wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/sp_dsp32.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:11:07 2020 +0000
Revision:
17:a5f916481144
Parent:
16:8e0d178b1d1e 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 16:8e0d178b1d1e 1 /* sp_cdsp_signed.c
wolfSSL 16:8e0d178b1d1e 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 16:8e0d178b1d1e 4 *
wolfSSL 16:8e0d178b1d1e 5 * This file is part of wolfSSL.
wolfSSL 16:8e0d178b1d1e 6 *
wolfSSL 16:8e0d178b1d1e 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 16:8e0d178b1d1e 8 * it under the terms of the GNU General Public License as published by
wolfSSL 16:8e0d178b1d1e 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 16:8e0d178b1d1e 10 * (at your option) any later version.
wolfSSL 16:8e0d178b1d1e 11 *
wolfSSL 16:8e0d178b1d1e 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 16:8e0d178b1d1e 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 16:8e0d178b1d1e 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 16:8e0d178b1d1e 15 * GNU General Public License for more details.
wolfSSL 16:8e0d178b1d1e 16 *
wolfSSL 16:8e0d178b1d1e 17 * You should have received a copy of the GNU General Public License
wolfSSL 16:8e0d178b1d1e 18 * along with this program; if not, write to the Free Software
wolfSSL 16:8e0d178b1d1e 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 16:8e0d178b1d1e 20 */
wolfSSL 16:8e0d178b1d1e 21
wolfSSL 16:8e0d178b1d1e 22 /* from wolfcrypt/src/sp_c32.c */
wolfSSL 16:8e0d178b1d1e 23
wolfSSL 16:8e0d178b1d1e 24 #ifdef HAVE_CONFIG_H
wolfSSL 16:8e0d178b1d1e 25 #include <config.h>
wolfSSL 16:8e0d178b1d1e 26 #endif
wolfSSL 16:8e0d178b1d1e 27
wolfSSL 16:8e0d178b1d1e 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 16:8e0d178b1d1e 29 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 16:8e0d178b1d1e 30 #include <wolfssl/wolfcrypt/cpuid.h>
wolfSSL 16:8e0d178b1d1e 31 #ifdef NO_INLINE
wolfSSL 16:8e0d178b1d1e 32 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 16:8e0d178b1d1e 33 #else
wolfSSL 16:8e0d178b1d1e 34 #define WOLFSSL_MISC_INCLUDED
wolfSSL 16:8e0d178b1d1e 35 #include <wolfcrypt/src/misc.c>
wolfSSL 16:8e0d178b1d1e 36 #endif
wolfSSL 16:8e0d178b1d1e 37
wolfSSL 16:8e0d178b1d1e 38 #if defined(WOLFSSL_HAVE_SP_ECC)
wolfSSL 16:8e0d178b1d1e 39 #ifdef WOLFSSL_DSP
wolfSSL 16:8e0d178b1d1e 40
wolfSSL 16:8e0d178b1d1e 41 #include <wolfssl/wolfcrypt/sp.h>
wolfSSL 16:8e0d178b1d1e 42 #include "remote.h"
wolfSSL 16:8e0d178b1d1e 43 #include "hexagon_protos.h"
wolfSSL 16:8e0d178b1d1e 44 #include "hexagon_types.h"
wolfSSL 16:8e0d178b1d1e 45
wolfSSL 16:8e0d178b1d1e 46 #if (defined(WOLFSSL_SP_CACHE_RESISTANT) || defined(WOLFSSL_SP_SMALL)) && (defined(WOLFSSL_HAVE_SP_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY))
wolfSSL 16:8e0d178b1d1e 47 /* Mask for address to obfuscate which of the two address will be used. */
wolfSSL 16:8e0d178b1d1e 48 static const size_t addr_mask[2] = { 0, (size_t)-1 };
wolfSSL 16:8e0d178b1d1e 49 #endif
wolfSSL 16:8e0d178b1d1e 50
wolfSSL 16:8e0d178b1d1e 51 #ifdef WOLFSSL_HAVE_SP_ECC
wolfSSL 16:8e0d178b1d1e 52 #ifndef WOLFSSL_SP_NO_256
wolfSSL 16:8e0d178b1d1e 53
wolfSSL 16:8e0d178b1d1e 54 /* Point structure to use. */
wolfSSL 16:8e0d178b1d1e 55 typedef struct sp_point {
wolfSSL 16:8e0d178b1d1e 56 sp_digit x[2 * 10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 57 sp_digit y[2 * 10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 58 sp_digit z[2 * 10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 59 int infinity;
wolfSSL 16:8e0d178b1d1e 60 } sp_point;
wolfSSL 16:8e0d178b1d1e 61
wolfSSL 16:8e0d178b1d1e 62 /* The modulus (prime) of the curve P256. */
wolfSSL 16:8e0d178b1d1e 63 static const sp_digit p256_mod[10] __attribute__((aligned(128))) = {
wolfSSL 16:8e0d178b1d1e 64 0x3ffffff,0x3ffffff,0x3ffffff,0x003ffff,0x0000000,0x0000000,0x0000000,
wolfSSL 16:8e0d178b1d1e 65 0x0000400,0x3ff0000,0x03fffff
wolfSSL 16:8e0d178b1d1e 66 };
wolfSSL 16:8e0d178b1d1e 67 #ifndef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 68 /* The Montogmery normalizer for modulus of the curve P256. */
wolfSSL 16:8e0d178b1d1e 69 static const sp_digit p256_norm_mod[10] __attribute__((aligned(128))) = {
wolfSSL 16:8e0d178b1d1e 70 0x0000001,0x0000000,0x0000000,0x3fc0000,0x3ffffff,0x3ffffff,0x3ffffff,
wolfSSL 16:8e0d178b1d1e 71 0x3fffbff,0x000ffff,0x0000000
wolfSSL 16:8e0d178b1d1e 72 };
wolfSSL 16:8e0d178b1d1e 73 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 74 /* The Montogmery multiplier for modulus of the curve P256. */
wolfSSL 16:8e0d178b1d1e 75 static const sp_digit p256_mp_mod __attribute__((aligned(128))) = 0x000001;
wolfSSL 16:8e0d178b1d1e 76 #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \
wolfSSL 16:8e0d178b1d1e 77 defined(HAVE_ECC_VERIFY)
wolfSSL 16:8e0d178b1d1e 78 /* The order of the curve P256. */
wolfSSL 16:8e0d178b1d1e 79 static const sp_digit p256_order[10] __attribute__((aligned(128))) = {
wolfSSL 16:8e0d178b1d1e 80 0x0632551,0x272b0bf,0x1e84f3b,0x2b69c5e,0x3bce6fa,0x3ffffff,0x3ffffff,
wolfSSL 16:8e0d178b1d1e 81 0x00003ff,0x3ff0000,0x03fffff
wolfSSL 16:8e0d178b1d1e 82 };
wolfSSL 16:8e0d178b1d1e 83 #endif
wolfSSL 16:8e0d178b1d1e 84 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
wolfSSL 16:8e0d178b1d1e 85 /* The Montogmery normalizer for order of the curve P256. */
wolfSSL 16:8e0d178b1d1e 86 static const sp_digit p256_norm_order[10] __attribute__((aligned(128))) = {
wolfSSL 16:8e0d178b1d1e 87 0x39cdaaf,0x18d4f40,0x217b0c4,0x14963a1,0x0431905,0x0000000,0x0000000,
wolfSSL 16:8e0d178b1d1e 88 0x3fffc00,0x000ffff,0x0000000
wolfSSL 16:8e0d178b1d1e 89 };
wolfSSL 16:8e0d178b1d1e 90 #endif
wolfSSL 16:8e0d178b1d1e 91 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
wolfSSL 16:8e0d178b1d1e 92 /* The Montogmery multiplier for order of the curve P256. */
wolfSSL 16:8e0d178b1d1e 93 static const sp_digit p256_mp_order __attribute__((aligned(128))) = 0x200bc4f;
wolfSSL 16:8e0d178b1d1e 94 #endif
wolfSSL 16:8e0d178b1d1e 95 /* The base point of curve P256. */
wolfSSL 16:8e0d178b1d1e 96 static const sp_point p256_base __attribute__((aligned(128))) = {
wolfSSL 16:8e0d178b1d1e 97 /* X ordinate */
wolfSSL 16:8e0d178b1d1e 98 {
wolfSSL 16:8e0d178b1d1e 99 0x098c296,0x04e5176,0x33a0f4a,0x204b7ac,0x277037d,0x0e9103c,0x3ce6e56,
wolfSSL 16:8e0d178b1d1e 100 0x1091fe2,0x1f2e12c,0x01ac5f4, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L
wolfSSL 16:8e0d178b1d1e 101 },
wolfSSL 16:8e0d178b1d1e 102 /* Y ordinate */
wolfSSL 16:8e0d178b1d1e 103 {
wolfSSL 16:8e0d178b1d1e 104 0x3bf51f5,0x1901a0d,0x1ececbb,0x15dacc5,0x22bce33,0x303e785,0x27eb4a7,
wolfSSL 16:8e0d178b1d1e 105 0x1fe6e3b,0x2e2fe1a,0x013f8d0, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L
wolfSSL 16:8e0d178b1d1e 106 },
wolfSSL 16:8e0d178b1d1e 107 /* Z ordinate */
wolfSSL 16:8e0d178b1d1e 108 {
wolfSSL 16:8e0d178b1d1e 109 0x0000001,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,
wolfSSL 16:8e0d178b1d1e 110 0x0000000,0x0000000,0x0000000, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L, 0L
wolfSSL 16:8e0d178b1d1e 111 },
wolfSSL 16:8e0d178b1d1e 112 /* infinity */
wolfSSL 16:8e0d178b1d1e 113 0
wolfSSL 16:8e0d178b1d1e 114 };
wolfSSL 16:8e0d178b1d1e 115
wolfSSL 16:8e0d178b1d1e 116 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
wolfSSL 16:8e0d178b1d1e 117 {
wolfSSL 16:8e0d178b1d1e 118 int ret = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 119 (void)heap;
wolfSSL 16:8e0d178b1d1e 120 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 121 (void)sp;
wolfSSL 16:8e0d178b1d1e 122 *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 123 #else
wolfSSL 16:8e0d178b1d1e 124 *p = sp;
wolfSSL 16:8e0d178b1d1e 125 #endif
wolfSSL 16:8e0d178b1d1e 126 if (p == NULL) {
wolfSSL 16:8e0d178b1d1e 127 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 128 }
wolfSSL 16:8e0d178b1d1e 129 return ret;
wolfSSL 16:8e0d178b1d1e 130 }
wolfSSL 16:8e0d178b1d1e 131
wolfSSL 16:8e0d178b1d1e 132 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 133 /* Allocate memory for point and return error. */
wolfSSL 16:8e0d178b1d1e 134 #define sp_ecc_point_new(heap, sp, p) sp_ecc_point_new_ex((heap), NULL, &(p))
wolfSSL 16:8e0d178b1d1e 135 #else
wolfSSL 16:8e0d178b1d1e 136 /* Set pointer to data and return no error. */
wolfSSL 16:8e0d178b1d1e 137 #define sp_ecc_point_new(heap, sp, p) sp_ecc_point_new_ex((heap), &(sp), &(p))
wolfSSL 16:8e0d178b1d1e 138 #endif
wolfSSL 16:8e0d178b1d1e 139
wolfSSL 16:8e0d178b1d1e 140
wolfSSL 16:8e0d178b1d1e 141 static void sp_ecc_point_free(sp_point* p, int clear, void* heap)
wolfSSL 16:8e0d178b1d1e 142 {
wolfSSL 16:8e0d178b1d1e 143 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 144 /* If valid pointer then clear point data if requested and free data. */
wolfSSL 16:8e0d178b1d1e 145 if (p != NULL) {
wolfSSL 16:8e0d178b1d1e 146 if (clear != 0) {
wolfSSL 16:8e0d178b1d1e 147 XMEMSET(p, 0, sizeof(*p));
wolfSSL 16:8e0d178b1d1e 148 }
wolfSSL 16:8e0d178b1d1e 149 XFREE(p, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 150 }
wolfSSL 16:8e0d178b1d1e 151 #else
wolfSSL 16:8e0d178b1d1e 152 /* Clear point data if requested. */
wolfSSL 16:8e0d178b1d1e 153 if (clear != 0) {
wolfSSL 16:8e0d178b1d1e 154 XMEMSET(p, 0, sizeof(*p));
wolfSSL 16:8e0d178b1d1e 155 }
wolfSSL 16:8e0d178b1d1e 156 #endif
wolfSSL 16:8e0d178b1d1e 157 (void)heap;
wolfSSL 16:8e0d178b1d1e 158 }
wolfSSL 16:8e0d178b1d1e 159
wolfSSL 16:8e0d178b1d1e 160 /* Multiply a number by Montogmery normalizer mod modulus (prime).
wolfSSL 16:8e0d178b1d1e 161 *
wolfSSL 16:8e0d178b1d1e 162 * r The resulting Montgomery form number.
wolfSSL 16:8e0d178b1d1e 163 * a The number to convert.
wolfSSL 16:8e0d178b1d1e 164 * m The modulus (prime).
wolfSSL 16:8e0d178b1d1e 165 * returns MEMORY_E when memory allocation fails and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 166 */
wolfSSL 16:8e0d178b1d1e 167 static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 168 {
wolfSSL 16:8e0d178b1d1e 169 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 170 int64_t* td;
wolfSSL 16:8e0d178b1d1e 171 #else
wolfSSL 16:8e0d178b1d1e 172 int64_t td[8];
wolfSSL 16:8e0d178b1d1e 173 int64_t a32d[8];
wolfSSL 16:8e0d178b1d1e 174 #endif
wolfSSL 16:8e0d178b1d1e 175 int64_t* t;
wolfSSL 16:8e0d178b1d1e 176 int64_t* a32;
wolfSSL 16:8e0d178b1d1e 177 int64_t o;
wolfSSL 16:8e0d178b1d1e 178 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 179
wolfSSL 16:8e0d178b1d1e 180 (void)m;
wolfSSL 16:8e0d178b1d1e 181
wolfSSL 16:8e0d178b1d1e 182 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 183 td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 184 if (td == NULL) {
wolfSSL 16:8e0d178b1d1e 185 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 186 }
wolfSSL 16:8e0d178b1d1e 187 #endif
wolfSSL 16:8e0d178b1d1e 188
wolfSSL 16:8e0d178b1d1e 189 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 190 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 191 t = td;
wolfSSL 16:8e0d178b1d1e 192 a32 = td + 8;
wolfSSL 16:8e0d178b1d1e 193 #else
wolfSSL 16:8e0d178b1d1e 194 t = td;
wolfSSL 16:8e0d178b1d1e 195 a32 = a32d;
wolfSSL 16:8e0d178b1d1e 196 #endif
wolfSSL 16:8e0d178b1d1e 197
wolfSSL 16:8e0d178b1d1e 198 a32[0] = a[0];
wolfSSL 16:8e0d178b1d1e 199 a32[0] |= a[1] << 26U;
wolfSSL 16:8e0d178b1d1e 200 a32[0] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 201 a32[1] = (sp_digit)(a[1] >> 6);
wolfSSL 16:8e0d178b1d1e 202 a32[1] |= a[2] << 20U;
wolfSSL 16:8e0d178b1d1e 203 a32[1] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 204 a32[2] = (sp_digit)(a[2] >> 12);
wolfSSL 16:8e0d178b1d1e 205 a32[2] |= a[3] << 14U;
wolfSSL 16:8e0d178b1d1e 206 a32[2] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 207 a32[3] = (sp_digit)(a[3] >> 18);
wolfSSL 16:8e0d178b1d1e 208 a32[3] |= a[4] << 8U;
wolfSSL 16:8e0d178b1d1e 209 a32[3] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 210 a32[4] = (sp_digit)(a[4] >> 24);
wolfSSL 16:8e0d178b1d1e 211 a32[4] |= a[5] << 2U;
wolfSSL 16:8e0d178b1d1e 212 a32[4] |= a[6] << 28U;
wolfSSL 16:8e0d178b1d1e 213 a32[4] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 214 a32[5] = (sp_digit)(a[6] >> 4);
wolfSSL 16:8e0d178b1d1e 215 a32[5] |= a[7] << 22U;
wolfSSL 16:8e0d178b1d1e 216 a32[5] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 217 a32[6] = (sp_digit)(a[7] >> 10);
wolfSSL 16:8e0d178b1d1e 218 a32[6] |= a[8] << 16U;
wolfSSL 16:8e0d178b1d1e 219 a32[6] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 220 a32[7] = (sp_digit)(a[8] >> 16);
wolfSSL 16:8e0d178b1d1e 221 a32[7] |= a[9] << 10U;
wolfSSL 16:8e0d178b1d1e 222 a32[7] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 223
wolfSSL 16:8e0d178b1d1e 224 /* 1 1 0 -1 -1 -1 -1 0 */
wolfSSL 16:8e0d178b1d1e 225 t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
wolfSSL 16:8e0d178b1d1e 226 /* 0 1 1 0 -1 -1 -1 -1 */
wolfSSL 16:8e0d178b1d1e 227 t[1] = 0 + a32[1] + a32[2] - a32[4] - a32[5] - a32[6] - a32[7];
wolfSSL 16:8e0d178b1d1e 228 /* 0 0 1 1 0 -1 -1 -1 */
wolfSSL 16:8e0d178b1d1e 229 t[2] = 0 + a32[2] + a32[3] - a32[5] - a32[6] - a32[7];
wolfSSL 16:8e0d178b1d1e 230 /* -1 -1 0 2 2 1 0 -1 */
wolfSSL 16:8e0d178b1d1e 231 t[3] = 0 - a32[0] - a32[1] + 2 * a32[3] + 2 * a32[4] + a32[5] - a32[7];
wolfSSL 16:8e0d178b1d1e 232 /* 0 -1 -1 0 2 2 1 0 */
wolfSSL 16:8e0d178b1d1e 233 t[4] = 0 - a32[1] - a32[2] + 2 * a32[4] + 2 * a32[5] + a32[6];
wolfSSL 16:8e0d178b1d1e 234 /* 0 0 -1 -1 0 2 2 1 */
wolfSSL 16:8e0d178b1d1e 235 t[5] = 0 - a32[2] - a32[3] + 2 * a32[5] + 2 * a32[6] + a32[7];
wolfSSL 16:8e0d178b1d1e 236 /* -1 -1 0 0 0 1 3 2 */
wolfSSL 16:8e0d178b1d1e 237 t[6] = 0 - a32[0] - a32[1] + a32[5] + 3 * a32[6] + 2 * a32[7];
wolfSSL 16:8e0d178b1d1e 238 /* 1 0 -1 -1 -1 -1 0 3 */
wolfSSL 16:8e0d178b1d1e 239 t[7] = 0 + a32[0] - a32[2] - a32[3] - a32[4] - a32[5] + 3 * a32[7];
wolfSSL 16:8e0d178b1d1e 240
wolfSSL 16:8e0d178b1d1e 241 t[1] += t[0] >> 32U; t[0] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 242 t[2] += t[1] >> 32U; t[1] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 243 t[3] += t[2] >> 32U; t[2] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 244 t[4] += t[3] >> 32U; t[3] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 245 t[5] += t[4] >> 32U; t[4] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 246 t[6] += t[5] >> 32U; t[5] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 247 t[7] += t[6] >> 32U; t[6] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 248 o = t[7] >> 32U; t[7] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 249 t[0] += o;
wolfSSL 16:8e0d178b1d1e 250 t[3] -= o;
wolfSSL 16:8e0d178b1d1e 251 t[6] -= o;
wolfSSL 16:8e0d178b1d1e 252 t[7] += o;
wolfSSL 16:8e0d178b1d1e 253 t[1] += t[0] >> 32U; t[0] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 254 t[2] += t[1] >> 32U; t[1] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 255 t[3] += t[2] >> 32U; t[2] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 256 t[4] += t[3] >> 32U; t[3] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 257 t[5] += t[4] >> 32U; t[4] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 258 t[6] += t[5] >> 32U; t[5] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 259 t[7] += t[6] >> 32U; t[6] &= 0xffffffffL;
wolfSSL 16:8e0d178b1d1e 260
wolfSSL 16:8e0d178b1d1e 261 r[0] = (sp_digit)(t[0]) & 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 262 r[1] = (sp_digit)(t[0] >> 26U);
wolfSSL 16:8e0d178b1d1e 263 r[1] |= t[1] << 6U;
wolfSSL 16:8e0d178b1d1e 264 r[1] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 265 r[2] = (sp_digit)(t[1] >> 20U);
wolfSSL 16:8e0d178b1d1e 266 r[2] |= t[2] << 12U;
wolfSSL 16:8e0d178b1d1e 267 r[2] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 268 r[3] = (sp_digit)(t[2] >> 14U);
wolfSSL 16:8e0d178b1d1e 269 r[3] |= t[3] << 18U;
wolfSSL 16:8e0d178b1d1e 270 r[3] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 271 r[4] = (sp_digit)(t[3] >> 8U);
wolfSSL 16:8e0d178b1d1e 272 r[4] |= t[4] << 24U;
wolfSSL 16:8e0d178b1d1e 273 r[4] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 274 r[5] = (sp_digit)(t[4] >> 2U) & 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 275 r[6] = (sp_digit)(t[4] >> 28U);
wolfSSL 16:8e0d178b1d1e 276 r[6] |= t[5] << 4U;
wolfSSL 16:8e0d178b1d1e 277 r[6] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 278 r[7] = (sp_digit)(t[5] >> 22U);
wolfSSL 16:8e0d178b1d1e 279 r[7] |= t[6] << 10U;
wolfSSL 16:8e0d178b1d1e 280 r[7] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 281 r[8] = (sp_digit)(t[6] >> 16U);
wolfSSL 16:8e0d178b1d1e 282 r[8] |= t[7] << 16U;
wolfSSL 16:8e0d178b1d1e 283 r[8] &= 0x3ffffffL;
wolfSSL 16:8e0d178b1d1e 284 r[9] = (sp_digit)(t[7] >> 10U);
wolfSSL 16:8e0d178b1d1e 285 }
wolfSSL 16:8e0d178b1d1e 286
wolfSSL 16:8e0d178b1d1e 287 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 288 if (td != NULL) {
wolfSSL 16:8e0d178b1d1e 289 XFREE(td, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 290 }
wolfSSL 16:8e0d178b1d1e 291 #endif
wolfSSL 16:8e0d178b1d1e 292
wolfSSL 16:8e0d178b1d1e 293 return err;
wolfSSL 16:8e0d178b1d1e 294 }
wolfSSL 16:8e0d178b1d1e 295
wolfSSL 16:8e0d178b1d1e 296
wolfSSL 16:8e0d178b1d1e 297 /* Compare a with b in constant time.
wolfSSL 16:8e0d178b1d1e 298 *
wolfSSL 16:8e0d178b1d1e 299 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 300 * b A single precision integer.
wolfSSL 16:8e0d178b1d1e 301 * return -ve, 0 or +ve if a is less than, equal to or greater than b
wolfSSL 16:8e0d178b1d1e 302 * respectively.
wolfSSL 16:8e0d178b1d1e 303 */
wolfSSL 16:8e0d178b1d1e 304 static sp_digit sp_256_cmp_10(const sp_digit* a, const sp_digit* b)
wolfSSL 16:8e0d178b1d1e 305 {
wolfSSL 16:8e0d178b1d1e 306 sp_digit r = 0;
wolfSSL 16:8e0d178b1d1e 307 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 308 int i;
wolfSSL 16:8e0d178b1d1e 309
wolfSSL 16:8e0d178b1d1e 310 for (i=9; i>=0; i--) {
wolfSSL 16:8e0d178b1d1e 311 r |= (a[i] - b[i]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 312 }
wolfSSL 16:8e0d178b1d1e 313 #else
wolfSSL 16:8e0d178b1d1e 314 r |= (a[ 9] - b[ 9]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 315 r |= (a[ 8] - b[ 8]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 316 r |= (a[ 7] - b[ 7]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 317 r |= (a[ 6] - b[ 6]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 318 r |= (a[ 5] - b[ 5]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 319 r |= (a[ 4] - b[ 4]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 320 r |= (a[ 3] - b[ 3]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 321 r |= (a[ 2] - b[ 2]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 322 r |= (a[ 1] - b[ 1]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 323 r |= (a[ 0] - b[ 0]) & (0 - ((r == 0) ? (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 324 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 325
wolfSSL 16:8e0d178b1d1e 326 return r;
wolfSSL 16:8e0d178b1d1e 327 }
wolfSSL 16:8e0d178b1d1e 328
wolfSSL 16:8e0d178b1d1e 329 /* Normalize the values in each word to 26.
wolfSSL 16:8e0d178b1d1e 330 *
wolfSSL 16:8e0d178b1d1e 331 * a Array of sp_digit to normalize.
wolfSSL 16:8e0d178b1d1e 332 */
wolfSSL 16:8e0d178b1d1e 333 static void sp_256_norm_10(sp_digit* a)
wolfSSL 16:8e0d178b1d1e 334 {
wolfSSL 16:8e0d178b1d1e 335 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 336 int i;
wolfSSL 16:8e0d178b1d1e 337 for (i = 0; i < 9; i++) {
wolfSSL 16:8e0d178b1d1e 338 a[i+1] += a[i] >> 26;
wolfSSL 16:8e0d178b1d1e 339 a[i] &= 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 340 }
wolfSSL 16:8e0d178b1d1e 341 #else
wolfSSL 16:8e0d178b1d1e 342 a[1] += a[0] >> 26; a[0] = Q6_R_and_RR(a[0], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 343 a[2] += a[1] >> 26; a[1] = Q6_R_and_RR(a[1], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 344 a[3] += a[2] >> 26; a[2] = Q6_R_and_RR(a[2], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 345 a[4] += a[3] >> 26; a[3] = Q6_R_and_RR(a[3], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 346 a[5] += a[4] >> 26; a[4] = Q6_R_and_RR(a[4], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 347 a[6] += a[5] >> 26; a[5] = Q6_R_and_RR(a[5], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 348 a[7] += a[6] >> 26; a[6] = Q6_R_and_RR(a[6], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 349 a[8] += a[7] >> 26; a[7] = Q6_R_and_RR(a[7], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 350 a[9] += a[8] >> 26; a[8] = Q6_R_and_RR(a[8], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 351 #endif
wolfSSL 16:8e0d178b1d1e 352 }
wolfSSL 16:8e0d178b1d1e 353
wolfSSL 16:8e0d178b1d1e 354 /* Conditionally subtract b from a using the mask m.
wolfSSL 16:8e0d178b1d1e 355 * m is -1 to subtract and 0 when not.
wolfSSL 16:8e0d178b1d1e 356 *
wolfSSL 16:8e0d178b1d1e 357 * r A single precision number representing condition subtract result.
wolfSSL 16:8e0d178b1d1e 358 * a A single precision number to subtract from.
wolfSSL 16:8e0d178b1d1e 359 * b A single precision number to subtract.
wolfSSL 16:8e0d178b1d1e 360 * m Mask value to apply.
wolfSSL 16:8e0d178b1d1e 361 */
wolfSSL 16:8e0d178b1d1e 362 static void sp_256_cond_sub_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 363 const sp_digit* b, const sp_digit m)
wolfSSL 16:8e0d178b1d1e 364 {
wolfSSL 16:8e0d178b1d1e 365 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 366 int i;
wolfSSL 16:8e0d178b1d1e 367
wolfSSL 16:8e0d178b1d1e 368 for (i = 0; i < 10; i++) {
wolfSSL 16:8e0d178b1d1e 369 r[i] = a[i] - (b[i] & m);
wolfSSL 16:8e0d178b1d1e 370 }
wolfSSL 16:8e0d178b1d1e 371 #else
wolfSSL 16:8e0d178b1d1e 372 r[ 0] = Q6_R_sub_RR(a[ 0], Q6_R_and_RR(b[ 0], m));
wolfSSL 16:8e0d178b1d1e 373 r[ 1] = Q6_R_sub_RR(a[ 1], Q6_R_and_RR(b[ 1], m));
wolfSSL 16:8e0d178b1d1e 374 r[ 2] = Q6_R_sub_RR(a[ 2], Q6_R_and_RR(b[ 2], m));
wolfSSL 16:8e0d178b1d1e 375 r[ 3] = Q6_R_sub_RR(a[ 3], Q6_R_and_RR(b[ 3], m));
wolfSSL 16:8e0d178b1d1e 376 r[ 4] = Q6_R_sub_RR(a[ 4], Q6_R_and_RR(b[ 4], m));
wolfSSL 16:8e0d178b1d1e 377 r[ 5] = Q6_R_sub_RR(a[ 5], Q6_R_and_RR(b[ 5], m));
wolfSSL 16:8e0d178b1d1e 378 r[ 6] = Q6_R_sub_RR(a[ 6], Q6_R_and_RR(b[ 6], m));
wolfSSL 16:8e0d178b1d1e 379 r[ 7] = Q6_R_sub_RR(a[ 7], Q6_R_and_RR(b[ 7], m));
wolfSSL 16:8e0d178b1d1e 380 r[ 8] = Q6_R_sub_RR(a[ 8], Q6_R_and_RR(b[ 8], m));
wolfSSL 16:8e0d178b1d1e 381 r[ 9] = Q6_R_sub_RR(a[ 9], Q6_R_and_RR(b[ 9], m));
wolfSSL 16:8e0d178b1d1e 382 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 383 }
wolfSSL 16:8e0d178b1d1e 384
wolfSSL 16:8e0d178b1d1e 385 #define sp_256_mont_reduce_order_10 sp_256_mont_reduce_10
wolfSSL 16:8e0d178b1d1e 386
wolfSSL 16:8e0d178b1d1e 387 /* Mul a by scalar b and add into r. (r += a * b)
wolfSSL 16:8e0d178b1d1e 388 *
wolfSSL 16:8e0d178b1d1e 389 * r A single precision integer.
wolfSSL 16:8e0d178b1d1e 390 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 391 * b A scalar.
wolfSSL 16:8e0d178b1d1e 392 */
wolfSSL 16:8e0d178b1d1e 393 SP_NOINLINE static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 394 const sp_digit b)
wolfSSL 16:8e0d178b1d1e 395 {
wolfSSL 16:8e0d178b1d1e 396 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 397 int64_t tb = b;
wolfSSL 16:8e0d178b1d1e 398 int64_t t = 0;
wolfSSL 16:8e0d178b1d1e 399 int i;
wolfSSL 16:8e0d178b1d1e 400
wolfSSL 16:8e0d178b1d1e 401 for (i = 0; i < 10; i++) {
wolfSSL 16:8e0d178b1d1e 402 t += (tb * a[i]) + r[i];
wolfSSL 16:8e0d178b1d1e 403 r[i] = t & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 404 t >>= 26;
wolfSSL 16:8e0d178b1d1e 405 }
wolfSSL 16:8e0d178b1d1e 406 r[10] += t;
wolfSSL 16:8e0d178b1d1e 407 #else
wolfSSL 16:8e0d178b1d1e 408 int64_t tb = b;
wolfSSL 16:8e0d178b1d1e 409 int64_t t[10];
wolfSSL 16:8e0d178b1d1e 410
wolfSSL 16:8e0d178b1d1e 411 t[ 0] = Q6_P_mpy_RR(tb, a[ 0]);
wolfSSL 16:8e0d178b1d1e 412 t[ 1] = Q6_P_mpy_RR(tb, a[ 1]);
wolfSSL 16:8e0d178b1d1e 413 t[ 2] = Q6_P_mpy_RR(tb, a[ 2]);
wolfSSL 16:8e0d178b1d1e 414 t[ 3] = Q6_P_mpy_RR(tb, a[ 3]);
wolfSSL 16:8e0d178b1d1e 415 t[ 4] = Q6_P_mpy_RR(tb, a[ 4]);
wolfSSL 16:8e0d178b1d1e 416 t[ 5] = Q6_P_mpy_RR(tb, a[ 5]);
wolfSSL 16:8e0d178b1d1e 417 t[ 6] = Q6_P_mpy_RR(tb, a[ 6]);
wolfSSL 16:8e0d178b1d1e 418 t[ 7] = Q6_P_mpy_RR(tb, a[ 7]);
wolfSSL 16:8e0d178b1d1e 419 t[ 8] = Q6_P_mpy_RR(tb, a[ 8]);
wolfSSL 16:8e0d178b1d1e 420 t[ 9] = Q6_P_mpy_RR(tb, a[ 9]);
wolfSSL 16:8e0d178b1d1e 421 r[ 0] += (t[ 0] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 422 r[ 1] += (t[ 0] >> 26) + (t[ 1] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 423 r[ 2] += (t[ 1] >> 26) + (t[ 2] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 424 r[ 3] += (t[ 2] >> 26) + (t[ 3] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 425 r[ 4] += (t[ 3] >> 26) + (t[ 4] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 426 r[ 5] += (t[ 4] >> 26) + (t[ 5] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 427 r[ 6] += (t[ 5] >> 26) + (t[ 6] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 428 r[ 7] += (t[ 6] >> 26) + (t[ 7] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 429 r[ 8] += (t[ 7] >> 26) + (t[ 8] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 430 r[ 9] += (t[ 8] >> 26) + (t[ 9] & 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 431 r[10] += t[ 9] >> 26;
wolfSSL 16:8e0d178b1d1e 432 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 433 }
wolfSSL 16:8e0d178b1d1e 434
wolfSSL 16:8e0d178b1d1e 435 /* Shift the result in the high 256 bits down to the bottom.
wolfSSL 16:8e0d178b1d1e 436 *
wolfSSL 16:8e0d178b1d1e 437 * r A single precision number.
wolfSSL 16:8e0d178b1d1e 438 * a A single precision number.
wolfSSL 16:8e0d178b1d1e 439 */
wolfSSL 16:8e0d178b1d1e 440 static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
wolfSSL 16:8e0d178b1d1e 441 {
wolfSSL 16:8e0d178b1d1e 442 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 443 int i;
wolfSSL 16:8e0d178b1d1e 444 sp_digit n, s;
wolfSSL 16:8e0d178b1d1e 445
wolfSSL 16:8e0d178b1d1e 446 s = a[10];
wolfSSL 16:8e0d178b1d1e 447 n = a[9] >> 22;
wolfSSL 16:8e0d178b1d1e 448 for (i = 0; i < 9; i++) {
wolfSSL 16:8e0d178b1d1e 449 n += (s & 0x3ffffff) << 4;
wolfSSL 16:8e0d178b1d1e 450 r[i] = n & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 451 n >>= 26;
wolfSSL 16:8e0d178b1d1e 452 s = a[11 + i] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 453 }
wolfSSL 16:8e0d178b1d1e 454 n += s << 4;
wolfSSL 16:8e0d178b1d1e 455 r[9] = n;
wolfSSL 16:8e0d178b1d1e 456 #else
wolfSSL 16:8e0d178b1d1e 457 sp_digit n, s;
wolfSSL 16:8e0d178b1d1e 458
wolfSSL 16:8e0d178b1d1e 459 s = a[10]; n = a[9] >> 22;
wolfSSL 16:8e0d178b1d1e 460 n += (s & 0x3ffffff) << 4; r[ 0] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 461 n >>= 26; s = a[11] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 462 n += (s & 0x3ffffff) << 4; r[ 1] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 463 n >>= 26; s = a[12] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 464 n += (s & 0x3ffffff) << 4; r[ 2] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 465 n >>= 26; s = a[13] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 466 n += (s & 0x3ffffff) << 4; r[ 3] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 467 n >>= 26; s = a[14] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 468 n += (s & 0x3ffffff) << 4; r[ 4] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 469 n >>= 26; s = a[15] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 470 n += (s & 0x3ffffff) << 4; r[ 5] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 471 n >>= 26; s = a[16] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 472 n += (s & 0x3ffffff) << 4; r[ 6] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 473 n >>= 26; s = a[17] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 474 n += (s & 0x3ffffff) << 4; r[ 7] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 475 n >>= 26; s = a[18] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 476 n += (s & 0x3ffffff) << 4; r[ 8] = Q6_R_and_RR(n, 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 477 n >>= 26; s = a[19] + (s >> 26);
wolfSSL 16:8e0d178b1d1e 478 n += s << 4; r[ 9] = n;
wolfSSL 16:8e0d178b1d1e 479 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 480 XMEMSET(&r[10], 0, sizeof(*r) * 10U);
wolfSSL 16:8e0d178b1d1e 481 }
wolfSSL 16:8e0d178b1d1e 482
wolfSSL 16:8e0d178b1d1e 483
wolfSSL 16:8e0d178b1d1e 484 /* Reduce the number back to 256 bits using Montgomery reduction.
wolfSSL 16:8e0d178b1d1e 485 *
wolfSSL 16:8e0d178b1d1e 486 * a A single precision number to reduce in place.
wolfSSL 16:8e0d178b1d1e 487 * m The single precision number representing the modulus.
wolfSSL 16:8e0d178b1d1e 488 * mp The digit representing the negative inverse of m mod 2^n.
wolfSSL 16:8e0d178b1d1e 489 */
wolfSSL 16:8e0d178b1d1e 490 static void sp_256_mont_reduce_10(sp_digit* a, const sp_digit* m, sp_digit mp)
wolfSSL 16:8e0d178b1d1e 491 {
wolfSSL 16:8e0d178b1d1e 492 sp_digit mu;
wolfSSL 16:8e0d178b1d1e 493
wolfSSL 16:8e0d178b1d1e 494
wolfSSL 16:8e0d178b1d1e 495 /* unrolled for loops due to unexpected behavior with -O optimizations */
wolfSSL 16:8e0d178b1d1e 496 if (mp != 1) {
wolfSSL 16:8e0d178b1d1e 497 mu = Q6_P_mpy_RR(a[0], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 498 sp_256_mul_add_10(a+0, m, mu);
wolfSSL 16:8e0d178b1d1e 499 a[0+1] += a[0] >> 26;
wolfSSL 16:8e0d178b1d1e 500
wolfSSL 16:8e0d178b1d1e 501 mu = Q6_P_mpy_RR(a[1], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 502 sp_256_mul_add_10(a+1, m, mu);
wolfSSL 16:8e0d178b1d1e 503 a[1+1] += a[1] >> 26;
wolfSSL 16:8e0d178b1d1e 504
wolfSSL 16:8e0d178b1d1e 505 mu = Q6_P_mpy_RR(a[2], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 506 sp_256_mul_add_10(a+2, m, mu);
wolfSSL 16:8e0d178b1d1e 507 a[2+1] += a[2] >> 26;
wolfSSL 16:8e0d178b1d1e 508
wolfSSL 16:8e0d178b1d1e 509 mu = Q6_P_mpy_RR(a[3], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 510 sp_256_mul_add_10(a+3, m, mu);
wolfSSL 16:8e0d178b1d1e 511 a[3+1] += a[3] >> 26;
wolfSSL 16:8e0d178b1d1e 512
wolfSSL 16:8e0d178b1d1e 513 mu = Q6_P_mpy_RR(a[4], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 514 sp_256_mul_add_10(a+4, m, mu);
wolfSSL 16:8e0d178b1d1e 515 a[4+1] += a[4] >> 26;
wolfSSL 16:8e0d178b1d1e 516
wolfSSL 16:8e0d178b1d1e 517 mu = Q6_P_mpy_RR(a[5], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 518 sp_256_mul_add_10(a+5, m, mu);
wolfSSL 16:8e0d178b1d1e 519 a[5+1] += a[5] >> 26;
wolfSSL 16:8e0d178b1d1e 520
wolfSSL 16:8e0d178b1d1e 521 mu = Q6_P_mpy_RR(a[6], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 522 sp_256_mul_add_10(a+6, m, mu);
wolfSSL 16:8e0d178b1d1e 523 a[6+1] += a[6] >> 26;
wolfSSL 16:8e0d178b1d1e 524
wolfSSL 16:8e0d178b1d1e 525 mu = Q6_P_mpy_RR(a[7], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 526 sp_256_mul_add_10(a+7, m, mu);
wolfSSL 16:8e0d178b1d1e 527 a[7+1] += a[7] >> 26;
wolfSSL 16:8e0d178b1d1e 528
wolfSSL 16:8e0d178b1d1e 529 mu = Q6_P_mpy_RR(a[8], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 530 sp_256_mul_add_10(a+8, m, mu);
wolfSSL 16:8e0d178b1d1e 531 a[8+1] += a[8] >> 26;
wolfSSL 16:8e0d178b1d1e 532
wolfSSL 16:8e0d178b1d1e 533 mu = Q6_P_mpy_RR(a[9], mp) & 0x3fffffL;
wolfSSL 16:8e0d178b1d1e 534 sp_256_mul_add_10(a+9, m, mu);
wolfSSL 16:8e0d178b1d1e 535 a[9+1] += a[9] >> 26;
wolfSSL 16:8e0d178b1d1e 536 a[9] &= 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 537 }
wolfSSL 16:8e0d178b1d1e 538 else {
wolfSSL 16:8e0d178b1d1e 539 mu = Q6_P_mpy_RR(a[0], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 540 sp_256_mul_add_10(a+0, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 541 a[0+1] += a[0] >> 26;
wolfSSL 16:8e0d178b1d1e 542
wolfSSL 16:8e0d178b1d1e 543 mu = Q6_P_mpy_RR(a[1], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 544 sp_256_mul_add_10(a+1, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 545 a[1+1] += a[1] >> 26;
wolfSSL 16:8e0d178b1d1e 546
wolfSSL 16:8e0d178b1d1e 547 mu = Q6_P_mpy_RR(a[2], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 548 sp_256_mul_add_10(a+2, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 549 a[2+1] += a[2] >> 26;
wolfSSL 16:8e0d178b1d1e 550
wolfSSL 16:8e0d178b1d1e 551 mu = Q6_P_mpy_RR(a[3], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 552 sp_256_mul_add_10(a+3, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 553 a[3+1] += a[3] >> 26;
wolfSSL 16:8e0d178b1d1e 554
wolfSSL 16:8e0d178b1d1e 555 mu = Q6_P_mpy_RR(a[4], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 556 sp_256_mul_add_10(a+4, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 557 a[4+1] += a[4] >> 26;
wolfSSL 16:8e0d178b1d1e 558
wolfSSL 16:8e0d178b1d1e 559 mu = Q6_P_mpy_RR(a[5], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 560 sp_256_mul_add_10(a+5, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 561 a[5+1] += a[5] >> 26;
wolfSSL 16:8e0d178b1d1e 562
wolfSSL 16:8e0d178b1d1e 563 mu = Q6_P_mpy_RR(a[6], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 564 sp_256_mul_add_10(a+6, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 565 a[6+1] += a[6] >> 26;
wolfSSL 16:8e0d178b1d1e 566
wolfSSL 16:8e0d178b1d1e 567 mu = Q6_P_mpy_RR(a[7], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 568 sp_256_mul_add_10(a+7, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 569 a[7+1] += a[7] >> 26;
wolfSSL 16:8e0d178b1d1e 570
wolfSSL 16:8e0d178b1d1e 571 mu = Q6_P_mpy_RR(a[8], mp) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 572 sp_256_mul_add_10(a+8, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 573 a[8+1] += a[8] >> 26;
wolfSSL 16:8e0d178b1d1e 574
wolfSSL 16:8e0d178b1d1e 575 mu = Q6_P_mpy_RR(a[9], mp) & 0x3fffffL;
wolfSSL 16:8e0d178b1d1e 576 sp_256_mul_add_10(a+9, p256_mod, mu);
wolfSSL 16:8e0d178b1d1e 577 a[9+1] += a[9] >> 26;
wolfSSL 16:8e0d178b1d1e 578 a[9] &= 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 579 }
wolfSSL 16:8e0d178b1d1e 580
wolfSSL 16:8e0d178b1d1e 581
wolfSSL 16:8e0d178b1d1e 582 sp_256_mont_shift_10(a, a);
wolfSSL 16:8e0d178b1d1e 583 sp_256_cond_sub_10(a, a, m, 0 - (((a[9] >> 22) > 0) ?
wolfSSL 16:8e0d178b1d1e 584 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 585 sp_256_norm_10(a);
wolfSSL 16:8e0d178b1d1e 586 }
wolfSSL 16:8e0d178b1d1e 587
wolfSSL 16:8e0d178b1d1e 588 /* Multiply a and b into r. (r = a * b)
wolfSSL 16:8e0d178b1d1e 589 *
wolfSSL 16:8e0d178b1d1e 590 * r A single precision integer.
wolfSSL 16:8e0d178b1d1e 591 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 592 * b A single precision integer.
