  20619.     for (i=0; i<8; i++) {
    20620. 

  20620.         r[i] = a[i] & m;
    20621. 

  20621.     }
    20622. 

  20622. #else
    20623. 

  20623.     r[0] = a[0] & m;
    20624. 

  20624.     r[1] = a[1] & m;
    20625. 

  20625.     r[2] = a[2] & m;
    20626. 

  20626.     r[3] = a[3] & m;
    20627. 

  20627.     r[4] = a[4] & m;
    20628. 

  20628.     r[5] = a[5] & m;
    20629. 

  20629.     r[6] = a[6] & m;
    20630. 

  20630.     r[7] = a[7] & m;
    20631. 

  20631. #endif
    20632. 

  20632. }
    20633. 

  20633. 

  20634. /* Divide d in a and put remainder into r (m*d + r = a)
    20635. 

  20635.  * m is not calculated as it is not needed at this time.
    20636. 

  20636.  *
    20637. 

  20637.  * a  Nmber to be divided.
    20638. 

  20638.  * d  Number to divide with.
    20639. 

  20639.  * m  Multiplier result.
    20640. 

  20640.  * r  Remainder from the division.
    20641. 

  20641.  * returns MP_OKAY indicating success.
    20642. 

  20642.  */
    20643. 

  20643. static WC_INLINE int sp_256_div_8(const sp_digit* a, const sp_digit* d, sp_digit* m,
    20644. 

  20644.         sp_digit* r)
    20645. 

  20645. {
    20646. 

  20646.     sp_digit t1[16], t2[9];
    20647. 

  20647.     sp_digit div, r1;
    20648. 

  20648.     int i;
    20649. 

  20649. 

  20650.     (void)m;
    20651. 

  20651. 

  20652.     div = d[7];
    20653. 

  20653.     XMEMCPY(t1, a, sizeof(*t1) * 2 * 8);
    20654. 

  20654.     for (i=7; i>=0; i--) {
    20655. 

  20655.         r1 = div_256_word_8(t1[8 + i], t1[8 + i - 1], div);
    20656. 

  20656. 

  20657.         sp_256_mul_d_8(t2, d, r1);
    20658. 

  20658.         t1[8 + i] += sp_256_sub_in_place_8(&t1[i], t2);
    20659. 

  20659.         t1[8 + i] -= t2[8];
    20660. 

  20660.         sp_256_mask_8(t2, d, t1[8 + i]);
    20661. 

  20661.         t1[8 + i] += sp_256_add_8(&t1[i], &t1[i], t2);
    20662. 

  20662.         sp_256_mask_8(t2, d, t1[8 + i]);
    20663. 

  20663.         t1[8 + i] += sp_256_add_8(&t1[i], &t1[i], t2);
    20664. 

  20664.     }
    20665. 

  20665. 

  20666.     r1 = sp_256_cmp_8(t1, d) >= 0;
    20667. 

  20667.     sp_256_cond_sub_8(r, t1, d, (sp_digit)0 - r1);
    20668. 

  20668. 

  20669.     return MP_OKAY;
    20670. 

  20670. }
    20671. 

  20671. 

  20672. /* Reduce a modulo m into r. (r = a mod m)
    20673. 

  20673.  *
    20674. 

  20674.  * r  A single precision number that is the reduced result.
    20675. 

  20675.  * a  A single precision number that is to be reduced.
    20676. 

  20676.  * m  A single precision number that is the modulus to reduce with.
    20677. 

  20677.  * returns MP_OKAY indicating success.
    20678. 

  20678.  */
    20679. 

  20679. static WC_INLINE int sp_256_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m)
    20680. 

  20680. {
    20681. 

  20681.     return sp_256_div_8(a, m, NULL, r);
    20682. 

  20682. }
    20683. 

  20683. 

  20684. #endif
    20685. 

  20685. #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
    20686. 

  20686. #ifdef WOLFSSL_SP_SMALL
    20687. 

  20687. /* Order-2 for the P256 curve. */
    20688. 

  20688. static const uint32_t p256_order_2[8] = {
    20689. 

  20689.     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
    20690. 

  20690.     0x00000000U,0xffffffffU
    20691. 

  20691. };
    20692. 

  20692. #else
    20693. 

  20693. /* The low half of the order-2 of the P256 curve. */
    20694. 

  20694. static const uint32_t p256_order_low[4] = {
    20695. 

  20695.     0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU
    20696. 

  20696. };
    20697. 

  20697. #endif /* WOLFSSL_SP_SMALL */
    20698. 

  20698. 

  20699. /* Multiply two number mod the order of P256 curve. (r = a * b mod order)
    20700. 

  20700.  *
    20701. 

  20701.  * r  Result of the multiplication.
    20702. 

  20702.  * a  First operand of the multiplication.
    20703. 

  20703.  * b  Second operand of the multiplication.
    20704. 

  20704.  */
    20705. 

  20705. static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_digit* b)
    20706. 

  20706. {
    20707. 

  20707.     sp_256_mul_8(r, a, b);
    20708. 

  20708.     sp_256_mont_reduce_order_8(r, p256_order, p256_mp_order);
    20709. 

  20709. }
    20710. 

  20710. 

  20711. /* Square number mod the order of P256 curve. (r = a * a mod order)
    20712. 

  20712.  *
    20713. 

  20713.  * r  Result of the squaring.
    20714. 

  20714.  * a  Number to square.
    20715. 

  20715.  */
    20716. 

  20716. static void sp_256_mont_sqr_order_8(sp_digit* r, const sp_digit* a)
    20717. 

  20717. {
    20718. 

  20718.     sp_256_sqr_8(r, a);
    20719. 

  20719.     sp_256_mont_reduce_order_8(r, p256_order, p256_mp_order);
    20720. 

  20720. }
    20721. 

  20721. 

  20722. #ifndef WOLFSSL_SP_SMALL
    20723. 

  20723. /* Square number mod the order of P256 curve a number of times.
    20724. 

  20724.  * (r = a ^ n mod order)
    20725. 

  20725.  *
    20726. 

  20726.  * r  Result of the squaring.
    20727. 

  20727.  * a  Number to square.
    20728. 

  20728.  */
    20729. 

  20729. static void sp_256_mont_sqr_n_order_8(sp_digit* r, const sp_digit* a, int n)
    20730. 

  20730. {
    20731. 

  20731.     int i;
    20732. 

  20732. 

  20733.     sp_256_mont_sqr_order_8(r, a);
    20734. 

  20734.     for (i=1; i<n; i++) {
    20735. 

  20735.         sp_256_mont_sqr_order_8(r, r);
    20736. 

  20736.     }
    20737. 

  20737. }
    20738. 

  20738. #endif /* !WOLFSSL_SP_SMALL */
    20739. 

  20739. 

  20740. /* Invert the number, in Montgomery form, modulo the order of the P256 curve.
    20741. 

  20741.  * (r = 1 / a mod order)
    20742. 

  20742.  *
    20743. 

  20743.  * r   Inverse result.
    20744. 

  20744.  * a   Number to invert.
    20745. 

  20745.  * td  Temporary data.
    20746. 

  20746.  */
    20747. 

  20747. static void sp_256_mont_inv_order_8(sp_digit* r, const sp_digit* a,
    20748. 

  20748.         sp_digit* td)
    20749. 

  20749. {
    20750. 

  20750. #ifdef WOLFSSL_SP_SMALL
    20751. 

  20751.     sp_digit* t = td;
    20752. 

  20752.     int i;
    20753. 

  20753. 

  20754.     XMEMCPY(t, a, sizeof(sp_digit) * 8);
    20755. 

  20755.     for (i=254; i>=0; i--) {
    20756. 

  20756.         sp_256_mont_sqr_order_8(t, t);
    20757. 