wolfSSL 16:8e0d178b1d1e 593 */
wolfSSL 16:8e0d178b1d1e 594 SP_NOINLINE static void sp_256_mul_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 595 const sp_digit* b)
wolfSSL 16:8e0d178b1d1e 596 {
wolfSSL 16:8e0d178b1d1e 597 #if 1
wolfSSL 16:8e0d178b1d1e 598 int64_t t0 = Q6_P_mpy_RR(a[0], b[0]);
wolfSSL 16:8e0d178b1d1e 599 int64_t t1 = Q6_P_mpy_RR(a[0], b[1])
wolfSSL 16:8e0d178b1d1e 600 + Q6_P_mpy_RR(a[1], b[0]);
wolfSSL 16:8e0d178b1d1e 601 int64_t t2 = Q6_P_mpy_RR(a[0], b[2])
wolfSSL 16:8e0d178b1d1e 602 + Q6_P_mpy_RR(a[1], b[1])
wolfSSL 16:8e0d178b1d1e 603 + Q6_P_mpy_RR(a[2], b[0]);
wolfSSL 16:8e0d178b1d1e 604 int64_t t3 = Q6_P_mpy_RR(a[0], b[3])
wolfSSL 16:8e0d178b1d1e 605 + Q6_P_mpy_RR(a[1], b[2])
wolfSSL 16:8e0d178b1d1e 606 + Q6_P_mpy_RR(a[2], b[1])
wolfSSL 16:8e0d178b1d1e 607 + Q6_P_mpy_RR(a[3], b[0]);
wolfSSL 16:8e0d178b1d1e 608 int64_t t4 = Q6_P_mpy_RR(a[0], b[4])
wolfSSL 16:8e0d178b1d1e 609 + Q6_P_mpy_RR(a[1], b[3])
wolfSSL 16:8e0d178b1d1e 610 + Q6_P_mpy_RR(a[2], b[2])
wolfSSL 16:8e0d178b1d1e 611 + Q6_P_mpy_RR(a[3], b[1])
wolfSSL 16:8e0d178b1d1e 612 + Q6_P_mpy_RR(a[4], b[0]);
wolfSSL 16:8e0d178b1d1e 613 int64_t t5 = Q6_P_mpy_RR(a[0], b[5])
wolfSSL 16:8e0d178b1d1e 614 + Q6_P_mpy_RR(a[1], b[4])
wolfSSL 16:8e0d178b1d1e 615 + Q6_P_mpy_RR(a[2], b[3])
wolfSSL 16:8e0d178b1d1e 616 + Q6_P_mpy_RR(a[3], b[2])
wolfSSL 16:8e0d178b1d1e 617 + Q6_P_mpy_RR(a[4], b[1])
wolfSSL 16:8e0d178b1d1e 618 + Q6_P_mpy_RR(a[5], b[0]);
wolfSSL 16:8e0d178b1d1e 619 int64_t t6 = Q6_P_mpy_RR(a[0], b[6])
wolfSSL 16:8e0d178b1d1e 620 + Q6_P_mpy_RR(a[1], b[5])
wolfSSL 16:8e0d178b1d1e 621 + Q6_P_mpy_RR(a[2], b[4])
wolfSSL 16:8e0d178b1d1e 622 + Q6_P_mpy_RR(a[3], b[3])
wolfSSL 16:8e0d178b1d1e 623 + Q6_P_mpy_RR(a[4], b[2])
wolfSSL 16:8e0d178b1d1e 624 + Q6_P_mpy_RR(a[5], b[1])
wolfSSL 16:8e0d178b1d1e 625 + Q6_P_mpy_RR(a[6], b[0]);
wolfSSL 16:8e0d178b1d1e 626 int64_t t7 = Q6_P_mpy_RR(a[0], b[7])
wolfSSL 16:8e0d178b1d1e 627 + Q6_P_mpy_RR(a[1], b[6])
wolfSSL 16:8e0d178b1d1e 628 + Q6_P_mpy_RR(a[2], b[5])
wolfSSL 16:8e0d178b1d1e 629 + Q6_P_mpy_RR(a[3], b[4])
wolfSSL 16:8e0d178b1d1e 630 + Q6_P_mpy_RR(a[4], b[3])
wolfSSL 16:8e0d178b1d1e 631 + Q6_P_mpy_RR(a[5], b[2])
wolfSSL 16:8e0d178b1d1e 632 + Q6_P_mpy_RR(a[6], b[1])
wolfSSL 16:8e0d178b1d1e 633 + Q6_P_mpy_RR(a[7], b[0]);
wolfSSL 16:8e0d178b1d1e 634 int64_t t8 = Q6_P_mpy_RR(a[0], b[8])
wolfSSL 16:8e0d178b1d1e 635 + Q6_P_mpy_RR(a[1], b[7])
wolfSSL 16:8e0d178b1d1e 636 + Q6_P_mpy_RR(a[2], b[6])
wolfSSL 16:8e0d178b1d1e 637 + Q6_P_mpy_RR(a[3], b[5])
wolfSSL 16:8e0d178b1d1e 638 + Q6_P_mpy_RR(a[4], b[4])
wolfSSL 16:8e0d178b1d1e 639 + Q6_P_mpy_RR(a[5], b[3])
wolfSSL 16:8e0d178b1d1e 640 + Q6_P_mpy_RR(a[6], b[2])
wolfSSL 16:8e0d178b1d1e 641 + Q6_P_mpy_RR(a[7], b[1])
wolfSSL 16:8e0d178b1d1e 642 + Q6_P_mpy_RR(a[8], b[0]);
wolfSSL 16:8e0d178b1d1e 643 int64_t t9 = Q6_P_mpy_RR(a[0], b[9])
wolfSSL 16:8e0d178b1d1e 644 + Q6_P_mpy_RR(a[1], b[8])
wolfSSL 16:8e0d178b1d1e 645 + Q6_P_mpy_RR(a[2], b[7])
wolfSSL 16:8e0d178b1d1e 646 + Q6_P_mpy_RR(a[3], b[6])
wolfSSL 16:8e0d178b1d1e 647 + Q6_P_mpy_RR(a[4], b[5])
wolfSSL 16:8e0d178b1d1e 648 + Q6_P_mpy_RR(a[5], b[4])
wolfSSL 16:8e0d178b1d1e 649 + Q6_P_mpy_RR(a[6], b[3])
wolfSSL 16:8e0d178b1d1e 650 + Q6_P_mpy_RR(a[7], b[2])
wolfSSL 16:8e0d178b1d1e 651 + Q6_P_mpy_RR(a[8], b[1])
wolfSSL 16:8e0d178b1d1e 652 + Q6_P_mpy_RR(a[9], b[0]);
wolfSSL 16:8e0d178b1d1e 653 int64_t t10 = Q6_P_mpy_RR(a[1], b[9])
wolfSSL 16:8e0d178b1d1e 654 + Q6_P_mpy_RR(a[2], b[8])
wolfSSL 16:8e0d178b1d1e 655 + Q6_P_mpy_RR(a[3], b[7])
wolfSSL 16:8e0d178b1d1e 656 + Q6_P_mpy_RR(a[4], b[6])
wolfSSL 16:8e0d178b1d1e 657 + Q6_P_mpy_RR(a[5], b[5])
wolfSSL 16:8e0d178b1d1e 658 + Q6_P_mpy_RR(a[6], b[4])
wolfSSL 16:8e0d178b1d1e 659 + Q6_P_mpy_RR(a[7], b[3])
wolfSSL 16:8e0d178b1d1e 660 + Q6_P_mpy_RR(a[8], b[2])
wolfSSL 16:8e0d178b1d1e 661 + Q6_P_mpy_RR(a[9], b[1]);
wolfSSL 16:8e0d178b1d1e 662 int64_t t11 = Q6_P_mpy_RR(a[2], b[9])
wolfSSL 16:8e0d178b1d1e 663 + Q6_P_mpy_RR(a[3], b[8])
wolfSSL 16:8e0d178b1d1e 664 + Q6_P_mpy_RR(a[4], b[7])
wolfSSL 16:8e0d178b1d1e 665 + Q6_P_mpy_RR(a[5], b[6])
wolfSSL 16:8e0d178b1d1e 666 + Q6_P_mpy_RR(a[6], b[5])
wolfSSL 16:8e0d178b1d1e 667 + Q6_P_mpy_RR(a[7], b[4])
wolfSSL 16:8e0d178b1d1e 668 + Q6_P_mpy_RR(a[8], b[3])
wolfSSL 16:8e0d178b1d1e 669 + Q6_P_mpy_RR(a[9], b[2]);
wolfSSL 16:8e0d178b1d1e 670 int64_t t12 = Q6_P_mpy_RR(a[3], b[9])
wolfSSL 16:8e0d178b1d1e 671 + Q6_P_mpy_RR(a[4], b[8])
wolfSSL 16:8e0d178b1d1e 672 + Q6_P_mpy_RR(a[5], b[7])
wolfSSL 16:8e0d178b1d1e 673 + Q6_P_mpy_RR(a[6], b[6])
wolfSSL 16:8e0d178b1d1e 674 + Q6_P_mpy_RR(a[7], b[5])
wolfSSL 16:8e0d178b1d1e 675 + Q6_P_mpy_RR(a[8], b[4])
wolfSSL 16:8e0d178b1d1e 676 + Q6_P_mpy_RR(a[9], b[3]);
wolfSSL 16:8e0d178b1d1e 677 int64_t t13 = Q6_P_mpy_RR(a[4], b[9])
wolfSSL 16:8e0d178b1d1e 678 + Q6_P_mpy_RR(a[5], b[8])
wolfSSL 16:8e0d178b1d1e 679 + Q6_P_mpy_RR(a[6], b[7])
wolfSSL 16:8e0d178b1d1e 680 + Q6_P_mpy_RR(a[7], b[6])
wolfSSL 16:8e0d178b1d1e 681 + Q6_P_mpy_RR(a[8], b[5])
wolfSSL 16:8e0d178b1d1e 682 + Q6_P_mpy_RR(a[9], b[4]);
wolfSSL 16:8e0d178b1d1e 683 int64_t t14 = Q6_P_mpy_RR(a[5], b[9])
wolfSSL 16:8e0d178b1d1e 684 + Q6_P_mpy_RR(a[6], b[8])
wolfSSL 16:8e0d178b1d1e 685 + Q6_P_mpy_RR(a[7], b[7])
wolfSSL 16:8e0d178b1d1e 686 + Q6_P_mpy_RR(a[8], b[6])
wolfSSL 16:8e0d178b1d1e 687 + Q6_P_mpy_RR(a[9], b[5]);
wolfSSL 16:8e0d178b1d1e 688 int64_t t15 = Q6_P_mpy_RR(a[6], b[9])
wolfSSL 16:8e0d178b1d1e 689 + Q6_P_mpy_RR(a[7], b[8])
wolfSSL 16:8e0d178b1d1e 690 + Q6_P_mpy_RR(a[8], b[7])
wolfSSL 16:8e0d178b1d1e 691 + Q6_P_mpy_RR(a[9], b[6]);
wolfSSL 16:8e0d178b1d1e 692 int64_t t16 = Q6_P_mpy_RR(a[7], b[9])
wolfSSL 16:8e0d178b1d1e 693 + Q6_P_mpy_RR(a[8], b[8])
wolfSSL 16:8e0d178b1d1e 694 + Q6_P_mpy_RR(a[9], b[7]);
wolfSSL 16:8e0d178b1d1e 695 int64_t t17 = Q6_P_mpy_RR(a[8], b[9])
wolfSSL 16:8e0d178b1d1e 696 + Q6_P_mpy_RR(a[9], b[8]);
wolfSSL 16:8e0d178b1d1e 697 int64_t t18 = Q6_P_mpy_RR(a[9], b[9]);
wolfSSL 16:8e0d178b1d1e 698
wolfSSL 16:8e0d178b1d1e 699
wolfSSL 16:8e0d178b1d1e 700 t1 += t0 >> 26; r[ 0] = t0 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 701 t2 += t1 >> 26; r[ 1] = t1 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 702 t3 += t2 >> 26; r[ 2] = t2 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 703 t4 += t3 >> 26; r[ 3] = t3 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 704 t5 += t4 >> 26; r[ 4] = t4 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 705 t6 += t5 >> 26; r[ 5] = t5 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 706 t7 += t6 >> 26; r[ 6] = t6 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 707 t8 += t7 >> 26; r[ 7] = t7 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 708 t9 += t8 >> 26; r[ 8] = t8 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 709 t10 += t9 >> 26; r[ 9] = t9 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 710 t11 += t10 >> 26; r[10] = t10 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 711 t12 += t11 >> 26; r[11] = t11 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 712 t13 += t12 >> 26; r[12] = t12 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 713 t14 += t13 >> 26; r[13] = t13 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 714 t15 += t14 >> 26; r[14] = t14 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 715 t16 += t15 >> 26; r[15] = t15 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 716 t17 += t16 >> 26; r[16] = t16 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 717 t18 += t17 >> 26; r[17] = t17 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 718 r[19] = (sp_digit)(t18 >> 26);
wolfSSL 16:8e0d178b1d1e 719 r[18] = t18 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 720 #endif
wolfSSL 16:8e0d178b1d1e 721 #if 0
wolfSSL 16:8e0d178b1d1e 722 /* Testing speeds with using HVX_Vectors */
wolfSSL 16:8e0d178b1d1e 723 {
wolfSSL 16:8e0d178b1d1e 724 int64_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12, t13, t14, t15, t16, t17, t18;
wolfSSL 16:8e0d178b1d1e 725 HVX_Vector av, splat;
wolfSSL 16:8e0d178b1d1e 726 HVX_Vector vlow, vhi;
wolfSSL 16:8e0d178b1d1e 727
wolfSSL 16:8e0d178b1d1e 728 av = Q6_V_vzero();
wolfSSL 16:8e0d178b1d1e 729 vlow = Q6_V_vzero();
wolfSSL 16:8e0d178b1d1e 730 vhi = Q6_V_vzero();
wolfSSL 16:8e0d178b1d1e 731
wolfSSL 16:8e0d178b1d1e 732 XMEMCPY((byte*)&av, (byte*)a, 40);
wolfSSL 16:8e0d178b1d1e 733
wolfSSL 16:8e0d178b1d1e 734 splat = Q6_V_vsplat_R(b[0]);
wolfSSL 16:8e0d178b1d1e 735 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 736 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 737
wolfSSL 16:8e0d178b1d1e 738 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 739 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 740 unsigned int* loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 741 int* hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 742
wolfSSL 16:8e0d178b1d1e 743 /* a[0] * b[0] */
wolfSSL 16:8e0d178b1d1e 744 t0 = loi[0] | ((int64_t)hii[0] << 31);
wolfSSL 16:8e0d178b1d1e 745
wolfSSL 16:8e0d178b1d1e 746 /* a[1] * b[0] */
wolfSSL 16:8e0d178b1d1e 747 t1 = loi[1] | ((int64_t)hii[1] << 31);
wolfSSL 16:8e0d178b1d1e 748
wolfSSL 16:8e0d178b1d1e 749 /* a[2] * b[0] */
wolfSSL 16:8e0d178b1d1e 750 t2 = loi[2] | ((int64_t)hii[2] << 31);
wolfSSL 16:8e0d178b1d1e 751
wolfSSL 16:8e0d178b1d1e 752 /* a[3] * b[0] */
wolfSSL 16:8e0d178b1d1e 753 t3 = loi[3] | ((int64_t)hii[3] << 31);
wolfSSL 16:8e0d178b1d1e 754
wolfSSL 16:8e0d178b1d1e 755 /* a[4] * b[0] */
wolfSSL 16:8e0d178b1d1e 756 t4 = loi[4] | ((int64_t)hii[4] << 31);
wolfSSL 16:8e0d178b1d1e 757
wolfSSL 16:8e0d178b1d1e 758 /* a[5] * b[0] */
wolfSSL 16:8e0d178b1d1e 759 t5 = loi[5] | ((int64_t)hii[5] << 31);
wolfSSL 16:8e0d178b1d1e 760
wolfSSL 16:8e0d178b1d1e 761 /* a[6] * b[0] */
wolfSSL 16:8e0d178b1d1e 762 t6 = loi[6] | ((int64_t)hii[6] << 31);
wolfSSL 16:8e0d178b1d1e 763
wolfSSL 16:8e0d178b1d1e 764 /* a[7] * b[0] */
wolfSSL 16:8e0d178b1d1e 765 t7 = loi[7] | ((int64_t)hii[7] << 31);
wolfSSL 16:8e0d178b1d1e 766
wolfSSL 16:8e0d178b1d1e 767 /* a[8] * b[0] */
wolfSSL 16:8e0d178b1d1e 768 t8 = loi[8] | ((int64_t)hii[8] << 31);
wolfSSL 16:8e0d178b1d1e 769
wolfSSL 16:8e0d178b1d1e 770 /* a[9] * b[0] */
wolfSSL 16:8e0d178b1d1e 771 t9 = loi[9] | ((int64_t)hii[9] << 31);
wolfSSL 16:8e0d178b1d1e 772
wolfSSL 16:8e0d178b1d1e 773 /* a[*] * b[1] */
wolfSSL 16:8e0d178b1d1e 774 splat = Q6_V_vsplat_R(b[1]);
wolfSSL 16:8e0d178b1d1e 775 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 776 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 777 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 778 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 779 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 780 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 781
wolfSSL 16:8e0d178b1d1e 782 /* a[0] * b[1] */
wolfSSL 16:8e0d178b1d1e 783 t1 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 784
wolfSSL 16:8e0d178b1d1e 785 /* a[1] * b[1] */
wolfSSL 16:8e0d178b1d1e 786 t2 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 787
wolfSSL 16:8e0d178b1d1e 788 /* a[2] * b[1] */
wolfSSL 16:8e0d178b1d1e 789 t3 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 790
wolfSSL 16:8e0d178b1d1e 791 /* a[3] * b[1] */
wolfSSL 16:8e0d178b1d1e 792 t4 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 793
wolfSSL 16:8e0d178b1d1e 794 /* a[4] * b[1] */
wolfSSL 16:8e0d178b1d1e 795 t5 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 796
wolfSSL 16:8e0d178b1d1e 797 /* a[5] * b[1] */
wolfSSL 16:8e0d178b1d1e 798 t6 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 799
wolfSSL 16:8e0d178b1d1e 800 /* a[6] * b[1] */
wolfSSL 16:8e0d178b1d1e 801 t7 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 802
wolfSSL 16:8e0d178b1d1e 803 /* a[7] * b[1] */
wolfSSL 16:8e0d178b1d1e 804 t8 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 805
wolfSSL 16:8e0d178b1d1e 806 /* a[8] * b[1] */
wolfSSL 16:8e0d178b1d1e 807 t9 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 808
wolfSSL 16:8e0d178b1d1e 809 /* a[9] * b[1] */
wolfSSL 16:8e0d178b1d1e 810 t10 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 811
wolfSSL 16:8e0d178b1d1e 812 /* a[*] * b[2] */
wolfSSL 16:8e0d178b1d1e 813 splat = Q6_V_vsplat_R(b[2]);
wolfSSL 16:8e0d178b1d1e 814 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 815 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 816 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 817 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 818 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 819 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 820
wolfSSL 16:8e0d178b1d1e 821
wolfSSL 16:8e0d178b1d1e 822 /* a[0] * b[2] */
wolfSSL 16:8e0d178b1d1e 823 t2 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 824
wolfSSL 16:8e0d178b1d1e 825 /* a[1] * b[2] */
wolfSSL 16:8e0d178b1d1e 826 t3 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 827
wolfSSL 16:8e0d178b1d1e 828 /* a[2] * b[2] */
wolfSSL 16:8e0d178b1d1e 829 t4 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 830
wolfSSL 16:8e0d178b1d1e 831 /* a[3] * b[2] */
wolfSSL 16:8e0d178b1d1e 832 t5 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 833
wolfSSL 16:8e0d178b1d1e 834 /* a[4] * b[2] */
wolfSSL 16:8e0d178b1d1e 835 t6 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 836
wolfSSL 16:8e0d178b1d1e 837 /* a[5] * b[2] */
wolfSSL 16:8e0d178b1d1e 838 t7 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 839
wolfSSL 16:8e0d178b1d1e 840 /* a[6] * b[2] */
wolfSSL 16:8e0d178b1d1e 841 t8 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 842
wolfSSL 16:8e0d178b1d1e 843 /* a[7] * b[2] */
wolfSSL 16:8e0d178b1d1e 844 t9 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 845
wolfSSL 16:8e0d178b1d1e 846 /* a[8] * b[2] */
wolfSSL 16:8e0d178b1d1e 847 t10 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 848
wolfSSL 16:8e0d178b1d1e 849 /* a[9] * b[2] */
wolfSSL 16:8e0d178b1d1e 850 t11 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 851
wolfSSL 16:8e0d178b1d1e 852
wolfSSL 16:8e0d178b1d1e 853 /* a[*] * b[3] */
wolfSSL 16:8e0d178b1d1e 854 splat = Q6_V_vsplat_R(b[3]);
wolfSSL 16:8e0d178b1d1e 855 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 856 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 857 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 858 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 859 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 860 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 861
wolfSSL 16:8e0d178b1d1e 862
wolfSSL 16:8e0d178b1d1e 863 /* a[0] * b[3] */
wolfSSL 16:8e0d178b1d1e 864 t3 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 865
wolfSSL 16:8e0d178b1d1e 866 /* a[1] * b[3] */
wolfSSL 16:8e0d178b1d1e 867 t4 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 868
wolfSSL 16:8e0d178b1d1e 869 /* a[2] * b[3] */
wolfSSL 16:8e0d178b1d1e 870 t5 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 871
wolfSSL 16:8e0d178b1d1e 872 /* a[3] * b[3] */
wolfSSL 16:8e0d178b1d1e 873 t6 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 874
wolfSSL 16:8e0d178b1d1e 875 /* a[4] * b[3] */
wolfSSL 16:8e0d178b1d1e 876 t7 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 877
wolfSSL 16:8e0d178b1d1e 878 /* a[5] * b[3] */
wolfSSL 16:8e0d178b1d1e 879 t8 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 880
wolfSSL 16:8e0d178b1d1e 881 /* a[6] * b[3] */
wolfSSL 16:8e0d178b1d1e 882 t9 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 883
wolfSSL 16:8e0d178b1d1e 884 /* a[7] * b[3] */
wolfSSL 16:8e0d178b1d1e 885 t10 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 886
wolfSSL 16:8e0d178b1d1e 887 /* a[8] * b[3] */
wolfSSL 16:8e0d178b1d1e 888 t11 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 889
wolfSSL 16:8e0d178b1d1e 890 /* a[9] * b[3] */
wolfSSL 16:8e0d178b1d1e 891 t12 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 892
wolfSSL 16:8e0d178b1d1e 893
wolfSSL 16:8e0d178b1d1e 894 /* a[*] * b[4] */
wolfSSL 16:8e0d178b1d1e 895 splat = Q6_V_vsplat_R(b[4]);
wolfSSL 16:8e0d178b1d1e 896 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 897 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 898 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 899 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 900 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 901 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 902
wolfSSL 16:8e0d178b1d1e 903
wolfSSL 16:8e0d178b1d1e 904 /* a[0] * b[4] */
wolfSSL 16:8e0d178b1d1e 905 t4 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 906
wolfSSL 16:8e0d178b1d1e 907 /* a[1] * b[4] */
wolfSSL 16:8e0d178b1d1e 908 t5 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 909
wolfSSL 16:8e0d178b1d1e 910 /* a[2] * b[4] */
wolfSSL 16:8e0d178b1d1e 911 t6 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 912
wolfSSL 16:8e0d178b1d1e 913 /* a[3] * b[4] */
wolfSSL 16:8e0d178b1d1e 914 t7 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 915
wolfSSL 16:8e0d178b1d1e 916 /* a[4] * b[4] */
wolfSSL 16:8e0d178b1d1e 917 t8 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 918
wolfSSL 16:8e0d178b1d1e 919 /* a[5] * b[4] */
wolfSSL 16:8e0d178b1d1e 920 t9 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 921
wolfSSL 16:8e0d178b1d1e 922 /* a[6] * b[4] */
wolfSSL 16:8e0d178b1d1e 923 t10 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 924
wolfSSL 16:8e0d178b1d1e 925 /* a[7] * b[4] */
wolfSSL 16:8e0d178b1d1e 926 t11 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 927
wolfSSL 16:8e0d178b1d1e 928 /* a[8] * b[4] */
wolfSSL 16:8e0d178b1d1e 929 t12 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 930
wolfSSL 16:8e0d178b1d1e 931 /* a[9] * b[4] */
wolfSSL 16:8e0d178b1d1e 932 t13 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 933
wolfSSL 16:8e0d178b1d1e 934
wolfSSL 16:8e0d178b1d1e 935 /* a[*] * b[5] */
wolfSSL 16:8e0d178b1d1e 936 splat = Q6_V_vsplat_R(b[5]);
wolfSSL 16:8e0d178b1d1e 937 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 938 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 939 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 940 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 941 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 942 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 943
wolfSSL 16:8e0d178b1d1e 944
wolfSSL 16:8e0d178b1d1e 945 /* a[0] * b[5] */
wolfSSL 16:8e0d178b1d1e 946 t5 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 947
wolfSSL 16:8e0d178b1d1e 948 /* a[1] * b[5] */
wolfSSL 16:8e0d178b1d1e 949 t6 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 950
wolfSSL 16:8e0d178b1d1e 951 /* a[2] * b[5] */
wolfSSL 16:8e0d178b1d1e 952 t7 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 953
wolfSSL 16:8e0d178b1d1e 954 /* a[3] * b[5] */
wolfSSL 16:8e0d178b1d1e 955 t8 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 956
wolfSSL 16:8e0d178b1d1e 957 /* a[4] * b[5] */
wolfSSL 16:8e0d178b1d1e 958 t9 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 959
wolfSSL 16:8e0d178b1d1e 960 /* a[5] * b[5] */
wolfSSL 16:8e0d178b1d1e 961 t10 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 962
wolfSSL 16:8e0d178b1d1e 963 /* a[6] * b[5] */
wolfSSL 16:8e0d178b1d1e 964 t11 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 965
wolfSSL 16:8e0d178b1d1e 966 /* a[7] * b[5] */
wolfSSL 16:8e0d178b1d1e 967 t12 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 968
wolfSSL 16:8e0d178b1d1e 969 /* a[8] * b[5] */
wolfSSL 16:8e0d178b1d1e 970 t13 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 971
wolfSSL 16:8e0d178b1d1e 972 /* a[9] * b[5] */
wolfSSL 16:8e0d178b1d1e 973 t14 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 974
wolfSSL 16:8e0d178b1d1e 975
wolfSSL 16:8e0d178b1d1e 976 /* a[*] * b[6] */
wolfSSL 16:8e0d178b1d1e 977 splat = Q6_V_vsplat_R(b[6]);
wolfSSL 16:8e0d178b1d1e 978 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 979 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 980 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 981 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 982 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 983 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 984
wolfSSL 16:8e0d178b1d1e 985
wolfSSL 16:8e0d178b1d1e 986 /* a[0] * b[6] */
wolfSSL 16:8e0d178b1d1e 987 t6 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 988
wolfSSL 16:8e0d178b1d1e 989 /* a[1] * b[6] */
wolfSSL 16:8e0d178b1d1e 990 t7 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 991
wolfSSL 16:8e0d178b1d1e 992 /* a[2] * b[6] */
wolfSSL 16:8e0d178b1d1e 993 t8 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 994
wolfSSL 16:8e0d178b1d1e 995 /* a[3] * b[6] */
wolfSSL 16:8e0d178b1d1e 996 t9 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 997
wolfSSL 16:8e0d178b1d1e 998 /* a[4] * b[6] */
wolfSSL 16:8e0d178b1d1e 999 t10 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 1000
wolfSSL 16:8e0d178b1d1e 1001 /* a[5] * b[6] */
wolfSSL 16:8e0d178b1d1e 1002 t11 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 1003
wolfSSL 16:8e0d178b1d1e 1004 /* a[6] * b[6] */
wolfSSL 16:8e0d178b1d1e 1005 t12 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 1006
wolfSSL 16:8e0d178b1d1e 1007 /* a[7] * b[6] */
wolfSSL 16:8e0d178b1d1e 1008 t13 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 1009
wolfSSL 16:8e0d178b1d1e 1010 /* a[8] * b[6] */
wolfSSL 16:8e0d178b1d1e 1011 t14 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 1012
wolfSSL 16:8e0d178b1d1e 1013 /* a[9] * b[6] */
wolfSSL 16:8e0d178b1d1e 1014 t15 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 1015
wolfSSL 16:8e0d178b1d1e 1016
wolfSSL 16:8e0d178b1d1e 1017
wolfSSL 16:8e0d178b1d1e 1018 /* a[*] * b[7] */
wolfSSL 16:8e0d178b1d1e 1019 splat = Q6_V_vsplat_R(b[7]);
wolfSSL 16:8e0d178b1d1e 1020 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 1021 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 1022 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 1023 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 1024 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 1025 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 1026
wolfSSL 16:8e0d178b1d1e 1027
wolfSSL 16:8e0d178b1d1e 1028 /* a[0] * b[7] */
wolfSSL 16:8e0d178b1d1e 1029 t7 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 1030
wolfSSL 16:8e0d178b1d1e 1031 /* a[1] * b[7] */
wolfSSL 16:8e0d178b1d1e 1032 t8 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 1033
wolfSSL 16:8e0d178b1d1e 1034 /* a[2] * b[7] */
wolfSSL 16:8e0d178b1d1e 1035 t9 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 1036
wolfSSL 16:8e0d178b1d1e 1037 /* a[3] * b[7] */
wolfSSL 16:8e0d178b1d1e 1038 t10 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 1039
wolfSSL 16:8e0d178b1d1e 1040 /* a[4] * b[7] */
wolfSSL 16:8e0d178b1d1e 1041 t11 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 1042
wolfSSL 16:8e0d178b1d1e 1043 /* a[5] * b[7] */
wolfSSL 16:8e0d178b1d1e 1044 t12 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 1045
wolfSSL 16:8e0d178b1d1e 1046 /* a[6] * b[7] */
wolfSSL 16:8e0d178b1d1e 1047 t13 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 1048
wolfSSL 16:8e0d178b1d1e 1049 /* a[7] * b[7] */
wolfSSL 16:8e0d178b1d1e 1050 t14 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 1051
wolfSSL 16:8e0d178b1d1e 1052 /* a[8] * b[7] */
wolfSSL 16:8e0d178b1d1e 1053 t15 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 1054
wolfSSL 16:8e0d178b1d1e 1055 /* a[9] * b[7] */
wolfSSL 16:8e0d178b1d1e 1056 t16 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 1057
wolfSSL 16:8e0d178b1d1e 1058
wolfSSL 16:8e0d178b1d1e 1059 /* a[*] * b[8] */
wolfSSL 16:8e0d178b1d1e 1060 splat = Q6_V_vsplat_R(b[8]);
wolfSSL 16:8e0d178b1d1e 1061 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 1062 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 1063 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 1064 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 1065 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 1066 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 1067
wolfSSL 16:8e0d178b1d1e 1068
wolfSSL 16:8e0d178b1d1e 1069 /* a[0] * b[8] */
wolfSSL 16:8e0d178b1d1e 1070 t8 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 1071
wolfSSL 16:8e0d178b1d1e 1072 /* a[1] * b[8] */
wolfSSL 16:8e0d178b1d1e 1073 t9 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 1074
wolfSSL 16:8e0d178b1d1e 1075 /* a[2] * b[8] */
wolfSSL 16:8e0d178b1d1e 1076 t10 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 1077
wolfSSL 16:8e0d178b1d1e 1078 /* a[3] * b[8] */
wolfSSL 16:8e0d178b1d1e 1079 t11 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 1080
wolfSSL 16:8e0d178b1d1e 1081 /* a[4] * b[8] */
wolfSSL 16:8e0d178b1d1e 1082 t12 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 1083
wolfSSL 16:8e0d178b1d1e 1084 /* a[5] * b[8] */
wolfSSL 16:8e0d178b1d1e 1085 t13 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 1086
wolfSSL 16:8e0d178b1d1e 1087 /* a[6] * b[8] */
wolfSSL 16:8e0d178b1d1e 1088 t14 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 1089
wolfSSL 16:8e0d178b1d1e 1090 /* a[7] * b[8] */
wolfSSL 16:8e0d178b1d1e 1091 t15 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 1092
wolfSSL 16:8e0d178b1d1e 1093 /* a[8] * b[8] */
wolfSSL 16:8e0d178b1d1e 1094 t16 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 1095
wolfSSL 16:8e0d178b1d1e 1096 /* a[9] * b[8] */
wolfSSL 16:8e0d178b1d1e 1097 t17 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 1098
wolfSSL 16:8e0d178b1d1e 1099
wolfSSL 16:8e0d178b1d1e 1100 /* a[*] * b[9] */
wolfSSL 16:8e0d178b1d1e 1101 splat = Q6_V_vsplat_R(b[9]);
wolfSSL 16:8e0d178b1d1e 1102 vlow = Q6_Vw_vmpyieo_VhVh(av, splat);
wolfSSL 16:8e0d178b1d1e 1103 vlow = Q6_Vw_vmpyieacc_VwVwVuh(vlow, av, splat);
wolfSSL 16:8e0d178b1d1e 1104 vhi = Q6_Vw_vmpye_VwVuh(av, splat);
wolfSSL 16:8e0d178b1d1e 1105 vhi = Q6_Vw_vmpyoacc_VwVwVh_s1_sat_shift(vhi, av, splat);
wolfSSL 16:8e0d178b1d1e 1106 loi = (unsigned int*)&vlow;
wolfSSL 16:8e0d178b1d1e 1107 hii = (int*)&vhi;
wolfSSL 16:8e0d178b1d1e 1108
wolfSSL 16:8e0d178b1d1e 1109
wolfSSL 16:8e0d178b1d1e 1110 /* a[0] * b[9] */
wolfSSL 16:8e0d178b1d1e 1111 t9 += (loi[0] | ((int64_t)hii[0] << 31));
wolfSSL 16:8e0d178b1d1e 1112
wolfSSL 16:8e0d178b1d1e 1113 /* a[1] * b[9] */
wolfSSL 16:8e0d178b1d1e 1114 t10 += (loi[1] | ((int64_t)hii[1] << 31));
wolfSSL 16:8e0d178b1d1e 1115
wolfSSL 16:8e0d178b1d1e 1116 /* a[2] * b[9] */
wolfSSL 16:8e0d178b1d1e 1117 t11 += (loi[2] | ((int64_t)hii[2] << 31));
wolfSSL 16:8e0d178b1d1e 1118
wolfSSL 16:8e0d178b1d1e 1119 /* a[3] * b[9] */
wolfSSL 16:8e0d178b1d1e 1120 t12 += (loi[3] | ((int64_t)hii[3] << 31));
wolfSSL 16:8e0d178b1d1e 1121
wolfSSL 16:8e0d178b1d1e 1122 /* a[4] * b[9] */
wolfSSL 16:8e0d178b1d1e 1123 t13 += (loi[4] | ((int64_t)hii[4] << 31));
wolfSSL 16:8e0d178b1d1e 1124
wolfSSL 16:8e0d178b1d1e 1125 /* a[5] * b[9] */
wolfSSL 16:8e0d178b1d1e 1126 t14 += (loi[5] | ((int64_t)hii[5] << 31));
wolfSSL 16:8e0d178b1d1e 1127
wolfSSL 16:8e0d178b1d1e 1128 /* a[6] * b[9] */
wolfSSL 16:8e0d178b1d1e 1129 t15 += (loi[6] | ((int64_t)hii[6] << 31));
wolfSSL 16:8e0d178b1d1e 1130
wolfSSL 16:8e0d178b1d1e 1131 /* a[7] * b[9] */
wolfSSL 16:8e0d178b1d1e 1132 t16 += (loi[7] | ((int64_t)hii[7] << 31));
wolfSSL 16:8e0d178b1d1e 1133
wolfSSL 16:8e0d178b1d1e 1134 /* a[8] * b[9] */
wolfSSL 16:8e0d178b1d1e 1135 t17 += (loi[8] | ((int64_t)hii[8] << 31));
wolfSSL 16:8e0d178b1d1e 1136
wolfSSL 16:8e0d178b1d1e 1137 /* a[9] * b[9] */
wolfSSL 16:8e0d178b1d1e 1138 t18 = (loi[9] | ((int64_t)hii[9] << 31));
wolfSSL 16:8e0d178b1d1e 1139
wolfSSL 16:8e0d178b1d1e 1140 t1 += t0 >> 26; r[ 0] = t0 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1141 t2 += t1 >> 26; r[ 1] = t1 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1142 t3 += t2 >> 26; r[ 2] = t2 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1143 t4 += t3 >> 26; r[ 3] = t3 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1144 t5 += t4 >> 26; r[ 4] = t4 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1145 t6 += t5 >> 26; r[ 5] = t5 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1146 t7 += t6 >> 26; r[ 6] = t6 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1147 t8 += t7 >> 26; r[ 7] = t7 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1148 t9 += t8 >> 26; r[ 8] = t8 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1149 t10 += t9 >> 26; r[ 9] = t9 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1150 t11 += t10 >> 26; r[10] = t10 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1151 t12 += t11 >> 26; r[11] = t11 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1152 t13 += t12 >> 26; r[12] = t12 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1153 t14 += t13 >> 26; r[13] = t13 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1154 t15 += t14 >> 26; r[14] = t14 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1155 t16 += t15 >> 26; r[15] = t15 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1156 t17 += t16 >> 26; r[16] = t16 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1157 t18 += t17 >> 26; r[17] = t17 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1158 r[19] = (sp_digit)(t18 >> 26);
wolfSSL 16:8e0d178b1d1e 1159 r[18] = t18 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1160 }
wolfSSL 16:8e0d178b1d1e 1161 #endif
wolfSSL 16:8e0d178b1d1e 1162 }
wolfSSL 16:8e0d178b1d1e 1163
wolfSSL 16:8e0d178b1d1e 1164
wolfSSL 16:8e0d178b1d1e 1165 /* Multiply two Montogmery form numbers mod the modulus (prime).
wolfSSL 16:8e0d178b1d1e 1166 * (r = a * b mod m)
wolfSSL 16:8e0d178b1d1e 1167 *
wolfSSL 16:8e0d178b1d1e 1168 * r Result of multiplication.
wolfSSL 16:8e0d178b1d1e 1169 * a First number to multiply in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1170 * b Second number to multiply in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1171 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1172 * mp Montogmery mulitplier.
wolfSSL 16:8e0d178b1d1e 1173 */
wolfSSL 16:8e0d178b1d1e 1174 static void sp_256_mont_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
wolfSSL 16:8e0d178b1d1e 1175 const sp_digit* m, sp_digit mp)
wolfSSL 16:8e0d178b1d1e 1176 {
wolfSSL 16:8e0d178b1d1e 1177 sp_256_mul_10(r, a, b);
wolfSSL 16:8e0d178b1d1e 1178 sp_256_mont_reduce_10(r, m, mp);
wolfSSL 16:8e0d178b1d1e 1179 }
wolfSSL 16:8e0d178b1d1e 1180
wolfSSL 16:8e0d178b1d1e 1181
wolfSSL 16:8e0d178b1d1e 1182 /* Square a and put result in r. (r = a * a)
wolfSSL 16:8e0d178b1d1e 1183 *
wolfSSL 16:8e0d178b1d1e 1184 * r A single precision integer.
wolfSSL 16:8e0d178b1d1e 1185 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 1186 */
wolfSSL 16:8e0d178b1d1e 1187 SP_NOINLINE static void sp_256_sqr_10(sp_digit* r, const sp_digit* a)
wolfSSL 16:8e0d178b1d1e 1188 {
wolfSSL 16:8e0d178b1d1e 1189 int64_t t0 = Q6_P_mpy_RR(a[0], a[0]);
wolfSSL 16:8e0d178b1d1e 1190 int64_t t1 = Q6_P_mpy_RR(a[0], a[1]) * 2;
wolfSSL 16:8e0d178b1d1e 1191 int64_t t2 = Q6_P_mpy_RR(a[0], a[2]) * 2
wolfSSL 16:8e0d178b1d1e 1192 + Q6_P_mpy_RR(a[1], a[1]);
wolfSSL 16:8e0d178b1d1e 1193 int64_t t3 = (Q6_P_mpy_RR(a[0], a[3])
wolfSSL 16:8e0d178b1d1e 1194 + Q6_P_mpy_RR(a[1], a[2])) * 2;
wolfSSL 16:8e0d178b1d1e 1195 int64_t t4 = (Q6_P_mpy_RR(a[ 0], a[ 4])
wolfSSL 16:8e0d178b1d1e 1196 + Q6_P_mpy_RR(a[ 1], a[ 3])) * 2
wolfSSL 16:8e0d178b1d1e 1197 + Q6_P_mpy_RR(a[ 2], a[ 2]);
wolfSSL 16:8e0d178b1d1e 1198 int64_t t5 = (Q6_P_mpy_RR(a[ 0], a[ 5])
wolfSSL 16:8e0d178b1d1e 1199 + Q6_P_mpy_RR(a[ 1], a[ 4])
wolfSSL 16:8e0d178b1d1e 1200 + Q6_P_mpy_RR(a[ 2], a[ 3])) * 2;
wolfSSL 16:8e0d178b1d1e 1201 int64_t t6 = (Q6_P_mpy_RR(a[ 0], a[ 6])
wolfSSL 16:8e0d178b1d1e 1202 + Q6_P_mpy_RR(a[ 1], a[ 5])
wolfSSL 16:8e0d178b1d1e 1203 + Q6_P_mpy_RR(a[ 2], a[ 4])) * 2
wolfSSL 16:8e0d178b1d1e 1204 + Q6_P_mpy_RR(a[ 3], a[ 3]);
wolfSSL 16:8e0d178b1d1e 1205 int64_t t7 = (Q6_P_mpy_RR(a[ 0], a[ 7])
wolfSSL 16:8e0d178b1d1e 1206 + Q6_P_mpy_RR(a[ 1], a[ 6])
wolfSSL 16:8e0d178b1d1e 1207 + Q6_P_mpy_RR(a[ 2], a[ 5])
wolfSSL 16:8e0d178b1d1e 1208 + Q6_P_mpy_RR(a[ 3], a[ 4])) * 2;
wolfSSL 16:8e0d178b1d1e 1209 int64_t t8 = (Q6_P_mpy_RR(a[ 0], a[ 8])
wolfSSL 16:8e0d178b1d1e 1210 + Q6_P_mpy_RR(a[ 1], a[ 7])
wolfSSL 16:8e0d178b1d1e 1211 + Q6_P_mpy_RR(a[ 2], a[ 6])
wolfSSL 16:8e0d178b1d1e 1212 + Q6_P_mpy_RR(a[ 3], a[ 5])) * 2
wolfSSL 16:8e0d178b1d1e 1213 + Q6_P_mpy_RR(a[ 4], a[ 4]);
wolfSSL 16:8e0d178b1d1e 1214 int64_t t9 = (Q6_P_mpy_RR(a[ 0], a[ 9])
wolfSSL 16:8e0d178b1d1e 1215 + Q6_P_mpy_RR(a[ 1], a[ 8])
wolfSSL 16:8e0d178b1d1e 1216 + Q6_P_mpy_RR(a[ 2], a[ 7])
wolfSSL 16:8e0d178b1d1e 1217 + Q6_P_mpy_RR(a[ 3], a[ 6])
wolfSSL 16:8e0d178b1d1e 1218 + Q6_P_mpy_RR(a[ 4], a[ 5])) * 2;
wolfSSL 16:8e0d178b1d1e 1219 int64_t t10 = (Q6_P_mpy_RR(a[ 1], a[ 9])
wolfSSL 16:8e0d178b1d1e 1220 + Q6_P_mpy_RR(a[ 2], a[ 8])
wolfSSL 16:8e0d178b1d1e 1221 + Q6_P_mpy_RR(a[ 3], a[ 7])
wolfSSL 16:8e0d178b1d1e 1222 + Q6_P_mpy_RR(a[ 4], a[ 6])) * 2
wolfSSL 16:8e0d178b1d1e 1223 + Q6_P_mpy_RR(a[ 5], a[ 5]);
wolfSSL 16:8e0d178b1d1e 1224 int64_t t11 = (Q6_P_mpy_RR(a[ 2], a[ 9])
wolfSSL 16:8e0d178b1d1e 1225 + Q6_P_mpy_RR(a[ 3], a[ 8])
wolfSSL 16:8e0d178b1d1e 1226 + Q6_P_mpy_RR(a[ 4], a[ 7])
wolfSSL 16:8e0d178b1d1e 1227 + Q6_P_mpy_RR(a[ 5], a[ 6])) * 2;
wolfSSL 16:8e0d178b1d1e 1228 int64_t t12 = (Q6_P_mpy_RR(a[ 3], a[ 9])
wolfSSL 16:8e0d178b1d1e 1229 + Q6_P_mpy_RR(a[ 4], a[ 8])
wolfSSL 16:8e0d178b1d1e 1230 + Q6_P_mpy_RR(a[ 5], a[ 7])) * 2
wolfSSL 16:8e0d178b1d1e 1231 + Q6_P_mpy_RR(a[ 6], a[ 6]);
wolfSSL 16:8e0d178b1d1e 1232 int64_t t13 = (Q6_P_mpy_RR(a[ 4], a[ 9])
wolfSSL 16:8e0d178b1d1e 1233 + Q6_P_mpy_RR(a[ 5], a[ 8])
wolfSSL 16:8e0d178b1d1e 1234 + Q6_P_mpy_RR(a[ 6], a[ 7])) * 2;
wolfSSL 16:8e0d178b1d1e 1235 int64_t t14 = (Q6_P_mpy_RR(a[ 5], a[ 9])
wolfSSL 16:8e0d178b1d1e 1236 + Q6_P_mpy_RR(a[ 6], a[ 8])) * 2
wolfSSL 16:8e0d178b1d1e 1237 + Q6_P_mpy_RR(a[ 7], a[ 7]);
wolfSSL 16:8e0d178b1d1e 1238 int64_t t15 =( Q6_P_mpy_RR(a[ 6], a[ 9])
wolfSSL 16:8e0d178b1d1e 1239 + Q6_P_mpy_RR(a[ 7], a[ 8])) * 2;
wolfSSL 16:8e0d178b1d1e 1240 int64_t t16 = Q6_P_mpy_RR(a[ 7], a[ 9]) * 2
wolfSSL 16:8e0d178b1d1e 1241 + Q6_P_mpy_RR(a[ 8], a[ 8]);
wolfSSL 16:8e0d178b1d1e 1242 int64_t t17 = Q6_P_mpy_RR(a[ 8], a[ 9]) * 2;
wolfSSL 16:8e0d178b1d1e 1243 int64_t t18 = Q6_P_mpy_RR(a[ 9], a[ 9]);
wolfSSL 16:8e0d178b1d1e 1244
wolfSSL 16:8e0d178b1d1e 1245 t1 += t0 >> 26; r[ 0] = t0 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1246 t2 += t1 >> 26; r[ 1] = t1 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1247 t3 += t2 >> 26; r[ 2] = t2 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1248 t4 += t3 >> 26; r[ 3] = t3 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1249 t5 += t4 >> 26; r[ 4] = t4 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1250 t6 += t5 >> 26; r[ 5] = t5 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1251 t7 += t6 >> 26; r[ 6] = t6 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1252 t8 += t7 >> 26; r[ 7] = t7 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1253 t9 += t8 >> 26; r[ 8] = t8 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1254 t10 += t9 >> 26; r[ 9] = t9 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1255 t11 += t10 >> 26; r[10] = t10 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1256 t12 += t11 >> 26; r[11] = t11 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1257 t13 += t12 >> 26; r[12] = t12 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1258 t14 += t13 >> 26; r[13] = t13 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1259 t15 += t14 >> 26; r[14] = t14 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1260 t16 += t15 >> 26; r[15] = t15 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1261 t17 += t16 >> 26; r[16] = t16 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1262 t18 += t17 >> 26; r[17] = t17 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1263 r[19] = (sp_digit)(t18 >> 26);
wolfSSL 16:8e0d178b1d1e 1264 r[18] = t18 & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1265 }
wolfSSL 16:8e0d178b1d1e 1266
wolfSSL 16:8e0d178b1d1e 1267
wolfSSL 16:8e0d178b1d1e 1268 /* Square the Montgomery form number. (r = a * a mod m)
wolfSSL 16:8e0d178b1d1e 1269 *
wolfSSL 16:8e0d178b1d1e 1270 * r Result of squaring.
wolfSSL 16:8e0d178b1d1e 1271 * a Number to square in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1272 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1273 * mp Montogmery mulitplier.
wolfSSL 16:8e0d178b1d1e 1274 */
wolfSSL 16:8e0d178b1d1e 1275 static void sp_256_mont_sqr_10(sp_digit* r, const sp_digit* a, const sp_digit* m,
wolfSSL 16:8e0d178b1d1e 1276 sp_digit mp)
wolfSSL 16:8e0d178b1d1e 1277 {
wolfSSL 16:8e0d178b1d1e 1278 sp_256_sqr_10(r, a);
wolfSSL 16:8e0d178b1d1e 1279 sp_256_mont_reduce_10(r, m, mp);
wolfSSL 16:8e0d178b1d1e 1280 }
wolfSSL 16:8e0d178b1d1e 1281
wolfSSL 16:8e0d178b1d1e 1282 #if !defined(WOLFSSL_SP_SMALL) || defined(HAVE_COMP_KEY)
wolfSSL 16:8e0d178b1d1e 1283 /* Square the Montgomery form number a number of times. (r = a ^ n mod m)
wolfSSL 16:8e0d178b1d1e 1284 *
wolfSSL 16:8e0d178b1d1e 1285 * r Result of squaring.
wolfSSL 16:8e0d178b1d1e 1286 * a Number to square in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1287 * n Number of times to square.
wolfSSL 16:8e0d178b1d1e 1288 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1289 * mp Montogmery mulitplier.
wolfSSL 16:8e0d178b1d1e 1290 */
wolfSSL 16:8e0d178b1d1e 1291 static void sp_256_mont_sqr_n_10(sp_digit* r, const sp_digit* a, int n,
wolfSSL 16:8e0d178b1d1e 1292 const sp_digit* m, sp_digit mp)
wolfSSL 16:8e0d178b1d1e 1293 {
wolfSSL 16:8e0d178b1d1e 1294 sp_256_mont_sqr_10(r, a, m, mp);
wolfSSL 16:8e0d178b1d1e 1295 for (; n > 1; n--) {
wolfSSL 16:8e0d178b1d1e 1296 sp_256_mont_sqr_10(r, r, m, mp);
wolfSSL 16:8e0d178b1d1e 1297 }
wolfSSL 16:8e0d178b1d1e 1298 }
wolfSSL 16:8e0d178b1d1e 1299
wolfSSL 16:8e0d178b1d1e 1300 #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */
wolfSSL 16:8e0d178b1d1e 1301 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 1302 /* Mod-2 for the P256 curve. */
wolfSSL 16:8e0d178b1d1e 1303 static const uint32_t p256_mod_2[8] = {
wolfSSL 16:8e0d178b1d1e 1304 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U,
wolfSSL 16:8e0d178b1d1e 1305 0x00000001U,0xffffffffU
wolfSSL 16:8e0d178b1d1e 1306 };
wolfSSL 16:8e0d178b1d1e 1307 #endif /* !WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 1308
wolfSSL 16:8e0d178b1d1e 1309 /* Invert the number, in Montgomery form, modulo the modulus (prime) of the
wolfSSL 16:8e0d178b1d1e 1310 * P256 curve. (r = 1 / a mod m)
wolfSSL 16:8e0d178b1d1e 1311 *
wolfSSL 16:8e0d178b1d1e 1312 * r Inverse result.
wolfSSL 16:8e0d178b1d1e 1313 * a Number to invert.
wolfSSL 16:8e0d178b1d1e 1314 * td Temporary data.
wolfSSL 16:8e0d178b1d1e 1315 */
wolfSSL 16:8e0d178b1d1e 1316 static void sp_256_mont_inv_10(sp_digit* r, const sp_digit* a, sp_digit* td)
wolfSSL 16:8e0d178b1d1e 1317 {
wolfSSL 16:8e0d178b1d1e 1318 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 1319 sp_digit* t = td;
wolfSSL 16:8e0d178b1d1e 1320 int i;
wolfSSL 16:8e0d178b1d1e 1321
wolfSSL 16:8e0d178b1d1e 1322 XMEMCPY(t, a, sizeof(sp_digit) * 10);
wolfSSL 16:8e0d178b1d1e 1323 for (i=254; i>=0; i--) {
wolfSSL 16:8e0d178b1d1e 1324 sp_256_mont_sqr_10(t, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1325 if (p256_mod_2[i / 32] & ((sp_digit)1 << (i % 32)))
wolfSSL 16:8e0d178b1d1e 1326 sp_256_mont_mul_10(t, t, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1327 }
wolfSSL 16:8e0d178b1d1e 1328 XMEMCPY(r, t, sizeof(sp_digit) * 10);
wolfSSL 16:8e0d178b1d1e 1329 #else
wolfSSL 16:8e0d178b1d1e 1330 sp_digit* t = td;
wolfSSL 16:8e0d178b1d1e 1331 sp_digit* t2 = td + Q6_P_mpy_RR(2, 10);
wolfSSL 16:8e0d178b1d1e 1332 sp_digit* t3 = td + Q6_P_mpy_RR(4, 10);
wolfSSL 16:8e0d178b1d1e 1333
wolfSSL 16:8e0d178b1d1e 1334 /* t = a^2 */
wolfSSL 16:8e0d178b1d1e 1335 sp_256_mont_sqr_10(t, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1336 /* t = a^3 = t * a */
wolfSSL 16:8e0d178b1d1e 1337 sp_256_mont_mul_10(t, t, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1338 /* t2= a^c = t ^ 2 ^ 2 */
wolfSSL 16:8e0d178b1d1e 1339 sp_256_mont_sqr_n_10(t2, t, 2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1340 /* t3= a^d = t2 * a */
wolfSSL 16:8e0d178b1d1e 1341 sp_256_mont_mul_10(t3, t2, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1342 /* t = a^f = t2 * t */
wolfSSL 16:8e0d178b1d1e 1343 sp_256_mont_mul_10(t, t2, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1344 /* t2= a^f0 = t ^ 2 ^ 4 */
wolfSSL 16:8e0d178b1d1e 1345 sp_256_mont_sqr_n_10(t2, t, 4, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1346 /* t3= a^fd = t2 * t3 */
wolfSSL 16:8e0d178b1d1e 1347 sp_256_mont_mul_10(t3, t2, t3, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1348 /* t = a^ff = t2 * t */
wolfSSL 16:8e0d178b1d1e 1349 sp_256_mont_mul_10(t, t2, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1350 /* t2= a^ff00 = t ^ 2 ^ 8 */
wolfSSL 16:8e0d178b1d1e 1351 sp_256_mont_sqr_n_10(t2, t, 8, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1352 /* t3= a^fffd = t2 * t3 */
wolfSSL 16:8e0d178b1d1e 1353 sp_256_mont_mul_10(t3, t2, t3, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1354 /* t = a^ffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 1355 sp_256_mont_mul_10(t, t2, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1356 /* t2= a^ffff0000 = t ^ 2 ^ 16 */
wolfSSL 16:8e0d178b1d1e 1357 sp_256_mont_sqr_n_10(t2, t, 16, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1358 /* t3= a^fffffffd = t2 * t3 */
wolfSSL 16:8e0d178b1d1e 1359 sp_256_mont_mul_10(t3, t2, t3, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1360 /* t = a^ffffffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 1361 sp_256_mont_mul_10(t, t2, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1362 /* t = a^ffffffff00000000 = t ^ 2 ^ 32 */
wolfSSL 16:8e0d178b1d1e 1363 sp_256_mont_sqr_n_10(t2, t, 32, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1364 /* t2= a^ffffffffffffffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 1365 sp_256_mont_mul_10(t, t2, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1366 /* t2= a^ffffffff00000001 = t2 * a */
wolfSSL 16:8e0d178b1d1e 1367 sp_256_mont_mul_10(t2, t2, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1368 /* t2= a^ffffffff000000010000000000000000000000000000000000000000
wolfSSL 16:8e0d178b1d1e 1369 * = t2 ^ 2 ^ 160 */
wolfSSL 16:8e0d178b1d1e 1370 sp_256_mont_sqr_n_10(t2, t2, 160, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1371 /* t2= a^ffffffff00000001000000000000000000000000ffffffffffffffff
wolfSSL 16:8e0d178b1d1e 1372 * = t2 * t */
wolfSSL 16:8e0d178b1d1e 1373 sp_256_mont_mul_10(t2, t2, t, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1374 /* t2= a^ffffffff00000001000000000000000000000000ffffffffffffffff00000000
wolfSSL 16:8e0d178b1d1e 1375 * = t2 ^ 2 ^ 32 */
wolfSSL 16:8e0d178b1d1e 1376 sp_256_mont_sqr_n_10(t2, t2, 32, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1377 /* r = a^ffffffff00000001000000000000000000000000fffffffffffffffffffffffd
wolfSSL 16:8e0d178b1d1e 1378 * = t2 * t3 */
wolfSSL 16:8e0d178b1d1e 1379 sp_256_mont_mul_10(r, t2, t3, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1380 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 1381 }
wolfSSL 16:8e0d178b1d1e 1382
wolfSSL 16:8e0d178b1d1e 1383
wolfSSL 16:8e0d178b1d1e 1384 /* Map the Montgomery form projective co-ordinate point to an affine point.
wolfSSL 16:8e0d178b1d1e 1385 *
wolfSSL 16:8e0d178b1d1e 1386 * r Resulting affine co-ordinate point.
wolfSSL 16:8e0d178b1d1e 1387 * p Montgomery form projective co-ordinate point.
wolfSSL 16:8e0d178b1d1e 1388 * t Temporary ordinate data.
wolfSSL 16:8e0d178b1d1e 1389 */
wolfSSL 16:8e0d178b1d1e 1390 static void sp_256_map_10(sp_point* r, const sp_point* p, sp_digit* t)
wolfSSL 16:8e0d178b1d1e 1391 {
wolfSSL 16:8e0d178b1d1e 1392 sp_digit* t1 = t;
wolfSSL 16:8e0d178b1d1e 1393 sp_digit* t2 = t + Q6_P_mpy_RR(2, 10);
wolfSSL 16:8e0d178b1d1e 1394 int32_t n;
wolfSSL 16:8e0d178b1d1e 1395
wolfSSL 16:8e0d178b1d1e 1396 sp_256_mont_inv_10(t1, p->z, t + 2*10);
wolfSSL 16:8e0d178b1d1e 1397
wolfSSL 16:8e0d178b1d1e 1398 sp_256_mont_sqr_10(t2, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1399 sp_256_mont_mul_10(t1, t2, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1400
wolfSSL 16:8e0d178b1d1e 1401 /* x /= z^2 */
wolfSSL 16:8e0d178b1d1e 1402 sp_256_mont_mul_10(r->x, p->x, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1403 XMEMSET(r->x + 10, 0, sizeof(r->x) / 2U);
wolfSSL 16:8e0d178b1d1e 1404 sp_256_mont_reduce_10(r->x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1405 /* Reduce x to less than modulus */
wolfSSL 16:8e0d178b1d1e 1406 n = sp_256_cmp_10(r->x, p256_mod);
wolfSSL 16:8e0d178b1d1e 1407 sp_256_cond_sub_10(r->x, r->x, p256_mod, 0 - ((n >= 0) ?
wolfSSL 16:8e0d178b1d1e 1408 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 1409 sp_256_norm_10(r->x);
wolfSSL 16:8e0d178b1d1e 1410
wolfSSL 16:8e0d178b1d1e 1411 /* y /= z^3 */
wolfSSL 16:8e0d178b1d1e 1412 sp_256_mont_mul_10(r->y, p->y, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1413 XMEMSET(r->y + 10, 0, sizeof(r->y) / 2U);
wolfSSL 16:8e0d178b1d1e 1414 sp_256_mont_reduce_10(r->y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1415 /* Reduce y to less than modulus */
wolfSSL 16:8e0d178b1d1e 1416 n = sp_256_cmp_10(r->y, p256_mod);
wolfSSL 16:8e0d178b1d1e 1417 sp_256_cond_sub_10(r->y, r->y, p256_mod, 0 - ((n >= 0) ?
wolfSSL 16:8e0d178b1d1e 1418 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 1419 sp_256_norm_10(r->y);
wolfSSL 16:8e0d178b1d1e 1420
wolfSSL 16:8e0d178b1d1e 1421 XMEMSET(r->z, 0, sizeof(r->z));
wolfSSL 16:8e0d178b1d1e 1422 r->z[0] = 1;
wolfSSL 16:8e0d178b1d1e 1423
wolfSSL 16:8e0d178b1d1e 1424 }
wolfSSL 16:8e0d178b1d1e 1425
wolfSSL 16:8e0d178b1d1e 1426
wolfSSL 16:8e0d178b1d1e 1427 /* Add b to a into r. (r = a + b)
wolfSSL 16:8e0d178b1d1e 1428 *
wolfSSL 16:8e0d178b1d1e 1429 * r A single precision integer.
wolfSSL 16:8e0d178b1d1e 1430 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 1431 * b A single precision integer.
wolfSSL 16:8e0d178b1d1e 1432 */
wolfSSL 16:8e0d178b1d1e 1433 SP_NOINLINE static int sp_256_add_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 1434 const sp_digit* b)
wolfSSL 16:8e0d178b1d1e 1435 {
wolfSSL 16:8e0d178b1d1e 1436 #if 0
wolfSSL 16:8e0d178b1d1e 1437 r[ 0] = Q6_R_add_RR(a[0], b[0]);
wolfSSL 16:8e0d178b1d1e 1438 r[ 1] = Q6_R_add_RR(a[1], b[1]);
wolfSSL 16:8e0d178b1d1e 1439 r[ 2] = Q6_R_add_RR(a[2], b[2]);
wolfSSL 16:8e0d178b1d1e 1440 r[ 3] = Q6_R_add_RR(a[3], b[3]);
wolfSSL 16:8e0d178b1d1e 1441 r[ 4] = Q6_R_add_RR(a[4], b[4]);
wolfSSL 16:8e0d178b1d1e 1442 r[ 5] = Q6_R_add_RR(a[5], b[5]);
wolfSSL 16:8e0d178b1d1e 1443 r[ 6] = Q6_R_add_RR(a[6], b[6]);
wolfSSL 16:8e0d178b1d1e 1444 r[ 7] = Q6_R_add_RR(a[7], b[7]);
wolfSSL 16:8e0d178b1d1e 1445 r[ 8] = Q6_R_add_RR(a[8], b[8]);
wolfSSL 16:8e0d178b1d1e 1446 r[ 9] = Q6_R_add_RR(a[9], b[9]);
wolfSSL 16:8e0d178b1d1e 1447 #endif
wolfSSL 16:8e0d178b1d1e 1448 #if 1
wolfSSL 16:8e0d178b1d1e 1449 __asm__ __volatile__ (
wolfSSL 16:8e0d178b1d1e 1450 "{ r1 = memw(%[a]+#0) \n"
wolfSSL 16:8e0d178b1d1e 1451 " r2 = memw(%[b]+#0) }\n"
wolfSSL 16:8e0d178b1d1e 1452 "{ r3 = memw(%[a]+#4) \n"
wolfSSL 16:8e0d178b1d1e 1453 " r19 = add(r1,r2) \n"
wolfSSL 16:8e0d178b1d1e 1454 " r4 = memw(%[b]+#4) }\n"
wolfSSL 16:8e0d178b1d1e 1455 "{ r5 = memw(%[a]+#8) \n"
wolfSSL 16:8e0d178b1d1e 1456 " r20 = add(r3,r4) \n"
wolfSSL 16:8e0d178b1d1e 1457 " r6 = memw(%[b]+#8) }\n"
wolfSSL 16:8e0d178b1d1e 1458 "{ memw(%[r]+#0) = r19 }\n"
wolfSSL 16:8e0d178b1d1e 1459 "{ r7 = memw(%[a]+#12) \n"
wolfSSL 16:8e0d178b1d1e 1460 " r21 = add(r5,r6) \n"
wolfSSL 16:8e0d178b1d1e 1461 " r8 = memw(%[b]+#12) }\n"
wolfSSL 16:8e0d178b1d1e 1462 "{ memw(%[r]+#4) = r20 }\n"
wolfSSL 16:8e0d178b1d1e 1463 "{ r9 = memw(%[a]+#16) \n"
wolfSSL 16:8e0d178b1d1e 1464 " r22 = add(r7,r8) \n"
wolfSSL 16:8e0d178b1d1e 1465 " r10 = memw(%[b]+#16) }\n"
wolfSSL 16:8e0d178b1d1e 1466 "{ memw(%[r]+#8) = r21 }\n"
wolfSSL 16:8e0d178b1d1e 1467 "{ r11 = memw(%[a]+#20) \n"
wolfSSL 16:8e0d178b1d1e 1468 " r23 = add(r9,r10) \n"
wolfSSL 16:8e0d178b1d1e 1469 " r12 = memw(%[b]+#20) }\n"
wolfSSL 16:8e0d178b1d1e 1470 "{ memw(%[r]+#12) = r22 }\n"
wolfSSL 16:8e0d178b1d1e 1471 "{ r13 = memw(%[a]+#24) \n"
wolfSSL 16:8e0d178b1d1e 1472 " r24 = add(r11,r12) \n"
wolfSSL 16:8e0d178b1d1e 1473 " r14 = memw(%[b]+#24) }\n"
wolfSSL 16:8e0d178b1d1e 1474 "{ memw(%[r]+#16) = r23 }\n"
wolfSSL 16:8e0d178b1d1e 1475 "{ r15 = memw(%[a]+#28) \n"
wolfSSL 16:8e0d178b1d1e 1476 " r25 = add(r13,r14) \n"
wolfSSL 16:8e0d178b1d1e 1477 " r16 = memw(%[b]+#28) }\n"
wolfSSL 16:8e0d178b1d1e 1478 "{ memw(%[r]+#20) = r24 }\n"
wolfSSL 16:8e0d178b1d1e 1479 "{ r17 = memw(%[a]+#32) \n"
wolfSSL 16:8e0d178b1d1e 1480 " r26 = add(r15,r16) \n"
wolfSSL 16:8e0d178b1d1e 1481 " r18 = memw(%[b]+#32) }\n"
wolfSSL 16:8e0d178b1d1e 1482 "{ memw(%[r]+#24) = r25 }\n"
wolfSSL 16:8e0d178b1d1e 1483 "{ r5 = memw(%[a]+#36) \n"
wolfSSL 16:8e0d178b1d1e 1484 " r19 = add(r17,r18) \n"
wolfSSL 16:8e0d178b1d1e 1485 " r6 = memw(%[b]+#36) }\n"
wolfSSL 16:8e0d178b1d1e 1486 "{ memw(%[r]+#28) = r26 }\n"
wolfSSL 16:8e0d178b1d1e 1487 "{ r20 = add(r5,r6) \n"
wolfSSL 16:8e0d178b1d1e 1488 " memw(%[r]+#32) = r19 }\n"
wolfSSL 16:8e0d178b1d1e 1489 "{ memw(%[r]+#36) = r20 }\n"
wolfSSL 16:8e0d178b1d1e 1490 : [r] "+r" (r)
wolfSSL 16:8e0d178b1d1e 1491 : [a] "r"(a), [b] "r"(b)
wolfSSL 16:8e0d178b1d1e 1492 : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", "r24", "r25", "r26"
wolfSSL 16:8e0d178b1d1e 1493 );
wolfSSL 16:8e0d178b1d1e 1494 #endif
wolfSSL 16:8e0d178b1d1e 1495 return 0;
wolfSSL 16:8e0d178b1d1e 1496 }
wolfSSL 16:8e0d178b1d1e 1497
wolfSSL 16:8e0d178b1d1e 1498
wolfSSL 16:8e0d178b1d1e 1499 /* Add two Montgomery form numbers (r = a + b % m).
wolfSSL 16:8e0d178b1d1e 1500 *
wolfSSL 16:8e0d178b1d1e 1501 * r Result of addition.
wolfSSL 16:8e0d178b1d1e 1502 * a First number to add in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1503 * b Second number to add in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1504 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1505 */
wolfSSL 16:8e0d178b1d1e 1506 static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
wolfSSL 16:8e0d178b1d1e 1507 const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 1508 {
wolfSSL 16:8e0d178b1d1e 1509 (void)sp_256_add_10(r, a, b);
wolfSSL 16:8e0d178b1d1e 1510 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1511 sp_256_cond_sub_10(r, r, m, 0 - (((r[9] >> 22) > 0) ?
wolfSSL 16:8e0d178b1d1e 1512 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 1513 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1514 }
wolfSSL 16:8e0d178b1d1e 1515
wolfSSL 16:8e0d178b1d1e 1516
wolfSSL 16:8e0d178b1d1e 1517 /* Double a Montgomery form number (r = a + a % m).
wolfSSL 16:8e0d178b1d1e 1518 *
wolfSSL 16:8e0d178b1d1e 1519 * r Result of doubling.
wolfSSL 16:8e0d178b1d1e 1520 * a Number to double in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1521 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1522 */
wolfSSL 16:8e0d178b1d1e 1523 static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 1524 {
wolfSSL 16:8e0d178b1d1e 1525 (void)sp_256_add_10(r, a, a);
wolfSSL 16:8e0d178b1d1e 1526 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1527 sp_256_cond_sub_10(r, r, m, 0 - (((r[9] >> 22) > 0) ?
wolfSSL 16:8e0d178b1d1e 1528 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 1529 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1530 }
wolfSSL 16:8e0d178b1d1e 1531
wolfSSL 16:8e0d178b1d1e 1532
wolfSSL 16:8e0d178b1d1e 1533 /* Triple a Montgomery form number (r = a + a + a % m).
wolfSSL 16:8e0d178b1d1e 1534 *
wolfSSL 16:8e0d178b1d1e 1535 * r Result of Tripling.
wolfSSL 16:8e0d178b1d1e 1536 * a Number to triple in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1537 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1538 */
wolfSSL 16:8e0d178b1d1e 1539 static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 1540 {
wolfSSL 16:8e0d178b1d1e 1541 (void)sp_256_add_10(r, a, a);
wolfSSL 16:8e0d178b1d1e 1542 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1543 sp_256_cond_sub_10(r, r, m, 0 - (((r[9] >> 22) > 0) ?
wolfSSL 16:8e0d178b1d1e 1544 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 1545 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1546 (void)sp_256_add_10(r, r, a);
wolfSSL 16:8e0d178b1d1e 1547 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1548 sp_256_cond_sub_10(r, r, m, 0 - (((r[9] >> 22) > 0) ?
wolfSSL 16:8e0d178b1d1e 1549 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 1550 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1551 }
wolfSSL 16:8e0d178b1d1e 1552
wolfSSL 16:8e0d178b1d1e 1553 /* Sub b from a into r. (r = a - b)
wolfSSL 16:8e0d178b1d1e 1554 *
wolfSSL 16:8e0d178b1d1e 1555 * r A single precision integer.
wolfSSL 16:8e0d178b1d1e 1556 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 1557 * b A single precision integer.
wolfSSL 16:8e0d178b1d1e 1558 */
wolfSSL 16:8e0d178b1d1e 1559 SP_NOINLINE static int sp_256_sub_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 1560 const sp_digit* b)
wolfSSL 16:8e0d178b1d1e 1561 {
wolfSSL 16:8e0d178b1d1e 1562 #if 0
wolfSSL 16:8e0d178b1d1e 1563 r[ 0] = Q6_R_sub_RR(a[0], b[0]);
wolfSSL 16:8e0d178b1d1e 1564 r[ 1] = Q6_R_sub_RR(a[1], b[1]);
wolfSSL 16:8e0d178b1d1e 1565 r[ 2] = Q6_R_sub_RR(a[2], b[2]);
wolfSSL 16:8e0d178b1d1e 1566 r[ 3] = Q6_R_sub_RR(a[3], b[3]);
wolfSSL 16:8e0d178b1d1e 1567 r[ 4] = Q6_R_sub_RR(a[4], b[4]);
wolfSSL 16:8e0d178b1d1e 1568 r[ 5] = Q6_R_sub_RR(a[5], b[5]);
wolfSSL 16:8e0d178b1d1e 1569 r[ 6] = Q6_R_sub_RR(a[6], b[6]);
wolfSSL 16:8e0d178b1d1e 1570 r[ 7] = Q6_R_sub_RR(a[7], b[7]);
wolfSSL 16:8e0d178b1d1e 1571 r[ 8] = Q6_R_sub_RR(a[8], b[8]);
wolfSSL 16:8e0d178b1d1e 1572 r[ 9] = Q6_R_sub_RR(a[9], b[9]);
wolfSSL 16:8e0d178b1d1e 1573 #endif
wolfSSL 16:8e0d178b1d1e 1574 #if 1
wolfSSL 16:8e0d178b1d1e 1575 __asm__ __volatile__ (
wolfSSL 16:8e0d178b1d1e 1576 "{ r1 = memw(%[a]+#0) \n"
wolfSSL 16:8e0d178b1d1e 1577 " r2 = memw(%[b]+#0) }\n"
wolfSSL 16:8e0d178b1d1e 1578 "{ r3 = memw(%[a]+#4) \n"
wolfSSL 16:8e0d178b1d1e 1579 " r19 = sub(r1,r2) \n"
wolfSSL 16:8e0d178b1d1e 1580 " r4 = memw(%[b]+#4) }\n"
wolfSSL 16:8e0d178b1d1e 1581 "{ r5 = memw(%[a]+#8) \n"
wolfSSL 16:8e0d178b1d1e 1582 " r20 = sub(r3,r4) \n"
wolfSSL 16:8e0d178b1d1e 1583 " r6 = memw(%[b]+#8) }\n"
wolfSSL 16:8e0d178b1d1e 1584 "{ memw(%[r]+#0) = r19 }\n"
wolfSSL 16:8e0d178b1d1e 1585 "{ r7 = memw(%[a]+#12) \n"
wolfSSL 16:8e0d178b1d1e 1586 " r21 = sub(r5,r6) \n"
wolfSSL 16:8e0d178b1d1e 1587 " r8 = memw(%[b]+#12) }\n"
wolfSSL 16:8e0d178b1d1e 1588 "{ memw(%[r]+#4) = r20 }\n"
wolfSSL 16:8e0d178b1d1e 1589 "{ r9 = memw(%[a]+#16) \n"
wolfSSL 16:8e0d178b1d1e 1590 " r22 = sub(r7,r8) \n"
wolfSSL 16:8e0d178b1d1e 1591 " r10 = memw(%[b]+#16) }\n"
wolfSSL 16:8e0d178b1d1e 1592 "{ memw(%[r]+#8) = r21 }\n"
wolfSSL 16:8e0d178b1d1e 1593 "{ r11 = memw(%[a]+#20) \n"
wolfSSL 16:8e0d178b1d1e 1594 " r23 = sub(r9,r10) \n"
wolfSSL 16:8e0d178b1d1e 1595 " r12 = memw(%[b]+#20) }\n"
wolfSSL 16:8e0d178b1d1e 1596 "{ memw(%[r]+#12) = r22 }\n"
wolfSSL 16:8e0d178b1d1e 1597 "{ r13 = memw(%[a]+#24) \n"
wolfSSL 16:8e0d178b1d1e 1598 " r24 = sub(r11,r12) \n"
wolfSSL 16:8e0d178b1d1e 1599 " r14 = memw(%[b]+#24) }\n"
wolfSSL 16:8e0d178b1d1e 1600 "{ memw(%[r]+#16) = r23 }\n"
wolfSSL 16:8e0d178b1d1e 1601 "{ r15 = memw(%[a]+#28) \n"
wolfSSL 16:8e0d178b1d1e 1602 " r25 = sub(r13,r14) \n"
wolfSSL 16:8e0d178b1d1e 1603 " r16 = memw(%[b]+#28) }\n"
wolfSSL 16:8e0d178b1d1e 1604 "{ memw(%[r]+#20) = r24 }\n"
wolfSSL 16:8e0d178b1d1e 1605 "{ r17 = memw(%[a]+#32) \n"
wolfSSL 16:8e0d178b1d1e 1606 " r26 = sub(r15,r16) \n"
wolfSSL 16:8e0d178b1d1e 1607 " r18 = memw(%[b]+#32) }\n"
wolfSSL 16:8e0d178b1d1e 1608 "{ memw(%[r]+#24) = r25 }\n"
wolfSSL 16:8e0d178b1d1e 1609 "{ r5 = memw(%[a]+#36) \n"
wolfSSL 16:8e0d178b1d1e 1610 " r19 = sub(r17,r18) \n"
wolfSSL 16:8e0d178b1d1e 1611 " r6 = memw(%[b]+#36) }\n"
wolfSSL 16:8e0d178b1d1e 1612 "{ memw(%[r]+#28) = r26 }\n"
wolfSSL 16:8e0d178b1d1e 1613 "{ r20 = sub(r5,r6) \n"
wolfSSL 16:8e0d178b1d1e 1614 " memw(%[r]+#32) = r19 }\n"
wolfSSL 16:8e0d178b1d1e 1615 "{ memw(%[r]+#36) = r20 }\n"
wolfSSL 16:8e0d178b1d1e 1616 : [r] "+r" (r)
wolfSSL 16:8e0d178b1d1e 1617 : [a] "r"(a), [b] "r"(b)
wolfSSL 16:8e0d178b1d1e 1618 : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", "r24", "r25", "r26"
wolfSSL 16:8e0d178b1d1e 1619 );
wolfSSL 16:8e0d178b1d1e 1620 #endif
wolfSSL 16:8e0d178b1d1e 1621 return 0;
wolfSSL 16:8e0d178b1d1e 1622 }
wolfSSL 16:8e0d178b1d1e 1623
wolfSSL 16:8e0d178b1d1e 1624 /* Conditionally add a and b using the mask m.
wolfSSL 16:8e0d178b1d1e 1625 * m is -1 to add and 0 when not.
wolfSSL 16:8e0d178b1d1e 1626 *
wolfSSL 16:8e0d178b1d1e 1627 * r A single precision number representing conditional add result.
wolfSSL 16:8e0d178b1d1e 1628 * a A single precision number to add with.
wolfSSL 16:8e0d178b1d1e 1629 * b A single precision number to add.
wolfSSL 16:8e0d178b1d1e 1630 * m Mask value to apply.
wolfSSL 16:8e0d178b1d1e 1631 */
wolfSSL 16:8e0d178b1d1e 1632 static void sp_256_cond_add_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 1633 const sp_digit* b, const sp_digit m)
wolfSSL 16:8e0d178b1d1e 1634 {
wolfSSL 16:8e0d178b1d1e 1635 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 1636 int i;
wolfSSL 16:8e0d178b1d1e 1637
wolfSSL 16:8e0d178b1d1e 1638 for (i = 0; i < 10; i++) {
wolfSSL 16:8e0d178b1d1e 1639 r[i] = a[i] + (b[i] & m);
wolfSSL 16:8e0d178b1d1e 1640 }
wolfSSL 16:8e0d178b1d1e 1641 #else
wolfSSL 16:8e0d178b1d1e 1642 r[ 0] = Q6_R_add_RR(a[ 0], Q6_R_and_RR(b[ 0], m));
wolfSSL 16:8e0d178b1d1e 1643 r[ 1] = Q6_R_add_RR(a[ 1], Q6_R_and_RR(b[ 1], m));
wolfSSL 16:8e0d178b1d1e 1644 r[ 2] = Q6_R_add_RR(a[ 2], Q6_R_and_RR(b[ 2], m));
wolfSSL 16:8e0d178b1d1e 1645 r[ 3] = Q6_R_add_RR(a[ 3], Q6_R_and_RR(b[ 3], m));
wolfSSL 16:8e0d178b1d1e 1646 r[ 4] = Q6_R_add_RR(a[ 4], Q6_R_and_RR(b[ 4], m));
wolfSSL 16:8e0d178b1d1e 1647 r[ 5] = Q6_R_add_RR(a[ 5], Q6_R_and_RR(b[ 5], m));
wolfSSL 16:8e0d178b1d1e 1648 r[ 6] = Q6_R_add_RR(a[ 6], Q6_R_and_RR(b[ 6], m));
wolfSSL 16:8e0d178b1d1e 1649 r[ 7] = Q6_R_add_RR(a[ 7], Q6_R_and_RR(b[ 7], m));
wolfSSL 16:8e0d178b1d1e 1650 r[ 8] = Q6_R_add_RR(a[ 8], Q6_R_and_RR(b[ 8], m));
wolfSSL 16:8e0d178b1d1e 1651 r[ 9] = Q6_R_add_RR(a[ 9], Q6_R_and_RR(b[ 9], m));
wolfSSL 16:8e0d178b1d1e 1652 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 1653 }
wolfSSL 16:8e0d178b1d1e 1654
wolfSSL 16:8e0d178b1d1e 1655
wolfSSL 16:8e0d178b1d1e 1656 /* Subtract two Montgomery form numbers (r = a - b % m).
wolfSSL 16:8e0d178b1d1e 1657 *
wolfSSL 16:8e0d178b1d1e 1658 * r Result of subtration.
wolfSSL 16:8e0d178b1d1e 1659 * a Number to subtract from in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1660 * b Number to subtract with in Montogmery form.
wolfSSL 16:8e0d178b1d1e 1661 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1662 */
wolfSSL 16:8e0d178b1d1e 1663 static void sp_256_mont_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
wolfSSL 16:8e0d178b1d1e 1664 const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 1665 {
wolfSSL 16:8e0d178b1d1e 1666 (void)sp_256_sub_10(r, a, b);
wolfSSL 16:8e0d178b1d1e 1667 sp_256_cond_add_10(r, r, m, r[9] >> 22);
wolfSSL 16:8e0d178b1d1e 1668 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1669 }
wolfSSL 16:8e0d178b1d1e 1670
wolfSSL 16:8e0d178b1d1e 1671
wolfSSL 16:8e0d178b1d1e 1672 /* Shift number left one bit.
wolfSSL 16:8e0d178b1d1e 1673 * Bottom bit is lost.
wolfSSL 16:8e0d178b1d1e 1674 *
wolfSSL 16:8e0d178b1d1e 1675 * r Result of shift.
wolfSSL 16:8e0d178b1d1e 1676 * a Number to shift.
wolfSSL 16:8e0d178b1d1e 1677 */
wolfSSL 16:8e0d178b1d1e 1678 SP_NOINLINE static void sp_256_rshift1_10(sp_digit* r, sp_digit* a)
wolfSSL 16:8e0d178b1d1e 1679 {
wolfSSL 16:8e0d178b1d1e 1680 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 1681 int i;
wolfSSL 16:8e0d178b1d1e 1682
wolfSSL 16:8e0d178b1d1e 1683 for (i=0; i<9; i++) {
wolfSSL 16:8e0d178b1d1e 1684 r[i] = ((a[i] >> 1) | (a[i + 1] << 25)) & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 1685 }
wolfSSL 16:8e0d178b1d1e 1686 #else
wolfSSL 16:8e0d178b1d1e 1687 r[0] = ((a[0] >> 1) | Q6_R_and_RR((a[1] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1688 r[1] = ((a[1] >> 1) | Q6_R_and_RR((a[2] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1689 r[2] = ((a[2] >> 1) | Q6_R_and_RR((a[3] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1690 r[3] = ((a[3] >> 1) | Q6_R_and_RR((a[4] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1691 r[4] = ((a[4] >> 1) | Q6_R_and_RR((a[5] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1692 r[5] = ((a[5] >> 1) | Q6_R_and_RR((a[6] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1693 r[6] = ((a[6] >> 1) | Q6_R_and_RR((a[7] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1694 r[7] = ((a[7] >> 1) | Q6_R_and_RR((a[8] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1695 r[8] = ((a[8] >> 1) | Q6_R_and_RR((a[9] << 25), 0x3ffffff));
wolfSSL 16:8e0d178b1d1e 1696 #endif
wolfSSL 16:8e0d178b1d1e 1697 r[9] = a[9] >> 1;
wolfSSL 16:8e0d178b1d1e 1698 }
wolfSSL 16:8e0d178b1d1e 1699
wolfSSL 16:8e0d178b1d1e 1700
wolfSSL 16:8e0d178b1d1e 1701 /* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
wolfSSL 16:8e0d178b1d1e 1702 *
wolfSSL 16:8e0d178b1d1e 1703 * r Result of division by 2.
wolfSSL 16:8e0d178b1d1e 1704 * a Number to divide.
wolfSSL 16:8e0d178b1d1e 1705 * m Modulus (prime).
wolfSSL 16:8e0d178b1d1e 1706 */
wolfSSL 16:8e0d178b1d1e 1707 static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 1708 {
wolfSSL 16:8e0d178b1d1e 1709 sp_256_cond_add_10(r, a, m, 0 - (a[0] & 1));
wolfSSL 16:8e0d178b1d1e 1710 sp_256_norm_10(r);
wolfSSL 16:8e0d178b1d1e 1711 sp_256_rshift1_10(r, r);
wolfSSL 16:8e0d178b1d1e 1712 }
wolfSSL 16:8e0d178b1d1e 1713
wolfSSL 16:8e0d178b1d1e 1714
wolfSSL 16:8e0d178b1d1e 1715 /* Double the Montgomery form projective point p.
wolfSSL 16:8e0d178b1d1e 1716 *
wolfSSL 16:8e0d178b1d1e 1717 * r Result of doubling point.
wolfSSL 16:8e0d178b1d1e 1718 * p Point to double.
wolfSSL 16:8e0d178b1d1e 1719 * t Temporary ordinate data.
wolfSSL 16:8e0d178b1d1e 1720 */
wolfSSL 16:8e0d178b1d1e 1721 static void sp_256_proj_point_dbl_10(sp_point* r, const sp_point* p, sp_digit* t)
wolfSSL 16:8e0d178b1d1e 1722 {
wolfSSL 16:8e0d178b1d1e 1723 sp_point* rp[2];
wolfSSL 16:8e0d178b1d1e 1724 sp_digit* t1 = t;
wolfSSL 16:8e0d178b1d1e 1725 sp_digit* t2 = t + 2*10;
wolfSSL 16:8e0d178b1d1e 1726 sp_digit* x;
wolfSSL 16:8e0d178b1d1e 1727 sp_digit* y;
wolfSSL 16:8e0d178b1d1e 1728 sp_digit* z;
wolfSSL 16:8e0d178b1d1e 1729 int i;
wolfSSL 16:8e0d178b1d1e 1730
wolfSSL 16:8e0d178b1d1e 1731 /* When infinity don't double point passed in - constant time. */
wolfSSL 16:8e0d178b1d1e 1732 rp[0] = r;
wolfSSL 16:8e0d178b1d1e 1733
wolfSSL 16:8e0d178b1d1e 1734 /*lint allow cast to different type of pointer*/
wolfSSL 16:8e0d178b1d1e 1735 rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
wolfSSL 16:8e0d178b1d1e 1736 XMEMSET(rp[1], 0, sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 1737 x = rp[p->infinity]->x;
wolfSSL 16:8e0d178b1d1e 1738 y = rp[p->infinity]->y;
wolfSSL 16:8e0d178b1d1e 1739 z = rp[p->infinity]->z;
wolfSSL 16:8e0d178b1d1e 1740 /* Put point to double into result - good for infinity. */
wolfSSL 16:8e0d178b1d1e 1741 if (r != p) {
wolfSSL 16:8e0d178b1d1e 1742 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 1743 r->x[i] = p->x[i];
wolfSSL 16:8e0d178b1d1e 1744 }
wolfSSL 16:8e0d178b1d1e 1745 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 1746 r->y[i] = p->y[i];
wolfSSL 16:8e0d178b1d1e 1747 }
wolfSSL 16:8e0d178b1d1e 1748 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 1749 r->z[i] = p->z[i];
wolfSSL 16:8e0d178b1d1e 1750 }
wolfSSL 16:8e0d178b1d1e 1751 r->infinity = p->infinity;
wolfSSL 16:8e0d178b1d1e 1752 }
wolfSSL 16:8e0d178b1d1e 1753
wolfSSL 16:8e0d178b1d1e 1754 /* T1 = Z * Z */
wolfSSL 16:8e0d178b1d1e 1755 sp_256_mont_sqr_10(t1, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1756 /* Z = Y * Z */
wolfSSL 16:8e0d178b1d1e 1757 sp_256_mont_mul_10(z, y, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1758 /* Z = 2Z */
wolfSSL 16:8e0d178b1d1e 1759 sp_256_mont_dbl_10(z, z, p256_mod);
wolfSSL 16:8e0d178b1d1e 1760 /* T2 = X - T1 */
wolfSSL 16:8e0d178b1d1e 1761 sp_256_mont_sub_10(t2, x, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 1762 /* T1 = X + T1 */
wolfSSL 16:8e0d178b1d1e 1763 sp_256_mont_add_10(t1, x, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 1764 /* T2 = T1 * T2 */
wolfSSL 16:8e0d178b1d1e 1765 sp_256_mont_mul_10(t2, t1, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1766 /* T1 = 3T2 */
wolfSSL 16:8e0d178b1d1e 1767 sp_256_mont_tpl_10(t1, t2, p256_mod);
wolfSSL 16:8e0d178b1d1e 1768 /* Y = 2Y */
wolfSSL 16:8e0d178b1d1e 1769 sp_256_mont_dbl_10(y, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 1770 /* Y = Y * Y */
wolfSSL 16:8e0d178b1d1e 1771 sp_256_mont_sqr_10(y, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1772 /* T2 = Y * Y */
wolfSSL 16:8e0d178b1d1e 1773 sp_256_mont_sqr_10(t2, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1774 /* T2 = T2/2 */
wolfSSL 16:8e0d178b1d1e 1775 sp_256_div2_10(t2, t2, p256_mod);
wolfSSL 16:8e0d178b1d1e 1776 /* Y = Y * X */
wolfSSL 16:8e0d178b1d1e 1777 sp_256_mont_mul_10(y, y, x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1778 /* X = T1 * T1 */
wolfSSL 16:8e0d178b1d1e 1779 sp_256_mont_mul_10(x, t1, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1780 /* X = X - Y */
wolfSSL 16:8e0d178b1d1e 1781 sp_256_mont_sub_10(x, x, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 1782 /* X = X - Y */
wolfSSL 16:8e0d178b1d1e 1783 sp_256_mont_sub_10(x, x, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 1784 /* Y = Y - X */
wolfSSL 16:8e0d178b1d1e 1785 sp_256_mont_sub_10(y, y, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 1786 /* Y = Y * T1 */
wolfSSL 16:8e0d178b1d1e 1787 sp_256_mont_mul_10(y, y, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1788 /* Y = Y - T2 */
wolfSSL 16:8e0d178b1d1e 1789 sp_256_mont_sub_10(y, y, t2, p256_mod);
wolfSSL 16:8e0d178b1d1e 1790
wolfSSL 16:8e0d178b1d1e 1791 }
wolfSSL 16:8e0d178b1d1e 1792
wolfSSL 16:8e0d178b1d1e 1793
wolfSSL 16:8e0d178b1d1e 1794 /* Compare two numbers to determine if they are equal.
wolfSSL 16:8e0d178b1d1e 1795 * Constant time implementation.
wolfSSL 16:8e0d178b1d1e 1796 *
wolfSSL 16:8e0d178b1d1e 1797 * a First number to compare.
wolfSSL 16:8e0d178b1d1e 1798 * b Second number to compare.
wolfSSL 16:8e0d178b1d1e 1799 * returns 1 when equal and 0 otherwise.
wolfSSL 16:8e0d178b1d1e 1800 */
wolfSSL 16:8e0d178b1d1e 1801 static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b)
wolfSSL 16:8e0d178b1d1e 1802 {
wolfSSL 16:8e0d178b1d1e 1803 return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) | (a[3] ^ b[3]) |
wolfSSL 16:8e0d178b1d1e 1804 (a[4] ^ b[4]) | (a[5] ^ b[5]) | (a[6] ^ b[6]) | (a[7] ^ b[7]) |
wolfSSL 16:8e0d178b1d1e 1805 (a[8] ^ b[8]) | (a[9] ^ b[9])) == 0;
wolfSSL 16:8e0d178b1d1e 1806 }
wolfSSL 16:8e0d178b1d1e 1807
wolfSSL 16:8e0d178b1d1e 1808 /* Add two Montgomery form projective points.
wolfSSL 16:8e0d178b1d1e 1809 *
wolfSSL 16:8e0d178b1d1e 1810 * r Result of addition.
wolfSSL 16:8e0d178b1d1e 1811 * p First point to add.
wolfSSL 16:8e0d178b1d1e 1812 * q Second point to add.
wolfSSL 16:8e0d178b1d1e 1813 * t Temporary ordinate data.
wolfSSL 16:8e0d178b1d1e 1814 */
wolfSSL 16:8e0d178b1d1e 1815 static void sp_256_proj_point_add_10(sp_point* r, const sp_point* p, const sp_point* q,
wolfSSL 16:8e0d178b1d1e 1816 sp_digit* t)
wolfSSL 16:8e0d178b1d1e 1817 {
wolfSSL 16:8e0d178b1d1e 1818 const sp_point* ap[2];
wolfSSL 16:8e0d178b1d1e 1819 sp_point* rp[2];
wolfSSL 16:8e0d178b1d1e 1820 sp_digit* t1 = t;
wolfSSL 16:8e0d178b1d1e 1821 sp_digit* t2 = t + 2*10;
wolfSSL 16:8e0d178b1d1e 1822 sp_digit* t3 = t + 4*10;
wolfSSL 16:8e0d178b1d1e 1823 sp_digit* t4 = t + 6*10;
wolfSSL 16:8e0d178b1d1e 1824 sp_digit* t5 = t + 8*10;
wolfSSL 16:8e0d178b1d1e 1825 sp_digit* x;
wolfSSL 16:8e0d178b1d1e 1826 sp_digit* y;
wolfSSL 16:8e0d178b1d1e 1827 sp_digit* z;
wolfSSL 16:8e0d178b1d1e 1828 int i;
wolfSSL 16:8e0d178b1d1e 1829
wolfSSL 16:8e0d178b1d1e 1830 /* Ensure only the first point is the same as the result. */
wolfSSL 16:8e0d178b1d1e 1831 if (q == r) {
wolfSSL 16:8e0d178b1d1e 1832 const sp_point* a = p;
wolfSSL 16:8e0d178b1d1e 1833 p = q;
wolfSSL 16:8e0d178b1d1e 1834 q = a;
wolfSSL 16:8e0d178b1d1e 1835 }
wolfSSL 16:8e0d178b1d1e 1836
wolfSSL 16:8e0d178b1d1e 1837 /* Check double */
wolfSSL 16:8e0d178b1d1e 1838 (void)sp_256_sub_10(t1, p256_mod, q->y);
wolfSSL 16:8e0d178b1d1e 1839 sp_256_norm_10(t1);
wolfSSL 16:8e0d178b1d1e 1840 if ((sp_256_cmp_equal_10(p->x, q->x) & sp_256_cmp_equal_10(p->z, q->z) &
wolfSSL 16:8e0d178b1d1e 1841 (sp_256_cmp_equal_10(p->y, q->y) | sp_256_cmp_equal_10(p->y, t1))) != 0) {
wolfSSL 16:8e0d178b1d1e 1842 sp_256_proj_point_dbl_10(r, p, t);
wolfSSL 16:8e0d178b1d1e 1843 }
wolfSSL 16:8e0d178b1d1e 1844 else {
wolfSSL 16:8e0d178b1d1e 1845 rp[0] = r;
wolfSSL 16:8e0d178b1d1e 1846
wolfSSL 16:8e0d178b1d1e 1847 /*lint allow cast to different type of pointer*/
wolfSSL 16:8e0d178b1d1e 1848 rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
wolfSSL 16:8e0d178b1d1e 1849 XMEMSET(rp[1], 0, sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 1850 x = rp[p->infinity | q->infinity]->x;
wolfSSL 16:8e0d178b1d1e 1851 y = rp[p->infinity | q->infinity]->y;
wolfSSL 16:8e0d178b1d1e 1852 z = rp[p->infinity | q->infinity]->z;
wolfSSL 16:8e0d178b1d1e 1853
wolfSSL 16:8e0d178b1d1e 1854 ap[0] = p;
wolfSSL 16:8e0d178b1d1e 1855 ap[1] = q;
wolfSSL 16:8e0d178b1d1e 1856 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 1857 r->x[i] = ap[p->infinity]->x[i];
wolfSSL 16:8e0d178b1d1e 1858 }
wolfSSL 16:8e0d178b1d1e 1859 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 1860 r->y[i] = ap[p->infinity]->y[i];
wolfSSL 16:8e0d178b1d1e 1861 }
wolfSSL 16:8e0d178b1d1e 1862 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 1863 r->z[i] = ap[p->infinity]->z[i];
wolfSSL 16:8e0d178b1d1e 1864 }
wolfSSL 16:8e0d178b1d1e 1865 r->infinity = ap[p->infinity]->infinity;
wolfSSL 16:8e0d178b1d1e 1866
wolfSSL 16:8e0d178b1d1e 1867 /* U1 = X1*Z2^2 */
wolfSSL 16:8e0d178b1d1e 1868 sp_256_mont_sqr_10(t1, q->z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1869 sp_256_mont_mul_10(t3, t1, q->z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1870 sp_256_mont_mul_10(t1, t1, x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1871 /* U2 = X2*Z1^2 */
wolfSSL 16:8e0d178b1d1e 1872 sp_256_mont_sqr_10(t2, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1873 sp_256_mont_mul_10(t4, t2, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1874 sp_256_mont_mul_10(t2, t2, q->x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1875 /* S1 = Y1*Z2^3 */
wolfSSL 16:8e0d178b1d1e 1876 sp_256_mont_mul_10(t3, t3, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1877 /* S2 = Y2*Z1^3 */
wolfSSL 16:8e0d178b1d1e 1878 sp_256_mont_mul_10(t4, t4, q->y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1879 /* H = U2 - U1 */
wolfSSL 16:8e0d178b1d1e 1880 sp_256_mont_sub_10(t2, t2, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 1881 /* R = S2 - S1 */
wolfSSL 16:8e0d178b1d1e 1882 sp_256_mont_sub_10(t4, t4, t3, p256_mod);
wolfSSL 16:8e0d178b1d1e 1883 /* Z3 = H*Z1*Z2 */
wolfSSL 16:8e0d178b1d1e 1884 sp_256_mont_mul_10(z, z, q->z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1885 sp_256_mont_mul_10(z, z, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1886 /* X3 = R^2 - H^3 - 2*U1*H^2 */
wolfSSL 16:8e0d178b1d1e 1887 sp_256_mont_sqr_10(x, t4, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1888 sp_256_mont_sqr_10(t5, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1889 sp_256_mont_mul_10(y, t1, t5, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1890 sp_256_mont_mul_10(t5, t5, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1891 sp_256_mont_sub_10(x, x, t5, p256_mod);
wolfSSL 16:8e0d178b1d1e 1892 sp_256_mont_dbl_10(t1, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 1893 sp_256_mont_sub_10(x, x, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 1894 /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */
wolfSSL 16:8e0d178b1d1e 1895 sp_256_mont_sub_10(y, y, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 1896 sp_256_mont_mul_10(y, y, t4, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1897 sp_256_mont_mul_10(t5, t5, t3, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 1898 sp_256_mont_sub_10(y, y, t5, p256_mod);
wolfSSL 16:8e0d178b1d1e 1899 }
wolfSSL 16:8e0d178b1d1e 1900 }
wolfSSL 16:8e0d178b1d1e 1901
wolfSSL 16:8e0d178b1d1e 1902 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 1903 /* Multiply the point by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 1904 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 1905 *
wolfSSL 16:8e0d178b1d1e 1906 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 1907 * g Point to multiply.
wolfSSL 16:8e0d178b1d1e 1908 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 1909 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 1910 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 1911 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 1912 */
wolfSSL 16:8e0d178b1d1e 1913 static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit* k,
wolfSSL 16:8e0d178b1d1e 1914 int map, void* heap)
wolfSSL 16:8e0d178b1d1e 1915 {
wolfSSL 16:8e0d178b1d1e 1916 sp_point* td;
wolfSSL 16:8e0d178b1d1e 1917 sp_point* t[3];
wolfSSL 16:8e0d178b1d1e 1918 sp_digit* tmp;
wolfSSL 16:8e0d178b1d1e 1919 sp_digit n;
wolfSSL 16:8e0d178b1d1e 1920 int i;
wolfSSL 16:8e0d178b1d1e 1921 int c, y;
wolfSSL 16:8e0d178b1d1e 1922 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 1923
wolfSSL 16:8e0d178b1d1e 1924 (void)heap;
wolfSSL 16:8e0d178b1d1e 1925
wolfSSL 16:8e0d178b1d1e 1926 td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 1927 if (td == NULL)
wolfSSL 16:8e0d178b1d1e 1928 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 1929 tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
wolfSSL 16:8e0d178b1d1e 1930 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 1931 if (tmp == NULL)
wolfSSL 16:8e0d178b1d1e 1932 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 1933
wolfSSL 16:8e0d178b1d1e 1934 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 1935 XMEMSET(td, 0, sizeof(*td) * 3);
wolfSSL 16:8e0d178b1d1e 1936
wolfSSL 16:8e0d178b1d1e 1937 t[0] = &td[0];
wolfSSL 16:8e0d178b1d1e 1938 t[1] = &td[1];
wolfSSL 16:8e0d178b1d1e 1939 t[2] = &td[2];
wolfSSL 16:8e0d178b1d1e 1940
wolfSSL 16:8e0d178b1d1e 1941 /* t[0] = {0, 0, 1} * norm */
wolfSSL 16:8e0d178b1d1e 1942 t[0]->infinity = 1;
wolfSSL 16:8e0d178b1d1e 1943 /* t[1] = {g->x, g->y, g->z} * norm */
wolfSSL 16:8e0d178b1d1e 1944 err = sp_256_mod_mul_norm_10(t[1]->x, g->x, p256_mod);
wolfSSL 16:8e0d178b1d1e 1945 }
wolfSSL 16:8e0d178b1d1e 1946 if (err == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 1947 err = sp_256_mod_mul_norm_10(t[1]->y, g->y, p256_mod);
wolfSSL 16:8e0d178b1d1e 1948 if (err == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 1949 err = sp_256_mod_mul_norm_10(t[1]->z, g->z, p256_mod);
wolfSSL 16:8e0d178b1d1e 1950
wolfSSL 16:8e0d178b1d1e 1951 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 1952 i = 9;
wolfSSL 16:8e0d178b1d1e 1953 c = 22;
wolfSSL 16:8e0d178b1d1e 1954 n = k[i--] << (26 - c);
wolfSSL 16:8e0d178b1d1e 1955 for (; ; c--) {
wolfSSL 16:8e0d178b1d1e 1956 if (c == 0) {
wolfSSL 16:8e0d178b1d1e 1957 if (i == -1)
wolfSSL 16:8e0d178b1d1e 1958 break;
wolfSSL 16:8e0d178b1d1e 1959
wolfSSL 16:8e0d178b1d1e 1960 n = k[i--];
wolfSSL 16:8e0d178b1d1e 1961 c = 26;
wolfSSL 16:8e0d178b1d1e 1962 }
wolfSSL 16:8e0d178b1d1e 1963
wolfSSL 16:8e0d178b1d1e 1964 y = (n >> 25) & 1;
wolfSSL 16:8e0d178b1d1e 1965 n <<= 1;
wolfSSL 16:8e0d178b1d1e 1966
wolfSSL 16:8e0d178b1d1e 1967 sp_256_proj_point_add_10(t[y^1], t[0], t[1], tmp);
wolfSSL 16:8e0d178b1d1e 1968
wolfSSL 16:8e0d178b1d1e 1969 XMEMCPY(t[2], (void*)(((size_t)t[0] & addr_mask[y^1]) +
wolfSSL 16:8e0d178b1d1e 1970 ((size_t)t[1] & addr_mask[y])),
wolfSSL 16:8e0d178b1d1e 1971 sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 1972 sp_256_proj_point_dbl_10(t[2], t[2], tmp);
wolfSSL 16:8e0d178b1d1e 1973 XMEMCPY((void*)(((size_t)t[0] & addr_mask[y^1]) +
wolfSSL 16:8e0d178b1d1e 1974 ((size_t)t[1] & addr_mask[y])), t[2],
wolfSSL 16:8e0d178b1d1e 1975 sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 1976 }
wolfSSL 16:8e0d178b1d1e 1977
wolfSSL 16:8e0d178b1d1e 1978 if (map != 0) {
wolfSSL 16:8e0d178b1d1e 1979 sp_256_map_10(r, t[0], tmp);
wolfSSL 16:8e0d178b1d1e 1980 }
wolfSSL 16:8e0d178b1d1e 1981 else {
wolfSSL 16:8e0d178b1d1e 1982 XMEMCPY(r, t[0], sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 1983 }
wolfSSL 16:8e0d178b1d1e 1984 }
wolfSSL 16:8e0d178b1d1e 1985
wolfSSL 16:8e0d178b1d1e 1986 if (tmp != NULL) {
wolfSSL 16:8e0d178b1d1e 1987 XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
wolfSSL 16:8e0d178b1d1e 1988 XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 1989 }
wolfSSL 16:8e0d178b1d1e 1990 if (td != NULL) {
wolfSSL 16:8e0d178b1d1e 1991 XMEMSET(td, 0, sizeof(sp_point) * 3);
wolfSSL 16:8e0d178b1d1e 1992 XFREE(td, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 1993 }
wolfSSL 16:8e0d178b1d1e 1994
wolfSSL 16:8e0d178b1d1e 1995 return err;
wolfSSL 16:8e0d178b1d1e 1996 }
wolfSSL 16:8e0d178b1d1e 1997
wolfSSL 16:8e0d178b1d1e 1998 #elif defined(WOLFSSL_SP_CACHE_RESISTANT)
wolfSSL 16:8e0d178b1d1e 1999 /* Multiply the point by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 2000 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 2001 *
wolfSSL 16:8e0d178b1d1e 2002 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 2003 * g Point to multiply.
wolfSSL 16:8e0d178b1d1e 2004 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 2005 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 2006 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 2007 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 2008 */
wolfSSL 16:8e0d178b1d1e 2009 static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit* k,
wolfSSL 16:8e0d178b1d1e 2010 int map, void* heap)
wolfSSL 16:8e0d178b1d1e 2011 {
wolfSSL 16:8e0d178b1d1e 2012 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2013 sp_point td[3];
wolfSSL 16:8e0d178b1d1e 2014 sp_digit tmpd[2 * 10 * 5];
wolfSSL 16:8e0d178b1d1e 2015 #endif
wolfSSL 16:8e0d178b1d1e 2016 sp_point* t;
wolfSSL 16:8e0d178b1d1e 2017 sp_digit* tmp;
wolfSSL 16:8e0d178b1d1e 2018 sp_digit n;
wolfSSL 16:8e0d178b1d1e 2019 int i;
wolfSSL 16:8e0d178b1d1e 2020 int c, y;
wolfSSL 16:8e0d178b1d1e 2021 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 2022
wolfSSL 16:8e0d178b1d1e 2023 (void)heap;
wolfSSL 16:8e0d178b1d1e 2024
wolfSSL 16:8e0d178b1d1e 2025 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2026 sp_point td[3];
wolfSSL 16:8e0d178b1d1e 2027 t = (sp_point*)XMALLOC(sizeof(*td) * 3, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2028 if (t == NULL)
wolfSSL 16:8e0d178b1d1e 2029 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 2030 tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
wolfSSL 16:8e0d178b1d1e 2031 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2032 if (tmp == NULL)
wolfSSL 16:8e0d178b1d1e 2033 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 2034 #else
wolfSSL 16:8e0d178b1d1e 2035 t = td;
wolfSSL 16:8e0d178b1d1e 2036 tmp = tmpd;
wolfSSL 16:8e0d178b1d1e 2037 #endif
wolfSSL 16:8e0d178b1d1e 2038
wolfSSL 16:8e0d178b1d1e 2039 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2040 t[0] = &td[0];
wolfSSL 16:8e0d178b1d1e 2041 t[1] = &td[1];
wolfSSL 16:8e0d178b1d1e 2042 t[2] = &td[2];
wolfSSL 16:8e0d178b1d1e 2043
wolfSSL 16:8e0d178b1d1e 2044 /* t[0] = {0, 0, 1} * norm */
wolfSSL 16:8e0d178b1d1e 2045 XMEMSET(&t[0], 0, sizeof(t[0]));
wolfSSL 16:8e0d178b1d1e 2046 t[0].infinity = 1;
wolfSSL 16:8e0d178b1d1e 2047 /* t[1] = {g->x, g->y, g->z} * norm */
wolfSSL 16:8e0d178b1d1e 2048 err = sp_256_mod_mul_norm_10(t[1].x, g->x, p256_mod);
wolfSSL 16:8e0d178b1d1e 2049 }
wolfSSL 16:8e0d178b1d1e 2050 if (err == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 2051 err = sp_256_mod_mul_norm_10(t[1].y, g->y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2052 if (err == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 2053 err = sp_256_mod_mul_norm_10(t[1].z, g->z, p256_mod);
wolfSSL 16:8e0d178b1d1e 2054
wolfSSL 16:8e0d178b1d1e 2055 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2056 i = 9;
wolfSSL 16:8e0d178b1d1e 2057 c = 22;
wolfSSL 16:8e0d178b1d1e 2058 n = k[i--] << (26 - c);
wolfSSL 16:8e0d178b1d1e 2059 for (; ; c--) {
wolfSSL 16:8e0d178b1d1e 2060 if (c == 0) {
wolfSSL 16:8e0d178b1d1e 2061 if (i == -1)
wolfSSL 16:8e0d178b1d1e 2062 break;
wolfSSL 16:8e0d178b1d1e 2063
wolfSSL 16:8e0d178b1d1e 2064 n = k[i--];
wolfSSL 16:8e0d178b1d1e 2065 c = 26;
wolfSSL 16:8e0d178b1d1e 2066 }
wolfSSL 16:8e0d178b1d1e 2067
wolfSSL 16:8e0d178b1d1e 2068 y = (n >> 25) & 1;
wolfSSL 16:8e0d178b1d1e 2069 n <<= 1;
wolfSSL 16:8e0d178b1d1e 2070
wolfSSL 16:8e0d178b1d1e 2071 sp_256_proj_point_add_10(&t[y^1], &t[0], &t[1], tmp);
wolfSSL 16:8e0d178b1d1e 2072
wolfSSL 16:8e0d178b1d1e 2073 XMEMCPY(&t[2], (void*)(((size_t)&t[0] & addr_mask[y^1]) +
wolfSSL 16:8e0d178b1d1e 2074 ((size_t)&t[1] & addr_mask[y])), sizeof(t[2]));
wolfSSL 16:8e0d178b1d1e 2075 sp_256_proj_point_dbl_10(&t[2], &t[2], tmp);
wolfSSL 16:8e0d178b1d1e 2076 XMEMCPY((void*)(((size_t)&t[0] & addr_mask[y^1]) +
wolfSSL 16:8e0d178b1d1e 2077 ((size_t)&t[1] & addr_mask[y])), &t[2], sizeof(t[2]));
wolfSSL 16:8e0d178b1d1e 2078 }
wolfSSL 16:8e0d178b1d1e 2079
wolfSSL 16:8e0d178b1d1e 2080 if (map != 0) {
wolfSSL 16:8e0d178b1d1e 2081 sp_256_map_10(r, &t[0], tmp);
wolfSSL 16:8e0d178b1d1e 2082 }
wolfSSL 16:8e0d178b1d1e 2083 else {
wolfSSL 16:8e0d178b1d1e 2084 XMEMCPY(r, &t[0], sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 2085 }
wolfSSL 16:8e0d178b1d1e 2086 }
wolfSSL 16:8e0d178b1d1e 2087
wolfSSL 16:8e0d178b1d1e 2088 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2089 if (tmp != NULL) {
wolfSSL 16:8e0d178b1d1e 2090 XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
wolfSSL 16:8e0d178b1d1e 2091 XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2092 }
wolfSSL 16:8e0d178b1d1e 2093 if (t != NULL) {
wolfSSL 16:8e0d178b1d1e 2094 XMEMSET(t, 0, sizeof(sp_point) * 3);
wolfSSL 16:8e0d178b1d1e 2095 XFREE(t, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2096 }
wolfSSL 16:8e0d178b1d1e 2097 #else
wolfSSL 16:8e0d178b1d1e 2098 ForceZero(tmpd, sizeof(tmpd));
wolfSSL 16:8e0d178b1d1e 2099 ForceZero(td, sizeof(td));
wolfSSL 16:8e0d178b1d1e 2100 #endif
wolfSSL 16:8e0d178b1d1e 2101
wolfSSL 16:8e0d178b1d1e 2102 return err;
wolfSSL 16:8e0d178b1d1e 2103 }
wolfSSL 16:8e0d178b1d1e 2104
wolfSSL 16:8e0d178b1d1e 2105 #else
wolfSSL 16:8e0d178b1d1e 2106 /* A table entry for pre-computed points. */
wolfSSL 16:8e0d178b1d1e 2107 typedef struct sp_table_entry {
wolfSSL 16:8e0d178b1d1e 2108 sp_digit x[10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 2109 sp_digit y[10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 2110 } sp_table_entry;
wolfSSL 16:8e0d178b1d1e 2111
wolfSSL 16:8e0d178b1d1e 2112 /* Multiply the point by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 2113 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 2114 *
wolfSSL 16:8e0d178b1d1e 2115 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 2116 * g Point to multiply.
wolfSSL 16:8e0d178b1d1e 2117 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 2118 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 2119 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 2120 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 2121 */
wolfSSL 16:8e0d178b1d1e 2122 static int sp_256_ecc_mulmod_fast_10(sp_point* r, const sp_point* g, const sp_digit* k,
wolfSSL 16:8e0d178b1d1e 2123 int map, void* heap)
wolfSSL 16:8e0d178b1d1e 2124 {
wolfSSL 16:8e0d178b1d1e 2125 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2126 sp_point td[16];
wolfSSL 16:8e0d178b1d1e 2127 sp_point rtd;
wolfSSL 16:8e0d178b1d1e 2128 sp_digit tmpd[2 * 10 * 5];
wolfSSL 16:8e0d178b1d1e 2129 #endif
wolfSSL 16:8e0d178b1d1e 2130 sp_point* t;
wolfSSL 16:8e0d178b1d1e 2131 sp_point* rt;
wolfSSL 16:8e0d178b1d1e 2132 sp_digit* tmp;
wolfSSL 16:8e0d178b1d1e 2133 sp_digit n;
wolfSSL 16:8e0d178b1d1e 2134 int i;
wolfSSL 16:8e0d178b1d1e 2135 int c, y;
wolfSSL 16:8e0d178b1d1e 2136 int err;
wolfSSL 16:8e0d178b1d1e 2137
wolfSSL 16:8e0d178b1d1e 2138 (void)heap;
wolfSSL 16:8e0d178b1d1e 2139
wolfSSL 16:8e0d178b1d1e 2140 err = sp_ecc_point_new(heap, rtd, rt);
wolfSSL 16:8e0d178b1d1e 2141 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2142 t = (sp_point*)XMALLOC(sizeof(sp_point) * 16, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2143 if (t == NULL)
wolfSSL 16:8e0d178b1d1e 2144 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 2145 tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
wolfSSL 16:8e0d178b1d1e 2146 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2147 if (tmp == NULL)
wolfSSL 16:8e0d178b1d1e 2148 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 2149 #else
wolfSSL 16:8e0d178b1d1e 2150 t = td;
wolfSSL 16:8e0d178b1d1e 2151 tmp = tmpd;
wolfSSL 16:8e0d178b1d1e 2152 #endif
wolfSSL 16:8e0d178b1d1e 2153
wolfSSL 16:8e0d178b1d1e 2154 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2155 /* t[0] = {0, 0, 1} * norm */
wolfSSL 16:8e0d178b1d1e 2156 XMEMSET(&t[0], 0, sizeof(t[0]));
wolfSSL 16:8e0d178b1d1e 2157 t[0].infinity = 1;
wolfSSL 16:8e0d178b1d1e 2158 /* t[1] = {g->x, g->y, g->z} * norm */
wolfSSL 16:8e0d178b1d1e 2159 (void)sp_256_mod_mul_norm_10(t[1].x, g->x, p256_mod);
wolfSSL 16:8e0d178b1d1e 2160 (void)sp_256_mod_mul_norm_10(t[1].y, g->y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2161 (void)sp_256_mod_mul_norm_10(t[1].z, g->z, p256_mod);
wolfSSL 16:8e0d178b1d1e 2162 t[1].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2163 sp_256_proj_point_dbl_10(&t[ 2], &t[ 1], tmp);
wolfSSL 16:8e0d178b1d1e 2164 t[ 2].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2165 sp_256_proj_point_add_10(&t[ 3], &t[ 2], &t[ 1], tmp);
wolfSSL 16:8e0d178b1d1e 2166 t[ 3].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2167 sp_256_proj_point_dbl_10(&t[ 4], &t[ 2], tmp);
wolfSSL 16:8e0d178b1d1e 2168 t[ 4].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2169 sp_256_proj_point_add_10(&t[ 5], &t[ 3], &t[ 2], tmp);
wolfSSL 16:8e0d178b1d1e 2170 t[ 5].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2171 sp_256_proj_point_dbl_10(&t[ 6], &t[ 3], tmp);
wolfSSL 16:8e0d178b1d1e 2172 t[ 6].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2173 sp_256_proj_point_add_10(&t[ 7], &t[ 4], &t[ 3], tmp);
wolfSSL 16:8e0d178b1d1e 2174 t[ 7].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2175 sp_256_proj_point_dbl_10(&t[ 8], &t[ 4], tmp);
wolfSSL 16:8e0d178b1d1e 2176 t[ 8].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2177 sp_256_proj_point_add_10(&t[ 9], &t[ 5], &t[ 4], tmp);
wolfSSL 16:8e0d178b1d1e 2178 t[ 9].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2179 sp_256_proj_point_dbl_10(&t[10], &t[ 5], tmp);
wolfSSL 16:8e0d178b1d1e 2180 t[10].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2181 sp_256_proj_point_add_10(&t[11], &t[ 6], &t[ 5], tmp);
wolfSSL 16:8e0d178b1d1e 2182 t[11].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2183 sp_256_proj_point_dbl_10(&t[12], &t[ 6], tmp);
wolfSSL 16:8e0d178b1d1e 2184 t[12].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2185 sp_256_proj_point_add_10(&t[13], &t[ 7], &t[ 6], tmp);
wolfSSL 16:8e0d178b1d1e 2186 t[13].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2187 sp_256_proj_point_dbl_10(&t[14], &t[ 7], tmp);
wolfSSL 16:8e0d178b1d1e 2188 t[14].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2189 sp_256_proj_point_add_10(&t[15], &t[ 8], &t[ 7], tmp);
wolfSSL 16:8e0d178b1d1e 2190 t[15].infinity = 0;
wolfSSL 16:8e0d178b1d1e 2191
wolfSSL 16:8e0d178b1d1e 2192 i = 8;
wolfSSL 16:8e0d178b1d1e 2193 n = k[i+1] << 6;
wolfSSL 16:8e0d178b1d1e 2194 c = 18;
wolfSSL 16:8e0d178b1d1e 2195 y = n >> 24;
wolfSSL 16:8e0d178b1d1e 2196 XMEMCPY(rt, &t[y], sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 2197 n <<= 8;
wolfSSL 16:8e0d178b1d1e 2198 for (; i>=0 || c>=4; ) {
wolfSSL 16:8e0d178b1d1e 2199 if (c < 4) {
wolfSSL 16:8e0d178b1d1e 2200 n |= k[i--] << (6 - c);
wolfSSL 16:8e0d178b1d1e 2201 c += 26;
wolfSSL 16:8e0d178b1d1e 2202 }
wolfSSL 16:8e0d178b1d1e 2203 y = (n >> 28) & 0xf;
wolfSSL 16:8e0d178b1d1e 2204 n <<= 4;
wolfSSL 16:8e0d178b1d1e 2205 c -= 4;
wolfSSL 16:8e0d178b1d1e 2206
wolfSSL 16:8e0d178b1d1e 2207 sp_256_proj_point_dbl_10(rt, rt, tmp);
wolfSSL 16:8e0d178b1d1e 2208 sp_256_proj_point_dbl_10(rt, rt, tmp);
wolfSSL 16:8e0d178b1d1e 2209 sp_256_proj_point_dbl_10(rt, rt, tmp);
wolfSSL 16:8e0d178b1d1e 2210 sp_256_proj_point_dbl_10(rt, rt, tmp);
wolfSSL 16:8e0d178b1d1e 2211
wolfSSL 16:8e0d178b1d1e 2212 sp_256_proj_point_add_10(rt, rt, &t[y], tmp);
wolfSSL 16:8e0d178b1d1e 2213 }
wolfSSL 16:8e0d178b1d1e 2214
wolfSSL 16:8e0d178b1d1e 2215 if (map != 0) {
wolfSSL 16:8e0d178b1d1e 2216 sp_256_map_10(r, rt, tmp);
wolfSSL 16:8e0d178b1d1e 2217 }
wolfSSL 16:8e0d178b1d1e 2218 else {
wolfSSL 16:8e0d178b1d1e 2219 XMEMCPY(r, rt, sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 2220 }
wolfSSL 16:8e0d178b1d1e 2221 }
wolfSSL 16:8e0d178b1d1e 2222
wolfSSL 16:8e0d178b1d1e 2223 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2224 if (tmp != NULL) {
wolfSSL 16:8e0d178b1d1e 2225 XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
wolfSSL 16:8e0d178b1d1e 2226 XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2227 }
wolfSSL 16:8e0d178b1d1e 2228 if (t != NULL) {
wolfSSL 16:8e0d178b1d1e 2229 XMEMSET(t, 0, sizeof(sp_point) * 16);
wolfSSL 16:8e0d178b1d1e 2230 XFREE(t, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2231 }
wolfSSL 16:8e0d178b1d1e 2232 #else
wolfSSL 16:8e0d178b1d1e 2233 ForceZero(tmpd, sizeof(tmpd));
wolfSSL 16:8e0d178b1d1e 2234 ForceZero(td, sizeof(td));
wolfSSL 16:8e0d178b1d1e 2235 #endif
wolfSSL 16:8e0d178b1d1e 2236 sp_ecc_point_free(rt, 1, heap);
wolfSSL 16:8e0d178b1d1e 2237
wolfSSL 16:8e0d178b1d1e 2238 return err;
wolfSSL 16:8e0d178b1d1e 2239 }
wolfSSL 16:8e0d178b1d1e 2240
wolfSSL 16:8e0d178b1d1e 2241 #ifdef FP_ECC
wolfSSL 16:8e0d178b1d1e 2242 /* Double the Montgomery form projective point p a number of times.
wolfSSL 16:8e0d178b1d1e 2243 *
wolfSSL 16:8e0d178b1d1e 2244 * r Result of repeated doubling of point.
wolfSSL 16:8e0d178b1d1e 2245 * p Point to double.
wolfSSL 16:8e0d178b1d1e 2246 * n Number of times to double
wolfSSL 16:8e0d178b1d1e 2247 * t Temporary ordinate data.