  20757.         if ((p256_order_2[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
    20758. 

  20758.             sp_256_mont_mul_order_8(t, t, a);
    20759. 

  20759.         }
    20760. 

  20760.     }
    20761. 

  20761.     XMEMCPY(r, t, sizeof(sp_digit) * 8U);
    20762. 

  20762. #else
    20763. 

  20763.     sp_digit* t = td;
    20764. 

  20764.     sp_digit* t2 = td + 2 * 8;
    20765. 

  20765.     sp_digit* t3 = td + 4 * 8;
    20766. 

  20766.     int i;
    20767. 

  20767. 

  20768.     /* t = a^2 */
    20769. 

  20769.     sp_256_mont_sqr_order_8(t, a);
    20770. 

  20770.     /* t = a^3 = t * a */
    20771. 

  20771.     sp_256_mont_mul_order_8(t, t, a);
    20772. 

  20772.     /* t2= a^c = t ^ 2 ^ 2 */
    20773. 

  20773.     sp_256_mont_sqr_n_order_8(t2, t, 2);
    20774. 

  20774.     /* t3= a^f = t2 * t */
    20775. 

  20775.     sp_256_mont_mul_order_8(t3, t2, t);
    20776. 

  20776.     /* t2= a^f0 = t3 ^ 2 ^ 4 */
    20777. 

  20777.     sp_256_mont_sqr_n_order_8(t2, t3, 4);
    20778. 

  20778.     /* t = a^ff = t2 * t3 */
    20779. 

  20779.     sp_256_mont_mul_order_8(t, t2, t3);
    20780. 

  20780.     /* t3= a^ff00 = t ^ 2 ^ 8 */
    20781. 

  20781.     sp_256_mont_sqr_n_order_8(t2, t, 8);
    20782. 

  20782.     /* t = a^ffff = t2 * t */
    20783. 

  20783.     sp_256_mont_mul_order_8(t, t2, t);
    20784. 

  20784.     /* t2= a^ffff0000 = t ^ 2 ^ 16 */
    20785. 

  20785.     sp_256_mont_sqr_n_order_8(t2, t, 16);
    20786. 

  20786.     /* t = a^ffffffff = t2 * t */
    20787. 

  20787.     sp_256_mont_mul_order_8(t, t2, t);
    20788. 

  20788.     /* t2= a^ffffffff0000000000000000 = t ^ 2 ^ 64  */
    20789. 

  20789.     sp_256_mont_sqr_n_order_8(t2, t, 64);
    20790. 

  20790.     /* t2= a^ffffffff00000000ffffffff = t2 * t */
    20791. 

  20791.     sp_256_mont_mul_order_8(t2, t2, t);
    20792. 

  20792.     /* t2= a^ffffffff00000000ffffffff00000000 = t2 ^ 2 ^ 32  */
    20793. 

  20793.     sp_256_mont_sqr_n_order_8(t2, t2, 32);
    20794. 

  20794.     /* t2= a^ffffffff00000000ffffffffffffffff = t2 * t */
    20795. 

  20795.     sp_256_mont_mul_order_8(t2, t2, t);
    20796. 

  20796.     /* t2= a^ffffffff00000000ffffffffffffffffbce6 */
    20797. 

  20797.     for (i=127; i>=112; i--) {
    20798. 

  20798.         sp_256_mont_sqr_order_8(t2, t2);
    20799. 

  20799.         if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
    20800. 

  20800.             sp_256_mont_mul_order_8(t2, t2, a);
    20801. 

  20801.         }
    20802. 

  20802.     }
    20803. 

  20803.     /* t2= a^ffffffff00000000ffffffffffffffffbce6f */
    20804. 

  20804.     sp_256_mont_sqr_n_order_8(t2, t2, 4);
    20805. 

  20805.     sp_256_mont_mul_order_8(t2, t2, t3);
    20806. 

  20806.     /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84 */
    20807. 

  20807.     for (i=107; i>=64; i--) {
    20808. 

  20808.         sp_256_mont_sqr_order_8(t2, t2);
    20809. 

  20809.         if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
    20810. 

  20810.             sp_256_mont_mul_order_8(t2, t2, a);
    20811. 

  20811.         }
    20812. 

  20812.     }
    20813. 

  20813.     /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f */
    20814. 

  20814.     sp_256_mont_sqr_n_order_8(t2, t2, 4);
    20815. 

  20815.     sp_256_mont_mul_order_8(t2, t2, t3);
    20816. 

  20816.     /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2 */
    20817. 

  20817.     for (i=59; i>=32; i--) {
    20818. 

  20818.         sp_256_mont_sqr_order_8(t2, t2);
    20819. 

  20819.         if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
    20820. 

  20820.             sp_256_mont_mul_order_8(t2, t2, a);
    20821. 

  20821.         }
    20822. 

  20822.     }
    20823. 

  20823.     /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2f */
    20824. 

  20824.     sp_256_mont_sqr_n_order_8(t2, t2, 4);
    20825. 

  20825.     sp_256_mont_mul_order_8(t2, t2, t3);
    20826. 

  20826.     /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254 */
    20827. 

  20827.     for (i=27; i>=0; i--) {
    20828. 

  20828.         sp_256_mont_sqr_order_8(t2, t2);
    20829. 

  20829.         if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
    20830. 

  20830.             sp_256_mont_mul_order_8(t2, t2, a);
    20831. 

  20831.         }
    20832. 

  20832.     }
    20833. 

  20833.     /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632540 */
    20834. 

  20834.     sp_256_mont_sqr_n_order_8(t2, t2, 4);
    20835. 

  20835.     /* r = a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f */
    20836. 

  20836.     sp_256_mont_mul_order_8(r, t2, t3);
    20837. 

  20837. #endif /* WOLFSSL_SP_SMALL */
    20838. 

  20838. }
    20839. 

  20839. 

  20840. #endif /* HAVE_ECC_SIGN || HAVE_ECC_VERIFY */
    20841. 

  20841. #ifdef HAVE_ECC_SIGN
    20842. 

  20842. #ifndef SP_ECC_MAX_SIG_GEN
    20843. 

  20843. #define SP_ECC_MAX_SIG_GEN  64
    20844. 

  20844. #endif
    20845. 

  20845. 

  20846. /* Sign the hash using the private key.
    20847. 

  20847.  *   e = [hash, 256 bits] from binary
    20848. 

  20848.  *   r = (k.G)->x mod order
    20849. 

  20849.  *   s = (r * x + e) / k mod order
    20850. 

  20850.  * The hash is truncated to the first 256 bits.
    20851. 

  20851.  *
    20852. 

  20852.  * hash     Hash to sign.
    20853. 

  20853.  * hashLen  Length of the hash data.
    20854. 

  20854.  * rng      Random number generator.
    20855. 

  20855.  * priv     Private part of key - scalar.
    20856. 

  20856.  * rm       First part of result as an mp_int.
    20857. 

  20857.  * sm       Sirst part of result as an mp_int.
    20858. 

  20858.  * heap     Heap to use for allocation.
    20859. 

  20859.  * returns RNG failures, MEMORY_E when memory allocation fails and
    20860. 

  20860.  * MP_OKAY on success.
    20861. 

  20861.  */
    20862. 

  20862. int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
    20863. 

  20863.                     mp_int* rm, mp_int* sm, mp_int* km, void* heap)
    20864. 

  20864. {
    20865. 

  20865. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20866. 

  20866.     sp_digit* d = NULL;
    20867. 

  20867. #else
    20868. 

  20868.     sp_digit ed[2*8];
    20869. 

  20869.     sp_digit xd[2*8];
    20870. 

  20870.     sp_digit kd[2*8];
    20871. 

  20871.     sp_digit rd[2*8];
    20872. 

  20872.     sp_digit td[3 * 2*8];
    20873. 

  20873.     sp_point p;
    20874. 

  20874. #endif
    20875. 

  20875.     sp_digit* e = NULL;
    20876. 

  20876.     sp_digit* x = NULL;
    20877. 

  20877.     sp_digit* k = NULL;
    20878. 

  20878.     sp_digit* r = NULL;
    20879. 

  20879.     sp_digit* tmp = NULL;
    20880. 

  20880.     sp_point* point = NULL;
    20881. 

  20881.     sp_digit carry;
    20882. 

  20882.     sp_digit* s = NULL;
    20883. 

  20883.     sp_digit* kInv = NULL;
    20884. 

  20884.     int err;
    20885. 

  20885.     int32_t c;
    20886. 

  20886.     int i;
    20887. 

  20887. 

  20888.     (void)heap;
    20889. 

  20889. 

  20890.     err = sp_ecc_point_new(heap, p, point);
    20891. 

  20891. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20892. 

  20892.     if (err == MP_OKAY) {
    20893. 

  20893.         d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
    20894. 

  20894.                                                               DYNAMIC_TYPE_ECC);
    20895. 

  20895.         if (d == NULL) {
    20896. 

  20896.             err = MEMORY_E;
    20897. 

  20897.         }
    20898. 

  20898.     }
    20899. 

  20899. #endif
    20900. 

  20900. 

  20901.     if (err == MP_OKAY) {
    20902. 

  20902. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20903. 

  20903.         e = d + 0 * 8;
    20904. 

  20904.         x = d + 2 * 8;
    20905. 

  20905.         k = d + 4 * 8;
    20906. 

  20906.         r = d + 6 * 8;
    20907. 

  20907.         tmp = d + 8 * 8;
    20908. 

  20908. #else
    20909. 

  20909.         e = ed;
    20910. 

  20910.         x = xd;
    20911. 

  20911.         k = kd;
    20912. 

  20912.         r = rd;
    20913. 

  20913.         tmp = td;
    20914. 

  20914. #endif
    20915. 

  20915.         s = e;
    20916. 

  20916.         kInv = k;
    20917. 

  20917. 

  20918.         if (hashLen > 32U) {
    20919. 

  20919.             hashLen = 32U;
    20920. 

  20920.         }
    20921. 

  20921. 

  20922.         sp_256_from_bin(e, 8, hash, (int)hashLen);
    20923. 

  20923.     }
    20924. 

  20924. 

  20925.     for (i = SP_ECC_MAX_SIG_GEN; err == MP_OKAY && i > 0; i--) {
    20926. 

  20926.         sp_256_from_mp(x, 8, priv);
    20927. 

  20927. 

  20928.         /* New random point. */
    20929. 

  20929.         if (km == NULL || mp_iszero(km)) {
    20930. 

  20930.             err = sp_256_ecc_gen_k_8(rng, k);
    20931. 

  20931.         }
    20932. 

  20932.         else {
    20933. 

  20933.             sp_256_from_mp(k, 8, km);
    20934. 

  20934.             mp_zero(km);
    20935. 

  20935.         }
    20936. 

  20936.         if (err == MP_OKAY) {
    20937. 

  20937.                 err = sp_256_ecc_mulmod_base_8(point, k, 1, NULL);
    20938. 

  20938.         }
    20939. 

  20939. 

  20940.         if (err == MP_OKAY) {
    20941. 

  20941.             /* r = point->x mod order */
    20942. 

  20942.             XMEMCPY(r, point->x, sizeof(sp_digit) * 8U);
    20943. 

  20943.             sp_256_norm_8(r);
    20944. 

  20944.             c = sp_256_cmp_8(r, p256_order);
    20945. 

  20945.             sp_256_cond_sub_8(r, r, p256_order, 0L - (sp_digit)(c >= 0));
    20946. 

  20946.             sp_256_norm_8(r);
    20947. 

  20947. 

  20948.             /* Conv k to Montgomery form (mod order) */
    20949. 

  20949.                 sp_256_mul_8(k, k, p256_norm_order);
    20950. 

  20950.             err = sp_256_mod_8(k, k, p256_order);
    20951. 

  20951.         }
    20952. 

  20952.         if (err == MP_OKAY) {
    20953. 

  20953.             sp_256_norm_8(k);
    20954. 

  20954.             /* kInv = 1/k mod order */
    20955. 

  20955.                 sp_256_mont_inv_order_8(kInv, k, tmp);
    20956. 

  20956.             sp_256_norm_8(kInv);
    20957. 

  20957. 

  20958.             /* s = r * x + e */
    20959. 

  20959.                 sp_256_mul_8(x, x, r);
    20960. 

  20960.             err = sp_256_mod_8(x, x, p256_order);
    20961. 

  20961.         }
    20962. 

  20962.         if (err == MP_OKAY) {
    20963. 

  20963.             sp_256_norm_8(x);
    20964. 

  20964.             carry = sp_256_add_8(s, e, x);
    20965. 

  20965.             sp_256_cond_sub_8(s, s, p256_order, 0 - carry);
    20966. 

  20966.             sp_256_norm_8(s);
    20967. 

  20967.             c = sp_256_cmp_8(s, p256_order);
    20968. 

  20968.             sp_256_cond_sub_8(s, s, p256_order, 0L - (sp_digit)(c >= 0));
    20969. 

  20969.             sp_256_norm_8(s);
    20970. 

  20970. 

  20971.             /* s = s * k^-1 mod order */
    20972. 

  20972.                 sp_256_mont_mul_order_8(s, s, kInv);
    20973. 

  20973.             sp_256_norm_8(s);
    20974. 

  20974. 

  20975.             /* Check that signature is usable. */
    20976. 

  20976.             if (sp_256_iszero_8(s) == 0) {
    20977. 

  20977.                 break;
    20978. 

  20978.             }
    20979. 

  20979.         }
    20980. 

  20980.     }
    20981. 

  20981. 

  20982.     if (i == 0) {
    20983. 

  20983.         err = RNG_FAILURE_E;
    20984. 

  20984.     }
    20985. 

  20985. 

  20986.     if (err == MP_OKAY) {
    20987. 

  20987.         err = sp_256_to_mp(r, rm);
    20988. 

  20988.     }
    20989. 

  20989.     if (err == MP_OKAY) {
    20990. 

  20990.         err = sp_256_to_mp(s, sm);
    20991. 

  20991.     }
    20992. 

  20992. 

  20993. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    20994. 

  20994.     if (d != NULL) {
    20995. 

  20995.         XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8);
    20996. 

  20996.         XFREE(d, heap, DYNAMIC_TYPE_ECC);
    20997. 

  20997.     }
    20998. 

  20998. #else
    20999. 

  20999.     XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U);
    21000. 

  21000.     XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U);
    21001. 

  21001.     XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U);
    21002. 

  21002.     XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U);
    21003. 

  21003.     XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U);
    21004. 

  21004.     XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U);
    21005. 

  21005. #endif
    21006. 

  21006.     sp_ecc_point_free(point, 1, heap);
    21007. 

  21007. 

  21008.     return err;
    21009. 

  21009. }
    21010. 

  21010. #endif /* HAVE_ECC_SIGN */
    21011. 

  21011. 

  21012. #ifdef HAVE_ECC_VERIFY
    21013. 

  21013. /* Verify the signature values with the hash and public key.
    21014. 

  21014.  *   e = Truncate(hash, 256)
    21015. 

  21015.  *   u1 = e/s mod order
    21016. 

  21016.  *   u2 = r/s mod order
    21017. 

  21017.  *   r == (u1.G + u2.Q)->x mod order
    21018. 

  21018.  * Optimization: Leave point in projective form.
    21019. 