wolfSSL 16:8e0d178b1d1e 2248 */
wolfSSL 16:8e0d178b1d1e 2249 static void sp_256_proj_point_dbl_n_10(sp_point* r, const sp_point* p, int n,
wolfSSL 16:8e0d178b1d1e 2250 sp_digit* t)
wolfSSL 16:8e0d178b1d1e 2251 {
wolfSSL 16:8e0d178b1d1e 2252 sp_point* rp[2];
wolfSSL 16:8e0d178b1d1e 2253 sp_digit* w = t;
wolfSSL 16:8e0d178b1d1e 2254 sp_digit* a = t + 2*10;
wolfSSL 16:8e0d178b1d1e 2255 sp_digit* b = t + 4*10;
wolfSSL 16:8e0d178b1d1e 2256 sp_digit* t1 = t + 6*10;
wolfSSL 16:8e0d178b1d1e 2257 sp_digit* t2 = t + 8*10;
wolfSSL 16:8e0d178b1d1e 2258 sp_digit* x;
wolfSSL 16:8e0d178b1d1e 2259 sp_digit* y;
wolfSSL 16:8e0d178b1d1e 2260 sp_digit* z;
wolfSSL 16:8e0d178b1d1e 2261 int i;
wolfSSL 16:8e0d178b1d1e 2262
wolfSSL 16:8e0d178b1d1e 2263 rp[0] = r;
wolfSSL 16:8e0d178b1d1e 2264
wolfSSL 16:8e0d178b1d1e 2265 /*lint allow cast to different type of pointer*/
wolfSSL 16:8e0d178b1d1e 2266 rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
wolfSSL 16:8e0d178b1d1e 2267 XMEMSET(rp[1], 0, sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 2268 x = rp[p->infinity]->x;
wolfSSL 16:8e0d178b1d1e 2269 y = rp[p->infinity]->y;
wolfSSL 16:8e0d178b1d1e 2270 z = rp[p->infinity]->z;
wolfSSL 16:8e0d178b1d1e 2271 if (r != p) {
wolfSSL 16:8e0d178b1d1e 2272 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 2273 r->x[i] = p->x[i];
wolfSSL 16:8e0d178b1d1e 2274 }
wolfSSL 16:8e0d178b1d1e 2275 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 2276 r->y[i] = p->y[i];
wolfSSL 16:8e0d178b1d1e 2277 }
wolfSSL 16:8e0d178b1d1e 2278 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 2279 r->z[i] = p->z[i];
wolfSSL 16:8e0d178b1d1e 2280 }
wolfSSL 16:8e0d178b1d1e 2281 r->infinity = p->infinity;
wolfSSL 16:8e0d178b1d1e 2282 }
wolfSSL 16:8e0d178b1d1e 2283
wolfSSL 16:8e0d178b1d1e 2284 /* Y = 2*Y */
wolfSSL 16:8e0d178b1d1e 2285 sp_256_mont_dbl_10(y, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2286 /* W = Z^4 */
wolfSSL 16:8e0d178b1d1e 2287 sp_256_mont_sqr_10(w, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2288 sp_256_mont_sqr_10(w, w, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2289 while (n-- > 0) {
wolfSSL 16:8e0d178b1d1e 2290 /* A = 3*(X^2 - W) */
wolfSSL 16:8e0d178b1d1e 2291 sp_256_mont_sqr_10(t1, x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2292 sp_256_mont_sub_10(t1, t1, w, p256_mod);
wolfSSL 16:8e0d178b1d1e 2293 sp_256_mont_tpl_10(a, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 2294 /* B = X*Y^2 */
wolfSSL 16:8e0d178b1d1e 2295 sp_256_mont_sqr_10(t2, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2296 sp_256_mont_mul_10(b, t2, x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2297 /* X = A^2 - 2B */
wolfSSL 16:8e0d178b1d1e 2298 sp_256_mont_sqr_10(x, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2299 sp_256_mont_dbl_10(t1, b, p256_mod);
wolfSSL 16:8e0d178b1d1e 2300 sp_256_mont_sub_10(x, x, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 2301 /* Z = Z*Y */
wolfSSL 16:8e0d178b1d1e 2302 sp_256_mont_mul_10(z, z, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2303 /* t2 = Y^4 */
wolfSSL 16:8e0d178b1d1e 2304 sp_256_mont_sqr_10(t2, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2305 if (n != 0) {
wolfSSL 16:8e0d178b1d1e 2306 /* W = W*Y^4 */
wolfSSL 16:8e0d178b1d1e 2307 sp_256_mont_mul_10(w, w, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2308 }
wolfSSL 16:8e0d178b1d1e 2309 /* y = 2*A*(B - X) - Y^4 */
wolfSSL 16:8e0d178b1d1e 2310 sp_256_mont_sub_10(y, b, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 2311 sp_256_mont_mul_10(y, y, a, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2312 sp_256_mont_dbl_10(y, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2313 sp_256_mont_sub_10(y, y, t2, p256_mod);
wolfSSL 16:8e0d178b1d1e 2314 }
wolfSSL 16:8e0d178b1d1e 2315 /* Y = Y/2 */
wolfSSL 16:8e0d178b1d1e 2316 sp_256_div2_10(y, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2317 }
wolfSSL 16:8e0d178b1d1e 2318
wolfSSL 16:8e0d178b1d1e 2319 #endif /* FP_ECC */
wolfSSL 16:8e0d178b1d1e 2320
wolfSSL 16:8e0d178b1d1e 2321
wolfSSL 16:8e0d178b1d1e 2322 /* Add two Montgomery form projective points. The second point has a q value of
wolfSSL 16:8e0d178b1d1e 2323 * one.
wolfSSL 16:8e0d178b1d1e 2324 * Only the first point can be the same pointer as the result point.
wolfSSL 16:8e0d178b1d1e 2325 *
wolfSSL 16:8e0d178b1d1e 2326 * r Result of addition.
wolfSSL 16:8e0d178b1d1e 2327 * p First point to add.
wolfSSL 16:8e0d178b1d1e 2328 * q Second point to add.
wolfSSL 16:8e0d178b1d1e 2329 * t Temporary ordinate data.
wolfSSL 16:8e0d178b1d1e 2330 */
wolfSSL 16:8e0d178b1d1e 2331 static void sp_256_proj_point_add_qz1_10(sp_point* r, const sp_point* p,
wolfSSL 16:8e0d178b1d1e 2332 const sp_point* q, sp_digit* t)
wolfSSL 16:8e0d178b1d1e 2333 {
wolfSSL 16:8e0d178b1d1e 2334 const sp_point* ap[2];
wolfSSL 16:8e0d178b1d1e 2335 sp_point* rp[2];
wolfSSL 16:8e0d178b1d1e 2336 sp_digit* t1 = t;
wolfSSL 16:8e0d178b1d1e 2337 sp_digit* t2 = t + 2*10;
wolfSSL 16:8e0d178b1d1e 2338 sp_digit* t3 = t + 4*10;
wolfSSL 16:8e0d178b1d1e 2339 sp_digit* t4 = t + 6*10;
wolfSSL 16:8e0d178b1d1e 2340 sp_digit* t5 = t + 8*10;
wolfSSL 16:8e0d178b1d1e 2341 sp_digit* x;
wolfSSL 16:8e0d178b1d1e 2342 sp_digit* y;
wolfSSL 16:8e0d178b1d1e 2343 sp_digit* z;
wolfSSL 16:8e0d178b1d1e 2344 int i;
wolfSSL 16:8e0d178b1d1e 2345
wolfSSL 16:8e0d178b1d1e 2346 /* Check double */
wolfSSL 16:8e0d178b1d1e 2347 (void)sp_256_sub_10(t1, p256_mod, q->y);
wolfSSL 16:8e0d178b1d1e 2348 sp_256_norm_10(t1);
wolfSSL 16:8e0d178b1d1e 2349 if ((sp_256_cmp_equal_10(p->x, q->x) & sp_256_cmp_equal_10(p->z, q->z) &
wolfSSL 16:8e0d178b1d1e 2350 (sp_256_cmp_equal_10(p->y, q->y) | sp_256_cmp_equal_10(p->y, t1))) != 0) {
wolfSSL 16:8e0d178b1d1e 2351 sp_256_proj_point_dbl_10(r, p, t);
wolfSSL 16:8e0d178b1d1e 2352 }
wolfSSL 16:8e0d178b1d1e 2353 else {
wolfSSL 16:8e0d178b1d1e 2354 rp[0] = r;
wolfSSL 16:8e0d178b1d1e 2355
wolfSSL 16:8e0d178b1d1e 2356 /*lint allow cast to different type of pointer*/
wolfSSL 16:8e0d178b1d1e 2357 rp[1] = (sp_point*)t; /*lint !e9087 !e740*/
wolfSSL 16:8e0d178b1d1e 2358 XMEMSET(rp[1], 0, sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 2359 x = rp[p->infinity | q->infinity]->x;
wolfSSL 16:8e0d178b1d1e 2360 y = rp[p->infinity | q->infinity]->y;
wolfSSL 16:8e0d178b1d1e 2361 z = rp[p->infinity | q->infinity]->z;
wolfSSL 16:8e0d178b1d1e 2362
wolfSSL 16:8e0d178b1d1e 2363 ap[0] = p;
wolfSSL 16:8e0d178b1d1e 2364 ap[1] = q;
wolfSSL 16:8e0d178b1d1e 2365 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 2366 r->x[i] = ap[p->infinity]->x[i];
wolfSSL 16:8e0d178b1d1e 2367 }
wolfSSL 16:8e0d178b1d1e 2368 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 2369 r->y[i] = ap[p->infinity]->y[i];
wolfSSL 16:8e0d178b1d1e 2370 }
wolfSSL 16:8e0d178b1d1e 2371 for (i=0; i<10; i++) {
wolfSSL 16:8e0d178b1d1e 2372 r->z[i] = ap[p->infinity]->z[i];
wolfSSL 16:8e0d178b1d1e 2373 }
wolfSSL 16:8e0d178b1d1e 2374 r->infinity = ap[p->infinity]->infinity;
wolfSSL 16:8e0d178b1d1e 2375
wolfSSL 16:8e0d178b1d1e 2376 /* U2 = X2*Z1^2 */
wolfSSL 16:8e0d178b1d1e 2377 sp_256_mont_sqr_10(t2, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2378 sp_256_mont_mul_10(t4, t2, z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2379 sp_256_mont_mul_10(t2, t2, q->x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2380 /* S2 = Y2*Z1^3 */
wolfSSL 16:8e0d178b1d1e 2381 sp_256_mont_mul_10(t4, t4, q->y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2382 /* H = U2 - X1 */
wolfSSL 16:8e0d178b1d1e 2383 sp_256_mont_sub_10(t2, t2, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 2384 /* R = S2 - Y1 */
wolfSSL 16:8e0d178b1d1e 2385 sp_256_mont_sub_10(t4, t4, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2386 /* Z3 = H*Z1 */
wolfSSL 16:8e0d178b1d1e 2387 sp_256_mont_mul_10(z, z, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2388 /* X3 = R^2 - H^3 - 2*X1*H^2 */
wolfSSL 16:8e0d178b1d1e 2389 sp_256_mont_sqr_10(t1, t4, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2390 sp_256_mont_sqr_10(t5, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2391 sp_256_mont_mul_10(t3, x, t5, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2392 sp_256_mont_mul_10(t5, t5, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2393 sp_256_mont_sub_10(x, t1, t5, p256_mod);
wolfSSL 16:8e0d178b1d1e 2394 sp_256_mont_dbl_10(t1, t3, p256_mod);
wolfSSL 16:8e0d178b1d1e 2395 sp_256_mont_sub_10(x, x, t1, p256_mod);
wolfSSL 16:8e0d178b1d1e 2396 /* Y3 = R*(X1*H^2 - X3) - Y1*H^3 */
wolfSSL 16:8e0d178b1d1e 2397 sp_256_mont_sub_10(t3, t3, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 2398 sp_256_mont_mul_10(t3, t3, t4, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2399 sp_256_mont_mul_10(t5, t5, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2400 sp_256_mont_sub_10(y, t3, t5, p256_mod);
wolfSSL 16:8e0d178b1d1e 2401 }
wolfSSL 16:8e0d178b1d1e 2402 }
wolfSSL 16:8e0d178b1d1e 2403
wolfSSL 16:8e0d178b1d1e 2404 #ifdef FP_ECC
wolfSSL 16:8e0d178b1d1e 2405 /* Convert the projective point to affine.
wolfSSL 16:8e0d178b1d1e 2406 * Ordinates are in Montgomery form.
wolfSSL 16:8e0d178b1d1e 2407 *
wolfSSL 16:8e0d178b1d1e 2408 * a Point to convert.
wolfSSL 16:8e0d178b1d1e 2409 * t Temporary data.
wolfSSL 16:8e0d178b1d1e 2410 */
wolfSSL 16:8e0d178b1d1e 2411 static void sp_256_proj_to_affine_10(sp_point* a, sp_digit* t)
wolfSSL 16:8e0d178b1d1e 2412 {
wolfSSL 16:8e0d178b1d1e 2413 sp_digit* t1 = t;
wolfSSL 16:8e0d178b1d1e 2414 sp_digit* t2 = t + 2 * 10;
wolfSSL 16:8e0d178b1d1e 2415 sp_digit* tmp = t + 4 * 10;
wolfSSL 16:8e0d178b1d1e 2416
wolfSSL 16:8e0d178b1d1e 2417 sp_256_mont_inv_10(t1, a->z, tmp);
wolfSSL 16:8e0d178b1d1e 2418
wolfSSL 16:8e0d178b1d1e 2419 sp_256_mont_sqr_10(t2, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2420 sp_256_mont_mul_10(t1, t2, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2421
wolfSSL 16:8e0d178b1d1e 2422 sp_256_mont_mul_10(a->x, a->x, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2423 sp_256_mont_mul_10(a->y, a->y, t1, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 2424 XMEMCPY(a->z, p256_norm_mod, sizeof(p256_norm_mod));
wolfSSL 16:8e0d178b1d1e 2425 }
wolfSSL 16:8e0d178b1d1e 2426
wolfSSL 16:8e0d178b1d1e 2427
wolfSSL 16:8e0d178b1d1e 2428 /* Generate the pre-computed table of points for the base point.
wolfSSL 16:8e0d178b1d1e 2429 *
wolfSSL 16:8e0d178b1d1e 2430 * a The base point.
wolfSSL 16:8e0d178b1d1e 2431 * table Place to store generated point data.
wolfSSL 16:8e0d178b1d1e 2432 * tmp Temporary data.
wolfSSL 16:8e0d178b1d1e 2433 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 2434 */
wolfSSL 16:8e0d178b1d1e 2435 static int sp_256_gen_stripe_table_10(const sp_point* a,
wolfSSL 16:8e0d178b1d1e 2436 sp_table_entry* table, sp_digit* tmp, void* heap)
wolfSSL 16:8e0d178b1d1e 2437 {
wolfSSL 16:8e0d178b1d1e 2438 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2439 sp_point td, s1d, s2d;
wolfSSL 16:8e0d178b1d1e 2440 #endif
wolfSSL 16:8e0d178b1d1e 2441 sp_point* t;
wolfSSL 16:8e0d178b1d1e 2442 sp_point* s1 = NULL;
wolfSSL 16:8e0d178b1d1e 2443 sp_point* s2 = NULL;
wolfSSL 16:8e0d178b1d1e 2444 int i, j;
wolfSSL 16:8e0d178b1d1e 2445 int err;
wolfSSL 16:8e0d178b1d1e 2446
wolfSSL 16:8e0d178b1d1e 2447 (void)heap;
wolfSSL 16:8e0d178b1d1e 2448
wolfSSL 16:8e0d178b1d1e 2449 err = sp_ecc_point_new(heap, td, t);
wolfSSL 16:8e0d178b1d1e 2450 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2451 err = sp_ecc_point_new(heap, s1d, s1);
wolfSSL 16:8e0d178b1d1e 2452 }
wolfSSL 16:8e0d178b1d1e 2453 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2454 err = sp_ecc_point_new(heap, s2d, s2);
wolfSSL 16:8e0d178b1d1e 2455 }
wolfSSL 16:8e0d178b1d1e 2456
wolfSSL 16:8e0d178b1d1e 2457 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2458 err = sp_256_mod_mul_norm_10(t->x, a->x, p256_mod);
wolfSSL 16:8e0d178b1d1e 2459 }
wolfSSL 16:8e0d178b1d1e 2460 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2461 err = sp_256_mod_mul_norm_10(t->y, a->y, p256_mod);
wolfSSL 16:8e0d178b1d1e 2462 }
wolfSSL 16:8e0d178b1d1e 2463 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2464 err = sp_256_mod_mul_norm_10(t->z, a->z, p256_mod);
wolfSSL 16:8e0d178b1d1e 2465 }
wolfSSL 16:8e0d178b1d1e 2466 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2467 t->infinity = 0;
wolfSSL 16:8e0d178b1d1e 2468 sp_256_proj_to_affine_10(t, tmp);
wolfSSL 16:8e0d178b1d1e 2469
wolfSSL 16:8e0d178b1d1e 2470 XMEMCPY(s1->z, p256_norm_mod, sizeof(p256_norm_mod));
wolfSSL 16:8e0d178b1d1e 2471 s1->infinity = 0;
wolfSSL 16:8e0d178b1d1e 2472 XMEMCPY(s2->z, p256_norm_mod, sizeof(p256_norm_mod));
wolfSSL 16:8e0d178b1d1e 2473 s2->infinity = 0;
wolfSSL 16:8e0d178b1d1e 2474
wolfSSL 16:8e0d178b1d1e 2475 /* table[0] = {0, 0, infinity} */
wolfSSL 16:8e0d178b1d1e 2476 XMEMSET(&table[0], 0, sizeof(sp_table_entry));
wolfSSL 16:8e0d178b1d1e 2477 /* table[1] = Affine version of 'a' in Montgomery form */
wolfSSL 16:8e0d178b1d1e 2478 XMEMCPY(table[1].x, t->x, sizeof(table->x));
wolfSSL 16:8e0d178b1d1e 2479 XMEMCPY(table[1].y, t->y, sizeof(table->y));
wolfSSL 16:8e0d178b1d1e 2480
wolfSSL 16:8e0d178b1d1e 2481 for (i=1; i<8; i++) {
wolfSSL 16:8e0d178b1d1e 2482 sp_256_proj_point_dbl_n_10(t, t, 32, tmp);
wolfSSL 16:8e0d178b1d1e 2483 sp_256_proj_to_affine_10(t, tmp);
wolfSSL 16:8e0d178b1d1e 2484 XMEMCPY(table[1<<i].x, t->x, sizeof(table->x));
wolfSSL 16:8e0d178b1d1e 2485 XMEMCPY(table[1<<i].y, t->y, sizeof(table->y));
wolfSSL 16:8e0d178b1d1e 2486 }
wolfSSL 16:8e0d178b1d1e 2487
wolfSSL 16:8e0d178b1d1e 2488 for (i=1; i<8; i++) {
wolfSSL 16:8e0d178b1d1e 2489 XMEMCPY(s1->x, table[1<<i].x, sizeof(table->x));
wolfSSL 16:8e0d178b1d1e 2490 XMEMCPY(s1->y, table[1<<i].y, sizeof(table->y));
wolfSSL 16:8e0d178b1d1e 2491 for (j=(1<<i)+1; j<(1<<(i+1)); j++) {
wolfSSL 16:8e0d178b1d1e 2492 XMEMCPY(s2->x, table[j-(1<<i)].x, sizeof(table->x));
wolfSSL 16:8e0d178b1d1e 2493 XMEMCPY(s2->y, table[j-(1<<i)].y, sizeof(table->y));
wolfSSL 16:8e0d178b1d1e 2494 sp_256_proj_point_add_qz1_10(t, s1, s2, tmp);
wolfSSL 16:8e0d178b1d1e 2495 sp_256_proj_to_affine_10(t, tmp);
wolfSSL 16:8e0d178b1d1e 2496 XMEMCPY(table[j].x, t->x, sizeof(table->x));
wolfSSL 16:8e0d178b1d1e 2497 XMEMCPY(table[j].y, t->y, sizeof(table->y));
wolfSSL 16:8e0d178b1d1e 2498 }
wolfSSL 16:8e0d178b1d1e 2499 }
wolfSSL 16:8e0d178b1d1e 2500 }
wolfSSL 16:8e0d178b1d1e 2501
wolfSSL 16:8e0d178b1d1e 2502 sp_ecc_point_free(s2, 0, heap);
wolfSSL 16:8e0d178b1d1e 2503 sp_ecc_point_free(s1, 0, heap);
wolfSSL 16:8e0d178b1d1e 2504 sp_ecc_point_free( t, 0, heap);
wolfSSL 16:8e0d178b1d1e 2505
wolfSSL 16:8e0d178b1d1e 2506 return err;
wolfSSL 16:8e0d178b1d1e 2507 }
wolfSSL 16:8e0d178b1d1e 2508
wolfSSL 16:8e0d178b1d1e 2509 #endif /* FP_ECC */
wolfSSL 16:8e0d178b1d1e 2510 /* Multiply the point by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 2511 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 2512 *
wolfSSL 16:8e0d178b1d1e 2513 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 2514 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 2515 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 2516 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 2517 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 2518 */
wolfSSL 16:8e0d178b1d1e 2519 static int sp_256_ecc_mulmod_stripe_10(sp_point* r, const sp_point* g,
wolfSSL 16:8e0d178b1d1e 2520 const sp_table_entry* table, const sp_digit* k, int map, void* heap)
wolfSSL 16:8e0d178b1d1e 2521 {
wolfSSL 16:8e0d178b1d1e 2522 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2523 sp_point rtd;
wolfSSL 16:8e0d178b1d1e 2524 sp_point pd;
wolfSSL 16:8e0d178b1d1e 2525 sp_digit td[2 * 10 * 5];
wolfSSL 16:8e0d178b1d1e 2526 #endif
wolfSSL 16:8e0d178b1d1e 2527 sp_point* rt;
wolfSSL 16:8e0d178b1d1e 2528 sp_point* p = NULL;
wolfSSL 16:8e0d178b1d1e 2529 sp_digit* t;
wolfSSL 16:8e0d178b1d1e 2530 int i, j;
wolfSSL 16:8e0d178b1d1e 2531 int y, x;
wolfSSL 16:8e0d178b1d1e 2532 int err;
wolfSSL 16:8e0d178b1d1e 2533
wolfSSL 16:8e0d178b1d1e 2534 (void)g;
wolfSSL 16:8e0d178b1d1e 2535 (void)heap;
wolfSSL 16:8e0d178b1d1e 2536
wolfSSL 16:8e0d178b1d1e 2537 err = sp_ecc_point_new(heap, rtd, rt);
wolfSSL 16:8e0d178b1d1e 2538 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2539 err = sp_ecc_point_new(heap, pd, p);
wolfSSL 16:8e0d178b1d1e 2540 }
wolfSSL 16:8e0d178b1d1e 2541 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2542 t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
wolfSSL 16:8e0d178b1d1e 2543 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2544 if (t == NULL) {
wolfSSL 16:8e0d178b1d1e 2545 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 2546 }
wolfSSL 16:8e0d178b1d1e 2547 #else
wolfSSL 16:8e0d178b1d1e 2548 t = td;
wolfSSL 16:8e0d178b1d1e 2549 #endif
wolfSSL 16:8e0d178b1d1e 2550
wolfSSL 16:8e0d178b1d1e 2551 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2552 XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
wolfSSL 16:8e0d178b1d1e 2553 XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
wolfSSL 16:8e0d178b1d1e 2554
wolfSSL 16:8e0d178b1d1e 2555 y = 0;
wolfSSL 16:8e0d178b1d1e 2556 for (j=0,x=31; j<8; j++,x+=32) {
wolfSSL 16:8e0d178b1d1e 2557 y |= ((k[x / 26] >> (x % 26)) & 1) << j;
wolfSSL 16:8e0d178b1d1e 2558 }
wolfSSL 16:8e0d178b1d1e 2559 XMEMCPY(rt->x, table[y].x, sizeof(table[y].x));
wolfSSL 16:8e0d178b1d1e 2560 XMEMCPY(rt->y, table[y].y, sizeof(table[y].y));
wolfSSL 16:8e0d178b1d1e 2561 rt->infinity = !y;
wolfSSL 16:8e0d178b1d1e 2562 for (i=30; i>=0; i--) {
wolfSSL 16:8e0d178b1d1e 2563 y = 0;
wolfSSL 16:8e0d178b1d1e 2564 for (j=0,x=i; j<8; j++,x+=32) {
wolfSSL 16:8e0d178b1d1e 2565 y |= ((k[x / 26] >> (x % 26)) & 1) << j;
wolfSSL 16:8e0d178b1d1e 2566 }
wolfSSL 16:8e0d178b1d1e 2567
wolfSSL 16:8e0d178b1d1e 2568 sp_256_proj_point_dbl_10(rt, rt, t);
wolfSSL 16:8e0d178b1d1e 2569 XMEMCPY(p->x, table[y].x, sizeof(table[y].x));
wolfSSL 16:8e0d178b1d1e 2570 XMEMCPY(p->y, table[y].y, sizeof(table[y].y));
wolfSSL 16:8e0d178b1d1e 2571 p->infinity = !y;
wolfSSL 16:8e0d178b1d1e 2572 sp_256_proj_point_add_qz1_10(rt, rt, p, t);
wolfSSL 16:8e0d178b1d1e 2573 }
wolfSSL 16:8e0d178b1d1e 2574
wolfSSL 16:8e0d178b1d1e 2575 if (map != 0) {
wolfSSL 16:8e0d178b1d1e 2576 sp_256_map_10(r, rt, t);
wolfSSL 16:8e0d178b1d1e 2577 }
wolfSSL 16:8e0d178b1d1e 2578 else {
wolfSSL 16:8e0d178b1d1e 2579 XMEMCPY(r, rt, sizeof(sp_point));
wolfSSL 16:8e0d178b1d1e 2580 }
wolfSSL 16:8e0d178b1d1e 2581 }
wolfSSL 16:8e0d178b1d1e 2582
wolfSSL 16:8e0d178b1d1e 2583 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 2584 if (t != NULL) {
wolfSSL 16:8e0d178b1d1e 2585 XFREE(t, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 2586 }
wolfSSL 16:8e0d178b1d1e 2587 #endif
wolfSSL 16:8e0d178b1d1e 2588 sp_ecc_point_free(p, 0, heap);
wolfSSL 16:8e0d178b1d1e 2589 sp_ecc_point_free(rt, 0, heap);
wolfSSL 16:8e0d178b1d1e 2590
wolfSSL 16:8e0d178b1d1e 2591 return err;
wolfSSL 16:8e0d178b1d1e 2592 }
wolfSSL 16:8e0d178b1d1e 2593
wolfSSL 16:8e0d178b1d1e 2594 #ifdef FP_ECC
wolfSSL 16:8e0d178b1d1e 2595 #ifndef FP_ENTRIES
wolfSSL 16:8e0d178b1d1e 2596 #define FP_ENTRIES 16
wolfSSL 16:8e0d178b1d1e 2597 #endif
wolfSSL 16:8e0d178b1d1e 2598
wolfSSL 16:8e0d178b1d1e 2599 typedef struct sp_cache_t {
wolfSSL 16:8e0d178b1d1e 2600 sp_digit x[10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 2601 sp_digit y[10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 2602 sp_table_entry table[256] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 2603 uint32_t cnt;
wolfSSL 16:8e0d178b1d1e 2604 int set;
wolfSSL 16:8e0d178b1d1e 2605 } sp_cache_t;
wolfSSL 16:8e0d178b1d1e 2606
wolfSSL 16:8e0d178b1d1e 2607 static THREAD_LS_T sp_cache_t sp_cache[FP_ENTRIES];
wolfSSL 16:8e0d178b1d1e 2608 static THREAD_LS_T int sp_cache_last = -1;
wolfSSL 16:8e0d178b1d1e 2609 static THREAD_LS_T int sp_cache_inited = 0;
wolfSSL 16:8e0d178b1d1e 2610
wolfSSL 16:8e0d178b1d1e 2611 #ifndef HAVE_THREAD_LS
wolfSSL 16:8e0d178b1d1e 2612 static volatile int initCacheMutex = 0;
wolfSSL 16:8e0d178b1d1e 2613 static wolfSSL_Mutex sp_cache_lock;
wolfSSL 16:8e0d178b1d1e 2614 #endif
wolfSSL 16:8e0d178b1d1e 2615
wolfSSL 16:8e0d178b1d1e 2616 static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache)
wolfSSL 16:8e0d178b1d1e 2617 {
wolfSSL 16:8e0d178b1d1e 2618 int i, j;
wolfSSL 16:8e0d178b1d1e 2619 uint32_t least;
wolfSSL 16:8e0d178b1d1e 2620
wolfSSL 16:8e0d178b1d1e 2621 if (sp_cache_inited == 0) {
wolfSSL 16:8e0d178b1d1e 2622 for (i=0; i<FP_ENTRIES; i++) {
wolfSSL 16:8e0d178b1d1e 2623 sp_cache[i].set = 0;
wolfSSL 16:8e0d178b1d1e 2624 }
wolfSSL 16:8e0d178b1d1e 2625 sp_cache_inited = 1;
wolfSSL 16:8e0d178b1d1e 2626 }
wolfSSL 16:8e0d178b1d1e 2627
wolfSSL 16:8e0d178b1d1e 2628 /* Compare point with those in cache. */
wolfSSL 16:8e0d178b1d1e 2629 for (i=0; i<FP_ENTRIES; i++) {
wolfSSL 16:8e0d178b1d1e 2630 if (!sp_cache[i].set)
wolfSSL 16:8e0d178b1d1e 2631 continue;
wolfSSL 16:8e0d178b1d1e 2632
wolfSSL 16:8e0d178b1d1e 2633 if (sp_256_cmp_equal_10(g->x, sp_cache[i].x) &
wolfSSL 16:8e0d178b1d1e 2634 sp_256_cmp_equal_10(g->y, sp_cache[i].y)) {
wolfSSL 16:8e0d178b1d1e 2635 sp_cache[i].cnt++;
wolfSSL 16:8e0d178b1d1e 2636 break;
wolfSSL 16:8e0d178b1d1e 2637 }
wolfSSL 16:8e0d178b1d1e 2638 }
wolfSSL 16:8e0d178b1d1e 2639
wolfSSL 16:8e0d178b1d1e 2640 /* No match. */
wolfSSL 16:8e0d178b1d1e 2641 if (i == FP_ENTRIES) {
wolfSSL 16:8e0d178b1d1e 2642 /* Find empty entry. */
wolfSSL 16:8e0d178b1d1e 2643 i = (sp_cache_last + 1) % FP_ENTRIES;
wolfSSL 16:8e0d178b1d1e 2644 for (; i != sp_cache_last; i=(i+1)%FP_ENTRIES) {
wolfSSL 16:8e0d178b1d1e 2645 if (!sp_cache[i].set) {
wolfSSL 16:8e0d178b1d1e 2646 break;
wolfSSL 16:8e0d178b1d1e 2647 }
wolfSSL 16:8e0d178b1d1e 2648 }
wolfSSL 16:8e0d178b1d1e 2649
wolfSSL 16:8e0d178b1d1e 2650 /* Evict least used. */
wolfSSL 16:8e0d178b1d1e 2651 if (i == sp_cache_last) {
wolfSSL 16:8e0d178b1d1e 2652 least = sp_cache[0].cnt;
wolfSSL 16:8e0d178b1d1e 2653 for (j=1; j<FP_ENTRIES; j++) {
wolfSSL 16:8e0d178b1d1e 2654 if (sp_cache[j].cnt < least) {
wolfSSL 16:8e0d178b1d1e 2655 i = j;
wolfSSL 16:8e0d178b1d1e 2656 least = sp_cache[i].cnt;
wolfSSL 16:8e0d178b1d1e 2657 }
wolfSSL 16:8e0d178b1d1e 2658 }
wolfSSL 16:8e0d178b1d1e 2659 }
wolfSSL 16:8e0d178b1d1e 2660
wolfSSL 16:8e0d178b1d1e 2661 XMEMCPY(sp_cache[i].x, g->x, sizeof(sp_cache[i].x));
wolfSSL 16:8e0d178b1d1e 2662 XMEMCPY(sp_cache[i].y, g->y, sizeof(sp_cache[i].y));
wolfSSL 16:8e0d178b1d1e 2663 sp_cache[i].set = 1;
wolfSSL 16:8e0d178b1d1e 2664 sp_cache[i].cnt = 1;
wolfSSL 16:8e0d178b1d1e 2665 }
wolfSSL 16:8e0d178b1d1e 2666
wolfSSL 16:8e0d178b1d1e 2667 *cache = &sp_cache[i];
wolfSSL 16:8e0d178b1d1e 2668 sp_cache_last = i;
wolfSSL 16:8e0d178b1d1e 2669 }
wolfSSL 16:8e0d178b1d1e 2670 #endif /* FP_ECC */
wolfSSL 16:8e0d178b1d1e 2671
wolfSSL 16:8e0d178b1d1e 2672 /* Multiply the base point of P256 by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 2673 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 2674 *
wolfSSL 16:8e0d178b1d1e 2675 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 2676 * g Point to multiply.
wolfSSL 16:8e0d178b1d1e 2677 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 2678 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 2679 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 2680 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 2681 */
wolfSSL 16:8e0d178b1d1e 2682 static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit* k,
wolfSSL 16:8e0d178b1d1e 2683 int map, void* heap)
wolfSSL 16:8e0d178b1d1e 2684 {
wolfSSL 16:8e0d178b1d1e 2685 #ifndef FP_ECC
wolfSSL 16:8e0d178b1d1e 2686 return sp_256_ecc_mulmod_fast_10(r, g, k, map, heap);
wolfSSL 16:8e0d178b1d1e 2687 #else
wolfSSL 16:8e0d178b1d1e 2688 sp_digit tmp[2 * 10 * 5];
wolfSSL 16:8e0d178b1d1e 2689 sp_cache_t* cache;
wolfSSL 16:8e0d178b1d1e 2690 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 2691
wolfSSL 16:8e0d178b1d1e 2692 #ifndef HAVE_THREAD_LS
wolfSSL 16:8e0d178b1d1e 2693 if (initCacheMutex == 0) {
wolfSSL 16:8e0d178b1d1e 2694 wc_InitMutex(&sp_cache_lock);
wolfSSL 16:8e0d178b1d1e 2695 initCacheMutex = 1;
wolfSSL 16:8e0d178b1d1e 2696 }
wolfSSL 16:8e0d178b1d1e 2697 if (wc_LockMutex(&sp_cache_lock) != 0)
wolfSSL 16:8e0d178b1d1e 2698 err = BAD_MUTEX_E;
wolfSSL 16:8e0d178b1d1e 2699 #endif /* HAVE_THREAD_LS */
wolfSSL 16:8e0d178b1d1e 2700
wolfSSL 16:8e0d178b1d1e 2701 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 2702 sp_ecc_get_cache(g, &cache);
wolfSSL 16:8e0d178b1d1e 2703 if (cache->cnt == 2)
wolfSSL 16:8e0d178b1d1e 2704 sp_256_gen_stripe_table_10(g, cache->table, tmp, heap);
wolfSSL 16:8e0d178b1d1e 2705
wolfSSL 16:8e0d178b1d1e 2706 #ifndef HAVE_THREAD_LS
wolfSSL 16:8e0d178b1d1e 2707 wc_UnLockMutex(&sp_cache_lock);
wolfSSL 16:8e0d178b1d1e 2708 #endif /* HAVE_THREAD_LS */
wolfSSL 16:8e0d178b1d1e 2709
wolfSSL 16:8e0d178b1d1e 2710 if (cache->cnt < 2) {
wolfSSL 16:8e0d178b1d1e 2711 err = sp_256_ecc_mulmod_fast_10(r, g, k, map, heap);
wolfSSL 16:8e0d178b1d1e 2712 }
wolfSSL 16:8e0d178b1d1e 2713 else {
wolfSSL 16:8e0d178b1d1e 2714 err = sp_256_ecc_mulmod_stripe_10(r, g, cache->table, k,
wolfSSL 16:8e0d178b1d1e 2715 map, heap);
wolfSSL 16:8e0d178b1d1e 2716 }
wolfSSL 16:8e0d178b1d1e 2717 }
wolfSSL 16:8e0d178b1d1e 2718
wolfSSL 16:8e0d178b1d1e 2719 return err;
wolfSSL 16:8e0d178b1d1e 2720 #endif
wolfSSL 16:8e0d178b1d1e 2721 }
wolfSSL 16:8e0d178b1d1e 2722
wolfSSL 16:8e0d178b1d1e 2723 #endif
wolfSSL 16:8e0d178b1d1e 2724
wolfSSL 16:8e0d178b1d1e 2725 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 2726 /* Multiply the base point of P256 by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 2727 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 2728 *
wolfSSL 16:8e0d178b1d1e 2729 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 2730 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 2731 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 2732 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 2733 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 2734 */
wolfSSL 16:8e0d178b1d1e 2735 static int sp_256_ecc_mulmod_base_10(sp_point* r, const sp_digit* k,
wolfSSL 16:8e0d178b1d1e 2736 int map, void* heap)
wolfSSL 16:8e0d178b1d1e 2737 {
wolfSSL 16:8e0d178b1d1e 2738 /* No pre-computed values. */
wolfSSL 16:8e0d178b1d1e 2739 return sp_256_ecc_mulmod_10(r, &p256_base, k, map, heap);
wolfSSL 16:8e0d178b1d1e 2740 }
wolfSSL 16:8e0d178b1d1e 2741
wolfSSL 16:8e0d178b1d1e 2742 #else
wolfSSL 16:8e0d178b1d1e 2743 static const sp_table_entry p256_table[256] = {
wolfSSL 16:8e0d178b1d1e 2744 /* 0 */
wolfSSL 16:8e0d178b1d1e 2745 { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
wolfSSL 16:8e0d178b1d1e 2746 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
wolfSSL 16:8e0d178b1d1e 2747 /* 1 */
wolfSSL 16:8e0d178b1d1e 2748 { { 0x0a9143c,0x1cc3506,0x360179e,0x3f17fb6,0x075ba95,0x1d88944,
wolfSSL 16:8e0d178b1d1e 2749 0x3b732b7,0x15719e7,0x376a537,0x0062417 },
wolfSSL 16:8e0d178b1d1e 2750 { 0x295560a,0x094d5f3,0x245cddf,0x392e867,0x18b4ab8,0x3487cc9,
wolfSSL 16:8e0d178b1d1e 2751 0x288688d,0x176174b,0x3182588,0x0215c7f } },
wolfSSL 16:8e0d178b1d1e 2752 /* 2 */
wolfSSL 16:8e0d178b1d1e 2753 { { 0x147519a,0x2218090,0x32f0202,0x2b09acd,0x0d0981e,0x1e17af2,
wolfSSL 16:8e0d178b1d1e 2754 0x14a7caa,0x163a6a7,0x10ddbdf,0x03654f1 },
wolfSSL 16:8e0d178b1d1e 2755 { 0x1590f8f,0x0d8733f,0x09179d6,0x1ad139b,0x372e962,0x0bad933,
wolfSSL 16:8e0d178b1d1e 2756 0x1961102,0x223cdff,0x37e9eb2,0x0218fae } },
wolfSSL 16:8e0d178b1d1e 2757 /* 3 */
wolfSSL 16:8e0d178b1d1e 2758 { { 0x0db6485,0x1ad88d7,0x2f97785,0x288bc28,0x3808f0e,0x3df8c02,
wolfSSL 16:8e0d178b1d1e 2759 0x28d9544,0x20280f9,0x055b5ff,0x00001d8 },
wolfSSL 16:8e0d178b1d1e 2760 { 0x38d2010,0x13ae6e0,0x308a763,0x2ecc90d,0x254014f,0x10a9981,
wolfSSL 16:8e0d178b1d1e 2761 0x247d398,0x0fb8383,0x3613437,0x020c21d } },
wolfSSL 16:8e0d178b1d1e 2762 /* 4 */
wolfSSL 16:8e0d178b1d1e 2763 { { 0x2a0d2bb,0x08bf145,0x34994f9,0x1b06988,0x30d5cc1,0x1f18b22,
wolfSSL 16:8e0d178b1d1e 2764 0x01cf3a5,0x199fe49,0x161fd1b,0x00bd79a },
wolfSSL 16:8e0d178b1d1e 2765 { 0x1a01797,0x171c2fd,0x21925c1,0x1358255,0x23d20b4,0x1c7f6d4,
wolfSSL 16:8e0d178b1d1e 2766 0x111b370,0x03dec12,0x1168d6f,0x03d923e } },
wolfSSL 16:8e0d178b1d1e 2767 /* 5 */
wolfSSL 16:8e0d178b1d1e 2768 { { 0x137bbbc,0x19a11f8,0x0bec9e5,0x27a29a8,0x3e43446,0x275cd18,
wolfSSL 16:8e0d178b1d1e 2769 0x0427617,0x00056c7,0x285133d,0x016af80 },
wolfSSL 16:8e0d178b1d1e 2770 { 0x04c7dab,0x2a0df30,0x0c0792a,0x1310c98,0x3573d9f,0x239b30d,
wolfSSL 16:8e0d178b1d1e 2771 0x1315627,0x1ce0c32,0x25b6b6f,0x0252edc } },
wolfSSL 16:8e0d178b1d1e 2772 /* 6 */
wolfSSL 16:8e0d178b1d1e 2773 { { 0x20f141c,0x26d23dc,0x3c74bbf,0x334b7d6,0x06199b3,0x0441171,
wolfSSL 16:8e0d178b1d1e 2774 0x3f61294,0x313bf70,0x3cb2f7d,0x03375ae },
wolfSSL 16:8e0d178b1d1e 2775 { 0x2f436fd,0x19c02fa,0x26becca,0x1b6e64c,0x26f647f,0x053c948,
wolfSSL 16:8e0d178b1d1e 2776 0x0fa7920,0x397d830,0x2bd4bda,0x028d86f } },
wolfSSL 16:8e0d178b1d1e 2777 /* 7 */
wolfSSL 16:8e0d178b1d1e 2778 { { 0x17c13c7,0x2895616,0x03e128a,0x17d42df,0x1c38d63,0x0f02747,
wolfSSL 16:8e0d178b1d1e 2779 0x039aecf,0x0a4b01c,0x209c4b5,0x02e84b2 },
wolfSSL 16:8e0d178b1d1e 2780 { 0x1f91dfd,0x023e916,0x07fb9e4,0x19b3ba8,0x13af43b,0x35e02ca,
wolfSSL 16:8e0d178b1d1e 2781 0x0eb0899,0x3bd2c7b,0x19d701f,0x014faee } },
wolfSSL 16:8e0d178b1d1e 2782 /* 8 */
wolfSSL 16:8e0d178b1d1e 2783 { { 0x0e63d34,0x1fb8c6c,0x0fab4fe,0x1caa795,0x0f46005,0x179ed69,
wolfSSL 16:8e0d178b1d1e 2784 0x093334d,0x120c701,0x39206d5,0x021627e },
wolfSSL 16:8e0d178b1d1e 2785 { 0x183553a,0x03d7319,0x09e5aa7,0x12b8959,0x2087909,0x0011194,
wolfSSL 16:8e0d178b1d1e 2786 0x1045071,0x0713f32,0x16d0254,0x03aec1a } },
wolfSSL 16:8e0d178b1d1e 2787 /* 9 */
wolfSSL 16:8e0d178b1d1e 2788 { { 0x01647c5,0x1b2856b,0x1799461,0x11f133d,0x0b8127d,0x1937eeb,
wolfSSL 16:8e0d178b1d1e 2789 0x266aa37,0x1f68f71,0x0cbd1b2,0x03aca08 },
wolfSSL 16:8e0d178b1d1e 2790 { 0x287e008,0x1be361a,0x38f3940,0x276488d,0x2d87dfa,0x0333b2c,
wolfSSL 16:8e0d178b1d1e 2791 0x2d2e428,0x368755b,0x09b55a7,0x007ca0a } },
wolfSSL 16:8e0d178b1d1e 2792 /* 10 */
wolfSSL 16:8e0d178b1d1e 2793 { { 0x389da99,0x2a8300e,0x0022abb,0x27ae0a1,0x0a6f2d7,0x207017a,
wolfSSL 16:8e0d178b1d1e 2794 0x047862b,0x1358c9e,0x35905e5,0x00cde92 },
wolfSSL 16:8e0d178b1d1e 2795 { 0x1f7794a,0x1d40348,0x3f613c6,0x2ddf5b5,0x0207005,0x133f5ba,
wolfSSL 16:8e0d178b1d1e 2796 0x1a37810,0x3ef5829,0x0d5f4c2,0x0035978 } },
wolfSSL 16:8e0d178b1d1e 2797 /* 11 */
wolfSSL 16:8e0d178b1d1e 2798 { { 0x1275d38,0x026efad,0x2358d9d,0x1142f82,0x14268a7,0x1cfac99,
wolfSSL 16:8e0d178b1d1e 2799 0x362ff49,0x288cbc1,0x24252f4,0x0308f68 },
wolfSSL 16:8e0d178b1d1e 2800 { 0x394520c,0x06e13c2,0x178e5da,0x18ec16f,0x1096667,0x134a7a8,
wolfSSL 16:8e0d178b1d1e 2801 0x0dcb869,0x33fc4e9,0x38cc790,0x006778e } },
wolfSSL 16:8e0d178b1d1e 2802 /* 12 */
wolfSSL 16:8e0d178b1d1e 2803 { { 0x2c5fe04,0x29c5b09,0x1bdb183,0x02ceee8,0x03b28de,0x132dc4b,
wolfSSL 16:8e0d178b1d1e 2804 0x32c586a,0x32ff5d0,0x3d491fc,0x038d372 },
wolfSSL 16:8e0d178b1d1e 2805 { 0x2a58403,0x2351aea,0x3a53b40,0x21a0ba5,0x39a6974,0x1aaaa2b,
wolfSSL 16:8e0d178b1d1e 2806 0x3901273,0x03dfe78,0x3447b4e,0x039d907 } },
wolfSSL 16:8e0d178b1d1e 2807 /* 13 */
wolfSSL 16:8e0d178b1d1e 2808 { { 0x364ba59,0x14e5077,0x02fc7d7,0x3b02c09,0x1d33f10,0x0560616,
wolfSSL 16:8e0d178b1d1e 2809 0x06dfc6a,0x15efd3c,0x357052a,0x01284b7 },
wolfSSL 16:8e0d178b1d1e 2810 { 0x039dbd0,0x18ce3e5,0x3e1fbfa,0x352f794,0x0d3c24b,0x07c6cc5,
wolfSSL 16:8e0d178b1d1e 2811 0x1e4ffa2,0x3a91bf5,0x293bb5b,0x01abd6a } },
wolfSSL 16:8e0d178b1d1e 2812 /* 14 */
wolfSSL 16:8e0d178b1d1e 2813 { { 0x0c91999,0x02da644,0x0491da1,0x100a960,0x00a24b4,0x2330824,
wolfSSL 16:8e0d178b1d1e 2814 0x0094b4b,0x1004cf8,0x35a66a4,0x017f8d1 },
wolfSSL 16:8e0d178b1d1e 2815 { 0x13e7b4b,0x232af7e,0x391ab0f,0x069f08f,0x3292b50,0x3479898,
wolfSSL 16:8e0d178b1d1e 2816 0x2889aec,0x2a4590b,0x308ecfe,0x02d5138 } },
wolfSSL 16:8e0d178b1d1e 2817 /* 15 */
wolfSSL 16:8e0d178b1d1e 2818 { { 0x2ddfdce,0x231ba45,0x39e6647,0x19be245,0x12c3291,0x35399f8,
wolfSSL 16:8e0d178b1d1e 2819 0x0d6e764,0x3082d3a,0x2bda6b0,0x0382dac },