  21019.  *   (x, y, 1) == (x' / z'*z', y' / z'*z'*z', z' / z')
    21020. 

  21020.  *   (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x'
    21021. 

  21021.  * The hash is truncated to the first 256 bits.
    21022. 

  21022.  *
    21023. 

  21023.  * hash     Hash to sign.
    21024. 

  21024.  * hashLen  Length of the hash data.
    21025. 

  21025.  * rng      Random number generator.
    21026. 

  21026.  * priv     Private part of key - scalar.
    21027. 

  21027.  * rm       First part of result as an mp_int.
    21028. 

  21028.  * sm       Sirst part of result as an mp_int.
    21029. 

  21029.  * heap     Heap to use for allocation.
    21030. 

  21030.  * returns RNG failures, MEMORY_E when memory allocation fails and
    21031. 

  21031.  * MP_OKAY on success.
    21032. 

  21032.  */
    21033. 

  21033. int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
    21034. 

  21034.     mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap)
    21035. 

  21035. {
    21036. 

  21036. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21037. 

  21037.     sp_digit* d = NULL;
    21038. 

  21038. #else
    21039. 

  21039.     sp_digit u1d[2*8];
    21040. 

  21040.     sp_digit u2d[2*8];
    21041. 

  21041.     sp_digit sd[2*8];
    21042. 

  21042.     sp_digit tmpd[2*8 * 5];
    21043. 

  21043.     sp_point p1d;
    21044. 

  21044.     sp_point p2d;
    21045. 

  21045. #endif
    21046. 

  21046.     sp_digit* u1 = NULL;
    21047. 

  21047.     sp_digit* u2 = NULL;
    21048. 

  21048.     sp_digit* s = NULL;
    21049. 

  21049.     sp_digit* tmp = NULL;
    21050. 

  21050.     sp_point* p1;
    21051. 

  21051.     sp_point* p2 = NULL;
    21052. 

  21052.     sp_digit carry;
    21053. 

  21053.     int32_t c;
    21054. 

  21054.     int err;
    21055. 

  21055. 

  21056.     err = sp_ecc_point_new(heap, p1d, p1);
    21057. 

  21057.     if (err == MP_OKAY) {
    21058. 

  21058.         err = sp_ecc_point_new(heap, p2d, p2);
    21059. 

  21059.     }
    21060. 

  21060. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21061. 

  21061.     if (err == MP_OKAY) {
    21062. 

  21062.         d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
    21063. 

  21063.                                                               DYNAMIC_TYPE_ECC);
    21064. 

  21064.         if (d == NULL) {
    21065. 

  21065.             err = MEMORY_E;
    21066. 

  21066.         }
    21067. 

  21067.     }
    21068. 

  21068. #endif
    21069. 

  21069. 

  21070.     if (err == MP_OKAY) {
    21071. 

  21071. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21072. 

  21072.         u1  = d + 0 * 8;
    21073. 

  21073.         u2  = d + 2 * 8;
    21074. 

  21074.         s   = d + 4 * 8;
    21075. 

  21075.         tmp = d + 6 * 8;
    21076. 

  21076. #else
    21077. 

  21077.         u1 = u1d;
    21078. 

  21078.         u2 = u2d;
    21079. 

  21079.         s  = sd;
    21080. 

  21080.         tmp = tmpd;
    21081. 

  21081. #endif
    21082. 

  21082. 

  21083.         if (hashLen > 32U) {
    21084. 

  21084.             hashLen = 32U;
    21085. 

  21085.         }
    21086. 

  21086. 

  21087.         sp_256_from_bin(u1, 8, hash, (int)hashLen);
    21088. 

  21088.         sp_256_from_mp(u2, 8, r);
    21089. 

  21089.         sp_256_from_mp(s, 8, sm);
    21090. 

  21090.         sp_256_from_mp(p2->x, 8, pX);
    21091. 

  21091.         sp_256_from_mp(p2->y, 8, pY);
    21092. 

  21092.         sp_256_from_mp(p2->z, 8, pZ);
    21093. 

  21093. 

  21094.         {
    21095. 

  21095.             sp_256_mul_8(s, s, p256_norm_order);
    21096. 

  21096.         }
    21097. 

  21097.         err = sp_256_mod_8(s, s, p256_order);
    21098. 

  21098.     }
    21099. 

  21099.     if (err == MP_OKAY) {
    21100. 

  21100.         sp_256_norm_8(s);
    21101. 

  21101.         {
    21102. 

  21102.             sp_256_mont_inv_order_8(s, s, tmp);
    21103. 

  21103.             sp_256_mont_mul_order_8(u1, u1, s);
    21104. 

  21104.             sp_256_mont_mul_order_8(u2, u2, s);
    21105. 

  21105.         }
    21106. 

  21106. 

  21107.             err = sp_256_ecc_mulmod_base_8(p1, u1, 0, heap);
    21108. 

  21108.     }
    21109. 

  21109.     if (err == MP_OKAY) {
    21110. 

  21110.             err = sp_256_ecc_mulmod_8(p2, p2, u2, 0, heap);
    21111. 

  21111.     }
    21112. 

  21112. 

  21113.     if (err == MP_OKAY) {
    21114. 

  21114.         {
    21115. 

  21115.             sp_256_proj_point_add_8(p1, p1, p2, tmp);
    21116. 

  21116.             if (sp_256_iszero_8(p1->z)) {
    21117. 

  21117.                 if (sp_256_iszero_8(p1->x) && sp_256_iszero_8(p1->y)) {
    21118. 

  21118.                     sp_256_proj_point_dbl_8(p1, p2, tmp);
    21119. 

  21119.                 }
    21120. 

  21120.                 else {
    21121. 

  21121.                     /* Y ordinate is not used from here - don't set. */
    21122. 

  21122.                     p1->x[0] = 0;
    21123. 

  21123.                     p1->x[1] = 0;
    21124. 

  21124.                     p1->x[2] = 0;
    21125. 

  21125.                     p1->x[3] = 0;
    21126. 

  21126.                     p1->x[4] = 0;
    21127. 

  21127.                     p1->x[5] = 0;
    21128. 

  21128.                     p1->x[6] = 0;
    21129. 

  21129.                     p1->x[7] = 0;
    21130. 

  21130.                     XMEMCPY(p1->z, p256_norm_mod, sizeof(p256_norm_mod));
    21131. 

  21131.                 }
    21132. 

  21132.             }
    21133. 

  21133.         }
    21134. 

  21134. 

  21135.         /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
    21136. 

  21136.         /* Reload r and convert to Montgomery form. */
    21137. 

  21137.         sp_256_from_mp(u2, 8, r);
    21138. 

  21138.         err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
    21139. 

  21139.     }
    21140. 

  21140. 

  21141.     if (err == MP_OKAY) {
    21142. 

  21142.         /* u1 = r.z'.z' mod prime */
    21143. 

  21143.         sp_256_mont_sqr_8(p1->z, p1->z, p256_mod, p256_mp_mod);
    21144. 

  21144.         sp_256_mont_mul_8(u1, u2, p1->z, p256_mod, p256_mp_mod);
    21145. 

  21145.         *res = (int)(sp_256_cmp_8(p1->x, u1) == 0);
    21146. 

  21146.         if (*res == 0) {
    21147. 

  21147.             /* Reload r and add order. */
    21148. 

  21148.             sp_256_from_mp(u2, 8, r);
    21149. 

  21149.             carry = sp_256_add_8(u2, u2, p256_order);
    21150. 

  21150.             /* Carry means result is greater than mod and is not valid. */
    21151. 

  21151.             if (carry == 0) {
    21152. 

  21152.                 sp_256_norm_8(u2);
    21153. 

  21153. 

  21154.                 /* Compare with mod and if greater or equal then not valid. */
    21155. 

  21155.                 c = sp_256_cmp_8(u2, p256_mod);
    21156. 

  21156.                 if (c < 0) {
    21157. 

  21157.                     /* Convert to Montogomery form */
    21158. 

  21158.                     err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
    21159. 

  21159.                     if (err == MP_OKAY) {
    21160. 

  21160.                         /* u1 = (r + 1*order).z'.z' mod prime */
    21161. 

  21161.                         sp_256_mont_mul_8(u1, u2, p1->z, p256_mod,
    21162. 

  21162.                                                                   p256_mp_mod);
    21163. 

  21163.                         *res = (int)(sp_256_cmp_8(p1->x, u1) == 0);
    21164. 

  21164.                     }
    21165. 

  21165.                 }
    21166. 

  21166.             }
    21167. 

  21167.         }
    21168. 

  21168.     }
    21169. 

  21169. 

  21170. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21171. 

  21171.     if (d != NULL)
    21172. 

  21172.         XFREE(d, heap, DYNAMIC_TYPE_ECC);
    21173. 

  21173. #endif
    21174. 

  21174.     sp_ecc_point_free(p1, 0, heap);
    21175. 

  21175.     sp_ecc_point_free(p2, 0, heap);
    21176. 

  21176. 

  21177.     return err;
    21178. 

  21178. }
    21179. 

  21179. #endif /* HAVE_ECC_VERIFY */
    21180. 

  21180. 

  21181. #ifdef HAVE_ECC_CHECK_KEY
    21182. 

  21182. /* Check that the x and y oridinates are a valid point on the curve.
    21183. 

  21183.  *
    21184. 

  21184.  * point  EC point.
    21185. 

  21185.  * heap   Heap to use if dynamically allocating.
    21186. 

  21186.  * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
    21187. 

  21187.  * not on the curve and MP_OKAY otherwise.
    21188. 

  21188.  */
    21189. 

  21189. static int sp_256_ecc_is_point_8(sp_point* point, void* heap)
    21190. 

  21190. {
    21191. 

  21191. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21192. 

  21192.     sp_digit* d;
    21193. 

  21193. #else
    21194. 

  21194.     sp_digit t1d[2*8];
    21195. 

  21195.     sp_digit t2d[2*8];
    21196. 

  21196. #endif
    21197. 

  21197.     sp_digit* t1;
    21198. 

  21198.     sp_digit* t2;
    21199. 

  21199.     int err = MP_OKAY;
    21200. 

  21200. 

  21201. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21202. 

  21202.     d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
    21203. 

  21203.     if (d == NULL) {
    21204. 

  21204.         err = MEMORY_E;
    21205. 

  21205.     }
    21206. 

  21206. #endif
    21207. 

  21207. 

  21208.     if (err == MP_OKAY) {
    21209. 

  21209. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21210. 

  21210.         t1 = d + 0 * 8;
    21211. 

  21211.         t2 = d + 2 * 8;
    21212. 

  21212. #else
    21213. 

  21213.         (void)heap;
    21214. 

  21214. 

  21215.         t1 = t1d;
    21216. 

  21216.         t2 = t2d;
    21217. 

  21217. #endif
    21218. 

  21218. 

  21219.         sp_256_sqr_8(t1, point->y);
    21220. 

  21220.         (void)sp_256_mod_8(t1, t1, p256_mod);
    21221. 

  21221.         sp_256_sqr_8(t2, point->x);
    21222. 

  21222.         (void)sp_256_mod_8(t2, t2, p256_mod);
    21223. 

  21223.         sp_256_mul_8(t2, t2, point->x);
    21224. 

  21224.         (void)sp_256_mod_8(t2, t2, p256_mod);
    21225. 

  21225.         (void)sp_256_sub_8(t2, p256_mod, t2);
    21226. 

  21226.         sp_256_mont_add_8(t1, t1, t2, p256_mod);
    21227. 

  21227. 

  21228.         sp_256_mont_add_8(t1, t1, point->x, p256_mod);
    21229. 

  21229.         sp_256_mont_add_8(t1, t1, point->x, p256_mod);
    21230. 

  21230.         sp_256_mont_add_8(t1, t1, point->x, p256_mod);
    21231. 

  21231. 

  21232.         if (sp_256_cmp_8(t1, p256_b) != 0) {
    21233. 

  21233.             err = MP_VAL;
    21234. 

  21234.         }
    21235. 

  21235.     }
    21236. 

  21236. 

  21237. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21238. 

  21238.     if (d != NULL) {
    21239. 

  21239.         XFREE(d, heap, DYNAMIC_TYPE_ECC);
    21240. 

  21240.     }
    21241. 

  21241. #endif
    21242. 

  21242. 

  21243.     return err;
    21244. 

  21244. }
    21245. 

  21245. 

  21246. /* Check that the x and y oridinates are a valid point on the curve.
    21247. 

  21247.  *
    21248. 

  21248.  * pX  X ordinate of EC point.
    21249. 

  21249.  * pY  Y ordinate of EC point.
    21250. 

  21250.  * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
    21251. 

  21251.  * not on the curve and MP_OKAY otherwise.
    21252. 

  21252.  */
    21253. 

  21253. int sp_ecc_is_point_256(mp_int* pX, mp_int* pY)
    21254. 

  21254. {
    21255. 

  21255. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    21256. 

  21256.     sp_point pubd;
    21257. 

  21257. #endif
    21258. 

  21258.     sp_point* pub;
    21259. 

  21259.     byte one[1] = { 1 };
    21260. 

  21260.     int err;
    21261. 

  21261. 

  21262.     err = sp_ecc_point_new(NULL, pubd, pub);
    21263. 

  21263.     if (err == MP_OKAY) {
    21264. 

  21264.         sp_256_from_mp(pub->x, 8, pX);
    21265. 

  21265.         sp_256_from_mp(pub->y, 8, pY);
    21266. 

  21266.         sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));
    21267. 

  21267. 

  21268.         err = sp_256_ecc_is_point_8(pub, NULL);
    21269. 

  21269.     }
    21270. 

  21270. 

  21271.     sp_ecc_point_free(pub, 0, NULL);
    21272. 

  21272. 

  21273.     return err;
    21274. 

  21274. }
    21275. 

  21275. 

  21276. /* Check that the private scalar generates the EC point (px, py), the point is
    21277. 

  21277.  * on the curve and the point has the correct order.
    21278. 

  21278.  *
    21279. 

  21279.  * pX     X ordinate of EC point.
    21280. 

  21280.  * pY     Y ordinate of EC point.
    21281. 

  21281.  * privm  Private scalar that generates EC point.
    21282. 

  21282.  * returns MEMORY_E if dynamic memory allocation fails, MP_VAL if the point is
    21283. 

  21283.  * not on the curve, ECC_INF_E if the point does not have the correct order,
    21284. 

  21284.  * ECC_PRIV_KEY_E when the private scalar doesn't generate the EC point and
    21285. 

  21285.  * MP_OKAY otherwise.
    21286. 

  21286.  */
    21287. 

  21287. int sp_ecc_check_key_256(mp_int* pX, mp_int* pY, mp_int* privm, void* heap)
    21288. 

  21288. {
    21289. 

  21289. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    21290. 

  21290.     sp_digit privd[8];
    21291. 

  21291.     sp_point pubd;
    21292. 

  21292.     sp_point pd;
    21293. 

  21293. #endif
    21294. 

  21294.     sp_digit* priv = NULL;
    21295. 

  21295.     sp_point* pub;
    21296. 

  21296.     sp_point* p = NULL;
    21297. 

  21297.     byte one[1] = { 1 };
    21298. 

  21298.     int err;
    21299. 

  21299. 

  21300.     err = sp_ecc_point_new(heap, pubd, pub);
    21301. 