wolfSSL 16:8e0d178b1d1e 2820 { 0x37efb57,0x04b7cae,0x00070d3,0x379e431,0x01aac0d,0x1e6f251,
wolfSSL 16:8e0d178b1d1e 2821 0x0336ad6,0x0ddd3e4,0x3de25a6,0x01c7008 } },
wolfSSL 16:8e0d178b1d1e 2822 /* 16 */
wolfSSL 16:8e0d178b1d1e 2823 { { 0x3e20925,0x230912f,0x286762a,0x30e3f73,0x391c19a,0x34e1c18,
wolfSSL 16:8e0d178b1d1e 2824 0x16a5d5d,0x093d96a,0x3d421d3,0x0187561 },
wolfSSL 16:8e0d178b1d1e 2825 { 0x37173ea,0x19ce8a8,0x0b65e87,0x0214dde,0x2238480,0x16ead0f,
wolfSSL 16:8e0d178b1d1e 2826 0x38441e0,0x3bef843,0x2124621,0x03e847f } },
wolfSSL 16:8e0d178b1d1e 2827 /* 17 */
wolfSSL 16:8e0d178b1d1e 2828 { { 0x0b19ffd,0x247cacb,0x3c231c8,0x16ec648,0x201ba8d,0x2b172a3,
wolfSSL 16:8e0d178b1d1e 2829 0x103d678,0x2fb72db,0x04c1f13,0x0161bac },
wolfSSL 16:8e0d178b1d1e 2830 { 0x3e8ed09,0x171b949,0x2de20c3,0x0f06067,0x21e81a3,0x1b194be,
wolfSSL 16:8e0d178b1d1e 2831 0x0fd6c05,0x13c449e,0x0087086,0x006756b } },
wolfSSL 16:8e0d178b1d1e 2832 /* 18 */
wolfSSL 16:8e0d178b1d1e 2833 { { 0x09a4e1f,0x27d604c,0x00741e9,0x06fa49c,0x0ab7de7,0x3f4a348,
wolfSSL 16:8e0d178b1d1e 2834 0x25ef0be,0x158fc9a,0x33f7f9c,0x039f001 },
wolfSSL 16:8e0d178b1d1e 2835 { 0x2f59f76,0x3598e83,0x30501f6,0x15083f2,0x0669b3b,0x29980b5,
wolfSSL 16:8e0d178b1d1e 2836 0x0c1f7a7,0x0f02b02,0x0fec65b,0x0382141 } },
wolfSSL 16:8e0d178b1d1e 2837 /* 19 */
wolfSSL 16:8e0d178b1d1e 2838 { { 0x031b3ca,0x23da368,0x2d66f09,0x27b9b69,0x06d1cab,0x13c91ba,
wolfSSL 16:8e0d178b1d1e 2839 0x3d81fa9,0x25ad16f,0x0825b09,0x01e3c06 },
wolfSSL 16:8e0d178b1d1e 2840 { 0x225787f,0x3bf790e,0x2c9bb7e,0x0347732,0x28016f8,0x0d6ff0d,
wolfSSL 16:8e0d178b1d1e 2841 0x2a4877b,0x1d1e833,0x3b87e94,0x010e9dc } },
wolfSSL 16:8e0d178b1d1e 2842 /* 20 */
wolfSSL 16:8e0d178b1d1e 2843 { { 0x2b533d5,0x1ddcd34,0x1dc0625,0x3da86f7,0x3673b8a,0x1e7b0a4,
wolfSSL 16:8e0d178b1d1e 2844 0x3e7c9aa,0x19ac55d,0x251c3b2,0x02edb79 },
wolfSSL 16:8e0d178b1d1e 2845 { 0x25259b3,0x24c0ead,0x3480e7e,0x34f40e9,0x3d6a0af,0x2cf3f09,
wolfSSL 16:8e0d178b1d1e 2846 0x2c83d19,0x2e66f16,0x19a5d18,0x0182d18 } },
wolfSSL 16:8e0d178b1d1e 2847 /* 21 */
wolfSSL 16:8e0d178b1d1e 2848 { { 0x2e5aa1c,0x28e3846,0x3658bd6,0x0ad279c,0x1b8b765,0x397e1fb,
wolfSSL 16:8e0d178b1d1e 2849 0x130014e,0x3ff342c,0x3b2aeeb,0x02743c9 },
wolfSSL 16:8e0d178b1d1e 2850 { 0x2730a55,0x0918c5e,0x083aca9,0x0bf76ef,0x19c955b,0x300669c,
wolfSSL 16:8e0d178b1d1e 2851 0x01dfe0a,0x312341f,0x26d356e,0x0091295 } },
wolfSSL 16:8e0d178b1d1e 2852 /* 22 */
wolfSSL 16:8e0d178b1d1e 2853 { { 0x2cf1f96,0x00e52ba,0x271c6db,0x2a40930,0x19f2122,0x0b2f4ee,
wolfSSL 16:8e0d178b1d1e 2854 0x26ac1b8,0x3bda498,0x0873581,0x0117963 },
wolfSSL 16:8e0d178b1d1e 2855 { 0x38f9dbc,0x3d1e768,0x2040d3f,0x11ba222,0x3a8aaf1,0x1b82fb5,
wolfSSL 16:8e0d178b1d1e 2856 0x1adfb24,0x2de9251,0x21cc1e4,0x0301038 } },
wolfSSL 16:8e0d178b1d1e 2857 /* 23 */
wolfSSL 16:8e0d178b1d1e 2858 { { 0x38117b6,0x2bc001b,0x1433847,0x3fdce8d,0x3651969,0x3651d7a,
wolfSSL 16:8e0d178b1d1e 2859 0x2b35761,0x1bb1d20,0x097682c,0x00737d7 },
wolfSSL 16:8e0d178b1d1e 2860 { 0x1f04839,0x1dd6d04,0x16987db,0x3d12378,0x17dbeac,0x1c2cc86,
wolfSSL 16:8e0d178b1d1e 2861 0x121dd1b,0x3fcf6ca,0x1f8a92d,0x00119d5 } },
wolfSSL 16:8e0d178b1d1e 2862 /* 24 */
wolfSSL 16:8e0d178b1d1e 2863 { { 0x0e8ffcd,0x2b174af,0x1a82cc8,0x22cbf98,0x30d53c4,0x080b5b1,
wolfSSL 16:8e0d178b1d1e 2864 0x3161727,0x297cfdb,0x2113b83,0x0011b97 },
wolfSSL 16:8e0d178b1d1e 2865 { 0x0007f01,0x23fd936,0x3183e7b,0x0496bd0,0x07fb1ef,0x178680f,
wolfSSL 16:8e0d178b1d1e 2866 0x1c5ea63,0x0016c11,0x2c3303d,0x01b8041 } },
wolfSSL 16:8e0d178b1d1e 2867 /* 25 */
wolfSSL 16:8e0d178b1d1e 2868 { { 0x0dd73b1,0x1cd6122,0x10d948c,0x23e657b,0x3767070,0x15a8aad,
wolfSSL 16:8e0d178b1d1e 2869 0x385ea8c,0x33c7ce0,0x0ede901,0x0110965 },
wolfSSL 16:8e0d178b1d1e 2870 { 0x2d4b65b,0x2a8b244,0x0c37f8f,0x0ee5b24,0x394c234,0x3a5e347,
wolfSSL 16:8e0d178b1d1e 2871 0x26e4a15,0x39a3b4c,0x2514c2e,0x029e5be } },
wolfSSL 16:8e0d178b1d1e 2872 /* 26 */
wolfSSL 16:8e0d178b1d1e 2873 { { 0x23addd7,0x3ed8120,0x13b3359,0x20f959a,0x09e2a61,0x32fcf20,
wolfSSL 16:8e0d178b1d1e 2874 0x05b78e3,0x19ba7e2,0x1a9c697,0x0392b4b },
wolfSSL 16:8e0d178b1d1e 2875 { 0x2048a61,0x3dfd0a3,0x19a0357,0x233024b,0x3082d19,0x00fb63b,
wolfSSL 16:8e0d178b1d1e 2876 0x3a1af4c,0x1450ff0,0x046c37b,0x0317a50 } },
wolfSSL 16:8e0d178b1d1e 2877 /* 27 */
wolfSSL 16:8e0d178b1d1e 2878 { { 0x3e75f9e,0x294e30a,0x3a78476,0x3a32c48,0x36fd1a9,0x0427012,
wolfSSL 16:8e0d178b1d1e 2879 0x1e4df0b,0x11d1f61,0x1afdb46,0x018ca0f },
wolfSSL 16:8e0d178b1d1e 2880 { 0x2f2df15,0x0a33dee,0x27f4ce7,0x1542b66,0x3e592c4,0x20d2f30,
wolfSSL 16:8e0d178b1d1e 2881 0x3226ade,0x2a4e3ea,0x1ab1981,0x01a2f46 } },
wolfSSL 16:8e0d178b1d1e 2882 /* 28 */
wolfSSL 16:8e0d178b1d1e 2883 { { 0x087d659,0x3ab5446,0x305ac08,0x3d2cd64,0x33374d5,0x3f9d3f8,
wolfSSL 16:8e0d178b1d1e 2884 0x186981c,0x37f5a5a,0x2f53c6f,0x01254a4 },
wolfSSL 16:8e0d178b1d1e 2885 { 0x2cec896,0x1e32786,0x04844a8,0x043b16d,0x3d964b2,0x1935829,
wolfSSL 16:8e0d178b1d1e 2886 0x16f7e26,0x1a0dd9a,0x30d2603,0x003b1d4 } },
wolfSSL 16:8e0d178b1d1e 2887 /* 29 */
wolfSSL 16:8e0d178b1d1e 2888 { { 0x12687bb,0x04e816b,0x21fa2da,0x1abccb8,0x3a1f83b,0x375181e,
wolfSSL 16:8e0d178b1d1e 2889 0x0f5ef51,0x0fc2ce4,0x3a66486,0x003d881 },
wolfSSL 16:8e0d178b1d1e 2890 { 0x3138233,0x1f8eec3,0x2718bd6,0x1b09caa,0x2dd66b9,0x1bb222b,
wolfSSL 16:8e0d178b1d1e 2891 0x1004072,0x1b73e3b,0x07208ed,0x03fc36c } },
wolfSSL 16:8e0d178b1d1e 2892 /* 30 */
wolfSSL 16:8e0d178b1d1e 2893 { { 0x095d553,0x3e84053,0x0a8a749,0x3f575a0,0x3a44052,0x3ced59b,
wolfSSL 16:8e0d178b1d1e 2894 0x3b4317f,0x03a8c60,0x13c8874,0x00c4ed4 },
wolfSSL 16:8e0d178b1d1e 2895 { 0x0d11549,0x0b8ab02,0x221cb40,0x02ed37b,0x2071ee1,0x1fc8c83,
wolfSSL 16:8e0d178b1d1e 2896 0x3987dd4,0x27e049a,0x0f986f1,0x00b4eaf } },
wolfSSL 16:8e0d178b1d1e 2897 /* 31 */
wolfSSL 16:8e0d178b1d1e 2898 { { 0x15581a2,0x2214060,0x11af4c2,0x1598c88,0x19a0a6d,0x32acba6,
wolfSSL 16:8e0d178b1d1e 2899 0x3a7a0f0,0x2337c66,0x210ded9,0x0300dbe },
wolfSSL 16:8e0d178b1d1e 2900 { 0x1fbd009,0x3822eb0,0x181629a,0x2401b45,0x30b68b1,0x2e78363,
wolfSSL 16:8e0d178b1d1e 2901 0x2b32779,0x006530b,0x2c4b6d4,0x029aca8 } },
wolfSSL 16:8e0d178b1d1e 2902 /* 32 */
wolfSSL 16:8e0d178b1d1e 2903 { { 0x13549cf,0x0f943db,0x265ed43,0x1bfeb35,0x06f3369,0x3847f2d,
wolfSSL 16:8e0d178b1d1e 2904 0x1bfdacc,0x26181a5,0x252af7c,0x02043b8 },
wolfSSL 16:8e0d178b1d1e 2905 { 0x159bb2c,0x143f85c,0x357b654,0x2f9d62c,0x2f7dfbe,0x1a7fa9c,
wolfSSL 16:8e0d178b1d1e 2906 0x057e74d,0x05d14ac,0x17a9273,0x035215c } },
wolfSSL 16:8e0d178b1d1e 2907 /* 33 */
wolfSSL 16:8e0d178b1d1e 2908 { { 0x0cb5a98,0x106a2bc,0x10bf117,0x24c7cc4,0x3d3da8f,0x2ce0ab7,
wolfSSL 16:8e0d178b1d1e 2909 0x14e2cba,0x1813866,0x1a72f9a,0x01a9811 },
wolfSSL 16:8e0d178b1d1e 2910 { 0x2b2411d,0x3034fe8,0x16e0170,0x0f9443a,0x0be0eb8,0x2196cf3,
wolfSSL 16:8e0d178b1d1e 2911 0x0c9f738,0x15e40ef,0x0faf9e1,0x034f917 } },
wolfSSL 16:8e0d178b1d1e 2912 /* 34 */
wolfSSL 16:8e0d178b1d1e 2913 { { 0x03f7669,0x3da6efa,0x3d6bce1,0x209ca1d,0x109f8ae,0x09109e3,
wolfSSL 16:8e0d178b1d1e 2914 0x08ae543,0x3067255,0x1dee3c2,0x0081dd5 },
wolfSSL 16:8e0d178b1d1e 2915 { 0x3ef1945,0x358765b,0x28c387b,0x3bec4b4,0x218813c,0x0b7d92a,
wolfSSL 16:8e0d178b1d1e 2916 0x3cd1d67,0x2c0367e,0x2e57154,0x0123717 } },
wolfSSL 16:8e0d178b1d1e 2917 /* 35 */
wolfSSL 16:8e0d178b1d1e 2918 { { 0x3e5a199,0x1e42ffd,0x0bb7123,0x33e6273,0x1e0efb8,0x294671e,
wolfSSL 16:8e0d178b1d1e 2919 0x3a2bfe0,0x3d11709,0x2eddff6,0x03cbec2 },
wolfSSL 16:8e0d178b1d1e 2920 { 0x0b5025f,0x0255d7c,0x1f2241c,0x35d03ea,0x0550543,0x202fef4,
wolfSSL 16:8e0d178b1d1e 2921 0x23c8ad3,0x354963e,0x015db28,0x0284fa4 } },
wolfSSL 16:8e0d178b1d1e 2922 /* 36 */
wolfSSL 16:8e0d178b1d1e 2923 { { 0x2b65cbc,0x1e8d428,0x0226f9f,0x1c8a919,0x10b04b9,0x08fc1e8,
wolfSSL 16:8e0d178b1d1e 2924 0x1ce241e,0x149bc99,0x2b01497,0x00afc35 },
wolfSSL 16:8e0d178b1d1e 2925 { 0x3216fb7,0x1374fd2,0x226ad3d,0x19fef76,0x0f7d7b8,0x1c21417,
wolfSSL 16:8e0d178b1d1e 2926 0x37b83f6,0x3a27eba,0x25a162f,0x010aa52 } },
wolfSSL 16:8e0d178b1d1e 2927 /* 37 */
wolfSSL 16:8e0d178b1d1e 2928 { { 0x2adf191,0x1ab42fa,0x28d7584,0x2409689,0x20f8a48,0x253707d,
wolfSSL 16:8e0d178b1d1e 2929 0x2030504,0x378f7a1,0x169c65e,0x00b0b76 },
wolfSSL 16:8e0d178b1d1e 2930 { 0x3849c17,0x085c764,0x10dd6d0,0x2e87689,0x1460488,0x30e9521,
wolfSSL 16:8e0d178b1d1e 2931 0x10c7063,0x1b6f120,0x21f42c5,0x03d0dfe } },
wolfSSL 16:8e0d178b1d1e 2932 /* 38 */
wolfSSL 16:8e0d178b1d1e 2933 { { 0x20f7dab,0x035c512,0x29ac6aa,0x24c5ddb,0x20f0497,0x17ce5e1,
wolfSSL 16:8e0d178b1d1e 2934 0x00a050f,0x1eaa14b,0x3335470,0x02abd16 },
wolfSSL 16:8e0d178b1d1e 2935 { 0x18d364a,0x0df0cf0,0x316585e,0x018f925,0x0d40b9b,0x17b1511,
wolfSSL 16:8e0d178b1d1e 2936 0x1716811,0x1caf3d0,0x10df4f2,0x0337d8c } },
wolfSSL 16:8e0d178b1d1e 2937 /* 39 */
wolfSSL 16:8e0d178b1d1e 2938 { { 0x2a8b7ef,0x0f188e3,0x2287747,0x06216f0,0x008e935,0x2f6a38d,
wolfSSL 16:8e0d178b1d1e 2939 0x1567722,0x0bfc906,0x0bada9e,0x03c3402 },
wolfSSL 16:8e0d178b1d1e 2940 { 0x014d3b1,0x099c749,0x2a76291,0x216c067,0x3b37549,0x14ef2f6,
wolfSSL 16:8e0d178b1d1e 2941 0x21b96d4,0x1ee2d71,0x2f5ca88,0x016f570 } },
wolfSSL 16:8e0d178b1d1e 2942 /* 40 */
wolfSSL 16:8e0d178b1d1e 2943 { { 0x09a3154,0x3d1a7bd,0x2e9aef0,0x255b8ac,0x03e85a5,0x2a492a7,
wolfSSL 16:8e0d178b1d1e 2944 0x2aec1ea,0x11c6516,0x3c8a09e,0x02a84b7 },
wolfSSL 16:8e0d178b1d1e 2945 { 0x1f69f1d,0x09c89d3,0x1e7326f,0x0b28bfd,0x0e0e4c8,0x1ea7751,
wolfSSL 16:8e0d178b1d1e 2946 0x18ce73b,0x2a406e7,0x273e48c,0x01b00db } },
wolfSSL 16:8e0d178b1d1e 2947 /* 41 */
wolfSSL 16:8e0d178b1d1e 2948 { { 0x36e3138,0x2b84a83,0x345a5cf,0x00096b4,0x16966ef,0x159caf1,
wolfSSL 16:8e0d178b1d1e 2949 0x13c64b4,0x2f89226,0x25896af,0x00a4bfd },
wolfSSL 16:8e0d178b1d1e 2950 { 0x2213402,0x1435117,0x09fed52,0x09d0e4b,0x0f6580e,0x2871cba,
wolfSSL 16:8e0d178b1d1e 2951 0x3b397fd,0x1c9d825,0x090311b,0x0191383 } },
wolfSSL 16:8e0d178b1d1e 2952 /* 42 */
wolfSSL 16:8e0d178b1d1e 2953 { { 0x07153f0,0x1087869,0x18c9e1e,0x1e64810,0x2b86c3b,0x0175d9c,
wolfSSL 16:8e0d178b1d1e 2954 0x3dce877,0x269de4e,0x393cab7,0x03c96b9 },
wolfSSL 16:8e0d178b1d1e 2955 { 0x1869d0c,0x06528db,0x02641f3,0x209261b,0x29d55c8,0x25ba517,
wolfSSL 16:8e0d178b1d1e 2956 0x3b5ea30,0x028f927,0x25313db,0x00e6e39 } },
wolfSSL 16:8e0d178b1d1e 2957 /* 43 */
wolfSSL 16:8e0d178b1d1e 2958 { { 0x2fd2e59,0x150802d,0x098f377,0x19a4957,0x135e2c0,0x38a95ce,
wolfSSL 16:8e0d178b1d1e 2959 0x1ab21a0,0x36c1b67,0x32f0f19,0x00e448b },
wolfSSL 16:8e0d178b1d1e 2960 { 0x3cad53c,0x3387800,0x17e3cfb,0x03f9970,0x3225b2c,0x2a84e1d,
wolfSSL 16:8e0d178b1d1e 2961 0x3af1d29,0x3fe35ca,0x2f8ce80,0x0237a02 } },
wolfSSL 16:8e0d178b1d1e 2962 /* 44 */
wolfSSL 16:8e0d178b1d1e 2963 { { 0x07bbb76,0x3aa3648,0x2758afb,0x1f085e0,0x1921c7e,0x3010dac,
wolfSSL 16:8e0d178b1d1e 2964 0x22b74b1,0x230137e,0x1062e36,0x021c652 },
wolfSSL 16:8e0d178b1d1e 2965 { 0x3993df5,0x24a2ee8,0x126ab5f,0x2d7cecf,0x0639d75,0x16d5414,
wolfSSL 16:8e0d178b1d1e 2966 0x1aa78a8,0x3f78404,0x26a5b74,0x03f0c57 } },
wolfSSL 16:8e0d178b1d1e 2967 /* 45 */
wolfSSL 16:8e0d178b1d1e 2968 { { 0x0d6ecfa,0x3f506ba,0x3f86561,0x3d86bb1,0x15f8c44,0x2491d07,
wolfSSL 16:8e0d178b1d1e 2969 0x052a7b4,0x2422261,0x3adee38,0x039b529 },
wolfSSL 16:8e0d178b1d1e 2970 { 0x193c75d,0x14bb451,0x1162605,0x293749c,0x370a70d,0x2e8b1f6,
wolfSSL 16:8e0d178b1d1e 2971 0x2ede937,0x2b95f4a,0x39a9be2,0x00d77eb } },
wolfSSL 16:8e0d178b1d1e 2972 /* 46 */
wolfSSL 16:8e0d178b1d1e 2973 { { 0x2736636,0x15bf36a,0x2b7e6b9,0x25eb8b2,0x209f51d,0x3cd2659,
wolfSSL 16:8e0d178b1d1e 2974 0x10bf410,0x034afec,0x3d71c83,0x0076971 },
wolfSSL 16:8e0d178b1d1e 2975 { 0x0ce6825,0x07920cf,0x3c3b5c4,0x23fe55c,0x015ad11,0x08c0dae,
wolfSSL 16:8e0d178b1d1e 2976 0x0552c7f,0x2e75a8a,0x0fddbf4,0x01c1df0 } },
wolfSSL 16:8e0d178b1d1e 2977 /* 47 */
wolfSSL 16:8e0d178b1d1e 2978 { { 0x2b9661c,0x0ffe351,0x3d71bf6,0x1ac34b3,0x3a1dfd3,0x211fe3d,
wolfSSL 16:8e0d178b1d1e 2979 0x33e140a,0x3f9100d,0x32ee50e,0x014ea18 },
wolfSSL 16:8e0d178b1d1e 2980 { 0x16d8051,0x1bfda1a,0x068a097,0x2571d3d,0x1daec0c,0x39389af,
wolfSSL 16:8e0d178b1d1e 2981 0x194dc35,0x3f3058a,0x36d34e1,0x000a329 } },
wolfSSL 16:8e0d178b1d1e 2982 /* 48 */
wolfSSL 16:8e0d178b1d1e 2983 { { 0x09877ee,0x351f73f,0x0002d11,0x0420074,0x2c8b362,0x130982d,
wolfSSL 16:8e0d178b1d1e 2984 0x02c1175,0x3c11b40,0x0d86962,0x001305f },
wolfSSL 16:8e0d178b1d1e 2985 { 0x0daddf5,0x2f4252c,0x15c06d9,0x1d49339,0x1bea235,0x0b680ed,
wolfSSL 16:8e0d178b1d1e 2986 0x3356e67,0x1d1d198,0x1e9fed9,0x03dee93 } },
wolfSSL 16:8e0d178b1d1e 2987 /* 49 */
wolfSSL 16:8e0d178b1d1e 2988 { { 0x3e1263f,0x2fe8d3a,0x3ce6d0d,0x0d5c6b9,0x3557637,0x0a9bd48,
wolfSSL 16:8e0d178b1d1e 2989 0x0405538,0x0710749,0x2005213,0x038c7e5 },
wolfSSL 16:8e0d178b1d1e 2990 { 0x26b6ec6,0x2e485ba,0x3c44d1b,0x0b9cf0b,0x037a1d1,0x27428a5,
wolfSSL 16:8e0d178b1d1e 2991 0x0e7eac8,0x351ef04,0x259ce34,0x02a8e98 } },
wolfSSL 16:8e0d178b1d1e 2992 /* 50 */
wolfSSL 16:8e0d178b1d1e 2993 { { 0x2f3dcd3,0x3e77d4d,0x3360fbc,0x1434afd,0x36ceded,0x3d413d6,
wolfSSL 16:8e0d178b1d1e 2994 0x1710fad,0x36bb924,0x1627e79,0x008e637 },
wolfSSL 16:8e0d178b1d1e 2995 { 0x109569e,0x1c168db,0x3769cf4,0x2ed4527,0x0ea0619,0x17d80d3,
wolfSSL 16:8e0d178b1d1e 2996 0x1c03773,0x18843fe,0x1b21c04,0x015c5fd } },
wolfSSL 16:8e0d178b1d1e 2997 /* 51 */
wolfSSL 16:8e0d178b1d1e 2998 { { 0x1dd895e,0x08a7248,0x04519fe,0x001030a,0x18e5185,0x358dfb3,
wolfSSL 16:8e0d178b1d1e 2999 0x13d2391,0x0a37be8,0x0560e3c,0x019828b },
wolfSSL 16:8e0d178b1d1e 3000 { 0x27fcbd0,0x2a22bb5,0x30969cc,0x1e03aa7,0x1c84724,0x0ba4ad3,
wolfSSL 16:8e0d178b1d1e 3001 0x32f4817,0x0914cca,0x14c4f52,0x01893b9 } },
wolfSSL 16:8e0d178b1d1e 3002 /* 52 */
wolfSSL 16:8e0d178b1d1e 3003 { { 0x097eccc,0x1273936,0x00aa095,0x364fe62,0x04d49d1,0x10e9f08,
wolfSSL 16:8e0d178b1d1e 3004 0x3c24230,0x3ef01c8,0x2fb92bd,0x013ce4a },
wolfSSL 16:8e0d178b1d1e 3005 { 0x1e44fd9,0x27e3e9f,0x2156696,0x3915ecc,0x0b66cfb,0x1a3af0f,
wolfSSL 16:8e0d178b1d1e 3006 0x2fa8033,0x0e6736c,0x177ccdb,0x0228f9e } },
wolfSSL 16:8e0d178b1d1e 3007 /* 53 */
wolfSSL 16:8e0d178b1d1e 3008 { { 0x2c4b125,0x06207c1,0x0a8cdde,0x003db8f,0x1ae34e3,0x31e84fa,
wolfSSL 16:8e0d178b1d1e 3009 0x2999de5,0x11013bd,0x02370c2,0x00e2234 },
wolfSSL 16:8e0d178b1d1e 3010 { 0x0f91081,0x200d591,0x1504762,0x1857c05,0x23d9fcf,0x0cb34db,
wolfSSL 16:8e0d178b1d1e 3011 0x27edc86,0x08cd860,0x2471810,0x029798b } },
wolfSSL 16:8e0d178b1d1e 3012 /* 54 */
wolfSSL 16:8e0d178b1d1e 3013 { { 0x3acd6c8,0x097b8cb,0x3c661a8,0x15152f2,0x1699c63,0x237e64c,
wolfSSL 16:8e0d178b1d1e 3014 0x23edf79,0x16b7033,0x0e6466a,0x00b11da },
wolfSSL 16:8e0d178b1d1e 3015 { 0x0a64bc9,0x1bfe324,0x1f5cb34,0x08391de,0x0630a60,0x3017a21,
wolfSSL 16:8e0d178b1d1e 3016 0x09d064b,0x14a8365,0x041f9e6,0x01ed799 } },
wolfSSL 16:8e0d178b1d1e 3017 /* 55 */
wolfSSL 16:8e0d178b1d1e 3018 { { 0x128444a,0x2508b07,0x2a39216,0x362f84d,0x2e996c5,0x2c31ff3,
wolfSSL 16:8e0d178b1d1e 3019 0x07afe5f,0x1d1288e,0x3cb0c8d,0x02e2bdc },
wolfSSL 16:8e0d178b1d1e 3020 { 0x38b86fd,0x3a0ea8c,0x1cff5fd,0x1629629,0x3fee3f1,0x02b250c,
wolfSSL 16:8e0d178b1d1e 3021 0x2e8f6f2,0x0225727,0x15f7f3f,0x0280d8e } },
wolfSSL 16:8e0d178b1d1e 3022 /* 56 */
wolfSSL 16:8e0d178b1d1e 3023 { { 0x10f7770,0x0f1aee8,0x0e248c7,0x20684a8,0x3a6f16d,0x06f0ae7,
wolfSSL 16:8e0d178b1d1e 3024 0x0df6825,0x2d4cc40,0x301875f,0x012f8da },
wolfSSL 16:8e0d178b1d1e 3025 { 0x3b56dbb,0x1821ba7,0x24f8922,0x22c1f9e,0x0306fef,0x1b54bc8,
wolfSSL 16:8e0d178b1d1e 3026 0x2ccc056,0x00303ba,0x2871bdc,0x0232f26 } },
wolfSSL 16:8e0d178b1d1e 3027 /* 57 */
wolfSSL 16:8e0d178b1d1e 3028 { { 0x0dac4ab,0x0625730,0x3112e13,0x101c4bf,0x3a874a4,0x2873b95,
wolfSSL 16:8e0d178b1d1e 3029 0x32ae7c6,0x0d7e18c,0x13e0c08,0x01139d5 },
wolfSSL 16:8e0d178b1d1e 3030 { 0x334002d,0x00fffdd,0x025c6d5,0x22c2cd1,0x19d35cb,0x3a1ce2d,
wolfSSL 16:8e0d178b1d1e 3031 0x3702760,0x3f06257,0x03a5eb8,0x011c29a } },
wolfSSL 16:8e0d178b1d1e 3032 /* 58 */
wolfSSL 16:8e0d178b1d1e 3033 { { 0x0513482,0x1d87724,0x276a81b,0x0a807a4,0x3028720,0x339cc20,
wolfSSL 16:8e0d178b1d1e 3034 0x2441ee0,0x31bbf36,0x290c63d,0x0059041 },
wolfSSL 16:8e0d178b1d1e 3035 { 0x106a2ed,0x0d2819b,0x100bf50,0x114626c,0x1dd4d77,0x2e08632,
wolfSSL 16:8e0d178b1d1e 3036 0x14ae72a,0x2ed3f64,0x1fd7abc,0x035cd1e } },
wolfSSL 16:8e0d178b1d1e 3037 /* 59 */
wolfSSL 16:8e0d178b1d1e 3038 { { 0x2d4c6e5,0x3bec596,0x104d7ed,0x23d6c1b,0x0262cf0,0x15d72c5,
wolfSSL 16:8e0d178b1d1e 3039 0x2d5bb18,0x199ac4b,0x1e30771,0x020591a },
wolfSSL 16:8e0d178b1d1e 3040 { 0x21e291e,0x2e75e55,0x1661d7a,0x08b0778,0x3eb9daf,0x0d78144,
wolfSSL 16:8e0d178b1d1e 3041 0x1827eb1,0x0fe73d2,0x123f0dd,0x0028db7 } },
wolfSSL 16:8e0d178b1d1e 3042 /* 60 */
wolfSSL 16:8e0d178b1d1e 3043 { { 0x1d5533c,0x34cb1d0,0x228f098,0x27a1a11,0x17c5f5a,0x0d26f44,
wolfSSL 16:8e0d178b1d1e 3044 0x2228ade,0x2c460e6,0x3d6fdba,0x038cc77 },
wolfSSL 16:8e0d178b1d1e 3045 { 0x3cc6ed8,0x02ada1a,0x260e510,0x2f7bde8,0x37160c3,0x33a1435,
wolfSSL 16:8e0d178b1d1e 3046 0x23d9a7b,0x0ce2641,0x02a492e,0x034ed1e } },
wolfSSL 16:8e0d178b1d1e 3047 /* 61 */
wolfSSL 16:8e0d178b1d1e 3048 { { 0x3821f90,0x26dba3c,0x3aada14,0x3b59bad,0x292edd9,0x2804c45,
wolfSSL 16:8e0d178b1d1e 3049 0x3669531,0x296f42e,0x35a4c86,0x01ca049 },
wolfSSL 16:8e0d178b1d1e 3050 { 0x3ff47e5,0x2163df4,0x2441503,0x2f18405,0x15e1616,0x37f66ec,
wolfSSL 16:8e0d178b1d1e 3051 0x30f11a7,0x141658a,0x27ece14,0x00b018b } },
wolfSSL 16:8e0d178b1d1e 3052 /* 62 */
wolfSSL 16:8e0d178b1d1e 3053 { { 0x159ac2e,0x3e65bc0,0x2713a76,0x0db2f6c,0x3281e77,0x2391811,
wolfSSL 16:8e0d178b1d1e 3054 0x16d2880,0x1fbc4ab,0x1f92c4e,0x00a0a8d },
wolfSSL 16:8e0d178b1d1e 3055 { 0x0ce5cd2,0x152c7b0,0x02299c3,0x3244de7,0x2cf99ef,0x3a0b047,
wolfSSL 16:8e0d178b1d1e 3056 0x2caf383,0x0aaf664,0x113554d,0x031c735 } },
wolfSSL 16:8e0d178b1d1e 3057 /* 63 */
wolfSSL 16:8e0d178b1d1e 3058 { { 0x1b578f4,0x177a702,0x3a7a488,0x1638ebf,0x31884e2,0x2460bc7,
wolfSSL 16:8e0d178b1d1e 3059 0x36b1b75,0x3ce8e3d,0x340cf47,0x03143d9 },
wolfSSL 16:8e0d178b1d1e 3060 { 0x34b68ea,0x12b7ccd,0x1fe2a9c,0x08da659,0x0a406f3,0x1694c14,
wolfSSL 16:8e0d178b1d1e 3061 0x06a2228,0x16370be,0x3a72129,0x02e7b2c } },
wolfSSL 16:8e0d178b1d1e 3062 /* 64 */
wolfSSL 16:8e0d178b1d1e 3063 { { 0x0f8b16a,0x21043bd,0x266a56f,0x3fb11ec,0x197241a,0x36721f0,
wolfSSL 16:8e0d178b1d1e 3064 0x006b8e6,0x2ac6c29,0x202cd42,0x0200fcf },
wolfSSL 16:8e0d178b1d1e 3065 { 0x0dbec69,0x0c26a01,0x105f7f0,0x3dceeeb,0x3a83b85,0x363865f,
wolfSSL 16:8e0d178b1d1e 3066 0x097273a,0x2b70718,0x00e5067,0x03025d1 } },
wolfSSL 16:8e0d178b1d1e 3067 /* 65 */
wolfSSL 16:8e0d178b1d1e 3068 { { 0x379ab34,0x295bcb0,0x38d1846,0x22e1077,0x3a8ee06,0x1db1a3b,
wolfSSL 16:8e0d178b1d1e 3069 0x3144591,0x07cc080,0x2d5915f,0x03c6bcc },
wolfSSL 16:8e0d178b1d1e 3070 { 0x175bd50,0x0dd4c57,0x27bc99c,0x2ebdcbd,0x3837cff,0x235dc8f,
wolfSSL 16:8e0d178b1d1e 3071 0x13a4184,0x0722c18,0x130e2d4,0x008f43c } },
wolfSSL 16:8e0d178b1d1e 3072 /* 66 */
wolfSSL 16:8e0d178b1d1e 3073 { { 0x01500d9,0x2adbb7d,0x2da8857,0x397f2fa,0x10d890a,0x25c9654,
wolfSSL 16:8e0d178b1d1e 3074 0x3e86488,0x3eb754b,0x1d6c0a3,0x02c0a23 },
wolfSSL 16:8e0d178b1d1e 3075 { 0x10bcb08,0x083cc19,0x2e16853,0x04da575,0x271af63,0x2626a9d,
wolfSSL 16:8e0d178b1d1e 3076 0x3520a7b,0x32348c7,0x24ff408,0x03ff4dc } },
wolfSSL 16:8e0d178b1d1e 3077 /* 67 */
wolfSSL 16:8e0d178b1d1e 3078 { { 0x058e6cb,0x1a3992d,0x1d28539,0x080c5e9,0x2992dad,0x2a9d7d5,
wolfSSL 16:8e0d178b1d1e 3079 0x14ae0b7,0x09b7ce0,0x34ad78c,0x03d5643 },
wolfSSL 16:8e0d178b1d1e 3080 { 0x30ba55a,0x092f4f3,0x0bae0fc,0x12831de,0x20fc472,0x20ed9d2,
wolfSSL 16:8e0d178b1d1e 3081 0x29864f6,0x1288073,0x254f6f7,0x00635b6 } },
wolfSSL 16:8e0d178b1d1e 3082 /* 68 */
wolfSSL 16:8e0d178b1d1e 3083 { { 0x1be5a2b,0x0f88975,0x33c6ed9,0x20d64d3,0x06fe799,0x0989bff,
wolfSSL 16:8e0d178b1d1e 3084 0x1409262,0x085a90c,0x0d97990,0x0142eed },
wolfSSL 16:8e0d178b1d1e 3085 { 0x17ec63e,0x06471b9,0x0db2378,0x1006077,0x265422c,0x08db83d,
wolfSSL 16:8e0d178b1d1e 3086 0x28099b0,0x1270d06,0x11801fe,0x00ac400 } },
wolfSSL 16:8e0d178b1d1e 3087 /* 69 */
wolfSSL 16:8e0d178b1d1e 3088 { { 0x3391593,0x22d7166,0x30fcfc6,0x2896609,0x3c385f5,0x066b72e,
wolfSSL 16:8e0d178b1d1e 3089 0x04f3aad,0x2b831c5,0x19983fb,0x0375562 },
wolfSSL 16:8e0d178b1d1e 3090 { 0x0b82ff4,0x222e39d,0x34c993b,0x101c79c,0x2d2e03c,0x0f00c8a,
wolfSSL 16:8e0d178b1d1e 3091 0x3a9eaf4,0x1810669,0x151149d,0x039b931 } },
wolfSSL 16:8e0d178b1d1e 3092 /* 70 */
wolfSSL 16:8e0d178b1d1e 3093 { { 0x29af288,0x1956ec7,0x293155f,0x193deb6,0x1647e1a,0x2ca0839,
wolfSSL 16:8e0d178b1d1e 3094 0x297e4bc,0x15bfd0d,0x1b107ed,0x0147803 },
wolfSSL 16:8e0d178b1d1e 3095 { 0x31c327e,0x05a6e1d,0x02ad43d,0x02d2a5b,0x129cdb2,0x37ad1de,
wolfSSL 16:8e0d178b1d1e 3096 0x3d51f53,0x245df01,0x2414982,0x0388bd0 } },
wolfSSL 16:8e0d178b1d1e 3097 /* 71 */
wolfSSL 16:8e0d178b1d1e 3098 { { 0x35f1abb,0x17a3d18,0x0874cd4,0x2d5a14e,0x17edc0c,0x16a00d3,
wolfSSL 16:8e0d178b1d1e 3099 0x072c1fb,0x1232725,0x33d52dc,0x03dc24d },
wolfSSL 16:8e0d178b1d1e 3100 { 0x0af30d6,0x259aeea,0x369c401,0x12bc4de,0x295bf5f,0x0d8711f,
wolfSSL 16:8e0d178b1d1e 3101 0x26162a9,0x16c44e5,0x288e727,0x02f54b4 } },
wolfSSL 16:8e0d178b1d1e 3102 /* 72 */
wolfSSL 16:8e0d178b1d1e 3103 { { 0x05fa877,0x1571ea7,0x3d48ab1,0x1c9f4e8,0x017dad6,0x0f46276,
wolfSSL 16:8e0d178b1d1e 3104 0x343f9e7,0x1de990f,0x0e4c8aa,0x028343e },
wolfSSL 16:8e0d178b1d1e 3105 { 0x094f92d,0x3abf633,0x1b3a0bb,0x2f83137,0x0d818c8,0x20bae85,
wolfSSL 16:8e0d178b1d1e 3106 0x0c65f8b,0x1a8008b,0x0c7946d,0x0295b1e } },
wolfSSL 16:8e0d178b1d1e 3107 /* 73 */
wolfSSL 16:8e0d178b1d1e 3108 { { 0x1d09529,0x08e46c3,0x1fcf296,0x298f6b7,0x1803e0e,0x2d6fd20,
wolfSSL 16:8e0d178b1d1e 3109 0x37351f5,0x0d9e8b1,0x1f8731a,0x0362fbf },
wolfSSL 16:8e0d178b1d1e 3110 { 0x00157f4,0x06750bf,0x2650ab9,0x35ffb23,0x2f51cae,0x0b522c2,
wolfSSL 16:8e0d178b1d1e 3111 0x39cb400,0x191e337,0x0a5ce9f,0x021529a } },
wolfSSL 16:8e0d178b1d1e 3112 /* 74 */
wolfSSL 16:8e0d178b1d1e 3113 { { 0x3506ea5,0x17d9ed8,0x0d66dc3,0x22693f8,0x19286c4,0x3a57353,
wolfSSL 16:8e0d178b1d1e 3114 0x101d3bf,0x1aa54fc,0x20b9884,0x0172b3a },
wolfSSL 16:8e0d178b1d1e 3115 { 0x0eac44d,0x37d8327,0x1c3aa90,0x3d0d534,0x23db29a,0x3576eaf,
wolfSSL 16:8e0d178b1d1e 3116 0x1d3de8a,0x3bea423,0x11235e4,0x039260b } },
wolfSSL 16:8e0d178b1d1e 3117 /* 75 */
wolfSSL 16:8e0d178b1d1e 3118 { { 0x34cd55e,0x01288b0,0x1132231,0x2cc9a03,0x358695b,0x3e87650,
wolfSSL 16:8e0d178b1d1e 3119 0x345afa1,0x01267ec,0x3f616b2,0x02011ad },
wolfSSL 16:8e0d178b1d1e 3120 { 0x0e7d098,0x0d6078e,0x0b70b53,0x237d1bc,0x0d7f61e,0x132de31,
wolfSSL 16:8e0d178b1d1e 3121 0x1ea9ea4,0x2bd54c3,0x27b9082,0x03ac5f2 } },
wolfSSL 16:8e0d178b1d1e 3122 /* 76 */
wolfSSL 16:8e0d178b1d1e 3123 { { 0x2a145b9,0x06d661d,0x31ec175,0x03f06f1,0x3a5cf6b,0x249c56e,
wolfSSL 16:8e0d178b1d1e 3124 0x2035653,0x384c74f,0x0bafab5,0x0025ec0 },
wolfSSL 16:8e0d178b1d1e 3125 { 0x25f69e1,0x1b23a55,0x1199aa6,0x16ad6f9,0x077e8f7,0x293f661,
wolfSSL 16:8e0d178b1d1e 3126 0x33ba11d,0x3327980,0x07bafdb,0x03e571d } },
wolfSSL 16:8e0d178b1d1e 3127 /* 77 */
wolfSSL 16:8e0d178b1d1e 3128 { { 0x2bae45e,0x3c074ef,0x2955558,0x3c312f1,0x2a8ebe9,0x2f193f1,
wolfSSL 16:8e0d178b1d1e 3129 0x3705b1d,0x360deba,0x01e566e,0x00d4498 },
wolfSSL 16:8e0d178b1d1e 3130 { 0x21161cd,0x1bc787e,0x2f87933,0x3553197,0x1328ab8,0x093c879,
wolfSSL 16:8e0d178b1d1e 3131 0x17eee27,0x2adad1d,0x1236068,0x003be5c } },
wolfSSL 16:8e0d178b1d1e 3132 /* 78 */
wolfSSL 16:8e0d178b1d1e 3133 { { 0x0ca4226,0x2633dd5,0x2c8e025,0x0e3e190,0x05eede1,0x1a385e4,
wolfSSL 16:8e0d178b1d1e 3134 0x163f744,0x2f25522,0x1333b4f,0x03f05b6 },
wolfSSL 16:8e0d178b1d1e 3135 { 0x3c800ca,0x1becc79,0x2daabe9,0x0c499e2,0x1138063,0x3fcfa2d,
wolfSSL 16:8e0d178b1d1e 3136 0x2244976,0x1e85cf5,0x2f1b95d,0x0053292 } },
wolfSSL 16:8e0d178b1d1e 3137 /* 79 */
wolfSSL 16:8e0d178b1d1e 3138 { { 0x12f81d5,0x1dc6eaf,0x11967a4,0x1a407df,0x31a5f9d,0x2b67241,
wolfSSL 16:8e0d178b1d1e 3139 0x18bef7c,0x08c7762,0x063f59c,0x01015ec },
wolfSSL 16:8e0d178b1d1e 3140 { 0x1c05c0a,0x360bfa2,0x1f85bff,0x1bc7703,0x3e4911c,0x0d685b6,
wolfSSL 16:8e0d178b1d1e 3141 0x2fccaea,0x02c4cef,0x164f133,0x0070ed7 } },
wolfSSL 16:8e0d178b1d1e 3142 /* 80 */
wolfSSL 16:8e0d178b1d1e 3143 { { 0x0ec21fe,0x052ffa0,0x3e825fe,0x1ab0956,0x3f6ce11,0x3d29759,
wolfSSL 16:8e0d178b1d1e 3144 0x3c5a072,0x18ebe62,0x148db7e,0x03eb49c },
wolfSSL 16:8e0d178b1d1e 3145 { 0x1ab05b3,0x02dab0a,0x1ae690c,0x0f13894,0x137a9a8,0x0aab79f,
wolfSSL 16:8e0d178b1d1e 3146 0x3dc875c,0x06a1029,0x1e39f0e,0x01dce1f } },
wolfSSL 16:8e0d178b1d1e 3147 /* 81 */
wolfSSL 16:8e0d178b1d1e 3148 { { 0x16c0dd7,0x3b31269,0x2c741e9,0x3611821,0x2a5cffc,0x1416bb3,
wolfSSL 16:8e0d178b1d1e 3149 0x3a1408f,0x311fa3d,0x1c0bef0,0x02cdee1 },
wolfSSL 16:8e0d178b1d1e 3150 { 0x00e6a8f,0x1adb933,0x0f23359,0x2fdace2,0x2fd6d4b,0x0e73bd3,
wolfSSL 16:8e0d178b1d1e 3151 0x2453fac,0x0a356ae,0x2c8f9f6,0x02704d6 } },
wolfSSL 16:8e0d178b1d1e 3152 /* 82 */
wolfSSL 16:8e0d178b1d1e 3153 { { 0x0e35743,0x28c80a1,0x0def32a,0x2c6168f,0x1320d6a,0x37c6606,
wolfSSL 16:8e0d178b1d1e 3154 0x21b1761,0x2147ee0,0x21fc433,0x015c84d },
wolfSSL 16:8e0d178b1d1e 3155 { 0x1fc9168,0x36cda9c,0x003c1f0,0x1cd7971,0x15f98ba,0x1ef363d,
wolfSSL 16:8e0d178b1d1e 3156 0x0ca87e3,0x046f7d9,0x3c9e6bb,0x0372eb0 } },
wolfSSL 16:8e0d178b1d1e 3157 /* 83 */
wolfSSL 16:8e0d178b1d1e 3158 { { 0x118cbe2,0x3665a11,0x304ef01,0x062727a,0x3d242fc,0x11ffbaf,
wolfSSL 16:8e0d178b1d1e 3159 0x3663c7e,0x1a189c9,0x09e2d62,0x02e3072 },
wolfSSL 16:8e0d178b1d1e 3160 { 0x0e1d569,0x162f772,0x0cd051a,0x322df62,0x3563809,0x047cc7a,
wolfSSL 16:8e0d178b1d1e 3161 0x027fd9f,0x08b509b,0x3da2f94,0x01748ee } },
wolfSSL 16:8e0d178b1d1e 3162 /* 84 */
wolfSSL 16:8e0d178b1d1e 3163 { { 0x1c8f8be,0x31ca525,0x22bf0a1,0x200efcd,0x02961c4,0x3d8f52b,
wolfSSL 16:8e0d178b1d1e 3164 0x018403d,0x3a40279,0x1cb91ec,0x030427e },
wolfSSL 16:8e0d178b1d1e 3165 { 0x0945705,0x0257416,0x05c0c2d,0x25b77ae,0x3b9083d,0x2901126,
wolfSSL 16:8e0d178b1d1e 3166 0x292b8d7,0x07b8611,0x04f2eee,0x026f0cd } },
wolfSSL 16:8e0d178b1d1e 3167 /* 85 */
wolfSSL 16:8e0d178b1d1e 3168 { { 0x2913074,0x2b8d590,0x02b10d5,0x09d2295,0x255491b,0x0c41cca,
wolfSSL 16:8e0d178b1d1e 3169 0x1ca665b,0x133051a,0x1525f1a,0x00a5647 },
wolfSSL 16:8e0d178b1d1e 3170 { 0x04f983f,0x3d6daee,0x04e1e76,0x1067d7e,0x1be7eef,0x02ea862,
wolfSSL 16:8e0d178b1d1e 3171 0x00d4968,0x0ccb048,0x11f18ef,0x018dd95 } },
wolfSSL 16:8e0d178b1d1e 3172 /* 86 */
wolfSSL 16:8e0d178b1d1e 3173 { { 0x22976cc,0x17c5395,0x2c38bda,0x3983bc4,0x222bca3,0x332a614,
wolfSSL 16:8e0d178b1d1e 3174 0x3a30646,0x261eaef,0x1c808e2,0x02f6de7 },
wolfSSL 16:8e0d178b1d1e 3175 { 0x306a772,0x32d7272,0x2dcefd2,0x2abf94d,0x038f475,0x30ad76e,
wolfSSL 16:8e0d178b1d1e 3176 0x23e0227,0x3052b0a,0x001add3,0x023ba18 } },
wolfSSL 16:8e0d178b1d1e 3177 /* 87 */
wolfSSL 16:8e0d178b1d1e 3178 { { 0x0ade873,0x25a6069,0x248ccbe,0x13713ee,0x17ee9aa,0x28152e9,
wolfSSL 16:8e0d178b1d1e 3179 0x2e28995,0x2a92cb3,0x17a6f77,0x024b947 },
wolfSSL 16:8e0d178b1d1e 3180 { 0x190a34d,0x2ebea1c,0x1ed1948,0x16fdaf4,0x0d698f7,0x32bc451,
wolfSSL 16:8e0d178b1d1e 3181 0x0ee6e30,0x2aaab40,0x06f0a56,0x01460be } },
wolfSSL 16:8e0d178b1d1e 3182 /* 88 */
wolfSSL 16:8e0d178b1d1e 3183 { { 0x24cc99c,0x1884b1e,0x1ca1fba,0x1a0f9b6,0x2ff609b,0x2b26316,
wolfSSL 16:8e0d178b1d1e 3184 0x3b27cb5,0x29bc976,0x35d4073,0x024772a },
wolfSSL 16:8e0d178b1d1e 3185 { 0x3575a70,0x1b30f57,0x07fa01b,0x0e5be36,0x20cb361,0x26605cd,
wolfSSL 16:8e0d178b1d1e 3186 0x1d4e8c8,0x13cac59,0x2db9797,0x005e833 } },
wolfSSL 16:8e0d178b1d1e 3187 /* 89 */
wolfSSL 16:8e0d178b1d1e 3188 { { 0x36c8d3a,0x1878a81,0x124b388,0x0e4843e,0x1701aad,0x0ea0d76,
wolfSSL 16:8e0d178b1d1e 3189 0x10eae41,0x37d0653,0x36c7f4c,0x00ba338 },
wolfSSL 16:8e0d178b1d1e 3190 { 0x37a862b,0x1cf6ac0,0x08fa912,0x2dd8393,0x101ba9b,0x0eebcb7,
wolfSSL 16:8e0d178b1d1e 3191 0x2453883,0x1a3cfe5,0x2cb34f6,0x03d3331 } },
wolfSSL 16:8e0d178b1d1e 3192 /* 90 */
wolfSSL 16:8e0d178b1d1e 3193 { { 0x1f79687,0x3d4973c,0x281544e,0x2564bbe,0x17c5954,0x171e34a,
wolfSSL 16:8e0d178b1d1e 3194 0x231741a,0x3cf2784,0x0889a0d,0x02b036d },
wolfSSL 16:8e0d178b1d1e 3195 { 0x301747f,0x3f1c477,0x1f1386b,0x163bc5f,0x1592b93,0x332daed,
wolfSSL 16:8e0d178b1d1e 3196 0x080e4f5,0x1d28b96,0x26194c9,0x0256992 } },
wolfSSL 16:8e0d178b1d1e 3197 /* 91 */
wolfSSL 16:8e0d178b1d1e 3198 { { 0x15a4c93,0x07bf6b0,0x114172c,0x1ce0961,0x140269b,0x1b2c2eb,
wolfSSL 16:8e0d178b1d1e 3199 0x0dfb1c1,0x019ddaa,0x0ba2921,0x008c795 },
wolfSSL 16:8e0d178b1d1e 3200 { 0x2e6d2dc,0x37e45e2,0x2918a70,0x0fce444,0x34d6aa6,0x396dc88,
wolfSSL 16:8e0d178b1d1e 3201 0x27726b5,0x0c787d8,0x032d8a7,0x02ac2f8 } },
wolfSSL 16:8e0d178b1d1e 3202 /* 92 */
wolfSSL 16:8e0d178b1d1e 3203 { { 0x1131f2d,0x2b43a63,0x3101097,0x38cec13,0x0637f09,0x17a69d2,
wolfSSL 16:8e0d178b1d1e 3204 0x086196d,0x299e46b,0x0802cf6,0x03c6f32 },
wolfSSL 16:8e0d178b1d1e 3205 { 0x0daacb4,0x1a4503a,0x100925c,0x15583d9,0x23c4e40,0x1de4de9,
wolfSSL 16:8e0d178b1d1e 3206 0x1cc8fc4,0x2c9c564,0x0695aeb,0x02145a5 } },
wolfSSL 16:8e0d178b1d1e 3207 /* 93 */
wolfSSL 16:8e0d178b1d1e 3208 { { 0x1dcf593,0x17050fc,0x3e3bde3,0x0a6c062,0x178202b,0x2f7674f,
wolfSSL 16:8e0d178b1d1e 3209 0x0dadc29,0x15763a7,0x1d2daad,0x023d9f6 },
wolfSSL 16:8e0d178b1d1e 3210 { 0x081ea5f,0x045959d,0x190c841,0x3a78d31,0x0e7d2dd,0x1414fea,
wolfSSL 16:8e0d178b1d1e 3211 0x1d43f40,0x22d77ff,0x2b9c072,0x03e115c } },
wolfSSL 16:8e0d178b1d1e 3212 /* 94 */
wolfSSL 16:8e0d178b1d1e 3213 { { 0x3af71c9,0x29e9c65,0x25655e1,0x111e9cd,0x3a14494,0x3875418,
wolfSSL 16:8e0d178b1d1e 3214 0x34ae070,0x0b06686,0x310616b,0x03b7b89 },
wolfSSL 16:8e0d178b1d1e 3215 { 0x1734121,0x00d3d44,0x29f0b2f,0x1552897,0x31cac6e,0x1030bb3,
wolfSSL 16:8e0d178b1d1e 3216 0x0148f3a,0x35fd237,0x29b44eb,0x027f49f } },
wolfSSL 16:8e0d178b1d1e 3217 /* 95 */
wolfSSL 16:8e0d178b1d1e 3218 { { 0x2e2cb16,0x1d962bd,0x19b63cc,0x0b3f964,0x3e3eb7d,0x1a35560,
wolfSSL 16:8e0d178b1d1e 3219 0x0c58161,0x3ce1d6a,0x3b6958f,0x029030b },
wolfSSL 16:8e0d178b1d1e 3220 { 0x2dcc158,0x3b1583f,0x30568c9,0x31957c8,0x27ad804,0x28c1f84,
wolfSSL 16:8e0d178b1d1e 3221 0x3967049,0x37b3f64,0x3b87dc6,0x0266f26 } },
wolfSSL 16:8e0d178b1d1e 3222 /* 96 */
wolfSSL 16:8e0d178b1d1e 3223 { { 0x27dafc6,0x2548764,0x0d1984a,0x1a57027,0x252c1fb,0x24d9b77,
wolfSSL 16:8e0d178b1d1e 3224 0x1581a0f,0x1f99276,0x10ba16d,0x026af88 },
wolfSSL 16:8e0d178b1d1e 3225 { 0x0915220,0x2be1292,0x16c6480,0x1a93760,0x2fa7317,0x1a07296,
wolfSSL 16:8e0d178b1d1e 3226 0x1539871,0x112c31f,0x25787f3,0x01e2070 } },
wolfSSL 16:8e0d178b1d1e 3227 /* 97 */
wolfSSL 16:8e0d178b1d1e 3228 { { 0x0bcf3ff,0x266d478,0x34f6933,0x31449fd,0x00d02cb,0x340765a,
wolfSSL 16:8e0d178b1d1e 3229 0x3465a2d,0x225023e,0x319a30e,0x00579b8 },
wolfSSL 16:8e0d178b1d1e 3230 { 0x20e05f4,0x35b834f,0x0404646,0x3710d62,0x3fad7bd,0x13e1434,
wolfSSL 16:8e0d178b1d1e 3231 0x21c7d1c,0x1cb3af9,0x2cf1911,0x003957e } },
wolfSSL 16:8e0d178b1d1e 3232 /* 98 */
wolfSSL 16:8e0d178b1d1e 3233 { { 0x0787564,0x36601be,0x1ce67e9,0x084c7a1,0x21a3317,0x2067a35,
wolfSSL 16:8e0d178b1d1e 3234 0x0158cab,0x195ddac,0x1766fe9,0x035cf42 },
wolfSSL 16:8e0d178b1d1e 3235 { 0x2b7206e,0x20d0947,0x3b42424,0x03f1862,0x0a51929,0x38c2948,
wolfSSL 16:8e0d178b1d1e 3236 0x0bb8595,0x2942d77,0x3748f15,0x0249428 } },
wolfSSL 16:8e0d178b1d1e 3237 /* 99 */
wolfSSL 16:8e0d178b1d1e 3238 { { 0x2577410,0x3c23e2f,0x28c6caf,0x00d41de,0x0fd408a,0x30298e9,
wolfSSL 16:8e0d178b1d1e 3239 0x363289e,0x2302fc7,0x082c1cc,0x01dd050 },
wolfSSL 16:8e0d178b1d1e 3240 { 0x30991cd,0x103e9ba,0x029605a,0x19927f7,0x0c1ca08,0x0c93f50,
wolfSSL 16:8e0d178b1d1e 3241 0x28a3c7b,0x082e4e9,0x34d12eb,0x0232c13 } },
wolfSSL 16:8e0d178b1d1e 3242 /* 100 */
wolfSSL 16:8e0d178b1d1e 3243 { { 0x106171c,0x0b4155a,0x0c3fb1c,0x336c090,0x19073e9,0x2241a10,
wolfSSL 16:8e0d178b1d1e 3244 0x0e6b4fd,0x0ed476e,0x1ef4712,0x039390a },
wolfSSL 16:8e0d178b1d1e 3245 { 0x0ec36f4,0x3754f0e,0x2a270b8,0x007fd2d,0x0f9d2dc,0x1e6a692,
wolfSSL 16:8e0d178b1d1e 3246 0x066e078,0x1954974,0x2ff3c6e,0x00def28 } },
wolfSSL 16:8e0d178b1d1e 3247 /* 101 */
wolfSSL 16:8e0d178b1d1e 3248 { { 0x3562470,0x0b8f1f7,0x0ac94cd,0x28b0259,0x244f272,0x031e4ef,
wolfSSL 16:8e0d178b1d1e 3249 0x2d5df98,0x2c8a9f1,0x2dc3002,0x016644f },
wolfSSL 16:8e0d178b1d1e 3250 { 0x350592a,0x0e6a0d5,0x1e027a1,0x2039e0f,0x399e01d,0x2817593,