  21301.     if (err == MP_OKAY) {
    21302. 

  21302.         err = sp_ecc_point_new(heap, pd, p);
    21303. 

  21303.     }
    21304. 

  21304. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21305. 

  21305.     if (err == MP_OKAY) {
    21306. 

  21306.         priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
    21307. 

  21307.                                                               DYNAMIC_TYPE_ECC);
    21308. 

  21308.         if (priv == NULL) {
    21309. 

  21309.             err = MEMORY_E;
    21310. 

  21310.         }
    21311. 

  21311.     }
    21312. 

  21312. #endif
    21313. 

  21313. 

  21314.     if (err == MP_OKAY) {
    21315. 

  21315. #if !(defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK))
    21316. 

  21316.         priv = privd;
    21317. 

  21317. #endif
    21318. 

  21318. 

  21319.         sp_256_from_mp(pub->x, 8, pX);
    21320. 

  21320.         sp_256_from_mp(pub->y, 8, pY);
    21321. 

  21321.         sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));
    21322. 

  21322.         sp_256_from_mp(priv, 8, privm);
    21323. 

  21323. 

  21324.         /* Check point at infinitiy. */
    21325. 

  21325.         if ((sp_256_iszero_8(pub->x) != 0) &&
    21326. 

  21326.             (sp_256_iszero_8(pub->y) != 0)) {
    21327. 

  21327.             err = ECC_INF_E;
    21328. 

  21328.         }
    21329. 

  21329.     }
    21330. 

  21330. 

  21331.     if (err == MP_OKAY) {
    21332. 

  21332.         /* Check range of X and Y */
    21333. 

  21333.         if (sp_256_cmp_8(pub->x, p256_mod) >= 0 ||
    21334. 

  21334.             sp_256_cmp_8(pub->y, p256_mod) >= 0) {
    21335. 

  21335.             err = ECC_OUT_OF_RANGE_E;
    21336. 

  21336.         }
    21337. 

  21337.     }
    21338. 

  21338. 

  21339.     if (err == MP_OKAY) {
    21340. 

  21340.         /* Check point is on curve */
    21341. 

  21341.         err = sp_256_ecc_is_point_8(pub, heap);
    21342. 

  21342.     }
    21343. 

  21343. 

  21344.     if (err == MP_OKAY) {
    21345. 

  21345.         /* Point * order = infinity */
    21346. 

  21346.             err = sp_256_ecc_mulmod_8(p, pub, p256_order, 1, heap);
    21347. 

  21347.     }
    21348. 

  21348.     if (err == MP_OKAY) {
    21349. 

  21349.         /* Check result is infinity */
    21350. 

  21350.         if ((sp_256_iszero_8(p->x) == 0) ||
    21351. 

  21351.             (sp_256_iszero_8(p->y) == 0)) {
    21352. 

  21352.             err = ECC_INF_E;
    21353. 

  21353.         }
    21354. 

  21354.     }
    21355. 

  21355. 

  21356.     if (err == MP_OKAY) {
    21357. 

  21357.         /* Base * private = point */
    21358. 

  21358.             err = sp_256_ecc_mulmod_base_8(p, priv, 1, heap);
    21359. 

  21359.     }
    21360. 

  21360.     if (err == MP_OKAY) {
    21361. 

  21361.         /* Check result is public key */
    21362. 

  21362.         if (sp_256_cmp_8(p->x, pub->x) != 0 ||
    21363. 

  21363.             sp_256_cmp_8(p->y, pub->y) != 0) {
    21364. 

  21364.             err = ECC_PRIV_KEY_E;
    21365. 

  21365.         }
    21366. 

  21366.     }
    21367. 

  21367. 

  21368. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21369. 

  21369.     if (priv != NULL) {
    21370. 

  21370.         XFREE(priv, heap, DYNAMIC_TYPE_ECC);
    21371. 

  21371.     }
    21372. 

  21372. #endif
    21373. 

  21373.     sp_ecc_point_free(p, 0, heap);
    21374. 

  21374.     sp_ecc_point_free(pub, 0, heap);
    21375. 

  21375. 

  21376.     return err;
    21377. 

  21377. }
    21378. 

  21378. #endif
    21379. 

  21379. #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
    21380. 

  21380. /* Add two projective EC points together.
    21381. 

  21381.  * (pX, pY, pZ) + (qX, qY, qZ) = (rX, rY, rZ)
    21382. 

  21382.  *
    21383. 

  21383.  * pX   First EC point's X ordinate.
    21384. 

  21384.  * pY   First EC point's Y ordinate.
    21385. 

  21385.  * pZ   First EC point's Z ordinate.
    21386. 

  21386.  * qX   Second EC point's X ordinate.
    21387. 

  21387.  * qY   Second EC point's Y ordinate.
    21388. 

  21388.  * qZ   Second EC point's Z ordinate.
    21389. 

  21389.  * rX   Resultant EC point's X ordinate.
    21390. 

  21390.  * rY   Resultant EC point's Y ordinate.
    21391. 

  21391.  * rZ   Resultant EC point's Z ordinate.
    21392. 

  21392.  * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
    21393. 

  21393.  */
    21394. 

  21394. int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
    21395. 

  21395.                               mp_int* qX, mp_int* qY, mp_int* qZ,
    21396. 

  21396.                               mp_int* rX, mp_int* rY, mp_int* rZ)
    21397. 

  21397. {
    21398. 

  21398. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    21399. 

  21399.     sp_digit tmpd[2 * 8 * 5];
    21400. 

  21400.     sp_point pd;
    21401. 

  21401.     sp_point qd;
    21402. 

  21402. #endif
    21403. 

  21403.     sp_digit* tmp;
    21404. 

  21404.     sp_point* p;
    21405. 

  21405.     sp_point* q = NULL;
    21406. 

  21406.     int err;
    21407. 

  21407. 

  21408.     err = sp_ecc_point_new(NULL, pd, p);
    21409. 

  21409.     if (err == MP_OKAY) {
    21410. 

  21410.         err = sp_ecc_point_new(NULL, qd, q);
    21411. 

  21411.     }
    21412. 

  21412. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21413. 

  21413.     if (err == MP_OKAY) {
    21414. 

  21414.         tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL,
    21415. 

  21415.                                                               DYNAMIC_TYPE_ECC);
    21416. 

  21416.         if (tmp == NULL) {
    21417. 

  21417.             err = MEMORY_E;
    21418. 

  21418.         }
    21419. 

  21419.     }
    21420. 

  21420. #else
    21421. 

  21421.     tmp = tmpd;
    21422. 

  21422. #endif
    21423. 

  21423. 

  21424.     if (err == MP_OKAY) {
    21425. 

  21425.         sp_256_from_mp(p->x, 8, pX);
    21426. 

  21426.         sp_256_from_mp(p->y, 8, pY);
    21427. 

  21427.         sp_256_from_mp(p->z, 8, pZ);
    21428. 

  21428.         sp_256_from_mp(q->x, 8, qX);
    21429. 

  21429.         sp_256_from_mp(q->y, 8, qY);
    21430. 

  21430.         sp_256_from_mp(q->z, 8, qZ);
    21431. 

  21431. 

  21432.             sp_256_proj_point_add_8(p, p, q, tmp);
    21433. 

  21433.     }
    21434. 

  21434. 

  21435.     if (err == MP_OKAY) {
    21436. 

  21436.         err = sp_256_to_mp(p->x, rX);
    21437. 

  21437.     }
    21438. 

  21438.     if (err == MP_OKAY) {
    21439. 

  21439.         err = sp_256_to_mp(p->y, rY);
    21440. 

  21440.     }
    21441. 

  21441.     if (err == MP_OKAY) {
    21442. 

  21442.         err = sp_256_to_mp(p->z, rZ);
    21443. 