wolfSSL 16:8e0d178b1d1e 3251 0x0c0375e,0x3889b3e,0x24ab013,0x010de1b } },
wolfSSL 16:8e0d178b1d1e 3252 /* 102 */
wolfSSL 16:8e0d178b1d1e 3253 { { 0x256b5a6,0x0ac3b67,0x28f9ff3,0x29b67f1,0x30750d9,0x25e11a9,
wolfSSL 16:8e0d178b1d1e 3254 0x15e8455,0x279ebb0,0x298b7e7,0x0218e32 },
wolfSSL 16:8e0d178b1d1e 3255 { 0x2fc24b2,0x2b82582,0x28f22f5,0x2bd36b3,0x305398e,0x3b2e9e3,
wolfSSL 16:8e0d178b1d1e 3256 0x365dd0a,0x29bc0ed,0x36a7b3a,0x007b374 } },
wolfSSL 16:8e0d178b1d1e 3257 /* 103 */
wolfSSL 16:8e0d178b1d1e 3258 { { 0x05ff2f3,0x2b3589b,0x29785d3,0x300a1ce,0x0a2d516,0x0844355,
wolfSSL 16:8e0d178b1d1e 3259 0x14c9fad,0x3ccb6b6,0x385d459,0x0361743 },
wolfSSL 16:8e0d178b1d1e 3260 { 0x0b11da3,0x002e344,0x18c49f7,0x0c29e0c,0x1d2c22c,0x08237b3,
wolfSSL 16:8e0d178b1d1e 3261 0x2988f49,0x0f18955,0x1c3b4ed,0x02813c6 } },
wolfSSL 16:8e0d178b1d1e 3262 /* 104 */
wolfSSL 16:8e0d178b1d1e 3263 { { 0x17f93bd,0x249323b,0x11f6087,0x174e4bd,0x3cb64ac,0x086dc6b,
wolfSSL 16:8e0d178b1d1e 3264 0x2e330a8,0x142c1f2,0x2ea5c09,0x024acbb },
wolfSSL 16:8e0d178b1d1e 3265 { 0x1b6e235,0x3132521,0x00f085a,0x2a4a4db,0x1ab2ca4,0x0142224,
wolfSSL 16:8e0d178b1d1e 3266 0x3aa6b3e,0x09db203,0x2215834,0x007b9e0 } },
wolfSSL 16:8e0d178b1d1e 3267 /* 105 */
wolfSSL 16:8e0d178b1d1e 3268 { { 0x23e79f7,0x28b8039,0x1906a60,0x2cbce67,0x1f590e7,0x181f027,
wolfSSL 16:8e0d178b1d1e 3269 0x21054a6,0x3854240,0x2d857a6,0x03cfcb3 },
wolfSSL 16:8e0d178b1d1e 3270 { 0x10d9b55,0x1443cfc,0x2648200,0x2b36190,0x09d2fcf,0x22f439f,
wolfSSL 16:8e0d178b1d1e 3271 0x231aa7e,0x3884395,0x0543da3,0x003d5a9 } },
wolfSSL 16:8e0d178b1d1e 3272 /* 106 */
wolfSSL 16:8e0d178b1d1e 3273 { { 0x043e0df,0x06ffe84,0x3e6d5b2,0x3327001,0x26c74b6,0x12a145e,
wolfSSL 16:8e0d178b1d1e 3274 0x256ec0d,0x3898c69,0x3411969,0x02f63c5 },
wolfSSL 16:8e0d178b1d1e 3275 { 0x2b7494a,0x2eee1af,0x38388a9,0x1bd17ce,0x21567d4,0x13969e6,
wolfSSL 16:8e0d178b1d1e 3276 0x3a12a7a,0x3e8277d,0x03530cc,0x00b4687 } },
wolfSSL 16:8e0d178b1d1e 3277 /* 107 */
wolfSSL 16:8e0d178b1d1e 3278 { { 0x06508da,0x38e04d4,0x15a7192,0x312875e,0x3336180,0x2a6512c,
wolfSSL 16:8e0d178b1d1e 3279 0x1b59497,0x2e91b37,0x25eb91f,0x02841e9 },
wolfSSL 16:8e0d178b1d1e 3280 { 0x394d639,0x0747143,0x37d7e6d,0x1d62962,0x08b4af3,0x34df287,
wolfSSL 16:8e0d178b1d1e 3281 0x3c5584b,0x26bc869,0x20af87a,0x0060f5d } },
wolfSSL 16:8e0d178b1d1e 3282 /* 108 */
wolfSSL 16:8e0d178b1d1e 3283 { { 0x1de59a4,0x1a5c443,0x2f8729d,0x01c3a2f,0x0f1ad8d,0x3cbaf9e,
wolfSSL 16:8e0d178b1d1e 3284 0x1b49634,0x35d508a,0x39dc269,0x0075105 },
wolfSSL 16:8e0d178b1d1e 3285 { 0x390d30e,0x37033e0,0x110cb32,0x14c37a0,0x20a3b27,0x2f00ce6,
wolfSSL 16:8e0d178b1d1e 3286 0x2f1dc52,0x34988c6,0x0c29606,0x01dc7e7 } },
wolfSSL 16:8e0d178b1d1e 3287 /* 109 */
wolfSSL 16:8e0d178b1d1e 3288 { { 0x1040739,0x24f9de1,0x2939999,0x2e6009a,0x244539d,0x17e3f09,
wolfSSL 16:8e0d178b1d1e 3289 0x00f6f2f,0x1c63b3d,0x2310362,0x019109e },
wolfSSL 16:8e0d178b1d1e 3290 { 0x1428aa8,0x3cb61e1,0x09a84f4,0x0ffafed,0x07b7adc,0x08f406b,
wolfSSL 16:8e0d178b1d1e 3291 0x1b2c6df,0x035b480,0x3496ae9,0x012766d } },
wolfSSL 16:8e0d178b1d1e 3292 /* 110 */
wolfSSL 16:8e0d178b1d1e 3293 { { 0x35d1099,0x2362f10,0x1a08cc7,0x13a3a34,0x12adbcd,0x32da290,
wolfSSL 16:8e0d178b1d1e 3294 0x02e2a02,0x151140b,0x01b3f60,0x0240df6 },
wolfSSL 16:8e0d178b1d1e 3295 { 0x34c7b61,0x2eb09c1,0x172e7cd,0x2ad5eff,0x2fe2031,0x25b54d4,
wolfSSL 16:8e0d178b1d1e 3296 0x0cec965,0x18e7187,0x26a7cc0,0x00230f7 } },
wolfSSL 16:8e0d178b1d1e 3297 /* 111 */
wolfSSL 16:8e0d178b1d1e 3298 { { 0x2d552ab,0x374083d,0x01f120f,0x2601736,0x156baff,0x04d44a4,
wolfSSL 16:8e0d178b1d1e 3299 0x3b7c3e9,0x1acbc1b,0x0424579,0x031a425 },
wolfSSL 16:8e0d178b1d1e 3300 { 0x1231bd1,0x0eba710,0x020517b,0x21d7316,0x21eac6e,0x275a848,
wolfSSL 16:8e0d178b1d1e 3301 0x0837abf,0x0eb0082,0x302cafe,0x00fe8f6 } },
wolfSSL 16:8e0d178b1d1e 3302 /* 112 */
wolfSSL 16:8e0d178b1d1e 3303 { { 0x1058880,0x28f9941,0x03f2d75,0x3bd90e5,0x17da365,0x2ac9249,
wolfSSL 16:8e0d178b1d1e 3304 0x07861cf,0x023fd05,0x1b0fdb8,0x031712f },
wolfSSL 16:8e0d178b1d1e 3305 { 0x272b56b,0x04f8d2c,0x043a735,0x25446e4,0x1c8327e,0x221125a,
wolfSSL 16:8e0d178b1d1e 3306 0x0ce37df,0x2dad7f6,0x39446c2,0x00b55b6 } },
wolfSSL 16:8e0d178b1d1e 3307 /* 113 */
wolfSSL 16:8e0d178b1d1e 3308 { { 0x346ac6b,0x05e0bff,0x2425246,0x0981e8b,0x1d19f79,0x2692378,
wolfSSL 16:8e0d178b1d1e 3309 0x3ea3c40,0x2e90beb,0x19de503,0x003d5af },
wolfSSL 16:8e0d178b1d1e 3310 { 0x05cda49,0x353b44d,0x299d137,0x3f205bc,0x2821158,0x3ad0d00,
wolfSSL 16:8e0d178b1d1e 3311 0x06a54aa,0x2d7c79f,0x39d1173,0x01000ee } },
wolfSSL 16:8e0d178b1d1e 3312 /* 114 */
wolfSSL 16:8e0d178b1d1e 3313 { { 0x0803387,0x3a06268,0x14043b8,0x3d4e72f,0x1ece115,0x0a1dfc8,
wolfSSL 16:8e0d178b1d1e 3314 0x17208dd,0x0be790a,0x122a07f,0x014dd95 },
wolfSSL 16:8e0d178b1d1e 3315 { 0x0a4182d,0x202886a,0x1f79a49,0x1e8c867,0x0a2bbd0,0x28668b5,
wolfSSL 16:8e0d178b1d1e 3316 0x0d0a2e1,0x115259d,0x3586c5d,0x01e815b } },
wolfSSL 16:8e0d178b1d1e 3317 /* 115 */
wolfSSL 16:8e0d178b1d1e 3318 { { 0x18a2a47,0x2c95627,0x2773646,0x1230f7c,0x15b5829,0x2fc354e,
wolfSSL 16:8e0d178b1d1e 3319 0x2c000ea,0x099d547,0x2f17a1a,0x01df520 },
wolfSSL 16:8e0d178b1d1e 3320 { 0x3853948,0x06f6561,0x3feeb8a,0x2f5b3ef,0x3a6f817,0x01a0791,
wolfSSL 16:8e0d178b1d1e 3321 0x2ec0578,0x2c392ad,0x12b2b38,0x0104540 } },
wolfSSL 16:8e0d178b1d1e 3322 /* 116 */
wolfSSL 16:8e0d178b1d1e 3323 { { 0x1e28ced,0x0fc3d1b,0x2c473c7,0x1826c4f,0x21d5da7,0x39718e4,
wolfSSL 16:8e0d178b1d1e 3324 0x38ce9e6,0x0251986,0x172fbea,0x0337c11 },
wolfSSL 16:8e0d178b1d1e 3325 { 0x053c3b0,0x0f162db,0x043c1cb,0x04111ee,0x297fe3c,0x32e5e03,
wolfSSL 16:8e0d178b1d1e 3326 0x2b8ae12,0x0c427ec,0x1da9738,0x03b9c0f } },
wolfSSL 16:8e0d178b1d1e 3327 /* 117 */
wolfSSL 16:8e0d178b1d1e 3328 { { 0x357e43a,0x054503f,0x11b8345,0x34ec6e0,0x2d44660,0x3d0ae61,
wolfSSL 16:8e0d178b1d1e 3329 0x3b5dff8,0x33884ac,0x09da162,0x00a82b6 },
wolfSSL 16:8e0d178b1d1e 3330 { 0x3c277ba,0x129a51a,0x027664e,0x1530507,0x0c788c9,0x2afd89d,
wolfSSL 16:8e0d178b1d1e 3331 0x1aa64cc,0x1196450,0x367ac2b,0x0358b42 } },
wolfSSL 16:8e0d178b1d1e 3332 /* 118 */
wolfSSL 16:8e0d178b1d1e 3333 { { 0x0054ac4,0x1761ecb,0x378839c,0x167c9f7,0x2570058,0x0604a35,
wolfSSL 16:8e0d178b1d1e 3334 0x37cbf3b,0x0909bb7,0x3f2991c,0x02ce688 },
wolfSSL 16:8e0d178b1d1e 3335 { 0x0b16ae5,0x212857c,0x351b952,0x2c684db,0x30c6a05,0x09c01e0,
wolfSSL 16:8e0d178b1d1e 3336 0x23c137f,0x1331475,0x092c067,0x0013b40 } },
wolfSSL 16:8e0d178b1d1e 3337 /* 119 */
wolfSSL 16:8e0d178b1d1e 3338 { { 0x2e90393,0x0617466,0x24e61f4,0x0a528f5,0x03047b4,0x2153f05,
wolfSSL 16:8e0d178b1d1e 3339 0x0001a69,0x30e1eb8,0x3c10177,0x0282a47 },
wolfSSL 16:8e0d178b1d1e 3340 { 0x22c831e,0x28fc06b,0x3e16ff0,0x208adc9,0x0bb76ae,0x28c1d6d,
wolfSSL 16:8e0d178b1d1e 3341 0x12c8a15,0x031063c,0x1889ed2,0x002133e } },
wolfSSL 16:8e0d178b1d1e 3342 /* 120 */
wolfSSL 16:8e0d178b1d1e 3343 { { 0x0a6becf,0x14277bf,0x3328d98,0x201f7fe,0x12fceae,0x1de3a2e,
wolfSSL 16:8e0d178b1d1e 3344 0x0a15c44,0x3ddf976,0x1b273ab,0x0355e55 },
wolfSSL 16:8e0d178b1d1e 3345 { 0x1b5d4f1,0x369e78c,0x3a1c210,0x12cf3e9,0x3aa52f0,0x309f082,
wolfSSL 16:8e0d178b1d1e 3346 0x112089d,0x107c753,0x24202d1,0x023853a } },
wolfSSL 16:8e0d178b1d1e 3347 /* 121 */
wolfSSL 16:8e0d178b1d1e 3348 { { 0x2897042,0x140d17c,0x2c4aeed,0x07d0d00,0x18d0533,0x22f7ec8,
wolfSSL 16:8e0d178b1d1e 3349 0x19c194c,0x3456323,0x2372aa4,0x0165f86 },
wolfSSL 16:8e0d178b1d1e 3350 { 0x30bd68c,0x1fb06b3,0x0945032,0x372ac09,0x06d4be0,0x27f8fa1,
wolfSSL 16:8e0d178b1d1e 3351 0x1c8d7ac,0x137a96e,0x236199b,0x0328fc0 } },
wolfSSL 16:8e0d178b1d1e 3352 /* 122 */
wolfSSL 16:8e0d178b1d1e 3353 { { 0x170bd20,0x2842d58,0x1de7592,0x3c5b4fd,0x20ea897,0x12cab78,
wolfSSL 16:8e0d178b1d1e 3354 0x363ff14,0x01f928c,0x17e309c,0x02f79ff },
wolfSSL 16:8e0d178b1d1e 3355 { 0x0f5432c,0x2edb4ae,0x044b516,0x32f810d,0x2210dc1,0x23e56d6,
wolfSSL 16:8e0d178b1d1e 3356 0x301e6ff,0x34660f6,0x10e0a7d,0x02d88eb } },
wolfSSL 16:8e0d178b1d1e 3357 /* 123 */
wolfSSL 16:8e0d178b1d1e 3358 { { 0x0c7b65b,0x2f59d58,0x2289a75,0x2408e92,0x1ab8c55,0x1ec99e5,
wolfSSL 16:8e0d178b1d1e 3359 0x220fd0d,0x04defe0,0x24658ec,0x035aa8b },
wolfSSL 16:8e0d178b1d1e 3360 { 0x138bb85,0x2f002d4,0x295c10a,0x08760ce,0x28c31d1,0x1c0a8cb,
wolfSSL 16:8e0d178b1d1e 3361 0x0ff00b1,0x144eac9,0x2e02dcc,0x0044598 } },
wolfSSL 16:8e0d178b1d1e 3362 /* 124 */
wolfSSL 16:8e0d178b1d1e 3363 { { 0x3b42b87,0x050057b,0x0dff781,0x1c06db1,0x1bd9f5d,0x1f5f04a,
wolfSSL 16:8e0d178b1d1e 3364 0x2cccd7a,0x143e19b,0x1cb94b7,0x036cfb8 },
wolfSSL 16:8e0d178b1d1e 3365 { 0x34837cf,0x3cf6c3c,0x0d4fb26,0x22ee55e,0x1e7eed1,0x315995f,
wolfSSL 16:8e0d178b1d1e 3366 0x2cdf937,0x1a96574,0x0425220,0x0221a99 } },
wolfSSL 16:8e0d178b1d1e 3367 /* 125 */
wolfSSL 16:8e0d178b1d1e 3368 { { 0x1b569ea,0x0d33ed9,0x19c13c2,0x107dc84,0x2200111,0x0569867,
wolfSSL 16:8e0d178b1d1e 3369 0x2dc85da,0x05ef22e,0x0eb018a,0x029c33d },
wolfSSL 16:8e0d178b1d1e 3370 { 0x04a6a65,0x3e5eba3,0x378f224,0x09c04d0,0x036e5cf,0x3df8258,
wolfSSL 16:8e0d178b1d1e 3371 0x3a609e4,0x1eddef8,0x2abd174,0x02a91dc } },
wolfSSL 16:8e0d178b1d1e 3372 /* 126 */
wolfSSL 16:8e0d178b1d1e 3373 { { 0x2a60cc0,0x1d84c5e,0x115f676,0x1840da0,0x2c79163,0x2f06ed6,
wolfSSL 16:8e0d178b1d1e 3374 0x198bb4b,0x3e5d37b,0x1dc30fa,0x018469b },
wolfSSL 16:8e0d178b1d1e 3375 { 0x15ee47a,0x1e32f30,0x16a530e,0x2093836,0x02e8962,0x3767b62,
wolfSSL 16:8e0d178b1d1e 3376 0x335adf3,0x27220db,0x2f81642,0x0173ffe } },
wolfSSL 16:8e0d178b1d1e 3377 /* 127 */
wolfSSL 16:8e0d178b1d1e 3378 { { 0x37a99cd,0x1533fe6,0x05a1c0d,0x27610f1,0x17bf3b9,0x0b1ce78,
wolfSSL 16:8e0d178b1d1e 3379 0x0a908f6,0x265300e,0x3237dc1,0x01b969a },
wolfSSL 16:8e0d178b1d1e 3380 { 0x3a5db77,0x2d15382,0x0d63ef8,0x1feb3d8,0x0b7b880,0x19820de,
wolfSSL 16:8e0d178b1d1e 3381 0x11c0c67,0x2af3396,0x38d242d,0x0120688 } },
wolfSSL 16:8e0d178b1d1e 3382 /* 128 */
wolfSSL 16:8e0d178b1d1e 3383 { { 0x1d0b34a,0x05ef00d,0x00a7e34,0x1ae0c9f,0x1440b38,0x300d8b4,
wolfSSL 16:8e0d178b1d1e 3384 0x37262da,0x3e50e3e,0x14ce0cd,0x00b1044 },
wolfSSL 16:8e0d178b1d1e 3385 { 0x195a0b1,0x173bc6b,0x03622ba,0x2a19f55,0x1c09b37,0x07921b2,
wolfSSL 16:8e0d178b1d1e 3386 0x16cdd20,0x24a5c9b,0x2bf42ff,0x00811de } },
wolfSSL 16:8e0d178b1d1e 3387 /* 129 */
wolfSSL 16:8e0d178b1d1e 3388 { { 0x0d65dbf,0x145cf06,0x1ad82f7,0x038ce7b,0x077bf94,0x33c4007,
wolfSSL 16:8e0d178b1d1e 3389 0x22d26bd,0x25ad9c0,0x09ac773,0x02b1990 },
wolfSSL 16:8e0d178b1d1e 3390 { 0x2261cc3,0x2ecdbf1,0x3e908b0,0x3246439,0x0213f7b,0x1179b04,
wolfSSL 16:8e0d178b1d1e 3391 0x01cebaa,0x0be1595,0x175cc12,0x033a39a } },
wolfSSL 16:8e0d178b1d1e 3392 /* 130 */
wolfSSL 16:8e0d178b1d1e 3393 { { 0x00a67d2,0x086d06f,0x248a0f1,0x0291134,0x362d476,0x166d1cd,
wolfSSL 16:8e0d178b1d1e 3394 0x044f1d6,0x2d2a038,0x365250b,0x0023f78 },
wolfSSL 16:8e0d178b1d1e 3395 { 0x08bf287,0x3b0f6a1,0x1d6eace,0x20b4cda,0x2c2a621,0x0912520,
wolfSSL 16:8e0d178b1d1e 3396 0x02dfdc9,0x1b35cd6,0x3d2565d,0x00bdf8b } },
wolfSSL 16:8e0d178b1d1e 3397 /* 131 */
wolfSSL 16:8e0d178b1d1e 3398 { { 0x3770fa7,0x2e4b6f0,0x03f9ae4,0x170de41,0x1095e8d,0x1dd845c,
wolfSSL 16:8e0d178b1d1e 3399 0x334e9d1,0x00ab953,0x12e9077,0x03196fa },
wolfSSL 16:8e0d178b1d1e 3400 { 0x2fd0a40,0x228c0fd,0x384b275,0x38ef339,0x3e7d822,0x3e5d9ef,
wolfSSL 16:8e0d178b1d1e 3401 0x24f5854,0x0ece9eb,0x247d119,0x012ffe3 } },
wolfSSL 16:8e0d178b1d1e 3402 /* 132 */
wolfSSL 16:8e0d178b1d1e 3403 { { 0x0ff1480,0x07487c0,0x1b16cd4,0x1f41d53,0x22ab8fb,0x2f83cfa,
wolfSSL 16:8e0d178b1d1e 3404 0x01d2efb,0x259f6b2,0x2e65772,0x00f9392 },
wolfSSL 16:8e0d178b1d1e 3405 { 0x05303e6,0x23cdb4f,0x23977e1,0x12e4898,0x03bd999,0x0c930f0,
wolfSSL 16:8e0d178b1d1e 3406 0x170e261,0x180a27b,0x2fd58ec,0x014e22b } },
wolfSSL 16:8e0d178b1d1e 3407 /* 133 */
wolfSSL 16:8e0d178b1d1e 3408 { { 0x25d7713,0x0c5fad7,0x09daad1,0x3b9d779,0x109b985,0x1d3ec98,
wolfSSL 16:8e0d178b1d1e 3409 0x35bc4fc,0x2f838cb,0x0d14f75,0x0173e42 },
wolfSSL 16:8e0d178b1d1e 3410 { 0x2657b12,0x10d4423,0x19e6760,0x296e5bb,0x2bfd421,0x25c3330,
wolfSSL 16:8e0d178b1d1e 3411 0x29f51f8,0x0338838,0x24060f0,0x029a62e } },
wolfSSL 16:8e0d178b1d1e 3412 /* 134 */
wolfSSL 16:8e0d178b1d1e 3413 { { 0x3748fec,0x2c5a1bb,0x2cf973d,0x289fa74,0x3e6e755,0x38997bf,
wolfSSL 16:8e0d178b1d1e 3414 0x0b6544c,0x2b6358c,0x38a7aeb,0x02c50bb },
wolfSSL 16:8e0d178b1d1e 3415 { 0x3d5770a,0x06be7c5,0x012fad3,0x19cb2cd,0x266af3b,0x3ccd677,
wolfSSL 16:8e0d178b1d1e 3416 0x160d1bd,0x141d5af,0x2965851,0x034625a } },
wolfSSL 16:8e0d178b1d1e 3417 /* 135 */
wolfSSL 16:8e0d178b1d1e 3418 { { 0x3c41c08,0x255eacc,0x22e1ec5,0x2b151a3,0x087de94,0x311cbdb,
wolfSSL 16:8e0d178b1d1e 3419 0x016b73a,0x368e462,0x20b7981,0x0099ec3 },
wolfSSL 16:8e0d178b1d1e 3420 { 0x262b988,0x1539763,0x21e76e5,0x15445b4,0x1d8ddc7,0x34a9be6,
wolfSSL 16:8e0d178b1d1e 3421 0x10faf03,0x24e4d18,0x07aa111,0x02d538a } },
wolfSSL 16:8e0d178b1d1e 3422 /* 136 */
wolfSSL 16:8e0d178b1d1e 3423 { { 0x38a876b,0x048ad45,0x04b40a0,0x3fc2144,0x251ff96,0x13ca7dd,
wolfSSL 16:8e0d178b1d1e 3424 0x0b31ab1,0x3539814,0x28b5f87,0x0212aec },
wolfSSL 16:8e0d178b1d1e 3425 { 0x270790a,0x350e7e0,0x346bd5e,0x276178f,0x22d6cb5,0x3078884,
wolfSSL 16:8e0d178b1d1e 3426 0x355c1b6,0x15901d7,0x3671765,0x03950db } },
wolfSSL 16:8e0d178b1d1e 3427 /* 137 */
wolfSSL 16:8e0d178b1d1e 3428 { { 0x286e8d5,0x2409788,0x13be53f,0x2d21911,0x0353c95,0x10238e8,
wolfSSL 16:8e0d178b1d1e 3429 0x32f5bde,0x3a67b60,0x28b5b9c,0x001013d },
wolfSSL 16:8e0d178b1d1e 3430 { 0x381e8e5,0x0cef7a9,0x2f5bcad,0x06058f0,0x33cdf50,0x04672a8,
wolfSSL 16:8e0d178b1d1e 3431 0x1769600,0x31c055d,0x3df0ac1,0x00e9098 } },
wolfSSL 16:8e0d178b1d1e 3432 /* 138 */
wolfSSL 16:8e0d178b1d1e 3433 { { 0x2eb596d,0x197b326,0x12b4c29,0x39c08f2,0x101ea03,0x3804e58,
wolfSSL 16:8e0d178b1d1e 3434 0x04b4b62,0x28d9d1c,0x13f905e,0x0032a3f },
wolfSSL 16:8e0d178b1d1e 3435 { 0x11b2b61,0x08e9095,0x0d06925,0x270e43f,0x21eb7a8,0x0e4a98f,
wolfSSL 16:8e0d178b1d1e 3436 0x31d2be0,0x030cf9f,0x2644ddb,0x025b728 } },
wolfSSL 16:8e0d178b1d1e 3437 /* 139 */
wolfSSL 16:8e0d178b1d1e 3438 { { 0x07510af,0x2ed0e8e,0x2a01203,0x2a2a68d,0x0846fea,0x3e540de,
wolfSSL 16:8e0d178b1d1e 3439 0x3a57702,0x1677348,0x2123aad,0x010d8f8 },
wolfSSL 16:8e0d178b1d1e 3440 { 0x0246a47,0x0e871d0,0x124dca4,0x34b9577,0x2b362b8,0x363ebe5,
wolfSSL 16:8e0d178b1d1e 3441 0x3086045,0x26313e6,0x15cd8bb,0x0210384 } },
wolfSSL 16:8e0d178b1d1e 3442 /* 140 */
wolfSSL 16:8e0d178b1d1e 3443 { { 0x023e8a7,0x0817884,0x3a0bf12,0x3376371,0x3c808a8,0x18e9777,
wolfSSL 16:8e0d178b1d1e 3444 0x12a2721,0x35b538a,0x2bd30de,0x017835a },
wolfSSL 16:8e0d178b1d1e 3445 { 0x0fc0f64,0x1c8709f,0x2d8807a,0x0743957,0x242eec0,0x347e76c,
wolfSSL 16:8e0d178b1d1e 3446 0x27bef91,0x289689a,0x0f42945,0x01f7a92 } },
wolfSSL 16:8e0d178b1d1e 3447 /* 141 */
wolfSSL 16:8e0d178b1d1e 3448 { { 0x1060a81,0x3dbc739,0x1615abd,0x1cbe3e5,0x3e79f9c,0x1ab09a2,
wolfSSL 16:8e0d178b1d1e 3449 0x136c540,0x05b473f,0x2beebfd,0x02af0a8 },
wolfSSL 16:8e0d178b1d1e 3450 { 0x3e2eac7,0x19be474,0x04668ac,0x18f4b74,0x36f10ba,0x0a0b4c6,
wolfSSL 16:8e0d178b1d1e 3451 0x10e3770,0x3bf059e,0x3946c7e,0x013a8d4 } },
wolfSSL 16:8e0d178b1d1e 3452 /* 142 */
wolfSSL 16:8e0d178b1d1e 3453 { { 0x266309d,0x28be354,0x1a3eed8,0x3020651,0x10a51c6,0x1e31770,
wolfSSL 16:8e0d178b1d1e 3454 0x0af45a5,0x3ff0f3b,0x2891c94,0x00e9db9 },
wolfSSL 16:8e0d178b1d1e 3455 { 0x17b0d0f,0x33a291f,0x0a5f9aa,0x25a3d61,0x2963ace,0x39a5fef,
wolfSSL 16:8e0d178b1d1e 3456 0x230c724,0x1919146,0x10a465e,0x02084a8 } },
wolfSSL 16:8e0d178b1d1e 3457 /* 143 */
wolfSSL 16:8e0d178b1d1e 3458 { { 0x3ab8caa,0x31870f3,0x2390ef7,0x2103850,0x218eb8e,0x3a5ccf2,
wolfSSL 16:8e0d178b1d1e 3459 0x1dff677,0x2c59334,0x371599c,0x02a9f2a },
wolfSSL 16:8e0d178b1d1e 3460 { 0x0837bd1,0x3249cef,0x35d702f,0x3430dab,0x1c06407,0x108f692,
wolfSSL 16:8e0d178b1d1e 3461 0x221292f,0x05f0c5d,0x073fe06,0x01038e0 } },
wolfSSL 16:8e0d178b1d1e 3462 /* 144 */
wolfSSL 16:8e0d178b1d1e 3463 { { 0x3bf9b7c,0x2020929,0x30d0f4f,0x080fef8,0x3365d23,0x1f3e738,
wolfSSL 16:8e0d178b1d1e 3464 0x3e53209,0x1549afe,0x300b305,0x038d811 },
wolfSSL 16:8e0d178b1d1e 3465 { 0x0c6c2c7,0x2e6445b,0x3ee64dc,0x022e932,0x0726837,0x0deb67b,
wolfSSL 16:8e0d178b1d1e 3466 0x1ed4346,0x3857f73,0x277a3de,0x01950b5 } },
wolfSSL 16:8e0d178b1d1e 3467 /* 145 */
wolfSSL 16:8e0d178b1d1e 3468 { { 0x36c377a,0x0adb41e,0x08be3f3,0x11e40d1,0x36cb038,0x036a2bd,
wolfSSL 16:8e0d178b1d1e 3469 0x3dd3a82,0x1bc875b,0x2ee09bb,0x02994d2 },
wolfSSL 16:8e0d178b1d1e 3470 { 0x035facf,0x05e0344,0x07e630a,0x0ce772d,0x335e55a,0x111fce4,
wolfSSL 16:8e0d178b1d1e 3471 0x250fe1c,0x3bc89ba,0x32fdc9a,0x03cf2d9 } },
wolfSSL 16:8e0d178b1d1e 3472 /* 146 */
wolfSSL 16:8e0d178b1d1e 3473 { { 0x355fd83,0x1c67f8e,0x1d10eb3,0x1b21d77,0x0e0d7a4,0x173a9e1,
wolfSSL 16:8e0d178b1d1e 3474 0x2c9fa90,0x1c39cce,0x22eaae8,0x01f2bea },
wolfSSL 16:8e0d178b1d1e 3475 { 0x153b338,0x0534107,0x26c69b8,0x283be1f,0x3e0acc0,0x059cac3,
wolfSSL 16:8e0d178b1d1e 3476 0x13d1081,0x148bbee,0x3c1b9bd,0x002aac4 } },
wolfSSL 16:8e0d178b1d1e 3477 /* 147 */
wolfSSL 16:8e0d178b1d1e 3478 { { 0x2681297,0x3389e34,0x146addc,0x2c6d425,0x2cb350e,0x1986abc,
wolfSSL 16:8e0d178b1d1e 3479 0x0431737,0x04ba4b7,0x2028470,0x012e469 },
wolfSSL 16:8e0d178b1d1e 3480 { 0x2f8ddcf,0x3c4255c,0x1af4dcf,0x07a6a44,0x208ebf6,0x0dc90c3,
wolfSSL 16:8e0d178b1d1e 3481 0x34360ac,0x072ad23,0x0537232,0x01254d3 } },
wolfSSL 16:8e0d178b1d1e 3482 /* 148 */
wolfSSL 16:8e0d178b1d1e 3483 { { 0x07b7e9d,0x3df5c7c,0x116f83d,0x28c4f35,0x3a478ef,0x3011fb8,
wolfSSL 16:8e0d178b1d1e 3484 0x2f264b6,0x317b9e3,0x04fd65a,0x032bd1b },
wolfSSL 16:8e0d178b1d1e 3485 { 0x2aa8266,0x3431de4,0x04bba04,0x19a44da,0x0edf454,0x392c5ac,
wolfSSL 16:8e0d178b1d1e 3486 0x265168a,0x1dc3d5b,0x25704c6,0x00533a7 } },
wolfSSL 16:8e0d178b1d1e 3487 /* 149 */
wolfSSL 16:8e0d178b1d1e 3488 { { 0x25e8f91,0x1178fa5,0x2492994,0x2eb2c3c,0x0d3aca1,0x0322828,
wolfSSL 16:8e0d178b1d1e 3489 0x1cc70f9,0x269c74c,0x0a53e4c,0x006edc2 },
wolfSSL 16:8e0d178b1d1e 3490 { 0x18bdd7a,0x2a79a55,0x26b1d5c,0x0200628,0x0734a05,0x3273c7b,
wolfSSL 16:8e0d178b1d1e 3491 0x13aa714,0x0040ac2,0x2f2da30,0x03e7449 } },
wolfSSL 16:8e0d178b1d1e 3492 /* 150 */
wolfSSL 16:8e0d178b1d1e 3493 { { 0x3f9563e,0x2f29eab,0x14a0749,0x3fad264,0x1dd077a,0x3d7c59c,
wolfSSL 16:8e0d178b1d1e 3494 0x3a0311b,0x331a789,0x0b9729e,0x0201ebf },
wolfSSL 16:8e0d178b1d1e 3495 { 0x1b08b77,0x2a4cdf2,0x3e387f8,0x21510f1,0x286c3a7,0x1dbf62e,
wolfSSL 16:8e0d178b1d1e 3496 0x3afa594,0x3363217,0x0d16568,0x01d46b7 } },
wolfSSL 16:8e0d178b1d1e 3497 /* 151 */
wolfSSL 16:8e0d178b1d1e 3498 { { 0x0715c0d,0x28e2d04,0x17f78ae,0x1c63dda,0x1d113ea,0x0fefc1b,
wolfSSL 16:8e0d178b1d1e 3499 0x1eab149,0x1d0fd99,0x0682537,0x00a7b11 },
wolfSSL 16:8e0d178b1d1e 3500 { 0x10bebbc,0x11c672d,0x14223d9,0x2ff9141,0x1399ee5,0x34b7b6c,
wolfSSL 16:8e0d178b1d1e 3501 0x0d5b3a8,0x01df643,0x0e392a4,0x03fe4dc } },
wolfSSL 16:8e0d178b1d1e 3502 /* 152 */
wolfSSL 16:8e0d178b1d1e 3503 { { 0x2b75b65,0x0b5a6f1,0x11c559a,0x3549999,0x24188f8,0x37a75f4,
wolfSSL 16:8e0d178b1d1e 3504 0x29f33e3,0x34068a2,0x38ba2a9,0x025dd91 },
wolfSSL 16:8e0d178b1d1e 3505 { 0x29af2c7,0x0988b64,0x0923885,0x1b539a4,0x1334f5d,0x226947a,
wolfSSL 16:8e0d178b1d1e 3506 0x2cc7e5a,0x20beb39,0x13fac2f,0x01d298c } },
wolfSSL 16:8e0d178b1d1e 3507 /* 153 */
wolfSSL 16:8e0d178b1d1e 3508 { { 0x35f079c,0x137f76d,0x2fbbb2f,0x254638d,0x185b07c,0x1f34db7,
wolfSSL 16:8e0d178b1d1e 3509 0x2cfcf0e,0x218f46d,0x2150ff4,0x02add6f },
wolfSSL 16:8e0d178b1d1e 3510 { 0x33fc9b7,0x0d9f005,0x0fd081b,0x0834965,0x2b90a74,0x102448d,
wolfSSL 16:8e0d178b1d1e 3511 0x3dbf03c,0x167d857,0x02e0b44,0x013afab } },
wolfSSL 16:8e0d178b1d1e 3512 /* 154 */
wolfSSL 16:8e0d178b1d1e 3513 { { 0x09f2c53,0x317f9d7,0x1411eb6,0x0463aba,0x0d25220,0x256b176,
wolfSSL 16:8e0d178b1d1e 3514 0x087633f,0x2bff322,0x07b2c1b,0x037e662 },
wolfSSL 16:8e0d178b1d1e 3515 { 0x10aaecb,0x23bb4a1,0x2272bb7,0x06c075a,0x09d4918,0x0736f2b,
wolfSSL 16:8e0d178b1d1e 3516 0x0dd511b,0x101625e,0x0a7779f,0x009ec10 } },
wolfSSL 16:8e0d178b1d1e 3517 /* 155 */
wolfSSL 16:8e0d178b1d1e 3518 { { 0x33b2eb2,0x0176dfd,0x2118904,0x022386c,0x2e0df85,0x2588c9f,
wolfSSL 16:8e0d178b1d1e 3519 0x1b71525,0x28fd540,0x137e4cf,0x02ce4f7 },
wolfSSL 16:8e0d178b1d1e 3520 { 0x3d75165,0x0c39ecf,0x3554a12,0x30af34c,0x2d66344,0x3ded408,
wolfSSL 16:8e0d178b1d1e 3521 0x36f1be0,0x0d065b0,0x012d046,0x0025623 } },
wolfSSL 16:8e0d178b1d1e 3522 /* 156 */
wolfSSL 16:8e0d178b1d1e 3523 { { 0x2601c3b,0x1824fc0,0x335fe08,0x3e33d70,0x0fb0252,0x252bfca,
wolfSSL 16:8e0d178b1d1e 3524 0x1cf2808,0x1922e55,0x1a9db9f,0x020721e },
wolfSSL 16:8e0d178b1d1e 3525 { 0x2f56c51,0x39a1f31,0x218c040,0x1a4fc5d,0x3fed471,0x0164d4e,
wolfSSL 16:8e0d178b1d1e 3526 0x388a419,0x06f1113,0x0f55fc1,0x03e8352 } },
wolfSSL 16:8e0d178b1d1e 3527 /* 157 */
wolfSSL 16:8e0d178b1d1e 3528 { { 0x1608e4d,0x3872778,0x022cbc6,0x044d60a,0x3010dda,0x15fb0b5,
wolfSSL 16:8e0d178b1d1e 3529 0x37ddc11,0x19f5bda,0x156b6a3,0x023a838 },
wolfSSL 16:8e0d178b1d1e 3530 { 0x383b3b4,0x1380bc8,0x353ca35,0x250fc07,0x169966b,0x3780f29,
wolfSSL 16:8e0d178b1d1e 3531 0x36632b2,0x2d6b13f,0x124fa00,0x00fd6ae } },
wolfSSL 16:8e0d178b1d1e 3532 /* 158 */
wolfSSL 16:8e0d178b1d1e 3533 { { 0x1739efb,0x2ec3656,0x2c0d337,0x3d39faf,0x1c751b0,0x04699f4,
wolfSSL 16:8e0d178b1d1e 3534 0x252dd64,0x095b8b6,0x0872b74,0x022f1da },
wolfSSL 16:8e0d178b1d1e 3535 { 0x2d3d253,0x38edca0,0x379fa5b,0x287d635,0x3a9f679,0x059d9ee,
wolfSSL 16:8e0d178b1d1e 3536 0x0ac168e,0x3cd3e87,0x19060fc,0x02ce1bc } },
wolfSSL 16:8e0d178b1d1e 3537 /* 159 */
wolfSSL 16:8e0d178b1d1e 3538 { { 0x3edcfc2,0x0f04d4b,0x2f0d31f,0x1898be2,0x25396bf,0x15ca230,
wolfSSL 16:8e0d178b1d1e 3539 0x02b4eae,0x2713668,0x0f71b06,0x0132d18 },
wolfSSL 16:8e0d178b1d1e 3540 { 0x38095ea,0x1ed34d6,0x3603ae6,0x165bf01,0x192bbf8,0x1852859,
wolfSSL 16:8e0d178b1d1e 3541 0x075f66b,0x1488f85,0x10895ef,0x014b035 } },
wolfSSL 16:8e0d178b1d1e 3542 /* 160 */
wolfSSL 16:8e0d178b1d1e 3543 { { 0x1339848,0x3084385,0x0c8d231,0x3a1c1de,0x0e87a28,0x255b85c,
wolfSSL 16:8e0d178b1d1e 3544 0x1de6616,0x2702e74,0x1382bb0,0x012b0f2 },
wolfSSL 16:8e0d178b1d1e 3545 { 0x198987d,0x381545a,0x34d619b,0x312b827,0x18b2376,0x28fe4cf,
wolfSSL 16:8e0d178b1d1e 3546 0x20b7651,0x017d077,0x0c7e397,0x00e0365 } },
wolfSSL 16:8e0d178b1d1e 3547 /* 161 */
wolfSSL 16:8e0d178b1d1e 3548 { { 0x1542e75,0x0d56aa0,0x39b701a,0x287b806,0x396c724,0x0935c21,
wolfSSL 16:8e0d178b1d1e 3549 0x3a29776,0x0debdac,0x171de26,0x00b38f8 },
wolfSSL 16:8e0d178b1d1e 3550 { 0x1d5bc1a,0x3fad27d,0x22b5cfe,0x1f89ddf,0x0a65560,0x144dd5b,
wolfSSL 16:8e0d178b1d1e 3551 0x2aac2f9,0x139353f,0x0520b62,0x00b9b36 } },
wolfSSL 16:8e0d178b1d1e 3552 /* 162 */
wolfSSL 16:8e0d178b1d1e 3553 { { 0x031c31d,0x16552e3,0x1a0c368,0x0016fc8,0x168533d,0x171e7b2,
wolfSSL 16:8e0d178b1d1e 3554 0x17626e7,0x275502f,0x14742c6,0x03285dd },
wolfSSL 16:8e0d178b1d1e 3555 { 0x2d2dbb2,0x3b6bffd,0x1d18cc6,0x2f45d2a,0x0fd0d8c,0x2915e3a,
wolfSSL 16:8e0d178b1d1e 3556 0x1e8793a,0x0b39a1d,0x3139cab,0x02a5da9 } },
wolfSSL 16:8e0d178b1d1e 3557 /* 163 */
wolfSSL 16:8e0d178b1d1e 3558 { { 0x3fb353d,0x147c6e4,0x3a720a6,0x22d5ff3,0x1d75cab,0x06c54a0,
wolfSSL 16:8e0d178b1d1e 3559 0x08cfa73,0x12666aa,0x3170a1f,0x021c829 },
wolfSSL 16:8e0d178b1d1e 3560 { 0x13e1b90,0x3a34dda,0x1fc38c3,0x02c5bdb,0x2d345dc,0x14aa1d0,
wolfSSL 16:8e0d178b1d1e 3561 0x28d00ab,0x224f23a,0x329c769,0x025c67b } },
wolfSSL 16:8e0d178b1d1e 3562 /* 164 */
wolfSSL 16:8e0d178b1d1e 3563 { { 0x0e35909,0x3bb6356,0x0116820,0x370cf77,0x29366d8,0x3881409,
wolfSSL 16:8e0d178b1d1e 3564 0x3999d06,0x013075f,0x176e157,0x02941ca },
wolfSSL 16:8e0d178b1d1e 3565 { 0x0e70b2e,0x28dfab1,0x2a8a002,0x15da242,0x084dcf6,0x116ca97,
wolfSSL 16:8e0d178b1d1e 3566 0x31bf186,0x1dc9735,0x09df7b7,0x0264e27 } },
wolfSSL 16:8e0d178b1d1e 3567 /* 165 */
wolfSSL 16:8e0d178b1d1e 3568 { { 0x2da7a4b,0x3023c9e,0x1366238,0x00ff4e2,0x03abe9d,0x19bd44b,
wolfSSL 16:8e0d178b1d1e 3569 0x272e897,0x20b91ad,0x2aa202c,0x02a2201 },
wolfSSL 16:8e0d178b1d1e 3570 { 0x380184e,0x08112b4,0x0b85660,0x31049aa,0x3a8cb78,0x36113c5,
wolfSSL 16:8e0d178b1d1e 3571 0x1670c0a,0x373f9e7,0x3fb4738,0x00010ef } },
wolfSSL 16:8e0d178b1d1e 3572 /* 166 */
wolfSSL 16:8e0d178b1d1e 3573 { { 0x2d5192e,0x26d770d,0x32af8d5,0x34d1642,0x1acf885,0x05805e0,
wolfSSL 16:8e0d178b1d1e 3574 0x166d0a1,0x1219a0d,0x301ba6c,0x014bcfb },
wolfSSL 16:8e0d178b1d1e 3575 { 0x2dcb64d,0x19cca83,0x379f398,0x08e01a0,0x10a482c,0x0103cc2,
wolfSSL 16:8e0d178b1d1e 3576 0x0be5fa7,0x1f9d45b,0x1899ef2,0x00ca5af } },
wolfSSL 16:8e0d178b1d1e 3577 /* 167 */
wolfSSL 16:8e0d178b1d1e 3578 { { 0x14d81d7,0x2aea251,0x1b3c476,0x3bd47ae,0x29eade7,0x0715e61,
wolfSSL 16:8e0d178b1d1e 3579 0x1a21cd8,0x1c7a586,0x2bfaee5,0x00ee43f },
wolfSSL 16:8e0d178b1d1e 3580 { 0x096f7cb,0x0c08f95,0x1bc4939,0x361fed4,0x255be41,0x26fad73,
wolfSSL 16:8e0d178b1d1e 3581 0x31dd489,0x02c600f,0x29d9f81,0x01ba201 } },
wolfSSL 16:8e0d178b1d1e 3582 /* 168 */
wolfSSL 16:8e0d178b1d1e 3583 { { 0x03ea1db,0x1eac46d,0x1292ce3,0x2a54967,0x20a7ff1,0x3e13c61,
wolfSSL 16:8e0d178b1d1e 3584 0x1b02218,0x2b44e14,0x3eadefa,0x029c88a },
wolfSSL 16:8e0d178b1d1e 3585 { 0x30a9144,0x31e3b0a,0x19c5a2a,0x147cbe9,0x05a0240,0x051f38e,
wolfSSL 16:8e0d178b1d1e 3586 0x11eca56,0x31a4247,0x123bc2a,0x02fa535 } },
wolfSSL 16:8e0d178b1d1e 3587 /* 169 */
wolfSSL 16:8e0d178b1d1e 3588 { { 0x3226ce7,0x1251782,0x0b7072f,0x11e59fa,0x2b8afd7,0x169b18f,
wolfSSL 16:8e0d178b1d1e 3589 0x2a46f18,0x31d9bb7,0x2fe9be8,0x01de0b7 },
wolfSSL 16:8e0d178b1d1e 3590 { 0x1b38626,0x34aa90f,0x3ad1760,0x21ddbd9,0x3460ae7,0x1126736,
wolfSSL 16:8e0d178b1d1e 3591 0x1b86fc5,0x0b92cd0,0x167a289,0x000e0e1 } },
wolfSSL 16:8e0d178b1d1e 3592 /* 170 */
wolfSSL 16:8e0d178b1d1e 3593 { { 0x1ec1a0f,0x36bbf5e,0x1c972d8,0x3f73ace,0x13bbcd6,0x23d86a5,
wolfSSL 16:8e0d178b1d1e 3594 0x175ffc5,0x2d083d5,0x2c4adf7,0x036f661 },
wolfSSL 16:8e0d178b1d1e 3595 { 0x1f39eb7,0x2a20505,0x176c81a,0x3d6e636,0x16ee2fc,0x3cbdc5f,
wolfSSL 16:8e0d178b1d1e 3596 0x25475dc,0x2ef4151,0x3c46860,0x0238934 } },
wolfSSL 16:8e0d178b1d1e 3597 /* 171 */
wolfSSL 16:8e0d178b1d1e 3598 { { 0x2587390,0x3639526,0x0588749,0x13c32fb,0x212bb19,0x09660f1,
wolfSSL 16:8e0d178b1d1e 3599 0x207da4b,0x2bf211b,0x1c4407b,0x01506a6 },
wolfSSL 16:8e0d178b1d1e 3600 { 0x24c8842,0x105a498,0x05ffdb2,0x0ab61b0,0x26044c1,0x3dff3d8,
wolfSSL 16:8e0d178b1d1e 3601 0x1d14b44,0x0d74716,0x049f57d,0x030024b } },
wolfSSL 16:8e0d178b1d1e 3602 /* 172 */
wolfSSL 16:8e0d178b1d1e 3603 { { 0x32e61ef,0x31d70f7,0x35cad3c,0x320b86c,0x07e8841,0x027ca7d,
wolfSSL 16:8e0d178b1d1e 3604 0x2d30d19,0x2513718,0x2347286,0x01d7901 },
wolfSSL 16:8e0d178b1d1e 3605 { 0x3c237d0,0x107f16e,0x01c9e7d,0x3c3b13c,0x0c9537b,0x20af54d,
wolfSSL 16:8e0d178b1d1e 3606 0x051a162,0x2161a47,0x258c784,0x016df2d } },
wolfSSL 16:8e0d178b1d1e 3607 /* 173 */
wolfSSL 16:8e0d178b1d1e 3608 { { 0x228ead1,0x29c2122,0x07f6964,0x023f4ed,0x1802dc5,0x19f96ce,
wolfSSL 16:8e0d178b1d1e 3609 0x24bfd17,0x25e866b,0x2ba8df0,0x01eb84f },
wolfSSL 16:8e0d178b1d1e 3610 { 0x2dd384e,0x05bbe3a,0x3f06fd2,0x366dacb,0x30361a2,0x2f36d7c,
wolfSSL 16:8e0d178b1d1e 3611 0x0b98784,0x38ff481,0x074e2a8,0x01e1f60 } },
wolfSSL 16:8e0d178b1d1e 3612 /* 174 */
wolfSSL 16:8e0d178b1d1e 3613 { { 0x17fbb1c,0x0975add,0x1debc5e,0x2cb2880,0x3e47bdd,0x3488cff,
wolfSSL 16:8e0d178b1d1e 3614 0x15e9a36,0x2121129,0x0199ef2,0x017088a },
wolfSSL 16:8e0d178b1d1e 3615 { 0x0315250,0x352a162,0x17c1773,0x0ae09c2,0x321b21a,0x3bd74cf,
wolfSSL 16:8e0d178b1d1e 3616 0x3c4ea1d,0x3cac2ad,0x3abbaf0,0x039174d } },
wolfSSL 16:8e0d178b1d1e 3617 /* 175 */
wolfSSL 16:8e0d178b1d1e 3618 { { 0x0511c8a,0x3c78d0a,0x2cd3d2d,0x322f729,0x3ebb229,0x09f0e69,
wolfSSL 16:8e0d178b1d1e 3619 0x0a71a76,0x2e74d5e,0x12284df,0x03b5ef0 },
wolfSSL 16:8e0d178b1d1e 3620 { 0x3dea561,0x0a9b7e4,0x0ed1cf2,0x237523c,0x05443f1,0x2eb48fa,
wolfSSL 16:8e0d178b1d1e 3621 0x3861405,0x1b49f62,0x0c945ca,0x02ab25f } },
wolfSSL 16:8e0d178b1d1e 3622 /* 176 */
wolfSSL 16:8e0d178b1d1e 3623 { { 0x16bd00a,0x13a9d28,0x3cc1eb5,0x2b7d702,0x2d839e9,0x3e6ff01,
wolfSSL 16:8e0d178b1d1e 3624 0x2bb7f11,0x3713824,0x3b31163,0x00c63e5 },
wolfSSL 16:8e0d178b1d1e 3625 { 0x30d7138,0x0316fb0,0x0220ecc,0x08eaf0c,0x244e8df,0x0088d81,
wolfSSL 16:8e0d178b1d1e 3626 0x37972fb,0x3fd34ae,0x2a19a84,0x03e907e } },
wolfSSL 16:8e0d178b1d1e 3627 /* 177 */
wolfSSL 16:8e0d178b1d1e 3628 { { 0x2642269,0x0b65d29,0x03bd440,0x33a6ede,0x3c81814,0x2507982,
wolfSSL 16:8e0d178b1d1e 3629 0x0d38e47,0x3a788e6,0x32c1d26,0x00e2eda },
wolfSSL 16:8e0d178b1d1e 3630 { 0x2577f87,0x392895a,0x3e1cc64,0x14f7047,0x08b52d2,0x08a01ca,
wolfSSL 16:8e0d178b1d1e 3631 0x336abf6,0x00697fc,0x105ce76,0x0253742 } },
wolfSSL 16:8e0d178b1d1e 3632 /* 178 */
wolfSSL 16:8e0d178b1d1e 3633 { { 0x293f92a,0x33df737,0x3315156,0x32e26d7,0x0a01333,0x26579d4,
wolfSSL 16:8e0d178b1d1e 3634 0x004df9c,0x0aba409,0x067d25c,0x02481de },
wolfSSL 16:8e0d178b1d1e 3635 { 0x3f39d44,0x1c78042,0x13d7e24,0x0825aed,0x35f2c90,0x3270f63,
wolfSSL 16:8e0d178b1d1e 3636 0x04b7b35,0x3ad4531,0x28bd29b,0x0207a10 } },
wolfSSL 16:8e0d178b1d1e 3637 /* 179 */
wolfSSL 16:8e0d178b1d1e 3638 { { 0x077199f,0x270aeb1,0x0dd96dd,0x3b9ad7b,0x28cb8ee,0x3903f43,
wolfSSL 16:8e0d178b1d1e 3639 0x37db3fe,0x292c62b,0x362dbbf,0x006e52a },
wolfSSL 16:8e0d178b1d1e 3640 { 0x247f143,0x0362cf3,0x216344f,0x3f18fd1,0x351e623,0x31664e0,
wolfSSL 16:8e0d178b1d1e 3641 0x0f270fc,0x243bbc6,0x2280555,0x001a8e3 } },
wolfSSL 16:8e0d178b1d1e 3642 /* 180 */
wolfSSL 16:8e0d178b1d1e 3643 { { 0x3355b49,0x2c04e6c,0x399b2e5,0x182d3af,0x020e265,0x09a7cf7,
wolfSSL 16:8e0d178b1d1e 3644 0x0ffa6bd,0x353e302,0x02083d9,0x029ecdb },
wolfSSL 16:8e0d178b1d1e 3645 { 0x33e8830,0x0570e86,0x1c0b64d,0x386a27e,0x0d5fcea,0x0b45a4c,
wolfSSL 16:8e0d178b1d1e 3646 0x2ee4a2e,0x0a8833f,0x2b4a282,0x02f9531 } },
wolfSSL 16:8e0d178b1d1e 3647 /* 181 */
wolfSSL 16:8e0d178b1d1e 3648 { { 0x191167c,0x36cf7e3,0x225ed6c,0x1e79e99,0x0517c3f,0x11ab1fd,
wolfSSL 16:8e0d178b1d1e 3649 0x05648f3,0x08aedc4,0x1abeae0,0x02fcc29 },
wolfSSL 16:8e0d178b1d1e 3650 { 0x3828a68,0x1e16fa4,0x30368e7,0x0c9fcfb,0x25161c3,0x24851ac,
wolfSSL 16:8e0d178b1d1e 3651 0x1b5feb5,0x344eb84,0x0de2732,0x0347208 } },
wolfSSL 16:8e0d178b1d1e 3652 /* 182 */
wolfSSL 16:8e0d178b1d1e 3653 { { 0x038b363,0x384d1e4,0x2519043,0x151ac17,0x158c11f,0x009b2b4,
wolfSSL 16:8e0d178b1d1e 3654 0x257abe6,0x2368d3f,0x3ed68a1,0x02df45e },
wolfSSL 16:8e0d178b1d1e 3655 { 0x29c2559,0x2962478,0x3d8444c,0x1d96fff,0x04f7a03,0x1391a52,
wolfSSL 16:8e0d178b1d1e 3656 0x0de4af7,0x3319126,0x15e6412,0x00e65ff } },
wolfSSL 16:8e0d178b1d1e 3657 /* 183 */
wolfSSL 16:8e0d178b1d1e 3658 { { 0x3d61507,0x1d1a0a2,0x0d2af20,0x354d299,0x329e132,0x2a28578,
wolfSSL 16:8e0d178b1d1e 3659 0x2ddfb08,0x04fa3ff,0x1293c6c,0x003bae2 },
wolfSSL 16:8e0d178b1d1e 3660 { 0x3e259f8,0x1a68fa9,0x3e67e9b,0x39b44f9,0x1ce1db7,0x347e9a1,
wolfSSL 16:8e0d178b1d1e 3661 0x3318f6a,0x2dbbc9d,0x2f8c922,0x008a245 } },
wolfSSL 16:8e0d178b1d1e 3662 /* 184 */
wolfSSL 16:8e0d178b1d1e 3663 { { 0x212ab5b,0x2b896c2,0x0136959,0x07e55ef,0x0cc1117,0x05b8ac3,
wolfSSL 16:8e0d178b1d1e 3664 0x18429ed,0x025fa01,0x11d6e93,0x03b016b },
wolfSSL 16:8e0d178b1d1e 3665 { 0x03f3708,0x2e96fab,0x1d77157,0x0d4c2d6,0x131baf9,0x0608d39,
wolfSSL 16:8e0d178b1d1e 3666 0x3552371,0x06cdd1e,0x1567ff1,0x01f4c50 } },
wolfSSL 16:8e0d178b1d1e 3667 /* 185 */
wolfSSL 16:8e0d178b1d1e 3668 { { 0x2dfefab,0x270173d,0x37077bd,0x1a372cd,0x1be2f22,0x28e2ee5,
wolfSSL 16:8e0d178b1d1e 3669 0x3ead973,0x35e8f94,0x2fc9bc1,0x03a7399 },
wolfSSL 16:8e0d178b1d1e 3670 { 0x36a02a1,0x2855d9b,0x00ed75a,0x37d8398,0x138c087,0x233706e,
wolfSSL 16:8e0d178b1d1e 3671 0x147f346,0x01947e2,0x3017228,0x0365942 } },
wolfSSL 16:8e0d178b1d1e 3672 /* 186 */
wolfSSL 16:8e0d178b1d1e 3673 { { 0x2057e60,0x2d31296,0x25e4504,0x2fa37bc,0x1cbccc3,0x1f0732f,
wolfSSL 16:8e0d178b1d1e 3674 0x3532081,0x2de8a98,0x19a804e,0x005359a },
wolfSSL 16:8e0d178b1d1e 3675 { 0x31f411a,0x2a10576,0x369c2c8,0x02fe035,0x109fbaf,0x30bddeb,
wolfSSL 16:8e0d178b1d1e 3676 0x1eef901,0x1662ad3,0x0410d43,0x01bd31a } },
wolfSSL 16:8e0d178b1d1e 3677 /* 187 */
wolfSSL 16:8e0d178b1d1e 3678 { { 0x2c24a96,0x1b7d3a5,0x19a3872,0x217f2f6,0x2534dbc,0x2cab8c2,
wolfSSL 16:8e0d178b1d1e 3679 0x066ef28,0x26aecf1,0x0fd6118,0x01310d4 },
wolfSSL 16:8e0d178b1d1e 3680 { 0x055b8da,0x1fdc5be,0x38a1296,0x25118f0,0x341a423,0x2ba4cd0,
wolfSSL 16:8e0d178b1d1e 3681 0x3e1413e,0x062d70d,0x2425a31,0x029c9b4 } },