  21443.     }
    21444. 

  21444. 

  21445. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21446. 

  21446.     if (tmp != NULL) {
    21447. 

  21447.         XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    21448. 

  21448.     }
    21449. 

  21449. #endif
    21450. 

  21450.     sp_ecc_point_free(q, 0, NULL);
    21451. 

  21451.     sp_ecc_point_free(p, 0, NULL);
    21452. 

  21452. 

  21453.     return err;
    21454. 

  21454. }
    21455. 

  21455. 

  21456. /* Double a projective EC point.
    21457. 

  21457.  * (pX, pY, pZ) + (pX, pY, pZ) = (rX, rY, rZ)
    21458. 

  21458.  *
    21459. 

  21459.  * pX   EC point's X ordinate.
    21460. 

  21460.  * pY   EC point's Y ordinate.
    21461. 

  21461.  * pZ   EC point's Z ordinate.
    21462. 

  21462.  * rX   Resultant EC point's X ordinate.
    21463. 

  21463.  * rY   Resultant EC point's Y ordinate.
    21464. 

  21464.  * rZ   Resultant EC point's Z ordinate.
    21465. 

  21465.  * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
    21466. 

  21466.  */
    21467. 

  21467. int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
    21468. 

  21468.                               mp_int* rX, mp_int* rY, mp_int* rZ)
    21469. 

  21469. {
    21470. 

  21470. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    21471. 

  21471.     sp_digit tmpd[2 * 8 * 2];
    21472. 

  21472.     sp_point pd;
    21473. 

  21473. #endif
    21474. 

  21474.     sp_digit* tmp;
    21475. 

  21475.     sp_point* p;
    21476. 

  21476.     int err;
    21477. 

  21477. 

  21478.     err = sp_ecc_point_new(NULL, pd, p);
    21479. 

  21479. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21480. 

  21480.     if (err == MP_OKAY) {
    21481. 

  21481.         tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL,
    21482. 

  21482.                                                               DYNAMIC_TYPE_ECC);
    21483. 

  21483.         if (tmp == NULL) {
    21484. 

  21484.             err = MEMORY_E;
    21485. 

  21485.         }
    21486. 

  21486.     }
    21487. 

  21487. #else
    21488. 

  21488.     tmp = tmpd;
    21489. 

  21489. #endif
    21490. 

  21490. 

  21491.     if (err == MP_OKAY) {
    21492. 

  21492.         sp_256_from_mp(p->x, 8, pX);
    21493. 

  21493.         sp_256_from_mp(p->y, 8, pY);
    21494. 

  21494.         sp_256_from_mp(p->z, 8, pZ);
    21495. 

  21495. 

  21496.             sp_256_proj_point_dbl_8(p, p, tmp);
    21497. 

  21497.     }
    21498. 

  21498. 

  21499.     if (err == MP_OKAY) {
    21500. 

  21500.         err = sp_256_to_mp(p->x, rX);
    21501. 

  21501.     }
    21502. 

  21502.     if (err == MP_OKAY) {
    21503. 

  21503.         err = sp_256_to_mp(p->y, rY);
    21504. 

  21504.     }
    21505. 

  21505.     if (err == MP_OKAY) {
    21506. 

  21506.         err = sp_256_to_mp(p->z, rZ);
    21507. 

  21507.     }
    21508. 

  21508. 

  21509. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21510. 

  21510.     if (tmp != NULL) {
    21511. 

  21511.         XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    21512. 

  21512.     }
    21513. 

  21513. #endif
    21514. 

  21514.     sp_ecc_point_free(p, 0, NULL);
    21515. 

  21515. 

  21516.     return err;
    21517. 

  21517. }
    21518. 

  21518. 

  21519. /* Map a projective EC point to affine in place.
    21520. 

  21520.  * pZ will be one.
    21521. 

  21521.  *
    21522. 

  21522.  * pX   EC point's X ordinate.
    21523. 

  21523.  * pY   EC point's Y ordinate.
    21524. 

  21524.  * pZ   EC point's Z ordinate.
    21525. 

  21525.  * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
    21526. 

  21526.  */
    21527. 

  21527. int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
    21528. 

  21528. {
    21529. 

  21529. #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
    21530. 

  21530.     sp_digit tmpd[2 * 8 * 4];
    21531. 

  21531.     sp_point pd;
    21532. 

  21532. #endif
    21533. 

  21533.     sp_digit* tmp;
    21534. 

  21534.     sp_point* p;
    21535. 

  21535.     int err;
    21536. 

  21536. 

  21537.     err = sp_ecc_point_new(NULL, pd, p);
    21538. 

  21538. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21539. 

  21539.     if (err == MP_OKAY) {
    21540. 

  21540.         tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL,
    21541. 

  21541.                                                               DYNAMIC_TYPE_ECC);
    21542. 

  21542.         if (tmp == NULL) {
    21543. 

  21543.             err = MEMORY_E;
    21544. 

  21544.         }
    21545. 

  21545.     }
    21546. 

  21546. #else
    21547. 

  21547.     tmp = tmpd;
    21548. 

  21548. #endif
    21549. 

  21549.     if (err == MP_OKAY) {
    21550. 

  21550.         sp_256_from_mp(p->x, 8, pX);
    21551. 

  21551.         sp_256_from_mp(p->y, 8, pY);
    21552. 

  21552.         sp_256_from_mp(p->z, 8, pZ);
    21553. 

  21553. 

  21554.         sp_256_map_8(p, p, tmp);
    21555. 

  21555.     }
    21556. 

  21556. 

  21557.     if (err == MP_OKAY) {
    21558. 

  21558.         err = sp_256_to_mp(p->x, pX);
    21559. 

  21559.     }
    21560. 

  21560.     if (err == MP_OKAY) {
    21561. 

  21561.         err = sp_256_to_mp(p->y, pY);
    21562. 

  21562.     }
    21563. 

  21563.     if (err == MP_OKAY) {
    21564. 

  21564.         err = sp_256_to_mp(p->z, pZ);
    21565. 

  21565.     }
    21566. 

  21566. 

  21567. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21568. 

  21568.     if (tmp != NULL) {
    21569. 

  21569.         XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
    21570. 

  21570.     }
    21571. 

  21571. #endif
    21572. 

  21572.     sp_ecc_point_free(p, 0, NULL);
    21573. 

  21573. 

  21574.     return err;
    21575. 

  21575. }
    21576. 

  21576. #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
    21577. 

  21577. #ifdef HAVE_COMP_KEY
    21578. 

  21578. /* Find the square root of a number mod the prime of the curve.
    21579. 

  21579.  *
    21580. 

  21580.  * y  The number to operate on and the result.
    21581. 

  21581.  * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
    21582. 

  21582.  */
    21583. 

  21583. static int sp_256_mont_sqrt_8(sp_digit* y)
    21584. 

  21584. {
    21585. 

  21585. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21586. 

  21586.     sp_digit* d;
    21587. 

  21587. #else
    21588. 

  21588.     sp_digit t1d[2 * 8];
    21589. 

  21589.     sp_digit t2d[2 * 8];
    21590. 

  21590. #endif
    21591. 

  21591.     sp_digit* t1;
    21592. 

  21592.     sp_digit* t2;
    21593. 

  21593.     int err = MP_OKAY;
    21594. 

  21594. 

  21595. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21596. 

  21596.     d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
    21597. 

  21597.     if (d == NULL) {
    21598. 

  21598.         err = MEMORY_E;
    21599. 

  21599.     }
    21600. 

  21600. #endif
    21601. 

  21601. 

  21602.     if (err == MP_OKAY) {
    21603. 

  21603. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21604. 

  21604.         t1 = d + 0 * 8;
    21605. 

  21605.         t2 = d + 2 * 8;
    21606. 

  21606. #else
    21607. 

  21607.         t1 = t1d;
    21608. 

  21608.         t2 = t2d;
    21609. 

  21609. #endif
    21610. 

  21610. 

  21611.         {
    21612. 

  21612.             /* t2 = y ^ 0x2 */
    21613. 

  21613.             sp_256_mont_sqr_8(t2, y, p256_mod, p256_mp_mod);
    21614. 

  21614.             /* t1 = y ^ 0x3 */
    21615. 

  21615.             sp_256_mont_mul_8(t1, t2, y, p256_mod, p256_mp_mod);
    21616. 

  21616.             /* t2 = y ^ 0xc */
    21617. 

  21617.             sp_256_mont_sqr_n_8(t2, t1, 2, p256_mod, p256_mp_mod);
    21618. 

  21618.             /* t1 = y ^ 0xf */
    21619. 

  21619.             sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
    21620. 

  21620.             /* t2 = y ^ 0xf0 */
    21621. 

  21621.             sp_256_mont_sqr_n_8(t2, t1, 4, p256_mod, p256_mp_mod);
    21622. 

  21622.             /* t1 = y ^ 0xff */
    21623. 

  21623.             sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
    21624. 

  21624.             /* t2 = y ^ 0xff00 */
    21625. 

  21625.             sp_256_mont_sqr_n_8(t2, t1, 8, p256_mod, p256_mp_mod);
    21626. 

  21626.             /* t1 = y ^ 0xffff */
    21627. 

  21627.             sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
    21628. 

  21628.             /* t2 = y ^ 0xffff0000 */
    21629. 

  21629.             sp_256_mont_sqr_n_8(t2, t1, 16, p256_mod, p256_mp_mod);
    21630. 

  21630.             /* t1 = y ^ 0xffffffff */
    21631. 

  21631.             sp_256_mont_mul_8(t1, t1, t2, p256_mod, p256_mp_mod);
    21632. 

  21632.             /* t1 = y ^ 0xffffffff00000000 */
    21633. 

  21633.             sp_256_mont_sqr_n_8(t1, t1, 32, p256_mod, p256_mp_mod);
    21634. 

  21634.             /* t1 = y ^ 0xffffffff00000001 */
    21635. 

  21635.             sp_256_mont_mul_8(t1, t1, y, p256_mod, p256_mp_mod);
    21636. 

  21636.             /* t1 = y ^ 0xffffffff00000001000000000000000000000000 */
    21637. 

  21637.             sp_256_mont_sqr_n_8(t1, t1, 96, p256_mod, p256_mp_mod);
    21638. 

  21638.             /* t1 = y ^ 0xffffffff00000001000000000000000000000001 */
    21639. 

  21639.             sp_256_mont_mul_8(t1, t1, y, p256_mod, p256_mp_mod);
    21640. 

  21640.             sp_256_mont_sqr_n_8(y, t1, 94, p256_mod, p256_mp_mod);
    21641. 

  21641.         }
    21642. 

  21642.     }
    21643. 

  21643. 

  21644. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21645. 

  21645.     if (d != NULL) {
    21646. 

  21646.         XFREE(d, NULL, DYNAMIC_TYPE_ECC);
    21647. 

  21647.     }
    21648. 

  21648. #endif
    21649. 

  21649. 

  21650.     return err;
    21651. 

  21651. }
    21652. 

  21652. 

  21653. /* Uncompress the point given the X ordinate.
    21654. 

  21654.  *
    21655. 

  21655.  * xm    X ordinate.
    21656. 

  21656.  * odd   Whether the Y ordinate is odd.
    21657. 

  21657.  * ym    Calculated Y ordinate.
    21658. 

  21658.  * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
    21659. 

  21659.  */
    21660. 

  21660. int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
    21661. 

  21661. {
    21662. 

  21662. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21663. 

  21663.     sp_digit* d;
    21664. 

  21664. #else
    21665. 

  21665.     sp_digit xd[2 * 8];
    21666. 

  21666.     sp_digit yd[2 * 8];
    21667. 

  21667. #endif
    21668. 

  21668.     sp_digit* x = NULL;
    21669. 

  21669.     sp_digit* y = NULL;
    21670. 

  21670.     int err = MP_OKAY;
    21671. 

  21671. 

  21672. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21673. 

  21673.     d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
    21674. 

  21674.     if (d == NULL) {
    21675. 

  21675.         err = MEMORY_E;
    21676. 

  21676.     }
    21677. 

  21677. #endif
    21678. 

  21678. 

  21679.     if (err == MP_OKAY) {
    21680. 

  21680. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21681. 

  21681.         x = d + 0 * 8;
    21682. 

  21682.         y = d + 2 * 8;
    21683. 

  21683. #else
    21684. 

  21684.         x = xd;
    21685. 

  21685.         y = yd;
    21686. 

  21686. #endif
    21687. 

  21687. 

  21688.         sp_256_from_mp(x, 8, xm);
    21689. 

  21689.         err = sp_256_mod_mul_norm_8(x, x, p256_mod);
    21690. 

  21690.     }
    21691. 

  21691.     if (err == MP_OKAY) {
    21692. 

  21692.         /* y = x^3 */
    21693. 

  21693.         {
    21694. 

  21694.             sp_256_mont_sqr_8(y, x, p256_mod, p256_mp_mod);
    21695. 

  21695.             sp_256_mont_mul_8(y, y, x, p256_mod, p256_mp_mod);
    21696. 

  21696.         }
    21697. 

  21697.         /* y = x^3 - 3x */
    21698. 

  21698.         sp_256_mont_sub_8(y, y, x, p256_mod);
    21699. 

  21699.         sp_256_mont_sub_8(y, y, x, p256_mod);
    21700. 

  21700.         sp_256_mont_sub_8(y, y, x, p256_mod);
    21701. 

  21701.         /* y = x^3 - 3x + b */
    21702. 

  21702.         err = sp_256_mod_mul_norm_8(x, p256_b, p256_mod);
    21703. 

  21703.     }
    21704. 

  21704.     if (err == MP_OKAY) {
    21705. 

  21705.         sp_256_mont_add_8(y, y, x, p256_mod);
    21706. 

  21706.         /* y = sqrt(x^3 - 3x + b) */
    21707. 

  21707.         err = sp_256_mont_sqrt_8(y);
    21708. 

  21708.     }
    21709. 

  21709.     if (err == MP_OKAY) {
    21710. 

  21710.         XMEMSET(y + 8, 0, 8U * sizeof(sp_digit));
    21711. 

  21711.         sp_256_mont_reduce_8(y, p256_mod, p256_mp_mod);
    21712. 

  21712.         if ((((word32)y[0] ^ (word32)odd) & 1U) != 0U) {
    21713. 

  21713.             sp_256_mont_sub_8(y, p256_mod, y, p256_mod);
    21714. 

  21714.         }
    21715. 

  21715. 

  21716.         err = sp_256_to_mp(y, ym);
    21717. 

  21717.     }
    21718. 

  21718. 

  21719. #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
    21720. 

  21720.     if (d != NULL) {
    21721. 

  21721.         XFREE(d, NULL, DYNAMIC_TYPE_ECC);
    21722. 

  21722.     }
    21723. 

  21723. #endif
    21724. 

  21724. 

  21725.     return err;
    21726. 

  21726. }
    21727. 

  21727. #endif
    21728. 

  21728. #endif /* !WOLFSSL_SP_NO_256 */
    21729. 

  21729. #endif /* WOLFSSL_HAVE_SP_ECC */
    21730. 

  21730. #endif /* WOLFSSL_SP_ARM_THUMB_ASM */
    21731. 

  21731. #endif /* WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH || WOLFSSL_HAVE_SP_ECC */
    21732.