wolfSSL 16:8e0d178b1d1e 3682 /* 188 */
wolfSSL 16:8e0d178b1d1e 3683 { { 0x08c1086,0x1acfba5,0x22e1dae,0x0f72f4e,0x3f1de50,0x0f408bc,
wolfSSL 16:8e0d178b1d1e 3684 0x35ed3f0,0x3ce48fc,0x282cc6c,0x004d8e7 },
wolfSSL 16:8e0d178b1d1e 3685 { 0x1afaa86,0x24e3ef3,0x22589ac,0x3ec9952,0x1f45bc5,0x14144ca,
wolfSSL 16:8e0d178b1d1e 3686 0x23b26e4,0x0d68c65,0x1e1c1a3,0x032a4d9 } },
wolfSSL 16:8e0d178b1d1e 3687 /* 189 */
wolfSSL 16:8e0d178b1d1e 3688 { { 0x03b2d20,0x16b1d53,0x241b361,0x05e4138,0x1742a54,0x32741c7,
wolfSSL 16:8e0d178b1d1e 3689 0x0521c4c,0x1ca96c2,0x034970b,0x02738a7 },
wolfSSL 16:8e0d178b1d1e 3690 { 0x13e0ad6,0x207dcdb,0x034c8cc,0x27bcbe1,0x18060da,0x33a18b6,
wolfSSL 16:8e0d178b1d1e 3691 0x2d1d1a6,0x2be60d7,0x3d7ab42,0x012312a } },
wolfSSL 16:8e0d178b1d1e 3692 /* 190 */
wolfSSL 16:8e0d178b1d1e 3693 { { 0x0c7485a,0x06c3310,0x0dbfd22,0x2ef949d,0x0ead455,0x098f4ba,
wolfSSL 16:8e0d178b1d1e 3694 0x3c76989,0x0cf2d24,0x032f67b,0x01e005f },
wolfSSL 16:8e0d178b1d1e 3695 { 0x30cb5ee,0x0d5da64,0x0ed2b9d,0x2503102,0x1c0d14e,0x1cbc693,
wolfSSL 16:8e0d178b1d1e 3696 0x37bf552,0x07013e2,0x054de5c,0x014f341 } },
wolfSSL 16:8e0d178b1d1e 3697 /* 191 */
wolfSSL 16:8e0d178b1d1e 3698 { { 0x128ccac,0x1617e97,0x346ebcd,0x158016d,0x25f823e,0x34048ea,
wolfSSL 16:8e0d178b1d1e 3699 0x39f0a1c,0x3ea3df1,0x1c1d3d7,0x03ba919 },
wolfSSL 16:8e0d178b1d1e 3700 { 0x151803b,0x01967c1,0x2f70781,0x27df39a,0x06c0b59,0x24a239c,
wolfSSL 16:8e0d178b1d1e 3701 0x15a7702,0x2464d06,0x2a47ae6,0x006db90 } },
wolfSSL 16:8e0d178b1d1e 3702 /* 192 */
wolfSSL 16:8e0d178b1d1e 3703 { { 0x27d04c3,0x024df3d,0x38112e8,0x38a27ba,0x01e312b,0x0965358,
wolfSSL 16:8e0d178b1d1e 3704 0x35d8879,0x2f4f55a,0x214187f,0x0008936 },
wolfSSL 16:8e0d178b1d1e 3705 { 0x05fe36f,0x2ee18c3,0x1f5f87a,0x1813bd4,0x0580f3c,0x0ed0a7b,
wolfSSL 16:8e0d178b1d1e 3706 0x0fb1bfb,0x3fcce59,0x2f042bf,0x01820e3 } },
wolfSSL 16:8e0d178b1d1e 3707 /* 193 */
wolfSSL 16:8e0d178b1d1e 3708 { { 0x20bbe99,0x32cbc9f,0x39ee432,0x3cc12a8,0x37bda44,0x3ea4e40,
wolfSSL 16:8e0d178b1d1e 3709 0x097c7a9,0x0590d7d,0x2022d33,0x018dbac },
wolfSSL 16:8e0d178b1d1e 3710 { 0x3ae00aa,0x3439864,0x2d2ffcf,0x3f8c6b9,0x0875a00,0x3e4e407,
wolfSSL 16:8e0d178b1d1e 3711 0x3658a29,0x22eb3d0,0x2b63921,0x022113b } },
wolfSSL 16:8e0d178b1d1e 3712 /* 194 */
wolfSSL 16:8e0d178b1d1e 3713 { { 0x33bae58,0x05c749a,0x1f3e114,0x1c45f8e,0x27db3df,0x06a3ab6,
wolfSSL 16:8e0d178b1d1e 3714 0x37bc7f8,0x1e27b34,0x3dc51fb,0x009eea0 },
wolfSSL 16:8e0d178b1d1e 3715 { 0x3f54de5,0x3d0e7fe,0x1a71a7d,0x02ed7f8,0x0727703,0x2ca5e92,
wolfSSL 16:8e0d178b1d1e 3716 0x2e8e35d,0x292ad0b,0x13487f3,0x02b6d8b } },
wolfSSL 16:8e0d178b1d1e 3717 /* 195 */
wolfSSL 16:8e0d178b1d1e 3718 { { 0x175df2a,0x05a28a8,0x32e99b1,0x13d8630,0x2082aa0,0x11ac245,
wolfSSL 16:8e0d178b1d1e 3719 0x24f2e71,0x322cb27,0x17675e7,0x02e643f },
wolfSSL 16:8e0d178b1d1e 3720 { 0x1f37313,0x2765ad3,0x0789082,0x1e742d0,0x11c2055,0x2021dc4,
wolfSSL 16:8e0d178b1d1e 3721 0x09ae4a7,0x346359b,0x2f94d10,0x0205c1f } },
wolfSSL 16:8e0d178b1d1e 3722 /* 196 */
wolfSSL 16:8e0d178b1d1e 3723 { { 0x3d6ff96,0x1f2ac80,0x336097d,0x3f03610,0x35b851b,0x010b6d2,
wolfSSL 16:8e0d178b1d1e 3724 0x0823c4d,0x2a9709a,0x2ead5a8,0x00de4b6 },
wolfSSL 16:8e0d178b1d1e 3725 { 0x01afa0b,0x0621965,0x3671528,0x1050b60,0x3f3e9e7,0x2f93829,
wolfSSL 16:8e0d178b1d1e 3726 0x0825275,0x006e85f,0x35e94b0,0x016af58 } },
wolfSSL 16:8e0d178b1d1e 3727 /* 197 */
wolfSSL 16:8e0d178b1d1e 3728 { { 0x2c4927c,0x3ea1382,0x0f23727,0x0d69f23,0x3e38860,0x2b72837,
wolfSSL 16:8e0d178b1d1e 3729 0x3cd5ea4,0x2d84292,0x321846a,0x016656f },
wolfSSL 16:8e0d178b1d1e 3730 { 0x29dfa33,0x3e182e0,0x018be90,0x2ba563f,0x2caafe2,0x218c0d9,
wolfSSL 16:8e0d178b1d1e 3731 0x3baf447,0x1047a6c,0x0a2d483,0x01130cb } },
wolfSSL 16:8e0d178b1d1e 3732 /* 198 */
wolfSSL 16:8e0d178b1d1e 3733 { { 0x00ed80c,0x2a5fc79,0x0a82a74,0x2c4c74b,0x15f938c,0x30b5ab6,
wolfSSL 16:8e0d178b1d1e 3734 0x32124b7,0x295314f,0x2fb8082,0x007c858 },
wolfSSL 16:8e0d178b1d1e 3735 { 0x20b173e,0x19f315c,0x12f97e4,0x198217c,0x040e8a6,0x3275977,
wolfSSL 16:8e0d178b1d1e 3736 0x2bc20e4,0x01f2633,0x02bc3e9,0x023c750 } },
wolfSSL 16:8e0d178b1d1e 3737 /* 199 */
wolfSSL 16:8e0d178b1d1e 3738 { { 0x3c4058a,0x24be73e,0x16704f5,0x2d8a4bd,0x3b15e14,0x3076315,
wolfSSL 16:8e0d178b1d1e 3739 0x1cfe37b,0x36fe715,0x343926e,0x02c6603 },
wolfSSL 16:8e0d178b1d1e 3740 { 0x2c76b09,0x0cf824c,0x3f7898c,0x274cec1,0x11df527,0x18eed18,
wolfSSL 16:8e0d178b1d1e 3741 0x08ead48,0x23915bc,0x19b3744,0x00a0a2b } },
wolfSSL 16:8e0d178b1d1e 3742 /* 200 */
wolfSSL 16:8e0d178b1d1e 3743 { { 0x0cf4ac5,0x1c8b131,0x0afb696,0x0ff7799,0x2f5ac1a,0x022420c,
wolfSSL 16:8e0d178b1d1e 3744 0x11baa2e,0x2ce4015,0x1275a14,0x0125cfc },
wolfSSL 16:8e0d178b1d1e 3745 { 0x22eac5d,0x360cd4c,0x3568e59,0x3d42f66,0x35e07ee,0x09620e4,
wolfSSL 16:8e0d178b1d1e 3746 0x36720fa,0x22b1eac,0x2d0db16,0x01b6b23 } },
wolfSSL 16:8e0d178b1d1e 3747 /* 201 */
wolfSSL 16:8e0d178b1d1e 3748 { { 0x1a835ef,0x1516bbb,0x2d51f7b,0x3487443,0x14aa113,0x0dd06c2,
wolfSSL 16:8e0d178b1d1e 3749 0x1a65e01,0x379300d,0x35920b9,0x012c8fb },
wolfSSL 16:8e0d178b1d1e 3750 { 0x04c7341,0x2eda00f,0x3c37e82,0x1b4fd62,0x0d45770,0x1478fba,
wolfSSL 16:8e0d178b1d1e 3751 0x127863a,0x26939cd,0x134ddf4,0x01375c5 } },
wolfSSL 16:8e0d178b1d1e 3752 /* 202 */
wolfSSL 16:8e0d178b1d1e 3753 { { 0x1476cd9,0x1119ca5,0x325bbf9,0x0bf8c69,0x0648d07,0x312d9f8,
wolfSSL 16:8e0d178b1d1e 3754 0x01c8b8f,0x136ec51,0x0002f4a,0x03f4c5c },
wolfSSL 16:8e0d178b1d1e 3755 { 0x195d0e1,0x10ffd22,0x29aa1cb,0x3443bdc,0x276e695,0x05e6260,
wolfSSL 16:8e0d178b1d1e 3756 0x15f9764,0x3cd9783,0x18c9569,0x0053eb1 } },
wolfSSL 16:8e0d178b1d1e 3757 /* 203 */
wolfSSL 16:8e0d178b1d1e 3758 { { 0x312ae18,0x280197c,0x3fc9ad9,0x303f324,0x251958d,0x29f4a11,
wolfSSL 16:8e0d178b1d1e 3759 0x2142408,0x3694366,0x25136ab,0x03b5f1d },
wolfSSL 16:8e0d178b1d1e 3760 { 0x1d4abbc,0x1c3c689,0x13ea462,0x3cfc684,0x39b5dd8,0x2d4654b,
wolfSSL 16:8e0d178b1d1e 3761 0x09b0755,0x27d4f18,0x3f74d2e,0x03fbf2d } },
wolfSSL 16:8e0d178b1d1e 3762 /* 204 */
wolfSSL 16:8e0d178b1d1e 3763 { { 0x2119185,0x2525eae,0x1ba4bd0,0x0c2ab11,0x1d54e8c,0x294845e,
wolfSSL 16:8e0d178b1d1e 3764 0x2479dea,0x3602d24,0x17e87e0,0x0060069 },
wolfSSL 16:8e0d178b1d1e 3765 { 0x0afffb0,0x34fe37f,0x1240073,0x02eb895,0x06cf33c,0x2d7f7ef,
wolfSSL 16:8e0d178b1d1e 3766 0x1d763b5,0x04191e0,0x11e1ead,0x027e3f0 } },
wolfSSL 16:8e0d178b1d1e 3767 /* 205 */
wolfSSL 16:8e0d178b1d1e 3768 { { 0x269544c,0x0e85c57,0x3813158,0x19fc12d,0x20eaf85,0x1e2930c,
wolfSSL 16:8e0d178b1d1e 3769 0x22a8fd2,0x1a6a478,0x09d3d3a,0x02a74e0 },
wolfSSL 16:8e0d178b1d1e 3770 { 0x1a2da3b,0x30b0b16,0x0847936,0x3d86257,0x138ccbc,0x0f5421a,
wolfSSL 16:8e0d178b1d1e 3771 0x25244e6,0x23bdd79,0x1aee117,0x00c01ae } },
wolfSSL 16:8e0d178b1d1e 3772 /* 206 */
wolfSSL 16:8e0d178b1d1e 3773 { { 0x1eead28,0x07cac32,0x1fbc0bb,0x17627d3,0x17eef63,0x0b3a24e,
wolfSSL 16:8e0d178b1d1e 3774 0x0757fdb,0x3dd841d,0x3d745f8,0x002ae17 },
wolfSSL 16:8e0d178b1d1e 3775 { 0x25b4549,0x29f24cf,0x2f21ecd,0x1725e48,0x04be2bb,0x10ee010,
wolfSSL 16:8e0d178b1d1e 3776 0x1a1274b,0x10b0898,0x27511e9,0x02c48b5 } },
wolfSSL 16:8e0d178b1d1e 3777 /* 207 */
wolfSSL 16:8e0d178b1d1e 3778 { { 0x2a5ae7a,0x181ef99,0x0be33be,0x3e9dab7,0x101e703,0x3adb971,
wolfSSL 16:8e0d178b1d1e 3779 0x1043014,0x2ebb2be,0x1c1097d,0x027d667 },
wolfSSL 16:8e0d178b1d1e 3780 { 0x3f250ed,0x16dc603,0x20dc6d7,0x1d0d268,0x38eb915,0x02c89e8,
wolfSSL 16:8e0d178b1d1e 3781 0x1605a41,0x12de109,0x0e08a29,0x01f554a } },
wolfSSL 16:8e0d178b1d1e 3782 /* 208 */
wolfSSL 16:8e0d178b1d1e 3783 { { 0x0c26def,0x163d988,0x2d1ef0f,0x3a960ac,0x1025585,0x0738e20,
wolfSSL 16:8e0d178b1d1e 3784 0x27d79b0,0x05cc3ef,0x201303f,0x00a333a },
wolfSSL 16:8e0d178b1d1e 3785 { 0x1644ba5,0x2af345e,0x30b8d1d,0x3a01bff,0x31fc643,0x1acf85e,
wolfSSL 16:8e0d178b1d1e 3786 0x0a76fc6,0x04efe98,0x348a1d0,0x03062eb } },
wolfSSL 16:8e0d178b1d1e 3787 /* 209 */
wolfSSL 16:8e0d178b1d1e 3788 { { 0x1c4216d,0x18e3217,0x02ac34e,0x19c8185,0x200c010,0x17d4192,
wolfSSL 16:8e0d178b1d1e 3789 0x13a1719,0x165af51,0x09db7a9,0x0277be0 },
wolfSSL 16:8e0d178b1d1e 3790 { 0x3ab8d2c,0x2190b99,0x22b641e,0x0cd88de,0x3b42404,0x1310862,
wolfSSL 16:8e0d178b1d1e 3791 0x106a6d6,0x23395f5,0x0b06880,0x000d5fe } },
wolfSSL 16:8e0d178b1d1e 3792 /* 210 */
wolfSSL 16:8e0d178b1d1e 3793 { { 0x0d2cc88,0x36f9913,0x339d8e9,0x237c2e3,0x0cc61c2,0x34c2832,
wolfSSL 16:8e0d178b1d1e 3794 0x309874c,0x2621d28,0x2dd1b48,0x0392806 },
wolfSSL 16:8e0d178b1d1e 3795 { 0x17cd8f9,0x07bab3d,0x0c482ed,0x0faf565,0x31b767d,0x2f4bde1,
wolfSSL 16:8e0d178b1d1e 3796 0x295c717,0x330c29c,0x179ce10,0x0119b5f } },
wolfSSL 16:8e0d178b1d1e 3797 /* 211 */
wolfSSL 16:8e0d178b1d1e 3798 { { 0x1ada2c7,0x0c624a7,0x227d47d,0x30e3e6a,0x14fa0a6,0x0829678,
wolfSSL 16:8e0d178b1d1e 3799 0x24fd288,0x2b46a43,0x122451e,0x0319ca9 },
wolfSSL 16:8e0d178b1d1e 3800 { 0x186b655,0x01f3217,0x0af1306,0x0efe6b5,0x2f0235d,0x1c45ca9,
wolfSSL 16:8e0d178b1d1e 3801 0x2086805,0x1d44e66,0x0faf2a6,0x0178f59 } },
wolfSSL 16:8e0d178b1d1e 3802 /* 212 */
wolfSSL 16:8e0d178b1d1e 3803 { { 0x33b4416,0x10431e6,0x2d99aa6,0x217aac9,0x0cd8fcf,0x2d95a9d,
wolfSSL 16:8e0d178b1d1e 3804 0x3ff74ad,0x10bf17a,0x295eb8e,0x01b229e },
wolfSSL 16:8e0d178b1d1e 3805 { 0x02a63bd,0x182e9ec,0x004710c,0x00e2e3c,0x06b2f23,0x04b642c,
wolfSSL 16:8e0d178b1d1e 3806 0x2c37383,0x32a4631,0x022ad82,0x00d22b9 } },
wolfSSL 16:8e0d178b1d1e 3807 /* 213 */
wolfSSL 16:8e0d178b1d1e 3808 { { 0x0cda2fb,0x1d198d7,0x26d27f4,0x286381c,0x022acca,0x24ac7c8,
wolfSSL 16:8e0d178b1d1e 3809 0x2df7824,0x0b4ba16,0x1e0d9ef,0x03041d3 },
wolfSSL 16:8e0d178b1d1e 3810 { 0x29a65b3,0x0f3912b,0x151bfcf,0x2b0175c,0x0fd71e4,0x39aa5e2,
wolfSSL 16:8e0d178b1d1e 3811 0x311f50c,0x13ff351,0x3dbc9e5,0x03eeb7e } },
wolfSSL 16:8e0d178b1d1e 3812 /* 214 */
wolfSSL 16:8e0d178b1d1e 3813 { { 0x0a99363,0x0fc7348,0x2775171,0x23db3c8,0x2b91565,0x134d66c,
wolfSSL 16:8e0d178b1d1e 3814 0x0175cd2,0x1bf365a,0x2b48371,0x02dfe5d },
wolfSSL 16:8e0d178b1d1e 3815 { 0x16dbf74,0x2389357,0x2f36575,0x3f5c70e,0x38d23ba,0x090f7f8,
wolfSSL 16:8e0d178b1d1e 3816 0x3477600,0x3201523,0x32ecafc,0x03d3506 } },
wolfSSL 16:8e0d178b1d1e 3817 /* 215 */
wolfSSL 16:8e0d178b1d1e 3818 { { 0x1abd48d,0x073ca3f,0x38a451f,0x0d8cb01,0x1ce81be,0x05c51ba,
wolfSSL 16:8e0d178b1d1e 3819 0x0e29741,0x03c41ab,0x0eae016,0x0060209 },
wolfSSL 16:8e0d178b1d1e 3820 { 0x2e58358,0x1da62d9,0x2358038,0x14b39b2,0x1635687,0x39079b1,
wolfSSL 16:8e0d178b1d1e 3821 0x380e345,0x1b49608,0x23983cf,0x019f97d } },
wolfSSL 16:8e0d178b1d1e 3822 /* 216 */
wolfSSL 16:8e0d178b1d1e 3823 { { 0x34899ef,0x332e373,0x04c0f89,0x3c27aed,0x1949015,0x09663b2,
wolfSSL 16:8e0d178b1d1e 3824 0x2f9276b,0x07f1951,0x09a04c1,0x027fbde },
wolfSSL 16:8e0d178b1d1e 3825 { 0x3d2a071,0x19fb3d4,0x1b096d3,0x1fe9146,0x3b10e1a,0x0478bbb,
wolfSSL 16:8e0d178b1d1e 3826 0x2b3fb06,0x1388329,0x181a99c,0x02f2030 } },
wolfSSL 16:8e0d178b1d1e 3827 /* 217 */
wolfSSL 16:8e0d178b1d1e 3828 { { 0x1eb82e6,0x14dbe39,0x3920972,0x31fd5b2,0x21a484f,0x02d7697,
wolfSSL 16:8e0d178b1d1e 3829 0x0e21715,0x37c431e,0x2629f8c,0x01249c3 },
wolfSSL 16:8e0d178b1d1e 3830 { 0x26b50ad,0x26deefa,0x0ffc1a3,0x30688e2,0x39a0284,0x041c65e,
wolfSSL 16:8e0d178b1d1e 3831 0x03eb178,0x0bdfd50,0x2f96137,0x034bb94 } },
wolfSSL 16:8e0d178b1d1e 3832 /* 218 */
wolfSSL 16:8e0d178b1d1e 3833 { { 0x0e0362a,0x334a162,0x194dd37,0x29e3e97,0x2442fa8,0x10d2949,
wolfSSL 16:8e0d178b1d1e 3834 0x3836e5a,0x2dccebf,0x0bee5ab,0x037ed1e },
wolfSSL 16:8e0d178b1d1e 3835 { 0x33eede6,0x3c739d9,0x2f04a91,0x350ad6c,0x3a5390a,0x14c368b,
wolfSSL 16:8e0d178b1d1e 3836 0x26f7bf5,0x11ce979,0x0b408df,0x0366850 } },
wolfSSL 16:8e0d178b1d1e 3837 /* 219 */
wolfSSL 16:8e0d178b1d1e 3838 { { 0x28ea498,0x0886d5b,0x2e090e0,0x0a4d58f,0x2623478,0x0d74ab7,
wolfSSL 16:8e0d178b1d1e 3839 0x2b83913,0x12c6b81,0x18d623f,0x01d8301 },
wolfSSL 16:8e0d178b1d1e 3840 { 0x198aa79,0x26d6330,0x3a7f0b8,0x34bc1ea,0x2f74890,0x378955a,
wolfSSL 16:8e0d178b1d1e 3841 0x204110f,0x0102538,0x02d8f19,0x01c5066 } },
wolfSSL 16:8e0d178b1d1e 3842 /* 220 */
wolfSSL 16:8e0d178b1d1e 3843 { { 0x14b0f45,0x2838cd3,0x14e16f0,0x0e0e4aa,0x2d9280b,0x0f18757,
wolfSSL 16:8e0d178b1d1e 3844 0x3324c6b,0x1391ceb,0x1ce89d5,0x00ebe74 },
wolfSSL 16:8e0d178b1d1e 3845 { 0x0930371,0x3de6048,0x3097fd8,0x1308705,0x3eda266,0x3108c26,
wolfSSL 16:8e0d178b1d1e 3846 0x1545dcd,0x1f7583a,0x1c37395,0x02c7e05 } },
wolfSSL 16:8e0d178b1d1e 3847 /* 221 */
wolfSSL 16:8e0d178b1d1e 3848 { { 0x1fec44a,0x2a9e3a2,0x0caf84f,0x11cf2a9,0x0c8c2ae,0x06da989,
wolfSSL 16:8e0d178b1d1e 3849 0x1c807dc,0x3c149a4,0x1141543,0x02906bb },
wolfSSL 16:8e0d178b1d1e 3850 { 0x15ffe04,0x0d4e65f,0x2e20424,0x37d896d,0x18bacb2,0x1e05ddd,
wolfSSL 16:8e0d178b1d1e 3851 0x1660be8,0x183be17,0x1dd86fb,0x035ba70 } },
wolfSSL 16:8e0d178b1d1e 3852 /* 222 */
wolfSSL 16:8e0d178b1d1e 3853 { { 0x2853264,0x0ba5fb1,0x0a0b3aa,0x2df88c1,0x2771533,0x23aba6f,
wolfSSL 16:8e0d178b1d1e 3854 0x112bb7b,0x3e3086e,0x210ae9b,0x027271b },
wolfSSL 16:8e0d178b1d1e 3855 { 0x030b74c,0x0269678,0x1e90a23,0x135a98c,0x24ed749,0x126de7c,
wolfSSL 16:8e0d178b1d1e 3856 0x344b23a,0x186da27,0x19640fa,0x0159af5 } },
wolfSSL 16:8e0d178b1d1e 3857 /* 223 */
wolfSSL 16:8e0d178b1d1e 3858 { { 0x18061f3,0x3004630,0x3c70066,0x34df20f,0x1190b25,0x1c9cc91,
wolfSSL 16:8e0d178b1d1e 3859 0x1fc8e02,0x0d17bc1,0x390f525,0x033cb1c },
wolfSSL 16:8e0d178b1d1e 3860 { 0x0eb30cf,0x2f3ad04,0x303aa09,0x2e835dd,0x1cfd2eb,0x143fc95,
wolfSSL 16:8e0d178b1d1e 3861 0x02c43a1,0x025e7a1,0x3558aa2,0x000bd45 } },
wolfSSL 16:8e0d178b1d1e 3862 /* 224 */
wolfSSL 16:8e0d178b1d1e 3863 { { 0x1db7d07,0x3bde52b,0x1500396,0x1089115,0x20b4fc7,0x1e2a8f3,
wolfSSL 16:8e0d178b1d1e 3864 0x3f8eacc,0x365f7eb,0x1a5e8d4,0x0053a6b },
wolfSSL 16:8e0d178b1d1e 3865 { 0x37079e2,0x120284b,0x000edaa,0x33792c2,0x145baa3,0x20e055f,
wolfSSL 16:8e0d178b1d1e 3866 0x365e2d7,0x26ba005,0x3ab8e9d,0x0282b53 } },
wolfSSL 16:8e0d178b1d1e 3867 /* 225 */
wolfSSL 16:8e0d178b1d1e 3868 { { 0x2653618,0x2dd8852,0x2a5f0bf,0x0f0c7aa,0x2187281,0x1252757,
wolfSSL 16:8e0d178b1d1e 3869 0x13e7374,0x3b47855,0x0b86e56,0x02f354c },
wolfSSL 16:8e0d178b1d1e 3870 { 0x2e9c47b,0x2fa14cc,0x19ab169,0x3fad401,0x0dc2776,0x24afeed,
wolfSSL 16:8e0d178b1d1e 3871 0x3a97611,0x0d07736,0x3cf6979,0x02424a0 } },
wolfSSL 16:8e0d178b1d1e 3872 /* 226 */
wolfSSL 16:8e0d178b1d1e 3873 { { 0x2e81a13,0x000c91d,0x123967b,0x265885c,0x29bee1a,0x0cb8675,
wolfSSL 16:8e0d178b1d1e 3874 0x2d361bd,0x1526823,0x3c9ace1,0x00d7bad },
wolfSSL 16:8e0d178b1d1e 3875 { 0x24e5bdc,0x02b969f,0x2c6e128,0x34edb3b,0x12dcd2c,0x3899af0,
wolfSSL 16:8e0d178b1d1e 3876 0x24224c6,0x3a1914b,0x0f4448a,0x026a2cb } },
wolfSSL 16:8e0d178b1d1e 3877 /* 227 */
wolfSSL 16:8e0d178b1d1e 3878 { { 0x1d03b59,0x1c6fc82,0x32abf64,0x28ed96b,0x1c90e62,0x2f57bb2,
wolfSSL 16:8e0d178b1d1e 3879 0x3ff168e,0x04de7fd,0x0f4d449,0x01af6d8 },
wolfSSL 16:8e0d178b1d1e 3880 { 0x255bc30,0x2bfaf22,0x3fe0dad,0x0584025,0x1c79ead,0x3078ef7,
wolfSSL 16:8e0d178b1d1e 3881 0x2197414,0x022a50b,0x0fd94ba,0x0007b0f } },
wolfSSL 16:8e0d178b1d1e 3882 /* 228 */
wolfSSL 16:8e0d178b1d1e 3883 { { 0x09485c2,0x09dfaf7,0x10c7ba6,0x1e48bec,0x248cc9a,0x028a362,
wolfSSL 16:8e0d178b1d1e 3884 0x21d60f7,0x193d93d,0x1c04754,0x0346b2c },
wolfSSL 16:8e0d178b1d1e 3885 { 0x2f36612,0x240ac49,0x0d8bd26,0x13b8186,0x259c3a4,0x020d5fb,
wolfSSL 16:8e0d178b1d1e 3886 0x38a8133,0x09b0937,0x39d4056,0x01f7341 } },
wolfSSL 16:8e0d178b1d1e 3887 /* 229 */
wolfSSL 16:8e0d178b1d1e 3888 { { 0x05a4b48,0x1f534fc,0x07725ce,0x148dc8c,0x2adcd29,0x04aa456,
wolfSSL 16:8e0d178b1d1e 3889 0x0f79718,0x066e346,0x189377d,0x002fd4d },
wolfSSL 16:8e0d178b1d1e 3890 { 0x068ea73,0x336569b,0x184d35e,0x32a08e9,0x3c7f3bb,0x11ce9c8,
wolfSSL 16:8e0d178b1d1e 3891 0x3674c6f,0x21bf27e,0x0d9e166,0x034a2f9 } },
wolfSSL 16:8e0d178b1d1e 3892 /* 230 */
wolfSSL 16:8e0d178b1d1e 3893 { { 0x0fa8e4b,0x2e6418e,0x18fc5d2,0x1ba24ff,0x0559f18,0x0dbedbf,
wolfSSL 16:8e0d178b1d1e 3894 0x2de2aa4,0x22338e9,0x3aa510f,0x035d801 },
wolfSSL 16:8e0d178b1d1e 3895 { 0x23a4988,0x02aad94,0x02732d1,0x111d374,0x0b455cf,0x0d01c9e,
wolfSSL 16:8e0d178b1d1e 3896 0x067082a,0x2ec05fd,0x368b303,0x03cad4b } },
wolfSSL 16:8e0d178b1d1e 3897 /* 231 */
wolfSSL 16:8e0d178b1d1e 3898 { { 0x035b4ca,0x1fabea6,0x1cbc0d5,0x3f2ed9a,0x02d2232,0x1990c66,
wolfSSL 16:8e0d178b1d1e 3899 0x2eb680c,0x3b4ea3b,0x18ecc5a,0x03636fa },
wolfSSL 16:8e0d178b1d1e 3900 { 0x1a02709,0x26f8ff1,0x1fa8cba,0x397d6e8,0x230be68,0x043aa14,
wolfSSL 16:8e0d178b1d1e 3901 0x3d43cdf,0x25c17fa,0x3a3ee55,0x0380564 } },
wolfSSL 16:8e0d178b1d1e 3902 /* 232 */
wolfSSL 16:8e0d178b1d1e 3903 { { 0x275a0a6,0x16bd43a,0x0033d3e,0x2b15e16,0x2512226,0x005d901,
wolfSSL 16:8e0d178b1d1e 3904 0x26d50fd,0x3bc19bf,0x3b1aeb8,0x02bfb01 },
wolfSSL 16:8e0d178b1d1e 3905 { 0x0bb0a31,0x26559e0,0x1aae7fb,0x330dcc2,0x16f1af3,0x06afce2,
wolfSSL 16:8e0d178b1d1e 3906 0x13a15a0,0x2ff7645,0x3546e2d,0x029c6e4 } },
wolfSSL 16:8e0d178b1d1e 3907 /* 233 */
wolfSSL 16:8e0d178b1d1e 3908 { { 0x0f593d2,0x384b806,0x122bbf8,0x0a281e0,0x1d1a904,0x2e93cab,
wolfSSL 16:8e0d178b1d1e 3909 0x0505db0,0x08f6454,0x05c6285,0x014e880 },
wolfSSL 16:8e0d178b1d1e 3910 { 0x3f2b935,0x22d8e79,0x161a07c,0x16b060a,0x02bff97,0x146328b,
wolfSSL 16:8e0d178b1d1e 3911 0x3ceea77,0x238f61a,0x19b3d58,0x02fd1f4 } },
wolfSSL 16:8e0d178b1d1e 3912 /* 234 */
wolfSSL 16:8e0d178b1d1e 3913 { { 0x17665d5,0x259e9f7,0x0de5672,0x15cbcbd,0x34e3030,0x035240f,
wolfSSL 16:8e0d178b1d1e 3914 0x0005ae8,0x286d851,0x07f39c9,0x000070b },
wolfSSL 16:8e0d178b1d1e 3915 { 0x1efc6d6,0x2a0051a,0x2724143,0x2a9ef1e,0x0c810bd,0x1e05429,
wolfSSL 16:8e0d178b1d1e 3916 0x25670ba,0x2e66d7d,0x0e786ff,0x03f6b7e } },
wolfSSL 16:8e0d178b1d1e 3917 /* 235 */
wolfSSL 16:8e0d178b1d1e 3918 { { 0x3c00785,0x232e23f,0x2b67fd3,0x244ed23,0x077fa75,0x3cda3ef,
wolfSSL 16:8e0d178b1d1e 3919 0x14d055b,0x0f25011,0x24d5aa4,0x00ea0e3 },
wolfSSL 16:8e0d178b1d1e 3920 { 0x297bb9a,0x198ca4f,0x14d9561,0x18d1076,0x39eb933,0x2b6caa0,
wolfSSL 16:8e0d178b1d1e 3921 0x1591a60,0x0768d45,0x257873e,0x00f36e0 } },
wolfSSL 16:8e0d178b1d1e 3922 /* 236 */
wolfSSL 16:8e0d178b1d1e 3923 { { 0x1e77eab,0x0502a5f,0x0109137,0x0350592,0x3f7e1c5,0x3ac7437,
wolfSSL 16:8e0d178b1d1e 3924 0x2dcad2c,0x1fee9d8,0x089f1f5,0x0169833 },
wolfSSL 16:8e0d178b1d1e 3925 { 0x0d45673,0x0d8e090,0x065580b,0x065644f,0x11b82be,0x3592dd0,
wolfSSL 16:8e0d178b1d1e 3926 0x3284b8d,0x23f0015,0x16fdbfd,0x0248bfd } },
wolfSSL 16:8e0d178b1d1e 3927 /* 237 */
wolfSSL 16:8e0d178b1d1e 3928 { { 0x1a129a1,0x1977bb2,0x0e041b2,0x15f30a1,0x0a5b1ce,0x3afef8f,
wolfSSL 16:8e0d178b1d1e 3929 0x380c46c,0x3358810,0x27df6c5,0x01ca466 },
wolfSSL 16:8e0d178b1d1e 3930 { 0x3b90f9a,0x3d14ea3,0x031b298,0x02e2390,0x2d719c0,0x25bc615,
wolfSSL 16:8e0d178b1d1e 3931 0x2c0e777,0x0226b8c,0x3803624,0x0179e45 } },
wolfSSL 16:8e0d178b1d1e 3932 /* 238 */
wolfSSL 16:8e0d178b1d1e 3933 { { 0x363cdfb,0x1bb155f,0x24fd5c1,0x1c7c72b,0x28e6a35,0x18165f2,
wolfSSL 16:8e0d178b1d1e 3934 0x226bea5,0x0beaff3,0x371e24c,0x0138294 },
wolfSSL 16:8e0d178b1d1e 3935 { 0x1765357,0x29034e9,0x22b4276,0x11035ce,0x23c89af,0x074468c,
wolfSSL 16:8e0d178b1d1e 3936 0x3370ae4,0x013bae3,0x018d566,0x03d7fde } },
wolfSSL 16:8e0d178b1d1e 3937 /* 239 */
wolfSSL 16:8e0d178b1d1e 3938 { { 0x209df21,0x0f8ff86,0x0e47fbf,0x23b99ba,0x126d5d2,0x2722405,
wolfSSL 16:8e0d178b1d1e 3939 0x16bd0a2,0x1799082,0x0e9533f,0x039077c },
wolfSSL 16:8e0d178b1d1e 3940 { 0x3ba9e3f,0x3f6902c,0x1895305,0x3ac9813,0x3f2340c,0x3c0d9f1,
wolfSSL 16:8e0d178b1d1e 3941 0x26e1927,0x0557c21,0x16eac4f,0x023b75f } },
wolfSSL 16:8e0d178b1d1e 3942 /* 240 */
wolfSSL 16:8e0d178b1d1e 3943 { { 0x3fc8ff3,0x0770382,0x342fc9a,0x0afa4db,0x314efd8,0x328e07b,
wolfSSL 16:8e0d178b1d1e 3944 0x016f7cc,0x3ba599c,0x1caed8a,0x0050cb0 },
wolfSSL 16:8e0d178b1d1e 3945 { 0x0b23c26,0x2120a5c,0x3273ec6,0x1cc1cd6,0x2a64fe8,0x2bbc3d6,
wolfSSL 16:8e0d178b1d1e 3946 0x09f6e5e,0x34b1b8e,0x00b5ac8,0x032bbd2 } },
wolfSSL 16:8e0d178b1d1e 3947 /* 241 */
wolfSSL 16:8e0d178b1d1e 3948 { { 0x1315922,0x1725e1d,0x0ca5524,0x1c4c18f,0x3d82951,0x193bcb2,
wolfSSL 16:8e0d178b1d1e 3949 0x0e60d0b,0x388dbcf,0x37e8efa,0x0342e85 },
wolfSSL 16:8e0d178b1d1e 3950 { 0x1b3af60,0x26ba3ec,0x220e53a,0x394f4b6,0x01a796a,0x3e7bbca,
wolfSSL 16:8e0d178b1d1e 3951 0x163605d,0x2b85807,0x17c1c54,0x03cc725 } },
wolfSSL 16:8e0d178b1d1e 3952 /* 242 */
wolfSSL 16:8e0d178b1d1e 3953 { { 0x1cc4597,0x1635492,0x2028c0f,0x2c2eb82,0x2dc5015,0x0d2a052,
wolfSSL 16:8e0d178b1d1e 3954 0x05fc557,0x1f0ebbf,0x0cb96e1,0x0004d01 },
wolfSSL 16:8e0d178b1d1e 3955 { 0x1a824bf,0x3896172,0x2ed7b29,0x178007a,0x0d59318,0x07bda2b,
wolfSSL 16:8e0d178b1d1e 3956 0x2ee6826,0x0f9b235,0x04b9193,0x01bcddf } },
wolfSSL 16:8e0d178b1d1e 3957 /* 243 */
wolfSSL 16:8e0d178b1d1e 3958 { { 0x0333fd2,0x0eeb46a,0x15b89f9,0x00968aa,0x2a89302,0x2bdd6b3,
wolfSSL 16:8e0d178b1d1e 3959 0x1e5037e,0x2541884,0x24ed2d0,0x01b6e8f },
wolfSSL 16:8e0d178b1d1e 3960 { 0x04399cd,0x3be6334,0x3adea48,0x1bb9adc,0x31811c6,0x05fb2bc,
wolfSSL 16:8e0d178b1d1e 3961 0x360752c,0x3d29dcb,0x3423bec,0x03c4f3c } },
wolfSSL 16:8e0d178b1d1e 3962 /* 244 */
wolfSSL 16:8e0d178b1d1e 3963 { { 0x119e2eb,0x2e7b02a,0x0f68cee,0x257d8b0,0x183a9a1,0x2ae88a6,
wolfSSL 16:8e0d178b1d1e 3964 0x3a3bb67,0x2eb4f3e,0x1a9274b,0x0320fea },
wolfSSL 16:8e0d178b1d1e 3965 { 0x2fa1ce0,0x346c2d8,0x2fbf0d7,0x3d4d063,0x0e58b60,0x09c1bc1,
wolfSSL 16:8e0d178b1d1e 3966 0x28ef9e5,0x09a0efe,0x0f45d70,0x02d275c } },
wolfSSL 16:8e0d178b1d1e 3967 /* 245 */
wolfSSL 16:8e0d178b1d1e 3968 { { 0x2d5513b,0x31d443e,0x1e2d914,0x3b2c5d4,0x105f32e,0x27ee756,
wolfSSL 16:8e0d178b1d1e 3969 0x050418d,0x3c73db6,0x1bb0c30,0x01673eb },
wolfSSL 16:8e0d178b1d1e 3970 { 0x1cb7fd6,0x1eb08d5,0x26a3e16,0x2e20810,0x0249367,0x029e219,
wolfSSL 16:8e0d178b1d1e 3971 0x2ec58c9,0x12d9fab,0x362354a,0x016eafc } },
wolfSSL 16:8e0d178b1d1e 3972 /* 246 */
wolfSSL 16:8e0d178b1d1e 3973 { { 0x2424865,0x260747b,0x177f37c,0x1e3cb95,0x08b0028,0x2783016,
wolfSSL 16:8e0d178b1d1e 3974 0x2970f1b,0x323c1c0,0x2a79026,0x0186231 },
wolfSSL 16:8e0d178b1d1e 3975 { 0x0f244da,0x26866f4,0x087306f,0x173ec20,0x31ecced,0x3c84d8d,
wolfSSL 16:8e0d178b1d1e 3976 0x070f9b9,0x2e764d5,0x075df50,0x0264ff9 } },
wolfSSL 16:8e0d178b1d1e 3977 /* 247 */
wolfSSL 16:8e0d178b1d1e 3978 { { 0x32c3609,0x0c737e6,0x14ea68e,0x300b11b,0x184eb19,0x29dd440,
wolfSSL 16:8e0d178b1d1e 3979 0x09ec1a9,0x185adeb,0x0664c80,0x0207dd9 },
wolfSSL 16:8e0d178b1d1e 3980 { 0x1fbe978,0x30a969d,0x33561d7,0x34fc60e,0x36743fe,0x00774af,
wolfSSL 16:8e0d178b1d1e 3981 0x0d1f045,0x018360e,0x12a5fe9,0x01592a0 } },
wolfSSL 16:8e0d178b1d1e 3982 /* 248 */
wolfSSL 16:8e0d178b1d1e 3983 { { 0x2817d1d,0x2993d3e,0x2e0f7a5,0x112faa0,0x255f968,0x355fe6a,
wolfSSL 16:8e0d178b1d1e 3984 0x3f5a0fc,0x075b2d7,0x3cf00e5,0x0089afc },
wolfSSL 16:8e0d178b1d1e 3985 { 0x32833cf,0x06a7e4b,0x09a8d6d,0x1693d3e,0x320a0a3,0x3cfdfdd,
wolfSSL 16:8e0d178b1d1e 3986 0x136c498,0x1e0d845,0x347ff25,0x01a1de7 } },
wolfSSL 16:8e0d178b1d1e 3987 /* 249 */
wolfSSL 16:8e0d178b1d1e 3988 { { 0x3043d08,0x030705c,0x20fa79b,0x1d07f00,0x0a54467,0x29b49b4,
wolfSSL 16:8e0d178b1d1e 3989 0x367e289,0x0b82f4d,0x0d1eb09,0x025ef2c },
wolfSSL 16:8e0d178b1d1e 3990 { 0x32ed3c3,0x1baaa3c,0x3c482ab,0x146ca06,0x3c8a4f1,0x3e85e3c,
wolfSSL 16:8e0d178b1d1e 3991 0x1bf4f3b,0x1195534,0x3e80a78,0x02a1cbf } },
wolfSSL 16:8e0d178b1d1e 3992 /* 250 */
wolfSSL 16:8e0d178b1d1e 3993 { { 0x32b2086,0x2de4d68,0x3486b1a,0x03a0583,0x2e1eb71,0x2dab9af,
wolfSSL 16:8e0d178b1d1e 3994 0x10cd913,0x28daa6f,0x3fcb732,0x000a04a },
wolfSSL 16:8e0d178b1d1e 3995 { 0x3605318,0x3f5f2b3,0x2d1da63,0x143f7f5,0x1646e5d,0x040b586,
wolfSSL 16:8e0d178b1d1e 3996 0x1683982,0x25abe87,0x0c9fe53,0x001ce47 } },
wolfSSL 16:8e0d178b1d1e 3997 /* 251 */
wolfSSL 16:8e0d178b1d1e 3998 { { 0x380d02b,0x055fc22,0x3f7fc50,0x3458a1d,0x26b8333,0x23550ab,
wolfSSL 16:8e0d178b1d1e 3999 0x0a1af87,0x0a821eb,0x2dc7e6d,0x00d574a },
wolfSSL 16:8e0d178b1d1e 4000 { 0x07386e1,0x3ccd68a,0x3275b41,0x253e390,0x2fd272a,0x1e6627a,
wolfSSL 16:8e0d178b1d1e 4001 0x2ca2cde,0x0e9e4a1,0x1e37c2a,0x00f70ac } },
wolfSSL 16:8e0d178b1d1e 4002 /* 252 */
wolfSSL 16:8e0d178b1d1e 4003 { { 0x0581352,0x2748701,0x02bed68,0x094dd9e,0x30a00c8,0x3fb5c07,
wolfSSL 16:8e0d178b1d1e 4004 0x3bd5909,0x211ac80,0x1103ccd,0x0311e1a },
wolfSSL 16:8e0d178b1d1e 4005 { 0x0c768ed,0x29dc209,0x36575db,0x009a107,0x272feea,0x2b33383,
wolfSSL 16:8e0d178b1d1e 4006 0x313ed56,0x134c9cc,0x168d5bb,0x033310a } },
wolfSSL 16:8e0d178b1d1e 4007 /* 253 */
wolfSSL 16:8e0d178b1d1e 4008 { { 0x17620b9,0x143784f,0x256a94e,0x229664a,0x1d89a5c,0x1d521f2,
wolfSSL 16:8e0d178b1d1e 4009 0x0076406,0x1c73f70,0x342aa48,0x03851fa },
wolfSSL 16:8e0d178b1d1e 4010 { 0x0f3ae46,0x2ad3bab,0x0fbe274,0x3ed40d4,0x2fd4936,0x232103a,
wolfSSL 16:8e0d178b1d1e 4011 0x2afe474,0x25b8f7c,0x047080e,0x008e6b0 } },
wolfSSL 16:8e0d178b1d1e 4012 /* 254 */
wolfSSL 16:8e0d178b1d1e 4013 { { 0x3fee8d4,0x347cd4a,0x0fec481,0x33fe9ec,0x0ce80b5,0x33a6bcf,
wolfSSL 16:8e0d178b1d1e 4014 0x1c4c9e2,0x3967441,0x1a3f5f7,0x03157e8 },
wolfSSL 16:8e0d178b1d1e 4015 { 0x257c227,0x1bc53a0,0x200b318,0x0fcd0af,0x2c5b165,0x2a413ec,
wolfSSL 16:8e0d178b1d1e 4016 0x2fc998a,0x2da6426,0x19cd4f4,0x0025336 } },
wolfSSL 16:8e0d178b1d1e 4017 /* 255 */
wolfSSL 16:8e0d178b1d1e 4018 { { 0x303beba,0x2072135,0x32918a9,0x140cb3a,0x08631d1,0x0ef527b,
wolfSSL 16:8e0d178b1d1e 4019 0x05f2c9e,0x2b4ce91,0x0b642ab,0x02e428c },
wolfSSL 16:8e0d178b1d1e 4020 { 0x0a5abf9,0x15013ed,0x3603b46,0x30dd76d,0x3004750,0x28d7627,
wolfSSL 16:8e0d178b1d1e 4021 0x1a42ccc,0x093ddbe,0x39a1b79,0x00067e2 } },
wolfSSL 16:8e0d178b1d1e 4022 };
wolfSSL 16:8e0d178b1d1e 4023
wolfSSL 16:8e0d178b1d1e 4024 /* Multiply the base point of P256 by the scalar and return the result.
wolfSSL 16:8e0d178b1d1e 4025 * If map is true then convert result to affine co-ordinates.
wolfSSL 16:8e0d178b1d1e 4026 *
wolfSSL 16:8e0d178b1d1e 4027 * r Resulting point.
wolfSSL 16:8e0d178b1d1e 4028 * k Scalar to multiply by.
wolfSSL 16:8e0d178b1d1e 4029 * map Indicates whether to convert result to affine.
wolfSSL 16:8e0d178b1d1e 4030 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 4031 * returns MEMORY_E when memory allocation fails and MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 4032 */
wolfSSL 16:8e0d178b1d1e 4033 static int sp_256_ecc_mulmod_base_10(sp_point* r, const sp_digit* k,
wolfSSL 16:8e0d178b1d1e 4034 int map, void* heap)
wolfSSL 16:8e0d178b1d1e 4035 {
wolfSSL 16:8e0d178b1d1e 4036 return sp_256_ecc_mulmod_stripe_10(r, &p256_base, p256_table,
wolfSSL 16:8e0d178b1d1e 4037 k, map, heap);
wolfSSL 16:8e0d178b1d1e 4038 }
wolfSSL 16:8e0d178b1d1e 4039
wolfSSL 16:8e0d178b1d1e 4040 #endif
wolfSSL 16:8e0d178b1d1e 4041
wolfSSL 16:8e0d178b1d1e 4042
wolfSSL 16:8e0d178b1d1e 4043 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
wolfSSL 16:8e0d178b1d1e 4044 #endif
wolfSSL 16:8e0d178b1d1e 4045 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
wolfSSL 16:8e0d178b1d1e 4046 /* Multiply a by scalar b into r. (r = a * b)
wolfSSL 16:8e0d178b1d1e 4047 *
wolfSSL 16:8e0d178b1d1e 4048 * r A single precision integer.
wolfSSL 16:8e0d178b1d1e 4049 * a A single precision integer.
wolfSSL 16:8e0d178b1d1e 4050 * b A scalar.
wolfSSL 16:8e0d178b1d1e 4051 */
wolfSSL 16:8e0d178b1d1e 4052 SP_NOINLINE static void sp_256_mul_d_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 4053 sp_digit b)
wolfSSL 16:8e0d178b1d1e 4054 {
wolfSSL 16:8e0d178b1d1e 4055 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 4056 int64_t tb = b;
wolfSSL 16:8e0d178b1d1e 4057 int64_t t = 0;
wolfSSL 16:8e0d178b1d1e 4058 int i;
wolfSSL 16:8e0d178b1d1e 4059
wolfSSL 16:8e0d178b1d1e 4060 for (i = 0; i < 10; i++) {
wolfSSL 16:8e0d178b1d1e 4061 t += tb * a[i];
wolfSSL 16:8e0d178b1d1e 4062 r[i] = t & 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 4063 t >>= 26;
wolfSSL 16:8e0d178b1d1e 4064 }
wolfSSL 16:8e0d178b1d1e 4065 r[10] = (sp_digit)t;
wolfSSL 16:8e0d178b1d1e 4066 #else
wolfSSL 16:8e0d178b1d1e 4067 int64_t tb = b;
wolfSSL 16:8e0d178b1d1e 4068 int64_t t[10];
wolfSSL 16:8e0d178b1d1e 4069
wolfSSL 16:8e0d178b1d1e 4070 t[ 0] = Q6_P_mpy_RR(tb, a[0]);
wolfSSL 16:8e0d178b1d1e 4071 t[ 1] = Q6_P_mpy_RR(tb, a[1]);
wolfSSL 16:8e0d178b1d1e 4072 t[ 2] = Q6_P_mpy_RR(tb, a[2]);
wolfSSL 16:8e0d178b1d1e 4073 t[ 3] = Q6_P_mpy_RR(tb, a[3]);
wolfSSL 16:8e0d178b1d1e 4074 t[ 4] = Q6_P_mpy_RR(tb, a[4]);
wolfSSL 16:8e0d178b1d1e 4075 t[ 5] = Q6_P_mpy_RR(tb, a[5]);
wolfSSL 16:8e0d178b1d1e 4076 t[ 6] = Q6_P_mpy_RR(tb, a[6]);
wolfSSL 16:8e0d178b1d1e 4077 t[ 7] = Q6_P_mpy_RR(tb, a[7]);
wolfSSL 16:8e0d178b1d1e 4078 t[ 8] = Q6_P_mpy_RR(tb, a[8]);
wolfSSL 16:8e0d178b1d1e 4079 t[ 9] = Q6_P_mpy_RR(tb, a[9]);
wolfSSL 16:8e0d178b1d1e 4080 r[ 0] = Q6_R_and_RR(t[ 0], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4081 r[ 1] = (sp_digit)(t[ 0] >> 26) + Q6_R_and_RR(t[ 1], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4082 r[ 2] = (sp_digit)(t[ 1] >> 26) + Q6_R_and_RR(t[ 2], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4083 r[ 3] = (sp_digit)(t[ 2] >> 26) + Q6_R_and_RR(t[ 3], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4084 r[ 4] = (sp_digit)(t[ 3] >> 26) + Q6_R_and_RR(t[ 4], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4085 r[ 5] = (sp_digit)(t[ 4] >> 26) + Q6_R_and_RR(t[ 5], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4086 r[ 6] = (sp_digit)(t[ 5] >> 26) + Q6_R_and_RR(t[ 6], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4087 r[ 7] = (sp_digit)(t[ 6] >> 26) + Q6_R_and_RR(t[ 7], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4088 r[ 8] = (sp_digit)(t[ 7] >> 26) + Q6_R_and_RR(t[ 8], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4089 r[ 9] = (sp_digit)(t[ 8] >> 26) + Q6_R_and_RR(t[ 9], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4090 r[10] = (sp_digit)(t[ 9] >> 26);
wolfSSL 16:8e0d178b1d1e 4091 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 4092 }
wolfSSL 16:8e0d178b1d1e 4093
wolfSSL 16:8e0d178b1d1e 4094 #ifdef WOLFSSL_SP_DIV_32
wolfSSL 16:8e0d178b1d1e 4095 static WC_INLINE sp_digit sp_256_div_word_10(sp_digit d1, sp_digit d0,
wolfSSL 16:8e0d178b1d1e 4096 sp_digit dv)
wolfSSL 16:8e0d178b1d1e 4097 {
wolfSSL 16:8e0d178b1d1e 4098 sp_digit d, r, t, dv;
wolfSSL 16:8e0d178b1d1e 4099 int64_t t0, t1;
wolfSSL 16:8e0d178b1d1e 4100
wolfSSL 16:8e0d178b1d1e 4101 /* dv has 14 bits. */
wolfSSL 16:8e0d178b1d1e 4102 dv = (div >> 12) + 1;
wolfSSL 16:8e0d178b1d1e 4103 /* All 26 bits from d1 and top 5 bits from d0. */
wolfSSL 16:8e0d178b1d1e 4104 d = (d1 << 5) | (d0 >> 21);
wolfSSL 16:8e0d178b1d1e 4105 r = d / dv;
wolfSSL 16:8e0d178b1d1e 4106 d -= r * dv;
wolfSSL 16:8e0d178b1d1e 4107 /* Up to 17 bits in r */
wolfSSL 16:8e0d178b1d1e 4108 /* Next 9 bits from d0. */
wolfSSL 16:8e0d178b1d1e 4109 d <<= 9;
wolfSSL 16:8e0d178b1d1e 4110 r <<= 9;
wolfSSL 16:8e0d178b1d1e 4111 d |= (d0 >> 12) & ((1 << 9) - 1);
wolfSSL 16:8e0d178b1d1e 4112 t = d / dv;
wolfSSL 16:8e0d178b1d1e 4113 d -= t * dv;
wolfSSL 16:8e0d178b1d1e 4114 r += t;
wolfSSL 16:8e0d178b1d1e 4115 /* Up to 26 bits in r */
wolfSSL 16:8e0d178b1d1e 4116
wolfSSL 16:8e0d178b1d1e 4117 /* Handle rounding error with dv - top part */
wolfSSL 16:8e0d178b1d1e 4118 t0 = ((int64_t)d1 << 26) + d0;
wolfSSL 16:8e0d178b1d1e 4119 t1 = (int64_t)r * dv;
wolfSSL 16:8e0d178b1d1e 4120 t1 = t0 - t1;
wolfSSL 16:8e0d178b1d1e 4121 t = (sp_digit)(t1 >> 12) / dv;
wolfSSL 16:8e0d178b1d1e 4122 r += t;
wolfSSL 16:8e0d178b1d1e 4123
wolfSSL 16:8e0d178b1d1e 4124 /* Handle rounding error with dv - bottom 32 bits */
wolfSSL 16:8e0d178b1d1e 4125 t1 = (sp_digit)t0 - (r * dv);
wolfSSL 16:8e0d178b1d1e 4126 t = (sp_digit)t1 / dv;
wolfSSL 16:8e0d178b1d1e 4127 r += t;
wolfSSL 16:8e0d178b1d1e 4128
wolfSSL 16:8e0d178b1d1e 4129 return r;
wolfSSL 16:8e0d178b1d1e 4130 }
wolfSSL 16:8e0d178b1d1e 4131 #endif /* WOLFSSL_SP_DIV_32 */
wolfSSL 16:8e0d178b1d1e 4132
wolfSSL 16:8e0d178b1d1e 4133 /* Divide d in a and put remainder into r (m*d + r = a)
wolfSSL 16:8e0d178b1d1e 4134 * m is not calculated as it is not needed at this time.
wolfSSL 16:8e0d178b1d1e 4135 *
wolfSSL 16:8e0d178b1d1e 4136 * a Number to be divided.
wolfSSL 16:8e0d178b1d1e 4137 * d Number to divide with.
wolfSSL 16:8e0d178b1d1e 4138 * m Multiplier result.
wolfSSL 16:8e0d178b1d1e 4139 * r Remainder from the division.
wolfSSL 16:8e0d178b1d1e 4140 * returns MEMORY_E when unable to allocate memory and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4141 */
wolfSSL 16:8e0d178b1d1e 4142 static int sp_256_div_10(const sp_digit* a, const sp_digit* d, sp_digit* m,
wolfSSL 16:8e0d178b1d1e 4143 sp_digit* r)
wolfSSL 16:8e0d178b1d1e 4144 {
wolfSSL 16:8e0d178b1d1e 4145 int i;
wolfSSL 16:8e0d178b1d1e 4146 #ifndef WOLFSSL_SP_DIV_32
wolfSSL 16:8e0d178b1d1e 4147 int64_t d1;
wolfSSL 16:8e0d178b1d1e 4148 #endif
wolfSSL 16:8e0d178b1d1e 4149 sp_digit dv, r1;
wolfSSL 16:8e0d178b1d1e 4150 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4151 sp_digit* td;
wolfSSL 16:8e0d178b1d1e 4152 #else
wolfSSL 16:8e0d178b1d1e 4153 sp_digit t1d[20], t2d[10 + 1];
wolfSSL 16:8e0d178b1d1e 4154 #endif
wolfSSL 16:8e0d178b1d1e 4155 sp_digit* t1;
wolfSSL 16:8e0d178b1d1e 4156 sp_digit* t2;
wolfSSL 16:8e0d178b1d1e 4157 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 4158
wolfSSL 16:8e0d178b1d1e 4159 (void)m;
wolfSSL 16:8e0d178b1d1e 4160
wolfSSL 16:8e0d178b1d1e 4161 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4162 td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 10 + 1), NULL,
wolfSSL 16:8e0d178b1d1e 4163 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 4164 if (td == NULL) {
wolfSSL 16:8e0d178b1d1e 4165 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4166 }
wolfSSL 16:8e0d178b1d1e 4167 #endif
wolfSSL 16:8e0d178b1d1e 4168
wolfSSL 16:8e0d178b1d1e 4169 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4170 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4171 t1 = td;
wolfSSL 16:8e0d178b1d1e 4172 t2 = td + 2 * 10;
wolfSSL 16:8e0d178b1d1e 4173 #else
wolfSSL 16:8e0d178b1d1e 4174 t1 = t1d;
wolfSSL 16:8e0d178b1d1e 4175 t2 = t2d;
wolfSSL 16:8e0d178b1d1e 4176 #endif
wolfSSL 16:8e0d178b1d1e 4177
wolfSSL 16:8e0d178b1d1e 4178 dv = d[9];
wolfSSL 16:8e0d178b1d1e 4179 XMEMCPY(t1, a, sizeof(*t1) * 2U * 10U);
wolfSSL 16:8e0d178b1d1e 4180 for (i=9; i>=0; i--) {
wolfSSL 16:8e0d178b1d1e 4181 t1[10 + i] += t1[10 + i - 1] >> 26;
wolfSSL 16:8e0d178b1d1e 4182 t1[10 + i - 1] = Q6_R_and_RR(t1[10 + i - 1], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4183 #ifndef WOLFSSL_SP_DIV_32
wolfSSL 16:8e0d178b1d1e 4184 d1 = t1[10 + i];
wolfSSL 16:8e0d178b1d1e 4185 d1 <<= 26;
wolfSSL 16:8e0d178b1d1e 4186 d1 += t1[10 + i - 1];
wolfSSL 16:8e0d178b1d1e 4187 r1 = (sp_digit)(d1 / dv);
wolfSSL 16:8e0d178b1d1e 4188 #else
wolfSSL 16:8e0d178b1d1e 4189 r1 = sp_256_div_word_10(t1[10 + i], t1[10 + i - 1], dv);
wolfSSL 16:8e0d178b1d1e 4190 #endif
wolfSSL 16:8e0d178b1d1e 4191
wolfSSL 16:8e0d178b1d1e 4192 sp_256_mul_d_10(t2, d, r1);
wolfSSL 16:8e0d178b1d1e 4193 (void)sp_256_sub_10(&t1[i], &t1[i], t2);
wolfSSL 16:8e0d178b1d1e 4194 t1[10 + i] -= t2[10];
wolfSSL 16:8e0d178b1d1e 4195 t1[10 + i] += t1[10 + i - 1] >> 26;
wolfSSL 16:8e0d178b1d1e 4196 t1[10 + i - 1] = Q6_R_and_RR(t1[10 + i - 1], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4197 r1 = (((-t1[10 + i]) << 26) - t1[10 + i - 1]) / dv;
wolfSSL 16:8e0d178b1d1e 4198 r1++;
wolfSSL 16:8e0d178b1d1e 4199 sp_256_mul_d_10(t2, d, r1);
wolfSSL 16:8e0d178b1d1e 4200 (void)sp_256_add_10(&t1[i], &t1[i], t2);
wolfSSL 16:8e0d178b1d1e 4201 t1[10 + i] += t1[10 + i - 1] >> 26;
wolfSSL 16:8e0d178b1d1e 4202 t1[10 + i - 1] = Q6_R_and_RR(t1[10 + i - 1], 0x3ffffff);
wolfSSL 16:8e0d178b1d1e 4203 }
wolfSSL 16:8e0d178b1d1e 4204 t1[10 - 1] += t1[10 - 2] >> 26;
wolfSSL 16:8e0d178b1d1e 4205 t1[10 - 2] &= 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 4206 d1 = t1[10 - 1];
wolfSSL 16:8e0d178b1d1e 4207 r1 = (sp_digit)(d1 / dv);
wolfSSL 16:8e0d178b1d1e 4208
wolfSSL 16:8e0d178b1d1e 4209 sp_256_mul_d_10(t2, d, r1);
wolfSSL 16:8e0d178b1d1e 4210 (void)sp_256_sub_10(t1, t1, t2);
wolfSSL 16:8e0d178b1d1e 4211 XMEMCPY(r, t1, sizeof(*r) * 2U * 10U);
wolfSSL 16:8e0d178b1d1e 4212 for (i=0; i<8; i++) {
wolfSSL 16:8e0d178b1d1e 4213 r[i+1] += r[i] >> 26;
wolfSSL 16:8e0d178b1d1e 4214 r[i] &= 0x3ffffff;
wolfSSL 16:8e0d178b1d1e 4215 }
wolfSSL 16:8e0d178b1d1e 4216 sp_256_cond_add_10(r, r, d, 0 - ((r[9] < 0) ?
wolfSSL 16:8e0d178b1d1e 4217 (sp_digit)1 : (sp_digit)0));
wolfSSL 16:8e0d178b1d1e 4218 }
wolfSSL 16:8e0d178b1d1e 4219
wolfSSL 16:8e0d178b1d1e 4220 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4221 if (td != NULL) {
wolfSSL 16:8e0d178b1d1e 4222 XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 4223 }
wolfSSL 16:8e0d178b1d1e 4224 #endif
wolfSSL 16:8e0d178b1d1e 4225
wolfSSL 16:8e0d178b1d1e 4226 return err;
wolfSSL 16:8e0d178b1d1e 4227 }
wolfSSL 16:8e0d178b1d1e 4228
wolfSSL 16:8e0d178b1d1e 4229 /* Reduce a modulo m into r. (r = a mod m)
wolfSSL 16:8e0d178b1d1e 4230 *
wolfSSL 16:8e0d178b1d1e 4231 * r A single precision number that is the reduced result.
wolfSSL 16:8e0d178b1d1e 4232 * a A single precision number that is to be reduced.
wolfSSL 16:8e0d178b1d1e 4233 * m A single precision number that is the modulus to reduce with.
wolfSSL 16:8e0d178b1d1e 4234 * returns MEMORY_E when unable to allocate memory and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4235 */
wolfSSL 16:8e0d178b1d1e 4236 static int sp_256_mod_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
wolfSSL 16:8e0d178b1d1e 4237 {
wolfSSL 16:8e0d178b1d1e 4238 return sp_256_div_10(a, m, NULL, r);
wolfSSL 16:8e0d178b1d1e 4239 }
wolfSSL 16:8e0d178b1d1e 4240
wolfSSL 16:8e0d178b1d1e 4241 #endif
wolfSSL 16:8e0d178b1d1e 4242 #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
wolfSSL 16:8e0d178b1d1e 4243 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 4244 /* Order-2 for the P256 curve. */
wolfSSL 16:8e0d178b1d1e 4245 static const uint32_t p256_order_2[8] = {
wolfSSL 16:8e0d178b1d1e 4246 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU,
wolfSSL 16:8e0d178b1d1e 4247 0x00000000U,0xffffffffU
wolfSSL 16:8e0d178b1d1e 4248 };
wolfSSL 16:8e0d178b1d1e 4249 #else
wolfSSL 16:8e0d178b1d1e 4250 /* The low half of the order-2 of the P256 curve. */
wolfSSL 16:8e0d178b1d1e 4251 static const uint32_t p256_order_low[4] = {
wolfSSL 16:8e0d178b1d1e 4252 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU
wolfSSL 16:8e0d178b1d1e 4253 };
wolfSSL 16:8e0d178b1d1e 4254 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 4255
wolfSSL 16:8e0d178b1d1e 4256 /* Multiply two number mod the order of P256 curve. (r = a * b mod order)
wolfSSL 16:8e0d178b1d1e 4257 *
wolfSSL 16:8e0d178b1d1e 4258 * r Result of the multiplication.
wolfSSL 16:8e0d178b1d1e 4259 * a First operand of the multiplication.
wolfSSL 16:8e0d178b1d1e 4260 * b Second operand of the multiplication.
wolfSSL 16:8e0d178b1d1e 4261 */
wolfSSL 16:8e0d178b1d1e 4262 static void sp_256_mont_mul_order_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
wolfSSL 16:8e0d178b1d1e 4263 {
wolfSSL 16:8e0d178b1d1e 4264 sp_256_mul_10(r, a, b);
wolfSSL 16:8e0d178b1d1e 4265 sp_256_mont_reduce_order_10(r, p256_order, p256_mp_order);
wolfSSL 16:8e0d178b1d1e 4266 }
wolfSSL 16:8e0d178b1d1e 4267
wolfSSL 16:8e0d178b1d1e 4268 /* Square number mod the order of P256 curve. (r = a * a mod order)
wolfSSL 16:8e0d178b1d1e 4269 *
wolfSSL 16:8e0d178b1d1e 4270 * r Result of the squaring.
wolfSSL 16:8e0d178b1d1e 4271 * a Number to square.
wolfSSL 16:8e0d178b1d1e 4272 */
wolfSSL 16:8e0d178b1d1e 4273 static void sp_256_mont_sqr_order_10(sp_digit* r, const sp_digit* a)
wolfSSL 16:8e0d178b1d1e 4274 {
wolfSSL 16:8e0d178b1d1e 4275 sp_256_sqr_10(r, a);
wolfSSL 16:8e0d178b1d1e 4276 sp_256_mont_reduce_order_10(r, p256_order, p256_mp_order);
wolfSSL 16:8e0d178b1d1e 4277 }
wolfSSL 16:8e0d178b1d1e 4278
wolfSSL 16:8e0d178b1d1e 4279 #ifndef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 4280 /* Square number mod the order of P256 curve a number of times.
wolfSSL 16:8e0d178b1d1e 4281 * (r = a ^ n mod order)
wolfSSL 16:8e0d178b1d1e 4282 *
wolfSSL 16:8e0d178b1d1e 4283 * r Result of the squaring.
wolfSSL 16:8e0d178b1d1e 4284 * a Number to square.
wolfSSL 16:8e0d178b1d1e 4285 */
wolfSSL 16:8e0d178b1d1e 4286 static void sp_256_mont_sqr_n_order_10(sp_digit* r, const sp_digit* a, int n)
wolfSSL 16:8e0d178b1d1e 4287 {
wolfSSL 16:8e0d178b1d1e 4288 int i;
wolfSSL 16:8e0d178b1d1e 4289
wolfSSL 16:8e0d178b1d1e 4290 sp_256_mont_sqr_order_10(r, a);
wolfSSL 16:8e0d178b1d1e 4291 for (i=1; i<n; i++) {
wolfSSL 16:8e0d178b1d1e 4292 sp_256_mont_sqr_order_10(r, r);
wolfSSL 16:8e0d178b1d1e 4293 }
wolfSSL 16:8e0d178b1d1e 4294 }
wolfSSL 16:8e0d178b1d1e 4295 #endif /* !WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 4296
wolfSSL 16:8e0d178b1d1e 4297 /* Invert the number, in Montgomery form, modulo the order of the P256 curve.
wolfSSL 16:8e0d178b1d1e 4298 * (r = 1 / a mod order)
wolfSSL 16:8e0d178b1d1e 4299 *
wolfSSL 16:8e0d178b1d1e 4300 * r Inverse result.
wolfSSL 16:8e0d178b1d1e 4301 * a Number to invert.
wolfSSL 16:8e0d178b1d1e 4302 * td Temporary data.
wolfSSL 16:8e0d178b1d1e 4303 */
wolfSSL 16:8e0d178b1d1e 4304 static void sp_256_mont_inv_order_10(sp_digit* r, const sp_digit* a,
wolfSSL 16:8e0d178b1d1e 4305 sp_digit* td)
wolfSSL 16:8e0d178b1d1e 4306 {
wolfSSL 16:8e0d178b1d1e 4307 #ifdef WOLFSSL_SP_SMALL
wolfSSL 16:8e0d178b1d1e 4308 sp_digit* t = td;
wolfSSL 16:8e0d178b1d1e 4309 int i;
wolfSSL 16:8e0d178b1d1e 4310
wolfSSL 16:8e0d178b1d1e 4311 XMEMCPY(t, a, sizeof(sp_digit) * 10);
wolfSSL 16:8e0d178b1d1e 4312 for (i=254; i>=0; i--) {
wolfSSL 16:8e0d178b1d1e 4313 sp_256_mont_sqr_order_10(t, t);
wolfSSL 16:8e0d178b1d1e 4314 if ((p256_order_2[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
wolfSSL 16:8e0d178b1d1e 4315 sp_256_mont_mul_order_10(t, t, a);
wolfSSL 16:8e0d178b1d1e 4316 }
wolfSSL 16:8e0d178b1d1e 4317 }
wolfSSL 16:8e0d178b1d1e 4318 XMEMCPY(r, t, sizeof(sp_digit) * 10U);
wolfSSL 16:8e0d178b1d1e 4319 #else
wolfSSL 16:8e0d178b1d1e 4320 sp_digit* t = td;
wolfSSL 16:8e0d178b1d1e 4321 sp_digit* t2 = td + 2 * 10;
wolfSSL 16:8e0d178b1d1e 4322 sp_digit* t3 = td + 4 * 10;
wolfSSL 16:8e0d178b1d1e 4323 int i;
wolfSSL 16:8e0d178b1d1e 4324
wolfSSL 16:8e0d178b1d1e 4325
wolfSSL 16:8e0d178b1d1e 4326 /* t = a^2 */
wolfSSL 16:8e0d178b1d1e 4327 sp_256_mont_sqr_order_10(t, a);
wolfSSL 16:8e0d178b1d1e 4328 /* t = a^3 = t * a */
wolfSSL 16:8e0d178b1d1e 4329 sp_256_mont_mul_order_10(t, t, a);
wolfSSL 16:8e0d178b1d1e 4330 /* t2= a^c = t ^ 2 ^ 2 */
wolfSSL 16:8e0d178b1d1e 4331 sp_256_mont_sqr_n_order_10(t2, t, 2);
wolfSSL 16:8e0d178b1d1e 4332 /* t3= a^f = t2 * t */
wolfSSL 16:8e0d178b1d1e 4333 sp_256_mont_mul_order_10(t3, t2, t);
wolfSSL 16:8e0d178b1d1e 4334 /* t2= a^f0 = t3 ^ 2 ^ 4 */
wolfSSL 16:8e0d178b1d1e 4335 sp_256_mont_sqr_n_order_10(t2, t3, 4);
wolfSSL 16:8e0d178b1d1e 4336 /* t = a^ff = t2 * t3 */
wolfSSL 16:8e0d178b1d1e 4337 sp_256_mont_mul_order_10(t, t2, t3);
wolfSSL 16:8e0d178b1d1e 4338 /* t3= a^ff00 = t ^ 2 ^ 8 */
wolfSSL 16:8e0d178b1d1e 4339 sp_256_mont_sqr_n_order_10(t2, t, 8);
wolfSSL 16:8e0d178b1d1e 4340 /* t = a^ffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 4341 sp_256_mont_mul_order_10(t, t2, t);
wolfSSL 16:8e0d178b1d1e 4342 /* t2= a^ffff0000 = t ^ 2 ^ 16 */
wolfSSL 16:8e0d178b1d1e 4343 sp_256_mont_sqr_n_order_10(t2, t, 16);
wolfSSL 16:8e0d178b1d1e 4344 /* t = a^ffffffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 4345 sp_256_mont_mul_order_10(t, t2, t);
wolfSSL 16:8e0d178b1d1e 4346 /* t2= a^ffffffff0000000000000000 = t ^ 2 ^ 64 */
wolfSSL 16:8e0d178b1d1e 4347 sp_256_mont_sqr_n_order_10(t2, t, 64);
wolfSSL 16:8e0d178b1d1e 4348 /* t2= a^ffffffff00000000ffffffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 4349 sp_256_mont_mul_order_10(t2, t2, t);
wolfSSL 16:8e0d178b1d1e 4350 /* t2= a^ffffffff00000000ffffffff00000000 = t2 ^ 2 ^ 32 */
wolfSSL 16:8e0d178b1d1e 4351 sp_256_mont_sqr_n_order_10(t2, t2, 32);
wolfSSL 16:8e0d178b1d1e 4352 /* t2= a^ffffffff00000000ffffffffffffffff = t2 * t */
wolfSSL 16:8e0d178b1d1e 4353 sp_256_mont_mul_order_10(t2, t2, t);
wolfSSL 16:8e0d178b1d1e 4354 /* t2= a^ffffffff00000000ffffffffffffffffbce6 */
wolfSSL 16:8e0d178b1d1e 4355
wolfSSL 16:8e0d178b1d1e 4356 for (i=127; i>=112; i--) {
wolfSSL 16:8e0d178b1d1e 4357 sp_256_mont_sqr_order_10(t2, t2);
wolfSSL 16:8e0d178b1d1e 4358 if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
wolfSSL 16:8e0d178b1d1e 4359 sp_256_mont_mul_order_10(t2, t2, a);
wolfSSL 16:8e0d178b1d1e 4360 }
wolfSSL 16:8e0d178b1d1e 4361 }
wolfSSL 16:8e0d178b1d1e 4362 /* t2= a^ffffffff00000000ffffffffffffffffbce6f */
wolfSSL 16:8e0d178b1d1e 4363 sp_256_mont_sqr_n_order_10(t2, t2, 4);
wolfSSL 16:8e0d178b1d1e 4364 sp_256_mont_mul_order_10(t2, t2, t3);
wolfSSL 16:8e0d178b1d1e 4365 /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84 */
wolfSSL 16:8e0d178b1d1e 4366 for (i=107; i>=64; i--) {
wolfSSL 16:8e0d178b1d1e 4367 sp_256_mont_sqr_order_10(t2, t2);
wolfSSL 16:8e0d178b1d1e 4368 if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
wolfSSL 16:8e0d178b1d1e 4369 sp_256_mont_mul_order_10(t2, t2, a);
wolfSSL 16:8e0d178b1d1e 4370 }
wolfSSL 16:8e0d178b1d1e 4371 }
wolfSSL 16:8e0d178b1d1e 4372 /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f */
wolfSSL 16:8e0d178b1d1e 4373 sp_256_mont_sqr_n_order_10(t2, t2, 4);
wolfSSL 16:8e0d178b1d1e 4374 sp_256_mont_mul_order_10(t2, t2, t3);
wolfSSL 16:8e0d178b1d1e 4375 /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2 */
wolfSSL 16:8e0d178b1d1e 4376 for (i=59; i>=32; i--) {
wolfSSL 16:8e0d178b1d1e 4377 sp_256_mont_sqr_order_10(t2, t2);
wolfSSL 16:8e0d178b1d1e 4378 if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
wolfSSL 16:8e0d178b1d1e 4379 sp_256_mont_mul_order_10(t2, t2, a);
wolfSSL 16:8e0d178b1d1e 4380 }
wolfSSL 16:8e0d178b1d1e 4381 }
wolfSSL 16:8e0d178b1d1e 4382 /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2f */
wolfSSL 16:8e0d178b1d1e 4383 sp_256_mont_sqr_n_order_10(t2, t2, 4);
wolfSSL 16:8e0d178b1d1e 4384 sp_256_mont_mul_order_10(t2, t2, t3);
wolfSSL 16:8e0d178b1d1e 4385 /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254 */
wolfSSL 16:8e0d178b1d1e 4386 for (i=27; i>=0; i--) {
wolfSSL 16:8e0d178b1d1e 4387 sp_256_mont_sqr_order_10(t2, t2);
wolfSSL 16:8e0d178b1d1e 4388 if (((sp_digit)p256_order_low[i / 32] & ((sp_int_digit)1 << (i % 32))) != 0) {
wolfSSL 16:8e0d178b1d1e 4389 sp_256_mont_mul_order_10(t2, t2, a);
wolfSSL 16:8e0d178b1d1e 4390 }
wolfSSL 16:8e0d178b1d1e 4391 }
wolfSSL 16:8e0d178b1d1e 4392 /* t2= a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632540 */
wolfSSL 16:8e0d178b1d1e 4393 sp_256_mont_sqr_n_order_10(t2, t2, 4);
wolfSSL 16:8e0d178b1d1e 4394 /* r = a^ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f */
wolfSSL 16:8e0d178b1d1e 4395 sp_256_mont_mul_order_10(r, t2, t3);
wolfSSL 16:8e0d178b1d1e 4396 #endif /* WOLFSSL_SP_SMALL */
wolfSSL 16:8e0d178b1d1e 4397 }
wolfSSL 16:8e0d178b1d1e 4398
wolfSSL 16:8e0d178b1d1e 4399 #endif /* HAVE_ECC_SIGN || HAVE_ECC_VERIFY */
wolfSSL 16:8e0d178b1d1e 4400
wolfSSL 16:8e0d178b1d1e 4401 #ifdef HAVE_ECC_VERIFY
wolfSSL 16:8e0d178b1d1e 4402
wolfSSL 16:8e0d178b1d1e 4403
wolfSSL 16:8e0d178b1d1e 4404 /* Verify the signature values with the hash and public key.
wolfSSL 16:8e0d178b1d1e 4405 * e = Truncate(hash, 256)
wolfSSL 16:8e0d178b1d1e 4406 * u1 = e/s mod order
wolfSSL 16:8e0d178b1d1e 4407 * u2 = r/s mod order
wolfSSL 16:8e0d178b1d1e 4408 * r == (u1.G + u2.Q)->x mod order
wolfSSL 16:8e0d178b1d1e 4409 * Optimization: Leave point in projective form.
wolfSSL 16:8e0d178b1d1e 4410 * (x, y, 1) == (x' / z'*z', y' / z'*z'*z', z' / z')
wolfSSL 16:8e0d178b1d1e 4411 * (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x'
wolfSSL 16:8e0d178b1d1e 4412 * The hash is truncated to the first 256 bits.
wolfSSL 16:8e0d178b1d1e 4413 *
wolfSSL 16:8e0d178b1d1e 4414 * hash Hash to sign.
wolfSSL 16:8e0d178b1d1e 4415 * hashLen Length of the hash data.
wolfSSL 16:8e0d178b1d1e 4416 * rng Random number generator.
wolfSSL 16:8e0d178b1d1e 4417 * priv Private part of key - scalar.
wolfSSL 16:8e0d178b1d1e 4418 * rm First part of result as an mp_int.
wolfSSL 16:8e0d178b1d1e 4419 * sm Sirst part of result as an mp_int.
wolfSSL 16:8e0d178b1d1e 4420 * heap Heap to use for allocation.
wolfSSL 16:8e0d178b1d1e 4421 * returns RNG failures, MEMORY_E when memory allocation fails and
wolfSSL 16:8e0d178b1d1e 4422 * MP_OKAY on success.
wolfSSL 16:8e0d178b1d1e 4423 */
wolfSSL 16:8e0d178b1d1e 4424 int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32* r, int rSz, int32* s, int sSz,
wolfSSL 16:8e0d178b1d1e 4425 int32* x, int xSz, int32* y, int ySz, int32* z, int zSz, int* res)
wolfSSL 16:8e0d178b1d1e 4426 {
wolfSSL 16:8e0d178b1d1e 4427 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4428 sp_digit* d = NULL;
wolfSSL 16:8e0d178b1d1e 4429 #else
wolfSSL 16:8e0d178b1d1e 4430 sp_digit u2d[2*10] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 4431 sp_digit tmpd[2*10 * 5] __attribute__((aligned(128)));
wolfSSL 16:8e0d178b1d1e 4432 sp_point p1d;
wolfSSL 16:8e0d178b1d1e 4433 sp_point p2d;
wolfSSL 16:8e0d178b1d1e 4434 #endif
wolfSSL 16:8e0d178b1d1e 4435 sp_digit* u2 = NULL;
wolfSSL 16:8e0d178b1d1e 4436 sp_digit* tmp = NULL;
wolfSSL 16:8e0d178b1d1e 4437 sp_point* p1;
wolfSSL 16:8e0d178b1d1e 4438 sp_point* p2 = NULL;
wolfSSL 16:8e0d178b1d1e 4439 sp_digit carry;
wolfSSL 16:8e0d178b1d1e 4440 int32_t c;
wolfSSL 16:8e0d178b1d1e 4441 int err;
wolfSSL 16:8e0d178b1d1e 4442 void* heap = NULL;
wolfSSL 16:8e0d178b1d1e 4443
wolfSSL 16:8e0d178b1d1e 4444 (void)h;
wolfSSL 16:8e0d178b1d1e 4445 (void)hashLen;
wolfSSL 16:8e0d178b1d1e 4446
wolfSSL 16:8e0d178b1d1e 4447 err = sp_ecc_point_new(heap, p1d, p1);
wolfSSL 16:8e0d178b1d1e 4448 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4449 err = sp_ecc_point_new(heap, p2d, p2);
wolfSSL 16:8e0d178b1d1e 4450 }
wolfSSL 16:8e0d178b1d1e 4451
wolfSSL 16:8e0d178b1d1e 4452 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4453 u2 = u2d;
wolfSSL 16:8e0d178b1d1e 4454 tmp = tmpd;
wolfSSL 16:8e0d178b1d1e 4455
wolfSSL 16:8e0d178b1d1e 4456 XMEMCPY(u2, r, 40);
wolfSSL 16:8e0d178b1d1e 4457 XMEMCPY(p2->x, x, 40);
wolfSSL 16:8e0d178b1d1e 4458 XMEMCPY(p2->y, y, 40);
wolfSSL 16:8e0d178b1d1e 4459 XMEMCPY(p2->z, z, 40);
wolfSSL 16:8e0d178b1d1e 4460
wolfSSL 16:8e0d178b1d1e 4461 sp_256_mul_10(s, s, p256_norm_order);
wolfSSL 16:8e0d178b1d1e 4462 err = sp_256_mod_10(s, s, p256_order);
wolfSSL 16:8e0d178b1d1e 4463 }
wolfSSL 16:8e0d178b1d1e 4464 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4465 sp_256_norm_10(s);
wolfSSL 16:8e0d178b1d1e 4466 {
wolfSSL 16:8e0d178b1d1e 4467
wolfSSL 16:8e0d178b1d1e 4468 sp_256_mont_inv_order_10(s, s, tmp);
wolfSSL 16:8e0d178b1d1e 4469 sp_256_mont_mul_order_10(u1, u1, s);
wolfSSL 16:8e0d178b1d1e 4470 sp_256_mont_mul_order_10(u2, u2, s);
wolfSSL 16:8e0d178b1d1e 4471 }
wolfSSL 16:8e0d178b1d1e 4472
wolfSSL 16:8e0d178b1d1e 4473 err = sp_256_ecc_mulmod_base_10(p1, u1, 0, heap);
wolfSSL 16:8e0d178b1d1e 4474 }
wolfSSL 16:8e0d178b1d1e 4475 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4476 err = sp_256_ecc_mulmod_10(p2, p2, u2, 0, heap);
wolfSSL 16:8e0d178b1d1e 4477 }
wolfSSL 16:8e0d178b1d1e 4478
wolfSSL 16:8e0d178b1d1e 4479 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4480 sp_256_proj_point_add_10(p1, p1, p2, tmp);
wolfSSL 16:8e0d178b1d1e 4481
wolfSSL 16:8e0d178b1d1e 4482 /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
wolfSSL 16:8e0d178b1d1e 4483 /* Reload r and convert to Montgomery form. */
wolfSSL 16:8e0d178b1d1e 4484 XMEMCPY(u2, r, 40);
wolfSSL 16:8e0d178b1d1e 4485 err = sp_256_mod_mul_norm_10(u2, u2, p256_mod);
wolfSSL 16:8e0d178b1d1e 4486 }
wolfSSL 16:8e0d178b1d1e 4487
wolfSSL 16:8e0d178b1d1e 4488 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4489 /* u1 = r.z'.z' mod prime */
wolfSSL 16:8e0d178b1d1e 4490 sp_256_mont_sqr_10(p1->z, p1->z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4491 sp_256_mont_mul_10(u1, u2, p1->z, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4492 *res = (int)(sp_256_cmp_10(p1->x, u1) == 0);
wolfSSL 16:8e0d178b1d1e 4493 if (*res == 0) {
wolfSSL 16:8e0d178b1d1e 4494 /* Reload r and add order. */
wolfSSL 16:8e0d178b1d1e 4495 XMEMCPY(u2, r, 40);
wolfSSL 16:8e0d178b1d1e 4496 carry = sp_256_add_10(u2, u2, p256_order);
wolfSSL 16:8e0d178b1d1e 4497 /* Carry means result is greater than mod and is not valid. */
wolfSSL 16:8e0d178b1d1e 4498 if (carry == 0) {
wolfSSL 16:8e0d178b1d1e 4499 sp_256_norm_10(u2);
wolfSSL 16:8e0d178b1d1e 4500
wolfSSL 16:8e0d178b1d1e 4501 /* Compare with mod and if greater or equal then not valid. */
wolfSSL 16:8e0d178b1d1e 4502 c = sp_256_cmp_10(u2, p256_mod);
wolfSSL 16:8e0d178b1d1e 4503 if (c < 0) {
wolfSSL 16:8e0d178b1d1e 4504 /* Convert to Montogomery form */
wolfSSL 16:8e0d178b1d1e 4505 err = sp_256_mod_mul_norm_10(u2, u2, p256_mod);
wolfSSL 16:8e0d178b1d1e 4506 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4507 /* u1 = (r + 1*order).z'.z' mod prime */
wolfSSL 16:8e0d178b1d1e 4508 sp_256_mont_mul_10(u1, u2, p1->z, p256_mod,
wolfSSL 16:8e0d178b1d1e 4509 p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4510 *res = (int)(sp_256_cmp_10(p1->x, u2) == 0);
wolfSSL 16:8e0d178b1d1e 4511 }
wolfSSL 16:8e0d178b1d1e 4512 }
wolfSSL 16:8e0d178b1d1e 4513 }
wolfSSL 16:8e0d178b1d1e 4514 }
wolfSSL 16:8e0d178b1d1e 4515 }
wolfSSL 16:8e0d178b1d1e 4516
wolfSSL 16:8e0d178b1d1e 4517 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4518 if (d != NULL)
wolfSSL 16:8e0d178b1d1e 4519 XFREE(d, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4520 #endif
wolfSSL 16:8e0d178b1d1e 4521 sp_ecc_point_free(p1, 0, heap);
wolfSSL 16:8e0d178b1d1e 4522 sp_ecc_point_free(p2, 0, heap);
wolfSSL 16:8e0d178b1d1e 4523
wolfSSL 16:8e0d178b1d1e 4524 return err;
wolfSSL 16:8e0d178b1d1e 4525 }
wolfSSL 16:8e0d178b1d1e 4526
wolfSSL 16:8e0d178b1d1e 4527 /** Free the Fixed Point cache */
wolfSSL 16:8e0d178b1d1e 4528 void wc_ecc_fp_free(void)
wolfSSL 16:8e0d178b1d1e 4529 {
wolfSSL 16:8e0d178b1d1e 4530 }
wolfSSL 16:8e0d178b1d1e 4531
wolfSSL 16:8e0d178b1d1e 4532
wolfSSL 16:8e0d178b1d1e 4533 AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle)
wolfSSL 16:8e0d178b1d1e 4534 {
wolfSSL 16:8e0d178b1d1e 4535 void *tptr;
wolfSSL 16:8e0d178b1d1e 4536 /* can be any value or ignored, rpc layer doesn't care
wolfSSL 16:8e0d178b1d1e 4537 * also ok
wolfSSL 16:8e0d178b1d1e 4538 * *handle = 0;
wolfSSL 16:8e0d178b1d1e 4539 * *handle = 0xdeadc0de;
wolfSSL 16:8e0d178b1d1e 4540 */
wolfSSL 16:8e0d178b1d1e 4541 tptr = (void *)malloc(1);
wolfSSL 16:8e0d178b1d1e 4542 *handle = (remote_handle64)tptr;
wolfSSL 16:8e0d178b1d1e 4543 return 0;
wolfSSL 16:8e0d178b1d1e 4544 }
wolfSSL 16:8e0d178b1d1e 4545
wolfSSL 16:8e0d178b1d1e 4546 AEEResult wolfSSL_close(remote_handle64 handle)
wolfSSL 16:8e0d178b1d1e 4547 {
wolfSSL 16:8e0d178b1d1e 4548 if (handle)
wolfSSL 16:8e0d178b1d1e 4549 free((void*)handle);
wolfSSL 16:8e0d178b1d1e 4550 return 0;
wolfSSL 16:8e0d178b1d1e 4551 }
wolfSSL 16:8e0d178b1d1e 4552 #endif /* HAVE_ECC_VERIFY */
wolfSSL 16:8e0d178b1d1e 4553
wolfSSL 16:8e0d178b1d1e 4554 #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
wolfSSL 16:8e0d178b1d1e 4555 /* Add two projective EC points together.
wolfSSL 16:8e0d178b1d1e 4556 * (pX, pY, pZ) + (qX, qY, qZ) = (rX, rY, rZ)
wolfSSL 16:8e0d178b1d1e 4557 *
wolfSSL 16:8e0d178b1d1e 4558 * pX First EC point's X ordinate.
wolfSSL 16:8e0d178b1d1e 4559 * pY First EC point's Y ordinate.
wolfSSL 16:8e0d178b1d1e 4560 * pZ First EC point's Z ordinate.
wolfSSL 16:8e0d178b1d1e 4561 * qX Second EC point's X ordinate.
wolfSSL 16:8e0d178b1d1e 4562 * qY Second EC point's Y ordinate.
wolfSSL 16:8e0d178b1d1e 4563 * qZ Second EC point's Z ordinate.
wolfSSL 16:8e0d178b1d1e 4564 * rX Resultant EC point's X ordinate.
wolfSSL 16:8e0d178b1d1e 4565 * rY Resultant EC point's Y ordinate.
wolfSSL 16:8e0d178b1d1e 4566 * rZ Resultant EC point's Z ordinate.
wolfSSL 16:8e0d178b1d1e 4567 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4568 */
wolfSSL 16:8e0d178b1d1e 4569 int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
wolfSSL 16:8e0d178b1d1e 4570 mp_int* qX, mp_int* qY, mp_int* qZ,
wolfSSL 16:8e0d178b1d1e 4571 mp_int* rX, mp_int* rY, mp_int* rZ)
wolfSSL 16:8e0d178b1d1e 4572 {
wolfSSL 16:8e0d178b1d1e 4573 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4574 sp_digit tmpd[2 * 10 * 5];
wolfSSL 16:8e0d178b1d1e 4575 sp_point pd;
wolfSSL 16:8e0d178b1d1e 4576 sp_point qd;
wolfSSL 16:8e0d178b1d1e 4577 #endif
wolfSSL 16:8e0d178b1d1e 4578 sp_digit* tmp;
wolfSSL 16:8e0d178b1d1e 4579 sp_point* p;
wolfSSL 16:8e0d178b1d1e 4580 sp_point* q = NULL;
wolfSSL 16:8e0d178b1d1e 4581 int err;
wolfSSL 16:8e0d178b1d1e 4582
wolfSSL 16:8e0d178b1d1e 4583 err = sp_ecc_point_new(NULL, pd, p);
wolfSSL 16:8e0d178b1d1e 4584 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4585 err = sp_ecc_point_new(NULL, qd, q);
wolfSSL 16:8e0d178b1d1e 4586 }
wolfSSL 16:8e0d178b1d1e 4587 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4588 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4589 tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, NULL,
wolfSSL 16:8e0d178b1d1e 4590 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4591 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 4592 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4593 }
wolfSSL 16:8e0d178b1d1e 4594 }
wolfSSL 16:8e0d178b1d1e 4595 #else
wolfSSL 16:8e0d178b1d1e 4596 tmp = tmpd;
wolfSSL 16:8e0d178b1d1e 4597 #endif
wolfSSL 16:8e0d178b1d1e 4598
wolfSSL 16:8e0d178b1d1e 4599 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4600 sp_256_from_mp(p->x, 10, pX);
wolfSSL 16:8e0d178b1d1e 4601 sp_256_from_mp(p->y, 10, pY);
wolfSSL 16:8e0d178b1d1e 4602 sp_256_from_mp(p->z, 10, pZ);
wolfSSL 16:8e0d178b1d1e 4603 sp_256_from_mp(q->x, 10, qX);
wolfSSL 16:8e0d178b1d1e 4604 sp_256_from_mp(q->y, 10, qY);
wolfSSL 16:8e0d178b1d1e 4605 sp_256_from_mp(q->z, 10, qZ);
wolfSSL 16:8e0d178b1d1e 4606
wolfSSL 16:8e0d178b1d1e 4607 sp_256_proj_point_add_10(p, p, q, tmp);
wolfSSL 16:8e0d178b1d1e 4608 }
wolfSSL 16:8e0d178b1d1e 4609
wolfSSL 16:8e0d178b1d1e 4610 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4611 err = sp_256_to_mp(p->x, rX);
wolfSSL 16:8e0d178b1d1e 4612 }
wolfSSL 16:8e0d178b1d1e 4613 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4614 err = sp_256_to_mp(p->y, rY);
wolfSSL 16:8e0d178b1d1e 4615 }
wolfSSL 16:8e0d178b1d1e 4616 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4617 err = sp_256_to_mp(p->z, rZ);
wolfSSL 16:8e0d178b1d1e 4618 }
wolfSSL 16:8e0d178b1d1e 4619
wolfSSL 16:8e0d178b1d1e 4620 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4621 if (tmp != NULL) {
wolfSSL 16:8e0d178b1d1e 4622 XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4623 }
wolfSSL 16:8e0d178b1d1e 4624 #endif
wolfSSL 16:8e0d178b1d1e 4625 sp_ecc_point_free(q, 0, NULL);
wolfSSL 16:8e0d178b1d1e 4626 sp_ecc_point_free(p, 0, NULL);
wolfSSL 16:8e0d178b1d1e 4627
wolfSSL 16:8e0d178b1d1e 4628 return err;
wolfSSL 16:8e0d178b1d1e 4629 }
wolfSSL 16:8e0d178b1d1e 4630
wolfSSL 16:8e0d178b1d1e 4631
wolfSSL 16:8e0d178b1d1e 4632 /* Double a projective EC point.
wolfSSL 16:8e0d178b1d1e 4633 * (pX, pY, pZ) + (pX, pY, pZ) = (rX, rY, rZ)
wolfSSL 16:8e0d178b1d1e 4634 *
wolfSSL 16:8e0d178b1d1e 4635 * pX EC point's X ordinate.
wolfSSL 16:8e0d178b1d1e 4636 * pY EC point's Y ordinate.
wolfSSL 16:8e0d178b1d1e 4637 * pZ EC point's Z ordinate.
wolfSSL 16:8e0d178b1d1e 4638 * rX Resultant EC point's X ordinate.
wolfSSL 16:8e0d178b1d1e 4639 * rY Resultant EC point's Y ordinate.
wolfSSL 16:8e0d178b1d1e 4640 * rZ Resultant EC point's Z ordinate.
wolfSSL 16:8e0d178b1d1e 4641 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4642 */
wolfSSL 16:8e0d178b1d1e 4643 int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
wolfSSL 16:8e0d178b1d1e 4644 mp_int* rX, mp_int* rY, mp_int* rZ)
wolfSSL 16:8e0d178b1d1e 4645 {
wolfSSL 16:8e0d178b1d1e 4646 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4647 sp_digit tmpd[2 * 10 * 2];
wolfSSL 16:8e0d178b1d1e 4648 sp_point pd;
wolfSSL 16:8e0d178b1d1e 4649 #endif
wolfSSL 16:8e0d178b1d1e 4650 sp_digit* tmp;
wolfSSL 16:8e0d178b1d1e 4651 sp_point* p;
wolfSSL 16:8e0d178b1d1e 4652 int err;
wolfSSL 16:8e0d178b1d1e 4653
wolfSSL 16:8e0d178b1d1e 4654 err = sp_ecc_point_new(NULL, pd, p);
wolfSSL 16:8e0d178b1d1e 4655 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4656 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4657 tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 2, NULL,
wolfSSL 16:8e0d178b1d1e 4658 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4659 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 4660 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4661 }
wolfSSL 16:8e0d178b1d1e 4662 }
wolfSSL 16:8e0d178b1d1e 4663 #else
wolfSSL 16:8e0d178b1d1e 4664 tmp = tmpd;
wolfSSL 16:8e0d178b1d1e 4665 #endif
wolfSSL 16:8e0d178b1d1e 4666
wolfSSL 16:8e0d178b1d1e 4667 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4668 sp_256_from_mp(p->x, 10, pX);
wolfSSL 16:8e0d178b1d1e 4669 sp_256_from_mp(p->y, 10, pY);
wolfSSL 16:8e0d178b1d1e 4670 sp_256_from_mp(p->z, 10, pZ);
wolfSSL 16:8e0d178b1d1e 4671
wolfSSL 16:8e0d178b1d1e 4672 sp_256_proj_point_dbl_10(p, p, tmp);
wolfSSL 16:8e0d178b1d1e 4673 }
wolfSSL 16:8e0d178b1d1e 4674
wolfSSL 16:8e0d178b1d1e 4675 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4676 err = sp_256_to_mp(p->x, rX);
wolfSSL 16:8e0d178b1d1e 4677 }
wolfSSL 16:8e0d178b1d1e 4678 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4679 err = sp_256_to_mp(p->y, rY);
wolfSSL 16:8e0d178b1d1e 4680 }
wolfSSL 16:8e0d178b1d1e 4681 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4682 err = sp_256_to_mp(p->z, rZ);
wolfSSL 16:8e0d178b1d1e 4683 }
wolfSSL 16:8e0d178b1d1e 4684
wolfSSL 16:8e0d178b1d1e 4685 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4686 if (tmp != NULL) {
wolfSSL 16:8e0d178b1d1e 4687 XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4688 }
wolfSSL 16:8e0d178b1d1e 4689 #endif
wolfSSL 16:8e0d178b1d1e 4690 sp_ecc_point_free(p, 0, NULL);
wolfSSL 16:8e0d178b1d1e 4691
wolfSSL 16:8e0d178b1d1e 4692 return err;
wolfSSL 16:8e0d178b1d1e 4693 }
wolfSSL 16:8e0d178b1d1e 4694
wolfSSL 16:8e0d178b1d1e 4695 /* Map a projective EC point to affine in place.
wolfSSL 16:8e0d178b1d1e 4696 * pZ will be one.
wolfSSL 16:8e0d178b1d1e 4697 *
wolfSSL 16:8e0d178b1d1e 4698 * pX EC point's X ordinate.
wolfSSL 16:8e0d178b1d1e 4699 * pY EC point's Y ordinate.
wolfSSL 16:8e0d178b1d1e 4700 * pZ EC point's Z ordinate.
wolfSSL 16:8e0d178b1d1e 4701 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4702 */
wolfSSL 16:8e0d178b1d1e 4703 int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
wolfSSL 16:8e0d178b1d1e 4704 {
wolfSSL 16:8e0d178b1d1e 4705 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4706 sp_digit tmpd[2 * 10 * 4];
wolfSSL 16:8e0d178b1d1e 4707 sp_point pd;
wolfSSL 16:8e0d178b1d1e 4708 #endif
wolfSSL 16:8e0d178b1d1e 4709 sp_digit* tmp;
wolfSSL 16:8e0d178b1d1e 4710 sp_point* p;
wolfSSL 16:8e0d178b1d1e 4711 int err;
wolfSSL 16:8e0d178b1d1e 4712
wolfSSL 16:8e0d178b1d1e 4713 err = sp_ecc_point_new(NULL, pd, p);
wolfSSL 16:8e0d178b1d1e 4714 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4715 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4716 tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 4, NULL,
wolfSSL 16:8e0d178b1d1e 4717 DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4718 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 4719 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4720 }
wolfSSL 16:8e0d178b1d1e 4721 }
wolfSSL 16:8e0d178b1d1e 4722 #else
wolfSSL 16:8e0d178b1d1e 4723 tmp = tmpd;
wolfSSL 16:8e0d178b1d1e 4724 #endif
wolfSSL 16:8e0d178b1d1e 4725 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4726 sp_256_from_mp(p->x, 10, pX);
wolfSSL 16:8e0d178b1d1e 4727 sp_256_from_mp(p->y, 10, pY);
wolfSSL 16:8e0d178b1d1e 4728 sp_256_from_mp(p->z, 10, pZ);
wolfSSL 16:8e0d178b1d1e 4729
wolfSSL 16:8e0d178b1d1e 4730 sp_256_map_10(p, p, tmp);
wolfSSL 16:8e0d178b1d1e 4731 }
wolfSSL 16:8e0d178b1d1e 4732
wolfSSL 16:8e0d178b1d1e 4733 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4734 err = sp_256_to_mp(p->x, pX);
wolfSSL 16:8e0d178b1d1e 4735 }
wolfSSL 16:8e0d178b1d1e 4736 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4737 err = sp_256_to_mp(p->y, pY);
wolfSSL 16:8e0d178b1d1e 4738 }
wolfSSL 16:8e0d178b1d1e 4739 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4740 err = sp_256_to_mp(p->z, pZ);
wolfSSL 16:8e0d178b1d1e 4741 }
wolfSSL 16:8e0d178b1d1e 4742
wolfSSL 16:8e0d178b1d1e 4743 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4744 if (tmp != NULL) {
wolfSSL 16:8e0d178b1d1e 4745 XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4746 }
wolfSSL 16:8e0d178b1d1e 4747 #endif
wolfSSL 16:8e0d178b1d1e 4748 sp_ecc_point_free(p, 0, NULL);
wolfSSL 16:8e0d178b1d1e 4749
wolfSSL 16:8e0d178b1d1e 4750 return err;
wolfSSL 16:8e0d178b1d1e 4751 }
wolfSSL 16:8e0d178b1d1e 4752 #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */
wolfSSL 16:8e0d178b1d1e 4753 #ifdef HAVE_COMP_KEY
wolfSSL 16:8e0d178b1d1e 4754 /* Find the square root of a number mod the prime of the curve.
wolfSSL 16:8e0d178b1d1e 4755 *
wolfSSL 16:8e0d178b1d1e 4756 * y The number to operate on and the result.
wolfSSL 16:8e0d178b1d1e 4757 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4758 */
wolfSSL 16:8e0d178b1d1e 4759 static int sp_256_mont_sqrt_10(sp_digit* y)
wolfSSL 16:8e0d178b1d1e 4760 {
wolfSSL 16:8e0d178b1d1e 4761 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4762 sp_digit* d;
wolfSSL 16:8e0d178b1d1e 4763 #else
wolfSSL 16:8e0d178b1d1e 4764 sp_digit t1d[2 * 10];
wolfSSL 16:8e0d178b1d1e 4765 sp_digit t2d[2 * 10];
wolfSSL 16:8e0d178b1d1e 4766 #endif
wolfSSL 16:8e0d178b1d1e 4767 sp_digit* t1;
wolfSSL 16:8e0d178b1d1e 4768 sp_digit* t2;
wolfSSL 16:8e0d178b1d1e 4769 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 4770
wolfSSL 16:8e0d178b1d1e 4771 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4772 d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4773 if (d == NULL) {
wolfSSL 16:8e0d178b1d1e 4774 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4775 }
wolfSSL 16:8e0d178b1d1e 4776 #endif
wolfSSL 16:8e0d178b1d1e 4777
wolfSSL 16:8e0d178b1d1e 4778 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4779 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4780 t1 = d + 0 * 10;
wolfSSL 16:8e0d178b1d1e 4781 t2 = d + 2 * 10;
wolfSSL 16:8e0d178b1d1e 4782 #else
wolfSSL 16:8e0d178b1d1e 4783 t1 = t1d;
wolfSSL 16:8e0d178b1d1e 4784 t2 = t2d;
wolfSSL 16:8e0d178b1d1e 4785 #endif
wolfSSL 16:8e0d178b1d1e 4786
wolfSSL 16:8e0d178b1d1e 4787 {
wolfSSL 16:8e0d178b1d1e 4788 /* t2 = y ^ 0x2 */
wolfSSL 16:8e0d178b1d1e 4789 sp_256_mont_sqr_10(t2, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4790 /* t1 = y ^ 0x3 */
wolfSSL 16:8e0d178b1d1e 4791 sp_256_mont_mul_10(t1, t2, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4792 /* t2 = y ^ 0xc */
wolfSSL 16:8e0d178b1d1e 4793 sp_256_mont_sqr_n_10(t2, t1, 2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4794 /* t1 = y ^ 0xf */
wolfSSL 16:8e0d178b1d1e 4795 sp_256_mont_mul_10(t1, t1, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4796 /* t2 = y ^ 0xf0 */
wolfSSL 16:8e0d178b1d1e 4797 sp_256_mont_sqr_n_10(t2, t1, 4, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4798 /* t1 = y ^ 0xff */
wolfSSL 16:8e0d178b1d1e 4799 sp_256_mont_mul_10(t1, t1, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4800 /* t2 = y ^ 0xff00 */
wolfSSL 16:8e0d178b1d1e 4801 sp_256_mont_sqr_n_10(t2, t1, 8, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4802 /* t1 = y ^ 0xffff */
wolfSSL 16:8e0d178b1d1e 4803 sp_256_mont_mul_10(t1, t1, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4804 /* t2 = y ^ 0xffff0000 */
wolfSSL 16:8e0d178b1d1e 4805 sp_256_mont_sqr_n_10(t2, t1, 16, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4806 /* t1 = y ^ 0xffffffff */
wolfSSL 16:8e0d178b1d1e 4807 sp_256_mont_mul_10(t1, t1, t2, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4808 /* t1 = y ^ 0xffffffff00000000 */
wolfSSL 16:8e0d178b1d1e 4809 sp_256_mont_sqr_n_10(t1, t1, 32, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4810 /* t1 = y ^ 0xffffffff00000001 */
wolfSSL 16:8e0d178b1d1e 4811 sp_256_mont_mul_10(t1, t1, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4812 /* t1 = y ^ 0xffffffff00000001000000000000000000000000 */
wolfSSL 16:8e0d178b1d1e 4813 sp_256_mont_sqr_n_10(t1, t1, 96, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4814 /* t1 = y ^ 0xffffffff00000001000000000000000000000001 */
wolfSSL 16:8e0d178b1d1e 4815 sp_256_mont_mul_10(t1, t1, y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4816 sp_256_mont_sqr_n_10(y, t1, 94, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4817 }
wolfSSL 16:8e0d178b1d1e 4818 }
wolfSSL 16:8e0d178b1d1e 4819
wolfSSL 16:8e0d178b1d1e 4820 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4821 if (d != NULL) {
wolfSSL 16:8e0d178b1d1e 4822 XFREE(d, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4823 }
wolfSSL 16:8e0d178b1d1e 4824 #endif
wolfSSL 16:8e0d178b1d1e 4825
wolfSSL 16:8e0d178b1d1e 4826 return err;
wolfSSL 16:8e0d178b1d1e 4827 }
wolfSSL 16:8e0d178b1d1e 4828
wolfSSL 16:8e0d178b1d1e 4829 /* Uncompress the point given the X ordinate.
wolfSSL 16:8e0d178b1d1e 4830 *
wolfSSL 16:8e0d178b1d1e 4831 * xm X ordinate.
wolfSSL 16:8e0d178b1d1e 4832 * odd Whether the Y ordinate is odd.
wolfSSL 16:8e0d178b1d1e 4833 * ym Calculated Y ordinate.
wolfSSL 16:8e0d178b1d1e 4834 * returns MEMORY_E if dynamic memory allocation fails and MP_OKAY otherwise.
wolfSSL 16:8e0d178b1d1e 4835 */
wolfSSL 16:8e0d178b1d1e 4836 int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
wolfSSL 16:8e0d178b1d1e 4837 {
wolfSSL 16:8e0d178b1d1e 4838 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4839 sp_digit* d;
wolfSSL 16:8e0d178b1d1e 4840 #else
wolfSSL 16:8e0d178b1d1e 4841 sp_digit xd[2 * 10];
wolfSSL 16:8e0d178b1d1e 4842 sp_digit yd[2 * 10];
wolfSSL 16:8e0d178b1d1e 4843 #endif
wolfSSL 16:8e0d178b1d1e 4844 sp_digit* x = NULL;
wolfSSL 16:8e0d178b1d1e 4845 sp_digit* y = NULL;
wolfSSL 16:8e0d178b1d1e 4846 int err = MP_OKAY;
wolfSSL 16:8e0d178b1d1e 4847
wolfSSL 16:8e0d178b1d1e 4848 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4849 d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4850 if (d == NULL) {
wolfSSL 16:8e0d178b1d1e 4851 err = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4852 }
wolfSSL 16:8e0d178b1d1e 4853 #endif
wolfSSL 16:8e0d178b1d1e 4854
wolfSSL 16:8e0d178b1d1e 4855 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4856 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4857 x = d + 0 * 10;
wolfSSL 16:8e0d178b1d1e 4858 y = d + 2 * 10;
wolfSSL 16:8e0d178b1d1e 4859 #else
wolfSSL 16:8e0d178b1d1e 4860 x = xd;
wolfSSL 16:8e0d178b1d1e 4861 y = yd;
wolfSSL 16:8e0d178b1d1e 4862 #endif
wolfSSL 16:8e0d178b1d1e 4863
wolfSSL 16:8e0d178b1d1e 4864 sp_256_from_mp(x, 10, xm);
wolfSSL 16:8e0d178b1d1e 4865 err = sp_256_mod_mul_norm_10(x, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 4866 }
wolfSSL 16:8e0d178b1d1e 4867 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4868 /* y = x^3 */
wolfSSL 16:8e0d178b1d1e 4869 {
wolfSSL 16:8e0d178b1d1e 4870 sp_256_mont_sqr_10(y, x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4871 sp_256_mont_mul_10(y, y, x, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4872 }
wolfSSL 16:8e0d178b1d1e 4873 /* y = x^3 - 3x */
wolfSSL 16:8e0d178b1d1e 4874 sp_256_mont_sub_10(y, y, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 4875 sp_256_mont_sub_10(y, y, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 4876 sp_256_mont_sub_10(y, y, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 4877 /* y = x^3 - 3x + b */
wolfSSL 16:8e0d178b1d1e 4878 err = sp_256_mod_mul_norm_10(x, p256_b, p256_mod);
wolfSSL 16:8e0d178b1d1e 4879 }
wolfSSL 16:8e0d178b1d1e 4880 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4881 sp_256_mont_add_10(y, y, x, p256_mod);
wolfSSL 16:8e0d178b1d1e 4882 /* y = sqrt(x^3 - 3x + b) */
wolfSSL 16:8e0d178b1d1e 4883 err = sp_256_mont_sqrt_10(y);
wolfSSL 16:8e0d178b1d1e 4884 }
wolfSSL 16:8e0d178b1d1e 4885 if (err == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 4886 XMEMSET(y + 10, 0, 10U * sizeof(sp_digit));
wolfSSL 16:8e0d178b1d1e 4887 sp_256_mont_reduce_10(y, p256_mod, p256_mp_mod);
wolfSSL 16:8e0d178b1d1e 4888 if ((((word32)y[0] ^ (word32)odd) & 1U) != 0U) {
wolfSSL 16:8e0d178b1d1e 4889 sp_256_mont_sub_10(y, p256_mod, y, p256_mod);
wolfSSL 16:8e0d178b1d1e 4890 }
wolfSSL 16:8e0d178b1d1e 4891
wolfSSL 16:8e0d178b1d1e 4892 err = sp_256_to_mp(y, ym);
wolfSSL 16:8e0d178b1d1e 4893 }
wolfSSL 16:8e0d178b1d1e 4894
wolfSSL 16:8e0d178b1d1e 4895 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
wolfSSL 16:8e0d178b1d1e 4896 if (d != NULL) {
wolfSSL 16:8e0d178b1d1e 4897 XFREE(d, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 4898 }
wolfSSL 16:8e0d178b1d1e 4899 #endif
wolfSSL 16:8e0d178b1d1e 4900
wolfSSL 16:8e0d178b1d1e 4901 return err;
wolfSSL 16:8e0d178b1d1e 4902 }
wolfSSL 16:8e0d178b1d1e 4903 #endif
wolfSSL 16:8e0d178b1d1e 4904 #endif /* !WOLFSSL_SP_NO_256 */
wolfSSL 16:8e0d178b1d1e 4905 #endif /* WOLFSSL_HAVE_SP_ECC */
wolfSSL 16:8e0d178b1d1e 4906 #endif /* WOLFSSL_DSP */
wolfSSL 16:8e0d178b1d1e 4907 #endif /* WOLFSSL_HAVE_SP_ECC */
wolfSSL 16:8e0d178b1d1e 4908
wolfSSL 16:8e0d178b1d1e 4909